We are chuffed to announce the release of: ironic 32.0.0 This release is part of the flamingo release series. The source is available from: https://opendev.org/openstack/ironic Download the package from: https://tarballs.openstack.org/ironic/ Please report issues through: https://bugs.launchpad.net/ironic/+bugs For more details, please see below. 32.0.0 ^^^^^^ Prelude ******* The Ironic developers are proud to announce our release for the 2025.2 development cycle in the form of Ironic 32.0.0. This release brings substantial changes in Ironic which will improve the experience and performance of Ironic. Amongst these herculian efforts includes the removal of Eventlet, Database Object Indirection, Redfish inspection use of inspection rules and hooks. Along with numerous bug fixes to address operator feedback to ultimately improve the user experience. All of this work is on top of our previously released 31.0.0 and 30.0.0 releases which were performed as part of this development cycle. New Features ************ * Adds periodic cleanup of stale conductor entries from the database. A new periodic task automatically removes conductor records that have been offline for longer than the configured timeout period, helping prevent accumulation of stale conductor entries. Three new configuration options have been added to the "[conductor]" section: * "conductor_cleanup_interval" - The interval in seconds of how often to run the cleanup task (default: 86400 seconds - 1 day). For example: 86400 seconds = 1 day, 604800 seconds = 1 week, 2592000 seconds = 30 days (approx. 1 month). * "conductor_cleanup_timeout" - How long a conductor must be offline before it's considered stale and eligible for cleanup (default: 1209600 seconds - 2 weeks). This value is always required to be at least 3x larger than "[conductor]heartbeat_timeout" since if otherwise, active conductors might be mistakenly removed from the database. The cleanup task will skip execution and log a warning if this requirement is not met. * "conductor_cleanup_batch_size" - Maximum number of stale conductors to clean up in a single operation (default: 50). * A new "category" field has been added to the Port object. This field is meant to help distinguish between different types of Ports. Relevant to trait based port scheduling feature. * A new "vendor" field has been added to the Port object. This field is meant to help distinguish between different types of Ports. Relevant to trait based port scheduling feature. * The redfish inspection interface can now utilize inspection rules as well as inspection hooks. * Adds inspection hooks in the redfish inspect interface for processing data received during inspection. The three default configuration hooks *validate-interfaces*, *ports* and *architecture* are added. A new configuration option *inspection_hooks* is added in the *redfish* configuration section. * Adds the capability for the Ironic API services to operate without a direct connection to the Ironic database backend. Instead the RPC Object model through the concept of remotable objects. The "[default]use_rpc_for_database" setting can be utilized to leverage this mode of operation, however it is also implied when the "[default]rpc_transport" option is set to "none" or "local". * Ironic now utilizes native OS threads for all periodic and background activities. This change is not configurable, and should any issues be observed with Ironic's operation, please do not hesitate to report them to the developer community. Upgrade Notes ************* * The minimum version of the "futurist" library is now "3.2.0". This change is being made to support the removal of the Eventlet library from use in Ironic. * The "wsgi_scripts" entry point "ironic-api-wsgi" has been removed from "setup.cfg". WSGI servers should now use the module path "ironic.wsgi:application" directly instead of the generated script. This change aligns with the OpenStack goal to migrate from WSGI scripts to module paths and is compatible with modern Python packaging tools. For example, with gunicorn: gunicorn ironic.wsgi:application Or with uwsgi: [uwsgi] module = ironic.wsgi:application * The Apache mod_wsgi sample configuration has been removed. Operators should use modern WSGI servers like uWSGI or Gunicorn instead, which provide better performance and are simpler to configure. See the updated deployment documentation for examples. * The options in the "[local_rpc]" group introduced in Ironic 31.0 have been removed and no longer have any effect. * When using the redfish inspection method, the node property "cpus" will no longer be populated. No other inspection method populated this field. * The introduction of the capability to utilize remotable objects with the API has resulted in object versions internally being incremented without actual schema changes. This may result in an upgrade taking a little longer, depending on the size of the database, as object versions are updated during the upgrade sequence. * Support for Python 3.9 has been removed. Now Python 3.10 is the minimum version supported. Deprecation Notes ***************** * While the legacy "ironic.api.wsgi:initialize_wsgi_app()" function remains available for backward compatibility, new deployments should use "ironic.wsgi:application" instead. * Use of the API DBHook feature, i.e. the resulting "api.request.dbapi" pattern in API service code is deprecated and the DBHook will be removed in a future release of Ironic. Any downstream maintainers which utilize this pattern are encouraged to utilize an object to serve as an intermediary stepping stone between the API and the database. Critical Issues *************** * With the move to the use of native threading, the required memory footprint of Ironic has increased. This is a result of both threading being used combined with process model changes which were necessary to remove the "eventlet" library from Ironic. The new process model consists of a launcher process with a sub-process which represents the actual application workload. In the case of single-process Ironic, a single launcher process with two workers is what operators should expect. As for memory utilization, it is generally tracked by two measurements. A Virtual Memory Size (VSZ) which represents memory an application has allocated, but may not actively using. The more relevant masurement is the Resident Set Size (RSS), which is the amount of memory in actual use. Due to the process changes, Operators can expect a 2-3x increase in the amount overall system memory in use (RSS). The VSZ can be expected to be upwards of 10x larger, and will closely track with the current number of active threads being executed upon. The Ironic project is aware this may require some operator tuning of resource constraints applied to Ironic. However, the improved concurrency and performance should be an appropriate trade-off. Bug Fixes ********* * Performance of Basic HTTP authentication has been improved by keeping a memory cache of bcrypt password checks. This improves the performance of Ironic conductor with JSON-RPC, and API access when using Basic HTTP authentication. * Fixes an issue that when accelerator devices were removed from node, a re-introspection does not remove previous accelerator device information from the node. * [Bug 2069771 (https://bugs.launchpad.net/ironic/+bug/2069771)] Fixes an issue where deleted or decommissioned conductors would remain in "openstack baremetal conductor list" indefinitely with "Alive = False" status. The new periodic cleanup task automatically removes these stale entries after the configured timeout period. * When power state synchronization confirms or restores the expected state, the "last_error" field may retain stale messages, giving a misleading impression of failure on an otherwise healthy node. If "[conductor]node_history" is enabled, the field is now cleared, ensuring status reflects current node health while preserving error history. * Fixes an issue with <range in> operator in root device hint. Now it's possible to use the range operator correctly, specifying a two values range that includes the size of the root device in GiB. * Fixes bug where reserved service steps (wait, hold) executed on nodes in "service failed" state would incorrectly transition the node directly to "active" state, bypassing the expected intermediate wait/hold states. Now nodes in "service failed" state properly transition to "service wait" or "service hold" when wait/hold steps are executed, maintaining the expected state machine flow. * Fixes servicing abort handling to respect the *abortable* flag of service steps. Previously, servicing steps could be aborted regardless of their *abortable* flag setting. Now, if a service step has *abortable* set to *False*, the abort will be deferred until the current step completes, similar to how cleaning steps work. This ensures service steps that cannot be safely interrupted are allowed to complete before the abort takes effect. * No longer uses JSON RPC with "[DEFAULT]rpc_transport" set to "none". It was required during the transition away from eventlet, and is no longer needed. RPC can still be enabled by setting "rpc_transport" to "json-rpc". * When using the redfish inspection method, the node property "cpu_arch" is now populated correctly with "i686" or "x86_64" for the processor. * Fixes the ability to invoke the "abort" API verb when a node is in "service fail" state, allowing the user to back out of a failure state. For more information see bug 2119989 (https://bugs.launchpad.net/ironic/+bug/2119989). * The "eventlet" library is no longer invoked by Ironic for the management of threads. Changes in ironic 31.0.0..32.0.0 -------------------------------- fed7c0416 api: Fix off-by-one error 5cbbf3fc9 Avoid the wsgi application to start with eventlet 7681e2216 Update release mappings for 32.0.x 92fac7505 Add a prelude for 2025.2 8d7be386d Replace unused oslo.service options 2ff035d42 Revert "Make ironic-tempest-uefi-redfish-vmedia-4k non-voting" b179ca369 Remove tenks reference in bug-deputy doc 4dd42796c Revert "Switch from local RPC to automated JSON RPC on localhost" 9803975d7 docs: trivial: clarify pull secrets for OCI image access faca47ae9 Add hacking check to ban eventlet imports 5cd688d42 Follow-up: Fix improper HTTP status code usage 4349e4156 Drop wsgi script, docs around mod_wsgi b87b970e3 ci: disable the novnc service on multinode 960afffda Trivial: remove meaningless logging 71dd34a7b Launch API in the same process as conductor for singleprocess Ironic c87d91359 Follow up to I9a5a2bfd9f4b538cc7217aefb7333df9ccdb9095 b4062590a Fix insufficient mocking in rpc_service tests bb369b624 redfish: process inspection rules during inspection 6140285b5 Reduce the number of RPC calls to traits API eeb7b3cd7 Raise default IRONIC_DEFAULT_THREAD_SIZE df7dba060 Fix improper HTTP status code usage (RFC 7231) 64ed78c81 inspection: fix None case for inventory data f29ae0a5c redfish: mechanical moves of inspection tests 9693518c3 Direct return of vmedia action during in power failure 88f970b01 Add request logging middleware for API requests e13142302 Update documentation to include servicing abort. 2a6271888 Memoize calls to bcrypt.checkpw d13d488fd Fix setting IRONIC_THREAD_STACK_SIZE 907df2c40 Make ironic-tempest-uefi-redfish-vmedia-4k non-voting 959f1762b JSON-RPC: disable server-side logging with rpc_transport=none fa8a8fbb4 Fix servicing abort to respect abortable flag fd8f83d28 Update the state machine diagram 1eda80766 Fix the ability to escape service fail 9a1580517 api: Add schema for bios API (responses) 67bf01701 api: Allow more types for updates 7e602d842 Add a new 'category' field to the Port object 0c70327a6 Clean-up misc eventlet references 9cb25d3e3 Revert "ci: temporary metal3 integration job disable" 67da8d8c3 Optional indirection API use 8fd1cc8c9 Remove direct mapping from API -> DB 2e3fdd828 Launch vnc proxy with no_fork bbf57b1c2 Set the backend to threading bedfd143e Replace GreenThreadPoolExecutor in conductor 56afcc273 ci: temporary metal3 integration job disable bcf4255ef api: Add schema for bios API (requests) 52786d4fa api: Add schema for bios API (versioning) 4678ed77a Always rebuild sphinx env on doc build 6135a00c3 Add periodic cleanup of stale conductors 92dec6f77 api: Add schema for allocations API (responses) f1943cead Fix service failed state transitions for wait/hold 8a2e33e80 Add a new 'vendor' field to the Port object ca65f2d3b Add RELEASE_MAPPING entry for 31.0 release 50199f76c Add RELEASE_MAPPING entry for 30.0 release d7cea2a8b Trivial: minor typo fix around network boot document 58bcdf1a4 ci: grenade: restart neutron services 0fc991a25 No admin-set maintenance override on power sync 5d4541e1e ci: move metal3 job to larger memory node 1a82ccfe7 Handle race conditions in power state changes c57922d5e [trivial] Fix rendering of 1.98 header aa0348678 Fix local RPC IPv6 detection to use socket binding instead of file checks a6f35d78a Initialize variable to prevent an error 49148f039 Fix logging for verification steps 4591b3a43 api: Add schema for inspection rules API (versioning) 747370333 allow running inspection hooks on redfish interface 5a8312fef fix redfish processor inspection 587dca197 Follow-up: Clear `last_error` on power match/sync ac371ce24 Populate switch_info with lldp system name 382a9f5c8 fix up redfish inspection mock ethernet interface data a8d2ed88a Orphaned accelerators after devices removed 322a10dcf Fix broken <range-in> in root device hints c99230060 Add a suggestive warning around power and sensor syncs ecf157192 Log how long power sync and sensor collections take 207fd08d3 doc: Fix installation of grub/shim EFI images in CentOS 34332802c Remove Python 3.9 support e22381bed api: Add schema for allocations API (requests) 53c58dfcc api: Add schema for allocations API (versioning) 8ce45e715 doc: Update contributor docs to include multiple doc sources and preview options f78a8ff09 Restore architecture.rst with redirect notice to overview Diffstat (except docs and test files) ------------------------------------- .../source/baremetal-api-v1-portgroups-ports.inc | 28 + api-ref/source/baremetal-api-v1-ports.inc | 24 + api-ref/source/parameters.yaml | 34 +- .../source/samples/node-port-detail-response.json | 2 + api-ref/source/samples/port-create-request.json | 2 + api-ref/source/samples/port-create-response.json | 2 + .../source/samples/port-list-detail-response.json | 2 + api-ref/source/samples/port-update-response.json | 2 + bindep.txt | 8 + devstack/upgrade/upgrade.sh | 13 + .../contributor/documentation-contributing.rst | 115 ++++ .../include/configure-ironic-api-mod_wsgi.inc | 94 --- .../install/include/configure-ironic-api-wsgi.inc | 116 ++++ .../include/configure-ironic-singleprocess.inc | 4 +- etc/apache2/ironic | 38 -- ironic/api/app.py | 4 + ironic/api/controllers/v1/__init__.py | 3 + ironic/api/controllers/v1/allocation.py | 86 ++- ironic/api/controllers/v1/bios.py | 17 +- ironic/api/controllers/v1/driver.py | 17 +- ironic/api/controllers/v1/inspection_rule.py | 50 +- ironic/api/controllers/v1/node.py | 21 +- ironic/api/controllers/v1/port.py | 26 +- ironic/api/controllers/v1/portgroup.py | 8 +- ironic/api/controllers/v1/shard.py | 3 +- ironic/api/controllers/v1/utils.py | 25 +- ironic/api/controllers/v1/versions.py | 6 +- ironic/api/controllers/v1/volume_connector.py | 16 +- ironic/api/controllers/v1/volume_target.py | 16 +- ironic/api/hooks.py | 12 +- ironic/api/middleware/request_log.py | 93 +++ ironic/api/schemas/common/request_types.py | 29 + ironic/api/schemas/common/response_types.py | 46 ++ ironic/api/schemas/v1/allocation.py | 242 +++++++ ironic/api/schemas/v1/bios.py | 144 +++++ ironic/api/wsgi.py | 6 + ironic/command/__init__.py | 14 +- ironic/command/api.py | 8 + ironic/command/conductor.py | 25 +- ironic/command/novncproxy.py | 10 +- ironic/command/pxe_filter.py | 8 + ironic/command/singleprocess.py | 33 +- ironic/command/utils.py | 60 ++ ironic/common/auth_basic.py | 20 +- ironic/common/driver_factory.py | 4 +- ironic/common/exception.py | 8 +- ironic/common/hash_ring.py | 11 +- ironic/common/json_rpc/client.py | 10 +- ironic/common/json_rpc/server.py | 13 +- ironic/common/release_mappings.py | 82 ++- ironic/common/rpc_service.py | 21 +- ironic/common/service.py | 4 +- ironic/common/states.py | 12 + ironic/common/tls_utils.py | 93 --- ironic/common/utils.py | 11 +- ironic/conductor/base_manager.py | 102 ++- ironic/conductor/local_rpc.py | 114 ---- ironic/conductor/manager.py | 229 ++++++- ironic/conductor/rpc_service.py | 76 ++- ironic/conductor/rpcapi.py | 65 +- ironic/conductor/servicing.py | 12 + ironic/conductor/task_manager.py | 8 +- ironic/conductor/utils.py | 8 + ironic/conf/__init__.py | 2 - ironic/conf/conductor.py | 30 +- ironic/conf/default.py | 6 + ironic/conf/local_rpc.py | 39 -- ironic/conf/opts.py | 2 - ironic/conf/redfish.py | 17 +- ironic/console/websocketproxy.py | 15 - ironic/db/api.py | 8 + ...05c9fb_add_category_attribute_to_port_object.py | 31 + ...7561979d_add_vendor_attribute_to_port_object.py | 31 + ironic/db/sqlalchemy/api.py | 35 ++ ironic/db/sqlalchemy/models.py | 2 + ironic/drivers/base.py | 2 +- ironic/drivers/modules/deploy_utils.py | 6 + ironic/drivers/modules/inspect_utils.py | 4 +- .../modules/inspector/hooks/accelerators.py | 2 + .../inspector/hooks/local_link_connection.py | 11 + ironic/drivers/modules/ipmitool.py | 6 +- ironic/drivers/modules/redfish/inspect.py | 102 ++- ironic/drivers/modules/redfish/power.py | 25 + ironic/hacking/checks.py | 11 + ironic/objects/allocation.py | 65 +- ironic/objects/base.py | 3 + ironic/objects/bios.py | 58 +- ironic/objects/chassis.py | 47 +- ironic/objects/conductor.py | 102 ++- ironic/objects/deploy_template.py | 57 +- ironic/objects/deployment.py | 36 +- ironic/objects/firmware.py | 12 +- ironic/objects/indirection.py | 3 + ironic/objects/inspection_rule.py | 26 +- ironic/objects/node.py | 79 +-- ironic/objects/node_history.py | 41 +- ironic/objects/node_inventory.py | 7 +- ironic/objects/port.py | 98 ++- ironic/objects/portgroup.py | 65 +- ironic/objects/runbook.py | 17 +- ironic/objects/trait.py | 48 +- ironic/objects/volume_connector.py | 53 +- ironic/objects/volume_target.py | 59 +- .../unit/api/controllers/v1/test_portgroup.py | 2 +- .../unit/drivers/modules/drac/test_management.py | 4 +- .../modules/inspector/hooks/test_accelerators.py | 24 + .../inspector/hooks/test_local_link_connection.py | 16 + .../unit/drivers/modules/redfish/test_inspect.py | 448 +++++++------ .../unit/drivers/modules/redfish/test_power.py | 70 ++- .../unit/drivers/modules/redfish/test_raid.py | 10 + .../unit/drivers/modules/test_deploy_utils.py | 16 + ironic/wsgi/__init__.py | 8 +- .../notes/2025.2-prelude-5ec90e737f0846f3.yaml | 11 + .../notes/bcrypt_cache-d78775ff02f2d970.yaml | 7 + ...lean-removed-accelerators-0c67ace5990c2ac3.yaml | 6 + .../cleanup-stale-conductors-654c2bcc4ffb4c43.yaml | 32 + ...-last-error-on-power-sync-689bdc3b317d5784.yaml | 9 + .../notes/fix-hint-range-in-1056204234c24661.yaml | 6 + ...led-wait-hold-transitions-c83ef2b376ae04fe.yaml | 9 + ...t-abortable-flag-handling-d8e7f9a2c4b5e7f1.yaml | 9 + .../notes/futurist-minimum-ec66ccfcc4271a5c.yaml | 6 + ...ate-wsgi-script-to-module-4113e87f202eecab.yaml | 27 + .../notes/no-localrpc-09e47b3a9229ad8e.yaml | 11 + .../notes/port-category-9935c6006d243bc3.yaml | 6 + .../notes/port-vendor-ad30b76dc23efc38.yaml | 6 + ...redfish-inspect-processor-2467118e869a2915.yaml | 9 + .../notes/redfish-inspection-f8b96425b8758857.yaml | 5 + .../redfish-inspection-hooks-8517bb86da49dafc.yaml | 8 + .../notes/remotable-api-92d7b9bc7e843cd4.yaml | 23 + .../notes/remove-py39-981b5971b304a588.yaml | 5 + .../notes/servicefail-abort-8ca7a7498321b67c.yaml | 7 + .../notes/threading-ironic-9873564daefcc1c2.yaml | 34 + requirements.txt | 7 +- setup.cfg | 6 +- tools/config/ironic-config-generator.conf | 2 +- tox.ini | 8 +- zuul.d/ironic-jobs.yaml | 3 + zuul.d/metal3-jobs.yaml | 2 +- 181 files changed, 4880 insertions(+), 2496 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 028e209a9..c4ad3e855 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9 +8,0 @@ automaton>=1.9.0 # Apache-2.0 -eventlet>=0.30.1 # MIT @@ -21 +20 @@ oslo.serialization>=2.25.0 # Apache-2.0 -oslo.service>=1.24.0 # Apache-2.0 +oslo.service>=4.2.1 # Apache-2.0 @@ -38 +37 @@ psutil>=3.2.2 # BSD -futurist>=1.2.0 # Apache-2.0 +futurist>=3.2.0 # Apache-2.0 @@ -51 +50 @@ cheroot>=10.0.1 # BSD -cryptography>=2.3 # BSD/Apache-2.0 +cotyledon>=2.0.0 # Apache-2.0