[release-announce] ironic 16.2.0 (wallaby)

We are satisfied to announce the release of:

ironic 16.2.0: OpenStack Bare Metal Provisioning

This release is part of the wallaby release series.

The source is available from:

https://opendev.org/openstack/ironic

Download the package from:

https://tarballs.openstack.org/ironic/

Please report issues through:

https://storyboard.openstack.org/#!/project/943

For more details, please see below.

16.2.0 ^^^^^^

New Features ************

* Adds support for "deploy_steps" parameter to provisioning endpoint "/v1/nodes/{node_ident}/states/provision". Available and optional when target is 'active' or 'rebuild'. When overlapping, these steps override deploy template and driver steps. "deploy_steps" is a list of dictionaries with required keys 'interface', 'step', 'priority' and 'args'.

* By default Ironic will now not start new memory intensive work IF insufficent system memory exists. This can be disabled by setting the "[DEFAULT]minimum_memory_warning_only" value to "True".

* The "force_persistent_boot_device" parameter now consistently applies to all boot interfaces, rather than only PXE and iPXE.

* Supports setting boot mode via an "instance_info" capability.

* The "ironic-conductor" process now has a concept of an internal memory limit. The intent of this is to prevent the conductor from running the host out of memory when a large number of deployments have been requested.

These settings can be tuned using "[DEFAULT]minimum_required_memory", "[DEFAULT]mimimum_memory_wait_time", "[DEFAULT]minimum_memory_wait_retries", and "[DEFAULT]minimum_memory_warning_only".

Where possible, Ironic will attempt to wait out the time window, thus consuming the conductor worker thread which will resume if the memory becomes available. This will effectively rate limit concurrency.

If raw image conversions with-in the conductor is required, and a situation exists where insufficent memory exists and it cannot be waited, the deployment operation will fail. For the "iscsi" deployment interface, which is the other location in ironic that may consume large amounts of memory, the conductor will wait until the next agent heartbeat.

* Supports attaching configdrives when doing "ramdisk" deploy with the "redfish-virtual-media" boot. A configdrive is attached to a free USB slot.

* Adds the "[DEFAULT]raw_image_growth_factor" configuration option which is a scale factor used for estimating the size of a raw image converted from compact image formats such as QCOW2. By default this is set to 2.0.

When clearing the cache to make space for a converted raw image, the full virtual size is attempted first, and if not enough space is available a second attempt is made with the (smaller) estimated size.

* Adds support for automatically configuring secure boot for nodes using the "redfish" management interface.

* The "pxe" and "ipxe" boot interfaces now automatically configure secure boot if the management interface supports it.

Upgrade Notes *************

* The default value of "[oslo_policy]policy_file" config option has been changed from "policy.json" to "policy.yaml". Operators who are utilizing customized policy files or previously generated static policy files (which are not needed by default), should generate new policy files and modify them to meet their needs in the event of any new policies or rules have been added. Please consult the oslopolicy-convert-json-to-yaml (https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy- convert-json-to-yaml.html) tool to convert a JSON to YAML formatted policy file in backward compatible way.

Deprecation Notes *****************

* Use of legacy policy format was deprecated by the "oslo.policy" library during the Victoria development cycle. As a result, this deprecation is being noted in the Wallaby with an anticipated future removal of support by "oslo.policy". As such operators will need to convert to YAML policy files. Please see the upgrade notes for details on migration of any custom policy files.

* Using "instance_info/deploy_boot_mode" is deprecated, use the "boot_mode" capability in "instance_info/capabilities" instead.

* Currently the bare metal API permits setting the "secure_boot" capability for nodes, which driver does not support setting secure boot. This is deprecated and will become a failure in the Xena cycle.

Bug Fixes *********

* Fixes fast-track to prevent marking the agent as alive if trying to rebuild a node before the fast-track timeout has expired.

* Fixes redfish firmware update for "ilo5" hardware type by fixing the Redfish task message detection and correctly preparing the ramdisk before rebooting.

* Boot mode is now correctly handled when using "redfish-virtual- media" boot with locally booted images.

* The "redfish-virtual-media" boot interface now makes fewer calls to the BMC when preparing boot.

* The "redfish-virtual-media" boot interface no longer passes validation for Dell nodes. The "idrac-redfish-virtual-media" boot interface must be used for these nodes instead.

* Failed cleaning no longer results in maintenance mode if no clean step is running, e.g. on PXE timeout or failed clean steps validation.

* Retries virtual media insert on failure to allow for an eject that may not have finished (see story 2008504 (https://storyboard.openstack.org/#!/story/2008504)).

* When Ironic configures the BootSourceOverrideTarget setting via Redfish, on Supermicro BMCs it must always configure BootSourceOverrideEnabled or that will revert to default (Once) on the BMC, see story 2008547 (https://storyboard.openstack.org/#!/story/2008547) for details. This is different than what is currently implemented for other BMCs in which the BootSourceOverrideEnabled is not configured if it matches the current setting (see story 2007355 (https://storyboard.openstack.org/#!/story/2007355)).

This requires that "node.properties['vendor']" be "supermicro" which will be set on transition to "manageable" based on the Redfish system object or can be set manually.

Other Notes ***********

* Register all conductor hardware interfaces together. Adds all conductor hardware interfaces in to the database in a single transaction and to allow this update the "register_hardware_interfaces" API. This allows Restful API consumers to understand if the conductor is fully on-line via the presence of driver entries. Previously this was done one driver at a time.

* Extends "ManagementInterface" with two new calls: "get_secure_boot_state" and "set_secure_boot_state". They are optional and may be implemented for hardware that supports dynamically enabling/disabling secure boot.

Changes in ironic 16.1.0..16.2.0 --------------------------------

7eadc5240 Trivial: update version for deploy steps e77d1b553 Introduce common personas for secure RBAC d4ddc213e Duplicate testing for system scoped ACL testing 606549c1c Populate existing policy tests af4a7b0d9 Prepare 16.2 and clean up release note 235115099 Generate policy.yaml.sample cf22604c5 Prevent redfish-virtual-media from being used with Dell nodes 4287951d7 Don't mark an agent as alive if rebooted 3138acc83 Add 'deploy steps' parameter for provisioning API b8a2dcaf8 Trivial: log the newly detected vendor 561ed9039 Swap Metalsmith job out for centos8-uefi ccc6c551c Make boot_mode more consistent with other capabilities 6c8dad946 ilo: do not change deploy_boot_mode in instance_info a5f7d75ba Apply force_persistent_boot_device to all boot interfaces 64ff84bd2 Add release version to release notes 13e77e217 Fix Mis-Ordering of Bash Variable Definition in DevStack 2e6777d75 Fixes issue of redfish firmware update 1162f2e94 Update python packages to python3 in quickstart.rst 5f6a51e17 Set default to prevent out of memory conditions d9913370d Guard conductor from consuming all of the ram 4a7d50ce5 For Supermicro BMCs set enable when changing boot device 121b3348c Refactor vendor detection and add Redfish implementation 4c4c7a869 Add a few words about UEFI user images 33d51f221 Redfish secure boot management 04400eea4 Add centralized secure boot documentation 72044aaa8 Pass context objects directly to policy enforcement bb318008b redfish-virtual-media: allow a link to raw configdrive image 5165edaf9 Update minversion of tox c7f24e8ce Attempt to slim down protection test base class 36d819e2f Write stub ACL test for every existing API call b0df0960e Update iDRAC doc with missing interfaces 71ccbf595 Raw image size estimation improved 6ea73bdfb Bump oslo.log requirement to 4.3.0 b6f4587f0 Common framework for configuring secure boot 3ca8671a2 redfish-virtual-media: make fewer calls when preparing boot 1a0f1cd54 Add a delay/retry is vmedia insert fails ad044d9e0 Fix redfish-virtual-media boot mode handling ordering 04a1f17ef Enable testing to dynamicly leverage ACL roles fe380bbba Follow-up for ramdisk deploy configdrive support 7d85b35c8 Register all hardware_interfaces together ad696c9ba Do not enter maintenance if cleaning fails before running the 1st step 2404d486a Policy json to yaml migration 1e96ecbdb Add troubleshooting on changing ironic.conf default interfaces 182a6fcff Modify port group document for ironic 378557b7f add openstack-python3-wallaby-jobs-arm64 job 382a43627 Mark the iSCSI deploy as deprecated in the docs d99a52f2c update python packages to python3 in quickstart.rst 06a1d38fc Support configdrive when doing ramdisk deploy with redfish-virtual-media 5ee7185f9 Rewrite existing ACL tests with ddt, yaml 20f25068c Document using ramdisks with the ramdisk deploy interface a0728ad65 docs: Add information on post-branch release tasks for bifrost

Diffstat (except docs and test files) -------------------------------------

.../source/baremetal-api-v1-node-management.inc | 9 + api-ref/source/parameters.yaml | 9 + .../node-set-active-state-deploy-steps.json | 14 + bindep.txt | 2 + devstack/lib/ironic | 16 +- driver-requirements.txt | 2 +- ironic/api/controllers/v1/deploy_template.py | 23 +- ironic/api/controllers/v1/node.py | 87 +- ironic/api/controllers/v1/utils.py | 71 +- ironic/api/controllers/v1/versions.py | 4 +- ironic/cmd/status.py | 8 + ironic/common/exception.py | 12 +- ironic/common/images.py | 25 +- ironic/common/policy.py | 67 +- ironic/common/release_mappings.py | 20 +- ironic/common/utils.py | 66 + ironic/conductor/base_manager.py | 15 +- ironic/conductor/deployments.py | 25 +- ironic/conductor/manager.py | 19 +- ironic/conductor/rpcapi.py | 16 +- ironic/conductor/steps.py | 59 +- ironic/conductor/utils.py | 79 +- ironic/conf/default.py | 33 + ironic/db/sqlalchemy/api.py | 20 +- ironic/drivers/base.py | 34 + ironic/drivers/modules/boot_mode_utils.py | 88 +- ironic/drivers/modules/drac/boot.py | 3 + ironic/drivers/modules/ilo/boot.py | 9 +- ironic/drivers/modules/ilo/common.py | 12 +- ironic/drivers/modules/image_cache.py | 18 +- ironic/drivers/modules/image_utils.py | 134 +- ironic/drivers/modules/ipmitool.py | 45 +- ironic/drivers/modules/irmc/boot.py | 2 + ironic/drivers/modules/iscsi_deploy.py | 14 +- ironic/drivers/modules/pxe.py | 15 +- ironic/drivers/modules/pxe_base.py | 40 +- ironic/drivers/modules/redfish/boot.py | 153 +- ironic/drivers/modules/redfish/management.py | 156 +- ironic/drivers/utils.py | 14 + ironic/objects/conductor.py | 19 +- .../unit/drivers/modules/redfish/test_boot.py | 301 ++- .../drivers/modules/redfish/test_management.py | 190 +- .../unit/drivers/modules/test_boot_mode_utils.py | 111 ++ .../unit/drivers/modules/test_deploy_utils.py | 35 - .../unit/drivers/modules/test_iscsi_deploy.py | 22 +- .../unit/drivers/third_party_driver_mock_specs.py | 5 +- .../add-deploy-steps-arg-9d8c58559c14288c.yaml | 8 + .../notes/agent-rebooted-fab20d012fe6cbe8.yaml | 6 + ...-waits-when-low-on-memory-d73892a79cde0516.yaml | 6 + ...efault-policy-file-change-474a342d6b5a041a.yaml | 20 + ...ish-firmware-update-issue-c6dfcd71a2f659a5.yaml | 6 + .../force-persistent-common-6ef2537f7ccd0dcb.yaml | 5 + .../instance-info-boot-mode-25732c767593f849.yaml | 8 + .../limit-memory-consumption-c7949a49853ba83d.yaml | 23 + .../ramdisk-configdrive-142149339dd00b47.yaml | 6 + .../raw_image_growth_factor-cba37029650e67db.yaml | 10 + .../notes/redfish-boot-mode-a44fc569f1baca8f.yaml | 5 + .../redfish-secure-boot-8e3b2fcad137e31e.yaml | 5 + .../notes/redfish-vmedia-opt-59cafdde83fb2be7.yaml | 5 + .../redfish-vmedia-vendor-fc76086893d99415.yaml | 6 + .../redundant-maintenance-09849674334f656a.yaml | 5 + ...dware_interfaces_together-7b458a59f5e8f41f.yaml | 10 + .../notes/retry-vmedia-1999742c84f11103.yaml | 6 + .../notes/secure-boot-cf1c134bfb75768d.yaml | 16 + ...-redfish-override-enabled-aa51686ed33d3061.yaml | 15 + releasenotes/source/victoria.rst | 6 +- requirements.txt | 10 +- tools/policy/ironic-policy-generator.conf | 2 +- tox.ini | 2 +- zuul.d/project.yaml | 5 +- 123 files changed, 5821 insertions(+), 1000 deletions(-)

Requirements updates --------------------

diff --git a/driver-requirements.txt b/driver-requirements.txt index b00680fa2..55d076e36 100644 --- a/driver-requirements.txt +++ b/driver-requirements.txt @@ -14 +14 @@ python-xclarityclient>=0.1.6 -sushy>=3.4.0 +sushy>=3.6.0 diff --git a/requirements.txt b/requirements.txt index b36a38789..df346381b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -19 +19 @@ oslo.concurrency>=4.2.0 # Apache-2.0 -oslo.config>=5.2.0 # Apache-2.0 +oslo.config>=6.8.0 # Apache-2.0 @@ -23 +23 @@ oslo.rootwrap>=5.8.0 # Apache-2.0 -oslo.log>=3.36.0 # Apache-2.0 +oslo.log>=4.3.0 # Apache-2.0 @@ -25 +25 @@ oslo.middleware>=3.31.0 # Apache-2.0 -oslo.policy>=1.30.0 # Apache-2.0 +oslo.policy>=3.6.0 # Apache-2.0 @@ -28,2 +28,2 @@ oslo.service!=1.28.1,>=1.24.0 # Apache-2.0 -oslo.upgradecheck>=0.1.0 # Apache-2.0 -oslo.utils>=3.38.0 # Apache-2.0 +oslo.upgradecheck>=1.3.0 # Apache-2.0 +oslo.utils>=4.5.0 # Apache-2.0