We are psyched to announce the release of: ironic 28.0.0 This release is part of the epoxy release series. The source is available from: https://opendev.org/openstack/ironic Download the package from: https://tarballs.openstack.org/ironic/ Please report issues through: https://bugs.launchpad.net/ironic/+bugs For more details, please see below. 28.0.0 ^^^^^^ New Features ************ * Adds a schema validation framework to the API. This allows for the validation of incoming requests and outgoing responses against a JSON schema, right at the beginning and end of the request processing pipeline. * Adds support for setting "disable_power_off" on node creation along with set/unset "disable_power_off" on existing nodes. If set to "true", power off for the node is explicitly disabled, instead, a reboot will be used in place of power on/off. Additionally, when possible, the node will be disabled (i.e., its API agent will be rendered unusable and network configurationwill be removed) instead of being powered off. * Node history API now support querying with sort_key and sort_dir. Known Issues ************ * IPv6 testing in the upstream Continuous Integration (CI) pipelines has been removed. This was the result of the move to UEFI booting in general, combined with the the state of the EDK2 virtual machine firmware which is known to have many issues with IPv6 (https://gith ub.com/tianocore/edk2/issues?q=is%3Aissue%20state%3Aopen%20ipv6), and thus cannot be tested in an automated fashion upstream. Previously Ironic tested IPv6 utilizing BIOS boot, but recent move to leverage Ubuntu Noble in upstream CI also limited the community's options as the BIOS ROM firmware images no longer contain IPv6 support. As a result of this, we are forced to remove the CI job from testing. We hope to restore this testing at some point in the future, should EDK2 fix some of the known issues. This issue does not impact support for physical machines which has long been validated as known working through operator reports and downstream vendor testing activities. Upgrade Notes ************* * The configuration option "fatal_exception_format_errors" has been removed from the "[DEFAULT]" group. * The ironic-lib library has been retired and is no longer required for operation of Ironic. * If you upgrade while running a redfish interface based BIOS job, you job may not complete due to a change in the internal state variables stored. Ensure none of these operations are in flight when upgrading. Deprecation Notes ***************** * The configuration option "fatal_exception_format_errors" is deprecated from "[ironic_lib]" group and should be migrated to the "[errors]/fatal_exception_format_errors". The old location "[ironic_lib]/fatal_exception_format_errors" will be respected during the deprecation period. Bug Fixes ********* * The image format inspection and image safety check have been disabled for ISO images cached by Ironic. The feature has been disabled in order to fix issues originally described in bug 2091611. On occasion Ironic has detected multiple image formats for ISO image that contained GPT, the issue originated from the fact that by default the oslo_utils.imageutils library handles the GPT partition table format as additional image format but allows only 1 image format for each image and throws an error if it detects gpt+iso. As the image inspection and safety check was intended to fix a security problem related to qemu-img-tools and qcow images, it has been decided that the inspection and safety check can be disabled ISO images without degrading Ironic's security. * Fixes step validation where some of the reserved step names, "hold", and "wait", were not being properly handled by the step validation code. * Fixes an issue where operators executing complex arrangement of steps which include out-of-band and in-band steps, for example a hardware RAID "create_configuration" step followed by in-band steps inside of the agent, would effectively get the agent stuck in a "wait" state in the Cleaning, Servicing, or Deploying workflows. This was related to the way out-of-band steps are executed and monitored. Ironic, before starting to execute a new step, now cleans the polling lockout flag for the respective workflow being executed to prevent the agent from getting stuck. For more information, please see bug 2096938 (https://bugs.launchpad.net/ironic/+bug/2096938). * Fixes the power handling flow as it relates to "child nodes", i.e. bare metal nodes which have a "parent_node" set, such that power is turned off on those nodes when the parent node is powered off, and that power is turned on for the parent node when the child node is explicitly requested to be in a "power on" state. This does not apply if the child node device has a dedicated power supply, as indicated through a "driver_info" parameter named "has_dedicated_power_supply" which can be set to a value of "true". * The fix for CVE-2024-47211 results in image checksum being required in all cases. However there is no checksum requirement for file:// based images. When checksum is missing for file:// based image_source it is now calculated on-the-fly. * Fixes an error within the redfish session cache when no "redfish_password" is specified bug 2097019 (https://bugs.launchpad.net/ironic/+bug/2097019). * Fix portgroup deletion failure by resolving id/uuid mix-up and adding a port-to-portgroup join query. * Update the node cache after a successful servicing and cleaning. This ensures the node information is correctly updated in the database. Changes in ironic 27.0.0..28.0.0 -------------------------------- 15a3daab3 Trivial: Clean up residual `.vbmc` dir after clean 3ecae32d3 Support querying node history with sort_key and sort_dir 1b2482c83 doc: fix typo and slight wording order for networking 91b656d31 Fix redfish session cache on missing password b1f3ea412 doc: define the shape of inspection inventory f544ec706 allow docs targets to run dot 5db194c50 Fix agent from being locked out with complex steps befcb9736 move inspection hooks initialization be2bd0ea0 CI: Remove IPv6 testing 4e782d37e [doc] Add node history to admin guide 209c8a996 Add lsblk output to metal3 logs b6275912c Fix hold/wait step logic in step validation c5cb73946 Fix typo calling save_and_reraise_exception 23e486a1b Force legacy boot for metal3 integration job 6be699924 Resolve portgroup deletion failure 19ad83b6f Migrate documentation from ironic-lib d71002762 doc/source/admin fixes part-3 74d239d4e Migrate ironic_lib to ironic 62285e711 Fix bugfix branch release info f7ca9ac93 trivial: remove xclarity remenent 399cc207d disable ISO cache image format and safety checks b827c7bf7 Calculate missing checksum for file:// based images 95f514da0 Replace crypt module 92d01258a CI: Remove legacy metalsmith job 337871c82 Imported Translations from Zanata 231d7f47e enable ruff in pre-commit with some initial lints d4d4c099c move imports to top of file for lints 233251c8b CI: Detail job removal permission 8aff176d3 docs: mention bug 1995078 5c0869bfb doc/source/admin fixes part-2 f5ffda75f change ambiguous variable name 6bfd84b66 apply line length rules to the doc directory 42d05e9a0 The i18n function is used but not imported 67978311d docs: clarification around setting port llc data cdf5e1f2e clean up lints for automated_steps doc plugin f6904d978 Update Node Cache after Successful Clean/Service c980a6de4 docs: note ipv6 is a good idea with neutron interface bf8ec3f0e reno: Update master for unmaintained/2023.1 ab26fe511 Trivial deprecation fixes. a5af5ae5c Use OVN and OVS from OS packages in CI 13f61e674 Allow setting of disable_power_off via API 93ad67a44 api: Add schema validation framework 62ce5ccae docs: final cleanup pass on networking 59e642397 Run metal3 integration job on ubuntu noble 1b6ab89e8 docs: rewrite ml2 and update physnet context b12f28dd9 docs: change network setup steps into the commands e02fa1591 docs: begin making a general networking document 4fe0ad357 First pass on some strucutral context setting for networking c49bd143f api: Introduce new mechanism for API versioning 757bf27ca Task Manager: Log if the lock takes too long 669304bc0 Replace image_format_inspector with its oslo.utils version a0dddb19a Agent deploy: account for disable_power_off 26966bb15 Neutron: account for disable_power_off f53ccb647 Handle Power On/Off for child node cases 0a526482e Skip functional tests on pre-commit config update f13ae500c dedup reboot request in redfish bios path d295c3e15 IPMI power: account for disable_power_off 13d38c035 docs: add additional content for host clock skew Diffstat (except docs and test files) ------------------------------------- .pre-commit-config.yaml | 5 + .../source/baremetal-api-v1-node-management.inc | 3 + api-ref/source/baremetal-api-v1-nodes.inc | 13 +- api-ref/source/parameters.yaml | 18 + devstack/lib/ironic | 20 +- devstack/plugin.sh | 20 +- .../contributor/ironic-multitenant-networking.rst | 6 +- ironic/api/app.py | 2 +- ironic/api/controllers/link.py | 6 +- ironic/api/controllers/v1/allocation.py | 2 +- ironic/api/controllers/v1/bios.py | 2 +- ironic/api/controllers/v1/chassis.py | 2 +- ironic/api/controllers/v1/conductor.py | 2 +- ironic/api/controllers/v1/deploy_template.py | 2 +- ironic/api/controllers/v1/driver.py | 2 +- ironic/api/controllers/v1/event.py | 2 +- ironic/api/controllers/v1/firmware.py | 2 +- ironic/api/controllers/v1/node.py | 23 +- ironic/api/controllers/v1/port.py | 2 +- ironic/api/controllers/v1/portgroup.py | 2 +- ironic/api/controllers/v1/runbook.py | 2 +- ironic/api/controllers/v1/shard.py | 28 +- ironic/api/controllers/v1/utils.py | 3 +- ironic/api/controllers/v1/versions.py | 4 +- ironic/api/controllers/v1/volume_connector.py | 2 +- ironic/api/controllers/v1/volume_target.py | 2 +- ironic/api/schemas/v1/shard.py | 39 + ironic/api/validation/__init__.py | 365 +++++++ ironic/api/validation/validators.py | 121 +++ ironic/common/async_steps.py | 6 +- ironic/common/auth_basic.py | 203 ++++ ironic/common/checksum_utils.py | 15 +- ironic/common/exception.py | 139 ++- ironic/common/fsm.py | 8 +- ironic/common/image_format_inspector.py | 1038 -------------------- ironic/common/image_publisher.py | 3 +- ironic/common/images.py | 90 +- .../xclarity => common/json_rpc}/__init__.py | 0 ironic/common/json_rpc/client.py | 241 +++++ ironic/common/json_rpc/server.py | 281 ++++++ ironic/common/json_rpc/wsgi.py | 77 ++ ironic/common/keystone.py | 64 +- ironic/common/kickstart_utils.py | 4 +- ironic/common/mdns.py | 185 ++++ ironic/common/metrics.py | 307 ++++++ ironic/common/metrics_collector.py | 120 +++ ironic/common/metrics_statsd.py | 92 ++ ironic/common/metrics_utils.py | 76 ++ ironic/common/policy.py | 10 + ironic/common/pxe_utils.py | 16 +- ironic/common/release_mappings.py | 2 +- ironic/common/rpc_service.py | 2 +- ironic/common/utils.py | 468 ++++++++- ironic/common/wsgi_service.py | 6 +- ironic/conductor/allocations.py | 2 +- ironic/conductor/base_manager.py | 2 +- ironic/conductor/cleaning.py | 6 + ironic/conductor/deployments.py | 6 +- ironic/conductor/manager.py | 20 +- ironic/conductor/periodics.py | 2 +- ironic/conductor/rpcapi.py | 2 +- ironic/conductor/servicing.py | 7 + ironic/conductor/steps.py | 3 +- ironic/conductor/task_manager.py | 11 + ironic/conductor/utils.py | 94 +- ironic/conf/__init__.py | 8 +- ironic/conf/conductor.py | 2 +- ironic/conf/disk_utils.py | 2 +- ironic/conf/{metrics_statsd.py => exception.py} | 21 +- ironic/conf/json_rpc.py | 79 ++ ironic/conf/mdns.py | 44 + ironic/conf/metrics.py | 48 + ironic/conf/neutron.py | 8 +- ironic/conf/opts.py | 8 +- ironic/db/api.py | 27 +- ironic/db/sqlalchemy/api.py | 33 +- ironic/drivers/modules/agent.py | 71 +- ironic/drivers/modules/agent_base.py | 25 +- ironic/drivers/modules/agent_client.py | 76 +- ironic/drivers/modules/ansible/deploy.py | 6 +- ironic/drivers/modules/console_utils.py | 3 +- ironic/drivers/modules/deploy_utils.py | 64 +- ironic/drivers/modules/drac/management.py | 2 +- ironic/drivers/modules/drac/raid.py | 2 +- ironic/drivers/modules/drac/utils.py | 1 + ironic/drivers/modules/ilo/bios.py | 2 +- ironic/drivers/modules/ilo/boot.py | 2 +- ironic/drivers/modules/ilo/common.py | 7 +- ironic/drivers/modules/ilo/console.py | 3 +- ironic/drivers/modules/ilo/inspect.py | 2 +- ironic/drivers/modules/ilo/management.py | 2 +- ironic/drivers/modules/ilo/power.py | 2 +- ironic/drivers/modules/ilo/raid.py | 2 +- ironic/drivers/modules/ilo/vendor.py | 3 +- ironic/drivers/modules/image_cache.py | 23 +- ironic/drivers/modules/image_utils.py | 4 +- ironic/drivers/modules/inspect_utils.py | 61 ++ ironic/drivers/modules/inspector/agent.py | 3 +- ironic/drivers/modules/inspector/hooks/base.py | 69 -- .../drivers/modules/inspector/hooks/root_device.py | 8 +- ironic/drivers/modules/ipmitool.py | 25 +- ironic/drivers/modules/irmc/bios.py | 2 +- ironic/drivers/modules/irmc/boot.py | 6 +- ironic/drivers/modules/irmc/inspect.py | 2 +- ironic/drivers/modules/irmc/management.py | 2 +- ironic/drivers/modules/irmc/power.py | 2 +- ironic/drivers/modules/irmc/raid.py | 2 +- ironic/drivers/modules/network/neutron.py | 6 + ironic/drivers/modules/pxe.py | 2 +- ironic/drivers/modules/pxe_base.py | 2 +- ironic/drivers/modules/ramdisk.py | 2 +- ironic/drivers/modules/redfish/bios.py | 28 +- ironic/drivers/modules/redfish/firmware.py | 2 +- ironic/drivers/modules/redfish/management.py | 2 +- ironic/drivers/modules/redfish/raid.py | 5 +- ironic/drivers/modules/redfish/utils.py | 6 +- ironic/drivers/modules/redfish/vendor.py | 2 +- ironic/drivers/utils.py | 16 + ironic/objects/node.py | 11 + ironic/objects/portgroup.py | 2 +- ironic/pxe_filter/service.py | 2 +- .../unit/drivers/modules/ansible/test_deploy.py | 3 +- .../unit/drivers/modules/network/test_neutron.py | 11 + .../unit/drivers/modules/redfish/test_bios.py | 26 +- .../unit/drivers/modules/test_agent_client.py | 75 ++ .../unit/drivers/modules/test_console_utils.py | 12 +- .../unit/drivers/modules/test_deploy_utils.py | 55 +- playbooks/metal3-ci/post.yaml | 1 + playbooks/metal3-ci/run.yaml | 1 + pyproject.toml | 19 + ...hema_validation_framework-eaac62cfecb132b0.yaml | 6 + ...isable_img_validation_iso-3d694a83576bf189.yaml | 14 + .../disable_power_off_api-a8fa90405a9261e3.yaml | 9 + ...x-hold-wait-service-steps-37dc91fd7393b180.yaml | 5 + ...polling-lockout-for-steps-b9645f0cae18da1e.yaml | 13 + ...power-ops-for-child-nodes-67a11f1900ce137a.yaml | 11 + .../ironic-lib-deprecation-422f7ef145acb74f.yaml | 12 + .../missing_file_checksum-4931c98031951486.yaml | 7 + .../node-history-sort-query-1177fb609d1b6173.yaml | 4 + ...sh-allow-missing-password-ce4fb161d35a6850.yaml | 6 + .../notes/redfish-dedup-bios-c50a6d45f272355a.yaml | 6 + .../remove-ipv6-testing-9f8209d57a9e9320.yaml | 19 + ...ortgroup-deletion-failure-3b3b8b3253c0b902.yaml | 5 + ...essful-servicing-cleaning-7433c493e31742b0.yaml | 6 + releasenotes/source/2023.1.rst | 2 +- .../locale/en_GB/LC_MESSAGES/releasenotes.po | 109 +- .../source/locale/ja/LC_MESSAGES/releasenotes.po | 159 --- requirements.txt | 6 +- tools/benchmark/generate-statistics.py | 2 +- tools/config/ironic-config-generator.conf | 6 - tox.ini | 7 +- zuul.d/ironic-jobs.yaml | 35 +- zuul.d/metal3-jobs.yaml | 5 +- zuul.d/project.yaml | 21 +- 213 files changed, 7316 insertions(+), 2903 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 70f616200..2f3705f9b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12 +11,0 @@ keystoneauth1>=4.2.0 # Apache-2.0 -ironic-lib>=6.0.0 # Apache-2.0 @@ -26 +25 @@ oslo.upgradecheck>=1.3.0 # Apache-2.0 -oslo.utils>=4.5.0 # Apache-2.0 +oslo.utils>=8.0.0 # Apache-2.0 @@ -47,0 +47,3 @@ microversion-parse>=1.0.1 # Apache-2.0 +zeroconf>=0.24.0 # LGPL +os-service-types>=1.7.0 # Apache-2.0 +bcrypt>=3.1.3 # Apache-2.0