We are thrilled to announce the release of: ironic 24.1.0: OpenStack Bare Metal Provisioning This release is part of the caracal release series. The source is available from: https://opendev.org/openstack/ironic Download the package from: https://tarballs.openstack.org/ironic/ Please report issues through: https://bugs.launchpad.net/ironic/+bugs For more details, please see below. 24.1.0 ^^^^^^ Prelude ******* Ironic contributors are thrilled to present the release of 24.1.0, tested as part of OpenStack 2024.1 (Caracal) throughout the last six months. This release can be upgraded directly to from Ironic 21.4 as part of a SLURP (https://releases.openstack.org/#releases-with-skip- level-upgrade-release-process-slurp) upgrade from OpenStack 2023.1 (Antelope). Ironic's first release came during the 2014.1 (Icehouse) cycle -- a decade ago. In those ten years, redfish has been created, the default deploy driver has been replaced, and Ironic has expanded into the CNCF community with Metal3 (https://metal3.io). Thanks for making us a part of your cloud! New Features ************ * Adds a "http" boot interface, based upon the "pxe" boot interface which informs the DHCP server of an HTTP URL to boot the machine from, and then requests the BMC boot the machine in UEFI HTTP mode. * Adds a "http-ipxe" boot interface, based upon the "ipxe" boot interface which informs the DHCP server of an HTTP URL to boot the machine from, and then requests the BMC boot the machine in UEFI HTTP mode. * Adds node auto-discovery support to the "agent" inspection implementation. * Add support for ovn vtep switches. Operators will be able to use logical and physical switches. Minimally tested in production. * Adds a new service "ironic-pxe-filter" that is designed to work with the "agent" inspect interface to conduct "unmanaged" inspection. It is adapted from the ironic-inspector's "dnsmasq" PXE filter and can be used as its replacement. See documentation for more details. * Adds implementation of attach/detach generic virtual media device to the Redfish driver. Known Issues ************ * Testing of the "http" boot interface with Ubuntu 22.04 provided Grub2 yielded some intermittent failures which appear to be more environmental in nature as the signed Shim loader would start, then load the GRUB loader, and then some of the expected files might be attempted to be accessed, and then fail due to an apparent transfer timeout. Consultation with some grub developers concur this is likely environmental, meaning the specific grub build or CI performance related. If you encounter any issues, please do not hestitate to reach out to the Ironic developer community. Upgrade Notes ************* * Adds an online migration to the new inspection interface (https://d ocs.openstack.org/ironic/latest/admin/inspection/index.html). If the "agent" inspection is enabled and the "inspector" inspection is disabled, the "inspect_interface" field will be updated for all nodes that use "inspector" and are currently not on inspection (i.e. not in the "inspect wait" or "inspecting" states). If some nodes may be inspecting during the upgrade, you may want to run the online migrations several times with a delay to finish migrating all nodes. Deprecation Notes ***************** * The redfish vendor eject vmedia action is now deprecated and it will be removed during the next cycle in favor of the generic API. Bug Fixes ********* * Fixes Redfish virtual media boot on BMCs that only expose the VirtualMedia resource on Systems instead of Managers. For more informations, you can see bug 2039458 (https://bugs.launchpad.net/sushy/+bug/2039458). * Fixes a vague error when attempting to use the "ilo" hardware type with iLO6 hardware, by returning a more specific error suggesting action to take in order to remedy the issue. Specifically, one of the API's used by the "ilo" hardware type is disabled in iLO6 BMCs in favor of users utilizing Redfish. Operators are advised to utilize the "redfish" hardware type for these machines. * Some of Ironic's API endpoints, when the new RBAC policy is being enforced, were previously emitting *500* error codes when insufficent access rights were being used, specifically because the policy required "system" scope. This has been corrected, and the endpoints should now properly signal a *403* error code if insufficient access rights are present for an authenticated requestor. * Increases the 32-character limit of the "user" column in the "NodeHistory" model to support up to 64-character-long values. For more information, see bug (https://bugs.launchpad.net/ironic/+bug/2054594). * Fixes issues with Lenovo hardware where the system firmware may display a blue "Boot Option Restoration" screen after the agent writes an image to the host in UEFI boot mode, requiring manual intervention before the deployed node boots. This issue is rooted in multiple changes being made to the underlying NVRAM configuration of the node. Lenovo engineers have suggested to *only* change the UEFI NVRAM and not perform any further changes via the BMC to configure the next boot. Ironic now does such on Lenovo hardware. More information and background on this issue can be discovered in bug 2053064 (https://bugs.launchpad.net/ironic/+bug/2053064). * Fixes an issue where the conductor service would fail to launch when the "neutron" network_interface setting was enabled, and no global "cleaning_network" or "provisioning_network" is set in *ironic.conf.* These settings have long been able to be applied on a per-node basis via the API. As such, the service can now be started and will error on node validation calls, as designed for drivers missing networking parameters. * Each conductor now reserves a small proportion of its worker threads (5% by default) for API requests and other critical tasks. This ensures that the API stays responsive even under extreme internal load. * Provides a fix for "service" role support to enable the use case where a dedicated service project is used for cloud service operation to facilitate actions as part of the operation of the cloud infrastructure. OpenStack clouds can take a variety of configuration models for service accounts. It is now possible to utilize the "[DEFAULT] rbac_service_role_elevated_access" setting to enable users with a "service" role in a dedicated "service" project to act upon the API similar to a "System" scoped "Member" where resources regardless of "owner" or "lessee" settings are available. This is needed to enable synchronization processes, such as "nova-compute" or the "networking-baremetal" ML2 plugin to perform actions across the whole of an Ironic deployment, if desirable where a "System" scoped user is also undesirable. This functionality can be tuned to utilize a customized project name aside from the default convention "service", for example "baremetal" or "admin", utilizing the "[DEFAULT] rbac_service_project_name" setting. Operators can alternatively entirely override the "service_role" RBAC policy rule, if so desired, however Ironic feels the default is both reasonable and delineates sufficiently for the variety of Role Based Access Control usage cases which can exist with a running Ironic deployment. * Query parameters in the API that expect lists now accept repeated arguments ("param=value1¶m=value2") in addition to comma- separated strings ("param=value1,value2"). The former seems to be more common and is actually (incorrectly) used in GopherCloud. * Fixes error handling in the virtual media attachment API when the image downloading fails. Now the "last_error" field is populated correctly and the error is logged. Changes in ironic 24.0.0..24.1.0 -------------------------------- d57e11360 Bump proliantutils for pyasn1 compatibility ef8bca007 Fix data length exceeding limit error 10785a055 Release mappings for 23.1, 24.0, 24.1/2024.1 10ebbe74d Tempest test with only wholedisk for some jobs 0c735264d Release notes prelude for 2024.1/24.1 69635a159 Move back to plain pyasn1 18e22b089 reno: Update master for unmaintained/xena 6c6f034e7 reno: Update master for unmaintained/wallaby 667e7bf23 reno: Update master for unmaintained/victoria 6d046ad7b Allow usage of virtual media via System 01b868a23 Temporary move metalsmith legacy CI job to non-voting 237510ae2 Implement generic redfish vmedia attach detach b9be54882 Guide users/developers to launchpad eaf1c4fd3 Ignore generated config/policy file 616e6d120 Update regex to detect closed branch 325c2b0a9 docs: augment admin troubleshooting docs for system scope context 4b31cc1c4 Switch to qemu-img functions from ironic-lib 6.0.0 c6a400504 Fix artifical rbac policy constraint that resulted in 500s ed14b2e04 [trivial] add device_type param to attach_vmedia_device 79523c591 Fix error handling in the virtual media attach API abe8843dd Fix multiple assignment of redfish_system_id during node creation d89280676 docs: troubleshooting addition for sync period f893c740d ci: pin CI to dnsmasq 2.85 5606c431f [CI] Support for running with shards 934658dab Support more standard way of passing lists via query strings 44939f1ab Trivial: include vmedia API in the reference f28b23f8c Multiple CI updates/improvements db7e74fd7 [ci] Temporarily disable standalone job voting 89fe0396a Add inspection PXE filter service 803d08cb8 Don't import sushy conditionally, it's a requirement 27f53debb ci: Source install dnsmasq-2.87 e15c4f1bf Modify ESP configuring script of redfish document a9397f49d Split conductor-specific RPCService 6822f8b22 fix errors messaging around network mappings 50ced3a3f neutron: do not error if no cleaning/provisioning on launch 4b8e0f04a Handle jsonschema empty error message update 4fb1b813f Special case lenovo UEFI boot setup ab5d0cadb ci: support overriding the service project name 4a9a7949c Improve clarity of exception message 19bc67c19 ci: allow service role CI account usage to have elevated access 82dbaa966 Log upon completion of power sync e8cb96efc Detect ilo6 and redirect to redfish 563fb3886 [devstack-RBAC] - Edit docs to reflect RBAC changes. 047b51041 [codespell] Adding CI target for Tox Codespell d9283af21 [codespell] Adding Tox Target for Codespell 949387bd8 [codespell] Fixing Spelling Mistakes 5c781a916 Force constraints when installing a package during tox test 41ee6aa2f Ensure all errors are passed during cleaning 479438d1f follow-up: docs fix for add HTTP versions of network boot interfaces e19fd1d05 Add HTTP versions of network boot interfaces 7ca399526 Fix release mappings for 2023.2 8dd09d396 Online migration for inspect_interface inspector->agent 2ea060d30 reno: Update master for unmaintained/yoga 768f58560 packaging: reduce jsonschema revision 8b79a20d7 trivial: fix api-ref generation script b6f062a8e tox: Drop envdir 307c4572a Add node auto-discovery support for in-band inspection 0313ce26b Fix service role support ed946c4d5 Basic support for OVN VTEP switches adec0f6f0 Add a reserved workers pool (5% by default) Diffstat (except docs and test files) ------------------------------------- .gitignore | 4 + README.rst | 4 +- api-ref/regenerate-samples.sh | 8 +- api-ref/source/baremetal-api-v1-allocation.inc | 2 +- .../source/baremetal-api-v1-driver-passthru.inc | 2 +- api-ref/source/baremetal-api-v1-node-passthru.inc | 2 +- api-ref/source/baremetal-api-v1-ports.inc | 10 + api-ref/source/index.rst | 1 + api-ref/source/parameters.yaml | 4 +- devstack/files/bindep.txt | 2 +- devstack/lib/ironic | 59 ++- .../include/configure-ironic-api-mod_wsgi.inc | 2 +- driver-requirements.txt | 6 +- ironic/api/controllers/v1/allocation.py | 18 +- ironic/api/controllers/v1/collection.py | 2 +- ironic/api/controllers/v1/deploy_template.py | 2 +- ironic/api/controllers/v1/node.py | 10 +- ironic/api/controllers/v1/port.py | 18 + ironic/api/controllers/v1/ramdisk.py | 64 ++- ironic/api/controllers/v1/utils.py | 27 +- ironic/api/controllers/v1/versions.py | 6 +- ironic/api/functions.py | 6 +- ironic/api/method.py | 2 +- ironic/cmd/api.py | 2 +- ironic/cmd/conductor.py | 2 +- ironic/cmd/dbsync.py | 1 + ironic/cmd/pxe_filter.py | 73 +++ ironic/cmd/singleprocess.py | 2 +- ironic/common/args.py | 7 +- ironic/common/cinder.py | 2 +- ironic/common/context.py | 7 + ironic/common/exception.py | 4 + ironic/common/images.py | 12 +- ironic/common/keystone.py | 2 +- ironic/common/neutron.py | 45 +- ironic/common/policy.py | 52 ++- ironic/common/pxe_utils.py | 108 +++-- ironic/common/release_mappings.py | 92 +++- ironic/common/rpc_service.py | 107 +---- ironic/common/utils.py | 2 +- ironic/conductor/allocations.py | 2 +- ironic/conductor/base_manager.py | 50 +- ironic/conductor/cleaning.py | 2 +- ironic/conductor/deployments.py | 2 +- ironic/conductor/inspection.py | 10 +- ironic/conductor/manager.py | 87 ++-- ironic/conductor/rpc_service.py | 125 +++++ ironic/conductor/rpcapi.py | 3 +- ironic/conductor/servicing.py | 2 +- ironic/conductor/utils.py | 29 +- ironic/conf/anaconda.py | 2 +- ironic/conf/conductor.py | 6 + ironic/conf/default.py | 36 ++ ironic/conf/inspector.py | 34 ++ ironic/conf/sensor_data.py | 2 +- ironic/db/api.py | 2 +- .../01f21d5e5195_increase_length_of_user_column.py | 33 ++ ironic/db/sqlalchemy/api.py | 68 ++- ironic/db/sqlalchemy/models.py | 2 +- ironic/drivers/base.py | 4 +- ironic/drivers/generic.py | 2 +- ironic/drivers/modules/agent.py | 4 +- ironic/drivers/modules/agent_base.py | 23 +- ironic/drivers/modules/agent_client.py | 2 +- .../ansible/playbooks/roles/clean/tasks/zap.yaml | 2 +- ironic/drivers/modules/deploy_utils.py | 2 +- ironic/drivers/modules/drac/boot.py | 13 +- ironic/drivers/modules/drac/inspect.py | 7 +- ironic/drivers/modules/drac/management.py | 2 +- ironic/drivers/modules/drac/raid.py | 2 +- ironic/drivers/modules/drac/utils.py | 4 +- ironic/drivers/modules/ilo/bios.py | 2 +- ironic/drivers/modules/ilo/common.py | 2 +- ironic/drivers/modules/ilo/firmware_processor.py | 2 +- ironic/drivers/modules/ilo/management.py | 4 +- ironic/drivers/modules/ilo/power.py | 13 +- ironic/drivers/modules/inspect_utils.py | 172 ++++--- .../inspector/hooks/local_link_connection.py | 2 +- ironic/drivers/modules/inspector/lldp_tlvs.py | 2 +- ironic/drivers/modules/ipmitool.py | 8 +- ironic/drivers/modules/ipxe.py | 13 + ironic/drivers/modules/irmc/common.py | 4 +- ironic/drivers/modules/irmc/power.py | 2 +- ironic/drivers/modules/irmc/vendor.py | 2 +- ironic/drivers/modules/network/common.py | 2 +- ironic/drivers/modules/network/neutron.py | 18 +- ironic/drivers/modules/pxe.py | 11 + ironic/drivers/modules/pxe_base.py | 106 ++++- ironic/drivers/modules/ramdisk.py | 2 +- ironic/drivers/modules/redfish/bios.py | 11 +- ironic/drivers/modules/redfish/boot.py | 327 ++++++++----- ironic/drivers/modules/redfish/firmware.py | 13 +- ironic/drivers/modules/redfish/inspect.py | 63 +-- ironic/drivers/modules/redfish/management.py | 130 +++--- ironic/drivers/modules/redfish/power.py | 43 +- ironic/drivers/modules/redfish/raid.py | 20 +- ironic/drivers/modules/redfish/utils.py | 17 +- ironic/drivers/modules/redfish/vendor.py | 5 +- ironic/drivers/modules/xclarity/common.py | 4 +- ironic/objects/conductor.py | 2 +- ironic/objects/node.py | 2 +- ironic/pxe_filter/__init__.py | 0 ironic/pxe_filter/dnsmasq.py | 215 +++++++++ ironic/pxe_filter/service.py | 104 +++++ .../unit/api/controllers/v1/test_allocation.py | 2 +- .../api/controllers/v1/test_deploy_template.py | 24 +- .../unit/{common => conductor}/test_rpc_service.py | 2 +- .../unit/drivers/modules/drac/test_inspect.py | 4 +- .../unit/drivers/modules/drac/test_management.py | 19 +- .../inspector/hooks/test_local_link_connection.py | 2 +- .../unit/drivers/modules/network/test_flat.py | 18 +- .../unit/drivers/modules/network/test_neutron.py | 48 +- .../unit/drivers/modules/redfish/test_bios.py | 12 +- .../unit/drivers/modules/redfish/test_boot.py | 519 +++++++++++++++++++-- .../unit/drivers/modules/redfish/test_firmware.py | 4 +- .../unit/drivers/modules/redfish/test_inspect.py | 4 +- .../drivers/modules/redfish/test_management.py | 11 +- .../unit/drivers/modules/redfish/test_power.py | 11 +- .../unit/drivers/modules/redfish/test_raid.py | 11 +- .../unit/drivers/modules/redfish/test_utils.py | 4 +- .../unit/drivers/modules/redfish/test_vendor.py | 4 +- .../unit/drivers/modules/test_inspect_utils.py | 19 +- releasenotes/config.yaml | 2 +- .../2024.1-release-prelude-c5ab735c0dc6af5c.yaml | 13 + .../add-automatic-lessee-88f8ecab7c76b65f.yaml | 4 +- ...add-execute-on-child-node-20910aecb8f8b714.yaml | 6 +- .../add-http-boot-support-a5a90e87a91a87d5.yaml | 21 + .../notes/add-iso-suffix-557a4fc4382fd7f3.yaml | 2 +- ...retryable-ipmitool-errors-1c9351a89ff0ec1a.yaml | 2 +- ...rbac-project-manager-role-7ffc52f78ff93432.yaml | 2 +- .../add-sqlite-db-retries-f493d5d7aa6db78b.yaml | 2 +- .../add-verify-steps-support-2b34a74e86f89cb4.yaml | 2 +- ...add-vmedia-system-support-5d81316d02b909b9.yaml | 6 + ...d-warning-in-ilo-for-ilo6-c400b35f55b81f50.yaml | 9 + ...ac-originating-500-errors-4b54977631a015d9.yaml | 8 + .../allocations-charset-5384d1ea00964bdd.yaml | 2 +- ...aconda-config-drive-fixes-5880884e34584549.yaml | 2 +- ...anaconda-deploy-interface-c04932f6f469227a.yaml | 2 +- ...t-cert-validation-disable-6611d3cb9401031d.yaml | 2 +- ...ble-device-name-filtering-0adfca7d8ba4cbcc.yaml | 2 +- .../notes/auto-discovery-e90267eae7fb6f96.yaml | 5 + ...cache-firmware-components-485b3343ba1db5ee.yaml | 2 +- ...ss-pattern-for-node-lists-a333dd9c5afa737d.yaml | 2 +- ...assic-drivers-deprecation-de464065187d4c14.yaml | 2 +- ...-waits-when-low-on-memory-d73892a79cde0516.yaml | 2 +- ..._embedded_ipa_error_codes-c8fdfaa9e6a1ed06.yaml | 2 +- ...rce-path-handling-lookups-4ce2023a56372f10.yaml | 2 +- ...-field-overhead-reduction-40be1821e38b468c.yaml | 4 +- ...ulitple-driver-interfaces-e42e4fa1c960f596.yaml | 4 +- ...eprecate-syslinux-support-98d327c67607fc8e.yaml | 4 +- .../notes/deprecate-xclarity-d687571fb65ad099.yaml | 2 +- ...-online-version-migration-db432a7b239647fa.yaml | 4 +- ...onsole-subprocess-timeout-d3eccfe0440013d7.yaml | 2 +- ...-vmedia-boot-method-label-8008f49ace96f1cc.yaml | 4 +- ...out-hung-ipmitool-process-519c7567bcbaa882.yaml | 2 +- ...ial-version-no-such-table-54c3c291050ae787.yaml | 2 +- ...uefi-disk-pxe-persistance-0d871825591918b5.yaml | 4 +- .../notes/hash-ring-race-da0d584de1f46788.yaml | 2 +- ...-verification-enhancement-8eefd541cfc2a9da.yaml | 2 +- ...de-supports-sha256-sha512-ae76569042750a07.yaml | 2 +- ...history_user_column_limit-8da6ae03288bff26.yaml | 6 + .../inspection-fast-track-ab5165e11d3e9522.yaml | 2 +- ...mi-disable-timeout-option-e730362007f9bedd.yaml | 2 +- ...-command-line-ip-argument-4e92cf8bb912f62d.yaml | 4 +- .../ironic-12.0-prelude-9dd8e80a1a3e8f60.yaml | 2 +- .../ironic-antelope-prelude-0b77964469f56b13.yaml | 4 +- ...boot-to-disk-calls-lenovo-39763bfc98f602d8.yaml | 13 + .../limit-memory-consumption-c7949a49853ba83d.yaml | 2 +- .../notes/migrate-inspector-48de1216ef81f43a.yaml | 13 + ...o-longer-scope-restricted-b455f66a751f10ec.yaml | 4 +- .../ovn-vtep-switch-support-506686368ebf17c6.yaml | 6 + ...-without-neutron-networks-d4aa21654f9c07bf.yaml | 9 + .../project-scoped-rbac-063c44ba593bb82a.yaml | 4 +- .../notes/pxe-filter-b57b7f5f2b1e1974.yaml | 7 + .../raid-remove-root-hint-ec87efd18e894256.yaml | 2 +- ...b-use-user-kernel-ramdisk-7d572fe130932605.yaml | 2 +- ...fish-attach-detach-vmedia-0056faf815724d10.yaml | 9 + ...ride-not-present-handling-92e7263617e467c4.yaml | 2 +- .../notes/reserved-workers-3cc0af8782b00fcc.yaml | 6 + .../notes/reset-interface-e62036ac76b87486.yaml | 2 +- ...-project-service-role-fix-e4d1a8c23856926a.yaml | 41 ++ ...-rbac-deprecation-for-now-779898e720a7bf4e.yaml | 2 +- ...t-console-port-alloc-ipv6-26760f53f86209d0.yaml | 2 +- .../notes/string-list-6098010bfdce9149.yaml | 7 + ...tem-scoped-authentication-28e3651de250bea8.yaml | 2 +- .../notes/vmedia-error-ef4eac3d08761d5c.yaml | 6 + releasenotes/source/victoria.rst | 2 +- releasenotes/source/wallaby.rst | 2 +- releasenotes/source/xena.rst | 2 +- releasenotes/source/yoga.rst | 2 +- requirements.txt | 6 +- setup.cfg | 18 + test-requirements.txt | 4 +- tools/config/ironic-config-generator.conf | 1 + tools/test-setup.sh | 2 +- tox.ini | 15 +- zuul.d/ironic-jobs.yaml | 64 ++- zuul.d/project.yaml | 32 +- 270 files changed, 4972 insertions(+), 1225 deletions(-) Requirements updates -------------------- diff --git a/driver-requirements.txt b/driver-requirements.txt index b0852d005..8b5bec94c 100644 --- a/driver-requirements.txt +++ b/driver-requirements.txt @@ -7 +7 @@ -proliantutils>=2.16.0 +proliantutils>=2.16.2 @@ -9,2 +9,2 @@ pysnmp-lextudio>=5.0.0 # BSD -pyasn1-lextudio>=1.1.0 # BSD -pyasn1-modules-lextudio>=0.2.0 # BSD +pyasn1>=0.5.1 # BSD +pyasn1-modules>=0.3.0 # BSD diff --git a/requirements.txt b/requirements.txt index f87070972..3ec1147f5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -17 +17 @@ keystoneauth1>=4.2.0 # Apache-2.0 -ironic-lib>=5.5.0 # Apache-2.0 +ironic-lib>=6.0.0 # Apache-2.0 @@ -44 +44 @@ oslo.versionedobjects>=1.31.2 # Apache-2.0 -jsonschema>=3.2.0 # MIT +jsonschema>=4.0.0 # MIT @@ -49 +49 @@ openstacksdk>=0.48.0 # Apache-2.0 -sushy>=4.7.0 +sushy>=4.8.0 diff --git a/test-requirements.txt b/test-requirements.txt index 57c4a9c2c..6d9213179 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -17,2 +17,2 @@ pysnmp-lextudio>=5.0.0 # BSD -pyasn1-lextudio>=1.1.0 # BSD -pyasn1-modules-lextudio>=0.2.0 # BSD +pyasn1>=0.5.1 # BSD +pyasn1-modules>=0.3.0 # BSD