We are pleased to announce the release of: ironic-python-agent 10.2.0 This release is part of the epoxy release series. The source is available from: https://opendev.org/openstack/ironic-python-agent Download the package from: https://tarballs.openstack.org/ironic-python-agent/ Please report issues through: https://bugs.launchpad.net/ironic-python-agent/+bugs For more details, please see below. 10.2.0 ^^^^^^ New Features ************ * Adds support to Ironic-Python-Agent to facilitate deployment of bootable containers. This is an experimental feature for standalone users. Operators wishing to disable this feature, can leverage the "[DEFAULT]disable_bootc_deploy" option in "ironic-python- agent.conf". Bug Fixes ********* * Fixes a potential security issue where a third party may be able to retrieve potentially sensitive data in command result output from the agent. If a request comes in with an "agent_token" to the command results endpoint, the agent will now require all future calls to leverage the token to retrieve results and validate that token's validity. This effectively eliminates the possibility of a malicious entity with access to the agent's API endpoint from capturing the command results from agent operations. * Prevents IPA from restarting on tenant networks during rescue operations by adding proper lockdown. Changes in ironic-python-agent 10.1.0..10.2.0 --------------------------------------------- 91f52035 Doc: Fix incorrect function in example code 14009b99 Missing __init__.py file fd8032b3 Fix the way qemu-img is called with prlimits 6c22ab2d Remove pre-victoria cycle agent token transition upgrade support a6ca6520 Lockout agent command results if a token is received 39687159 Revert "Add token validation to GET command endpoints" a42980a0 Ensure IPA is locked down in rescue mode 6f860995 Add token validation to GET command endpoints c4998fc5 oci: permit an 'unknown' but valid image a132e167 oci: Enable embedded authentication passing ced6f3a0 Trivial:Remove codespell job (moved to pre-commit) c8763bba follow-up: update release note for bootable container work fe55bee4 Revert "Configure ipa bugfix 10.1" 1508cc4c Bootable container support 412c8f3f Configure ipa bugfix 10.1 Diffstat (except docs and test files) ------------------------------------- bindep.txt | 1 + ironic_python_agent/agent.py | 33 +- ironic_python_agent/api/app.py | 18 +- ironic_python_agent/config.py | 5 + ironic_python_agent/disk_utils.py | 4 +- ironic_python_agent/extensions/rescue.py | 6 + ironic_python_agent/extensions/standby.py | 273 ++++++++++++- ironic_python_agent/hardware.py | 47 +++ ironic_python_agent/metrics_lib/__init__.py | 0 ironic_python_agent/qemu_img.py | 2 +- .../add-support-for-bootc-70b8a4546b176ab4.yaml | 8 + .../lockout-command-result-a368187515385270.yaml | 11 + ...vent-restart-after-rescue-2cdd9cb03c0efb1b.yaml | 5 + zuul.d/ironic-python-agent-jobs.yaml | 7 - zuul.d/project.yaml | 2 - 24 files changed, 992 insertions(+), 36 deletions(-)