We are psyched to announce the release of: ironic-python-agent 6.4.0: Ironic Python Agent Ramdisk This release is part of the victoria stable release series. The source is available from: https://opendev.org/openstack/ironic-python-agent Download the package from: https://tarballs.openstack.org/ironic-python-agent/ Please report issues through: https://storyboard.openstack.org/#!/project/openstack/ironic- python-agent For more details, please see below. 6.4.0 ^^^^^ New Features ************ * Enables support in IPA for hosting the API server over TLS. Using this support requires setting "[DEFAULT]listen_tls" to True, and then setting "[ssl]cert_file", "[ssl]key_file", and optionally "[ssl]ca_file" to files embedded in the ramdisk IPA runs inside. * When a recent enough version of ironic is detected and "listen_tls" is "False", agent will now generate a self-signed TLS certificate and send it to ironic on heartbeat. This ensures encrypted communication from ironic to the agent. Set "enable_auto_tls" to "False" to disable this behavior. * The "logs" inspection collector is now enabled by default, change "ipa-inspection-collectors" to disable. Upgrade Notes ************* * IPA heartbeat intervals now rely on accurate clock time. Any clean or deploy steps which attempt to sync the clock may cause heartbeats to not be emitted. IPA syncs time at startup and shutdown, so these steps should not be required. Bug Fixes ********* * Fixes an issue with nodes undergoing fast-track from introspection to deployment where the agent internal cache of the node may be stale. In particular, this can be observed if node does not honor a root device hint which is saved to Ironic's API *after* the agent was started. More information can be found in story 2008039 (https://storyboard.openstack.org/#!/story/2008039). * Fixes a minor incorrect keyword argument that was matching between the method caller and the unit test but not the actual method, unit test, and caller. This was a non-fatal issue, and should now permit the agent to attempt to lookup the node one last time before deploying the instance image to pick-up a root device hint. * Fixes an issue with the IntelCnaHardwareManager which prevented hardware managers with lower priority to be executed and therefore may blocked the initialization and collection of hardware these managers are supposed to take care of. * Fixes a bug where the partitions created during software RAID setup are cleaned too early and therefore may prevent the proper cleaning of the md superblocks. Leaving superblocks behind will impact the creation of new md devices later on. * Detects md component devices by their UUID, rather than by scanning the output of mdadm. This will prevent that devices miss md superblock cleanup when they are currently not part of an array. * Since the Ussuri release, IPA has ignored the listen_host and listen_port directives. This fixes the behavior and restores those configuration values to working status. https://storyboard.openstack.org/#!/story/2008016 Other Notes *********** * Adds an explicit capture of connectivity failures in the heartbeat process to provide a more verbose error message in line with what is occuring as opposed to just indicating that an error occured. This new exception is called "HeartbeatConnectionError" and is likely only going to be visible if there is a local connectivity failure such as a router failure, switchport in a blocking state, or connection centered transient failure. Changes in ironic-python-agent 6.3.0..6.4.0 ------------------------------------------- 044c64d Software RAID: Get component devices by md UUID c7aec77 Software RAID: Don't delete partitions too early 565d596 Document ramdisk TLS and update existing TLS docs 4b0ef13 Fix: make Intel CNA hardware manager none generic a01646f Simplify heartbeating by removing use of select() afb521d CI: Lower memory usage of VMs/Increase swap 8f49757 Documentation: fix incorrect step names fe6b687 When reporting that agent is busy, report the executed command 9dd968f [doc] Clarify custom hardware manager inheritance 021e0a6 Generate a TLS certificate and send it to ironic 6a80564 Refactor API version negotiation code 08fdae9 Fix l-c 3426963 Fix backup node lookup 9b75453 Fix and run the correct functional tests job 63513ae Remove unused jobs 85bd44d Prepare to move ipa-builder jobs 1d11f0b If listen_tls is true, enable TLS on wsgi server 700c14c Move ironic-standalone-ipa-src to Ubuntu Focal 4716669 Replace oslo's loopingcall with tenacity 7d0ad36 Make WSGI server respect listen_* directives d3c3d4d Update the cache if we don't have a root device hint ffacb71 Document in-band deploy steps and add more docs for custom steps 3faf13b Refactor and fix documentation 82c7043 Remove experimental jobs d415287 Revert "Temporary disable multiple jobs to land CI fixes." 2a5ba7e Increase memory for tinyipa jobs 9ebab1b Temporary disable multiple jobs to land CI fixes. f670f70 Clarify connection error on heartbeats d50ff06 Enable the logs collection by default ba6ca24 Add possibility to pass global request ID Diffstat (except docs and test files) ------------------------------------- ironic_python_agent/__init__.py | 8 + ironic_python_agent/agent.py | 91 +++++---- ironic_python_agent/api/app.py | 25 ++- ironic_python_agent/config.py | 26 ++- ironic_python_agent/errors.py | 19 ++ ironic_python_agent/extensions/base.py | 2 +- ironic_python_agent/extensions/iscsi.py | 3 +- ironic_python_agent/extensions/standby.py | 6 +- ironic_python_agent/hardware.py | 143 +++++++++++--- ironic_python_agent/hardware_managers/cna.py | 23 +-- ironic_python_agent/ironic_api_client.py | 69 ++++--- ironic_python_agent/tls_utils.py | 111 +++++++++++ lower-constraints.txt | 6 +- .../add-optional-tls-support-3ab6a834154fedec.yaml | 8 + releasenotes/notes/auto-tls-b52b873663f35618.yaml | 8 + .../change-heartbeat-method-d0119406137022e3.yaml | 7 + ...artbeat-connection-errors-2af152bf2d7928e2.yaml | 10 + .../fasttrack-stale-cache-fd93b56a955c7ab1.yaml | 9 + ...arly-node-lookup-argument-83d3f717c039e454.yaml | 9 + ...nx-hardware-mgr-never-run-72072580be4d6e7a.yaml | 7 + .../fix_partition_cleanup-46491861c930db12.yaml | 6 + ...get_md_components_by_uuid-7f08d423ea9e7c94.yaml | 6 + .../notes/inspector-logs-9b7c010c219691d2.yaml | 5 + ...respect-listen-directives-94fb863c5b692c07.yaml | 7 + requirements.txt | 4 +- zuul.d/ironic-python-agent-jobs.yaml | 98 ++-------- zuul.d/project.yaml | 8 +- 47 files changed, 1335 insertions(+), 469 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 28ea8ac..690a5b1 100644 --- a/requirements.txt +++ b/requirements.txt @@ -18,0 +19 @@ stevedore>=1.20.0 # Apache-2.0 +tenacity>=6.2.0 # Apache-2.0 @@ -20 +21,2 @@ ironic-lib>=4.1.0 # Apache-2.0 -Werkzeug>=0.15.0 # BSD License +Werkzeug>=1.0.1 # BSD License +cryptography>=2.3 # BSD/Apache-2.0