We are pumped to announce the release of: ironic 13.0.3: OpenStack Bare Metal Provisioning This release is part of the train stable release series. The source is available from: https://opendev.org/openstack/ironic Download the package from: https://tarballs.openstack.org/ironic/ Please report issues through: https://storyboard.openstack.org/#!/project/943 For more details, please see below. 13.0.3 ^^^^^^ Security Issues *************** * Prevents additional updates of an agent "callback_url" through the agent heartbeat "/v1/heartbeat/<node_uuid>" endpoint as the "callback_url" should remain stable through the cleaning, provisioning, or rescue processes. Should anything such as an unexpected agent reboot cause the "callback_url", heartbeat operations will now be ignored. More information can be found at story 2006773 (https://storyboard.openstack.org/#!/story/2006773). Bug Fixes ********* * Now passing proper flags during clean up of iPXE boot environments, so that no leftovers are left after node tear down. * Use SHA256 for comparing file contents instead of MD5. This improves FIPS compatibility. * Corrects logic in the entry path of node cleaning and deployment processes to prohibit "agent_url" from being preemptively removed if "fast_track" is enabled and in use. This allows fast track cleaning and deployment operations to succeed. * Fixes an issue that when "ipxe" interface is in use with "[pxe]ipxe_enabled" set to false, the PXE configuration is not handled properly which prevents the machine from performing a successful iPXE boot. * Fix path used to virtual media iso, when served over local HTTP server([redfish]use_swift=false). * Fixes an issue with fasttrack where a recent security related change to prevent the "agent_url" field from being updated in a node, to functionally prevent fast_track from succeeding as the node would fail with an exception indicating the "agent_url" could not be found. The required "agent_url" value is now preserved when the fast track feature is enabled as the running ramdisk is not shut down. * Add timeout when querying agent for commands status. Without it, node can lock up for a quite long time and ironic will not allow to perform any operations with it. * When installing a whole disk image using iscsi, set up the bootloader even if a root partition can not be found. The bootloaders will be located on the disk. Changes in ironic 13.0.2..13.0.3 -------------------------------- c71cab7fc Use FIPS-compatible SHA256 for comparing files 077af5a20 Lower tempest concurrency fa9b8be99 tell reno to ignore the kilo branch 0e84dea47 Fix ipxe interface to perform ipxe boot without ipxe_enabled enabled ad6ea7cf2 Fix bash comparisons for grenade multinode switch 6ceec86ad Fix typo in setup-network.sh script 8f61636eb Don't require root partition when installing a whole disk image d661f3491 Fix entry paths for cleaning and deployment 7f1f79ac2 Fix fast_track + agent_url update fix dfb223fbd Explicitly use ipxe as boot interface for iPXE testing 7eef7adb1 redfish-vmedia: correctly pass ipa-debug 7c993afb1 [stable] consume virtualbmc from pip packages 25cc87145 Block ability update callback_url 3e39d7bec Fix use of urlparse.urljoin cfa58afd8 Add timeout when querying agent's command statuses 24fc78946 Pass correct flags during PXE cleanup in iPXEBoot 9be4d7c3f Improve iDrac Documentation ba7e5990e CI: limit rescue testing to only two jobs Diffstat (except docs and test files) ------------------------------------- devstack/lib/ironic | 18 +- devstack/tools/ironic/scripts/setup-network.sh | 2 +- devstack/upgrade/upgrade.sh | 2 +- ironic/api/controllers/v1/ramdisk.py | 13 + ironic/common/pxe_utils.py | 15 +- ironic/common/utils.py | 4 +- ironic/conductor/manager.py | 27 +- ironic/conductor/utils.py | 15 + ironic/drivers/modules/agent_base_vendor.py | 26 +- ironic/drivers/modules/agent_client.py | 2 +- ironic/drivers/modules/ipxe.py | 4 +- ironic/drivers/modules/pxe_base.py | 8 +- ironic/drivers/modules/redfish/boot.py | 4 +- ironic/drivers/modules/storage/cinder.py | 9 +- .../unit/drivers/modules/redfish/test_boot.py | 51 +- .../unit/drivers/modules/test_agent_base_vendor.py | 31 +- .../unit/drivers/modules/test_agent_client.py | 10 + .../unit/drivers/modules/test_iscsi_deploy.py | 4 +- .../run.yaml | 1 - playbooks/legacy/grenade-dsvm-ironic/run.yaml | 1 - .../notes/cleanup-ipxe-f1349e2ac9ec2825.yaml | 5 + .../notes/fips-hashlib-bca9beacc2b48fe7.yaml | 4 + ...fix-fast-track-entry-path-467c20f97aeb2f4b.yaml | 7 + ...rface-without-opt-enabled-4fa2f83975295e20.yaml | 6 + releasenotes/notes/fix-path-a3a0cfd2c135ace9.yaml | 5 + ...nt-failure-with-fasttrack-f1fe05598fbdbe4a.yaml | 9 + ...t-commands-status-timeout-ecbac91ea149e755.yaml | 6 + ...ck-url-from-being-updated-41d50b20fb236e82.yaml | 10 + ...k-scsi-install-bootloader-f7e791d82da476ca.yaml | 6 + reno.yaml | 4 + zuul.d/ironic-jobs.yaml | 10 +- zuul.d/legacy-ironic-jobs.yaml | 4 - 39 files changed, 965 insertions(+), 120 deletions(-)