[ironic][ops] Breaking change coming in the Victoria development cycle
juliaashleykreger at gmail.com
Mon Mar 30 21:23:28 UTC 2020
One of the items the ironic team has been focused on is improving
security of remote/edge deployments where machines may be deployed on
networks where an un-trusted actor could also be present.
Our answer to this has been the concept of utilizing a temporary
token for the deployment, which we use to validate the agent
heartbeat operations, and commands sent back to the agent ramdisk from
the conductor. While not a complete solution to all possible attack
vectors, it is a step forward and we will be taking more steps during
the next cycle.
For the Ussuri release, this functionality is always enabled, but is
not explicitly required. Deployments, with older ramdisks who
choose to require this capability, must update their
deployment/rescue/cleaning ramdisks to a version with a newer
ironic-python-agent version from Ussuri development cycle.
In Victoria, the ironic team will change the default for requirement
of agent tokens such that they are required by default. Pre-Ussuri
agent ramdisks will no longer work and will need to be updated.
Please let us know if you have any questions or concerns.
More information about the openstack-discuss