[release-announce] ironic-python-agent 6.1.0 (ussuri)

no-reply at openstack.org no-reply at openstack.org
Mon Apr 27 14:44:48 UTC 2020

We are stoked to announce the release of:

ironic-python-agent 6.1.0: Ironic Python Agent Ramdisk

This release is part of the ussuri stable release series.

The source is available from:


Download the package from:


Please report issues through:


For more details, please see below.


New Features

* Adds support for the agent to receive, store, and return an "agent
  token" from the Ironic deployment to help secure use of the ironic
  API "/v1/heartbeat" endpoint, as well as the API of the ironic-
  python-agent ramdisk.

* Target devices for software RAID can now be specified in the form
  of device hints (same as for root devices) in the "physical_disks"
  parameter of a logical disk configuration.

* Adds a feature where IPA will utilize a "[DEFAULT]ntp_server" or
  "ipa-ntp-server" kernel command line argument to cause the agent to
  attempt to sync the clock to the NTP source. The agent also attempts
  to sync the software clock to the NTP time source, and assert an
  update to the hardware clock prior to powering the machine off.
  Please note, if your system clock is set to local time as opposed to
  UTC, this may result in undesirable behavior.

* Adds UEFI boot support for Software RAID, and for partition table
  creation based upon boot mode in use.

Upgrade Notes

* The minimum supported versions of the ironic API is now 1.31,
  corresponding to the latest available in the Ocata release. All
  versions before that one are not supported anymore.

* The type of the partition table created for Software RAID is now
  based upon the boot mode in use (GPT for UEFI or if explicitly
  passed via the instance's capabilities or the node's properties,
  otherwise MSDOS). The amount of reserved space on the drives now
  also depends on the boot mode (128MiB for UEFI/GPT, 8MiB for
  BIOS/GPT, and one sector otherwise).

Security Issues

* The salt was generated using random and the module it's not in
  compliance with FIPS 140-2. Now we let the salt be automatically
  generated by the crypt function (it will use the strongest method

Bug Fixes

* Fixes an issue with deployment ramdisks running in UEFI boot mode
  where dual-boot images may cause the logic to prematurely exit
  before UEFI parameters can be updated. Internal checks for a BIOS
  bootloader will always return "False" now when the machine is in
  UEFI mode.

* Fixes an issue where secondary GPT partition tables were not being
  updated after the "ironic-python-agent" wrote the disk image to the
  target disk. The agent now unconditionally attempts to repair the
  secondary partition table. Previously, software RAID volumes would
  report errors upon restart.

* Fixes error handling if efibootmgr is not present in ramdisk. See
  story (https://storyboard.openstack.org/#!/story/2007324) for more

* Provides timeout and retries when establishing a connection to
  download an image in the "standby" extension. Reduces probability of
  an image download getting stuck in the event of network problems.

  The default timeout is 60 seconds and can be set via the "ipa-image-
  download-connection-timeout" kernel parameter. The default number of
  retries is 2 and can be set via the "ipa-image-download-connection-
  retries" parameter.

* Fixes risk of potential active node thundering heard by
  introducing jitter handling into the "ironic-collect-introspection-
  data". By default, the jitter will cause the
  "introspection_daemon_post_interval" configuration parameter based
  time value to be honored between in a range of 70% to 120% of the
  desired time window.

  Should failures occur after the initial connection and start of the
  daemon mode for introspection data collection, the fallback is a
  maximum of 400% of the introspection daemon post interval.

* The salt now will be automatically generated by the crypt

* Rescans partitions on a software RAID device that gets restarted
  when installing boot loader.

* Fixes an issue where the agent was failing to rescan the device
  deployed upon before checking uefi contents. This would occur with
  an iSCSI based deployment, as partition management operations are
  performed by the conductor, and not locally.

* No longer tries to use GRUB2 for configuring boot for whole disk
  images with an EFI partition present but only marked as "boot" (not

Changes in ironic-python-agent 6.0.0..6.1.0

8adb7e1 Add timeout and retries when connection to an image server
8a9df0b Upgrade flake8-import-order version to 0.17.1
896f389 Mock get_node_boot_mode in software RAID unit tests
c050264 Add raid.apply_configuration deploy step
5589b05 Use unittest.mock instead of third party mock
2039a5d Stop configuring install_command in tox.
ff49b04 A boot partition on a GPT disk should be considered an EFI partition
6a9a9e9 Fix the token logic to be compatible with older ironic
3966871 Move logic to calculate raid sectors to raid_utils
38215d3 Change default ram for tinyipa jobs
f32a4a2 Move logic for raid start sector to raid_utils
6c51709 Move minimum ironic version to latest ocata
9ac6040 Remove unused version parameter in version header function
66c3278 Editing follow-up for UEFI Software RAID support
d5d62c8 Use unittest mock from standard library
079f61d Simplify deduplicate_steps
1b4ce47 Add an ability to run in-band deploy steps
3e7d447 Cleanup py27 support
9343348 Software RAID: Add UEFI support
b909277 Change ipa partition jobs to netboot
34b58f6 Only check for partitions on devices that are part of software RAID
368ab13 Add jitter to inspection command reporting
a332a19 Bump hacking to 3.0.0
916cd5c Rescan after restarting the md device
55b011c Fix GPT partition tables after agent writes contents
bf0bb7a Improve debug logging around Raid/Bootloader
46c482d [trivial] Fix comment for Software RAID restart
81137d4 Return false for MBR bootloader check on UEFI machines
476931d Explicitly set ramdisk type
c97a71d Fix agent token vmedia use
7f8afac Use crypt to generate salt
ddbba07 Allow specifying target devices for software RAID
6f1f9c7 Rescan devices before performing uefi checks
af5f05a Agent token support
638cfc6 Amending ntp time sync release note
731bbe8 Log the agent version
cee4bfc Add NTP time sync
823a7cd Fixes error handling if efibootmgr is not present in ramdisk
b5e2576 [doc] How to pause the IPA for debugging
629a19f Ignore None md5 checksum field
dd721dd tgtd session detach test fails on Centos7
ab00904 Catch ValueError for FIPS 140-2 mode
375453a "fix" GenericHardwareManger unit test failure
530ae44 Convert apply_result to mock object
c1da514 Ignore pyudev errors about device number
5380945 Fix multiprocessing call in unit test

Diffstat (except docs and test files)

ironic_python_agent/agent.py                       |  56 ++-
ironic_python_agent/api/app.py                     |   6 +-
ironic_python_agent/cmd/agent.py                   |   1 +
ironic_python_agent/config.py                      |  35 ++
ironic_python_agent/errors.py                      |  37 +-
ironic_python_agent/extensions/base.py             |   8 +-
ironic_python_agent/extensions/clean.py            | 111 +----
ironic_python_agent/extensions/deploy.py           |  97 ++++
ironic_python_agent/extensions/image.py            | 308 +++++++++---
ironic_python_agent/extensions/rescue.py           |  15 +-
ironic_python_agent/extensions/standby.py          |  91 +++-
ironic_python_agent/hardware.py                    | 306 +++++++++---
ironic_python_agent/inspect.py                     |  49 +-
ironic_python_agent/ironic_api_client.py           |  34 +-
ironic_python_agent/raid_utils.py                  | 134 ++++++
ironic_python_agent/utils.py                       | 272 ++++++++++-
lower-constraints.txt                              |   7 +-
.../agent-token-support-1086218cf2a0c917.yaml      |   7 +
...tloader-ignored-uefi-mode-8578a009d5b5be62.yaml |   7 +
...xecutes-gpt-partition-fix-b6156cc16da00dfc.yaml |   7 +
...gr-not-present-in-ramdisk-f11b4241edcf0e81.yaml |   6 +
.../image-download-retries-65ac31fe4328e438.yaml   |  11 +
...er-for-inspection-command-5a226927757a0308.yaml |  13 +
...t_crypt_generate_the_salt-99876591325275a1.yaml |   9 +
.../notes/md-restart-9e0d47863a086792.yaml         |   5 +
.../notes/min-ironic-ocata-dff80e567783e87c.yaml   |   6 +
.../notes/raid-hints-604f9ffdd86432eb.yaml         |   6 +
...scan-before-checking-uefi-64597c937880134d.yaml |   7 +
...t-clock-prior-to-poweroff-af6ec210aad8b45a.yaml |  10 +
...ftraid-bootable-with-uefi-aa22e6cbaf1ea747.yaml |  12 +
releasenotes/notes/uefi-esp-660fc2c650e6af92.yaml  |   5 +
requirements.txt                                   |   2 +-
setup.cfg                                          |  14 +-
setup.py                                           |   9 -
test-requirements.txt                              |   7 +-
tox.ini                                            |   3 +-
zuul.d/ironic-python-agent-jobs.yaml               |  10 +
62 files changed, 3379 insertions(+), 549 deletions(-)

Requirements updates

diff --git a/requirements.txt b/requirements.txt
index 4905237..28ea8ac 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -19 +19 @@ stevedore>=1.20.0 # Apache-2.0
-ironic-lib>=2.17.0 # Apache-2.0
+ironic-lib>=4.1.0 # Apache-2.0
diff --git a/test-requirements.txt b/test-requirements.txt
index ad69171..c48ea59 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -4 +4 @@
-hacking>=1.0.0,<1.1.0 # Apache-2.0
+hacking>=3.0.0,<3.1.0 # Apache-2.0
@@ -6 +5,0 @@ coverage!=4.4,>=4.0 # Apache-2.0
-mock>=2.0.0 # BSD
@@ -11 +10 @@ bashate>=0.5.1 # Apache-2.0
-flake8-import-order>=0.13 # LGPLv3
+flake8-import-order>=0.17.1 # LGPLv3
@@ -16 +15 @@ doc8>=0.6.0 # Apache-2.0
-sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD
+sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD

More information about the Release-announce mailing list