[release-announce] ironic-python-agent 7.0.0 (wallaby)
no-reply at openstack.org
no-reply at openstack.org
Wed Mar 31 17:12:34 UTC 2021
We are amped to announce the release of:
ironic-python-agent 7.0.0: Ironic Python Agent Ramdisk
This release is part of the wallaby release series.
The source is available from:
https://opendev.org/openstack/ironic-python-agent
Download the package from:
https://tarballs.openstack.org/ironic-python-agent/
Please report issues through:
https://storyboard.openstack.org/#!/project/openstack/ironic-
python-agent
For more details, please see below.
7.0.0
^^^^^
New Features
************
* Adds support for NVMe-specific storage cleaning to IPA. Currently
this is implemented by using nvme-cli format functionality. Crypto
Erase is used if supported by the device, otherwise the code falls
back to User Data Erase. The operators can control NVMe cleaning by
using deploy.enable_nvme_erase config option which controls
"agent_enable_nvme_erase" internal setting in driver_internal_info.
* Adds a new deploy step "deploy.inject_files" to inject arbitrary
files into the instance. See the hardware managers documentation
(https://docs.openstack.org/ironic-python-
agent/latest/admin/hardware_managers.html) for details.
Known Issues
************
* Logic around virtual media device validation is now much more
strict, and may not work in all cases. Should you discover a case,
please provide the output from "lsblk -P -O" with a virtual media
device attached to the Ironic development community via Storyboard
(https://storyboard.openstack.org/#!/project/947).
* Internal logic to copy configuration data from virtual media now
requires the "boot_method=vmedia" flag to be set on the kernel
command line of the bootloader for the virtual media. Operators
crafting custom boot ISOs, should ensure that the appropriate
command line is being added in any custom build processes.
Upgrade Notes
*************
* It is no longer possible to enable the so called *standalone
mode*, in which the agent does not communicate with ironic. This
mode is only useful for local testing, enabling it on production is
always wrong. The ironic team does not support using ironic-python-
agent as a standalone application outside of the normal workflow.
Security Issues
***************
* Addresses a potential vector in which an system authenticated
malicious actor could leveraged data left on disk in some limited
cases to make the API of the "ironic-python-agent" attackable, or
possibly break cleaning processes to prevent the machine from being
able to be returned to the available pool. Please see story 2008749
(https://storyboard.openstack.org/#!/story/2008749) for more
information.
Bug Fixes
*********
* Adds validation of Virtual Media devices in order to prevent
existing partitions on the system from being considered as potential
sources of IPA configuration data.
* Adds check into the configuration load from virtual media, to
ensure it only occurs when the machine booted from virtual media.
* IPA will now successfully clean configuration when it encounters a
software RAID array that was previously created using entire devices
instead of partitions.
* IPA now properly checks if the root partition is already mounted.
See Story 2008631
(https://storyboard.openstack.org/#!/story/2008631) for details.
* Fixes an issue where metadata erasure cleaning fails for
partitions because the read-only file isn't found, while it is
available at the base device. Adds a check for the base device file
on failure. See story 2008696
(https://storyboard.openstack.org/#!/story/2008696).
* Fixes incorrect root partition UUID after streaming a raw
partition image.
* Increase memory usage limit for "qemu-img convert" command to 2
GiB. See Story 2008667
(https://storyboard.openstack.org/#!/story/2008667) for details.
Changes in ironic-python-agent 6.6.0..7.0.0
-------------------------------------------
993f9a0 Make the virtual media job voting
afcc5d3 Fix incorrect lsblk tag and add a virtual media job
8dd6589 Validate vmedia for vmedia usage
de726d4 Do not permit IPA standalone to be enabled by conf
2a64413 typo chanages -> changes
d622d38 Refactor: use mounted from ironic-lib
e613366 Fix root UUID for streamed partition images
4afe4f6 Check the base device if the read-only file cannot be read
45371bf Prepare to use tinycore 12
bff252c Remove default parameter from execute
5492ad7 Increase the memory limit for qemu-img
d2127e7 Remove nvme-cli warning and delay on nvme-format
2220aaa Added comment about IPA logs being uploaded to Ironic
ab267aa Allow clean_configuration to run against full-device arrays
0459c61 Use try_execute from ironic-lib
8bcf1be Add support for using NVMe specific cleaning
7d7940d Move some raid specific functions to raid_utils
319efe2 Fixes local boot for partition images
59cb08f New deploy step for injecting arbitrary files
a35761c Remove samples from the hardware test module
Diffstat (except docs and test files)
-------------------------------------
ironic_python_agent/cmd/agent.py | 2 +-
ironic_python_agent/config.py | 11 +-
ironic_python_agent/extensions/image.py | 2 +-
ironic_python_agent/extensions/standby.py | 9 +-
ironic_python_agent/hardware.py | 261 ++--
ironic_python_agent/inject_files.py | 256 ++++
ironic_python_agent/raid_utils.py | 87 ++
ironic_python_agent/shell/write_image.sh | 4 +-
ironic_python_agent/utils.py | 226 +++-
.../adds-nvme-secure-erase-0ecfd624e5f50581.yaml | 8 +
...eck-virtual-media-devices-a9b1f54c3fe7884d.yaml | 30 +
...an-config-for-full-device-28ee09b58d97d122.yaml | 5 +
...boot-for-partition-images-755f570dc0982868.yaml | 7 +
.../notes/inject-files-b411369ce6856dac.yaml | 7 +
.../notes/no-standalone-bb34eae2cc468837.yaml | 8 +
...eck_read_only_base_device-5bc15ac2f034aca9.yaml | 7 +
.../notes/streaming-uuid-fdf136a7745fbb3d.yaml | 5 +
.../notes/up-qemuimg-mem-1536183a02b3a235.yaml | 7 +
requirements.txt | 2 +-
zuul.d/ironic-python-agent-jobs.yaml | 31 +-
zuul.d/project.yaml | 2 +
30 files changed, 3198 insertions(+), 1338 deletions(-)
Requirements updates
--------------------
diff --git a/requirements.txt b/requirements.txt
index 690a5b1..9fefc99 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20 +20 @@ tenacity>=6.2.0 # Apache-2.0
-ironic-lib>=4.1.0 # Apache-2.0
+ironic-lib>=4.5.0 # Apache-2.0
More information about the Release-announce
mailing list