[release-announce] ironic 21.0.0 (zed)
no-reply at openstack.org
no-reply at openstack.org
Thu Aug 18 11:06:18 UTC 2022
We are ecstatic to announce the release of:
ironic 21.0.0: OpenStack Bare Metal Provisioning
This release is part of the zed release series.
The source is available from:
https://opendev.org/openstack/ironic
Download the package from:
https://tarballs.openstack.org/ironic/
Please report issues through:
https://storyboard.openstack.org/#!/project/943
For more details, please see below.
21.0.0
^^^^^^
New Features
************
* Adds a new feature to permit Ironic to automatically provide an
instance requestor's project, "lessee" rights to the Bare Metal
machine under the Role Based Access Control model implemented in
Ironic. It does this by saving the project ID of the requestor to
the Node "lessee" field automatically, and removing the rights when
undeploying the machine. This feature, is normally disabled, but can
be enabled using the "[conductor]automatic_lessee" configuration
option. This option will not work in a mixed-version upgrade with
older API services.
* Adds a default "project" scoped "manager" role to the RBAC model.
In the ironic model, access is generally explicitly delegated, and
such the "manager" role is presently equivelent to project scoped
"admin" role, however future delineation may occur as the new
features and capabilities are added.
* When an allocation is being processed, the randomized candidate
list is now modified so that a node with a matching name to the
allocation is moved to the beginning of the list. This greatly
increases the chance of node name and allocation name matching in
environments where the naming schemes align.
* Adds driver_info/irmc_verify_ca option to specify certification
file. Default value of driver_info/irmc_verify_ca is True.
* Adds SNMPv3 message authentication and encryption features to iRMC
driver. To enable these features, the following parameters should be
used in the node's "driver_info":
* "irmc_snmp_user"
* "irmc_snmp_auth_password"
* "irmc_snmp_priv_password"
* "irmc_snmp_auth_proto" (Optional, defaults to "sha")
* "irmc_snmp_priv_proto" (Optional, defaults to "aes")
"irmc_snmp_auth_proto" and "irmc_snmp_priv_proto" can also be set
through the following options in the "[irmc]" section of
"/etc/ironic/ironic.conf":
* "snmp_auth_proto"
* "snmp_priv_proto"
* Nodes using virtual media can now specify their own external URL.
This setting can be leveraged via the
"driver_info\external_http_url" node setting. When used, this
setting overrides the "[deploy]http_url" and
"[deploy]external_http_url" settings in the configuration file.
* The "ramdisk" deploy interface is now enabled by default. When the
default "direct" deploy is also enabled, the "ramdisk" deploy must
be explicitly requested on the node level.
Known Issues
************
* When using "jsonschema" 4.0.0 or newer, make sure to include a
proper "$schema" field in your custom network data or RAID schemas.
Upgrade Notes
*************
* The deprecated support for instance network booting (not to be
confused with the "ramdisk" deploy, iSCSI boot or Anaconda deploy)
has been removed. The "boot_option" capability is no longer
supported.
* Support for trusted boot has been removed. This feature requires
instance network booting, which is also removed this cycle.
Deprecation Notes
*****************
* Support for the syslinux
(https://wiki.syslinux.org/wiki/index.php?
title=Syslinux_6_Changelog#Changes_in_6.04) and the often separately
package isolinux
(https://wiki.syslinux.org/wiki/index.php?title=ISOLINUX) and
pxelinux (https://wiki.syslinux.org/wiki/index.php?title=PXELINUX).
Legacy BIOS boot loaders, is deprecated and will be removed the
future. This is for two reasons. The first is because it is a BIOS
mode bootloader, and the shift to UEFI booting has reduced the need
for these packages. The second reason is a lack of maintenance,
which is ultimately the same reason Linux distributions are
discussing dropping support and packaging. Syslinux has not been
updated since 2019 (https://repo.or.cz/syslinux.git/shortlog).
Incidently, the file format it utilizes *is* supported by Power
hardware, and that may result in the configuration template
remaining in Ironic for the forseeable future.
* Support for use of pxelinux
(https://wiki.syslinux.org/wiki/index.php?title=PXELINUX) is
deprecated due to the deprecation of support for Syslinux.
* Support for virtual media booting with x86 Hardware in Legacy BIOS
mode is deprecated due to the dependency upon isolinux
(https://wiki.syslinux.org/wiki/index.php?title=ISOLINUX) for use of
Legacy BIOS boot mode. "isolinux" is from the "syslinux" package and
source tree.
* Deprecation of "pxelinux", as a result of the deprecation of
"syslinux", does ultimately mean the default for the "pxe"
boot_interface to carry defaults for the use of grub based network
booting, specifically for operators who are unable to use iPXE.
* Deprecates the "irmc_snmp_security" field in "driver_info" for
iRMC driver, it will be removed in the future. Please use
"irmc_snmp_user" field instead.
Security Issues
***************
* Modifies the "irmc" hardware type to include a capability to
control enforcement of HTTPS certificate verification. By default
this is enforced. python-scciclient >= 0.12.0 is required.
Bug Fixes
*********
* Fixes an issue where "root_gb" became a required field when using
the "anaconda" deployment interface, with a recent bug fix as the
code path largely expected all deployment operations to utilize
images, which is not the case. The case handling for non-image based
deployments is now explicitly in internal parameter validation code.
* Fixes handling of "image_source" parameters where internal
validations would not gracefully handle received redirects and treat
it as a failure. We now no longer explicitly fail when a redirect is
received.
* Fixes an issue where an "image_source" could not be set to a
mirror URL to facilitate deployments using a mirror with the
"anaconda" deployment interface. Ironic still presently has an
explicit requirement on a "stage2" parameter to be explicitly
defined.
* Fixes rebooting into the agent after changing BIOS settings in
fast- track mode with the "redfish-virtual-media" boot interface.
Previously, the ISO would not be configured.
* Fixes "OSError: [Errno 36] File name too long" when building a
virtual media ISO from a long kernel, ramdisk or ESP URL.
* Fixes an issue in the "anaconda" deployment interface where PXE
argument processing and preparation was erroneously directly
connecting to Glance, potentially leading to an exception in the
standalone use case.
* Fixes "redfish" and "idrac-redfish" RAID "create_configuration",
"apply_configuration", "delete_configuration" clean and deploy steps
to update node's "raid_config" field at the end of the steps.
* Fixes "redfish-virtual-media" "boot" interface to allow it with
iDRAC firmware from 6.00.00.00 (released June 2022) as it has
virtual media boot issue fixed that prevented iDRAC firmware to work
with "redfish-virtual-media" before. Consider upgrading iDRAC
firmware if not done already, otherwise will still get an error when
trying to use "redfish-virtual-media" with iDRAC.
* Fixes compatibility with "jsonschema" package version 4.0.0 or
newer by providing a proper schema version (Draft-07 currently).
* Fixes a race condition in PXE initialization where the logic to
retry what we suspect as potentially failed PXE boot operations was
not consulting if an "agent token" had been established, which is
the very first step in agent initialization.
* When the "ramdisk" deploy interface is used and automated cleaning
is disabled, the "pxe", "ipxe" and "redfish-virtual-media" boot
interfaces no longer require a deploy kernel/ramdisk to be provided.
* Anaconda supports the ability to explicitly pass a URL instead of
a "stage2" ramdisk parameter. This has resulted in confusion in use
of the "anaconda" deployment interface, as a "stage2" ramdisk is
typically not used, but made sense with Glance images in a fully
integrated OpenStack deployment. Now a URL to a path can be supplied
to the "anaconda" deployment interface to simplify the interaction
and use, and a redundant "stage2" parameter is no longer required.
* Resolved clear_job_queue and reset_idrac verify step failures
which occur when the functionality is not supported by the iDRAC.
When this condition is detected, the code in the step handles the
exception and logs a warning and completes successfully in case of
verification steps but fails in case of cleaning steps.
* Fixes an issue where an API user, when requesting a node list or
single node object, could get an error indicating that the request
was bad as the chassis was not found. This can occur when in-flight
delete operations are in progress on another thread. Instead of
surfacing a request breaking error, the API now suppresses the error
and just treats it as if there is no Chassis.
* Fixes "enable_netboot_fallback" to cause iPXE config to exit 0
when "sanboot --no-describe" fails. Allowing the firmware to move
onto the next device in the boot order.
Other Notes
***********
* Adds documentation of standalone deployment use case with the
"anaconda" deployment interface.
* Updates the minimum version of "python-scciclient" library to
"0.12.1".
* Known issue when using iDRAC with Swift to stage firmware update
files in Management interface "firmware_update" clean step of
"redfish" or "idrac" hardware type has been fixed in iDRAC firmware
6.00.00.00. Upgrade when possible or use HTTP service to stage
firmware files for iDRAC.
Changes in ironic 20.2.0..21.0.0
--------------------------------
2a66fd68a Ironic Release 21.0
faa7b37f2 Fix releasenotes before release 21.0
89f421b16 Do not reboot into nowhere after BIOS settings with fast-track
bd8e48239 anaconda: ks liveimg = instance_info/image_info
05c16f10d Document driver_info external_http_url
c197a2d8b Override external_http_url at node level
e48c62187 Log successful clean up in image cache
3b28d0984 Modify test code to avoid CONF modification affection
64d7a7f30 Fix iRMC driver to use certification file in HTTPS
3a621e398 Update raid_type handling for Redfish raid_config
35bc014ed Change molds option to appropriate class
7b47e09a3 Fix pxe image lookups
f6d2b2ed9 Modify do_node_verify to avoid state machine stuck
f0a177876 Finally remove support for netboot and the boot_option capability
fb253a670 Suppress Chassis Not Found on API Operation
fb73bdf10 Exit ipxe script if enable_netboot_fallback failed
41484988e Stop documenting netboot and the boot_option capability
f8135b22f Enable the ramdisk deploy by default
c870b5525 Imported Translations from Zanata
0335ad16c Imported Translations from Zanata
56d3c5a03 Clarify disk_label with a warning
9f66a95aa Fix adoption unit test image check
f7471f07c CI: Only setup fake v6 interface if needed
8c95131d8 CI: Save routing table information for troubleshooting
0311ea7c9 project scoped manager support
33bb2c248 Do not require stage2 for anaconda with standalone
dbcce25d3 Remove support for trusted boot
d90e59057 Remove workaround for Python < 3.7.4
79f82c026 [iRMC] Add SNMPv3 authentication functionality
55b9579f1 Fix compatibility with jsonschema>=4.0.0
c8be82c52 Deprecate syslinux
737ff34e7 Fix markup typo in Redfish driver docs
70812aa6e Update known issue for iDRAC Swift firmware update
e78f123ff Make anaconda non-image deploys sane
f0935c182 Add audit middleware options to ironic.conf
e09919cab Move logging out of skip_automated_cleaning
0f1627388 Trivial: log which state the node is in
1dda97c78 Prevent clear_job_queue and reset_idrac failures on older iDRACs
af838cca7 CI: Pull in diskimage-builder until new release is cut
73040c88d Fix redfish-virtual-media for newer iDRACs
19daab6ba Docs: specify what to do with the created images
8b99fcb0e CI: Default to TinyIPA when nested virt is not possible
e0c758bb9 CI: Add iweb to the use tinyipa on list
d75424b5e Prevent pxe retry when agent token exists
65583e641 No deploy_kernel/ramdisk with the ramdisk deploy and no cleaning
089b0c8e6 Use bifrost on centos9 integration job
2b55444f3 Allocation candidates prefer matching name
39a7f5800 Docs: replace nova cli calls with openstack
94f9745f0 [Minor] Fix misspellings of "insufficient"
cf7a2b458 Drop python2 from bindep.txt
0406fa753 Remove unicode literal from code
5bbcabbab Remove netboot jobs from the gate
832dc8bf9 Switch to q35 machine type for test nodes
59d4cc666 Update bugfix section
81f583f69 devstack: use CentOS 9 for DIB IPA builds
c3f397149 Auto-populate lessee for deployments
29364b7fb Fix Redfish RAID to update raid_config
63e53797a CI: Removing ironic job queue
2d885126e Don't use URLs as part of temporary file names (part 2)
f1257c79c Swap the metalsmith UEFI job for a legacy one
d2a2447e8 The Python 3.6 and Python 3.7Support has been dropped since zed
b77a5d67d Fix names of two jobs
Diffstat (except docs and test files)
-------------------------------------
api-ref/source/baremetal-api-v1-allocation.inc | 6 +-
api-ref/source/conf.py | 10 +-
bindep.txt | 5 +-
devstack/lib/ironic | 42 +-
devstack/tools/ironic/templates/vm.xml | 17 +-
.../include/local-boot-partition-images.inc | 56 --
driver-requirements.txt | 2 +-
ironic/api/controllers/v1/network-data-schema.json | 2 +-
ironic/api/controllers/v1/node.py | 13 +-
ironic/api/controllers/v1/versions.py | 4 +-
ironic/api/hooks.py | 8 +-
ironic/common/context.py | 38 +-
ironic/common/exception.py | 20 +-
ironic/common/image_service.py | 41 ++
ironic/common/images.py | 87 ++-
ironic/common/policy.py | 35 +-
ironic/common/pxe_utils.py | 118 ++--
ironic/common/release_mappings.py | 22 +-
ironic/common/utils.py | 24 +-
ironic/conductor/allocations.py | 9 +
ironic/conductor/cleaning.py | 6 +-
ironic/conductor/deployments.py | 20 +
ironic/conductor/manager.py | 11 +-
ironic/conductor/rpcapi.py | 1 -
ironic/conductor/utils.py | 43 +-
ironic/conductor/verify.py | 2 +-
ironic/conf/conductor.py | 10 +
ironic/conf/default.py | 2 +-
ironic/conf/deploy.py | 12 -
ironic/conf/irmc.py | 14 +-
ironic/conf/molds.py | 4 +-
ironic/drivers/modules/agent.py | 36 +-
ironic/drivers/modules/agent_base.py | 12 +-
ironic/drivers/modules/agent_config.template | 13 -
ironic/drivers/modules/ansible/deploy.py | 6 -
ironic/drivers/modules/boot.ipxe | 6 +
ironic/drivers/modules/boot_mode_utils.py | 28 +-
ironic/drivers/modules/deploy_utils.py | 126 ++--
ironic/drivers/modules/drac/boot.py | 2 +-
ironic/drivers/modules/drac/management.py | 42 +-
ironic/drivers/modules/ilo/boot.py | 27 +-
ironic/drivers/modules/ilo/power.py | 5 +-
ironic/drivers/modules/image_cache.py | 11 +
ironic/drivers/modules/image_utils.py | 13 +-
ironic/drivers/modules/ipxe_config.template | 10 +-
ironic/drivers/modules/irmc/boot.py | 5 +-
ironic/drivers/modules/irmc/common.py | 239 +++++++-
ironic/drivers/modules/irmc/inspect.py | 21 +-
ironic/drivers/modules/irmc/power.py | 15 +-
ironic/drivers/modules/ks.cfg.template | 3 +
ironic/drivers/modules/network/neutron.py | 11 -
ironic/drivers/modules/pxe_base.py | 67 +--
ironic/drivers/modules/pxe_config.template | 10 -
ironic/drivers/modules/pxe_grub_config.template | 5 -
ironic/drivers/modules/redfish/bios.py | 24 +-
ironic/drivers/modules/redfish/boot.py | 38 +-
ironic/drivers/modules/redfish/raid.py | 39 ++
.../api/controllers/v1/test_deploy_template.py | 2 +-
.../ipxe_config_boot_from_anaconda.template | 41 ++
.../drivers/ipxe_config_boot_from_iso.template | 8 +-
.../drivers/ipxe_config_boot_from_ramdisk.template | 8 +-
...e_config_boot_from_volume_extra_volume.template | 8 +-
...ipxe_config_boot_from_volume_multipath.template | 8 +-
...nfig_boot_from_volume_no_extra_volumes.template | 8 +-
.../unit/drivers/ipxe_config_timeout.template | 8 +-
.../unit/drivers/modules/ansible/test_deploy.py | 18 -
.../unit/drivers/modules/drac/test_management.py | 90 +++
.../unit/drivers/modules/irmc/test_inspect.py | 55 +-
.../unit/drivers/modules/network/test_neutron.py | 60 --
.../unit/drivers/modules/redfish/test_bios.py | 32 +-
.../unit/drivers/modules/redfish/test_boot.py | 55 +-
.../drivers/modules/redfish/test_firmware_utils.py | 26 +-
.../drivers/modules/redfish/test_management.py | 10 +-
.../unit/drivers/modules/redfish/test_raid.py | 146 ++++-
.../unit/drivers/modules/storage/test_cinder.py | 2 +-
.../unit/drivers/modules/test_boot_mode_utils.py | 13 -
.../unit/drivers/modules/test_deploy_utils.py | 434 ++++----------
playbooks/ci-workarounds/get_extra_logging.yaml | 8 +
.../add-automatic-lessee-88f8ecab7c76b65f.yaml | 11 +
...rbac-project-manager-role-7ffc52f78ff93432.yaml | 8 +
.../allocation-node-name-46b473ec82662f7f.yaml | 7 +
...ased-deploy-option-sanity-b98fa138747c16d2.yaml | 21 +
...eprecate-syslinux-support-98d327c67607fc8e.yaml | 26 +
.../notes/fast-track-bios-fa9ae685c151dd24.yaml | 6 +
.../notes/file-name-too-long-72265bb3fec704f8.yaml | 5 +
...xe-glance-lookup-anaconda-86fe616c6286ec08.yaml | 6 +
.../fix-redfish-raid-config-9e868c3e069475a1.yaml | 6 +
...fix-redfish-vm-boot-idrac-37ec734e6643cbac.yaml | 9 +
...certification-file-option-34e7a0062c768e58.yaml | 10 +
.../irmc-add-snmpv3-security-fca05bfc30f50d1a.yaml | 30 +
.../notes/jsonschema-966f55fc79b916fc.yaml | 9 +
...drac-firmware-swift-fixed-f9d30e60a53d96c4.yaml | 8 +
.../notes/no-netboot-d08f46c12edabd35.yaml | 6 +
.../notes/no-trustedboot-01322dbaf33f8df8.yaml | 5 +
...xternal_http_url-per-node-f5423b00b373e528.yaml | 8 +
...e-retry-when-token-exists-a4f38f7da56c1397.yaml | 7 +
.../notes/ramdisk-deploy-384a38c3c96059dd.yaml | 6 +
.../redfish-ramdisk-no-agent-490b5edb0b2387e5.yaml | 6 +
...y-standalone-anaconda-use-7160d0d3401e468e.yaml | 11 +
...rac-reset-if-attr-missing-b2a2b609c906c6c4.yaml | 8 +
...s_chassis_not_found_error-99ee4b902d504ec7.yaml | 9 +
.../notes/version-foo-2eb39b768112547f.yaml | 6 +
releasenotes/source/conf.py | 16 +-
.../locale/en_GB/LC_MESSAGES/releasenotes.po | 276 ++++++++-
.../source/locale/ja/LC_MESSAGES/releasenotes.po | 159 -----
requirements.txt | 2 +-
setup.cfg | 4 +-
tools/config/ironic-config-generator.conf | 1 +
zuul.d/ironic-jobs.yaml | 43 +-
zuul.d/project.yaml | 19 +-
171 files changed, 4070 insertions(+), 3006 deletions(-)
Requirements updates
--------------------
diff --git a/driver-requirements.txt b/driver-requirements.txt
index da312468e..5333dbd4f 100644
--- a/driver-requirements.txt
+++ b/driver-requirements.txt
@@ -9 +9 @@ pysnmp>=4.3.0,<5.0.0
-python-scciclient>=0.8.0
+python-scciclient>=0.12.2
diff --git a/requirements.txt b/requirements.txt
index 2ac3e8348..24c09f50c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -41 +41 @@ Jinja2>=3.0.0 # BSD License (3 clause)
-keystonemiddleware>=4.17.0 # Apache-2.0
+keystonemiddleware>=9.5.0 # Apache-2.0
More information about the Release-announce
mailing list