[release-announce] ironic 16.0.4 (victoria)
no-reply at openstack.org
no-reply at openstack.org
Wed Jan 26 11:54:36 UTC 2022
We are delighted to announce the release of:
ironic 16.0.4: OpenStack Bare Metal Provisioning
This release is part of the victoria stable release series.
The source is available from:
https://opendev.org/openstack/ironic
Download the package from:
https://tarballs.openstack.org/ironic/
Please report issues through:
https://storyboard.openstack.org/#!/project/943
For more details, please see below.
16.0.4
^^^^^^
Security Issues
***************
* Fixes an issue with the "/v1/nodes/detail" endpoint where an
authenticated user could explicitly ask for an "instance_uuid"
lookup and the associated node would be returned to the user with
sensitive fields redacted in the result payload if the user did not
explicitly have "owner" or "lessee" permissions over the node. This
is considered a low-impact low-risk issue as it requires the API
consumer to already know the UUID value of the associated instance,
and the returned information is mainly metadata in nature. More
information can be found in Storyboard story 2008976
(https://storyboard.openstack.org/#!/story/2008976).
Bug Fixes
*********
* If the agent accepts a command, but is unable to reply to Ironic
(which sporadically happens before of the eventlet's TLS
implementation), we currently retry the request and fail because the
command is already executing. Ironic now detects this situation by
checking the list of executing commands after receiving a connection
error. If the requested command is the last one, we assume that the
command request succeeded.
* Fixes fast-track to prevent marking the agent as alive if trying
to rebuild a node before the fast-track timeout has expired.
* Fixes potential cache coherency issues by caching the AgentClient
per task, rather than globally.
* Fixes the "[deploy]configdrive_use_object_store" option that was
broken during the Python 3 transition.
* Fixes an issue with the "/v1/nodes/detail" endpoint where requests
for an explicit "instance_uuid" match would not follow the standard
query handling path and thus not be filtered based on policy
determined access level and node level "owner" or "lessee" fields
appropriately. Additional information can be found in story 2008976
(https://storyboard.openstack.org/#!/story/2008976).
* Fixes recognition of a busy agent to also handle recognition
during deployment steps by more uniformly detecting and identifying
when the "ironic-python-agent" service is busy.
* Fixes the problem about grub2 config file. Some higher versions of
grub2 (e.g. 2.05 or 2.06-rc1) use grub.cfg-01-MAC, while another
lower versions of grub2 (e.g. 2.04) use MAC.conf, so we generate
both paths in order to be compatible with both.
* Fixes "idrac-wsman" management interface "set_boot_device" method
that would fail deployment when there are existing jobs present with
error "Failed to change power state to ''power on'' by
''rebooting''. Error: DRAC operation failed. Reason: Unfinished
config jobs found: <list of existing jobs>. Make sure they are
completed before retrying.". Now there can be non-BIOS jobs present
during deployment. This will still fail for cases when there are
BIOS jobs present. In such cases should consider moving to "idrac-
redfish" that does not have this limitation when setting boot
device.
* Fixed an issue where provisioning/cleaning would fail on IPv6
routed provider networks. See bug: 2009773
(https://storyboard.openstack.org/#!/story/2009773).
* Fixes "idrac-wsman" BIOS "apply_configuration" and "factory_reset"
clean and deploy steps to fail correctly in case of error when
checking completed jobs. Before the fix when BIOS job failed, then
node clean or deploy failed with timeout instead of actual error in
cleaning or deploying step.
* Fixes redfish firmware update for ilo5 based hardware by making
necessary changes to check whether sushy_task.messages is present,
since in case of iLo task data does not contain messages attribute.
Also it was not calling prepare_ramdisk() before rebooting the
system to update the firmware which has been fixed in this patch.
* Fixes "idrac-wsman" power interface to wait for the hardware to
reach the target state before returning. For systems where soft
power off at the end of deployment to boot to instance failed and
forced hard power off was used, this left node successfully deployed
in off state without any errors. This broke other workflows
expecting node to be on booted into OS at the end of deployment.
Additional information can be found in story 2009204
(https://storyboard.openstack.org/#!/story/2009204).
* Correctly wipes agent token on inspection start and abort.
* Calculating the ipmitool *-N* and *-R* arguments from ironic.conf
[ipmi] *command_retry_timeout* and *min_command_interval* now takes
into account the 1 second interval increment that ipmitool adds on
each retry event.
Failure-path ipmitool run duration will now be just less than
*command_retry_timeout* instead of much longer.
* Adds handling of Redfish BMC's which lack a
"BootSourceOverrideMode" flag, such that it is no longer a fatal
error for a deployment if the BMC does not support this field. This
most common on BMCs which feature only a partial implementation of
the "ComputerSystem" resource "boot", but may also be observable on
some older generations of BMCs which recieved updates to have
partial Redfish support.
* The "redfish-virtual-media" boot interface no longer passes
validation for Dell nodes. The "idrac-redfish-virtual-media" boot
interface must be used for these nodes instead.
* The fix for story 2008252
(https://storyboard.openstack.org/#!/story/2008252) synced the boot
mode after changing the boot device because Supermicro nodes reset
the boot mode if not included in the boot device set. However this
can cause a problem on Dell nodes when changing the mode uefi->bios
or bios->uefi, see story 2008712
(https://storyboard.openstack.org/#!/story/2008712) for details.
Restrict the syncing of the boot mode to Supermicro.
* Retries virtual media insert on failure to allow for an eject that
may not have finished.
https://storyboard.openstack.org/#!/story/2008504
* Fixes a bug where a conductor could fail to complete a deployment
if there was contention on a shared lock. This would manifest as an
instance being stuck in the "deploying" state, though the node had
in fact started or even completed its final boot.
* When Ironic configures the BootSourceOverrideTarget setting via
Redfish, on Supermicro BMCs it must always configure
BootSourceOverrideEnabled or that will revert to default (Once) on
the BMC, see story 2008547
(https://storyboard.openstack.org/#!/story/2008547) for details.
This is different than what is currently implemented for other BMCs
in which the BootSourceOverrideEnabled is not configured if it
matches the current setting (see story 2007355
(https://storyboard.openstack.org/#!/story/2007355)).
This requires that node.properties['vendor'] be 'supermicro' which
will be set by Ironic from the Redfish system response or can be set
manually.
* Introduces lazy-loading of ports, portgroups, volume connections
and volume targets in task manager to fix performance issues. For
periodic tasks which create a task manager object but don't require
the aforementioned data (e.g. power sync), this change should reduce
the number of database interactions by around two thirds, speeding
up overall execution.
* Fixes an issue of powering off with the "idrac-wsman" management
interface while the execution of a clear job queue cleaning step is
proceeding. Prior to this fix, the clean step would fail when
powering off a node.
Changes in ironic 16.0.3..16.0.4
--------------------------------
87f15ec6e Ensure 'port' is up2date after binding:host_id
259647c7c CI: Lower test VM memory by 400MB
969cfefee Fix idrac-wsman deploy with existing non-BIOS jobs
0df43f758 Fix idrac-wsman set_power_state to wait on HW
87dee0250 Use shim-signed on Ubuntu, shim is empty now
2df5dc42a Use openstack-tox for ironic-tox-unit-with-driver-libs
d09a158cc Fix iPXE docs: snponly is not always available
0cb15a223 Cache AgentClient on Task, not globally
4ac6ad731 Update the clear job id's constant
755c75e2e Fix node detail instance_uuid request handling
0bc5265ec Refactor iDRAC OEM extension manager calls
e2ede2607 Set IPA download branch to stable/victoria for victoria
05f864706 Update project conundrum related docs
3258e49a5 Delete unavailable py2 package
0df78f600 Point ipa-builder to stable/wallaby
678714261 Fix deployment when executing a command fails after the command starts
e88436688 Inherit InvalidImageRef from InvalidParameterValue
c9425f995 Wipe agent tokens on inspection start and abort
550c4e075 update grub2 file name
b205a32ca Fix ipmitool timing argument calculation
6130dc15e Fix idrac-wsman BIOS step async error handling
4fd099345 Restrict syncing of boot mode to Supermicro
13fc01fe3 Allow unsupported redfish set_boot_mode
c2647f101 Prepare to use tinycore 12 for tinyipa
4ed8ceef6 Lazy-load node details from the DB
b2b862f53 [Trivial] Fix testing of volume connector exception
25a05cf35 Always retry locking when performing task handoff
d1ffc6a55 Handle agent still doing the prior command
90da180a1 devstack: a safeguard for disabled tempurls
a1f596590 Enable swift temporary URLs in grenade and provide a good error message
dea33cbaf Fix broken configdrive_use_object_store
73a600afa Switch multinode jobs to 512M RAM
78924eca2 Move the IPv6 job to the experimental pipeline
cbccfa2a9 Don't mark an agent as alive if rebooted
46b34a73b Prevent redfish-virtual-media from being used with Dell nodes
80017a1d3 Fixes issue of redfish firmware update
7d74ea0ee For Supermicro BMCs set enable when changing boot device
1e8e54041 Refactor vendor detection and add Redfish implementation
0e4e00e82 Add a delay/retry is vmedia insert fails
26e8b9b01 [stable] Remove lower-constraints job
Diffstat (except docs and test files)
-------------------------------------
bindep.txt | 2 +-
devstack/lib/ironic | 16 +-
.../include/configure-ironic-api-mod_wsgi.inc | 10 +-
.../install/include/configure-ironic-api.inc | 2 +-
ironic/api/controllers/v1/node.py | 99 ++++++-------
ironic/common/exception.py | 7 +-
ironic/common/neutron.py | 3 +-
ironic/common/pxe_utils.py | 14 +-
ironic/common/swift.py | 7 +-
ironic/conductor/cleaning.py | 11 ++
ironic/conductor/deployments.py | 13 +-
ironic/conductor/manager.py | 18 ++-
ironic/conductor/task_manager.py | 85 +++++++++--
ironic/conductor/utils.py | 38 +++++
ironic/db/sqlalchemy/api.py | 2 +-
ironic/drivers/modules/agent.py | 14 +-
ironic/drivers/modules/agent_base.py | 41 +++---
ironic/drivers/modules/agent_client.py | 144 +++++++++++++++---
ironic/drivers/modules/ansible/deploy.py | 6 +-
ironic/drivers/modules/drac/bios.py | 20 ++-
ironic/drivers/modules/drac/boot.py | 70 ++-------
ironic/drivers/modules/drac/management.py | 4 +-
ironic/drivers/modules/drac/power.py | 45 +++---
ironic/drivers/modules/drac/utils.py | 121 +++++++++++++++
ironic/drivers/modules/ipmitool.py | 87 +++++------
ironic/drivers/modules/iscsi_deploy.py | 4 +-
ironic/drivers/modules/redfish/boot.py | 36 ++++-
ironic/drivers/modules/redfish/management.py | 63 +++++++-
.../unit/drivers/modules/drac/test_management.py | 13 +-
.../unit/drivers/modules/irmc/test_inspect.py | 17 ---
.../unit/drivers/modules/redfish/test_boot.py | 80 ++++++++++
.../drivers/modules/redfish/test_management.py | 95 +++++++++++-
.../unit/drivers/modules/test_agent_client.py | 162 +++++++++++++++++++++
.../unit/drivers/modules/test_iscsi_deploy.py | 3 +-
.../notes/agent-last-command-4ec6967c995ba84a.yaml | 9 ++
.../notes/agent-rebooted-fab20d012fe6cbe8.yaml | 6 +
...ache-agentclient-per-task-ec2231684e6876d9.yaml | 5 +
...figdrive_use_object_store-93cfd7dc27d90003.yaml | 5 +
...ed-instance-info-behavior-1375914a30621eca.yaml | 20 +++
.../fix-busy-agent-check-3cf75242b4783009.yaml | 6 +
...ix-grub2-config-file-name-88e689a982a21684.yaml | 7 +
...th-existing-non-bios-jobs-78aa2195d0c3016f.yaml | 12 ++
...g-routed-provider-network-bbd0c46559f618ac.yaml | 6 +
...async-step-error-handling-80cd30c54c71c595.yaml | 8 +
...ish-firmware-update-issue-c6dfcd71a2f659a5.yaml | 9 ++
...sman-set-power-state-wait-cd8f9ff41b19c7a7.yaml | 10 ++
.../notes/inspection-token-b3d9e8e34341d680.yaml | 4 +
...pmi_command_retry_timeout-889a49b402e82b97.yaml | 9 ++
...ride-not-present-handling-92e7263617e467c4.yaml | 9 ++
.../redfish-vmedia-vendor-fc76086893d99415.yaml | 6 +
...fter-device-to-supermicro-218e8cb57735c685.yaml | 11 ++
.../notes/retry-vmedia-1999742c84f11103.yaml | 6 +
...fix-stuck-deploying-state-43d51149a02c08b8.yaml | 7 +
...-redfish-override-enabled-aa51686ed33d3061.yaml | 15 ++
.../taskmanager-lazy-load-32a14526c647c2f0.yaml | 9 ++
...clear-job-id-constant-fix-c69cf96c55364bb3.yaml | 7 +
zuul.d/ironic-jobs.yaml | 34 +++--
zuul.d/project.yaml | 6 +-
85 files changed, 2001 insertions(+), 591 deletions(-)
More information about the Release-announce
mailing list