[release-announce] ironic 21.1.0 (zed)
no-reply at openstack.org
no-reply at openstack.org
Fri Sep 23 08:50:18 UTC 2022
We jubilantly announce the release of:
ironic 21.1.0: OpenStack Bare Metal Provisioning
This release is part of the zed release series.
The source is available from:
https://opendev.org/openstack/ironic
Download the package from:
https://tarballs.openstack.org/ironic/
Please report issues through:
https://storyboard.openstack.org/#!/project/943
For more details, please see below.
21.1.0
^^^^^^
Prelude
*******
The Ironic team hereby announces the release of the *Zed* version of
Ironic. This version, *21.1.0*, represents the collaboration of
Ironic's contributors during the *Zed* release cycle, which first saw
the release of Ironic *20.2.0*, and Ironic *21.1.0*. These versions
saw improvements in functionality to better support infrastructure
operators from the configuration of individual nodes, to support a
greater separation of duties, and ultimately Self-Service Bare Metal
as a Service, or "SSBMaaS". Along with these features, these releases
have seen numerous bug fixes. We sincerely hope you enjoy it!
New Features
************
* Adds "raritan_pdu2", "servertech_sentry3", "servertech_sentry4",
and "vertivgest_pdu" snmp drivers to support additional PDU models.
* Adds an automatic switch to "url" for the kickstart template when
the source is a URL path as opposed to a "stage2" ramdisk.
* Adds a concurrency limiter for number of nodes in states related
to *Cleaning* and *Provisioning* operations across the ironic
deployment. These settings default to a maximum number of concurrent
deployments to "250" and a maximum number of concurrent deletes and
cleaning operations to "50". These settings can be tuned using
"[conductor]max_concurrent_deploy" and
"[conductor]max_concurrent_clean", respectively. The defaults should
generally be good for most operators in most cases. Large scale
operators should evaluate the defaults and tune appropriately as
this feature cannot be disabled, as it is a security mechanism.
* Adds new clean steps "create_csr" and "add_https_certificate" to
"ilo" and "ilo5" hardware types which allows users to create
Certificate Signing Request(CSR) and adds signed HTTPS certificate
to the iLO.
* The "[dhcp]dhcp_provider" configuration option can now be set to
"dnsmasq" as an alternative to "none" for standalone deployments.
This enables the same node-specific DHCP capabilities as the
"neutron" provider. See the "[dnsmasq]" section for configuration
options.
* Provides vendor passthru methods for "ilo" and "ilo5" hardware
types to create, delete and get subscriptions for BMC events. These
methods are supported for "HPE ProLiant Gen10" and "HPE ProLiant
Gen10 Plus" servers.
* Adds the capability for a project scoped "admin" user to be able
to create nodes in Ironic, which are then manageable by the project
scoped "admin" user. Effectively, this is self service Bare Metal as
a Service, however more advanced fields such as drivers, chassies,
are not available to these users. This is controlled through an
auto-population of the Node "owner" field, and can be controlled
through the "[api]project_admin_can_manage_own_nodes" setting, which
defaults to "True", and the new policy
"baremetal:node:create:self_owned_node".
* Adds the capability for a project scoped "admin" user to be able
to delete nodes from Ironic which their *project* owns. This can be
contolled through the "[api]project_admin_can_manage_own_nodes"
setting, which defaults to "True", as well as the
"baremetal:node:delete:self_owned_node" policy.
Upgrade Notes
*************
* Large scale operators should be aware that a new feature, referred
to as "Concurrent Action Limit" was introduced as a security
mechanism to provide a means to limit attackers, or faulty scripts,
from potentially causing irreperable harm to an environment. This
feature cannot be disabled, and operators are encouraged to tune the
new settings "[conductor]max_concurrent_deploy" and
"[conductor]max_concurrent_clean" to match the needs of their
environment.
* Operators who are upgrading should be aware that a bug was
discovered with the automatic selection of "boot_interface" for
users of the "ilo" and "ilo5" hardware types. This was an
inconsistency, resulting in "pxe" being selected instead of "ipxe"
if both boot interfaces were enabled. Depending on the local
configuration, this may, or may not have happened and will remain
static on preexisting baremetal nodes. Some users may have been
relying upon this incorrect behavior by having misalligned defaults
by trying to use the "pxe" interface for "ipxe". Users wishing to
continue this usage as it was previously will need to explicitly set
a "boot_interface" value to either "pxe" or "ilo-ipxe" by default,
depending on the local configuration. Most operators have leveraged
the default examples, and thus did not explicitly encounter this
condition. Operators explicitly wishing to use "pxe" boot interfaces
with the "ipxe" templates and defaults set to override the defaults
for "ironic.conf" will need to either continue to leverage default
override configurations in their "ironic.conf" file.
Security Issues
***************
* This release contains an improvement which, by default, allows
users to create and delete baremetal nodes inside their own project.
This can be disabled using the
"[api]project_admin_can_manage_own_nodes" setting.
Bug Fixes
*********
* Fixes detecting of allowable values for a BIOS settings
enumeration in the "redfish" BIOS interface when only
"ValueDisplayName" is provided.
* Adds a configuration option, "[anaconda]insecure_heartbeat" to
allow for TLS certificate validation to be disabled in the
"anaconda" deployment interface, which is needed for continious
integration to be able to be performed without substantial substrate
image customization. This option is *not* advised for any production
usage.
* Fixes an issue where image information retrieval would fail when a
path was supplied when using the "anaconda" deploy interface, as
*HTTP* "HEAD" requests on a URL path have no "Content-Length". We
now consider if a path is used prior to attempting to collect
additional configuration data from what is normally expected to be
Glance.
* Fixes an issue where the fallback to a default kickstart template
value would result in error indicating "Scheme-less image href is
not a UUID". This was becaues the handling code falling back to the
default did not explicitly indicate it was a file URL before saving
the value.
* Fixes an issue where cleaning operations could fail in such a way
that was not easily recoverable when pre-cleaning network interface
configuration was validated, yet contained invalid configuration.
Now Ironic properly captures the error and exits from cleaning in a
state which allows for cleaning to be retried.
* Fixes "idrac-redfish" RAID "delete_configuration" step to convert
PERC 9 and PERC 10 controllers to RAID mode if it is not already
set.
* Fixes the default boot interface order for the "ilo" hardware type
where previously it would prefer "pxe" over "ipxe". This created
inconsistencies for operators using multiple hardware types, where
both interfaces were enabled in the deployment.
* Fixes API error messages with jsonschema>=4.8. A possible root
cause is now detected for generic schema errors.
* Fixes an issue where the Redfish session cache would continue
using an old session when a password for a Redfish BMC was changed.
Now the old session will not be found in this case, and a new
session will be created with the latest credential information
available.
Other Notes
***********
* The maximum disk erasure concurrency setting,
"[deploy]disk_erasure_concurrency" has been incremed to 4.
Previously, this was kept at 1 in order to maintain continuity of
experience, but operators have not reported any issues with an
increased concurrency, and as such we feel comfortable upstream
enabling concurrent disk erasure/cleaning. This setting applies to
the "erase_devices" clean step.
Changes in ironic 21.0.0..21.1.0
--------------------------------
38a170dd6 Zed: Add a prelude for the release notes
a14b3d02f Set stage for Zed Release with 21.1
e340fc39b Document existence of non-production "fake" driver
31c808740 Fix nodes stuck at cleaning on Network Service issues
9a8b1d149 Concurrent Distructive/Intensive ops limits
397e49a5e Fix idrac-redfish RAID controller mode conversion
e6e4d7ccd Update sushy-oem-idrac version
211b25f30 Zed Ironic requires Sushy >4
4415c5502 Cleanup submitted SNMP driver code for additional PDUs
9c19dd6ef Adds create_csr and add_https_certificate clean step
25b3e6796 tests: Add a WarningsFixture
b796d7b83 Imported Translations from Zanata
d8fc96fd1 CI: Changes to support Anaconda CI jobs
74795abf2 Fix compatibility with oslo.db 12.1.0
166bd1697 Enables event subscription methods for ilo and ilo5 hardware types
754e6bb66 Implement a DHCP driver backed by dnsmasq
9eec74666 Update releasenote for proper formatting
62f9c61ae Improve error message heuristics with jsonschema>=4.8
721439242 [config-doc] Fix help for default_boot_mode
9f1f58c6a redfish: fixes usage of ValueDisplayName
c2ba86904 Redfish: Consider password part of the session cache
e75626392 CI: anaconda: permit tls certificate validation bypass
5c1dd47e6 Add kickstart template 'url' option
bc8705c16 Allow project scoped admins to create/delete nodes
c921c077d Fix ilo boot interface order
4d653ac22 Correct Image properties lookup for paths
556d5de9d increase disk_erasure_coconcurrency
Diffstat (except docs and test files)
-------------------------------------
devstack/lib/ironic | 41 ++-
driver-requirements.txt | 4 +-
ironic/api/controllers/v1/node.py | 44 ++-
ironic/api/controllers/v1/utils.py | 12 +-
ironic/api/controllers/v1/versions.py | 5 +-
ironic/common/args.py | 17 +-
ironic/common/exception.py | 10 +
ironic/common/policy.py | 19 +-
ironic/common/pxe_utils.py | 90 +++---
ironic/common/release_mappings.py | 26 +-
ironic/conductor/cleaning.py | 2 +-
ironic/conductor/manager.py | 52 +++-
ironic/conf/__init__.py | 2 +
ironic/conf/anaconda.py | 11 +
ironic/conf/api.py | 5 +
ironic/conf/conductor.py | 26 ++
ironic/conf/deploy.py | 6 +-
ironic/conf/dhcp.py | 3 +-
ironic/conf/dnsmasq.py | 43 +++
ironic/conf/ilo.py | 5 +
ironic/db/api.py | 9 +
ironic/db/sqlalchemy/__init__.py | 4 +-
ironic/db/sqlalchemy/api.py | 24 ++
ironic/dhcp/base.py | 11 +
ironic/dhcp/dnsmasq.py | 159 ++++++++++
ironic/dhcp/neutron.py | 11 +
ironic/drivers/ilo.py | 5 +-
ironic/drivers/modules/drac/raid.py | 82 +++++
ironic/drivers/modules/ilo/common.py | 42 +++
ironic/drivers/modules/ilo/management.py | 79 ++++-
ironic/drivers/modules/ilo/vendor.py | 43 ++-
ironic/drivers/modules/ks.cfg.template | 23 +-
ironic/drivers/modules/redfish/bios.py | 18 +-
ironic/drivers/modules/redfish/utils.py | 61 ++--
ironic/drivers/modules/snmp.py | 339 +++++++++++++++++++++
.../unit/drivers/modules/ilo/test_management.py | 115 +++++++
.../unit/drivers/modules/redfish/test_bios.py | 3 +-
.../unit/drivers/modules/redfish/test_utils.py | 16 +
.../notes/ValueDisplayName-13837c653277ff08.yaml | 5 +
.../additonal-snmp-drivers-ae1174e6bd6ee3a6.yaml | 5 +
...tart-auto-url-in-template-9f716c244adff159.yaml | 5 +
...t-cert-validation-disable-6611d3cb9401031d.yaml | 8 +
...concurrency-limit-control-4b101bca7136e08d.yaml | 23 ++
...rce-path-handling-lookups-4ce2023a56372f10.yaml | 16 +
.../create_csr_clean_step-a720932f61b42118.yaml | 7 +
.../notes/dnsmasq_dhcp-9154fcae927dc3de.yaml | 7 +
...ing-stuck-on-networkerror-4aedbf3673413af6.yaml | 8 +
...c-redfish-controller-mode-7b55c58d09240d3c.yaml | 5 +
...-ilo-boot-interface-order-238a2da9933cf28c.yaml | 26 ++
.../ilo-event-subscription-0dadf136411bd16a.yaml | 7 +
.../notes/jsonschema-4.8-1146d103b877cffd.yaml | 5 +
...-disk-erasure-concurrency-6d132bd84e3df4cf.yaml | 10 +
...o-longer-scope-restricted-b455f66a751f10ec.yaml | 27 ++
...password_in_session_cache-1fa84234db179053.yaml | 7 +
...rac-reset-if-attr-missing-b2a2b609c906c6c4.yaml | 10 +-
.../notes/zed-prelude-09fe95b11ad2459d.yaml | 12 +
.../locale/en_GB/LC_MESSAGES/releasenotes.po | 35 ++-
requirements.txt | 2 +-
setup.cfg | 1 +
tox.ini | 1 -
zuul.d/ironic-jobs.yaml | 42 +++
zuul.d/project.yaml | 2 +
85 files changed, 2809 insertions(+), 253 deletions(-)
Requirements updates
--------------------
diff --git a/driver-requirements.txt b/driver-requirements.txt
index 5333dbd4f..876e817cb 100644
--- a/driver-requirements.txt
+++ b/driver-requirements.txt
@@ -7 +7 @@
-proliantutils>=2.13.0
+proliantutils>=2.14.0
@@ -20 +20 @@ python-ibmcclient>=0.2.2,<0.3.0
-sushy-oem-idrac>=4.0.0,<5.0.0
+sushy-oem-idrac>=5.0.0,<6.0.0
diff --git a/requirements.txt b/requirements.txt
index 24c09f50c..ae8e14f39 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -50 +50 @@ openstacksdk>=0.48.0 # Apache-2.0
-sushy>=3.10.0
+sushy>=4.3.0
More information about the Release-announce
mailing list