Current Series Release Notes

In Development - Unreleased

Upgrade Notes

  • [conductor]/file_url_allowed_paths, when created, had an extremely open default value – including such nonstandard paths as /vagrant. This was done to ensure the security patch was as nondisruptive as possible.

    Now we’ve adjusted the default to only include /var/lib/ironic. Operators who wish to use file URLs for instance images that lie outside of that path will need to set a non-default value for this config option.

Bug Fixes

  • Fixes an issue where the PLDM/MCTP communication channel used for NIC firmware updates was not available after a BMC firmware update, causing subsequent NIC firmware update attempts to fail. In case there are more components to be updated, we reboot before proceeding to the next update.

  • Fixes security issue identified in bug 2148307 where users of the anaconda deployment interface could supply a malicious template. The conductor process now sandboxes all jinja2 rendering operations.

  • Fixes error handling in OCI image when webserver_verify_ca is a path.

  • Fixes a bug where RBAC field redaction policy checks for last_error, reservation, and driver_internal_info would incorrectly redact values for node owners when the owner field was not explicitly included in the requested field list. The root cause was the field pruning logic in _get_fields_for_node_query() which aggressively stripped the object down to only caller-requested fields, inadvertently removing owner and lessee before the RBAC policy checks in node_sanitize() could use them to evaluate project-scoped ownership rules. These attributes are now always extracted from the database object regardless of which fields the caller requested, and are still stripped from the API response by sanitize_dict() when not explicitly requested. See bug 2150573 for details.

  • Fixes a crash during sensor data collection for nodes using the redfish management interface when redfish_system_id is not set in driver_info. The storage sensor methods attempted to call .split() on a None value, which would appear in conductor logs as:

    WARNING ironic.conductor.manager Failed to get sensor data for
node <uuid>. Error: 'NoneType' object has no attribute 'split'

  • Unfortunately sushy 5.10.0 was released without proper handling of a timeout value which results in an exception due to invalid parameters that is unavoidable for users.

Other Notes

  • Ironic recently corrected a misunderstanding in the project documentation rooted in the types of disk formats and container formats utilized for ironic-python-agent service ramdisk elements. A miscommunication and misunderstanding in the work related to OSSA-2025-001, led to an incorrect belief that ramdisk artifacts should have the disk_format set to raw, and the container_format set to bare. The Ironic project recently learned this was incorrect when the OpenStack Glance project merged changes which broke CI testing as Glance tightend controls around bare containers which happened to fail on x86_64 kernel artifacts due to historical capabilities with the x86_64 kernel artifacts to enable alternative boot models.

    The documentation has been corrected. The proper glance image format for a ramdisk kernel is aki, and the proper type for an initrd/initramfs payload is ari.

36.0.0

New Features

  • Adds a traits field to runbooks, decoupling runbook eligibility from the runbook name. A runbook may now have any logical name; the set of traits on the runbook determines which nodes are permitted to use it. API microversion 1.112 is required to use this feature.

  • Adds a description field to runbooks, consistent with other Ironic objects. The field is available from API microversion 1.112 onwards and is included in the runbook body when retrieved via the API.

  • Adds new REST API endpoints for managing runbook traits:

    • GET /v1/runbooks/{ident}/traits — list all traits for a runbook.

    • PUT /v1/runbooks/{ident}/traits — replace all traits for a runbook.

    • PUT /v1/runbooks/{ident}/traits/{trait} — add a single trait.

    • DELETE /v1/runbooks/{ident}/traits — remove all traits.

    • DELETE /v1/runbooks/{ident}/traits/{trait} — remove a single trait.

    These endpoints are available from API microversion 1.112.

  • Runbook names are no longer required to be valid OpenStack trait strings when using API microversion 1.112 or later. Any string of 1–255 characters is now accepted as a runbook name.

Upgrade Notes

  • The configuration molds feature, deprecated since 2024.1, has been removed. This includes the export_configuration, import_configuration, and import_export_configuration deploy/clean steps from the idrac-redfish management interface, the [molds] configuration section, and the [drac]query_import_config_job_status_interval option. The removal was prompted by security concerns with the feature’s URL handling (see bug 2148317).

  • The iLO and iLO5 hardware types and all their interfaces (bios, boot, inspect, management, power, raid, vendor) have been removed. Users of the iLO drivers should migrate to the redfish hardware type, which provides equivalent functionality for HPE ProLiant servers.

  • The iRMC hardware type and all its interfaces have been removed. Users of the iRMC driver should migrate to a supported hardware type, preferably redfish.

  • The pysnmp-lextudio, pyasn1, and pyasn1-modules libraries have been removed from both driver and test requirements, as they are no longer needed after the removal of the SNMP and iRMC drivers.

  • The SNMP hardware type and power interface has been removed. Users of the SNMP power driver should migrate to a supported hardware type, preferably redfish.

  • An online data migration (migrate_runbook_names_to_traits) seeds the runbook_traits table from the current runbook names. This migration runs as part of ironic-dbsync online_data_migrations and can be executed in batches while the service is running. Existing runbooks whose names were valid trait strings will continue to match nodes via the new trait-based mechanism. Runbooks created before API microversion 1.112 are not affected by the node matching logic change until they are updated via the new traits endpoints.

  • A quirk to note for users of the new runbook traits. Runbooks created using API microversion >=1.112, then later viewed with API microversions <1.112, may have names that do not conform to the custom traits schema (CUSTOM_*) previously enforced for runbook names.

Bug Fixes

  • Fixes an issue where the task for NIC firmware update completed before the first poll cycle could complete. This caused firmware caching to run before the OS had fully booted, preventing updated firmware information from being stored in the database.

  • Fixes an issue where console command passed to socat’s EXEC: was not quoted which could have security implications.

  • Fixes a security issue where the deprecated configuration molds feature would allow an user invoking molds to request authorization to be sent to a remote endpoint. This user supplied URL could be a swift or http url. While when used with http, the feature was explicitly designed around a concept of just publishing to a file in a limited context with authentication details provided by the conductor, where as with swift the impact is greater because the time limited session token for Ironic’s access of swift resources could be leaked, captured, and used.

    The configuration molds feature now explicitly checks the swift endpoint URL and raises an exception when the URL does not match the user supplied the configured Swift endpoint.

    More information can be found in bug 2148317.

  • Fixed an unnecessary IPA boot during out-of-band service steps. When all service steps declare requires_ramdisk=False, the conductor correctly skips the initial ramdisk boot, but service_disable_ramdisk in driver_internal_info was left as False. Steps that call reboot_to_finish_step() internally (e.g. Redfish BIOS apply_configuration) would then boot IPA before the reboot, adding a disruptive and unnecessary boot cycle. The flag is now set to True whenever all service steps are out-of-band.

  • Fixes an issue where immediate reboots can interrupt the initialization of NIC firmware update.

  • [Bug 2146585] iDRAC devices report their Service Tag in the Redfish SKU field, which should be treated as the chassis serial number. The idrac-redfish driver already overrode serial_number with the SKU value, but the fix-up ran after inventory was stored and inspection rules were evaluated, causing rules to see the wrong serial_number. The override now happens inline via _get_system_vendor_info so the correct value is present before storage and rule evaluation.

  • Add validation to the bios.apply_configuration step’s data before the job starts to run to avoid an indefinite hang because the step cannot set the BIOS to the value that was requested because it is not valid. If the BIOS has provided us with the valid values, ranges, or lengths of the data then we first validate it before attempting to use it. If the data is not valid then we clearly fail the step and report the field that was invalid. bug 2148675.

  • Allow the set_bmc_clock management setup in the redfish interface to set the time to the conductor if the time is not explicitly provided. This makes it possible to call this step and get an accurate time. For Ironic to manage the BMC, the time must be inline with the conductor so this is a better reasonable default. This also makes it possible to use the set_bmc_clock in runbooks, as originally intended, because users cannot supply a time for the runbooks without this fix the runbook could only ever set the time to a fixed value which isn’t useful. Fixes bug 2146355.

35.0.0

Upgrade Notes

  • Removes compatibility with Ironic Python Agent versions without support for in-band deploy steps (introduced in the Ussuri cycle).