Ocata Series (5.0.0 - 5.0.x) Release Notes¶
Fixes insufficient input filtering when looking up a node by information from the introspection data. It could potentially allow SQL injections via the
/v1/continueAPI endpoint. See story 2005678 for details.
Exception CalledProcessError is raised when running iptables cmd on start up. The issue is caused by eventlet bug, see: https://github.com/eventlet/eventlet/issues/357 The issue affects ironic-inspector only if it manages firewall - configured with
manage_firewall = Trueconfiguration option.
Do not fail the whole introspection due to a value formatting error during introspection rules rollback. See bug 1686942 for an example and detailed investigation.
Extend the introspection status returned from
GET@/v1/introspection/<Node Id>to contain the
Add a plugin to parse raw LLDP Basic Management, 802.1, and 802.3 TLVs and store the data in Swift.
Add an API endpoint for listing introspection statuses. Operators can use this to get the status for all running or previously run introspection processing.
Introduce a new configuration option
api_max_limitthat defines the maximum number of items per page when API results are paginated.
InfiniBand interface discovery is now supported through introspection. The ironic-inspector will add the client-id to the corresponding ironic port that represents the InfiniBand interface. The ironic-inspector should be configured with a list of interfaces
firewall.ethoib_interfacesto indicate which Ethernet Over InfiniBand Interfaces are used for DHCP.
Node introspection state is now kept in a dedicated database column. The introspection is now using a finite state machine. The state isn’t exposed to the user yet.
Adds support for using operators with the root device hints mechanism. The supported operators are
Looking up nodes during introspection or discovery now supports multiple attributes matching. For example, two nodes can use the same
bmc_addressand still can be distinguished by MAC addresses.
Avoid failing introspection on diskless nodes. The node property
local_gb == 0is set in that case.
Due to the nature of the NodeInfo.state attribute (being updated independently from the rest of the node_info attributes) if a (DB) connection was lost before the Node.state column was updated, Node.finished_at and Node.error columns may not be in sync with the Node.state column.
Add a new dependency,
A database migration is required to change some columns from Float to DateTime type. This may take some time based on the number of introspection statuses in DB.
Removed previously deprecated authentication options from “ironic”, “swift”, and “keystone_authtoken” sections.
Removed long deprecated support for “discoverd” section in configuration file.
The default value for the configuration option “introspection_delay_drivers” was changed to
.*, which means that by default “introspection_delay” is now applied to all drivers. Set “introspection_delay” to 0 to disable the delay.
Node.state and Node.version_id database columns are introduced.
The introspection state column defaults to the state
finishedunless the introspection error column value on a node row isn’t null, then node state is set to
Uniqueness of a node
bmc_addressisn’t enforced any more.
The primary key of the
attributestable is relaxed from the
attributes.name, attributes.valuecolumn pair to a new column
The configuration option “log_bmc_address” is deprecated.
Support for setting IPMI credentials via ironic-inspector is deprecated and will be removed completely in Pike. A new API version 1.9 was introduced with this feature de-activated. For reasoning see https://bugs.launchpad.net/ironic-python-agent/+bug/1654318.
The configuration option “introspection_delay_drivers” is deprecated.
Change database columns
finished_atto type DateTime from type Float so that timestamps fit into these columns correctly.
Fix bug where periodic clean up failed with DBDeadlock if introspection timed out.
Ensure the configuration options
clean_up_periodare applied to the
periodic_updatetasks after the config file is read.
LLC hook now formats the chassis ID and port ID MAC addresses into Unix format as expected by ironic.
LLC hook ensures that correct port information is passed to the patch_port function
LLC hook no longer assumes all inspected ports are added to ironic
Loopback BMC addresses (useful e.g. with virtualbmc) are no longer used for lookup.
Introspection fails on nodes with the same IPMI address but different IPMI ports.
Default API version is temporary pinned to 1.8 (before deprecating setting IPMI credentials). It will be reset to the latest version again when support for setting IPMI credentials is removed.