Stein Series (8.1.0 - 8.2.x) Release Notes

Stein Series (8.1.0 - 8.2.x) Release Notes

8.2.2

Bug Fixes

  • Fixes an issue when extra_hardware plugin failed to save extra hardware information to Swift, the collected information is not processed and consumed.

  • Fixes an issue while mapping port InfiniBand MAC address to EthernetOverInfiniBand MAC. Prior to this fix, it will fail to map and raise an exception.

8.2.1

Security Issues

  • Fixes insufficient input filtering when looking up a node by information from the introspection data. It could potentially allow SQL injections via the /v1/continue API endpoint. See story 2005678 for details.

8.2.0

Prelude

The Stein release of ironic-inspector features support of storing introspection data in the database instead of the Object Store service, as well as fixes for IPv6.

New Features

  • Adds the support to store introspection data in ironic-inspector database. Set the option [processing]store_data to database to use this feature.

  • Adds a migration tool ironic-inspector-migrate-data to facilitate the introspection data migration between supported introspection data storage backends. Currently the available introspection data storage backends are: database and swift. For example, to migrate existing introspection data stored in the swift to database, execute following command:

    $ ironic-inspector-migrate-data --from swift --to database --config-file /etc/ironic-inspector/inspector.conf
    

    Storage backends involved in the migration should have been properly configured in the ironic inspector configuration file. Before the introspection data migration can be started. The ironic inspector database should be upgraded to have the latest schema.

  • Adds support to use latest as the microversion value in the request to the ironic-inspector API.

Upgrade Notes

  • The set-attribute action now automatically sets reset_interfaces to True if the driver is updated. If it’s not desired, set it explicitly to False.

Deprecation Notes

  • Deprecates the configuration option [processing]store_data_location. The introspection data can be retrieved from the ironic-inspector API, there is no need to keep an extra link in ironic.

Bug Fixes

  • Fixes inspection of nodes with IPv6 BMC address. Inspection could not be initiated because an IPv6 address was treated as a hostname, which could not be resolved.

  • Remove debug logging for PXE filter driver which tends to fill up inspector logs when debug is enabled.

  • Fixes updating a driver with the set-attribute introspection rule action by providing reset_interfaces.

8.1.0

New Features

  • Adds a configuration option [iptables]ip_version to specify the desired ip version for the iptables pxe filter, possible values are 4 and 6, the default value is 4. When set to 6, the iptables pxe filter will use ip6tables command to manage rules for the DHCPv6 port 547.

  • Adds new introspection rules actions to add or remove traits on nodes: add-trait and remove-trait.

Upgrade Notes

  • The deprecated configuration option [DEFAULT]node_status_keep_time was removed.

  • Adds rpc related configuration options for the communication between ironic-inspector API and worker. It needs to be configured properly during upgrade. Set [DEFAULT]transport_url to fake:// if a rpc backend is not available or not desired.

Deprecation Notes

  • Configuration options [DEFAULT]ssl_cert_path and [DEFAULT]ssl_key_path are deprecated for ironic-inspector now uses oslo.service as underlying HTTP service instead of Werkzeug. Please use [ssl]cert_file and [ssl]key_file.

Bug Fixes

  • A new rootwrap filter is now included to allow control of the systemd dnsmasq service used by ironic-inspector. This fixes a permission issue when systemctl commands are used as dnsmasq_start_command and dnsmasq_stop_command in the configuration for the dnsmasq pxe filter. See bug 2002818.

    Note

    The filter uses the systemd service name used by the RDO distribution (openstack-ironic-inspector-dnsmasq.service).

  • Fixes issue that can result in introspection failure when a network switch sends incomplete information for LLDP switch_id or port_id. The validation expects these fields when a port is updated, this fix now handles the validation exception.

  • Allows the set-attribute introspection rule action to accept None as value for a property.

  • Fixes the issue that ports were not collected when there were only IPv6 addresses (no IPv4), and the configuration option [processing]add_ports was not set to all. Inspector will report “No suitable interfaces found” if no interface is collected. For more information see Story 1744073

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.