Wallaby Series (10.5.0 - 10.6.x) Release Notes¶
The response headers for empty body HTTP 204 replies, at present, violate RFC7230. This was not intentional, but underlying libraries also make inappropriate changes to the headers, which can cause clients to experience odd failures. This is anticipated to be corrected once an underlying issue in eventlet is resolved.
Fixes an issue where a failed inspection due to a transient failure can prevent retry attempts to inspect to be perceived as a failure. If a prior inspection fails and is in
errorstate, when a new introspection is requested, the state is now appropriately set to
Fixes HTTP responses so the Eventlet library, which is used to support the operation of the WSGI application, does not incorrectly inject a
Transfer-Encodingheader into the HTTP response, even on HTTP 204 replies, which is a violation of RFC7230. This header ultimately can cause varying client reactions which are not expected and can raise exceptions. For now, this has been remedied via an explicit return of a
Content-Lengthheader, which is also an RFC7230 violation, but it appears to be the lesser of known evils at this time.
Fixes issues in Inspector where various tasks would not have retry logic applied to them and may sporadically fail. This is because the OpenStack SDK does not comprehend the NodeLocked error, which previously python-ironicclient silently handled. Basic operations such as “power reboot” and “set boot device” will now be retried automatically if they fail. For more information, please see story 2009107.
The default policy will been replaced with one which aligns with the Secure-RBAC scopes and roles. Since ironic-inspector is a tool used only by system-level admins, only the
systemscope is supported, and the only roles in the policy rules are
ibmc_addressin the default configuration, allowing introspection to try and match the BMC address if no ports are defined when using the ibmc driver.
The default value of
[oslo_policy] policy_fileconfig option has been changed from
policy.yaml. Operators who are utilizing customized policy files or previously generated static policy files (which are not needed by default), should generate new policy files and modify them to meet their needs in the event of any new policies or rules have been added. Please consult the oslopolicy-convert-json-to-yaml tool to convert a JSON to YAML formatted policy file in backward compatible way.
The new policy is only enforced when
[oslo_policy]config is changed to
enforce_scope=True, otherwise the existing deprecated policy is used. User accounts which rely on having the
baremetal_observerroles will need to have system-scoped
readerroles to use the API when the new policy is enforced.
Use of legacy policy files was deprecated by the
oslo.policylibrary during the Victoria development cycle. As a result, this deprecation is being noted in the Wallaby with an anticipated future removal of support by
oslo.policy. As such operators will need to convert to YAML policy files. Please see the upgrade notes for details on migration of any custom policy files.
The previous policy is still enforced by default, but is now deprecated and will be removed in a future release.
Adds a possibility to setup ironic inspector behind a proxy, while allowing the links of the resources API returns to remain correct. Inspector now respects the following headers that are passed with API requests:
X-Forwarded-Prefix. If the API is run providing
SCRIPT_NAMEenvironment variable, it is now also respected, and it allows to return the correct links in response to requests, even if inspector API is not placed at the web server root resource.
Fixes database migrations with SQLAlchemy 1.3.20.