Wallaby Series (10.5.0 - 10.6.x) Release Notes


New Features

  • The default policy will been replaced with one which aligns with the Secure-RBAC scopes and roles. Since ironic-inspector is a tool used only by system-level admins, only the system scope is supported, and the only roles in the policy rules are admin and reader.

Upgrade Notes

  • [DEFAULT]/ipmi_address_fields now has ibmc_address in the default configuration, allowing introspection to try and match the BMC address if no ports are defined when using the ibmc driver.

  • The default value of [oslo_policy] policy_file config option has been changed from policy.json to policy.yaml. Operators who are utilizing customized policy files or previously generated static policy files (which are not needed by default), should generate new policy files and modify them to meet their needs in the event of any new policies or rules have been added. Please consult the oslopolicy-convert-json-to-yaml tool to convert a JSON to YAML formatted policy file in backward compatible way.

  • The new policy is only enforced when [oslo_policy] config is changed to enforce_new_defaults=True and enforce_scope=True, otherwise the existing deprecated policy is used. User accounts which rely on having the baremetal_admin or baremetal_observer roles will need to have system-scoped admin or reader roles to use the API when the new policy is enforced.

Deprecation Notes

  • Use of legacy policy files was deprecated by the oslo.policy library during the Victoria development cycle. As a result, this deprecation is being noted in the Wallaby with an anticipated future removal of support by oslo.policy. As such operators will need to convert to YAML policy files. Please see the upgrade notes for details on migration of any custom policy files.

  • The previous policy is still enforced by default, but is now deprecated and will be removed in a future release.


New Features

  • Adds a possibility to setup ironic inspector behind a proxy, while allowing the links of the resources API returns to remain correct. Inspector now respects the following headers that are passed with API requests: X-Forwarded-For, X-Forwarded-Proto, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Prefix. If the API is run providing SCRIPT_NAME environment variable, it is now also respected, and it allows to return the correct links in response to requests, even if inspector API is not placed at the web server root resource.

Bug Fixes

  • Fixes database migrations with SQLAlchemy 1.3.20.