Ussuri Series (14.0.0 - 15.0.x) Release Notes

15.0.2-26

Known Issues

  • TinyCore Linux 10.x, which powers the TinyIPA ramdisk in the Ussuri and Train releases of OpenStack, is no longer able to be built due to certificate verification issues as time moves forward. We have embedded a fix for use by Ironic’s CI only. As a general reminder, TinyIPA should not be used in production deployments.

Upgrade Notes

  • Operators upgrading from earlier versions using PXE should explicitly set [pxe]ipxe_bootfile_name, [pxe]uefi_ipxe_bootfile_name, and possibly [pxe]ipxe_bootfile_name_by_arch settings, as well as a iPXE specific [pxe]ipxe_config_template override, if required.

    Setting the [pxe]ipxe_config_template to no value will result in the [pxe]pxe_config_template being used. The default value points to the supplied standard iPXE template, so only highly customized operators may have to tune this setting.

  • On Ussuri release, to use certification file on HTTPS connection, iRMC driver requires python-scciclient version to be >=0.8.2,<0.9.0 or >=0.9.5,<0.10.0 and packaging >=16.5

  • Operators may need to check their /httpboot/redfish folder permissions if using redfish-virtual-media. The conductor was previously creating the folder with incorrect permissions.

  • A permission setting has been added for redfish-virtual-media boot interface, which allows for explicit file permission setting when the driver is being used. The default for the new [redfish]file_permission setting is ``0u644, or 644 if manually changed using chmod on the command line. Operators MAY need to adjust this if they were running the conductor with a specific umask to work around the permission setting defect.

Security Issues

  • Modifies the irmc hardware type to include a capability to control enforcement of HTTPS certificate verification. By default this is enforced. python-scciclient version must be >=0.8.2,<0.9.0 or >=0.9.5,<0.10.0 Or certificate verification will not occur.

Bug Fixes

  • Fixes Ironic integration with Cinder because of changes which resulted as part of the recent Security related fix in bug 2004555. The work in Ironic to track this fix was logged in bug 2019892. Ironic now sends a service token to Cinder, which allows for access restrictions added as part of the original CVE-2023-2088 fix to be appropriately bypassed. Ironic was not vulnerable, but the restrictions added as a result did impact Ironic’s usage. This is because Ironic volume attachments are not on a shared “compute node”, but instead mapped to the physical machines and Ironic handles the attachment life-cycle after initial attachment.

  • Addresses the lack of an ability to explicitly set different bootloaders for iPXE and PXE based boot operations via their respective ipxe and pxe boot interfaces.

  • Fixes idrac-wsman management interface set_boot_device method that would fail deployment when there are existing jobs present with error “Failed to change power state to ‘’power on’’ by ‘’rebooting’’. Error: DRAC operation failed. Reason: Unfinished config jobs found: <list of existing jobs>. Make sure they are completed before retrying.”. Now there can be non-BIOS jobs present during deployment. This will still fail for cases when there are BIOS jobs present. In such cases should consider moving to idrac-redfish that does not have this limitation when setting boot device.

  • Fixes idrac-wsman power interface to wait for the hardware to reach the target state before returning. For systems where soft power off at the end of deployment to boot to instance failed and forced hard power off was used, this left node successfully deployed in off state without any errors. This broke other workflows expecting node to be on booted into OS at the end of deployment. Additional information can be found in story 2009204.

  • Calculating the ipmitool -N and -R arguments from ironic.conf [ipmi] command_retry_timeout and min_command_interval now takes into account the 1 second interval increment that ipmitool adds on each retry event.

    Failure-path ipmitool run duration will now be just less than command_retry_timeout instead of much longer.

  • Adds driver_info/irmc_verify_ca option to specify certification file. Default value of driver_info/irmc_verify_ca is True.

  • Fixes connection caching issues with Redfish BMCs where AccessErrors were previously not disqualifying the cached connection from being re-used. Ironic will now explicitly open a new connection instead of using the previous connection in the cache. Under normal circumstances, the sushy redfish library would detect and refresh sessions, however a prior case exists where it may not detect a failure and contain cached session credential data which is ultimately invalid, blocking future access to the BMC via Redfish until the cache entry expired or the ironic-conductor service was restarted. For more information please see story 2009719.

  • Fixes the redfish-virtual-media and related based drivers to utilize an explicit file permission instead of rely upon the ironic-conductor umask, which may be incorrect. This can be tuned with the [redfish]file_permission setting.

  • Fixes an issue where the default folder permission for the redfish-virtual-media driver where the folder permissions for the /httpboot/redfish folder was being created with incorrect permissions.

15.0.2

Known Issues

  • Some ipmitool builds, in particular on machines running Red Hat Enterprise Linux 8.2, have changed the default cipher suite being offered which can cause ipmitool to completely fail to negotiate a connection with the BMC. Operators who encounter this situation should use the ipmi_cipher_suite parameter in the driver_info field to override and directly assert the required cipher. Because of potential security implications of attempting second level auto-negotiation and known BMC vendor behaviors, this must be identified by the operator and explicitly set as logic to attempt to navigate through situations like this may have undesirable results.

  • When redfish-virtual-media is used, fast-track mode will not work as expected, nodes will be rebooted between operations.

Upgrade Notes

  • An automated detection of a IPMI BMC hardware vendor has been added to appropriately handle IPMI BMC variations. Ironic will now query this and save this value if not already set in order to avoid querying for every single operation. Operators upgrading should expect an elongated first power state synchronization if for nodes with the ipmi hardware type.

Bug Fixes

  • Fixes the deployment failure with Ussuri (and older) ramdisks that happens when another IPA command runs after prepare_image.

  • Fixes an issue with the ansible deployment interface where automatic root deviec selection would accidently choose the system CD-ROM device, which was likely to occur when the ansible deployment interface was used with virtual media boot. The ansible deployment interface now ignores all Ramdisks, Loopbacks, CD-ROMs, and floppy disk devices.

  • Fixes the [deploy]configdrive_use_object_store option that was broken during the Python 3 transition.

  • Fixes the problem about grub2 config file. Some higher versions of grub2 (e.g. 2.05 or 2.06-rc1) use grub.cfg-01-MAC, while another lower versions of grub2 (e.g. 2.04) use MAC.conf, so we generate both paths in order to be compatible with both.

  • Fixes an issue with agent token handling where the agent has not been upgraded resulting in an AgentAPIError, when the token is not required. The conductor now retries without sending an agent token.

  • Fixes issues when UEFI boot mode has been requested with persistent boot to DISK where some versions of ipmitool do not properly handle multiple options being set at the same time. While some of this logic was addressed in upstream ipmitool development, new versions are not released and vendors maintain downstream forks of the ipmitool utility. When considering vendor specific selector differences along with the current stance of new versions from the upstream ipmitool community, it only made sense to handle this logic with-in Ironic. In part this was because if already set the selector value would not be updated. Now ironic always transmits the selector value for UEFI.

  • Fixes handling of Supermicro UEFI supporting BMCs with the ipmi hardware type such that an appropriate boot device selector value is sent to the remote BMC to indicate boot from local storage. This is available for both persistent and one-time boot applications. For more information, please consult story 2008241.

  • Fixes handling of the ipmi hardware type where UEFI boot mode and “one-time” boot to PXE has been requested. As Ironic now specifically transmits the raw commands, this setting should be properly appied where previously PXE boot operations may have previously occured in Legacy BIOS mode.

  • Fixes a potential race in the hash ring code that could result in the hash rings never updated after their initial load.

  • Fixes the virtual disks creation by changing PERC H740P controller mode from Enhanced HBA to RAID in delete_configuration clean step. PERC H740P controllers supports RAID mode and Enhanced HBA mode. When the controller is in Enhanced HBA, it creates single disk RAID0 virtual disks of NON-RAID physical disks. Hence the request for VD creation with supported RAID fails due to no available physical disk. This patch converts the PERC H740P RAID controllers to RAID mode if enhanced HBA mode found enabled See bug bug 2007711 for more details

  • Fixes the deprecated idrac hardware interface implementation __init__ methods to call their base class __init__ methods before emitting a log message warning about their deprecation. For more information, see story 2008197.

  • Allows configuring IPMI cipher suite via the new driver_info parameter ipmi_cipher_suite to enable operators to navigate ipmitool behavior changes around supported ciphers.

  • When configured to use json-rpc, the [DEFAULT].host configuration option to ironic-conductor can now be set to an IPv6 address. Previously it could only be an IPv4 address or a DNS name.

  • Fixes the issue that when the MAC address of a port group is not set and been attached to instance, the landed bond port cannot get IP address due to inconsistent MAC address between the tenant port and the initially allocated one in the config drive.

  • Fixes wiping the agent secret token on manual power off or reboot. Also makes sure to remove the agent URL since it may potentially change.

  • Fixes cleaning and managed inspection not respecting the default_boot_mode configuration option.

  • Fixes cleaning and managed inspection not following the standard boot mode handling logic, particularly, not trying to assert the requested boot mode if the driver allows it.

  • Adds handling of Redfish BMC’s which lack a BootSourceOverrideMode flag, such that it is no longer a fatal error for a deployment if the BMC does not support this field. This most common on BMCs which feature only a partial implementation of the ComputerSystem resource boot, but may also be observable on some older generations of BMCs which recieved updates to have partial Redfish support.

  • The fix for story 2008252 synced the boot mode after changing the boot device because Supermicro nodes reset the boot mode if not included in the boot device set. However this can cause a problem on Dell nodes when changing the mode uefi->bios or bios->uefi, see story 2008712 for details. Restrict the syncing of the boot mode to Supermicro.

  • When Ironic configures the BootSourceOverrideTarget setting via Redfish, on Supermicro BMCs it must always configure BootSourceOverrideEnabled or that will revert to default (Once) on the BMC, see story 2008547 for details. This is different than what is currently implemented for other BMCs in which the BootSourceOverrideEnabled is not configured if it matches the current setting (see story 2007355).

    This requires that node.properties[‘vendor’] be ‘supermicro’ which will be set by Ironic from the Redfish system response or can be set manually.

  • After changing the boot device via Redfish, check that the boot mode being reported matches what is configured and, if not, set it to the configured value. Some BMCs change the boot mode when the device is set via Redfish, see story 2008252 for details.

  • Introduces lazy-loading of ports, portgroups, volume connections and volume targets in task manager to fix performance issues. For periodic tasks which create a task manager object but don’t require the aforementioned data (e.g. power sync), this change should reduce the number of database interactions by around two thirds, speeding up overall execution.

  • Removes stale agent tokens when rebooting nodes using API. This prevents lookup failures for nodes that get rebooted between fast-track operations.

  • Fixes an issue of powering off with the idrac-wsman management interface while the execution of a clear job queue cleaning step is proceeding. Prior to this fix, the clean step would fail when powering off a node.

  • Fixes timeout in fast-track mode with redfish-virtual-media when running one operation after another (e.g. cleaning after inspection).

Other Notes

  • Adds a detect_vendor management interface method to the ipmi hardware type. This method is being promoted as a higher level interface as the fundamental need to be able to have logic aware of the hardware vendor is necessary with vendor agnostic drivers where slight differences require slightly different behaviour.

15.0.1

New Features

  • Adds a new [ipmi]use_ipmitool_retries option. When set to True and timing is supported by ipmitool, the number of retries and command interval will be passed to ipmitool so that ipmitool will do the retries. When set to False, ironic will do the retries. Default is True.

Known Issues

  • Some BMCs do not support the Channel Cipher Suites command that newer versions of ipmitool use. These versions of ipmitool will resend this command for each ipmitool retry, resulting in long response times. Setting [ipmi]use_ipmitool_retries to false will avoid this situation by implementing retries on the ironic level.

  • Some redfish-enabled hardware is known not to support persistent boot device setting that is used by the Bare Metal service for deployed instances. The redfish hardware type tries to work around this problem, but rebooting such an instance in-band may cause it to boot incorrectly. A predictable boot order should be configured in the node’s boot firmware to avoid issues and at least metadata cleaning must be enabled. See this mailing list thread for technical details.

Bug Fixes

  • Fixes a rare issue when agent successfully powers off a node after deployment, but ironic never learns about it and does another reboot.

  • Fixes deployment in fast-track mode by keeping the required internal fields (agent_url and agent_secret_token) intact when starting and finishing deployment and cleaning.

  • Fixes RAID apply_configuration deploy step for idrac-wsman where deployment failed with TypeError. See story 2007963.

  • Cleans up nodes stuck in the deleting state on conductor restart.

  • Fixes deployment hanging on an invalid in-band deploy step in a deploy templates.

  • Allows deleting nodes with a broken driver unless they require stopping serial console.

  • Fixes fast-track deployments with the direct deploy interface that used to hang previously.

  • Fixes a bug in “fast track” where Ironic would delete the agent token upon exiting cleaning steps. However, if we are in fast track mode, we can preserve the token and continue operations with the agent as it is not powered off during fast track operations.

  • Fixes json_rpc client connections always using HTTP even if use_ssl was set to True.

  • Fixes a workaround for hardware that does not support persistent boot device setting with the redfish or idrac-redfish management interface implementation. When such situation is detected, ironic falls back to one-time boot device setting, restoring it on every reboot or power on.

    For more information, see story 2007733.

  • Fixes fast track deployment preceeded by managed inspection by providing the ironic API URL to the ramdisk so that it can heartbeat.

  • When Ironic is doing IPMI retries the configured min_command_interval should be used instead of a default value of 1, which may be too short for some BMCs.

  • Fixes missing agent RAID compatibility for the ilo5 and idrac hardware type preventing software RAID for working with them.

  • No longer tries to set local_gb to MAX when building RAID with the root disk using MAX for its size.

  • To provide a workaround for incorrect boot order problems on some hardware, the redfish hardware type now supports the noop management interface, similarly to IPMI and SNMP.

  • Rebooting a node with the redfish power interface is now implemented via a power off request followed by power on to avoid returning success when a node stays powered on after the reboot request.

  • Provides a workaround for hardware that does not support persistent boot device setting with the redfish hardware type. When such situation is detected, ironic will fall back to one-time boot device setting, restoring it on every reboot.

  • Fixes an issue where ironic-conductor initialization could return a NodeNotLocked error for requests requiring locks when the conductor was starting. This was due to the conductor removing locks after beginning accepting new work. The lock removal has been moved to after the Database connectivity has been established but before the RPC bus is initialized.

  • Removes stale agent token on rescue and unrescue operations. Previously it would cause subsequent rescue operations to fail.

  • If the disk format of the image is provided in the instance_info, skip the memory check if it is set to raw and raw image streaming is enabled. That allows to stream raw images provided as URL and not through Glance.

Other Notes

  • Ramdisk logs are now collected during cleaning the same way as during deployment.

15.0.0

Prelude

The Ironic Developers are proud to announce the release of Ironic 15.0! This release contains a number of changes that have been sought by operators and users of Ironic for some time, including support for UEFI booting a software RAID system, improved Ironic/Ironic Python Agent security, multi-tenancy constructs, a hardware retirement mechanism, stateful DHCPv6, and numerous fixes. We sincerely hope you enjoy!

New Features

  • Adds REST API endpoints for indicator management. Three new endpoints, for listing, reading and setting the indicators, reside under the /v1/nodes/<node_ident>/management/indicators location.

  • Adds support of “agent token” which serves as a mechanism to secure the normally unauthenticated API endpoints in ironic which are used in the mechanics of baremetal provisioning. This feature is optional, however operators may require this feature by changing the [DEFAULT]require_agent_token setting to True.

  • Adds is_allocation_owner policy rule, which can be applied to allocation get/update/delete rules. Also adds baremetal:allocation:list and baremetal:allocation:list_all rules for listing owned allocations and all allocations. Default rules are unaffected, so default behaviour is unchanged.

  • Adds a new configuration option [console]port_range, which specifies the range of ports can be consumed for the IPMI serial console. The default value is None for backwards compatibility. If the ipmi_terminal_port is not specified in the driver information for a node, a free port will be allocated from the configured port range for further use.

  • For baremetal operations on DHCPv6-stateful networks multiple IPv6 addresses can now be allocated for neutron ports created for provisioning, cleaning, rescue or inspection. The new parameter [neutron]/dhcpv6_stateful_address_count controls the number of addresses to allocate (Default: 4).

  • Adds functionality with neutron integration to support dual-stack (IPv4 and IPv6 environment configurations). This enables ironic to look up the attached port(s) and supply DHCP options in alignment with the protocol version allocated on the port.

  • Implemented the BIOS interface for the idrac hardware type. Primarily, implemented factory_reset and apply_configuration clean and deploy steps, as asynchronous operations. For more details, see story 2007400.

  • The ilo-virtual-media boot interface now supports managing boot for in-band inspection. This enables using virtual media instead of PXE for in-band inspection.

  • Adds the capability for the instance_info\image_checksum value to be optional in stand-alone deployments if the instance_info\image_os_hash_algo and instance_info\image_os_hash_value fields are populated.

  • Makes management interface of redfish hardware type not change the current boot frequency if the current setting is the same as the desired one. The goal is to avoid touching a potentially faulty BMC option whenever possible.

  • Adds a new [ipmi]debug option that allows users to explicitly turn IPMI command debugging on, as opposed to relying upon the system debug setting [DEFAULT]debug. Users wishing to continue to log this output should set [ipmi]debug to True in their ironic.conf.

  • Changes neutron port updates to use auth values from Ironic’s neutron conf, preventing issues that can arise when a non-admin user manages Ironic nodes. A check is added to the port update function to verify that the user can actually see the port. This adds an additional Neutron request call to all port updates.

  • Adds a lessee field to nodes. This field is exposed to policy, so if a policy file permits, a lessee will have access to specified node APIs.

  • Adds baremetal:node:update_extra and baremetal:node:instance_info policies to allow finer-grained policy control over node updates. In order to use standalone Ironic to provision a node, a user must be able to update instance_info (and extra if using metalsmith), and a lessee should not be able to update all node attributes.

  • The redfish_system_id property of redfish hardware type has been made optional. If not specified in driver_info, and the target BMC manages a single ComputerSystem, ironic will assume that system. Otherwise, ironic will fail requiring explicit redfish_system_id specification in driver_info.

  • To allow use of the neutron network interface in combination with flat provider networks where no actual switch management is done. The local_link_connection field on ports is extended to support the network_type field.

  • Target devices for software RAID can now be specified in the form of device hints (same as for root devices) in the physical_disks parameter of a logical disk configuration. This requires ironic-python-agent from the Ussuri release series.

  • Adds a root_prefix parameter to the sushy context based on the path of redfish_address. Defaults to sushy root_prefix default (/redfish/v1/). This is needed if the Redfish API is not located in the default /redfish/v1/ endpoint.

  • Adds support for bootable software RAID with UEFI boot mode.

  • Passwords for rescue operation are now hashed for transmission to the ironic-python-agent. This functionality requires ironic-python-agent version 6.0.0.

    The setting [conductor]rescue_password_hash_algorithm now defaults to sha256, and may be set to sha256, or sha512.

Known Issues

  • The ansible deployment interface does not support use of an agent token at this time.

Upgrade Notes

  • The minimum supported version of Ansible is now 2.7. All support for previous Ansible versions is no longer maintained.

  • The default value of [deploy]/default_boot_option is changed from netboot to local.

  • Due to the default boot option change, partition images without grub2 will be unable to be deployed without the boot_option for the node to be explicitly set to netboot.

  • The required minimum version of the sushy python Redfish API client library is now version 3.2.0.

  • Removes compatibility with deploy interfaces that do not use deploy steps.

  • The [pxe]ip_version setting may no longer be required depending on neutron integration.

  • Operators that used the [DEFAULT]my_ip setting with an IPv6 address may wish to explore migrating to the [DEFAULT]my_ipv6 setting. Setting both values enables the appropriate IP addresses based on protocol version for PXE/iPXE.

  • If [DEFAULT]force_raw_images is set to true, then MD5 will not be utilized to recalculate the image checksum. This requires the ironic-python-agent ramdisk to be at least version 3.4.0.

  • Debug logging control has been moved to the [ipmi]debug configuration setting as opposed to the “conductor” [DEFAULT]debug setting as the existing ipmitool output can be extremely misleading for users. Operators who wish to continue to log ipmitool verbose output in their logs should explicitly set the [ipmi]debug command to True.

  • The dependency on oslo.i18n is now optional. If you would like messages from ironic to be translated, you need to install it explicitly.

  • The guru meditation reporting functionality is now optional and the oslo.reports package is no longer a part of requirements. Install it manually if you need this feature.

  • The configuration option [pxe]ipxe_enabled was deprecated and now has been removed, thus the support for iPXE from the pxe interface was removed. To use iPXE, the boot interface should be migrated to ipxe or other boot interfaces capable of booting from iPXE.

Deprecation Notes

  • Some deploy interfaces use the continue_node_deploy RPC call to notify the conductor when they’re ready to leave the deploy core deploy step. Currently ironic allows a node to be either in wait call-back or deploying state when entering this call. This is deprecated, and in the next release a node will have to be in the wait call-back (DEPLOYWAIT) state for this call.

Security Issues

  • Image checksum recalculation when images are forced to raw images, are now calculated using SHA3-256 if MD5 was selected. This is now unconditional.

  • Operators wishing to enforce all rescue passwords to be hashed should use the [conductor]require_rescue_password_hashed setting and set it to a value of True.

    This setting will be changed to a default of True in the Victoria development cycle.

  • The secret token that is used for IPA verification will be generated using the secrets module to be in compliance with the FIPS 140-2 standard.

Bug Fixes

  • Fixes an issue with the agent client code where checks of the agent command status had no logic to prevent an intermittent or transient connection failure from causing the entire operation to fail.

  • Fixes ‘Invalid parameter value for SpanLength’ when configuring RAID using Python 3. This passed incorrect data type to iDRAC, e.g., instead of 2 it passed 2.0. See story 2004265.

  • Fixes RAID configuration using idrac-wsman RAID interface where node remains in ‘clean wait’ provisioning state forever. See story 2007567.

  • Fixes an issue where a node may be locked from changes if a conductor’s hostname case is changed before restarting the conductor service.

  • Fixes an issue in the ironic-python-agent client code where a command exception may not be captured in the interaction with the agent rest API. The client code would return the resulting error message and a static error code. We now look with-in the error to detect if the error may be a compatability error to raise the appropriate exception for fallback logic to engage.

  • Improves interoperability with Redfish BMCs by untying node boot mode change from other boot parameters change (such as boot device, boot frequency).

  • Fixes vague node last_error field reporting upon deploy step failure by providing the exception error message in addition to the step that failed.

  • The ‘no address available’ problem seen when network booting on DHCPv6-stateful networks is fixed with the support for allocating multiple IPv6 addresses. See bug: 1861032.

  • Fixes an agent command issue in the bootloader installation process that can present itself as a connection timeout under heavy IO load conditions. Now installation commands have an internal timeout which is double the conductor wide [agent]command_timeout. For more information, see bug 2007483.

  • Use SHA256 for comparing file contents instead of MD5. This improves FIPS compatibility.

  • Fixes a bug in the idrac hardware type where when creating one or more virtual disks on a RAID controller that supports passthru mode (PERC H730P), the cleaning step would finish before the job to create the virtual disks actually completed. This could result in the client attempting to perform another action against the iDRAC that creates a configuration job, and that action would fail since the job to create the virtual disk would still be executing. This patch fixes this issue by only allowing the cleaning step to finish after the job to create the virtual disk completes. See bug bug 2007285 for more details.

  • Certain RAID controllers (PERC H730P) require physical disks to be switched from non-RAID (JBOD) mode to RAID mode to be included in a virtual disk. When this conversion happens, the available free space on the physical disk is reduced due to some space being allocated to RAID mode housekeeping. If the user requests a virtual disk (a RAID 1 for example) with a size close to the max size of the physical disks when they are in JBOD mode, then creation of the virtual disk following conversion of the physical disks from JBOD to RAID mode will fail since there is not enough space due to the space used by RAID mode housekeeping. This patch works around this issue by recalculating the RAID volume size after physical disk conversion has completed and the free space on the converted drives is known. Note that this may result in a virtual disk that is slightly smaller than the requested size, but still the max size that the drives can support. See bug bug 2007359 for more details

  • Fixes state report via Guru Meditation Reports that did not work previously because of empty log_dir and no way to configure this configuration option.

  • Fixed a bug where rebooting a node managed by the idrac hardware type when using the WS-MAN power interface sometimes fails with a The command failed to set RequestedState error. See bug 2007487 for details.

  • If a node is in mid-deployment or cleaning and its conductor dies, ironic will move that node into a failed state. However, this wasn’t being done if those nodes were also in maintenance. This has been fixed. See story 2007098 for more details.

  • Now that HUAWEI ironic 3rd party CI is back, the ibmc hardware type driver is supported.

  • Fixes an issue where a node may be locked from changes if a conductor’s hostname case is changed before restarting the conductor service. clean up the reservation once the conductor stopped.

  • Renames misleadingly named images.create_isolinux_image_for_uefi function into images.create_esp_image_for_uefi. The new name reflects what’s actually going on under the hood.

Other Notes

  • The [conductor]power_state_change_timeout default value has been extended to 60 seconds from 30 seconds. This is due to some API interfaces with Redfish, may cache the power state and thus may take longer than thirty seconds to update after a change has been requested. Please see here for more information.

  • The rootwrap filter file called “ironic-lib.filters” is no longer part of Ironic. The same file is available from the ironic-lib module which is already an install requirement.