Mitaka Series (4.3.0 - 5.1.x) Release Notes

5.1.3

Upgrade Notes

  • Updated python-scciclient required version number for iRMC driver to 0.3.1 which contains the bug fix ‘#1561852’ and maintenance updates.

Bug Fixes

  • A node using ‘agent_ilo’ or ‘iscsi_ilo’ driver has their ‘driver_info/ilo_deploy_iso’ field validated during node validate. This closes bug

  • Fixes a problem which causes the conductor to error out on startup in case there’s a duplicated entry in the enabled_drivers configuration option.

  • Fixes a problem where the boot mode (UEFI or BIOS) wasn’t being considered when setting the boot device of a node using the ipminative driver making it to switch from UEFI to legacy BIOS as part of the request to change the boot device.

  • Fixes a problem where the boot mode (UEFI or BIOS) wasn’t checked as part of changing the boot device of a node, making it incorrectly switch from UEFI to Legacy BIOS mode on some hardware models.

  • Fixed updating a MAC on a port for active instances in maintenance mode (used to return HTTP 500 previously).

  • Return HTTP 400 for requests to update a MAC on a port for an active instance without maintenance mode set (used to return HTTP 500 previously).

5.1.2

Security Issues

  • A critical security vulnerability (CVE-2016-4985) was fixed in this release. Previously, a client with network access to the ironic-api service was able to bypass Keystone authentication and retrieve all information about any Node registered with Ironic, if they knew (or were able to guess) the MAC address of a network card belonging to that Node, by sending a crafted POST request to the /v1/drivers/$DRIVER_NAME/vendor_passthru resource. Ironic’s policy.json configuration is now respected when responding to this request such that, if passwords should be masked for other requests, they are also masked for this request.

5.1.1

Bug Fixes

  • This fixes InvalidMAC exception of iRMC out-of-band inspection.

5.1.0

New Features

  • Adds support for partition images for agent based drivers.

  • Adds support to pass a optional CA certificate using [glance]glance_cafile configuration option to validate the SSL certificate served by glance for secured https communication between Glance and Ironic.

  • Append request_id as Openstack-Request-Id header to the response.

Upgrade Notes

  • Adds a [glance]glance_cafile configuration option to pass a optional certificate for secured https communication. It is used when [glance]glance_api_insecure configuration option is set to False.

Bug Fixes

  • Ensure node’s target_provision_state is cleared when the node is moved to a stable state, indicating that the state transition is done.

  • Fixes the bug where the user specified disk_label is ignored for the agent drivers for partition images.

  • Fixes a problem where some hardware/firmware (specially faulty ones) won’t come back online after an in-band ACPI soft power off by adding a new driver property called “deploy_forces_oob_reboot” that can be set to the nodes being deployed by the IPA ramdisk. If the value of this property is True, Ironic will power cycle the node via out-of-band.

  • Fixes a bug where the keystone_authtoken/region_name wasn’t passed to Swift when instantiating its client, in a multi-region environment this is needed so the client can choose the correct swift endpoint.

5.0.0

Prelude

This release adds support for manual cleaning and RAID configuration. Operators may now manually run clean steps, including setting up RAID on a node, while a node is in the manageable state.

This release features switch to Oslo Futurist library for asynchronous thread execution and periodic tasks. Main benefit is that periodic tasks are now executed truly in parallel, and not sequentially in one green thread.

New Features

  • Add support for ipmitool’s port (-p) option. This allows ipmitool support for operators that do not use the default port (623) as their IPMI port.

  • Pass proxy information from agent driver to IPA ramdisk, so that images can be cached on the proxy server.

  • Add support for a new capability called ‘disk_label’ to allow operators to choose the disk label that will be used when Ironic is partitioning the disk.

  • iLO drivers now provide out-of-band firmware update as a manual cleaning step, for supported hardware components.

  • Support for activation of iLO Advanced license as a manual cleaning step in iLO drivers.

  • Enabled Inspector Inspection for CIMC and UCS drivers

  • Adds support for using iPXE in UEFI mode.

  • Add the ability to adjust ipxe timeout during image downloading, default is still unlimited (0).

  • Adds out-of-band inspection support for iRMC drivers.

  • Add support for filtering nodes using the same driver via the API.

  • Root device hints extended to support the device name.

  • Adds ShellinaboxConsole support for virsh SSH driver.

Known Issues

  • When using caching proxy with agent_* drivers, caching the image on the proxy server might involve increasing [glance]swift_temp_url_duration config option value. This way, the cached entry will be valid for a period of time long enough to see the benefits of caching. Large temporary URL duration might become a security issue in some cases.

Upgrade Notes

  • Adds a [glance]swift_temp_url_cache_enabled configuration option to enable Swift temporary URL caching. It is only useful if the caching proxy is used. Also adds [glance]swift_temp_url_expected_download_start_delay, which is used to check if the Swift temporary URL duration is long enough to let the image download to start, and, if temporary URL caching is enabled, to determine if a cached entry will be still valid when download starts. The value of [glance]swift_temp_url_expected_download_start_delay must be less than the value for the [glance]swift_temp_url_duration configuration option.

  • Add choices parameter to config options. Invalid values will be rejected when first accessing them, which can happen in the middle of deployment.

    Option

    Choices

    [DEFAULT]/auth_strategy

    keystone, noauth

    [glance]/auth_strategy

    keystone, noauth

    [glance]/glance_protocol

    http, https

    [neutron]/auth_strategy

    keystone, noauth

    [amt]/protocol

    http, https

    [irmc]/remote_image_share_type

    CIFS, NFS

    [irmc]/port

    443, 80

    [irmc]/auth_method

    basic, digest

    [irmc]/sensor_method

    ipmitool, scci

  • Adds a config option ‘debug_tracebacks_in_api’ to allow the API service to return tracebacks in API responses in an error condition.

  • Dependency for DRAC driver changed from pywsman to python-dracclient with version >= 0.0.5. Exceptions thrown by the driver and return values of the set_bios_config, commit_bios_config and abandon_bios_config methods changed on the vendor-passthru interface.

  • Configuration option “workers_pool_size” can no longer be less or equal to 2. Please set it to greater value (the default is 100) before update.

  • Adds new configuration [ironic_lib]root_helper, to specify the command that is prefixed to commands that are run as root. Defaults to using the rootwrap config file at /etc/ironic/rootwrap.conf.

  • Moves these configuration options from [deploy] group to the new [disk_utils] group: efi_system_partition_size, dd_block_size and iscsi_verify_attempts.

  • Updated python-scciclient required version number for iRMC driver to 0.3.0 which fixed the bug ‘#1518999’ and ‘#1519000’.

Deprecation Notes

  • The [conductor]/clean_nodes config is deprecated and will be removed in the Newton cycle. It has been replaced by the [conductor]/automated_clean config.

  • Configuration option “periodic_interval” is deprecated.

  • Using “driver_periodic_task” decorator is deprecated. Please update your out-of-tree drivers to use “periodics.periodic” decorator from Futurist library.

  • The following configuration options have been moved to the [disk_utils] group; they are deprecated from the [deploy] group: efi_system_partition_size, dd_block_size and iscsi_verify_attempts.

Bug Fixes

  • No longer returns tracebacks for API errors in debug mode.

  • Disables default execution of clean step ‘reset_ilo’ during automated cleaning. Resetting of iLO is not required during every invocation of automated cleaning. If required, operator can enable the same.

  • DRAC driver migrated from pywsman to python-dracclient fixing the driver lockup issue caused by the python interpreter not handling signals when execution handed to the c library.

  • Fixes an issue with setting the boot device multiple times without a reboot in the DRAC driver by setting the boot device only before power management operations.

  • Add missing “lookup” method to the pxe_drac driver vendor interface enabling it to be deployed using the IPA ramdisk.

  • Periodic tasks are no longer executed all in one thread.

  • Fixes issue where automated cleaning fails for iLO drivers. Automated cleaning fails for iLO driver if iLO is in System POST state. iLO does not allow setting of boot device when it is in System POST state.

  • Fixes bug where ironic reboots the node with deploy image instead of the user image during second reboot in uefi boot mode when ipxe is enabled.

  • Fixes an issue that prevented the node name to be removed as part of the node update.

  • In conductor/rpcapi.py, object_backport_version(), object_action() and object_class_action_versions() misspell NotImplementedError with NotImplemented which returns nothing useful to users. See https://bugs.launchpad.net/ironic/+bug/1524163.

  • Updated python-scciclient required version number for iRMC driver to 0.3.0 which fixed the bug ‘#1518999’ and ‘#1519000’.

Other Notes

  • Code related to disk partitioning was moved to ironic-lib.

4.3.0

Prelude

A major bug was fixed where clean steps do not run.

Ironic’s 4.3.0 release brings a number of new features, driver enhancements, and bug fixes.

New Features

  • Adds an agent_iboot driver to allow use of the Iboot power driver with the Agent deploy driver.

  • Adds experimental support for IPv6 PXE booting. This is configurable via the [pxe]ip_version configuration option.

  • Adds agent_pxe_oneview and iscsi_pxe_oneview drivers for integration with the HP OneView Management System.

  • The ironic-api service now supports SSL when running the service directly (as opposed to behind mod_wsgi or similar).

  • Adds an agent_wol driver that combines the Agent deploy interface with the Wake-On-LAN power driver.

  • Adds inspection support for the agent_ipmitool and agent_ssh drivers.

  • The Agent deploy driver now streams raw images directly to disk (instead of staging in memory) by default.

  • Adds support for in-band clean steps in the iSCSI deploy driver, when using ironic-python-agent as the ramdisk.

  • Adds support for using Glance with a Ceph backend via the RADOS Gateway Swift API, with the Agent deploy driver.

  • The API root endpoint (GET /) now returns version information for the server; specifically:

    • min_version - minimum API version supported by the server;

    • version - maximum API version supported by the server;

    • status - version status, “CURRENT” for v1.

  • Adds root device hints for wwn_with_extension and wwn_vendor_extension.

  • Adds support to the SSH power driver for XenServer VMs.

Upgrade Notes

  • Adds a config [amt]awake_interval for the interval to wake up the AMT interface for a node. This should correspond to the IdleTimeout config option on the AMT interface. Setting to 0 will disable waking the AMT interface, just like setting IdleTimeout=0 on the AMT interface will disable the AMT interface from sleeping when idle.

  • Adds a new configuration option, hash_ring_reset_interval, to control how often the conductor’s view of the hash ring is reset. This has a default of 180 seconds, the same as the default for the sync_local_state periodic task that used to handle this reset.

  • The task parameter to ManagementInterface.get_supported_boot_devices was previously deprecated as optional, and is now mandatory for all implementations of ManagementInterface.

  • The Agent deploy driver now streams raw images directly to disk (instead of staging in memory) by default; this can be turned off by setting the [agent]stream_raw_images configuration option to False. Streaming may be undesirable if the disk the image is being written is significantly slower than the network.

  • Adds a configuration option for the Iboot driver, [iboot]reboot_delay, to allow adding a pause between power off and power on.

Critical Issues

  • Fixes an issue where the next cleaning for a node would hang if the previous cleaning was aborted.

  • This fixes a bug where Ironic skipped all clean steps, which may leave the previous tenant’s data on disk available to new users.

Security Issues

  • This fixes a bug where Ironic skipped all clean steps, which may leave the previous tenant’s data on disk available to new users.

Bug Fixes

  • Fixes an issue with talking to a sleeping AMT interface by waking up the interface before sending commands, if needed. This is configured with the [amt]awake_interval config option.

  • Fixes an issue where the agent_ilo driver did not correctly clean up temporary files created during the deploy process.

  • Fixes an issue where ironic could not communicate with IPMI endpoints when the password consisted of only numbers.

  • Fixes an issue where ipmitool console did not work with an empty IPMI password.

  • Fixes an issue where iPXE may try to boot from the wrong MAC address, resulting in deploy failures.

  • Fixes an issue where node.last_error did not show the actual issue when the periodic power state sync failed.

  • Because the agent deploy driver now streams raw images directly to disk, images larger than the RAM available to the deploy ramdisk will no longer fail to deploy.

  • Fixes an issue where some SNMP power controllers will not power back on after a deploy.

  • The cpus, local_gb, and memory_mb properties of a node are now validated at input time to ensure they are non-negative numbers.

Other Notes

  • Adds a clean_dhcp_opts method to the DHCP provider base class, to give DHCP providers a method to clean up DHCP reservations if needed.

  • iLO drivers are now based on the new BootInterface.

  • iRMC drivers are now based on the new BootInterface.