Mitaka Series (4.3.0 - 5.1.x) Release Notes
- Updated python-scciclient required version number for iRMC driver to 0.3.1 which contains the bug fix ‘#1561852’ and maintenance updates.
- A node using ‘agent_ilo’ or ‘iscsi_ilo’ driver has their ‘driver_info/ilo_deploy_iso’ field validated during node validate. This closes bug
- Fixes a problem which causes the conductor to error out on startup in case there’s a duplicated entry in the enabled_drivers configuration option.
- Fixes a problem where the boot mode (UEFI or BIOS) wasn’t being considered when setting the boot device of a node using the ipminative driver making it to switch from UEFI to legacy BIOS as part of the request to change the boot device.
- Fixes a problem where the boot mode (UEFI or BIOS) wasn’t checked as part of changing the boot device of a node, making it incorrectly switch from UEFI to Legacy BIOS mode on some hardware models.
- Fixed updating a MAC on a port for active instances in maintenance mode (used to return HTTP 500 previously).
- Return HTTP 400 for requests to update a MAC on a port for an active instance without maintenance mode set (used to return HTTP 500 previously).
- A critical security vulnerability (CVE-2016-4985) was fixed in this release. Previously, a client with network access to the ironic-api service was able to bypass Keystone authentication and retrieve all information about any Node registered with Ironic, if they knew (or were able to guess) the MAC address of a network card belonging to that Node, by sending a crafted POST request to the /v1/drivers/$DRIVER_NAME/vendor_passthru resource. Ironic’s policy.json configuration is now respected when responding to this request such that, if passwords should be masked for other requests, they are also masked for this request.
- Adds support for partition images for agent based drivers.
- Adds support to pass a optional CA certificate using [glance]glance_cafile configuration option to validate the SSL certificate served by glance for secured https communication between Glance and Ironic.
- Append request_id as
Openstack-Request-Id header to the response.
- Adds a [glance]glance_cafile configuration option to pass a optional certificate for secured https communication. It is used when [glance]glance_api_insecure configuration option is set to False.
- Ensure node’s target_provision_state is cleared when the node is moved to a stable state, indicating that the state transition is done.
- Fixes the bug where the user specified disk_label is ignored for the agent drivers for partition images.
- Fixes a problem where some hardware/firmware (specially faulty ones) won’t come back online after an in-band ACPI soft power off by adding a new driver property called “deploy_forces_oob_reboot” that can be set to the nodes being deployed by the IPA ramdisk. If the value of this property is True, Ironic will power cycle the node via out-of-band.
- Fixes a bug where the keystone_authtoken/region_name wasn’t passed to Swift when instantiating its client, in a multi-region environment this is needed so the client can choose the correct swift endpoint.