Newton Series (6.0.0 - 6.2.x) Release Notes

Newton Series (6.0.0 - 6.2.x) Release Notes

6.2.4-3

Bug Fixes

  • Updating the python-oneviewclient minimum version to 2.5.1 on driver-requirements.txt. The minimum version that was in the requirements was 2.0.2, and is very outdated, causing the driver to not work for this version. With this change, the new minimal version works for the driver, making the CI for stable/newton also work.

6.2.4

Bug Fixes

6.2.3

Security Issues

  • private ssh keys are now masked when using the ssh power driver and node details are requested.

Bug Fixes

  • Fixed a bug that was causing an increase in CPU usage over time.
  • Ironic exceptions that contained arbitrary objects in kwargs and were sent via RPC were causing oslo_messaging serializer to fail. This was leading to 500 errors from ironic API, timing out waiting for response from the conductor. Starting with this release, all non-serializable objects contained in an exception’s kwargs are dropped. If the error is going to be returned by the service will depend on the configuration option [DEFAULT]fatal_exception_format_errors.
  • Fixes an issue with ironic being able to change the power state of nodes currently in use by OneView.
  • PXEBoot driver interface now correctly supports node take-over for netboot-ed nodes in ACTIVE state. During take-over, the PXE environment is first created anew before attempting to switch it to “service mode”.

6.2.2

Bug Fixes

  • adds a missing error check into ipmitool power driver’s reboot so that the reboot can fail properly if power off failed.
  • Fixes an issue which caused the DRAC driver (pxe_drac) get_bios_config() vendor passthru method to unintentionally raise an AttributeError exception. That method once again returns the current BIOS configuration. For more information, see https://bugs.launchpad.net/ironic/+bug/1637671.
  • Fixes a bug in the oneview driver where the periodic task to check if a node is in use by oneview may end prematurely.
  • Fixes a bug with incorrect base socat command, which prevented the usage of console.
  • Remove “dhcp” command from the default iPXE script. It is redundant, and may even break booting when the provisioning NIC is not the first one.
  • Fixes a problem where the deployment of a node would fail to continue if a malformed MAC address was passed to the lookup mechanism in the Ironic API. For example, if a node contains an Infiniband card, the lookup used to fail because the agent ramdisk passes a MAC address (or GID) with 20 octets (instead of the expected 6 octets) as part of the lookup request. Invalid addresses are now ignored.

6.2.0

New Features

  • Adds support for inter-service notifications (disabled by default until the notification_level configuration option is set). For more information, see the notifications documentation in the developer’s guide (http://docs.openstack.org/developer/ironic/dev/notifications.html). Notifications are not actually emitted yet, but will be added in a future release.
  • Adds support for InfiniBand networking to allow hardware inspection and PXE boot over InfiniBand.
  • Add the field standalone_ports_supported to the portgroup object. This field indicates whether ports that are members of this portgroup can be used as stand-alone ports. The default is True.
  • Added configdrive support for whole disk images for iSCSI based deploy. This will work for UEFI only or BIOS only images. It will not work for hybrid images which are capable of booting from BIOS and UEFI boot mode.
  • Adds out-of-band inspection interface usable by DRAC drivers.
  • Adds list_unfinished_jobs method to the vendor-passthru interface of the DRAC driver. It provides a way to check the status of the remote config job after a BIOS configuration change was submitted using the set_bios_config method.
  • Adds out-of-band RAID management to DRAC driver using the generic RAID interface which makes the functionality available via manual cleaning steps.
  • New configuration option, [drac]/query_raid_config_job_status_interval was added. After Ironic has created the RAID config job on the DRAC card, it continues to check for status update on the config job to determine whether the RAID configuration was successfully finished within this interval. Default is 120 seconds.
  • Adds a new [deploy]/erase_devices_metadata_priority configuration option to allow operators to configure the priority of (or disable) the “erase_devices_metadata” cleaning step.
  • By default, the ironic-conductor service caches the node’s deploy ramdisk and kernel images locally and serves them via a separate HTTP server. A new [pxe]/ipxe_use_swift configuration option (disabled by default) allows images to be accessed directly from object store via Swift temporary URLs. This is only applicable if iPXE is enabled (via [pxe]/ipxe_enabled configuration option) and image store is in Glance/Swift. For user images that are partition images requiring non-local boot, the default behavior with local caching and an HTTP server will still apply for user image kernel and ramdisk.
  • Adds a new policy rule that may be used to mask instance-specific secrets, such as configdrive contents or the temp URL used to store a configdrive or instance image. This is similar to how passwords are already masked.

Upgrade Notes

  • The inspect interface of the pxe_drac driver has switched to use out-of-band inspection. For inband inspection, the node should be updated to use the pxe_drac_inspector driver instead.
  • The new “erase_devices_metadata” cleaning step is enabled by default (if available) in the ironic-python-agent project (priority 99). Wiping the devices metadata is usually very fast and shouldn’t add much time (if any) to the overall cleaning process. Operators wanting to disable this cleaning step can do it by setting the [deploy]/erase_devices_metadata_priority configuration option to 0.
  • Minimum required version of python-ironic-inspector-client was bumped to 1.5.0 (released as part of the Mitaka cycle).
  • Instance secrets will now, by default, be masked in API responses. Operators wishing to expose the configdrive or instance image to specific users will need to update their policy.json file and grant the relevant keystone roles.
  • The minimum required version of proliantutils (needed for iLO drivers) was bumped to 2.1.11. This version includes fixes for the bugs caused by python request library version 2.11.0, Proliant Gen7 support and iLO based RAID configuration.
  • The minimum required version of python-scciclient (needed for the iRMC driver) was bumped to 0.4.0.
  • When registering a OneView node in ironic, operator should make sure field server_profile_template_uri is set in properties/capabilities and not in driver_info anymore. Otherwise the node will fail on validation.
  • The default bootloader for PXE + UEFI has changed from ELILO to Grub2 because ELILO is not being actively developed anymore. Operators relying on ELILO should explicitly set the [pxe]/uefi_pxe_bootfile_name and [pxe]/uefi_pxe_config_template configuration options to the ELILO ROM and configuration template.

Deprecation Notes

  • The ClusteredComputeManager is now deprecated.

    The Newton version of Nova adds functionality to the ironic virt driver to support multiple compute hosts without using the hack we call ClusteredComputeManager. As such, we are marking this unsupported component as deprecated, and plan to remove it before the end of the Ocata development cycle.

  • The following drivers are marked as unsupported and therefore deprecated. Some or all of these drivers may be removed in the Ocata cycle or later.
    • agent_amt
    • agent_iboot
    • agent_pyghmi
    • agent_ssh
    • agent_vbox
    • agent_wol
    • fake_ipminative
    • fake_ssh
    • fake_seamicro
    • fake_iboot
    • fake_snmp
    • fake_vbox
    • fake_amt
    • fake_msftocs
    • fake_wol
    • pxe_ipminative
    • pxe_ssh
    • pxe_vbox
    • pxe_seamicro
    • pxe_iboot
    • pxe_snmp
    • pxe_amt
    • pxe_msftocs
    • pxe_wol

Security Issues

  • Configdrives often contain sensitive information. Users may upload their own images, which could also contain sensitive information. The Agent drivers may store this information in a Swift temp URL to allow access from the Agent ramdisk. These URLs are considered sensitive information because they grant unauthenticated access to sensitive information. Now, we only selectively expose this information to privileged users, whereas previously it was exposed to all authenticated users.

Bug Fixes

  • The dynamic_allocation flag in a node’s driver_info previously only accepted a Boolean. It now also accepts the strings ‘t’, ‘true’, ‘on’, ‘y’, ‘yes’, or ‘1’ as True, and the strings ‘f’, ‘false’, ‘off’, ‘n’, ‘no’, or ‘0’ as False. These are matched case-insensitively.
  • Fixes a bug which prevented the ironic-conductor service from using the interval values from the configuration options, for the periodic tasks. Instead, the default values had been used.
  • The API now returns an appropriate error message when a chassis description over 255 characters is specified.
  • Fixes DRAC deploy interface failure when automated cleaning is called without any clean step.
  • When no boot mode is explicitly set on a node using an iLO driver, ironic automatically picks a boot mode based on hardware capabilities. This confuses deployers, as these factors are system specific and not configurable. In order to ensure predictable behavior, a new configuration parameter, [ilo]/default_boot_mode, was added to allow deployers to explicitly set a default. The default value of this option keeps behavior consistent for existing deployments.
  • Ironic Inspector inspection interface will now fetch the service endpoint for the service catalog, if “service_url” is not provided and keystone support is enabled.
  • Fixes a problem where the boot mode (UEFI or BIOS) wasn’t being considered when setting the boot device of a node using the “ipminative” management interface. It would incorrectly switch UEFI to legacy BIOS mode as part of the request to change the boot device.
  • Fixes a problem where the boot mode (UEFI or BIOS) wasn’t being considered when setting the boot device of a node using the “ipmitool” management interface. It would incorrectly switch from UEFI to Legacy BIOS mode on some hardware models.
  • Update create provisioning ports logic to fail only when no neutron ports were created. If we created at least one neutron port, proceed with the deployment. It was the default behaviour for flat scenario.
  • Fixed updating a MAC on a port for active instances in maintenance mode (previously returned HTTP 500).
  • Return HTTP 400 for requests to update a MAC on a port for an active instance without maintenance mode set (previously returned HTTP 500).
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.