Ocata Series (7.0.0 - 7.0.x) Release Notes¶
- Fixes failure to update a node’s driver from a hardware type to a classic driver.
The 7.0.0 release includes many new features and bug fixes. Please review the upgrade section which describes the required actions to upgrade your ironic installation from 6.2.2 (Newton) to 7.0.0 (Ocata).
A few major changes are worth mentioning. This is not an exhaustive list:
- “Port group” support allows users to take advantage of bonded network interfaces.
- State change and CRUD notifications can now be emitted.
- Soft power off, soft reboot, and sending non-maskable interrupts (NMI) are now supported in the REST API.
- The AMT, iBoot, msftocs, seamicro, VirtualBox, and Wake-On-Lan drivers have been removed from ironic. Please see the upgrade notes for additional details and options.
- “Dynamic drivers” is a revamp of how drivers are composed. Rather than a huge matrix of hardware drivers supporting different things, now users select a “hardware type” for a machine, and can independently change the deploy method, console manager, RAID management, power control interface, etc. This is experimental, as not all “classic” drivers have a dynamic equivalent yet, but we encourage users to try this feature out and submit feedback.
- Adds support for removing the chassis UUID associated with a node (via
PATCH /v1/nodes/<ident>). This is available starting with API version 1.25.
- Adds the use of DHCP option 210 (tftp-path-prefix). This enables PXE for systems using petitboot, which cannot infer their tftp-path-prefix from the boot file location as petitboot does not use a boot file.
- To enable SNMPv3 inspection in iLO drivers, the following parameters must be set in the node’s
snmp_auth_protocol(optional, defaults to iLO default value
snmp_auth_priv_protocol(optional, defaults to iLO default value
- Adds the initial substrate to allow for the creation of storage
interfaces. The default storage interface for nodes is
noop, which routes to a no-op driver that is included with the substrate.
- Adds support for attaching and detaching network VIFs to ironic ports and port groups by using the
/v1/nodes/<node>/vifsAPI endpoint that was added in API version 1.28. When attaching a VIF to a node, it is attached to the first free port group. A port group is considered free if it has no VIFs attached to any of its ports. Otherwise, only the unattached ports of this port group are available for attachment. If there are no free port groups, the first available port is used instead, where ports with
Truehave higher priority.
Adds support for port groups with a new endpoint
/v1/portgroups/. Ports can be combined into port groups to support static Link Aggregation Group (LAG) and Multi-Chassis LAG (MLAG) configurations.
Note that if the optional
modefield for a port group is not specified, its value will be set to the value of the configuration option
[DEFAULT]default_portgroup_mode, which defaults to
Additionally, adds the following API changes:
- a new endpoint
- a new endpoint
- a new field
portgroup_uuidon the port object. This is the UUID of a port group that this port belongs to, or None if it does not belong to any port group.
All port group API functions are available starting with version 1.26 of the REST API.
- a new endpoint
- Add the field standalone_ports_supported to the port group object. This field indicates whether ports that are members of this port group can be used as stand-alone ports. The default is
The ironic-api service now supports logging audit messages of API calls. The following configuration parameters have been added. By default audit logging for ironic-api service is turned off.
Further documentation for this feature is available at http://docs.openstack.org/developer/ironic/deploy/api-audit-support.html .
- Adds timing metrics to DRAC drivers.
- Adds timing metrics to iRMC drivers.
- Adds new option
[deploy]/default_boot_optionfor setting the default boot option when no explicit boot option is requested via capabilities.
- Adds new methods to network interfaces, which will become
mandatory in Pike release:
vif_list: List attached VIF IDs for a node.
vif_attach: Attach a virtual network interface to a node.
vif_detach: Detach a virtual network interface from a node.
port_changed: Handle any actions required when a port
portgroup_changed: Handle any actions required when a port group changes.
get_current_vif: Return VIF ID attached to port or port group object.
Adds support for dynamic drivers. Using a dynamic driver in a node’s
driverfield is now possible. Dynamic drivers are composed of a
hardware typeand a number of
NOTE: this feature is considered somewhat experimental, as not all classic drivers have a corresponding dynamic driver, and there is minimal CI for dynamic drivers at the time of this writing.
Hardware types are enabled via the
[DEFAULT]/enabled_hardware_typesconfiguration option, and hardware interfaces are enabled via the
[DEFAULT]/enabled_*_interfacesconfiguration option. A default interface to use when creating or updating nodes can be specified with the
The ironic-conductor process will now fail to start if:
- a default interface implementation for any enabled hardware type cannot be found.
- a dynamic driver and a classic driver with the same name are both enabled.
- at least one classic driver or one dynamic driver is not enabled.
Hardware types available in this release are:
ipmifor IPMI-compatible hardware. This type is enabled by default. Uses the
ipmitoolutility under the hood, similar to existing classic drivers
agent_ipmitool. Supports both types of serial console: via
socat, both are disabled by default.
irmcfor FUJITSU PRIMERGY servers, disabled by default.
This feature has a number of REST API changes, all of which are available in API version 1.31.
- Adds additional parameters and response fields for GET /v1/drivers and GET /v1/drivers/<name>.
- Exposes the following fields on the node resource, to allow getting and
setting interfaces for a dynamic driver:
- Allows dynamic drivers to be used and returned in the following
API calls, in all versions of the REST API:
- GET /v1/drivers
- GET /v1/drivers/<name>
- GET /v1/drivers/<name>/properties
- GET /v1/drivers/<name>/vendor_passthru/methods
- GET/POST /v1/drivers/<name>/vendor_passthru
- GET/POST /v1/nodes/<id>/vendor_passthru
For more details on the REST API changes, see the REST API Version History documentation.
This also adds dynamic interface fields to node-related notifications:
The affected notifications are:
- baremetal.node.create.*, new payload version 1.1
- baremetal.node.update.*, new payload version 1.1
- baremetal.node.delete.*, new payload version 1.1
- baremetal.node.maintenance.*, new payload version 1.3
- baremetal.node.console.*, new payload version 1.3
- baremetal.node.power_set.*, new payload version 1.3
- baremetal.node.power_state_corrected.*, new payload version 1.3
- baremetal.node.provision_set.*, new payload version 1.3
hctlto root device hints. HCTL is the SCSI address and stands for Host, Channel, Target and Lun.
- Add support for the injection of Non-Masking Interrupts (NMI) for a node in REST API version 1.29. This feature can be used for hardware diagnostics, and actual support depends on the driver. In 7.0.0, this is available in the ipmitool and iRMC drivers.
Adds support to deploy to nodes with different CPU architectures from a single conductor. This depends on two new configuration options,
[pxe]/pxe_bootfile_name_by_arch. Each is a dictionary mapping CPU architecture to PXE config template or PXE boot file name, respectively.
As an example, the syntax might look like:
Ironic attempts to map the CPU architecture in this mapping to the
properties/cpu_archfield for a node. If the node’s CPU architecture is not found in the mapping, ironic will fall back to the standard options
- Adds new configuration option
[conductor]/send_sensor_data_workersto allow concurrent sending of sensor data using the specified number of green threads. The
[conductor]/wait_timeout_for_send_sensor_dataconfiguration option is the time to wait for all spawned green threads before running the periodic task again.
- Names can now be used instead of UUIDs for
[neutron]/provisioning_networkconfiguration options (formerly called
[neutron]/provisioning_network_uuid). Care has to be taken to ensure that the names are unique among all networks in this case. Note that the mapping between a name and a UUID is cached for the lifetime of the conductor.
- Adds in-band inspection interface usable by OneView drivers.
- Adds timing metrics to OneView drivers.
Ironic is now configured to work with two oslo.policy CLI scripts that have been added.
The first of these can be called like
oslopolicy-list-redundant --namespace ironicand will output a list of policy rules in policy.[json|yaml] that match the project defaults. These rules can be removed from the policy file as they have no effect there.
The second script can be called like
oslopolicy-policy-generator --namespace ironic --output-file policy-merged.yamland will populate the policy-merged.yaml file with the effective policy. This is the merged results of project defaults and config file overrides.
- The pxe_snmp and fake_snmp are now supported and tested.
Agent lookup/heartbeat as vendor passthru is removed from most of in-tree ironic drivers. Affected drivers are
All the other vendor passthru methods are left in place if the driver had them.
Adds the following notifications:
- Creation, updates, or deletions of ironic resources
(node, port and chassis). Event types are
- Start and stop console on a node. Event types are
- Changes in node maintenance status. Event types are
- When ironic attempts to set the power state on the node. Event types are
- When ironic detects the power state on baremetal hardware has changed
and updates the node in the database appropriately. Event types are
- Node provision state changes. Event types are
These are only emitted when notifications are enabled. For more details, see the developer documentation: http://docs.openstack.org/developer/ironic/deploy/notifications.html.
- Creation, updates, or deletions of ironic resources (node, port and chassis). Event types are
- Adds support for security groups for the provisioning and cleaning network. These are optionally specified by the configuration options
[neutron]/cleaning_network_security_groups, respectively. If not specified, the default security group for the network is used. These options are only applicable for nodes using the “neutron” network interface. These options are ignored for nodes using the “flat” and “noop” network interfaces.
- Adds support for soft reboot and soft power off requests in REST API version 1.27. Also adds an optional
timeoutparameter to the node power state API. Adds a new configuration option
[conductor]/soft_power_off_timeoutto define the default timeout for soft power actions. In 7.0.0, this is supported for ipmitool and iRMC drivers.
- Adds support for using operators with the root device hints mechanism. The supported operators are,
<or>. See http://docs.openstack.org/project-install-guide/baremetal/draft/advanced.html#specifying-the-disk-for-deployment-root-device-hints
- Adds a new dependency on the tooz library, as the consistent hash ring code was moved out of ironic and into tooz.
[DEFAULT]/debugconfiguration option now also enables debug logs for the
ironic-python-agentramdisk. If the
ipa-debugkernel option is already present in the
[pxe]/pxe_append_paramsconfiguration option, ironic will not overwrite it.
- Moves node creation logic from the API service to the conductor service. This is more consistent with other node operations and opens opportunities for conductor-side validations on nodes. However, with this change, node creation may take longer, and this may limit the number of nodes that can be enrolled in parallel.
[dhcp]/dhcp_providerconfiguration options were previously required for the ironic-api service to calculate the correct “network_interface” default. Now these options are only required by the ironic-conductor service.
- A future release will change the default value of
[deploy]/default_boot_optionfrom “netboot” to “local”. To avoid disruptions, it is recommended to set an explicit value for this option.
- The minimum version of python-oneviewclient is now 2.5.2.
- Ironic now uses only the Image Service (glance) v2 API by default. Use of
the deprecated v1 API for certain basic tasks can still be enabled by setting
1. This option, however, does not affect temporary URL generation, as it always requires the v2 API.
[inspector]/enabledconfiguration option no longer has effect on the
fake_inspectordriver. It will also not have effect on new-style dynamic drivers based on hardware types; it will be necessary to use
- Increases the default number of workers for the
send_sensor_dataperiodic task from 1 to 4.
- Ironic no longer passes
root_deviceas kernel parameter via boot config files. Passing root device hints to Ironic Python Agent (IPA) as kernel parameters was deprecated in Newton release. As a consequence, using root device hints with Ironic as of Ocata release will not be possible when deploying nodes with the help of ramdisks based on IPA as of Mitaka release. Operators relying on root device hints functionality are advised to update their IPA-based Ironic deploy images.
- Ironic no longer supports agent lookup/heartbeats as vendor passthru methods. All out-of-tree drivers must be updated to use
AgentDeployMixinclasses directly without relying on
BaseAgentVendorclass and other classes that were inheriting from it (e.g.
iscsi_deploy.VendorPassthru). This means that ironic is incompatible with deploy ramdisks based on Ironic Python Agent (IPA) < 1.5.0. Operators must update their IPA-based deploy ramdisks in this case. Operators using non-IPA based deploy ramdisks which use ironic lookup/heartbeats functionality must update their ramdisks to use the top level ironic lookup/heartbeats REST API, available since ironic API v1.22.
- The deprecated ironic.nova.ClusteredComputerManager module is now removed. This is not required with nova >= 14.0.0 (Newton).
- The configuration option
[deploy]/erase_devices_iterationswas deprecated in the Newton cycle (6.0.0). It is no longer supported. Please use the option
Removes these deprecated methods from the neutron DHCP provider built into ironic:
Removes these related methods from
If you have your own custom ironic DHCP provider that implements cleaning methods, you may need to update your code to use the
remove_cleaning_network()network interface methods. See the modules in
ironic/drivers/modules/network/for more information.
- Removes support for attaching periodic tasks on a driver object, rather than an interface.
- iBoot, Wake-On-LAN and AMT drivers are removed from ironic as they
neither have nor are planning to have a third-party CI.
They are still available from unsupported ironic driver collection
ironic-staging-driversrepository. If the ironic installation was using any driver based on those, the operator has to install
ironic-staging-driversand change the driver on affected nodes according to following correspondence list
- agent_amt -> pxe_amt_agent
- pxe_amt -> pxe_amt_iscsi
- agent_wol -> pxe_wol_agent
- pxe_wol -> pxe_wol_iscsi
- agent_iboot -> pxe_iboot_agent
- pxe_iboot -> pxe_iboot_iscsi
- There is no longer any support for doing an iSCSI deploy on ironic python agent (IPA) ramdisks with versions < 1.3 (Mitaka or earlier). Please upgrade ironic python agent to a newer version.
A number of drivers that were declared as unsupported in Newton release have been removed from ironic tree. This includes drivers with power and/or management driver interfaces based on:
- MSFT OCS
- SeaMicro client
- Virtualbox over pyremotevbox client
As a result, the following ironic drivers will no longer be available:
After upgrading, if one or more of these drivers are in the ‘enabled_drivers’ configuration option, the ironic-conductor service will fail to start. Any existing ironic nodes with these drivers assigned will become inoperational via ironic after ironic upgrade, as it will be not possible to change any node state/properties except changing the node driver. Operators having one of the drivers listed above enabled are required to either disable those drivers and assign another existing driver to affected nodes as appropriate, or install these drivers from elsewhere separately.
- For SSH power drivers, if the configuration option
[neutron]/port_setup_delayhad been set to 0, a delay of 15 seconds was used. This is no longer the case. Please set the configuration option to the desired value; otherwise the service will not wait for Neutron agents to set up a port.
- Updates required proliantutils version for iLO drivers to 2.2.0. This version has support for sanitize disk erase using SSA utility.
port.extra['vif_port_id']for attaching and detaching VIFs to ports or port groups is deprecated and will be removed in Pike release.
- The function
build_instance_info_for_deployis deprecated from
ironic.drivers.modules.agentand will be removed in the Pike cycle. Its new home is
ironic.drivers.modules.deploy_utils. Out-of-tree drivers that use this function should be updated accordingly.
- Usage of the following values was deprecated in the policy files:
user_domain_idshould be used instead of those (note -
user_domain_idis an ID of the domain, not its name).
project_nameshould be used instead.
user_idshould be used instead.
update_mac_addressmethod in the DHCP provider interface is deprecated and will be removed in the Pike release. The logic should be moved to a custom network interface’s
- For DRAC drivers, the node’s
driver_info["drac_host"]property is deprecated and will be ignored starting in the Pike release. Please use
- Configuration options
[neutron]/provisioning_network_uuidare deprecated in favor of the new configuration options
driver_internal_infohas been removed from all agent drivers, since this field was unused by ironic.
- Private SSH keys are now masked when using the SSH power driver and node details are requested.
- Adds a missing error check into
ipmitoolpower driver’s reboot method so that the reboot can fail properly if power off failed.
- Fixes disk size detection for out-of-band inspection in iLO drivers, by optionally using SNMPv3 to get the disk size for certain types of storage.
- Drivers using the
AgentDeployinterface now correctly support take-over for
- Fixed an issue of not returning
chassis_uuidfield of a node in API responses if it does not belong to a chassis. It should be always returned, either set to None, or to a corresponding chassis UUID.
- Fixes SSH driver validation when using a private key with a passphrase for authentication.
- Fixes an issue where setting a boot device as persistent does not work when
ipmi_force_boot_deviceis set to
True. For more information, see https://bugs.launchpad.net/ironic/+bug/1626453.
- Fixes an issue where the API service does not start if audit is enabled with the default value of
- Catch unknown exceptions with traceback when validating driver interfaces.
- Now sets node’s
updated_atfield correctly after a node has been updated.
- Removes a check that was preventing whole disk images from being deployed in UEFI mode without explicitly setting the
local. For whole disk images, ironic already assumes booting from local storage by default.
[conductor]/api_urlvalue specified in the configuration file that does not start with either
http://is no longer allowed. An incorrect value led to deployment failure on ironic-python-agent side. This misconfiguration will now be detected during ironic-conductor and ironic-api startup. An exception will be raised and an error about the invalid value will be logged.
- Fixes an issue with the
neutronnetwork interface that could lead to an inability to retry the deployment in case of failure on boot interface’s
- Fixes an issue where a pre-created tenant port was automatically deleted by ironic on instance delete.
- Fixes an issue which caused the DRAC driver (
get_bios_config()vendor passthru method to unintentionally raise an
AttributeErrorexception. That method once again returns the current BIOS configuration. For more information, see https://bugs.launchpad.net/ironic/+bug/1637671.
- A validation step is added to verify that the Server Profile Template’s MAC type is set to Physical when dynamic allocation is enabled. The OneView Driver needs this verification because the machine is going to use a MAC that will only be specified at the profile application.
- Fixes an issue where the ironic-conductor service would not run if a trailing comma or empty driver was specified in the
[DEFAULT]enabled_driversconfiguration option. The service now runs and logs a warning.
- Fail deployment when no ports or port groups are linked to a node. This is to avoid active nodes not connected to any tenant network.
- Changes interactions with neutron to always use the neutron credentials from ironic configuration, instead of forwarding the credentials from the API client.
- Fixes an issue with node rebuild, when tenant network ports were not unbound prior to moving the node to provisioning network.
- Fixes an issue where the OneView deploy interface does not return the node properties and in the tear down phase does not return the state of the node.
- Fixes a bug in the OneView driver where the periodic task to check if a node is in use by OneView may end prematurely.
- Fixes a bug where some of the API methods were not using the right context values for checking the policy.
- Ironic exceptions that contained arbitrary objects in
kwargsand were sent via RPC were causing
oslo_messagingserializer to fail. This was leading to 500 errors from ironic API, timing out waiting for response from the conductor. Starting with this release, all non-serializable objects contained in an exception’s kwargs are dropped. Whether the error is going to be returned by the service will depend on the configuration option
- An issue when it was impossible to detach manually attached VIF to port (port.extra) when port is in portgroup by using DELETE
- Fixes a bug in the iLO drivers’ inspection where an existing
local_gbnode property was overwritten with “0” if not detected.
- Correctly handle unexpected exceptions during inspection. Return more detailed error message to a user and log the traceback.
- Fixes a bug with incorrect base socat command, which prevented the usage of console.
- Adds support for deploying to IPv6 iSCSI portals.
- Remove “dhcp” command from the default iPXE script. It is redundant, and may even break booting when the provisioning NIC is not the first one.
- Fixes a problem where the deployment of a node would fail to continue if a malformed MAC address was passed to the lookup mechanism in the Ironic API. For example, if a node contains an Infiniband card, the lookup used to fail because the agent ramdisk passes a MAC address (or GID) with 20 octets (instead of the expected 6 octets) as part of the lookup request. Invalid addresses are now ignored.
- Fixes a bug in manual clean step caching, which resulted in all clean steps not being abortable. See https://bugs.launchpad.net/ironic/+bug/1658061.
- Nodes with classic drivers cannot have any interfaces (except for network and storage) specified. HTTP status 400 is returned in these cases.
- Fixes an issue with ironic being able to change the power state of nodes currently in use by OneView.
- Fixes the OneView driver to make the
set_boot_devicemethod work as expected with the
persistentoption set to
- Drivers using the
PXEBootboot interface now correctly support node take-over for netboot-ed nodes in
ACTIVEstate. During take-over, the PXE environment is first re-created before attempting to switch it to “service mode”.
- Fixes a bug where OneView drivers create a new instance of the OneView client for each request made.
- Ironic now validates any swift temporary URL when preparing for deployment of nodes.
- Fixes an issue when attaching VIF to a port with missed
local_link_connectionfield was allowed when node network interface was
Some combinations of port group protocols and hardware might not support falling back to single interface mode. If a static port group was created under such circumstances (where
portgroup.standalone_ports_supported = False), additional restrictions apply to such ports and port groups, for example such ports will not support booting over PXE.
Certain restrictions are imposed on values of port properties for ports belonging to a port group:
port.pxe_enabledcannot be set to True if the port is a member of a port group with portgroup.standalone_ports_supported already set to False.
portgroup.standalone_ports_supportedcannot be set to False on a port group if at least one port in that port group has
port.extra.vif_port_idcannot be set on a port that is a member of a port group with
portgroup.standalone_ports_supported=Falseas setting it means that we using port in single interface mode.
portgroup.standalone_ports_supportedcannot be set to False on a port group if it has at least one port with