Queens Series (9.2.0 - 10.1.x) Release Notes


Bug Fixes

  • Fixes ‘Invalid parameter value for SpanLength’ when configuring RAID using Python 3. This passed incorrect data type to iDRAC, e.g., instead of 2 it passed 2.0. See story 2004265.

  • Fixed a bug where rebooting a node managed by the idrac hardware type when using the WS-MAN power interface sometimes fails with a The command failed to set RequestedState error. See bug 2007487 for details.

  • Adds command_timeout and max_command_attempts configuration options to IPA, so when connection errors occur the command will be executed again.

  • Fixes an issue where ironic-conductor initialization could return a NodeNotLocked error for requests requiring locks when the conductor was starting. This was due to the conductor removing locks after beginning accepting new work. The lock removal has been moved to after the Database connectivity has been established but before the RPC bus is initialized.

  • The cleaning operation may fail, if an in-band clean step were to execute after the completion of out-of-band clean step that performs reboot of the node. The failure is caused because of race condition where in cleaning is resumed before the Ironic Python Agent(IPA) is ready to execute clean steps. This has been fixed. For more information, see bug 2002731.


Bug Fixes

  • Fixes a deployment issue encountered during deployment, more precisely during the configdrive partition creation step. On some specific devices like NVMe drives, the created configdrive partition could not be correctly identified (required to dump data onto it afterward). https://storyboard.openstack.org/#!/story/2005764

  • Fixes an issue where baremetal node deployment would fail on clouds with a high number of security groups. Listing the security groups took too long. Instead of listing all security groups, a query filter was added to list only the security groups to be used for the network. (See bug 2006256.)


Bug Fixes

  • Fixes an issue regarding the ansible deployment interface cleaning workflow. Handling the error in the driver and returning nothing caused the manager to consider the step done and go to the next one instead of interrupting the cleaning workflow.

  • Fixes an issue with the ansible deployment interface where raw images could not be streamed correctly to the host.

  • Fixes deployment with the ansible deploy interface and instance images with GPT partition table.

  • Fixes an issue where the sensor data parsing method for the ipmitool interface lacked the ability to handle the automatically included ipmitool debugging information when the debug option is set to True in the ironic.conf file. As such, extra debugging information supplied by the underlying ipmitool command is disregarded. More information can be found in story 2005331.

  • Fixes a bug where cinder block storage service volumes volume fail to attach expecting a mountpoint to be a valid string. See story 2004864 for additional information.

  • Returns the correct error message on providing an invalid reference to image_source. Previously an internal error was raised.

  • Reverts the fix to the idrac hardware type creating port objects during inspection with pxe_enabled fields not set to reflect the configuration of the physical ports. It is inconsistent with the stable branch policy [1]. It requires python-dracclient version 1.5.0 and greater; however, driver-requirements.txt specifies version 1.3.0 and greater can be used on this branch.

    [1] https://docs.openstack.org/project-team-guide/stable-branches.html


Bug Fixes

  • A bug has been fixed in the node update code that could cause the nodes to become not updatable if their driver is no longer available.

  • Fixes an issue where the master instance image cache could not be disabled. The configuration option [pxe]/instance_master_path may now be set to the empty string to disable the cache.

  • Fixes a bug where ironic port is not updated in node introspection as per PXE enabled setting for idrac hardware type. See bug 2004340 for details.


Upgrade Notes

  • The hash_ring_reset_interval configuration option was changed from 180 to 15 seconds. Previously, this option was essentially ignored on the API side, becase the hash ring was reset on each API access. The lower value minimizes the probability of a request routed to a wrong conductor when the ring needs rebalancing.

  • If you are doing a minor version upgrade, please re-run the ironic-dbsync online_data_migrations command to properly update the versions of the Objects in the database. Otherwise, the next major upgrade may fail.

Critical Issues

  • The ironic-dbsync online_data_migrations command was not updating the objects to their latest versions, which could prevent upgrades from working (i.e. when running the next release’s ironic-dbsync upgrade). Objects are updated to their latest versions now when running that command. See story 2004174 for more information.

Bug Fixes

  • Fixes an issue with a baremetal node that times out during cleaning. The ironic-conductor was attempting to change the node’s provision state to ‘clean failed’ twice, resulting in the node’s last_error being set incorrectly. This no longer happens. For more information, see story 2004299.

  • Fixes an issue where Neutron ports would be left with a baremetal MAC address associated after an instance is deleted from a baremetal host. This caused problems with MAC address conflicts in follow up deployments to the same baremetal host. bug 2004428.

  • Fixes an issue where a flat Neutron port would be left with a host ID associated with it after an instance is deleted from a baremetal host. This caused problems with reusing the same port for a new instance as it is already bound to the old instance.

  • Fixes a bug where the number of CPU sockets was being returned by the idrac hardware type during introspection, instead of the number of virtual CPUs. See bug 2004155 for details.

  • Fixes a race condition in the hash ring implementation that could cause an internal server error on any request. See story 2003966 for details.

  • Properly reports an error when the image cache and the image HTTP or TFTP location are on different file system, causing hard link to fail.

  • Fixes redfish hardware type to reuse HTTP session tokens when talking to BMC using session authentication. Prior to this fix redfish hardware type never tried to reuse session token given out by BMC during previous connection what may sometimes lead to session pool exhaustion with some BMC implementations.


Known Issues

  • Building RAID1 is known to not work with Dell BOSS cards using python-dracclient 1.4.0 or earlier. Upgrade to python-dracclient 1.5.0 to use this feature.

Bug Fixes

  • Fixes an issue where RAID 10 creation fails with greater than 16 drives when using the idrac hardware type. See bug 2002771 for details.

  • Fixes support for RAID 1 creation on Dell Boot Optimized Storage Solution (BOSS).


Deprecation Notes

  • The xclarity hardware type, as well as the supporting driver interfaces have been deprecated and are scheduled to be removed from ironic in the Stein development cycle. This is due to the lack of operational Third Party testing to help ensure that the support for Lenovo XClarity is functional.

    The xclarity hardware type was introduced at the end of the Queens development cycle. During implementation of Third Party CI, the Lenovo team encountered some unforseen delays. Lenovo is continuing to work towards Third Party CI, and upon establishment and verification of functional Third Party CI, this deprecation will be rescinded.

Bug Fixes

  • Adds more ipmitool error messages to be treated as retryable by the ipmitool interfaces (such as power and management hardware interfaces). Specifically, Node busy, Timeout, Out of space and BMC initialization in progress reporting emitted by ipmitool will cause ironic to retry IPMI command. This change should improve the reliability of IPMI-based communicaton with BMC.

  • Fixes an issue that caused the integrated Dell Remote Access Controller (iDRAC) management hardware interface implementation, idrac, to fail to boot nodes in Unified Extensible Firmware Interface (UEFI) boot mode. That interface is supported by the idrac hardware type. The issue is resolved for Dell EMC PowerEdge 13th and 14th generation servers. It is not resolved for PowerEdge 12th generation and earlier servers. For more information, see story 1656841.

  • The periodic tasks for the inspector inspect interface are no longer disabled if the [inspector]enabled option is not set to True. The help string of this option claims that it does not apply to hardware types. In any case, the periodic tasks are only run if any enabled classic driver or hardware interface requires them.

  • Ironic API now returns 503 Service Unavailable for action requiring a conductor when no conductors are online. Bug: 2002600.

  • Fixes an issue seen during node tear down where a port being deleted by the Bare Metal service could be deleted by the Compute service, leading to an unhandled error from the Networking service. See story 2002637 for further details.


Upgrade Notes

  • With the deploy ramdisk based on Ironic Python Agent version 3.1.0 and beyond, the drivers using direct deploy interface performs netboot or local boot for whole disk image based on value of boot option setting. When you upgrade Ironic Python Agent in your deploy ramdisk, ensure that boot option is set appropriately for the node. The boot option can be set using configuration [deploy]/default_boot_option or as a boot_option capability in node’s properties['capabilities']. Also please note that this functionality requires hexdump command in the ramdisk.

  • The behavior for retention of VIF interface attachments has changed.

    If your use of the BareMetal service is reliant upon the behavior of the VIFs being retained, which was introduced as a behavior change during the Ocata cycle, then you must update your tooling to explicitly re-add the VIF attachments prior to deployment.

Security Issues

  • Fixes an issue where an enabled console could be left running after a node was unprovisioned. This allowed a user to view the console even after the instance was gone. Ironic now stops the console during unprovisioning to block this.

  • Xclarity password specified in configuration file is now properly masked during logging.

Bug Fixes

  • Fixes a bug where a node’s hardware type cannot be changed to another hardware type which doesn’t support any hardware interface currently used. See bug 2001832 for details.

  • Fixes direct deploy interface to invoke boot.prepare_instance irrespective of image type being provisioned. It was calling boot.prepare_instance only if the image being provisioned is a partition image. See bugs 1713916 and 1750958 for details.

  • Fixes collection of periodic tasks from hardware interfaces that are not used in any enabled classic drivers. See bug 2001884 for details.

  • When creating a neutron port for booting a ramdisk, an error is raised if there are no PXE-enabled ports available for the node. See bug 2001811 for more details.

  • Removes all records of VIF attachments upon the teardown of a deployed node. This is in order to resolve issues related to where it is operationally impossible in some circumstances to remove a VIF attachment while a node is being undeployed as the Compute service will only attempt to remove the VIF for five minutes.

    See bug 1743652 for more details.


Bug Fixes

  • Fixes an issue with validation of Infiniband ports. Infiniband ports do not require the local_link_connection field to be populated as the network topology is discoverable by the Infiniband Subnet Manager. See bug 1753222 for details.

  • Fixes empty last_error field on cleaning failures.

  • On node take over, any locks that are left from the old conductor are cleared by the new one. Previously it only happened for nodes in DEPLOYING state.

  • On taking over nodes in CLEANING state, the new conductor moves them to CLEAN FAIL and set maintenance.


Upgrade Notes

  • Extends the instance_info column in the nodes table for MySQL/MariaDB from up to 64KiB to up to 4GiB (type is changed from TEXT to LONGTEXT). This upgrade will not be executed on PostgreSQL as its TEXT is unlimited.

Bug Fixes

  • Fixes bug 1749755 causing timeouts to not work properly because an unsupported sqalchemy filter was being used.

  • The config drive passed to the node can now contain more than 64KiB in case of MySQL/MariaDB. For more details see bug 1596421.

  • Fixes a bug to get a node stuck in deploying state when the size of the configdrive exceeds the limitation of the database. In MySQL, the limitation is about 64KiB. With this fix, the provision state gets deploy failed in this case. See bug 1745630 for details.

  • Fixes a bug preventing a node from booting into the user instance after unrescuing if instance netboot is used. See bug 1749433 for details.

  • Fixes rescue timeout due to incorrect kernel parameter in the iPXE script. See bug 1749860 for details.

  • When a conductor managing a node dies mid-cleaning the node would get stuck in the CLEANING state. Now upon conductor startup nodes in the CLEANING state will be moved to the CLEANFAIL state.

  • Adds missed noop implementations (e.g. no-inspect) to the fake-hardware hardware type. This fixes enabling this hardware type without enabling all (even optional) fake interfaces.

  • Fixes an issue seen during cleaning when the node being cleaned has one or more traits assigned. This issue caused cleaning to fail, and the node to enter the clean failed state. See bug 1750027 for details.

  • Fixes rare race condition which resulted in the port list API returning HTTP 400 (bad request) if some nodes were being removed in parallel. See bug 1748893 for details.

  • Reverts the fix for orphaned VIF records from the previous release, as it causes a regression. See bug 1750785 for details.



The 10.1.0 (Queens) release includes many new features and bug fixes.

Please review the “Upgrade Notes” sections (for 9.2.0, 10.0.0 and 10.1.0) which describe the required actions to upgrade your installation from 9.1.x (Pike) to 10.1.0 (Queens).

A few major changes since 9.1.x (Pike) are worth mentioning:

  • New traits API.

  • New ansible deploy interface that allows greater customization of the provisioning process.

  • Support for rescuing and unrescuing nodes.

  • Support for routed networks when using the flat network interface.

  • New xclarity hardware type for managing Lenovo server hardware.

Finally, this release deprecates classic drivers in favor of hardware types. Please check the migration guide for information on which hardware types and interfaces to enable before upgrade and how to update the nodes. The ironic-dbsync online_data_migrations command will handle the migration, if all required hardware types and interfaces are enabled before the upgrade.

New Features

  • The ilo-pxe and ilo-virtual-media boot interfaces now support firmware-based booting from iSCSI volume in UEFI boot mode. Requires proliantutils library version 2.5.0 or newer.

  • Adds missing ilo vendor interface to the ilo hardware type.

  • Adds a traits field to the node resource, which will be used by the Compute service to define which nodes may match a Compute flavor using qualitative attributes.

    The following new endpoints have been added to the Bare Metal REST API in version 1.37:

    • GET /v1/nodes/<node identifier>/traits lists the traits for a node.

    • PUT /v1/nodes/<node identifier>/traits sets all traits for a node.

    • PUT /v1/nodes/<node identifier>/traits/<trait> adds a trait to a node.

    • DELETE /v1/nodes/<node identifier>/traits removes all traits from a node.

    • DELETE /v1/nodes/<node identifier>/traits/<trait> removes a trait from a node.

    A node’s traits are also included in the following node query and list responses:

    • GET /v1/nodes/<node identifier>

    • GET /v1/nodes/detail

    • GET /v1/nodes?fields=traits

    Traits cannot be specified on node creation, nor can they be updated via a PATCH request on the node.

  • Adds support for timeout parameter when powering on/off or rebooting a bare metal node managed by the oneview hardware type.

  • Adds support for rescuing and unrescuing nodes:

    • Adds version 1.38 of the Bare Metal API, which includes:

      • A node in the active provision state can be rescued via the GET /v1/nodes/{node_ident}/states/provision API, by specifying rescue as the target value, and a rescue_password value. When the node has been rescued, it will be in the rescue provision state. A rescue ramdisk will be running, configured with the specified rescue_password, and listening with ssh on the tenant network.

      • A node in the rescue provision state can be unrescued (to the active state) via the GET /v1/nodes/{node_ident}/states/provision API, by specifying unrescue as the target value.

      • The rescue_interface field of the node resource. A rescue interface can be set when creating or updating a node.

      • The default_rescue_interface and enabled_rescue_interfaces fields of the driver resource.

    • Adds new configuration options for the rescue feature:

      • Rescue interfaces are enabled via [DEFAULT]/enabled_rescue_interfaces. A default rescue interface to use when creating or updating nodes can be specified with [DEFAULT]/enabled_rescue_interfaces.

      • Adds [conductor]/check_rescue_state_interval and [conductor]/rescue_callback_timeout to fail the rescue operation upon timeout, for the nodes that are stuck in the rescue wait state.

      • Adds support for providing rescuing network (UUIR or name) with its security groups using new options [neutron]/rescuing_network and [neutron]/rescuing_network_security_groups respectively. It is required to provide [neutron]/rescuing_network. Alternatively, the rescuing network can be provided per node via the node’s driver_info['rescuing_network'] field.

    • Adds rescue_interface field to the following node-related notifications:

      • baremetal.node.create.*, new payload version 1.3

      • baremetal.node.update.*, new payload version 1.3

      • baremetal.node.delete.*, new payload version 1.3

      • baremetal.node.maintenance.*, new payload version 1.5

      • baremetal.node.console.*, new payload version 1.5

      • baremetal.node.power_set.*, new payload version 1.5

      • baremetal.node.power_state_corrected.*, new payload version 1.5

      • baremetal.node.provision_set.*, new payload version 1.5

  • Allows specifying the provisioning and cleaning networks on a node as driver_info['cleaning_network'] and driver_info['provisioning_network'] respectively. If these values are defined in the node’s driver_info at the time of provisioning or cleaning the baremetal node, they will be used. Otherwise, the configuration options cleaning_network and provisioning_network are used as before.

  • Enables support for soft power off and soft reboot in the oneview hardware type.

  • Adds the new xclarity hardware type for managing Lenovo server hardware with the following interfaces:

    • management: xclarity

    • power: xclarity

Known Issues

  • If you have two nodes or port groups with names that only differ in a .json suffix (for example, test and test.json) you won’t be able to get, update or delete the one with the suffix via the /v1/nodes/<node> endpoint (/v1/portgroups/<portgroup> for port groups). Similarly, the /v1/heartbeat/<node> endpoint won’t work for the node with the suffix.

    To work around it, add one more .json suffix (for example, use /v1/nodes/test for node test and /v1/nodes/test.json.json for test.json). This issue will be addressed in one of the future API revisions.

  • The library python-ilorest-library is a fork of the python-redfish-library and imported with same name, hence conflict when together. python-redfish-library cannot be used when oneview hardware type is in use.

Upgrade Notes

  • Adds new data migration migrate_to_hardware_types that will try to migrate nodes from classic drivers to hardware types on upgrade. Nodes that cannot be migrated are skipped. This may happen due to one of these reasons:

    • migration is not implemented for the classic driver,

    • the matching hardware type is not enabled,

    • one or more matching hardware interfaces are not enabled.

    In the latter case, the new migration command line option reset_unsupported_interfaces can be used to reset optional interfaces (all except for boot, deploy, management and power) to their no-op implementations (e.g. no-inspect) if the matching implementation is not enabled. Use it like:

    ironic-dbsync online_data_migrations --option migrate_to_hardware_types.reset_unsupported_interfaces=true

    This migration can be repeated several times to migrate skipped nodes after the configuration is changed.

  • The baremetal ML2 mechanism driver and L2 agent should now be used with the flat network interface. When installed, the baremetal mechanism driver and agent ensure that ports are properly bound in the Networking service. Installation and configuration of the ML2 components are documented in the networking-baremetal project documentation.

    Without the ML2 mechanism driver and L2 agent, the Networking service’s ports will not be correctly bound. In the Networking service, ports will have a DOWN status, and the binding_vif_type field equal to binding_failed. This was always the status for the flat network interface ports prior to the introduction of the baremetal mechanism driver. For a non-routed network, bare metal nodes can still be deployed and are functional, despite this port binding state in the Networking service.

  • The default policy file located at etc/ironic/policy.json was removed in this release, as no policy file is required to run the ironic-api service.

  • Configuration option [oneview]max_polling_attempts is removed since the hpOneView library doesn’t support it.

Deprecation Notes

  • The classic drivers, as well as the enabled_drivers configuration option, are now deprecated and may be removed in the Rocky relese. A deprecation warning will be logged for every loaded classic driver. Check the migration guide for information on how to update your nodes.


    Check the classic drivers future specification for technical information behind this deprecation.

Security Issues

  • Sensitive information is now removed from a node’s driver_info and instance_info fields before sending it to the ramdisk during cleaning.

Bug Fixes

  • The oneview management interface now correctly detects whether the current boot device setting is persistent at the machine’s iLO. Previously it always returned True. See https://bugs.launchpad.net/ironic/+bug/1706725 for details.

  • Fails deployment with the correct error message in a node’s last_error field if an image from the Image service doesn’t contain any data. See bug 1741223 for details.

  • Nodes and port groups with names ending with known file extensions are now correctly handled by the API. See bug 1643995 for more details.

  • Fixes an issue where the Networking service would reject port bindings with the flat network interface because no host would match the host-id used in such configurations. The flat network interface no longer requires a networking agent (such as neutron-openvswitch-agent) to be run on the nova-compute proxy node which executes the ironic virt driver. Instead, the interface uses the baremetal mechanism driver.

  • Fixes a bug seen when no default_network_interface is set, because the conductor tries use the flat network interface instead even if it is not included in the conductor’s enabled_network_interfaces config option. Resulting in Failed to register hardware types error. See bug 1744332 for more information.

  • A network UUID for provisioning and cleaning network is no longer cached locally if the requested network (either via node’s driver_info or via configuration options) is specified as a network name. Fixes the situation when a network is re-created with the same name.

  • Addresses a condition where the Compute Service may have been unable to remove VIF attachment records while a baremetal node is being unprovisiond. This condition resulted in VIF records being orphaned, blocking future deployments without manual intervention. See bug 1743652 for more details.

Other Notes

  • The ironic-conductor expects that all PowerInterface’s set_power_state() and reboot() methods accept a timeout parameter. Any out-of-tree implementations that don’t, will cause TypeError exceptions to be raised.

  • Adds new method validate_rescue() to NetworkInterface to validate rescuing network. This method is called during validation of rescue interface.

  • All fake classic drivers now implement fake soft power actions. The fake_soft_power driver is now identical to fake.

  • A classic driver implementation can now provide matching hardware type and interfaces to enable automatic migration to hardware types. See the specification for an explanation on how to do it.


    This feature will only be available until the classic drivers support is removed (presumably in the Rocky release).

  • The sample configuration file located at etc/ironic/ironic.conf.sample and the sample policy file located at etc/ironic/policy.json.sample were removed in this release, as they are now published with documentation. See the sample configuration file and the sample policy file.


New Features

  • Adds a new ansible deploy interface. It targets mostly undercloud use-case by allowing greater customization of provisioning process.

    This new deploy interface is usable only with hardware types. It is set as supported for a generic hardware type and all its subclasses, but must be explicitly enabled in the [DEFAULT]enabled_deploy_interfaces configuration file option to actually allow setting nodes to use it.

    For migration from the staging-ansible interface from the ironic-staging-drivers project to this ansible interface, operators have to consider the following differences:

    • Callback-less operation is not supported.

    • Node’s driver_info fields ansible_deploy_username and ansible_deploy_key_file are deprecated and will be removed in the Rocky release. Instead, please use ansible_username and ansible_key_file respectively.

    • Base path for playbooks can be defined in the node’s driver_info['ansible_playbooks_path'] field. The default is the value of the [ansible]/playbooks_path option from the ironic configuration file.

    • Default playbooks for actions and cleaning steps file can be set in ironic configuration file as various [ansible]/default_* options.

  • Adds new configuration option [DEFAULT]default_resource_class that specifies the resource class to use for new nodes when no resource class is provided in the node creation request.

  • If the [glance]swift_account option is not set, the default value is now calculated based on the ID of the project used to access the object store. Previously this option was required. This change does not affect using RadosGW as an object store backend.

  • If the [glance]swift_temp_url_key option is not set, ironic now tries to fetch the key from the project used to access swift (often called service). This change does not affect using RadosGW as an object store backend.

  • If the [glance]swift_endpoint_url option is not set, ironic now tries to fetch the Object Store service URL from the service catalog. The /v1/AUTH_* suffix is stripped, if present.

  • Adds new capabilities (server_model, rom_firmware_version, pci_gpu_devices, trusted_boot and irmc_firmware_version) to the iRMC out-of-band hardware inspection for FUJITSU PRIMERGY bare metal nodes with firmware iRMC S4 and newer.

  • Adds the ability to set keystoneauth settings for automatic service discovery in the following configuration sections: [glance], [cinder], [inspector], [swift] and [neutron].

Upgrade Notes

  • python-scciclient of version 0.6.0 or newer is required by the irmc hardware type to support new out-of-band inspection capabilities. If an older version is used, the new capabilities will not be discovered.

  • During a rolling upgrade when the new services are pinned to the old release, the Bare Metal API version will also be pinned to the old release. This will prevent new features from being accessed until after the upgrade is done.

  • A new WSGI application script ironic-api-wsgi is now available. It is auto-generated by pbr and provides the ability to serve the bare metal API using a WSGI server (for example Nginx and uWSGI or Apache with mod_wsgi).

Deprecation Notes

  • Configuration option [keystone]/region_name is deprecated and will be ignored in the Rocky release. Instead, provide per-service region_name option in the following configuration file sections: [service_catalog] (for bare metal API endpoint discovery from keystone service catalog), [glance], [neutron], [cinder], [inspector] and [swift].

  • Configuration option [cinder]/url is deprecated and will be ignored in the Rocky release. Instead, use [cinder]/endpoint_override configuration option to set a specific cinder API address when automatic discovery of the cinder API endpoint from keystone catalog is not desired.

  • Configuration option glance_api_servers from the [glance] section in the configuration file is deprecated and will be ignored in the Rocky release. Instead, use [glance]/endpoint_override configuration option to set a specific (possibly load-balanced) glance API address when automatic discovery of glance API endpoint from keystone catalog is not desired. This new option defaults to None and must be set explicitly if needed. This new option is mostly suited for standalone ironic deployments without keystone and its service catalog, and it is generally recommended to rely on keystone service catalog for service endpoint discovery.

  • Configuration option [glance]/glance_api_insecure is deprecated and will be ignored in the Rocky release. Instead, use [glance]/insecure configuration option (its default is False).

  • Configuration option [glance]/glance_cafile is deprecated and will be ignored in the Rocky release. Instead, use [glance]/cafile configuration option (its default is None).

  • Configuration option [glance]/auth_strategy is deprecated and will be ignored in the Rocky release. Instead, to setup glance in noauth mode set [glance]/auth_type configuration option to none and provide glance API address as [glance]/endpoint_override configuration option.

  • Configuration option [inspector]/service_url is deprecated and will be ignored in the Rocky release. Instead, use [inspector]/endpoint_override configuration option to set the specific ironic-inspector API endpoint when its automatic discovery from the keystone catalog is not desired. This new option has no default value (None) and must be set explicitly.

  • Relying on the value of [DEFAULT]/auth_strategy configuration option to configure usage of standalone mode for ironic-inspector is deprecated and will be impossible the Rocky release. Instead, set [inspector]/auth_type configuration option to none and provide the ironic-inspector inspector API address as [inspector]/endpoint_override configuration option.

  • Configuration option [neutron]/url is deprecated and will be ignored in the Rocky release. Instead, use [neutron]/endpoint_override configuration option to set specific neutron API address when automatic discovery of neutron API endpoint from keystone catalog is not desired. This option has no default value, and must be set explicitly for a stand alone deployment of ironic and neutron (when [neutron]/auth_type is set to none), since the service catalog is not available in this case. Otherwise it is generally recommended to rely on keystone service catalog for service endpoint discovery.

  • Configuration option [neutron]/url_timeout is deprecated and will be ignored in the Rocky release. Instead, use [neutron]/timeout configuration option. This new option has no default value and must be set explicitly to 30 to keep previous default behavior.

  • Configuration option [neutron]/auth_strategy is deprecated and will be ignored in the Rocky release. Instead, set [neutron]/auth_type configuration option to none, and provide neutron API address as [neutron]/endpoint_override configuration option.

  • Using ironic/api/app.wsgi script is deprecated and it will be removed in Rocky release. Please switch to automatically generated ironic-api-wsgi script instead.

Bug Fixes

  • Fixes propagation of HTTP errors from ironic-python-agent commands. Now an operation is aborted on receiving HTTP error status from the ramdisk.

  • Fixes an issue whereby in certain deployment failure scenarios a node’s provisioning ports are not deleted. The issue would typically have been masked by nova, which deletes all ports with a device ID matching the instance’s UUID during instance termination. See bug 1732412 for details.

  • Fixes an issue where if a failure occurs during deployment, the Bare Metal service could attempt to collect logs from a node that had been powered off. This would result in a number of failed attempts to collect the logs before failing the deployment. See bug 1732939 for details.

  • Fixes a bug when SSL-related options in [swift] section of ironic configuration file were ignored when performing API requests to Swift. See https://launchpad.net/bugs/1736158 for more information.

  • No longer validates requested root partition size for whole-disk images using iscsi deploy interface, see bug 1742451 for details.

Other Notes

  • Support for parsing the glance API endpoint from the full REST path to a glance image was removed as it was not working anyway. The image service API is now always resolved from keystone catalog or via the options in the [glance] section in ironic configuration file.

  • Signatures of several networking-related functions/methods have been changed to include request context as an optional keyword argument.

    The functions/methods in question are:

    • ironic.common.neutron.get_client

    • ironic.common.neutron.unbind_neutron_port

    • ironic.common.neutron.update_port_address

    • ironic.common.neutron.validate_network

    • ironic.common.neutron.NeutronNetworkInterfaceMixin.get_cleaning_network

    • ironic.common.neutron.NeutronNetworkInterfaceMixin.get_provisioning_network

    • ironic.dhcp.neutron.NeutronDHCPApi.update_port_dhcp_opts

    • ironic.dhcp.none.NeutronDHCPApi.update_port_dhcp_opts

    If you are using any of the above functions/methods in your out-of-tree ironic driver or driver interface code, you should update the code to pass an instance of ironic.common.context.RequestContext class as a context keyword argument to those functions/methods.

  • The agent heartbeat API (POST /v1/heartbeat/<node>) can now receive a new agent_version parameter. If received, this will be stored in the node’s driver_internal_info['agent_version'] field. This information will be used by the Bare Metal service to gracefully degrade support for agent features that are requested by the Bare Metal service, ensuring that we don’t request a feature that an older ramdisk doesn’t support.

  • During the out-of-band inspection for nodes using the irmc hardware type, nodes will be powered on. The original power state will be restored after inspection is finished.


New Features

  • Adds support to provision an instance in secure boot mode for irmc-virtual-media boot interface. For details, see the iRMC driver documentation.

  • Adds a new hardware type, idrac, for Dell EMC integrated Dell Remote Access Controllers (iDRAC). idrac hardware type supports PXE-based provisioning using an iDRAC. It supports the following driver interfaces:

    • boot: pxe

    • console: no-console

    • deploy: iscsi and direct

    • inspect: idrac, inspector, and no-inspect

    • management: idrac

    • network: flat, neutron, and noop

    • power: idrac

    • raid: idrac and no-raid

    • storage: noop and cinder

    • vendor: idrac

  • To facilitate automatic discovery of services from the service catalog, the configuration file sections for service clients may include these configuration options: service_type, service_name, valid_interfaces, region_name and other keystoneauth options.

    These options together must uniquely specify an endpoint for a service registered in the service catalog. Alternatively, the endpoint_override option can be used to specify the endpoint.

    Consult the keystoneauth library documentation for a full list of available options, their meaning and possible values.

    Default values for service_type are set by ironic to sane defaults based on required services and their entries in the service types authority.

    The valid_interfaces option defaults to ['internal', 'public'].

    The region_name option defaults to None and must be explicitly set for multi-regional setup for endpoint discovery to succeed.

    Currently only the [service_catalog] section supports these options.

  • Adds support for the following Boolean capabilities keys to the ilo inspect interface:

    • sriov_enabled

    • has_ssd

    • has_rotational

    • rotational_drive_4800_rpm

    • rotational_drive_5400_rpm

    • rotational_drive_7200_rpm

    • rotational_drive_10000_rpm

    • rotational_drive_15000_rpm

    • logical_raid_level_0

    • logical_raid_level_1

    • logical_raid_level_2

    • logical_raid_level_10

    • logical_raid_level_5

    • logical_raid_level_6

    • logical_raid_level_50

    • logical_raid_level_60

    • cpu_vt

    • hardware_supports_raid

    • has_nvme_ssd

    • nvdimm_n

    • logical_nvdimm_n

    • persistent_memory

  • Starting with the Bare Metal API version 1.35, it is possible to provide a configdrive when rebuilding a node.

  • Adds SNMP request timeout and retries settings for the SNMP UDP transport. Some SNMP devices take longer than others to respond. The new Ironic configuration settings [snmp]/udp_transport_retries and [snmp]/udp_transport_timeout allow to change the number of retries and the timeout values respectively for the SNMP driver.

  • iLO drivers now support firmware update based on Smart Update Manager (SUM) as an in-band manual cleaning step update_firmware_sum for all the hardware components.

Upgrade Notes

  • The conductors database table’s version column is populated as part of the data migration (via the command ironic-dbsync online_data_migrations).

  • The ironic-dbsync command will check the database object (record) versions to make sure they are compatible with the new ironic release, before doing the upgrade or online_data_migrations.

  • Updates required proliantutils version for iLO drivers to 2.4.0. This version of the library comes with quite a few features:

    • Adds support for Gen10 servers using Redfish protocol.

    • Provides support for one-pass disk erase using HPE SSA CLI through Proliant hardware manager in IPA.

    • local_gb defaults to 0 (zero) when no disk could be discovered during inspection.

  • Deprecated options glance_host, glance_port and glance_protocol from [glance] section of ironic configuration file were removed and will be ignored. Please use [glance]/glance_api_servers options to provide specific addresses for the Image service endpoint when its discovery from keystone service catalog is not desired.

Deprecation Notes

  • Configuration option [conductor]api_url is deprecated and will be removed in the Rocky release. Instead, use the [service_catalog]endpoint_override configuration option to set the Bare Metal API endpoint if its automatic discovery from the service catalog is not desired.

    This new option defaults to None and must be set explicitly if needed.

Bug Fixes

  • Fixes an issue when running ironic-dbsync online_data_migrations. The value of an object’s new version column might have been incorrectly changed from a newer object version to an older object version, due to a race condition. This is no longer the case.

  • Fixes a problem when using boot from volume with the pxe boot interface (bug 1724275). Now the correct iSCSI initiator is used.

  • Fixes an issue where an ironic-conductor service was deemed dead because the service could not report its heartbeat due to the database connection experiencing an unexpected failure. Full tracebacks of these exceptions are now logged, and if the database connection recovers in a reasonable amount of time the service will still be available. See bug 1696296 for details.

  • Fixes an issue that caused a node using a Dell EMC integrated Dell Remote Access Controller (iDRAC) classic driver, pxe_drac or pxe_drac_inspector, to be placed in the clean failed state after a double manage/provide cycle, instead of the available state. For more information, see bug 1676387.

  • Fixes an issue in boot from volume for iscsi deploy interface. Booting from a volume would fail for a node with the iscsi deploy interface because the pxelinux.cfg file for the MAC address wasn’t created and the node would fail to boot. The pxelinux.cfg file is now created. See bug 1714436 for details.

  • Fixes an issue in boot from volume for a node with the iscsi deploy interface. It would fail if no image_source was provided in the node’s instance_info field because it would try to validate the image_source which didn’t exist. There is no need to specify the image_source and the validation is no longer being attempted. See bug 1714147 for details.

  • Fixes an issue where the update of a MAC address failed for ports that were bound (for example, when using the ‘contrail’ neutron backend).

  • Adds missing no-vendor implementation to supported vendor interfaces of the idrac hardware type.

  • Fixes a bug with the response for a GET /nodes?limit=1&instance_uuid=<uuid> request. If a node matched, a next link was returned, even though there are no more nodes that will match. That link is no longer returned.

  • Fixes the issue of port number 0 (zero) being considered invalid (bug 1729628). Zero is a valid port number and is now recognized as such.

  • Fixes a problem when rebooting a node using the ipmitool power interface could cause a deploy to fail. Now it no longer tries to power off nodes that are already off, because some BMCs will error in these cases. See bug 1718794 for details.

  • Fixes the problem of an old configdrive (used for deploying the node) being used again when rebuilding the node. Starting with the Bare Metal API version 1.35, it is possible to specify a different configdrive when rebuilding a node.

Other Notes

  • The ironic-dbsync command will check the database object (record) versions to make sure they are compatible with the new ironic release, before doing the upgrade or online_data_migrations.

  • The default rootwrap configuration files are now included when building the ironic python package. The files are included in the path etc/ironic relative to the root of where ironic is installed.