Current Series Release Notes


New Features

  • Add new conductor conf option: [conductor]poweroff_in_cleanfail (default: False). when True nodes entering clean failed state will be powered off. This option may be unsafe when using Cleaning to perform hardware-transformative actions such as firmware upgrade.

  • Adds the concept of parent_node which allows a “child node”, such as an independently managed BMC controlled device deployed within a parent_node as part of API version 1.83. Child nodes are hidden from normal node lists as they are not “general purpose” machines, but have a specific embedded usage. In this model, RBAC rules also apply so if you wish an owner or lessee to have the child node visible, they must also have the the appropriate owner or lessee value set matching the parent node.

  • Adds a /v1/nodes/?include_children=True parameter to get a list of all nodes and their children.

  • Adds a /v1/nodes/?parent_node=<node_ident> query parameter to permit retrieval of a list of child nodes assigned to the parent denoted by <node_ident>.

  • On shutdown the conductor will wait for at most [DEFAULT]graceful_shutdown_timeout seconds for existing lock node reservations to clear. Previously lock reservations were cleared immediately, which in some cases would result in nodes going into a failed state.

  • The Redfish firmware upgrade interface now supports checksum determination by length, and sha256 and sha512 checksums may now be supplied to the step arguments.

Upgrade Notes

  • This upgrade contains an additional field for the nodes table, named parent_node. This update also indexes the parent_node database column to prevent performance issues in large deployments.

  • [DEFAULT]graceful_shutdown_timeout defaults to 60s. Systemd TimeoutStopSec defaults to 30s. Kubernetes terminationGracePeriodSeconds defaults to 90s. It is recommended to align the value of [DEFAULT]graceful_shutdown_timeout with the graceful timeout of the process manager of the conductor process.

  • Fully removes the cpus property from the documentation and inspect interface implementations. It was never used internally by Ironic, and is no longer used by Nova.

  • The defaults for kernel_append_params have had the Linux kernel command line parameter nomodeset removed from the defaults for the kernel_append_params settings. The nomodeset option is for troubleshooting and changes the behavior of the graphics interface such that memory can be locked upon graphical updates on physical servers with BMC graphical interfaces, which results in spikes in latency and packet loss whenever graphics updates occur. Operators may add the option to their local configuration, but should be aware that large image transfers or other high IO operations can be impacted.

Bug Fixes

  • [bug 2010613] Fixes issue with SNMP v3 auth protocol and priv protocol set in driver info not being retrieved correctly when a SNMP client is initialized.

  • Fixes Ironic integration with Cinder because of changes which resulted as part of the recent Security related fix in bug 2004555. The work in Ironic to track this fix was logged in bug 2019892. Ironic now sends a service token to Cinder, which allows for access restrictions added as part of the original CVE-2023-2088 fix to be appropriately bypassed. Ironic was not vulnerable, but the restrictions added as a result did impact Ironic’s usage. This is because Ironic volume attachments are not on a shared “compute node”, but instead mapped to the physical machines and Ironic handles the attachment life-cycle after initial attachment.

  • Fixes Invalid cross-device link in some cases when using file:// image URLs.

  • Fixes issues in Ironic’s use of SQLAlchemy with SQLite Databases, which is common with users like Metal3, which prevented Ironic from supporting SQLAlchemy 2.0 properly, as autocommit was re-enabled.

  • Fixes bug of iRMC driver in parse_driver_info where, if FIPS is enabled, SNMP version is always required to be version 3 even though iRMC driver’s xxx_interface doesn’t use SNMP actually.

  • Fixes an issue where an agent token could be inadvertently orphaned if a node is already in the target power state when we attempt to turn the node off.

  • Fixes scope classification check with the “self_owned_node” policy check where it was limited to check execution with only project scoped, so system scoped users who ticked the policy endpoint would basically get an incorrect error.

  • Enables boot mode switching during anaconda deploy for ilo and ilo5 hardware types.

  • Fixes secure boot with anaconda deploy.

  • Fixes the bug where provisioning a Redfish managed node fails if the BMC doesn’t support EthernetInterfaces attribute, even if MAC address information is provided manually. This is done by handling of MissingAttributeError sushy exception in get_mac_addresses() method. This fix is needed to successfully provision machines such as Cisco UCSB and UCSX.

  • No longer re-calculates checksums for images that are already raw. Previously, it would cause significant delays in deploying raw images.

  • Fixes an issue where the database upgrade can hang on Python 3.10. This was because open transactions could become orphaned awaiting the Python runtime to clean up their memory references due to the way the overall database query was being intiiated to pre-flight check the upgrade. We have structurally changed the behavior to remedy this case.

  • Agents deploying on physical servers with default kernel arguments were suspetible to packet loss if a Matrox VGA/Aspeed BMC Graphics interface is present on the machine. The defaults have been changed to remove the use of the nomodeset kernel command line parameter which should only be used for troubleshooting as it has been determined that the memory updates can lock all of the kernel memory upon any console graphics update which can negatively impact IO for Networking or Disk interactions.

  • Fixes an issue where an agent token was being orphaned if a baremetal node timed out during cleaning operations, leading to issues where the node would not be able to establish a new token with Ironic upon future in some cases. We now always wipe the token in this case.