Ussuri Series (14.0.0 - 15.0.x) Release Notes

15.0.1-13

Known Issues

  • Some ipmitool builds, in particular on machines running Red Hat Enterprise Linux 8.2, have changed the default cipher suite being offered which can cause ipmitool to completely fail to negotiate a connection with the BMC. Operators who encounter this situation should use the ipmi_cipher_suite parameter in the driver_info field to override and directly assert the required cipher. Because of potential security implications of attempting second level auto-negotiation and known BMC vendor behaviors, this must be identified by the operator and explicitly set as logic to attempt to navigate through situations like this may have undesirable results.

Bug Fixes

  • Fixes the deployment failure with Ussuri (and older) ramdisks that happens when another IPA command runs after prepare_image.

  • Fixes an issue with the ansible deployment interface where automatic root deviec selection would accidently choose the system CD-ROM device, which was likely to occur when the ansible deployment interface was used with virtual media boot. The ansible deployment interface now ignores all Ramdisks, Loopbacks, CD-ROMs, and floppy disk devices.

  • Fixes an issue with agent token handling where the agent has not been upgraded resulting in an AgentAPIError, when the token is not required. The conductor now retries without sending an agent token.

  • Fixes a potential race in the hash ring code that could result in the hash rings never updated after their initial load.

  • Fixes the deprecated idrac hardware interface implementation __init__ methods to call their base class __init__ methods before emitting a log message warning about their deprecation. For more information, see story 2008197.

  • Allows configuring IPMI cipher suite via the new driver_info parameter ipmi_cipher_suite to enable operators to navigate ipmitool behavior changes around supported ciphers.

  • Removes stale agent tokens when rebooting nodes using API. This prevents lookup failures for nodes that get rebooted between fast-track operations.

15.0.1

New Features

  • Adds a new [ipmi]use_ipmitool_retries option. When set to True and timing is supported by ipmitool, the number of retries and command interval will be passed to ipmitool so that ipmitool will do the retries. When set to False, ironic will do the retries. Default is True.

Known Issues

  • Some BMCs do not support the Channel Cipher Suites command that newer versions of ipmitool use. These versions of ipmitool will resend this command for each ipmitool retry, resulting in long response times. Setting [ipmi]use_ipmitool_retries to false will avoid this situation by implementing retries on the ironic level.

  • Some redfish-enabled hardware is known not to support persistent boot device setting that is used by the Bare Metal service for deployed instances. The redfish hardware type tries to work around this problem, but rebooting such an instance in-band may cause it to boot incorrectly. A predictable boot order should be configured in the node’s boot firmware to avoid issues and at least metadata cleaning must be enabled. See this mailing list thread for technical details.

Bug Fixes

  • Fixes a rare issue when agent successfully powers off a node after deployment, but ironic never learns about it and does another reboot.

  • Fixes deployment in fast-track mode by keeping the required internal fields (agent_url and agent_secret_token) intact when starting and finishing deployment and cleaning.

  • Fixes RAID apply_configuration deploy step for idrac-wsman where deployment failed with TypeError. See story 2007963.

  • Cleans up nodes stuck in the deleting state on conductor restart.

  • Fixes deployment hanging on an invalid in-band deploy step in a deploy templates.

  • Allows deleting nodes with a broken driver unless they require stopping serial console.

  • Fixes fast-track deployments with the direct deploy interface that used to hang previously.

  • Fixes a bug in “fast track” where Ironic would delete the agent token upon exiting cleaning steps. However, if we are in fast track mode, we can preserve the token and continue operations with the agent as it is not powered off during fast track operations.

  • Fixes json_rpc client connections always using HTTP even if use_ssl was set to True.

  • Fixes a workaround for hardware that does not support persistent boot device setting with the redfish or idrac-redfish management interface implementation. When such situation is detected, ironic falls back to one-time boot device setting, restoring it on every reboot or power on.

    For more information, see story 2007733.

  • Fixes fast track deployment preceeded by managed inspection by providing the ironic API URL to the ramdisk so that it can heartbeat.

  • When Ironic is doing IPMI retries the configured min_command_interval should be used instead of a default value of 1, which may be too short for some BMCs.

  • Fixes missing agent RAID compatibility for the ilo5 and idrac hardware type preventing software RAID for working with them.

  • No longer tries to set local_gb to MAX when building RAID with the root disk using MAX for its size.

  • To provide a workaround for incorrect boot order problems on some hardware, the redfish hardware type now supports the noop management interface, similarly to IPMI and SNMP.

  • Rebooting a node with the redfish power interface is now implemented via a power off request followed by power on to avoid returning success when a node stays powered on after the reboot request.

  • Provides a workaround for hardware that does not support persistent boot device setting with the redfish hardware type. When such situation is detected, ironic will fall back to one-time boot device setting, restoring it on every reboot.

  • Fixes an issue where ironic-conductor initialization could return a NodeNotLocked error for requests requiring locks when the conductor was starting. This was due to the conductor removing locks after beginning accepting new work. The lock removal has been moved to after the Database connectivity has been established but before the RPC bus is initialized.

  • Removes stale agent token on rescue and unrescue operations. Previously it would cause subsequent rescue operations to fail.

  • If the disk format of the image is provided in the instance_info, skip the memory check if it is set to raw and raw image streaming is enabled. That allows to stream raw images provided as URL and not through Glance.

Other Notes

  • Ramdisk logs are now collected during cleaning the same way as during deployment.

15.0.0

Prelude

The Ironic Developers are proud to announce the release of Ironic 15.0! This release contains a number of changes that have been sought by operators and users of Ironic for some time, including support for UEFI booting a software RAID system, improved Ironic/Ironic Python Agent security, multi-tenancy constructs, a hardware retirement mechanism, stateful DHCPv6, and numerous fixes. We sincerely hope you enjoy!

New Features

  • Adds REST API endpoints for indicator management. Three new endpoints, for listing, reading and setting the indicators, reside under the /v1/nodes/<node_ident>/management/indicators location.

  • Adds support of “agent token” which serves as a mechanism to secure the normally unauthenticated API endpoints in ironic which are used in the mechanics of baremetal provisioning. This feature is optional, however operators may require this feature by changing the [DEFAULT]require_agent_token setting to True.

  • Adds is_allocation_owner policy rule, which can be applied to allocation get/update/delete rules. Also adds baremetal:allocation:list and baremetal:allocation:list_all rules for listing owned allocations and all allocations. Default rules are unaffected, so default behavior is unchanged.

  • Adds a new configuration option [console]port_range, which specifies the range of ports can be consumed for the IPMI serial console. The default value is None for backwards compatibility. If the ipmi_terminal_port is not specified in the driver information for a node, a free port will be allocated from the configured port range for further use.

  • For baremetal operations on DHCPv6-stateful networks multiple IPv6 addresses can now be allocated for neutron ports created for provisioning, cleaning, rescue or inspection. The new parameter [neutron]/dhcpv6_stateful_address_count controls the number of addresses to allocate (Default: 4).

  • Adds functionality with neutron integration to support dual-stack (IPv4 and IPv6 environment configurations). This enables ironic to look up the attached port(s) and supply DHCP options in alignment with the protocol version allocated on the port.

  • Implemented the BIOS interface for the idrac hardware type. Primarily, implemented factory_reset and apply_configuration clean and deploy steps, as asynchronous operations. For more details, see story 2007400.

  • The ilo-virtual-media boot interface now supports managing boot for in-band inspection. This enables using virtual media instead of PXE for in-band inspection.

  • Adds the capability for the instance_info\image_checksum value to be optional in stand-alone deployments if the instance_info\image_os_hash_algo and instance_info\image_os_hash_value fields are populated.

  • Makes management interface of redfish hardware type not change the current boot frequency if the current setting is the same as the desired one. The goal is to avoid touching a potentially faulty BMC option whenever possible.

  • Adds a new [ipmi]debug option that allows users to explicitly turn IPMI command debugging on, as opposed to relying upon the system debug setting [DEFAULT]debug. Users wishing to continue to log this output should set [ipmi]debug to True in their ironic.conf.

  • Changes neutron port updates to use auth values from Ironic’s neutron conf, preventing issues that can arise when a non-admin user manages Ironic nodes. A check is added to the port update function to verify that the user can actually see the port. This adds an additional Neutron request call to all port updates.

  • Adds a lessee field to nodes. This field is exposed to policy, so if a policy file permits, a lessee will have access to specified node APIs.

  • Adds baremetal:node:update_extra and baremetal:node:instance_info policies to allow finer-grained policy control over node updates. In order to use standalone Ironic to provision a node, a user must be able to update instance_info (and extra if using metalsmith), and a lessee should not be able to update all node attributes.

  • The redfish_system_id property of redfish hardware type has been made optional. If not specified in driver_info, and the target BMC manages a single ComputerSystem, ironic will assume that system. Otherwise, ironic will fail requiring explicit redfish_system_id specification in driver_info.

  • To allow use of the neutron network interface in combination with flat provider networks where no actual switch management is done. The local_link_connection field on ports is extended to support the network_type field.

  • Target devices for software RAID can now be specified in the form of device hints (same as for root devices) in the physical_disks parameter of a logical disk configuration. This requires ironic-python-agent from the Ussuri release series.

  • Adds a root_prefix parameter to the sushy context based on the path of redfish_address. Defaults to sushy root_prefix default (/redfish/v1/). This is needed if the Redfish API is not located in the default /redfish/v1/ endpoint.

  • Adds support for bootable software RAID with UEFI boot mode.

  • Passwords for rescue operation are now hashed for transmission to the ironic-python-agent. This functionality requires ironic-python-agent version 6.0.0.

    The setting [conductor]rescue_password_hash_algorithm now defaults to sha256, and may be set to sha256, or sha512.

Known Issues

  • The ansible deployment interface does not support use of an agent token at this time.

Upgrade Notes

  • The minimum supported version of Ansible is now 2.7. All support for previous Ansible versions is no longer maintained.

  • The default value of [deploy]/default_boot_option is changed from netboot to local.

  • Due to the default boot option change, partition images without grub2 will be unable to be deployed without the boot_option for the node to be explicitly set to netboot.

  • The required minimum version of the sushy python Redfish API client library is now version 3.2.0.

  • Removes compatibility with deploy interfaces that do not use deploy steps.

  • The [pxe]ip_version setting may no longer be required depending on neutron integration.

  • Operators that used the [DEFAULT]my_ip setting with an IPv6 address may wish to explore migrating to the [DEFAULT]my_ipv6 setting. Setting both values enables the appropriate IP addresses based on protocol version for PXE/iPXE.

  • If [DEFAULT]force_raw_images is set to true, then MD5 will not be utilized to recalculate the image checksum. This requires the ironic-python-agent ramdisk to be at least version 3.4.0.

  • Debug logging control has been moved to the [ipmi]debug configuration setting as opposed to the “conductor” [DEFAULT]debug setting as the existing ipmitool output can be extremely misleading for users. Operators who wish to continue to log ipmitool verbose output in their logs should explicitly set the [ipmi]debug command to True.

  • The dependency on oslo.i18n is now optional. If you would like messages from ironic to be translated, you need to install it explicitly.

  • The guru meditation reporting functionality is now optional and the oslo.reports package is no longer a part of requirements. Install it manually if you need this feature.

  • The configuration option [pxe]ipxe_enabled was deprecated and now has been removed, thus the support for iPXE from the pxe interface was removed. To use iPXE, the boot interface should be migrated to ipxe or other boot interfaces capable of booting from iPXE.

Deprecation Notes

  • Some deploy interfaces use the continue_node_deploy RPC call to notify the conductor when they’re ready to leave the deploy core deploy step. Currently ironic allows a node to be either in wait call-back or deploying state when entering this call. This is deprecated, and in the next release a node will have to be in the wait call-back (DEPLOYWAIT) state for this call.

Security Issues

  • Image checksum recalculation when images are forced to raw images, are now calculated using SHA3-256 if MD5 was selected. This is now unconditional.

  • Operators wishing to enforce all rescue passwords to be hashed should use the [conductor]require_rescue_password_hashed setting and set it to a value of True.

    This setting will be changed to a default of True in the Victoria development cycle.

  • The secret token that is used for IPA verification will be generated using the secrets module to be in compliance with the FIPS 140-2 standard.

Bug Fixes

  • Fixes an issue with the agent client code where checks of the agent command status had no logic to prevent an intermittent or transient connection failure from causing the entire operation to fail.

  • Fixes ‘Invalid parameter value for SpanLength’ when configuring RAID using Python 3. This passed incorrect data type to iDRAC, e.g., instead of 2 it passed 2.0. See story 2004265.

  • Fixes RAID configuration using idrac-wsman RAID interface where node remains in ‘clean wait’ provisioning state forever. See story 2007567.

  • Fixes an issue where a node may be locked from changes if a conductor’s hostname case is changed before restarting the conductor service.

  • Fixes an issue in the ironic-python-agent client code where a command exception may not be captured in the interaction with the agent rest API. The client code would return the resulting error message and a static error code. We now look with-in the error to detect if the error may be a compatability error to raise the appropriate exception for fallback logic to engage.

  • Improves interoperability with Redfish BMCs by untying node boot mode change from other boot parameters change (such as boot device, boot frequency).

  • Fixes vague node last_error field reporting upon deploy step failure by providing the exception error message in addition to the step that failed.

  • The ‘no address available’ problem seen when network booting on DHCPv6-stateful networks is fixed with the support for allocating multiple IPv6 addresses. See bug: 1861032.

  • Fixes an agent command issue in the bootloader installation process that can present itself as a connection timeout under heavy IO load conditions. Now installation commands have an internal timeout which is double the conductor wide [agent]command_timeout. For more information, see bug 2007483.

  • Use SHA256 for comparing file contents instead of MD5. This improves FIPS compatibility.

  • Fixes a bug in the idrac hardware type where when creating one or more virtual disks on a RAID controller that supports passthru mode (PERC H730P), the cleaning step would finish before the job to create the virtual disks actually completed. This could result in the client attempting to perform another action against the iDRAC that creates a configuration job, and that action would fail since the job to create the virtual disk would still be executing. This patch fixes this issue by only allowing the cleaning step to finish after the job to create the virtual disk completes. See bug bug 2007285 for more details.

  • Certain RAID controllers (PERC H730P) require physical disks to be switched from non-RAID (JBOD) mode to RAID mode to be included in a virtual disk. When this conversion happens, the available free space on the physical disk is reduced due to some space being allocated to RAID mode housekeeping. If the user requests a virtual disk (a RAID 1 for example) with a size close to the max size of the physical disks when they are in JBOD mode, then creation of the virtual disk following conversion of the physical disks from JBOD to RAID mode will fail since there is not enough space due to the space used by RAID mode housekeeping. This patch works around this issue by recalculating the RAID volume size after physical disk conversion has completed and the free space on the converted drives is known. Note that this may result in a virtual disk that is slightly smaller than the requested size, but still the max size that the drives can support. See bug bug 2007359 for more details

  • Fixes state report via Guru Meditation Reports that did not work previously because of empty log_dir and no way to configure this configuration option.

  • Fixed a bug where rebooting a node managed by the idrac hardware type when using the WS-MAN power interface sometimes fails with a The command failed to set RequestedState error. See bug 2007487 for details.

  • If a node is in mid-deployment or cleaning and its conductor dies, ironic will move that node into a failed state. However, this wasn’t being done if those nodes were also in maintenance. This has been fixed. See story 2007098 for more details.

  • Now that HUAWEI ironic 3rd party CI is back, the ibmc hardware type driver is supported.

  • Fixes an issue where a node may be locked from changes if a conductor’s hostname case is changed before restarting the conductor service. clean up the reservation once the conductor stopped.

  • Renames misleadingly named images.create_isolinux_image_for_uefi function into images.create_esp_image_for_uefi. The new name reflects what’s actually going on under the hood.

Other Notes

  • The [conductor]power_state_change_timeout default value has been extended to 60 seconds from 30 seconds. This is due to some API interfaces with Redfish, may cache the power state and thus may take longer than thirty seconds to update after a change has been requested. Please see here for more information.

  • The rootwrap filter file called “ironic-lib.filters” is no longer part of Ironic. The same file is available from the ironic-lib module which is already an install requirement.

14.0.0

New Features

  • Adds instance_info/kernel_append_params property support to redfish hardware type. If given, this property overrides [redfish]/kernel_append_params ironic option. The rationale for adding this property is to allow passing node-specific kernel parameters to instance kernel. One of the use-cases for this is to pass node static network configuration to the kernel.

  • Adds support for node retirement by adding a retired property to the node. If set, a node moves upon automatic cleaning to manageable (rather than available). The new property also blocks the provide keyword, i.e. nodes cannot move from manageable to available. Furthermore, there is an additional optional field retirement_reason to store the reason for the node’s retirement.

  • Adds an owner field to allocations. Depending on policy, a non-admin can then create an allocation and have the owner set to their project. Allocation processing will then ensure that only nodes with the same owner are matched.

  • Adds support for specifying vendor_data when building config drives. Starting with API version 1.59, a JSON based configdrive parameter to /v1/nodes/<node>/states/provision can include the key vendor_data. This data will be built into the configdrive contents as vendor_data2.json.

  • Adds idrac hardware type support of a virtual media boot interface implementation that utilizes the Redfish out-of-band (OOB) management protocol and is compatible with the integrated Dell Remote Access Controller (iDRAC) baseboard management controller (BMC). It is named idrac-redfish-virtual-media.

    The idrac hardware type declares support for that new interface implementation, in addition to all boot interface implementations it has been supporting. The highest priority boot interfaces remain the same. It now supports the following boot interface implementations, listed in priority order from highest to lowest: ipxe, pxe, and idrac-redfish-virtual-media.

    To use the new boot interface, install the sushy-oem-idrac Python package.

    For more information, see story 2006570.

  • It’s now possible to force booting for in-band inspection to be managed by ironic by setting the new [inspector]require_managed_boot option to True. In-band inspection will fail if the node’s driver does not support managing boot for it.

  • The pxe and ipxe boot interfaces, as well as all in-tree network interfaces, now support managing in-band inspection boot.

  • Allows reading the root_device from instance_info, overriding the value in properties. This enables per-instance root device settings and requires the Ussuri release of ironic-python-agent.

  • Adds an is_node_owner policy rule. This rule can be used with node policy rules in order to expose specific node APIs to a project ID specified by a node’s owner field. Default rules are unaffected, so default behavior is unchanged.

  • A port is owned by its associated node’s owner. This owner is now exposed to policy checks, giving Ironic admins the option of modifying the policy file to allow users specified by a node’s owner field to perform API actions on that node’s associated ports through the is_node_owner rule.

  • The redfish-virtual-media boot interface now supports managing boot for in-band inspection. This enables using virtual media instead of PXE for in-band inspection.

  • Software RAID is no longer limited to images which have the root file system in the first partition.

Upgrade Notes

  • Changes the minimum version of Ansible for use with the ansible deploy_interface to version 2.5.

  • Python 2.7 support has been dropped. Last release of Ironic to support Python 2.7 is OpenStack Train. The minimum version of Python now supported by Ironic is Python 3.6.

  • For the managed in-band inspection to work, make sure that the Bare Metal Introspection endpoint (either in the service catalog or in the [inspector]endpoint_override configuration option) is not set to localhost. Alternatively, set the [inspector]callback_endpoint_override option to a value with a real IP address.

  • The argument agent_version of the heartbeat interface is now mandatory to all interfaces that inherit from HeartbeatMixin.

  • Operators using custom PXE/iPXE/Grub templates should update them to remove an explicit mention of ipa-api-url. This field is now a part of pxe_append_params when required.

  • The configuration option [agent]heartbeat_timeout was deprecated before ocata release and now removed, please use [api]ramdisk_heartbeat_timeout instead.

  • The configuration option [glance]glance_num_retries was deprecated and now removed, please use [glance]num_retries instead.

  • The configuration option [disk_utils]iscsi_verify_attempts was deprecated in Train and it’s now removed from ironic-lib. Please use the [iscsi]verify_attempts option instead.

  • For Software RAID, the IPA no longer assumes that the root file system of the deployed image is in the first partition. Instead, it will use the UUID passed from the conductor. Operators need hence to make sure that the conductor has the correct UUID (which either comes from the rootfs_uuid field in the image metadata or from the root_uuid_or_disk_id in the node’s internal_driver_info.)

Deprecation Notes

  • The ibmc hardware type has been deprecated. While the Huawei team setup Third-Party CI for the driver’s inclusion into ironic, the CI unfortunately went down around the time the United States of America announced commerce restrictions against Huawei.

    Unfortunantely, without third party CI and no contacts to maintain the driver, the ironic community is left with little choice but to deprecate and ultimately remove the driver.

  • The Fujitsu irmc hardware type has been deprecated. The Third Party CI for the driver stopped responding on or around July 7th, 2019. As such, we cannot claim fixes or changes to the driver are in a working state.

    We have heard from the Fujitsu team that they intend to return irmc CI to working order, and as such should that occur this deprecation will be revoked.

Security Issues

  • Node secrets (such as BMC credentials) are no longer logged when JSON RPC is used and DEBUG logging is enabled.

  • Prevents additional updates of an agent callback_url through the agent heartbeat /v1/heartbeat/<node_uuid> endpoint as the callback_url should remain stable through the cleaning, provisioning, or rescue processes. Should anything such as an unexpected agent reboot cause the callback_url, heartbeat operations will now be ignored. More information can be found at story 2006773.

Bug Fixes

  • Makes ironic.api.wsgi compatible with WSGI containers that cannot use an executable WSGI entry point. For example, with gunicorn:

    gunicorn -b 0.0.0.0:6385 'ironic.api.wsgi:initialize_wsgi_app(argv=[])'
    
  • Now passing proper flags during clean up of iPXE boot environments, so that no leftovers are left after node tear down.

  • Fixes a bug in the idrac hardware type where configuration job for RAID delete_configuration cleaning step gets created even when there are no virtual disks or hotspares/dedicated hotspares present on any controller. See bug 2006562 for details.

  • Fixes a bug in the idrac hardware type where a race condition can occur on a host that has a mix of controllers where some support realtime mode and some do not. The approach is to use only realtime mode if all controllers support realtime. This removes the race condition. See bug 2006502 for details.

  • Corrects logic in the entry path of node cleaning and deployment processes to prohibit agent_url from being preemptively removed if fast_track is enabled and in use. This allows fast track cleaning and deployment operations to succeed.

  • Fixes issue where the resource list API returned results with requested fields only until the API MAX_LIMIT. After the API MAX_LIMIT is reached the API started ignoring user requested fields. This fix will make sure that the next url generated by the pagination code will include the user requested fields as query parameter.

  • Fixes an issue that when ipxe interface is in use with [pxe]ipxe_enabled set to false, the PXE configuration is not handled properly which prevents the machine from performing a successful iPXE boot.

  • Fixes virtual media boot when served using a local HTTP server, i.e. [redfish]use_swift is false.

  • Fixes drive sensors information collection in redfish management interface. Prior to this fix, wrong Redfish schema has been used for Drive resource what has been causing exception and ultimately sensor data collection failure.

  • Fixes a possible console lockup issue in case of PID file not being yet created while daemon start has call already returned success return code.

  • Fixes a bug in the idrac hardware type where executing the clear_job_queue clean step, pending non-BIOS config jobs (E.g. create/delete virtual disk) were not being deleted before job execution.

    See bug 2006580 for details.

  • Fixes an issue with fasttrack where a recent security related change to prevent the agent_url field from being updated in a node, to functionally prevent fast_track from succeeding as the node would fail with an exception indicating the agent_url could not be found. The required agent_url value is now preserved when the fast track feature is enabled as the running ramdisk is not shut down.

  • Fixes a minor issue with get_boot_option logic that did not account for Software RAID. This can erroniously cause the deployment to take the the incorrect deployment path and attempt to install a boot loader.

  • Add timeout when querying agent for commands status. Without it, node can lock up for a quite long time and ironic will not allow to perform any operations with it.

  • Fixes incorrect parsing of ibmc_address with a port but without a schema in the ibmc hardware type on Python 3.8.

  • When using the PERC H730P RAID controller, physical disks must be put into RAID mode prior to creating a virtual disk that includes them. If one or more physical disks are in JBOD/Non-RAID mode when creating a virtual disk from them, then the iDRAC will return an error. This patch ensures that the physical disks being included in a virtual disk are converted to RAID mode prior to creating the virtual disk.

  • Hardware type idrac converts physical drives from RAID to JBOD mode after RAID delete_configuration cleaning step through raid interface. This ensures that the individual disks freed by deleting the virtual disks are visible to the OS.

  • Support for some hardware, including some Dell EMC servers, is broken when using the Redfish hardware type with sushy 1.9.0. The minimum version for the sushy library is now 2.0.0. See story 2006702 for more information.

  • Fixes an issue where a provisioned or allocated node could have its owner changed. For backwards compatibility, we preserve the ability to do so for a provisioned node through the use of the baremetal:node:update_owner_provisioned policy rule. We always prevent the update if the node is associated with an allocation that specifies an owner.

  • Fixes a bug with the grub ramdisk boot template handling, such that the template now properly references the user provided kernal and ramdisk. Previously the deployment ramdisk and kernel was referenced in the template.

  • When installing a whole disk image using iscsi, set up the bootloader even if a root partition can not be found. The bootloaders will be located on the disk.

Other Notes

  • Boot and network interface implementations can now manage boot for in-band inspection by implementing the new methods:

    • BootInterface.validate_inspection

    • NetworkInterface.validate_inspection

    • NetworkInterface.add_inspection_network

    • NetworkInterface.remove_inspection_network

    Previously only ironic-inspector itself could manage boot for it. This change opens a way for non-PXE implementations of in-band inspection.