Ussuri Series (14.0.0 - 15.0.x) Release Notes¶
TinyCore Linux 10.x, which powers the TinyIPA ramdisk in the Ussuri and Train releases of OpenStack, is no longer able to be built due to certificate verification issues as time moves forward. We have embedded a fix for use by Ironic’s CI only. As a general reminder, TinyIPA should not be used in production deployments.
Operators upgrading from earlier versions using PXE should explicitly set
[pxe]uefi_ipxe_bootfile_name, and possibly
[pxe]ipxe_bootfile_name_by_archsettings, as well as a iPXE specific
[pxe]ipxe_config_templateoverride, if required.
[pxe]ipxe_config_templateto no value will result in the
[pxe]pxe_config_templatebeing used. The default value points to the supplied standard iPXE template, so only highly customized operators may have to tune this setting.
On Ussuri release, to use certification file on HTTPS connection, iRMC driver requires python-scciclient version to be >=0.8.2,<0.9.0 or >=0.9.5,<0.10.0 and packaging >=16.5
Operators may need to check their
/httpboot/redfishfolder permissions if using
redfish-virtual-media. The conductor was previously creating the folder with incorrect permissions.
A permission setting has been added for
redfish-virtual-mediaboot interface, which allows for explicit file permission setting when the driver is being used. The default for the new
[redfish]file_permission setting is ``0u644, or 644 if manually changed using
chmodon the command line. Operators MAY need to adjust this if they were running the conductor with a specific
umaskto work around the permission setting defect.
irmchardware type to include a capability to control enforcement of HTTPS certificate verification. By default this is enforced. python-scciclient version must be >=0.8.2,<0.9.0 or >=0.9.5,<0.10.0 Or certificate verification will not occur.
Fixes Ironic integration with Cinder because of changes which resulted as part of the recent Security related fix in bug 2004555. The work in Ironic to track this fix was logged in bug 2019892. Ironic now sends a service token to Cinder, which allows for access restrictions added as part of the original CVE-2023-2088 fix to be appropriately bypassed. Ironic was not vulnerable, but the restrictions added as a result did impact Ironic’s usage. This is because Ironic volume attachments are not on a shared “compute node”, but instead mapped to the physical machines and Ironic handles the attachment life-cycle after initial attachment.
Addresses the lack of an ability to explicitly set different bootloaders for
PXEbased boot operations via their respective
set_boot_devicemethod that would fail deployment when there are existing jobs present with error “Failed to change power state to ‘’power on’’ by ‘’rebooting’’. Error: DRAC operation failed. Reason: Unfinished config jobs found: <list of existing jobs>. Make sure they are completed before retrying.”. Now there can be non-BIOS jobs present during deployment. This will still fail for cases when there are BIOS jobs present. In such cases should consider moving to
idrac-redfishthat does not have this limitation when setting boot device.
idrac-wsmanpower interface to wait for the hardware to reach the target state before returning. For systems where soft power off at the end of deployment to boot to instance failed and forced hard power off was used, this left node successfully deployed in off state without any errors. This broke other workflows expecting node to be on booted into OS at the end of deployment. Additional information can be found in story 2009204.
Calculating the ipmitool -N and -R arguments from ironic.conf [ipmi] command_retry_timeout and min_command_interval now takes into account the 1 second interval increment that ipmitool adds on each retry event.
Failure-path ipmitool run duration will now be just less than command_retry_timeout instead of much longer.
driver_info/irmc_verify_caoption to specify certification file. Default value of driver_info/irmc_verify_ca is True.
Fixes connection caching issues with Redfish BMCs where AccessErrors were previously not disqualifying the cached connection from being re-used. Ironic will now explicitly open a new connection instead of using the previous connection in the cache. Under normal circumstances, the
sushyredfish library would detect and refresh sessions, however a prior case exists where it may not detect a failure and contain cached session credential data which is ultimately invalid, blocking future access to the BMC via Redfish until the cache entry expired or the
ironic-conductorservice was restarted. For more information please see story 2009719.
redfish-virtual-mediaand related based drivers to utilize an explicit file permission instead of rely upon the ironic-conductor umask, which may be incorrect. This can be tuned with the
Fixes an issue where the default folder permission for the
redfish-virtual-mediadriver where the folder permissions for the
/httpboot/redfishfolder was being created with incorrect permissions.
ipmitoolbuilds, in particular on machines running Red Hat Enterprise Linux 8.2, have changed the default cipher suite being offered which can cause
ipmitoolto completely fail to negotiate a connection with the BMC. Operators who encounter this situation should use the
ipmi_cipher_suiteparameter in the
driver_infofield to override and directly assert the required cipher. Because of potential security implications of attempting second level auto-negotiation and known BMC vendor behaviors, this must be identified by the operator and explicitly set as logic to attempt to navigate through situations like this may have undesirable results.
redfish-virtual-mediais used, fast-track mode will not work as expected, nodes will be rebooted between operations.
An automated detection of a IPMI BMC hardware vendor has been added to appropriately handle IPMI BMC variations. Ironic will now query this and save this value if not already set in order to avoid querying for every single operation. Operators upgrading should expect an elongated first power state synchronization if for nodes with the
Fixes the deployment failure with Ussuri (and older) ramdisks that happens when another IPA command runs after
Fixes an issue with the
ansibledeployment interface where automatic root deviec selection would accidently choose the system CD-ROM device, which was likely to occur when the ansible deployment interface was used with virtual media boot. The
ansibledeployment interface now ignores all Ramdisks, Loopbacks, CD-ROMs, and floppy disk devices.
[deploy]configdrive_use_object_storeoption that was broken during the Python 3 transition.
Fixes the problem about grub2 config file. Some higher versions of grub2 (e.g. 2.05 or 2.06-rc1) use grub.cfg-01-MAC, while another lower versions of grub2 (e.g. 2.04) use MAC.conf, so we generate both paths in order to be compatible with both.
Fixes an issue with agent token handling where the agent has not been upgraded resulting in an AgentAPIError, when the token is not required. The conductor now retries without sending an agent token.
Fixes issues when
UEFIboot mode has been requested with persistent boot to
DISKwhere some versions of
ipmitooldo not properly handle multiple options being set at the same time. While some of this logic was addressed in upstream ipmitool development, new versions are not released and vendors maintain downstream forks of the ipmitool utility. When considering vendor specific selector differences along with the current stance of new versions from the upstream
ipmitoolcommunity, it only made sense to handle this logic with-in Ironic. In part this was because if already set the selector value would not be updated. Now ironic always transmits the selector value for
Fixes handling of Supermicro
UEFIsupporting BMCs with the
ipmihardware type such that an appropriate boot device selector value is sent to the remote BMC to indicate boot from local storage. This is available for both persistent and one-time boot applications. For more information, please consult story 2008241.
Fixes handling of the
ipmihardware type where
UEFIboot mode and “one-time” boot to PXE has been requested. As Ironic now specifically transmits the raw commands, this setting should be properly appied where previously PXE boot operations may have previously occured in
Fixes a potential race in the hash ring code that could result in the hash rings never updated after their initial load.
Fixes the virtual disks creation by changing PERC H740P controller mode from Enhanced HBA to RAID in delete_configuration clean step. PERC H740P controllers supports RAID mode and Enhanced HBA mode. When the controller is in Enhanced HBA, it creates single disk RAID0 virtual disks of NON-RAID physical disks. Hence the request for VD creation with supported RAID fails due to no available physical disk. This patch converts the PERC H740P RAID controllers to RAID mode if enhanced HBA mode found enabled See bug bug 2007711 for more details
Fixes the deprecated
idrachardware interface implementation
__init__methods to call their base class
__init__methods before emitting a log message warning about their deprecation. For more information, see story 2008197.
Allows configuring IPMI cipher suite via the new
ipmi_cipher_suiteto enable operators to navigate
ipmitoolbehavior changes around supported ciphers.
When configured to use json-rpc, the
[DEFAULT].hostconfiguration option to ironic-conductor can now be set to an IPv6 address. Previously it could only be an IPv4 address or a DNS name.
Fixes the issue that when the MAC address of a port group is not set and been attached to instance, the landed bond port cannot get IP address due to inconsistent MAC address between the tenant port and the initially allocated one in the config drive.
Fixes wiping the agent secret token on manual power off or reboot. Also makes sure to remove the agent URL since it may potentially change.
Fixes cleaning and managed inspection not respecting the
Fixes cleaning and managed inspection not following the standard boot mode handling logic, particularly, not trying to assert the requested boot mode if the driver allows it.
Adds handling of Redfish BMC’s which lack a
BootSourceOverrideModeflag, such that it is no longer a fatal error for a deployment if the BMC does not support this field. This most common on BMCs which feature only a partial implementation of the
boot, but may also be observable on some older generations of BMCs which recieved updates to have partial Redfish support.
The fix for story 2008252 synced the boot mode after changing the boot device because Supermicro nodes reset the boot mode if not included in the boot device set. However this can cause a problem on Dell nodes when changing the mode uefi->bios or bios->uefi, see story 2008712 for details. Restrict the syncing of the boot mode to Supermicro.
When Ironic configures the BootSourceOverrideTarget setting via Redfish, on Supermicro BMCs it must always configure BootSourceOverrideEnabled or that will revert to default (Once) on the BMC, see story 2008547 for details. This is different than what is currently implemented for other BMCs in which the BootSourceOverrideEnabled is not configured if it matches the current setting (see story 2007355).
This requires that node.properties[‘vendor’] be ‘supermicro’ which will be set by Ironic from the Redfish system response or can be set manually.
After changing the boot device via Redfish, check that the boot mode being reported matches what is configured and, if not, set it to the configured value. Some BMCs change the boot mode when the device is set via Redfish, see story 2008252 for details.
Introduces lazy-loading of ports, portgroups, volume connections and volume targets in task manager to fix performance issues. For periodic tasks which create a task manager object but don’t require the aforementioned data (e.g. power sync), this change should reduce the number of database interactions by around two thirds, speeding up overall execution.
Removes stale agent tokens when rebooting nodes using API. This prevents lookup failures for nodes that get rebooted between fast-track operations.
Fixes an issue of powering off with the
idrac-wsmanmanagement interface while the execution of a clear job queue cleaning step is proceeding. Prior to this fix, the clean step would fail when powering off a node.
Fixes timeout in fast-track mode with
redfish-virtual-mediawhen running one operation after another (e.g. cleaning after inspection).
detect_vendormanagement interface method to the
ipmihardware type. This method is being promoted as a higher level interface as the fundimental need to be able to have logic aware of the hardware vendor is necessary with vendor agnostic drivers where slight differences require slightly different behavior.
Adds a new
[ipmi]use_ipmitool_retriesoption. When set to
Trueand timing is supported by ipmitool, the number of retries and command interval will be passed to ipmitool so that ipmitool will do the retries. When set to
False, ironic will do the retries. Default is
Some BMCs do not support the
Channel Cipher Suitescommand that newer versions of ipmitool use. These versions of ipmitool will resend this command for each ipmitool retry, resulting in long response times. Setting
falsewill avoid this situation by implementing retries on the ironic level.
Some redfish-enabled hardware is known not to support persistent boot device setting that is used by the Bare Metal service for deployed instances. The
redfishhardware type tries to work around this problem, but rebooting such an instance in-band may cause it to boot incorrectly. A predictable boot order should be configured in the node’s boot firmware to avoid issues and at least metadata cleaning must be enabled. See this mailing list thread for technical details.
Fixes a rare issue when agent successfully powers off a node after deployment, but ironic never learns about it and does another reboot.
Fixes deployment in fast-track mode by keeping the required internal fields (
agent_secret_token) intact when starting and finishing deployment and cleaning.
apply_configurationdeploy step for
idrac-wsmanwhere deployment failed with
TypeError. See story 2007963.
Cleans up nodes stuck in the
deletingstate on conductor restart.
Fixes deployment hanging on an invalid in-band deploy step in a deploy templates.
Allows deleting nodes with a broken driver unless they require stopping serial console.
Fixes fast-track deployments with the
directdeploy interface that used to hang previously.
Fixes a bug in “fast track” where Ironic would delete the
agent tokenupon exiting cleaning steps. However, if we are in fast track mode, we can preserve the token and continue operations with the agent as it is not powered off during fast track operations.
Fixes json_rpc client connections always using HTTP even if use_ssl was set to True.
Fixes a workaround for hardware that does not support persistent boot device setting with the
idrac-redfishmanagement interface implementation. When such situation is detected, ironic falls back to one-time boot device setting, restoring it on every reboot or power on.
For more information, see story 2007733.
Fixes fast track deployment preceeded by managed inspection by providing the ironic API URL to the ramdisk so that it can heartbeat.
When Ironic is doing IPMI retries the configured
min_command_intervalshould be used instead of a default value of
1, which may be too short for some BMCs.
agentRAID compatibility for the
idrachardware type preventing software RAID for working with them.
No longer tries to set
MAXwhen building RAID with the root disk using
MAXfor its size.
To provide a workaround for incorrect boot order problems on some hardware, the
redfishhardware type now supports the
noopmanagement interface, similarly to IPMI and SNMP.
Rebooting a node with the
redfishpower interface is now implemented via a power off request followed by power on to avoid returning success when a node stays powered on after the reboot request.
Provides a workaround for hardware that does not support persistent boot device setting with the
redfishhardware type. When such situation is detected, ironic will fall back to one-time boot device setting, restoring it on every reboot.
Fixes an issue where
ironic-conductorinitialization could return a
NodeNotLockederror for requests requiring locks when the conductor was starting. This was due to the conductor removing locks after beginning accepting new work. The lock removal has been moved to after the Database connectivity has been established but before the RPC bus is initialized.
Removes stale agent token on rescue and unrescue operations. Previously it would cause subsequent rescue operations to fail.
If the disk format of the image is provided in the instance_info, skip the memory check if it is set to raw and raw image streaming is enabled. That allows to stream raw images provided as URL and not through Glance.
Ramdisk logs are now collected during cleaning the same way as during deployment.
The Ironic Developers are proud to announce the release of Ironic 15.0! This release contains a number of changes that have been sought by operators and users of Ironic for some time, including support for UEFI booting a software RAID system, improved Ironic/Ironic Python Agent security, multi-tenancy constructs, a hardware retirement mechanism, stateful DHCPv6, and numerous fixes. We sincerely hope you enjoy!
Adds REST API endpoints for indicator management. Three new endpoints, for listing, reading and setting the indicators, reside under the
Adds support of “agent token” which serves as a mechanism to secure the normally unauthenticated API endpoints in ironic which are used in the mechanics of baremetal provisioning. This feature is optional, however operators may require this feature by changing the
is_allocation_ownerpolicy rule, which can be applied to allocation get/update/delete rules. Also adds
baremetal:allocation:list_allrules for listing owned allocations and all allocations. Default rules are unaffected, so default behavior is unchanged.
Adds a new configuration option
[console]port_range, which specifies the range of ports can be consumed for the IPMI serial console. The default value is
Nonefor backwards compatibility. If the
ipmi_terminal_portis not specified in the driver information for a node, a free port will be allocated from the configured port range for further use.
For baremetal operations on DHCPv6-stateful networks multiple IPv6 addresses can now be allocated for neutron ports created for provisioning, cleaning, rescue or inspection. The new parameter
[neutron]/dhcpv6_stateful_address_countcontrols the number of addresses to allocate (Default: 4).
Adds functionality with neutron integration to support dual-stack (IPv4 and IPv6 environment configurations). This enables ironic to look up the attached port(s) and supply DHCP options in alignment with the protocol version allocated on the port.
BIOS interfacefor the
idrachardware type. Primarily, implemented
apply_configurationclean and deploy steps, as asynchronous operations. For more details, see story 2007400.
ilo-virtual-mediaboot interface now supports managing boot for in-band inspection. This enables using virtual media instead of PXE for in-band inspection.
Adds the capability for the
instance_info\image_checksumvalue to be optional in stand-alone deployments if the
instance_info\image_os_hash_valuefields are populated.
Makes management interface of
redfishhardware type not change the current boot frequency if the current setting is the same as the desired one. The goal is to avoid touching a potentially faulty BMC option whenever possible.
Adds a new
[ipmi]debugoption that allows users to explicitly turn IPMI command debugging on, as opposed to relying upon the system debug setting
[DEFAULT]debug. Users wishing to continue to log this output should set
Truein their ironic.conf.
Changes neutron port updates to use auth values from Ironic’s neutron conf, preventing issues that can arise when a non-admin user manages Ironic nodes. A check is added to the port update function to verify that the user can actually see the port. This adds an additional Neutron request call to all port updates.
lesseefield to nodes. This field is exposed to policy, so if a policy file permits, a lessee will have access to specified node APIs.
baremetal:node:instance_infopolicies to allow finer-grained policy control over node updates. In order to use standalone Ironic to provision a node, a user must be able to update
extraif using metalsmith), and a lessee should not be able to update all node attributes.
redfish_system_idproperty of redfish hardware type has been made optional. If not specified in
driver_info, and the target BMC manages a single ComputerSystem, ironic will assume that system. Otherwise, ironic will fail requiring explicit
To allow use of the
neutronnetwork interface in combination with
flatprovider networks where no actual switch management is done. The
local_link_connectionfield on ports is extended to support the
Target devices for software RAID can now be specified in the form of device hints (same as for root devices) in the
physical_disksparameter of a logical disk configuration. This requires ironic-python-agent from the Ussuri release series.
root_prefixparameter to the sushy context based on the path of
redfish_address. Defaults to sushy
/redfish/v1/). This is needed if the Redfish API is not located in the default
Adds support for bootable software RAID with UEFI boot mode.
rescueoperation are now hashed for transmission to the
ironic-python-agent. This functionality requires
[conductor]rescue_password_hash_algorithmnow defaults to
sha256, and may be set to
ansibledeployment interface does not support use of an
agent tokenat this time.
The minimum supported version of
2.7. All support for previous Ansible versions is no longer maintained.
The default value of
[deploy]/default_boot_optionis changed from
Due to the default boot option change, partition images without
grub2will be unable to be deployed without the
boot_optionfor the node to be explicitly set to
The required minimum version of the
sushypython Redfish API client library is now version
Removes compatibility with deploy interfaces that do not use deploy steps.
[pxe]ip_versionsetting may no longer be required depending on neutron integration.
Operators that used the
[DEFAULT]my_ipsetting with an IPv6 address may wish to explore migrating to the
[DEFAULT]my_ipv6setting. Setting both values enables the appropriate IP addresses based on protocol version for PXE/iPXE.
[DEFAULT]force_raw_imagesis set to
true, then MD5 will not be utilized to recalculate the image checksum. This requires the
ironic-python-agentramdisk to be at least version 3.4.0.
Debug logging control has been moved to the
[ipmi]debugconfiguration setting as opposed to the “conductor”
[DEFAULT]debugsetting as the existing
ipmitooloutput can be extremely misleading for users. Operators who wish to continue to log
ipmitoolverbose output in their logs should explicitly set the
[ipmi]debugcommand to True.
The dependency on
oslo.i18nis now optional. If you would like messages from ironic to be translated, you need to install it explicitly.
The guru meditation reporting functionality is now optional and the
oslo.reportspackage is no longer a part of requirements. Install it manually if you need this feature.
The configuration option
[pxe]ipxe_enabledwas deprecated and now has been removed, thus the support for iPXE from the
pxeinterface was removed. To use iPXE, the boot interface should be migrated to
ipxeor other boot interfaces capable of booting from iPXE.
Some deploy interfaces use the
continue_node_deployRPC call to notify the conductor when they’re ready to leave the
deploycore deploy step. Currently ironic allows a node to be either in
deployingstate when entering this call. This is deprecated, and in the next release a node will have to be in the
DEPLOYWAIT) state for this call.
Image checksum recalculation when images are forced to raw images, are now calculated using
SHA3-256if MD5 was selected. This is now unconditional.
Operators wishing to enforce all rescue passwords to be hashed should use the
[conductor]require_rescue_password_hashedsetting and set it to a value of
This setting will be changed to a default of
Truein the Victoria development cycle.
The secret token that is used for IPA verification will be generated using the secrets module to be in compliance with the
Fixes an issue with the agent client code where checks of the agent command status had no logic to prevent an intermittent or transient connection failure from causing the entire operation to fail.
Fixes ‘Invalid parameter value for SpanLength’ when configuring RAID using Python 3. This passed incorrect data type to iDRAC, e.g., instead of 2 it passed 2.0. See story 2004265.
Fixes RAID configuration using idrac-wsman RAID interface where node remains in ‘clean wait’ provisioning state forever. See story 2007567.
Fixes an issue where a node may be locked from changes if a conductor’s hostname case is changed before restarting the conductor service.
Fixes an issue in the
ironic-python-agentclient code where a command exception may not be captured in the interaction with the agent rest API. The client code would return the resulting error message and a static error code. We now look with-in the error to detect if the error may be a compatability error to raise the appropriate exception for fallback logic to engage.
Improves interoperability with Redfish BMCs by untying node boot mode change from other boot parameters change (such as boot device, boot frequency).
Fixes vague node
last_errorfield reporting upon deploy step failure by providing the exception error message in addition to the step that failed.
The ‘no address available’ problem seen when network booting on DHCPv6-stateful networks is fixed with the support for allocating multiple IPv6 addresses. See bug: 1861032.
Fixes an agent command issue in the bootloader installation process that can present itself as a connection timeout under heavy IO load conditions. Now installation commands have an internal timeout which is double the conductor wide
[agent]command_timeout. For more information, see bug 2007483.
Use SHA256 for comparing file contents instead of MD5. This improves FIPS compatibility.
Fixes a bug in the
idrachardware type where when creating one or more virtual disks on a RAID controller that supports passthru mode (PERC H730P), the cleaning step would finish before the job to create the virtual disks actually completed. This could result in the client attempting to perform another action against the iDRAC that creates a configuration job, and that action would fail since the job to create the virtual disk would still be executing. This patch fixes this issue by only allowing the cleaning step to finish after the job to create the virtual disk completes. See bug bug 2007285 for more details.
Certain RAID controllers (PERC H730P) require physical disks to be switched from non-RAID (JBOD) mode to RAID mode to be included in a virtual disk. When this conversion happens, the available free space on the physical disk is reduced due to some space being allocated to RAID mode housekeeping. If the user requests a virtual disk (a RAID 1 for example) with a size close to the max size of the physical disks when they are in JBOD mode, then creation of the virtual disk following conversion of the physical disks from JBOD to RAID mode will fail since there is not enough space due to the space used by RAID mode housekeeping. This patch works around this issue by recalculating the RAID volume size after physical disk conversion has completed and the free space on the converted drives is known. Note that this may result in a virtual disk that is slightly smaller than the requested size, but still the max size that the drives can support. See bug bug 2007359 for more details
Fixes state report via Guru Meditation Reports that did not work previously because of empty
log_dirand no way to configure this configuration option.
Fixed a bug where rebooting a node managed by the
idrachardware type when using the WS-MAN power interface sometimes fails with a
The command failed to set RequestedStateerror. See bug 2007487 for details.
If a node is in mid-deployment or cleaning and its conductor dies, ironic will move that node into a failed state. However, this wasn’t being done if those nodes were also in maintenance. This has been fixed. See story 2007098 for more details.
Now that HUAWEI ironic 3rd party CI is back, the
ibmchardware type driver is supported.
Fixes an issue where a node may be locked from changes if a conductor’s hostname case is changed before restarting the conductor service. clean up the reservation once the conductor stopped.
Renames misleadingly named
images.create_esp_image_for_uefi. The new name reflects what’s actually going on under the hood.
[conductor]power_state_change_timeoutdefault value has been extended to
30seconds. This is due to some API interfaces with Redfish, may cache the power state and thus may take longer than thirty seconds to update after a change has been requested. Please see here for more information.
The rootwrap filter file called “ironic-lib.filters” is no longer part of Ironic. The same file is available from the ironic-lib module which is already an install requirement.
instance_info/kernel_append_paramsproperty support to
redfishhardware type. If given, this property overrides
[redfish]/kernel_append_paramsironic option. The rationale for adding this property is to allow passing node-specific kernel parameters to instance kernel. One of the use-cases for this is to pass node static network configuration to the kernel.
Adds support for node retirement by adding a
retiredproperty to the node. If set, a node moves upon automatic cleaning to
available). The new property also blocks the
providekeyword, i.e. nodes cannot move from
available. Furthermore, there is an additional optional field
retirement_reasonto store the reason for the node’s retirement.
ownerfield to allocations. Depending on policy, a non-admin can then create an allocation and have the owner set to their project. Allocation processing will then ensure that only nodes with the same owner are matched.
Adds support for specifying vendor_data when building config drives. Starting with API version 1.59, a JSON based
/v1/nodes/<node>/states/provisioncan include the key
vendor_data. This data will be built into the configdrive contents as
idrachardware type support of a virtual media boot interface implementation that utilizes the Redfish out-of-band (OOB) management protocol and is compatible with the integrated Dell Remote Access Controller (iDRAC) baseboard management controller (BMC). It is named
idrachardware type declares support for that new interface implementation, in addition to all boot interface implementations it has been supporting. The highest priority boot interfaces remain the same. It now supports the following boot interface implementations, listed in priority order from highest to lowest:
To use the new boot interface, install the
For more information, see story 2006570.
It’s now possible to force booting for in-band inspection to be managed by ironic by setting the new
True. In-band inspection will fail if the node’s driver does not support managing boot for it.
ipxeboot interfaces, as well as all in-tree network interfaces, now support managing in-band inspection boot.
Allows reading the
instance_info, overriding the value in
properties. This enables per-instance root device settings and requires the Ussuri release of ironic-python-agent.
is_node_ownerpolicy rule. This rule can be used with node policy rules in order to expose specific node APIs to a project ID specified by a node’s
ownerfield. Default rules are unaffected, so default behavior is unchanged.
A port is owned by its associated node’s owner. This owner is now exposed to policy checks, giving Ironic admins the option of modifying the policy file to allow users specified by a node’s owner field to perform API actions on that node’s associated ports through the
redfish-virtual-mediaboot interface now supports managing boot for in-band inspection. This enables using virtual media instead of PXE for in-band inspection.
Software RAID is no longer limited to images which have the root file system in the first partition.
Changes the minimum version of Ansible for use with the
deploy_interfaceto version 2.5.
Python 2.7 support has been dropped. Last release of Ironic to support Python 2.7 is OpenStack Train. The minimum version of Python now supported by Ironic is Python 3.6.
For the managed in-band inspection to work, make sure that the Bare Metal Introspection endpoint (either in the service catalog or in the
[inspector]endpoint_overrideconfiguration option) is not set to localhost. Alternatively, set the
[inspector]callback_endpoint_overrideoption to a value with a real IP address.
agent_versionof the heartbeat interface is now mandatory to all interfaces that inherit from HeartbeatMixin.
Operators using custom PXE/iPXE/Grub templates should update them to remove an explicit mention of
ipa-api-url. This field is now a part of
The configuration option
[agent]heartbeat_timeoutwas deprecated before ocata release and now removed, please use
The configuration option
[glance]glance_num_retrieswas deprecated and now removed, please use
The configuration option
[disk_utils]iscsi_verify_attemptswas deprecated in Train and it’s now removed from ironic-lib. Please use the
For Software RAID, the IPA no longer assumes that the root file system of the deployed image is in the first partition. Instead, it will use the UUID passed from the conductor. Operators need hence to make sure that the conductor has the correct UUID (which either comes from the
rootfs_uuidfield in the image metadata or from the
root_uuid_or_disk_idin the node’s
ibmchardware type has been deprecated. While the Huawei team setup Third-Party CI for the driver’s inclusion into ironic, the CI unfortunately went down around the time the United States of America announced commerce restrictions against Huawei.
Unfortunantely, without third party CI and no contacts to maintain the driver, the ironic community is left with little choice but to deprecate and ultimately remove the driver.
irmchardware type has been deprecated. The Third Party CI for the driver stopped responding on or around July 7th, 2019. As such, we cannot claim fixes or changes to the driver are in a working state.
We have heard from the Fujitsu team that they intend to return
irmcCI to working order, and as such should that occur this deprecation will be revoked.
Node secrets (such as BMC credentials) are no longer logged when JSON RPC is used and DEBUG logging is enabled.
Prevents additional updates of an agent
callback_urlthrough the agent heartbeat
/v1/heartbeat/<node_uuid>endpoint as the
callback_urlshould remain stable through the cleaning, provisioning, or rescue processes. Should anything such as an unexpected agent reboot cause the
callback_url, heartbeat operations will now be ignored. More information can be found at story 2006773.
ironic.api.wsgicompatible with WSGI containers that cannot use an executable WSGI entry point. For example, with gunicorn:
gunicorn -b 0.0.0.0:6385 'ironic.api.wsgi:initialize_wsgi_app(argv=)'
Now passing proper flags during clean up of iPXE boot environments, so that no leftovers are left after node tear down.
Fixes a bug in the
idrachardware type where configuration job for RAID
delete_configurationcleaning step gets created even when there are no virtual disks or hotspares/dedicated hotspares present on any controller. See bug 2006562 for details.
Fixes a bug in the
idrachardware type where a race condition can occur on a host that has a mix of controllers where some support realtime mode and some do not. The approach is to use only realtime mode if all controllers support realtime. This removes the race condition. See bug 2006502 for details.
Corrects logic in the entry path of node cleaning and deployment processes to prohibit
agent_urlfrom being preemptively removed if
fast_trackis enabled and in use. This allows fast track cleaning and deployment operations to succeed.
Fixes issue where the resource list API returned results with requested fields only until the API
MAX_LIMIT. After the API
MAX_LIMITis reached the API started ignoring user requested fields. This fix will make sure that the next url generated by the pagination code will include the user requested fields as query parameter.
Fixes an issue that when
ipxeinterface is in use with
[pxe]ipxe_enabledset to false, the PXE configuration is not handled properly which prevents the machine from performing a successful iPXE boot.
Fixes virtual media boot when served using a local HTTP server, i.e.
Fixes drive sensors information collection in
redfishmanagement interface. Prior to this fix, wrong Redfish schema has been used for Drive resource what has been causing exception and ultimately sensor data collection failure.
Fixes a possible console lockup issue in case of PID file not being yet created while daemon start has call already returned success return code.
Fixes a bug in the
idrachardware type where executing the
clear_job_queueclean step, pending non-BIOS config jobs (E.g. create/delete virtual disk) were not being deleted before job execution.
See bug 2006580 for details.
Fixes an issue with fasttrack where a recent security related change to prevent the
agent_urlfield from being updated in a node, to functionally prevent fast_track from succeeding as the node would fail with an exception indicating the
agent_urlcould not be found. The required
agent_urlvalue is now preserved when the fast track feature is enabled as the running ramdisk is not shut down.
Fixes a minor issue with
get_boot_optionlogic that did not account for Software RAID. This can erroniously cause the deployment to take the the incorrect deployment path and attempt to install a boot loader.
Add timeout when querying agent for commands status. Without it, node can lock up for a quite long time and ironic will not allow to perform any operations with it.
Fixes incorrect parsing of
ibmc_addresswith a port but without a schema in the
ibmchardware type on Python 3.8.
When using the PERC H730P RAID controller, physical disks must be put into RAID mode prior to creating a virtual disk that includes them. If one or more physical disks are in JBOD/Non-RAID mode when creating a virtual disk from them, then the iDRAC will return an error. This patch ensures that the physical disks being included in a virtual disk are converted to RAID mode prior to creating the virtual disk.
idracconverts physical drives from
JBODmode after RAID
delete_configurationcleaning step through raid interface. This ensures that the individual disks freed by deleting the virtual disks are visible to the OS.
Support for some hardware, including some Dell EMC servers, is broken when using the Redfish hardware type with sushy 1.9.0. The minimum version for the sushy library is now 2.0.0. See story 2006702 for more information.
Fixes an issue where a provisioned or allocated node could have its owner changed. For backwards compatibility, we preserve the ability to do so for a provisioned node through the use of the
baremetal:node:update_owner_provisionedpolicy rule. We always prevent the update if the node is associated with an allocation that specifies an owner.
Fixes a bug with the grub ramdisk boot template handling, such that the template now properly references the user provided kernal and ramdisk. Previously the deployment ramdisk and kernel was referenced in the template.
When installing a whole disk image using iscsi, set up the bootloader even if a root partition can not be found. The bootloaders will be located on the disk.
Boot and network interface implementations can now manage boot for in-band inspection by implementing the new methods:
Previously only ironic-inspector itself could manage boot for it. This change opens a way for non-PXE implementations of in-band inspection.