Rocky Series (8.0.0 - 8.0.x) Release Notes¶
8.0.4¶
Bug Fixes¶
Fixes an issue while mapping port InfiniBand MAC address to EthernetOverInfiniBand MAC. Prior to this fix, it will fail to map and raise an exception.
8.0.3¶
Security Issues¶
Fixes insufficient input filtering when looking up a node by information from the introspection data. It could potentially allow SQL injections via the
/v1/continue
API endpoint. See story 2005678 for details.
Bug Fixes¶
Fix starting inspection of node having IPv6 BMC address. Inspection could not be initiated because v6 address was being considered as a hostname. Thus resolving incorrect hostname ended up with blocking error.
8.0.2¶
Bug Fixes¶
Allows the
set-attribute
introspection rule action to acceptNone
as value for a property.
8.0.1¶
Bug Fixes¶
A new rootwrap filter is now included to allow control of the systemd dnsmasq service used by ironic-inspector. This fixes a permission issue when systemctl commands are used as
dnsmasq_start_command
anddnsmasq_stop_command
in the configuration for the dnsmasq pxe filter. See bug 2002818.Note
The filter uses the systemd service name used by the RDO distribution (
openstack-ironic-inspector-dnsmasq.service
).
Fixes issue that can result in introspection failure when a network switch sends incomplete information for LLDP switch_id or port_id. The validation expects these fields when a port is updated, this fix now handles the validation exception.
8.0.0¶
New Features¶
Adds new parameter
manage_boot
to the introspection API to allow disabling boot management (setting the boot device and rebooting) for a specific node. If it is set toFalse
, the boot is supposed to be managed by a 3rd party.If the new option
can_manage_boot
is set toFalse
(the default isTrue), then ``manage_boot
must be explicitly set toFalse
.
Modifies introspection rules to allow formatting to be applied to strings nested in dicts and lists in the actions.
Upgrade Notes¶
Updates the default Ironic API version to 1.38.
This version is used by default within the Bare Metal Inspection service when communicating with the Bare Metal API. It is the default used by processing plugins, which may override the version, and by introspection rules, which may not override the version.
1.38 was the API version at the time of the most recent Queens series Bare Metal service release (10.1.0).
See story 2002166.
Bug Fixes¶
The
dnsmasq
PXE filter no longer whitelists the MAC addresses of ports deleted from the Bare Metal service. Instead they are blacklisted unless introspection is active or thenode_not_found_hook
is set in the configuration. This ensures that no previously enrolled node accidentally boot the inspection image when no node introspection is active. Bug #2001979.
Stops introspection when setting boot device is failed, as the node is not guaranteed to perform a PXE boot in this case.
Other Notes¶
The deprecated configuration option
[iptables]manage_firewall
was removed, use[pxe_filter]driver
to set filtering driver.