Wallaby Series (10.5.0 - 10.6.x) Release Notes¶

10.6.2¶

The response headers for empty body HTTP 204 replies, at present, violate RFC7230. This was not intentional, but underlying libraries also make inappropriate changes to the headers, which can cause clients to experience odd failures. This is anticipated to be corrected once an underlying issue in eventlet is resolved.

Fixes an issue where a failed inspection due to a transient failure can prevent retry attempts to inspect to be perceived as a failure. If a prior inspection fails and is in error state, when a new introspection is requested, the state is now appropriately set to starting.

Fixes HTTP responses so the Eventlet library, which is used to support the operation of the WSGI application, does not incorrectly inject a Transfer-Encoding header into the HTTP response, even on HTTP 204 replies, which is a violation of RFC7230. This header ultimately can cause varying client reactions which are not expected and can raise exceptions. For now, this has been remedied via an explicit return of a Content-Length header, which is also an RFC7230 violation, but it appears to be the lesser of known evils at this time.

Fixes issues in Inspector where various tasks would not have retry logic applied to them and may sporadically fail. This is because the OpenStack SDK does not comprehend the NodeLocked error, which previously python-ironicclient silently handled. Basic operations such as “power reboot” and “set boot device” will now be retried automatically if they fail. For more information, please see story 2009107.

The default policy will been replaced with one which aligns with the Secure-RBAC scopes and roles. Since ironic-inspector is a tool used only by system-level admins, only the system scope is supported, and the only roles in the policy rules are admin and reader.

[DEFAULT]/ipmi_address_fields now has ibmc_address in the default configuration, allowing introspection to try and match the BMC address if no ports are defined when using the ibmc driver.

The default value of [oslo_policy] policy_file config option has been changed from policy.json to policy.yaml. Operators who are utilizing customized policy files or previously generated static policy files (which are not needed by default), should generate new policy files and modify them to meet their needs in the event of any new policies or rules have been added. Please consult the oslopolicy-convert-json-to-yaml tool to convert a JSON to YAML formatted policy file in backward compatible way.

The new policy is only enforced when [oslo_policy] config is changed to enforce_new_defaults=True and enforce_scope=True, otherwise the existing deprecated policy is used. User accounts which rely on having the baremetal_admin or baremetal_observer roles will need to have system-scoped admin or reader roles to use the API when the new policy is enforced.

Use of legacy policy files was deprecated by the oslo.policy library during the Victoria development cycle. As a result, this deprecation is being noted in the Wallaby with an anticipated future removal of support by oslo.policy. As such operators will need to convert to YAML policy files. Please see the upgrade notes for details on migration of any custom policy files.

The previous policy is still enforced by default, but is now deprecated and will be removed in a future release.