2024.2 Series Release Notes¶

9.14.0¶

Deployers implementing their own HardwareManagers must to audit their code for unsafe uses of qemu-img and related methods.

Ironic-Python-Agent now checks any supplied image format value against the detected format of the image file and will prevent deployments should the values mismatch.

Images previously misconfigured as raw despite being in another format, in some non-default configurations, may have been mistakenly converted if needed. Ironic-Python-Agent will no longer perform conversion in any case for images with metadata indicating in raw format.

Ironic-Python-Agent always inspects any non-raw user image content for safety before running any qemu-based utilities on the image. This is utilized to identify the format of the image and to verify the overall safety of the image. Any images with unknown or unsafe feature uses are explicitly rejected. This can be disabled in both IPA and Ironic by setting [conductor]disable_deep_image_inspection to True for the Ironic deployment. Image inspection is the primary mitigation for CVE-2024-44082 being tracked in bug 2071740. Operators may desire to set [conductor]conductor_always_validates_images on Ironic conductors to mitigate the issue before they have upgraded their Ironic-Python-Agent.

Ironic-Python-Agent now explicitly enforces a list of permitted image types for deployment, defaulting to “raw” and “qcow2”. Other image types may work, but are not explicitly supported and must be enabled. This can be modified by setting [conductor]permitted_image_formats for all Ironic services.

Adds a preliminary check for IPMI device files before the BMC detection attempts, optimizing ipmitool command calls on systems without IPMI capabilities.

Fixes multiple issues in the handling of images as it related to execution of the qemu-img utility. When using this utility to convert an unsafe image, a malicious user can extract information from a node while Ironic-Python-Agent is deploying or converting an image. Ironic-Python-Agent now inspects all non-raw images for safety, and never runs qemu-based utilities on raw images. This fix is tracked as CVE-2024-44082 and bug 2071740.

Images with metadata indicating a “raw” disk format may have been transparently converted from another format. Now, these images will have their exact contents imaged to disk without modification.

Adds a deploy step clean_uefi_nvram to remove unrequired extra UEFI NVRAM boot entries. By default any entry matching HD as the root device, or with a shim or grub efi file in the path will be deleted, ensuring that disk based boot entries are removed before the new entry is created for the written image. The match_patterns parameter allows a list of regular expressions to be passed, where a case insensitive search in the device path will result in that entry being deleted.

For a long time block device information originating form lsblk and udev was handled in a mutually exclusive way during root disk selection. The new mix and match approach allows IPA to collect and match disk serial and wwn root device hints against values coming from both lsblk and udev at the same time. The mix and match approach is necessary to handle edge cases where the serial and/or wwn information is different in lsblk compared to udev.

Add attached USB device auto discovery. The information is retrieived from lshw tool and store in introspection data result.

Fixes an issue where configuration drive volumes which are mounted by the operating system could remain mounted and cause a lock to be held, which may conflict with actions such as rebuild. The agent now always makes sure the folder used by Glean and Cloud-init is not mounted.

Fixes bug 2066308, an issue where Ironic Python Agent would call evaluate_hardware_support multiple times on hardware manager plugins. Scanning for hardware and disks is time consuming, and caused timeouts on badly-performing nodes.

Adds support for disks with 4096 sector size when cleaning disk metadata. Previously, only 512 sector size disks were supported.