Yoga Series (8.3.0 - 8.5.x) Release Notes¶
8.5.3-2¶
Security Issues¶
Ironic-Python-Agent versions prior to the 2023.1 release are vulnerable to CVE-2024-44082, tracked in bug 2071740 <https://bugs.launchpad.net/bugs/2071740>_. Deployers of Ironic versions Zed or older must apply CVE-2024-44082 fixes to their Ironic environment and leave (default for all releases Zed and older)
[conductor]/conductor_always_validates_images
set toTrue
. This ensures the conductor will security check the image because Ironic-Python-Agent will not.
8.5.3¶
Bug Fixes¶
Fixes, or at least lessens the case where a running Ironic agent can stack up numerous lookup requests against an Ironic deployment when a node is locked. In particular, this is beause the lookup also drives generation of the agent token, which requires the conductor to allocate a worker, and generate the token, and return the result to the API client. Ironic’s retry logic will now wait up to
60
seconds, and if an HTTP Conflict (409) message is received, the agent will automatically pause lookup operations for thirty seconds as opposed continue to attempt lookups which could create more work for the Ironic deployment needlessly.
8.5.2¶
Bug Fixes¶
Fixes UEFI NVRAM record handling with efibootmgr so we can accept and handle UTF-16 encoded data which is to be expected in UEFI NVRAM as the records are UTF-16 encoded.
Fixes handling of UEFI NVRAM records to allow for unexpected characters in the response, so it is non-fatal to Ironic.
8.5.1¶
Known Issues¶
Creating a configdrive partition on a devicemapper device (e.g. a multipath storage device) with MBR partitioning may fail with the following error:
Command execution failed: Failed to create config drive on disk /dev/dm-0 for node 168af30d-0fad-4d67-af99-b28b3238e977. Error: Unexpected error while running command.
Use GPT partitioning instead.
Bug Fixes¶
Fixes creating a configdrive partition on a devicemapper device (e.g. a multipath storage device) with GPT partitioning. The newly created partition is now detected by a pre-generated UUID rather than by comparing partition numbers.
Fixes configuring UEFI boot when the EFI partition is located on a devicemapper device.
Fixes GenericHardwareManager to find network information for bonded interfaces if they exist.
Fixes handling of Software RAID device discovery so RAID device
Names
andEvents
field values do not inadvertently cause the command to return unexpected output. Previously this could cause a deployment to when handling UEFI partitions.
Fixes failures with handling of Multipath IO devices where Active/Passive storage arrays are in use. Previously, “standby” paths could result in IO errors causing cleaning to terminate. The agent now explicitly attempts to handle and account for multipaths based upon the MPIO data available. This requires the
multipath
andmultipathd
utility to be present in the ramdisk. These are supplied by thedevice-mapper-multipath
ormultipath-tools
packages, and are not requried for the agent’s use.
Fixes non-ideal behavior when performing cleaning where Active/Active MPIO devices would ultimately be cleaned once per IO path, instead of once per backend device.
Fixes discovering WWN/serial numbers for devicemapper devices.
Other Notes¶
The ramdisk logs now contain an
lsblk
output with all pairs in the newlsblk-full
file.
The agent will now attempt to collect any multipath path information and upload it to the agent ramdisk, if the tooling is present.
8.5.0¶
New Features¶
Adds support for express cleaning mode where hardware-assisted, fast and secure data erasure is performed on NVMe devices that support it, while other devices fall back to erase_devices_metadata. The goal of this feature is to enable express node cleaning in environments with hybrid storage configuration (e.g. NVMe + HDD).
Bug Fixes¶
In case the CSV file used for the bootloader hint does not have BOM we fail reading its content as utf-16 codec is too generic. Fail over to utf-16-le as Little Endian is mostly used.
Fixes handling of a Partition UUID being returned instead of a Partition’s UUID when the OS may not return the Partition’s UUID in time. These two fields are typically referred to as PARTUUID and UUID, respectively. Often these sorts of issues arise under heavy IO load. We now scan, and identify which “UUID” we identified, and update a Linux fstab entry appropriately. For more information, please see story #2009881.
Adds device rescan operation after partitioning the root device to ensure that updated UUIDs are reflected correctly