From 84f1a1c3217f1693c46ef31ffbb24d258cee86f6 Mon Sep 17 00:00:00 2001 From: Julia Kreger Date: Wed, 3 May 2023 09:52:08 -0700 Subject: [PATCH] Permit Ironic to notify IPA it can support MD5 Adds a new configuration option which can be set by an operator to tell Ironic's agent that it is able to process an MD5 checksum. Depends-On: https://review.opendev.org/c/openstack/ironic-python-agent/+/882367 Change-Id: I79228e773db9e60fcc2d16ec028ba233c4ba756f --- ironic/api/controllers/v1/ramdisk.py | 1 + ironic/conf/agent.py | 6 ++++++ ironic/tests/unit/api/controllers/v1/test_ramdisk.py | 1 + ...ic-to-tell-agent-about-md5-support-5c94da38c2f5dd10.yaml | 6 ++++++ 4 files changed, 14 insertions(+) create mode 100644 releasenotes/notes/permit-ironic-to-tell-agent-about-md5-support-5c94da38c2f5dd10.yaml diff --git a/ironic/api/controllers/v1/ramdisk.py b/ironic/api/controllers/v1/ramdisk.py index b98eb7dc21..14f5d9a2b7 100644 --- a/ironic/api/controllers/v1/ramdisk.py +++ b/ironic/api/controllers/v1/ramdisk.py @@ -57,6 +57,7 @@ def config(token): # explicit True statement for newer agents to lock the setting # and behavior into place. 'agent_token_required': True, + 'agent_md5_checksum_enable': CONF.agent.allow_md5_checksum, } diff --git a/ironic/conf/agent.py b/ironic/conf/agent.py index 33b8b65548..7709d2d1a7 100644 --- a/ironic/conf/agent.py +++ b/ironic/conf/agent.py @@ -163,6 +163,12 @@ opts = [ help=_('Path to the TLS CA that is used to start the bare ' 'metal API. In some boot methods this file can be ' 'passed to the ramdisk.')), + cfg.BoolOpt('allow_md5_checksum', + default=True, + help=_('When enabled, the agent will be notified it is ' + 'permitted to consider MD5 checksums. This option ' + 'is expected to change to a default of False in a ' + '2024 release of Ironic.')), ] diff --git a/ironic/tests/unit/api/controllers/v1/test_ramdisk.py b/ironic/tests/unit/api/controllers/v1/test_ramdisk.py index ec72f9ea3b..47aaa32313 100644 --- a/ironic/tests/unit/api/controllers/v1/test_ramdisk.py +++ b/ironic/tests/unit/api/controllers/v1/test_ramdisk.py @@ -79,6 +79,7 @@ class TestLookup(test_api_base.BaseApiTest): 'heartbeat_timeout': CONF.api.ramdisk_heartbeat_timeout, 'agent_token': mock.ANY, 'agent_token_required': True, + 'agent_md5_checksum_enable': CONF.agent.allow_md5_checksum, } self.assertEqual(expected_config, data['config']) self.assertIsNotNone(data['config']['agent_token']) diff --git a/releasenotes/notes/permit-ironic-to-tell-agent-about-md5-support-5c94da38c2f5dd10.yaml b/releasenotes/notes/permit-ironic-to-tell-agent-about-md5-support-5c94da38c2f5dd10.yaml new file mode 100644 index 0000000000..8db807d11c --- /dev/null +++ b/releasenotes/notes/permit-ironic-to-tell-agent-about-md5-support-5c94da38c2f5dd10.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Adds a ``[agent]allow_md5_checksum`` configuration + option which can be used to tell ``ironic-python-agent`` versions + newer than version ``9.4.0`` if MD5 is a permitted algorithm.