kgess-mirror/openstack-ironic
1
0
Fork 0
mirror of https://opendev.org/openstack/ironic.git synced 2026-01-11 19:57:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
A service for managing and provisioning Bare Metal servers.
13628 commits 11 branches 233 tags 338 MiB
Find a file
Exact
Jay Faulkner 0506aae0c8 OSSA-2025-001: Disallow unsafe image file:// paths 
Before this change, Ironic did not filter file:// paths when used as an
image source except to ensure they were a file (and not, e.g. a
character device). This is problematic from a security perspective
because you could end up with config files from well-known paths being
written to disk on a node.

The allowlist default list is huge, but it includes all known usages of
file:// URLs across Bifrost, Ironic, Metal3, and OpenShift in both CI
and default configuration.

For the backportable version of this patch for stable branches, we have
omitted the unconditional block of system paths in order to permit
operators using those branches to fully disable the new security
functionality.

Generated-by: Jetbrains Junie
Closes-bug: 2107847
Change-Id: I2fa995439ee500f9dd82ec8ccfa1a25ee8e1179c
2025-05-08 07:26:44 -07:00
api-ref Allow setting of disable_power_off via API 2024-11-28 12:06:23 +00:00
devstack [2025.1 only] update devstack config 2025-03-28 09:58:42 +01:00
doc OSSA-2025-001: Disallow unsafe image file:// paths 2025-05-08 07:26:44 -07:00
etc Drop rootwrap support 2024-01-08 18:02:27 +01:00
ironic OSSA-2025-001: Disallow unsafe image file:// paths 2025-05-08 07:26:44 -07:00
playbooks [CI] Use bigger partition as work dir for metal3 job 2025-03-11 13:34:34 +00:00
redfish-interop-profiles Update the redfish interoperability profile 2024-06-27 16:24:24 +02:00
releasenotes OSSA-2025-001: Disallow unsafe image file:// paths 2025-05-08 07:26:44 -07:00
tools Implement graphical console read-only support 2025-03-02 22:27:33 +00:00
zuul.d Disable metal3 integration job in stable 2025.1 2025-03-27 15:05:30 +01:00
.coveragerc Use .coveragerc file 2024-02-02 23:17:12 +09:00
.gitignore Render the redfish interop profile in the docs 2024-06-27 16:32:28 +02:00
.gitreview Update .gitreview for stable/2025.1 2025-03-20 09:58:02 +00:00
.mailmap Add my new address to .mailmap 2020-04-13 07:29:37 -07:00
.pre-commit-config.yaml enable ruff in pre-commit with some initial lints 2024-12-16 09:07:39 -06:00
.stestr.conf Migrate to stestr as unit tests runner 2017-09-22 08:56:34 +00:00
bindep.txt Add vnc-container image build 2025-03-02 22:27:33 +00:00
CONTRIBUTING.rst Project Contributing updates for Goal 2020-02-20 02:01:21 +00:00
driver-requirements.txt Remove deprecated idrac wsman driver interfaces 2024-06-24 15:03:28 -07:00
LICENSE Added project infrastructure needs. 2013-05-02 14:55:43 -04:00
pyproject.toml enable ruff in pre-commit with some initial lints 2024-12-16 09:07:39 -06:00
README.rst Guide users/developers to launchpad 2024-03-13 19:34:50 +09:00
requirements.txt Add ironic-novncproxy service 2025-02-19 20:17:57 +00:00
setup.cfg Add vnc-container image build 2025-03-02 22:27:33 +00:00
setup.py add pyproject.toml to support pip 23.1 2024-11-05 08:00:24 -06:00
test-requirements.txt Drop direct dependency on iso8601 2025-03-01 06:06:01 +00:00
tox.ini Update TOX_CONSTRAINTS_FILE for stable/2025.1 2025-03-20 09:58:05 +00:00

README.rst 

======
Ironic
======

Team and repository tags
------------------------

.. image:: https://governance.openstack.org/tc/badges/ironic.svg
    :target: https://governance.openstack.org/tc/reference/tags/index.html

Overview
--------

Ironic consists of an API and plug-ins for managing and provisioning
physical machines in a security-aware and fault-tolerant manner. It can be
used with nova as a hypervisor driver, or standalone service using bifrost.
By default, it will use PXE and IPMI to interact with bare metal machines.
Ironic also supports vendor-specific plug-ins which may implement additional
functionality.

Ironic is distributed under the terms of the Apache License, Version 2.0. The
full terms and conditions of this license are detailed in the LICENSE file.

Project resources
~~~~~~~~~~~~~~~~~

* Documentation: https://docs.openstack.org/ironic/latest
* Source: https://opendev.org/openstack/ironic
* Bugs: https://bugs.launchpad.net/ironic/+bugs
* Wiki: https://wiki.openstack.org/wiki/Ironic
* APIs: https://docs.openstack.org/api-ref/baremetal/index.html
* Release Notes: https://docs.openstack.org/releasenotes/ironic/
* Design Specifications: https://specs.openstack.org/openstack/ironic-specs/

Project status, bugs, and requests for feature enhancements (RFEs) are tracked
in Launchpad:
https://launchpad.net/ironic

For information on how to contribute to ironic, see
https://docs.openstack.org/ironic/latest/contributor