kgess-mirror/openstack-ironic
1
0
Fork 0
mirror of https://opendev.org/openstack/ironic.git synced 2026-01-11 19:57:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
A service for managing and provisioning Bare Metal servers.
13381 commits 11 branches 233 tags 338 MiB
Find a file
Jay Faulkner 458457a338 OSSA-2025-001: Disallow unsafe image file:// paths 
Before this change, Ironic did not filter file:// paths when used as an
image source except to ensure they were a file (and not, e.g. a
character device). This is problematic from a security perspective
because you could end up with config files from well-known paths being
written to disk on a node.

The allowlist default list is huge, but it includes all known usages of
file:// URLs across Bifrost, Ironic, Metal3, and OpenShift in both CI
and default configuration.

For the backportable version of this patch for stable branches, we have
omitted the unconditional block of system paths in order to permit
operators using those branches to fully disable the new security
functionality.

Generated-by: Jetbrains Junie
Closes-bug: 2107847
Change-Id: I2fa995439ee500f9dd82ec8ccfa1a25ee8e1179c
2025-05-08 07:29:39 -07:00
api-ref Merge "Added missing fields in API Ref" 2024-10-31 16:36:44 +00:00
devstack Use specific fix-commit from dnsmasq 2024-11-19 10:37:21 -08:00
doc OSSA-2025-001: Disallow unsafe image file:// paths 2025-05-08 07:29:39 -07:00
etc Drop rootwrap support 2024-01-08 18:02:27 +01:00
ironic OSSA-2025-001: Disallow unsafe image file:// paths 2025-05-08 07:29:39 -07:00
playbooks Use quay.io registry image for metal3 job 2024-11-21 18:02:26 +01:00
redfish-interop-profiles Update the redfish interoperability profile 2024-06-27 16:24:24 +02:00
releasenotes OSSA-2025-001: Disallow unsafe image file:// paths 2025-05-08 07:29:39 -07:00
tools Fix genconfig: remove now-gone ironic_lib modules 2024-11-15 07:53:04 -08:00
zuul.d [bugfix only] Pin upper-constraints and remove metal3 job 2025-01-08 16:41:13 +01:00
.coveragerc Use .coveragerc file 2024-02-02 23:17:12 +09:00
.gitignore Render the redfish interop profile in the docs 2024-06-27 16:32:28 +02:00
.gitreview Update .gitreview for bugfix/27.0 2024-11-25 17:01:15 +00:00
.mailmap Add my new address to .mailmap 2020-04-13 07:29:37 -07:00
.pre-commit-config.yaml bump some pre-commit hooks and remove default cfg 2024-11-09 12:25:48 -05:00
.stestr.conf Migrate to stestr as unit tests runner 2017-09-22 08:56:34 +00:00
bindep.txt Merge "Add support for Ubuntu 24.04" 2024-11-18 15:20:37 +00:00
CONTRIBUTING.rst Project Contributing updates for Goal 2020-02-20 02:01:21 +00:00
driver-requirements.txt Remove deprecated idrac wsman driver interfaces 2024-06-24 15:03:28 -07:00
LICENSE Added project infrastructure needs. 2013-05-02 14:55:43 -04:00
pyproject.toml bump some pre-commit hooks and remove default cfg 2024-11-09 12:25:48 -05:00
README.rst Guide users/developers to launchpad 2024-03-13 19:34:50 +09:00
requirements.txt Remove default override for config options policy_file 2024-11-10 21:37:55 -08:00
setup.cfg Remove trailing whitespace 2024-10-29 14:55:44 -07:00
setup.py add pyproject.toml to support pip 23.1 2024-11-05 08:00:24 -06:00
test-requirements.txt Remove postgresql testing and documentation 2024-11-12 14:41:04 -08:00
tox.ini [bugfix only] Pin upper-constraints and remove metal3 job 2025-01-08 16:41:13 +01:00
upper-constraints.txt [bugfix only] Pin upper-constraints and remove metal3 job 2025-01-08 16:41:13 +01:00

README.rst 

======
Ironic
======

Team and repository tags
------------------------

.. image:: https://governance.openstack.org/tc/badges/ironic.svg
    :target: https://governance.openstack.org/tc/reference/tags/index.html

Overview
--------

Ironic consists of an API and plug-ins for managing and provisioning
physical machines in a security-aware and fault-tolerant manner. It can be
used with nova as a hypervisor driver, or standalone service using bifrost.
By default, it will use PXE and IPMI to interact with bare metal machines.
Ironic also supports vendor-specific plug-ins which may implement additional
functionality.

Ironic is distributed under the terms of the Apache License, Version 2.0. The
full terms and conditions of this license are detailed in the LICENSE file.

Project resources
~~~~~~~~~~~~~~~~~

* Documentation: https://docs.openstack.org/ironic/latest
* Source: https://opendev.org/openstack/ironic
* Bugs: https://bugs.launchpad.net/ironic/+bugs
* Wiki: https://wiki.openstack.org/wiki/Ironic
* APIs: https://docs.openstack.org/api-ref/baremetal/index.html
* Release Notes: https://docs.openstack.org/releasenotes/ironic/
* Design Specifications: https://specs.openstack.org/openstack/ironic-specs/

Project status, bugs, and requests for feature enhancements (RFEs) are tracked
in Launchpad:
https://launchpad.net/ironic

For information on how to contribute to ironic, see
https://docs.openstack.org/ironic/latest/contributor