kgess-mirror/openstack-ironic
1
0
Fork 0
mirror of https://opendev.org/openstack/ironic.git synced 2026-01-11 19:57:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
A service for managing and provisioning Bare Metal servers.
11776 commits 11 branches 233 tags 338 MiB
Find a file
Jay Faulkner 62c7535fb3 OSSA-2025-001: Disallow unsafe image file:// paths 
Before this change, Ironic did not filter file:// paths when used as an
image source except to ensure they were a file (and not, e.g. a
character device). This is problematic from a security perspective
because you could end up with config files from well-known paths being
written to disk on a node.

The allowlist default list is huge, but it includes all known usages of
file:// URLs across Bifrost, Ironic, Metal3, and OpenShift in both CI
and default configuration.

For the backportable version of this patch for stable branches, we have
omitted the unconditional block of system paths in order to permit
operators using those branches to fully disable the new security
functionality.

Generated-by: Jetbrains Junie
Closes-bug: 2107847
Change-Id: I2fa995439ee500f9dd82ec8ccfa1a25ee8e1179c
(cherry picked from commit 98c25db51d)
(cherry picked from commit b956c88bb3)
Signed-off-by: Elod Illes <elod.illes@est.tech>
2025-08-01 22:49:49 +02:00
api-ref API endpoints to get node history 2021-09-15 10:54:11 -07:00
devstack Try limiting MTU to at least 1280 2024-09-12 18:07:27 +00:00
doc OSSA-2025-001: Disallow unsafe image file:// paths 2025-08-01 22:49:49 +02:00
etc Bye-bye iSCSI deploy, you served us well 2021-05-04 14:28:25 +02:00
ironic OSSA-2025-001: Disallow unsafe image file:// paths 2025-08-01 22:49:49 +02:00
playbooks/ci-workarounds ci-workarounds/get_extra_logging.yaml : avoid grep failure 2021-07-29 16:39:19 +10:00
releasenotes OSSA-2025-001: Disallow unsafe image file:// paths 2025-08-01 22:49:49 +02:00
tools [stable-only] Fix errors building docs 2025-05-08 19:56:29 +00:00
zuul.d [Stable Only] pin virtualbmc/sushy-tools/ironic-tempest-plugin to last released tag 2025-05-20 14:39:31 +02:00
.gitignore Migrate to stestr as unit tests runner 2017-09-22 08:56:34 +00:00
.gitreview Update .gitreview for unmaintained/xena 2024-03-14 11:27:59 +00:00
.mailmap Add my new address to .mailmap 2020-04-13 07:29:37 -07:00
.stestr.conf Migrate to stestr as unit tests runner 2017-09-22 08:56:34 +00:00
bindep.txt CI: use a custom cirros partition image instead of the default 2022-02-17 09:53:06 +01:00
CONTRIBUTING.rst Project Contributing updates for Goal 2020-02-20 02:01:21 +00:00
driver-requirements.txt stable only/ci: pin CI to dnsmasq 2.85/pin proliantutils 2024-03-15 09:39:11 -07:00
LICENSE Added project infrastructure needs. 2013-05-02 14:55:43 -04:00
lower-constraints.txt Fix iRMC driver to use certification file in HTTPS 2022-09-02 22:17:46 +09:00
README.rst Add ironic-specs link to readme.rst 2019-08-30 17:16:09 +08:00
requirements.txt Stable only: Factor out addition of packaging lib 2022-10-04 19:50:04 +00:00
setup.cfg Move ramdisk deploy to its own module 2021-09-06 16:30:53 +02:00
setup.py Cleanup Python 2.7 support 2020-04-03 17:49:23 +02:00
test-requirements.txt Update requirements 2021-07-13 14:37:28 +02:00
tox.ini [CI][doc] Turn off sphinx's warning as error feature 2025-08-01 18:25:44 +02:00

README.rst 

======
Ironic
======

Team and repository tags
------------------------

.. image:: https://governance.openstack.org/tc/badges/ironic.svg
    :target: https://governance.openstack.org/tc/reference/tags/index.html

Overview
--------

Ironic consists of an API and plug-ins for managing and provisioning
physical machines in a security-aware and fault-tolerant manner. It can be
used with nova as a hypervisor driver, or standalone service using bifrost.
By default, it will use PXE and IPMI to interact with bare metal machines.
Ironic also supports vendor-specific plug-ins which may implement additional
functionality.

Ironic is distributed under the terms of the Apache License, Version 2.0. The
full terms and conditions of this license are detailed in the LICENSE file.

Project resources
~~~~~~~~~~~~~~~~~

* Documentation: https://docs.openstack.org/ironic/latest
* Source: https://opendev.org/openstack/ironic
* Bugs: https://storyboard.openstack.org/#!/project/943
* Wiki: https://wiki.openstack.org/wiki/Ironic
* APIs: https://docs.openstack.org/api-ref/baremetal/index.html
* Release Notes: https://docs.openstack.org/releasenotes/ironic/
* Design Specifications: https://specs.openstack.org/openstack/ironic-specs/

Project status, bugs, and requests for feature enhancements (RFEs) are tracked
in StoryBoard:
https://storyboard.openstack.org/#!/project/943

For information on how to contribute to ironic, see
https://docs.openstack.org/ironic/latest/contributor