v2.18.0

Ignition 2.18.0

Breaking changes

• Only include dracut module in initramfs if requested (see distributor notes
  for details)

Features

• Support Scaleway

Changes

• Require Go 1.20+

v2.17.0

Starting with this release, ignition-validate binaries are signed with the
Fedora 39 key.

Features

• Support the native Apple Hypervisor
• Support Hetzner Cloud
• A GRUB configuration suitable for use with https://github.com/coreos/bootupd
  can now be installed; use make install-grub-for-bootupd to install it

Changes

• Require Go 1.19+

Bug fixes

• Prevent races with udev after disk editing
• Don't fail to wipe partition table if it's corrupted

v2.16.2

Bug fixes

• Fix Dracut module installation on arches other than x86 and aarch64

v2.16.1

Starting with this release, ignition-validate binaries are signed with the Fedora 38 key.

Ignition v2.16.0 included a build regression on 32-bit machines and was not released. These notes include all changes since v2.15.0.

Features

• Support Hyper-V platform
• Automatically generate spec docs

Changes

• Clarify spec terminology for contents of CA bundles, files, and key files
• Improve rendering of spec docs on docs site

Bug fixes

• Fix failure disabling nonexistent unit with systemd ≥ 252
• Don't relabel a mount point that already exists
• Document that hash fields describe decompressed data
• Clarify documentation of passwordHash fields
• Correctly document Tang advertisement field as optional

Test changes

• Support and require xfsprogs ≥ 5.19 in blackbox tests

v2.15.0

Starting with this release, ignition-validate binaries are signed with the Fedora 37 key.

Features

• Support offline Tang provisioning via pre-shared advertisement (3.4.0)
• Allow enabling discard passthrough on LUKS devices (3.4.0)
• Allow specifying arbitrary LUKS open options (3.4.0)
• Ship aarch64 macOS ignition-validate binary in GitHub release artifacts

Changes

• Mark the 3.4.0 config spec as stable
• No longer accept configs with version 3.4.0-experimental
• Create new 3.5.0-experimental config spec from 3.4.0
• Fail if files/links/dirs conflict with systemd units or dropins
• Warn if template for enabled systemd instance unit has no Install section
• Warn if filesystem overwrites partitioned disk
• Warn if wipeTable overwrites a filesystem that would otherwise be reused
• Warn if user/group specified for hard link
• Install ignition-apply in /usr/libexec
• Allow distros to add Ignition command-line arguments from a unit drop-in
• Convert NEWS to Markdown and move to docs site
• Require Go 1.18+

Bug fixes

• Don't overwrite LUKS1 volume when storage.luks.wipeVolume is false
• Request network when custom Clevis config has needsNetwork set
• Fix creating LUKS volume with custom Clevis config that uses TPM2
• Avoid logging spurious error when a LUKS volume wasn't previously formatted
• Fix version string in ignition-validate release container
• Fix reproducibility of systemd preset file in ignition-apply output
• Document that user/group fields aren't applied to hard links
• Clarify spec docs for files/directories/links group fields

v2.14.0

Starting with this release, ignition-validate binaries are signed with the Fedora 36 key.

Features:

• Support KubeVirt platform
• Support AWS arn: URLs for S3 objects and access points (3.4.0-exp)
• Support reading configs from Azure IMDS "user data"
• Support S3 fetch via IPv6
• Add ignition-apply entrypoint to apply an Ignition config in a container

Changes:

• Delete userdata after provisioning on VirtualBox and VMware by default (see operator notes for details) (GHSA-hj57-j5cw-2mwp, CVE-2022-1706)
• Support setting setuid/setgid/sticky mode bits (3.4.0-exp)
• Warn if setuid/setgid/sticky mode bits specified (3.0.0 - 3.3.0)
• Support UEFI Secure Boot on VMware
• Add arm64 support to ignition-validate container
• Document S3 fetch semantics in operator notes
• Document considerations for handling secrets in operator notes

Bug Fixes:

• Fix disabling systemd units with pre-existing enablement symlinks
• Fix reuse of statically keyed LUKS volumes (2.12.0 regression)
• Fix gs:// fetch in GCE instances configured without a service account
• Fix error reading VirtualBox guest properties that have flags
• Fix infinite loop if -root command-line argument is a relative path

v2.13.0

Starting with this release, ignition-validate binaries are signed with the Fedora 35 key.

Features:

• Add Nutanix provider
• Switch VirtualBox provider to read from /Ignition/Config guest property

Changes:

• Improve QEMU fw_cfg read performance
• Warn when QEMU fw_cfg config is too large for reasonable performance
• Move Ignition report to /etc/.ignition-result.json
• Improve resilience to filesystem unmount failures
• Run mkfs.fat instead of its alias mkfs.vfat
• Refresh supported platform documentation

Bug Fixes:

• Make ignition.version required in JSON schema (3.4.0-exp)
• Disallow null noProxy array entries in JSON schema (3.4.0-exp)

v2.12.0

Features:

• Support Azure generation 2 VMs
• Write info about Ignition’s execution to /var/lib/ignition/result.json

Changes:

• Access GCP metadata service by IP address to mitigate DNS poisoning attacks
• Document storage.luks.clevis.threshold default
• Document minimum Ignition release for each spec version

Bug Fixes:

• Fix permissions of mountpoints inside user home directories
• Apply SELinux labels to newly-created ext4 filesystems

Internal Changes:

• Drop ignition-setup-user.service and ignition-firstboot-complete.service in favor of distro-provided code
• Persist some state between Ignition stages using a file in /run
• Add command-line flag specifying path to neednet flag file
• Drop -clear-cache command-line flag
• Fix reboot race in example kargs helper
• Drop support for Go 1.13 and 1.14

v2.11.0

Breaking Changes:

• Convert ClevisCustom.Config, ClevisCustom.Pin, LinkEmbedded1.Target, and Raid.Level Go fields to pointers (3.3.0)

Features:

• Accept none in storage.filesystems.format (3.3.0)
• Add ParseCompatibleVersion() Go functions to parse any config up to the selected version
• Add powervs platform

Changes:

• Mark the 3.3.0 config spec as stable
• No longer accept configs with version 3.3.0-experimental
• Create new 3.4.0-experimental config spec from 3.3.0
• Report specific reason an existing LUKS device cannot be reused
• Validate that storage.raid.devices is non-empty
• Don't sequence ignition-setup-user.service before multipathd.service

Bug Fixes:

• Fix misleading error message if spares are requested for a RAID level that doesn't support them

v2.10.1

Note: v2.10.0 was tagged, but not released, this includes notes for both. See the NEWS file for which changes are in which tag.

Starting with this release, ignition-validate binaries are signed with the Fedora 34 key.

Breaking Changes:

• Rename Custom struct to ClevisCustom (3.3.0-exp)
• Embed Clevis and ClevisCustom structs in parents (3.3.0-exp)
• Always include interior nodes in merge transcript

Features:

• Add kernel argument support (3.3.0-exp)

Bug Fixes:

• Fix fetching userdata on AWS when IMDSv1 is disabled
• Fix creating Tang-based LUKS volumes before network is up
• Document storage.filesystems.wipeFilesystem default
• Fix file mode of ignition-kargs-helper script