489 Commits

Author SHA1 Message Date
Harald Jensås
c4abd6783b PXE Filter dnsmasq: manage macs not in ironic
This changes the dnsmasq PXE filter so that it keeps
macs that are no longer in ironic blacklisted unless
introspection is active or node_not_found_hook is set.

Replacing the previous behaviour that would
exclusively whitelist macs that are no longer in
ironic.

Story: 2001979
Task: 19589
Change-Id: Ib417089116dcbfb25f759708ee3cddcb88ae2111
2018-07-06 11:04:16 +00:00
Dmitry Tantsur
e7c3218f71 Add manage_boot parameter to introspection API
Adds a new node field "manage_boot" to store this value. When it is set
to False, neither boot device nor power state are touched for this node.
Instead, we expect a 3rd party to handle them.

We still manage the PXE filter because the node may need DHCP.

Change-Id: Id3585bd32138a069dfcfc0ab04ee4f5f10f0a5ea
Story: #1528920
Task: #11338
2018-06-25 12:09:17 +02:00
chenxiangui
2cfbde1fc5 Remove unused import
Remove unused import in utils.py

Change-Id: If8c8207c8687525ece1aff14a50057a40c49e5bb
2018-06-12 15:14:23 +08:00
Mark Goddard
cdf79db9eb Update default Ironic API version to 1.38
Currently the default API version used when creating ironic client
objects is 1.19, which was from the Newton (6.1.0) release. While it is
possible to create a client object with a more recent version within
plugins, introspection rules always use the default. This prevents
access to and updating of fields added in versions after 1.19.

This change updates the default ironic API version to 1.38, which was
the version at the time of the most recent Queens series release
(10.1.0).

Change-Id: I395f18612e20d4f7d71e503391ca2381bad68192
Story: 2002166
Task: 20017
2018-06-08 10:15:58 +00:00
Zuul
c6ad0f0ead Merge "Introduce oslo.messaging and sync rpc call" 2018-06-01 02:32:42 +00:00
Zuul
c312669bde Merge "Raise KeyboardInterrupt on SIGTERM - Workaround" 2018-05-14 15:35:47 +00:00
Harald Jensås
737dbeae11 Raise KeyboardInterrupt on SIGTERM - Workaround
Catch SIGTERM signal and call the signal handler method.
The signal handler then raises KeyboardInterrupt. The
KeyboardInterrupt won't be caught by any 'except Exception'
clauses.

Without this the service does not stop periodic workers,
tear down pxe filters etc as it is supposed to on shutdown.

NOTE: Calling shutdown() directly from the signal handler
causes the below error. This is why the signal handler
raises KeyboardInterrupt.
 AssertionError: Cannot switch to MAINLOOP from MAINLOOP

Related-Bug: #1765700

Story: 2001890
Task: 14374
Change-Id: If0e24eae767b7806243fa4ae34fedb30ae9af25a
2018-05-12 19:06:31 +00:00
Zuul
43994a5dd8 Merge "Fix pycodestyle warnings/errors now visible with hacking 1.1.0" 2018-05-10 15:35:54 +00:00
Harald Jensås
868965c340 Fix pycodestyle warnings/errors now visible with hacking 1.1.0
This fixes the warning/errors except for the C901 Function is
too complex in the ironic_inspector/rules.py's create method.

Bump's max-complexity to 18 in tox.ini to workaround the C901.

Story: 2001985
Task: 19604
Change-Id: I6c76a43353b1beb572dbde78dba4b4a839d45ea7
2018-05-08 23:46:05 +02:00
Harald Jensås
2c5cf4e667 Fix dnsmasq filter nits
This patch fixes a couple of nits in the unit tests.
Also removes an entry from the docstring of
_configure_unknown_hosts that is not valid.

Change-Id: I3785bfedf5441e7b21a96b49b05ec910270358e4
2018-05-08 06:33:12 +02:00
Harald Jensås
5e54e72136 PXE Filter dnsmasq: blacklist unknown host
Unless one or more nodes are on introspection and
node_not_found_hook is not set a dhcp_hostsdir ignore
record for wildcard mac '*:*:*:*:*:*' is maintained.

The iptables filter driver blocks DHCP requests on the
Inspector interface unless one or more nodes are on
introspection and node_not_found_hook is not set.

This change brings the dnsmasq filter driver to parity
by implementing logic similar to the iptables driver.

Related: rhbz#1574672
Story: 2001970
Task: 16864
Change-Id: Ibdd2210ecb3833a0d91205a7919122b7c0576b9e
2018-05-07 18:07:03 +02:00
Kaifeng Wang
6469a1fc0f Introduce oslo.messaging and sync rpc call
Adds oslo.messaging to ironic-inspector, and convert
inspect, abort and reapply to synchronized rpc calls.

This is the first step of API and worker seperation.

Change-Id: I15e86d7feb623b6b2889891b9700e5de6b3164cd
Story: #2001842
Task: # 12609
2018-05-06 21:07:25 +08:00
Zuul
361fb091a5 Merge "Change the default discovery driver to fake-hardware" 2018-04-30 19:09:12 +00:00
Dmitry Tantsur
66f318b339 Change the default discovery driver to fake-hardware
The fake classic driver will be removed this release.

Depends-On: Ia0e95cbc1bb4dbd32793705b876ab8b474b753ad
Change-Id: I85f2a2a3ed1ca689c639c60e86853c821e808105
2018-04-30 14:36:34 +00:00
Zuul
c02a9f7c24 Merge "Support reload configuration on SIGHUP" 2018-04-28 10:51:18 +00:00
Zuul
03cbee9c79 Merge "Update auth_uri option to www_authenticate_uri" 2018-04-24 04:16:34 +00:00
Zuul
e61ed68f73 Merge "Add 'inspect wait' as a valid state" 2018-04-23 19:10:00 +00:00
melissaml
03db5d8d31 Update auth_uri option to www_authenticate_uri
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.

[1]https://review.openstack.org/#/c/508522/

Change-Id: Ie0d7c4268a49d3d3c6928b10987dd5eeede683d6
2018-04-21 04:21:53 +08:00
Kaifeng Wang
76898b7382 Support reload configuration on SIGHUP
This adds signal handler to reload mutable configuration options
on SIGHUP.

It has to be done manually, because ironic-inspector doesn't use
oslo.service.

Change-Id: I38955fe9dbfd339df2a10dcbb55e996bf515034a
Story: #1585595
Task: #12543
2018-04-17 16:33:16 +08:00
Kaifeng Wang
f257c57177 Add 'inspect wait' as a valid state
ironic-inspector checks node provision state before starting hardware
introspection, to allow inspection for node at inspect wait state,
this state has to be added to ironic-inspector.

Story: #1725211
Task: #11372
Change-Id: I89d9dfb85e191e781d869374911950d322fc227e
Partial-Bug: #1725211
2018-04-12 10:47:00 +08:00
Zuul
586f889874 Merge "Prevent mocks in test_dnsmasq_pxe_filter from conflicting with oslo.config" 2018-03-27 02:13:48 +00:00
Zuul
093ceb5c62 Merge "test_failure_to_write fails with root user" 2018-03-20 17:11:47 +00:00
Kaifeng Wang
0c159b021e test_failure_to_write fails with root user
The test test_failure_to_write will fail with root.

This patch add a mock to prevent path creation, makes the test
fits for root and non-root user.

Change-Id: I7e55c4070c41927f05c2cfdd284c8d542f1d8906
Closes-Bug: #1693129
2018-03-20 16:09:50 +08:00
Dmitry Tantsur
faf9d3508b Switch documentation to hardware types
The devstack example configuration is synchronized with
https://docs.openstack.org/ironic/latest/contributor/dev-quickstart.html

Also remove setting IRONIC_VM_LOGS_DIR from the example local.conf,
as it does not work, at least not on CentOS.

Change-Id: Ife51165742a8b762e84d5ac7ad807480669bfedb
2018-03-16 17:11:05 +01:00
Dmitry Tantsur
5c63f1490c Prevent mocks in test_dnsmasq_pxe_filter from conflicting with oslo.config
oslo.config starts using os.path functions in the next release in set_override.
This change modifies unit tests to prevent mocks from clashing with it.

Change-Id: I6096cb61ef9733e761a5d3d7a24109575f685fe9
Closes-Bug: #1754026
2018-03-12 12:39:58 +01:00
OpenStack Proposal Bot
0561fc6642 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I7eac720d8d883fd87eea1c3d649e9e0acff3173d
2018-03-01 06:34:14 +00:00
Zuul
3b9e4c0656 Merge "Retry port lists on failure in PXE filter periodic sync" 2018-02-15 00:40:57 +00:00
Dmitry Tantsur
3237511cc6 Retry port lists on failure in PXE filter periodic sync
These calls are subject to transient network problems, we should
not abort ironic-inspector process in this case. Also due to
bug 1748893 the port listing API can sometimes return HTTP 400.

This change retries port listing 5 times with 1 second break
before aborting the periodic task and thus the process.

This change introduces a dependency on the retrying library,
which is already widely used in OpenStack (including ironic).

Change-Id: I92fd70ca5692ce9f6798eedf9e540d5aa7c6f1af
Closes-Bug: #1748893
2018-02-14 15:10:39 +01:00
Zuul
84da941faf Merge "Only set switch_id in local_link_connection if it is a mac address" 2018-02-13 15:30:49 +00:00
Bob Fournier
97282c64e9 Only set switch_id in local_link_connection if it is a mac address
When the processed lldp data is used for setting the local_link_connection
switch_id, it will set it even if the Chassis ID is not a mac.  Need to
only set it when the ChassisId is a mac address, as is done when using
non-processed lldp data.  Ironic validates that switch_id is either a
mac address or OpenFlow datapath ID.

This fixes a regresssion introduced in Pike.

Change-Id: I566acb5b19852b541df7554870ab2666f7df9614
Closes-Bug: 1748022
2018-02-13 09:33:58 +00:00
Zuul
e090ffa369 Merge "ironic_inspector: ironic: Fix 'auth_type' when 'auth_strategy' is used" 2018-02-12 18:43:05 +00:00
Markos Chandras
fbeb0783e4 ironic_inspector: ironic: Fix 'auth_type' when 'auth_strategy' is used
We should override the 'auth_type' to 'none' when using the old way of
setting up authentication with 'auth_strategy' so we can override the
default 'auth_type' value before getting the session information.
This fixes the following issue

Unhandled error: MissingRequiredOptions: Auth plugin requires parameters which were not given: auth_url

This also adds a new testcase to test the strategy='noauth' scenario.

Closes-Bug: #1748263
Change-Id: I875e2b17f5c6829ad81f86c32959cb106bf57e53
2018-02-09 16:38:18 +02:00
melissaml
50a0f842d4 Remove redundant "the" from a docstring
Change-Id: I6d76109d5da52c3ec35ed2710815b6593a4b02ce
2018-02-08 16:04:21 +08:00
OpenStack Proposal Bot
2e8cfa5312 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I95c73c947c02702b3e4ef5a9ac4ef69885aa1656
2018-02-05 06:23:20 +00:00
John L. Villalovos
15d5958e17 Replace use of functools.wraps() with six.wraps()
In Python 2.7, functools.wraps() does not provide the '__wrapped__'
attribute. This attribute is used by
oslo_utils.reflection.get_signature() when getting the signature of a
function. If a function is decorated without the '__wrapped__'
attribute then the signature will be of the decorator rather than the
underlying function.

From the six documentation for six.wraps():
    This is exactly the functools.wraps() decorator, but it sets the
    __wrapped__ attribute on what it decorates as functools.wraps()
    does on Python versions after 3.2.

Change-Id: I11bf2fa945d36bfbc89ec8239e7c9259e3e12496
2018-02-01 16:32:48 -08:00
Bob Fournier
a6f2805bbc Remove use of construct lib FieldError exception
Version 2.8.22 of the construct lib has introduced a change that
removed the core.FieldError exception. The check now uses the
parent exception - core.ConstructError.

Change-Id: I31922c2afc2018a4f6f7ba48094388070537a13f
Closes-Bug: 1745208
2018-01-25 21:54:56 -05:00
Zuul
0cf3316662 Merge "Add keystoneauth adapters" 2018-01-22 19:55:35 +00:00
OpenStack Proposal Bot
990021c8c0 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I4e5e05a07369195c45feae48f15847ad06080e68
2018-01-17 06:10:43 +00:00
Pavlo Shchelokovskyy
918775cb01 Add keystoneauth adapters
Inspector sets API urls for ironic and swift from the config.
The better way would be to discovery them from the keystone
catalog.

Supporting this requires to register keystoneauth adapter
options to all config sections for service clients auth.
swiftclient still does not support adapter session client, so
pass all options from adapter explicitly.

New options were added 'service_type`, `service_name`, `region_name`
`endpoint_override`, `interfaces`.

Related-Bug: #1699547
Change-Id: I2e7ec02fdeeea21ef43136ddeabc98d499a8ba7f
Co-Authored-By: Anton Arefiev <aarefiev@mirantis.com>
2018-01-16 18:06:10 +00:00
Julia Kreger
b88823a771 Fix Py2/Py3 differences in write locking code
In Py2, a file object write method returns NoneType.

In Py3, a file object write method returns a count of
bytes written, which can be used to interpret success.

As this code, at least for now, still needs to work
on Py2 without raising what appears to be errors, we
need to remove the assumption that data is returned
upon write.

Should a write fail, IOError is still raised in Py2,
which means the existing exception handling should be
sufficent.

Also, added an explicit flush for before we release the file
lock, just to ensure that the data is actually written out of
python's buffers before the lock is released.

Change-Id: I1cae8f1cd2f7da39600d72a84fe041ff0a97e580
Closes-Bug: #1741035
2018-01-11 14:42:51 +00:00
Zuul
c0c1dd813d Merge "Centralize config options" 2018-01-09 12:07:50 +00:00
John L. Villalovos
d7e1841680 Remove ironic_inspector/test/inspector_tempest_plugin/ directory
We now use the project openstack/ironic-tempest-plugin to store our
tempest plugin. All content from the
ironic_inspector/test/inspector_tempest_plugin/ directory has been
ported to that project.

We no longer want to have the plugin content stored here so we can
now delete it.

Change-Id: Ia8ea3a74d5aba1ea27eb6715c21667a30bac56b4
2018-01-05 12:52:54 -08:00
Zuul
f8464ec27f Merge "Update version of flake8-import-order package" 2018-01-05 17:30:12 +00:00
Pavlo Shchelokovskyy
71a2bef7d9 Centralize config options
Consolidate all config options under ``conf`` directory.

New config modules should give a better picture of the configuration
options provided by the inspector.

Change-Id: I501ed0787ff4e1d91462f936e1a54de2c7abb35c
Related-Bug: #1561100
Co-Authored-By: Anton Arefiev <aarefiev@mirantis.com>
2018-01-04 20:43:58 -08:00
Zuul
8081e7a866 Merge "Follow up conf.py help text" 2018-01-02 19:50:13 +00:00
dparalen
260ad022c9 Follow up conf.py help text
This patch follows up on the review from the change
I2f7b8d3172f375cf65e759c9b881fcf41649c2f0 updating help text of the
purge_dhcp_hostsdir dnsmasq_pxe_filter configuration option.

Change-Id: Ice55d954b470ceda92f27a4a81d78eba46adffa7
2018-01-02 07:44:45 -08:00
OpenStack Proposal Bot
84762ee111 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Ia7dbef94937fac310e166485201300072ca7fcda
2017-12-24 06:41:36 +00:00
Zuul
8e1f3ede1c Merge "Terminal state transitions in transactions" 2017-12-22 19:04:46 +00:00
dparalen
7e72ceffd1 Terminal state transitions in transactions
Multiple spots were not using DB transactions when processing the terminal
state transitions (error, abort, finish, timeout). The pattern looked like
this:

    node_info.fsm_event(istate.Events.error)
    # more code
    node_info.finished(error='Oops!')

which led to brief periodes of state inconsistency of NodeInfo records in
the DB.

This patch refactors the NodeInfo.finished() method to require a terminal state
transition to perform as part of the NodeInfo state update:

   NodeInfo().finished(istate.Events.finish)
   NodeInfo().finished(istate.Events.abort, 'Canceled by operator')

This patch also introduces a new state: aborting to allow the inspector to
try call power-off the node before marking the introspection aborted.

There's a new DB migration since the new state implies a schema change too
(Enum).

Closes-Bug: #1721233
Closes-Bug: #1721230
Closes-Bug: #1723384

Change-Id: I0bb051d1956a996ed006d55a5ca2d670d9455047
2017-12-19 18:15:31 +01:00
OpenStack Proposal Bot
8bfc59e797 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Ie222816b065adbc81546a449d867744a172f8daa
2017-12-16 07:34:21 +00:00