207 Commits

Author SHA1 Message Date
Harald Jensås
c4abd6783b PXE Filter dnsmasq: manage macs not in ironic
This changes the dnsmasq PXE filter so that it keeps
macs that are no longer in ironic blacklisted unless
introspection is active or node_not_found_hook is set.

Replacing the previous behaviour that would
exclusively whitelist macs that are no longer in
ironic.

Story: 2001979
Task: 19589
Change-Id: Ib417089116dcbfb25f759708ee3cddcb88ae2111
2018-07-06 11:04:16 +00:00
Dmitry Tantsur
e7c3218f71 Add manage_boot parameter to introspection API
Adds a new node field "manage_boot" to store this value. When it is set
to False, neither boot device nor power state are touched for this node.
Instead, we expect a 3rd party to handle them.

We still manage the PXE filter because the node may need DHCP.

Change-Id: Id3585bd32138a069dfcfc0ab04ee4f5f10f0a5ea
Story: #1528920
Task: #11338
2018-06-25 12:09:17 +02:00
OpenStack Proposal Bot
c4821fd1d5 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I37a4500ae9199a216e6fa1f1eba7fa161096d3e4
2018-06-19 07:39:50 +00:00
Mark Goddard
cdf79db9eb Update default Ironic API version to 1.38
Currently the default API version used when creating ironic client
objects is 1.19, which was from the Newton (6.1.0) release. While it is
possible to create a client object with a more recent version within
plugins, introspection rules always use the default. This prevents
access to and updating of fields added in versions after 1.19.

This change updates the default ironic API version to 1.38, which was
the version at the time of the most recent Queens series release
(10.1.0).

Change-Id: I395f18612e20d4f7d71e503391ca2381bad68192
Story: 2002166
Task: 20017
2018-06-08 10:15:58 +00:00
Zuul
81fd47a3fc Merge "PXE Filter dnsmasq: blacklist unknown host" 2018-05-08 04:05:57 +00:00
Harald Jensås
5e54e72136 PXE Filter dnsmasq: blacklist unknown host
Unless one or more nodes are on introspection and
node_not_found_hook is not set a dhcp_hostsdir ignore
record for wildcard mac '*:*:*:*:*:*' is maintained.

The iptables filter driver blocks DHCP requests on the
Inspector interface unless one or more nodes are on
introspection and node_not_found_hook is not set.

This change brings the dnsmasq filter driver to parity
by implementing logic similar to the iptables driver.

Related: rhbz#1574672
Story: 2001970
Task: 16864
Change-Id: Ibdd2210ecb3833a0d91205a7919122b7c0576b9e
2018-05-07 18:07:03 +02:00
OpenStack Proposal Bot
bded1ab3d2 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I67f67c74b8ff7c1c33c489052ef836ea549bd7c4
2018-05-01 06:29:22 +00:00
Zuul
361fb091a5 Merge "Change the default discovery driver to fake-hardware" 2018-04-30 19:09:12 +00:00
Dmitry Tantsur
66f318b339 Change the default discovery driver to fake-hardware
The fake classic driver will be removed this release.

Depends-On: Ia0e95cbc1bb4dbd32793705b876ab8b474b753ad
Change-Id: I85f2a2a3ed1ca689c639c60e86853c821e808105
2018-04-30 14:36:34 +00:00
Zuul
c02a9f7c24 Merge "Support reload configuration on SIGHUP" 2018-04-28 10:51:18 +00:00
Zuul
f80f20818b Merge "Imported Translations from Zanata" 2018-04-23 17:11:49 +00:00
Kaifeng Wang
76898b7382 Support reload configuration on SIGHUP
This adds signal handler to reload mutable configuration options
on SIGHUP.

It has to be done manually, because ironic-inspector doesn't use
oslo.service.

Change-Id: I38955fe9dbfd339df2a10dcbb55e996bf515034a
Story: #1585595
Task: #12543
2018-04-17 16:33:16 +08:00
Zuul
6005a4ba5b Merge "Correct Queens release notes versions" 2018-04-11 18:47:31 +00:00
OpenStack Proposal Bot
5128a6396c Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: If055e649e7d549885ea6f25003dfde94a01b5c0f
2018-03-29 06:29:42 +00:00
Dmitry Tantsur
e73ebb7ba0 Correct Queens release notes versions
We have released 7.2.0 for Queens, so the stable versions will be 7.2.x.

Change-Id: Ibcca81b8e7e23fccdede29846671865fa4bfe7c7
2018-03-01 16:12:17 +01:00
OpenStack Proposal Bot
0561fc6642 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I7eac720d8d883fd87eea1c3d649e9e0acff3173d
2018-03-01 06:34:14 +00:00
OpenStack Proposal Bot
e9d9d638f2 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I992282bd66ab0cb59f489c4138b2fadb3bb276a3
2018-02-18 07:29:18 +00:00
Zuul
3b9e4c0656 Merge "Retry port lists on failure in PXE filter periodic sync" 2018-02-15 00:40:57 +00:00
Dmitry Tantsur
3237511cc6 Retry port lists on failure in PXE filter periodic sync
These calls are subject to transient network problems, we should
not abort ironic-inspector process in this case. Also due to
bug 1748893 the port listing API can sometimes return HTTP 400.

This change retries port listing 5 times with 1 second break
before aborting the periodic task and thus the process.

This change introduces a dependency on the retrying library,
which is already widely used in OpenStack (including ironic).

Change-Id: I92fd70ca5692ce9f6798eedf9e540d5aa7c6f1af
Closes-Bug: #1748893
2018-02-14 15:10:39 +01:00
Zuul
84da941faf Merge "Only set switch_id in local_link_connection if it is a mac address" 2018-02-13 15:30:49 +00:00
Bob Fournier
97282c64e9 Only set switch_id in local_link_connection if it is a mac address
When the processed lldp data is used for setting the local_link_connection
switch_id, it will set it even if the Chassis ID is not a mac.  Need to
only set it when the ChassisId is a mac address, as is done when using
non-processed lldp data.  Ironic validates that switch_id is either a
mac address or OpenFlow datapath ID.

This fixes a regresssion introduced in Pike.

Change-Id: I566acb5b19852b541df7554870ab2666f7df9614
Closes-Bug: 1748022
2018-02-13 09:33:58 +00:00
Markos Chandras
fbeb0783e4 ironic_inspector: ironic: Fix 'auth_type' when 'auth_strategy' is used
We should override the 'auth_type' to 'none' when using the old way of
setting up authentication with 'auth_strategy' so we can override the
default 'auth_type' value before getting the session information.
This fixes the following issue

Unhandled error: MissingRequiredOptions: Auth plugin requires parameters which were not given: auth_url

This also adds a new testcase to test the strategy='noauth' scenario.

Closes-Bug: #1748263
Change-Id: I875e2b17f5c6829ad81f86c32959cb106bf57e53
2018-02-09 16:38:18 +02:00
76978212ea Update reno for stable/queens
Change-Id: I6f2a482b593e327fce4e222f534d429b143dadec
2018-02-07 15:26:40 -05:00
Zuul
13d74dd763 Merge "Remove sample policy and config files" 2018-02-07 11:45:06 +00:00
Jim Rollenhagen
5c54c0938e Remove sample policy and config files
Now we have docs, lets point people there rather than attempting to
maintain a copy in tree.

Also update the devstack plugin to build ironic.conf from scratch rather
than from the sample.

Change-Id: Id65a4f803832fefe467d59147c39d2dea604ed3c
2018-02-06 10:36:12 -08:00
OpenStack Proposal Bot
3bb1d36071 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Icf7e08a2c092040f439fba2ba5783e9cefd2dde0
2018-02-06 06:19:37 +00:00
OpenStack Proposal Bot
2e8cfa5312 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I95c73c947c02702b3e4ef5a9ac4ef69885aa1656
2018-02-05 06:23:20 +00:00
inspurericzhang
4aeeaf7397 fixed some "ironic" misspelling
Change-Id: I809d1709f3ab2f4690f856d780f720c65474849e
2018-02-02 11:27:13 +08:00
Zuul
0cf3316662 Merge "Add keystoneauth adapters" 2018-01-22 19:55:35 +00:00
OpenStack Proposal Bot
990021c8c0 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I4e5e05a07369195c45feae48f15847ad06080e68
2018-01-17 06:10:43 +00:00
Pavlo Shchelokovskyy
918775cb01 Add keystoneauth adapters
Inspector sets API urls for ironic and swift from the config.
The better way would be to discovery them from the keystone
catalog.

Supporting this requires to register keystoneauth adapter
options to all config sections for service clients auth.
swiftclient still does not support adapter session client, so
pass all options from adapter explicitly.

New options were added 'service_type`, `service_name`, `region_name`
`endpoint_override`, `interfaces`.

Related-Bug: #1699547
Change-Id: I2e7ec02fdeeea21ef43136ddeabc98d499a8ba7f
Co-Authored-By: Anton Arefiev <aarefiev@mirantis.com>
2018-01-16 18:06:10 +00:00
John L. Villalovos
d7e1841680 Remove ironic_inspector/test/inspector_tempest_plugin/ directory
We now use the project openstack/ironic-tempest-plugin to store our
tempest plugin. All content from the
ironic_inspector/test/inspector_tempest_plugin/ directory has been
ported to that project.

We no longer want to have the plugin content stored here so we can
now delete it.

Change-Id: Ia8ea3a74d5aba1ea27eb6715c21667a30bac56b4
2018-01-05 12:52:54 -08:00
OpenStack Proposal Bot
84762ee111 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Ia7dbef94937fac310e166485201300072ca7fcda
2017-12-24 06:41:36 +00:00
Zuul
8e1f3ede1c Merge "Terminal state transitions in transactions" 2017-12-22 19:04:46 +00:00
dparalen
7e72ceffd1 Terminal state transitions in transactions
Multiple spots were not using DB transactions when processing the terminal
state transitions (error, abort, finish, timeout). The pattern looked like
this:

    node_info.fsm_event(istate.Events.error)
    # more code
    node_info.finished(error='Oops!')

which led to brief periodes of state inconsistency of NodeInfo records in
the DB.

This patch refactors the NodeInfo.finished() method to require a terminal state
transition to perform as part of the NodeInfo state update:

   NodeInfo().finished(istate.Events.finish)
   NodeInfo().finished(istate.Events.abort, 'Canceled by operator')

This patch also introduces a new state: aborting to allow the inspector to
try call power-off the node before marking the introspection aborted.

There's a new DB migration since the new state implies a schema change too
(Enum).

Closes-Bug: #1721233
Closes-Bug: #1721230
Closes-Bug: #1723384

Change-Id: I0bb051d1956a996ed006d55a5ca2d670d9455047
2017-12-19 18:15:31 +01:00
OpenStack Proposal Bot
8bfc59e797 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Ie222816b065adbc81546a449d867744a172f8daa
2017-12-16 07:34:21 +00:00
OpenStack Proposal Bot
740a78416c Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Iab929d418d4b0f923cd6f1f6a5afaa674ffea53d
2017-12-06 06:18:25 +00:00
Zuul
2d3d32ba22 Merge "Introducing a dnsmasq PXE filter driver" 2017-11-24 13:28:57 +00:00
dparalen
8ddfacdf34 Introducing a dnsmasq PXE filter driver
A PXE filter driver is introduced that works by configuring and controlling
the dnsmasq service.

Closes-Bug: 1693813
Related-Bug: 1665666
Change-Id: I63fe91ee4f9ac3021bcfd9a4a378af56af800fac
2017-11-22 15:08:23 +01:00
rajat29
690cc7304b Remove setting of version/release from releasenotes
Release notes are version independent, so remove version/release
values. We've found that projects now require the service package
to be installed in order to build release notes, and this is entirely
due to the current convention of pulling in the version information.

Release notes should not need installation in order to build, so this
unnecessary version setting needs to be removed.

This is needed for new release notes publishing, see
I56909152975f731a9d2c21b2825b972195e48ee8 and the discussion starting
at
http://lists.openstack.org/pipermail/openstack-dev/2017-November/124480.html

Change-Id: Icaf765fbda25cc9dd118548fab881e45bbeae1af
2017-11-17 13:00:29 +05:30
Dmitry Tantsur
6e82571cf3 Move processing of local_gb to root_disk_selection hook
The scheduling hook will be deprecated, so handling local_gb (useful
e.g. for image size validation) needs a new home.

Change-Id: I29041879dea8a2d7f2abc6a988d4814ee121442e
2017-11-02 12:39:37 +01:00
OpenStack Proposal Bot
d37701e962 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I1ad8055b313b329870bd43fcacae4e2b06126f11
2017-11-01 06:13:45 +00:00
Zuul
b019a7cab8 Merge "Clean up release notes before a release" 2017-10-24 15:39:17 +00:00
Zuul
72361d386a Merge "Generate version_id upon add_node" 2017-10-24 10:46:58 +00:00
Dmitry Tantsur
65d0213e84 Clean up release notes before a release
Change-Id: I9aadc39ca27bf7e9eb23dd18217c86cf426f714b
2017-10-24 11:23:28 +02:00
Zuul
f02eda0315 Merge "Refactoring the firewall" 2017-10-19 21:40:25 +00:00
dparalen
7b27585463 Refactoring the firewall
Adopting the PXE filter interface/driver concept

Related-Bug: 1665666
Change-Id: If83db978080b9c4e5d51ba50bbe8ed26e29abe83
2017-10-19 16:38:15 +02:00
Pavlo Shchelokovskyy
198ef70c2b Add request context and policy enforcement
this patch introduces an oslo.policy-based API access policy
enforcement engine to ironic-inspector.
As part of implementation, a proper oslo.context-based request
context is also generated and assigned to each request.

Short overview of changes:

- added custom RequestContext class

  - extends oslo.context to handle of "is_public_api" flag
    (False by default)

- added context to request in each API route

  - '/continue' api sets the "is_public_api" flag to True

- added documented definitions for API access policies and their
  defaults
- added enforcement of these policies on API requests
- added oslo.policy-specific entry points to setup.cfg
- added autogenerated policy sample file with defaults
- added documentation with autogenerated policies

Change-Id: Iff6f98fa9950d78608f0a7c325d132c11a1383b3
Closes-Bug: #1719812
2017-10-13 11:55:52 +00:00
dparalen
82000e48ec Generate version_id upon add_node
The version_id isn't set during add_node() call. This function is called
when introspection starts for both "new" and existing node_info records.
As a result, race conditions can appear in an HA inspector deployment (see
the refered bug).

This patch makes sure a version_id is generated during the add_node() call
so stale record updates can be detected through the version_id mismatch
between the inspector memory and the DB record.

Change-Id: I422473e888e5e49abb3e598fc2cf2f330620bdcd
Closes-Bug: #1719627
2017-09-26 16:26:25 +02:00
Jenkins
a530a02e1e Merge "Do not rely on the older ipmi_address field on lookup" 2017-09-08 10:04:18 +00:00