1785 Commits

Author SHA1 Message Date
Dmitry Tantsur
95e103d21c Do not try to set local_gb to -1 when the matched root device size is 0
Apparently, virtual floppies on some machines are represented as normal
block devices, but with size = 0. We should filter them out in ironic-lib,
but for now at least don't fail miserably.

Story: #2007907
Task: #40308
Change-Id: Ia96a9a8b85841612fb13616754bfdbf651b212d8
2020-07-09 16:40:22 +02:00
Harald Jensås
a1f8926cd1 Remove non-inclusive language in pxe filter
Replaces the use of black/white-list with deny/allow-list
in the pxe filter.

Change-Id: I84e6343fc13e4c4c02521499632a07e782088057
2020-07-09 12:06:03 +02:00
Dmitry Tantsur
b1e79e0b4d Add release version to release notes
Change-Id: I17cde409aba823f1d39540d8061ab5960b37cd87
2020-07-07 18:48:23 +02:00
Dmitry Tantsur
06390e3723 Use node.id instead of node.uuid in record_node
This function does not have a compatibility shim that adds 'uuid'.

Change-Id: I131c8189b25ee2de66f08c742a21052ef1b266aa
2020-07-07 14:40:49 +02:00
Zuul
63e1d749fb Merge "Add leader election for periodic sync with ironic" 2020-07-06 17:51:45 +00:00
Riccardo Pittau
79878d7f4d Prepare release notes for release 10.2
Change-Id: I35b5df4b7e3d519c8b567d5cf0d424aafee68fa9
2020-07-02 16:12:50 +00:00
Dmitry Tantsur
0d20064f44 Add leader election for periodic sync with ironic
Periodically elect a leader to do the cleanup sync with
Ironic (to avoid unnecessary calls to  Ironic in a
multi-inspector setup).
Add config option 'leader_election_interval' to control
the period in which the leaders is elected.

Co-authored-by: Arne Wiebalck <arne.wiebalck@cern.ch>

Story: #2007801
Change-Id: I6f60aea41865f09f9e53e5d91b1e887f0b39efbd
2020-07-02 12:17:28 +02:00
Zuul
c1fa28a9f8 Merge "Allow setting other fields on discovery" 2020-06-30 20:40:55 +00:00
Zuul
a78df4b827 Merge "Allow operators to disable clean_up sync" 2020-06-30 12:42:03 +00:00
Zuul
e1cc969a8c Merge "Remove introspection timeout option" 2020-06-30 08:51:43 +00:00
Julia Kreger
2f828aed46 Allow operators to disable clean_up sync
Some operators simply don't need the periodic clean up sync
task as part of their ironic deployment with ironic-inspector
as they are not using the PXE filtering to manage access for
machines as part of discovery.

In these "standalone" use cases, there is typically no neutron,
and everything is managed externally from ironic-inspector.

Change-Id: I0036b2cdb7d562e90855ccabd108392f2f97c6f9
2020-06-29 16:53:28 -07:00
Dmitry Tantsur
f78229f659 Allow setting other fields on discovery
Adds a new option to set arbitrary fields on newly discovered nodes,
which is useful to e.g. set non-default driver interfaces.

Change-Id: I2e23fde9c5aae00ed39bd60c204e7c3eb029586a
Story: #2007771
Task: #40091
2020-06-29 09:57:37 +02:00
Zuul
f195fa5b42 Merge "Fix incorrect pxe-enabled was set during introspection" 2020-06-28 19:42:06 +00:00
Zuul
92e75c5d8d Merge "Document [ironic] auth options for inspector" 2020-06-26 15:54:38 +00:00
Zuul
6b0614823f Merge "Merge jobs" 2020-06-23 23:05:03 +00:00
Steve Baker
2532be9e05 Document [ironic] auth options for inspector
This change documents configuring inspector for client-side
authentication with a standalone Ironic API service.

Since this documention refers to a keystone auth feature which is
about to be released, requirements and lower-constraints are updated
to reflect the required release (see https://review.opendev.org/737365 ).

Change-Id: I567fc8c7f2147339856563ad880334791f93d99b
2020-06-23 13:35:12 +12:00
Kaifeng Wang
b31888a4ee Fix incorrect pxe-enabled was set during introspection
Morden bare metals usually support PXEs from all NICs, in
our current logic only the port matching mac address in the
BOOTIF will be set to pxe-enabled. This does not work for UEFI
nor user friendly to bonding.

This patch adds a configuration option [processing]update_pxe_enabled
to control whether this field should be updated according to
introspection data, defaults to False to keep backwards compatibility.

Change-Id: I6f3b00180f62dc6f500ac2cdb5d8f8cc7c7190cf
2020-06-22 23:05:50 +08:00
Iury Gregory Melo Ferreira
f416673374 Merge jobs
- Removed ironic-inspector-non-standalone-tempest
- add the non-standalone case to ironic-inspector-tempest-managed and
  make voting in check and gate.
- Renamed ironic-inspector-tempest-managed to match the new scenario.
- Keep a copy of ironic-inspector-tempest-managed

Change-Id: Icf9406c2b9e2829a36fa37e49b2692a76d67bdb6
2020-06-18 19:01:42 +02:00
Zuul
b9fd371a0a Merge "CI: make grenade voting again" 2020-06-17 15:57:36 +00:00
Zuul
0e3d5fdd20 Merge "Accept IPv6 link local address during interface validation" 2020-06-17 14:08:32 +00:00
Zuul
b08f5247d5 Merge "Imported Translations from Zanata" 2020-06-17 11:08:17 +00:00
OpenStack Proposal Bot
610228ad1d Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I6f31beeb755f9b8d1641ab4f7c3d36c27e5177ea
2020-06-17 08:07:35 +00:00
Kaifeng Wang
71666178f4 Accept IPv6 link local address during interface validation
Link local address is a valid address on IPv6 network when we are using
SLAAC instead of DHCPv6, current interface validation bypass link local
address and fails the introspection.
Interfaces without link carrier don't have link local addresses so this
should be fine.

Change-Id: I4cf195fc8906a2d91989df3f588e1e96ca9684b1
Story: 2007816
Task: 40094
2020-06-17 14:20:41 +08:00
Julia Kreger
463cc07e85 Remove cimc_address from address field list
The cimc driver was removed from ironic some time ago
and as such it does not make sense to continue to include
the reference in ironic-inspector.

Change-Id: I4f226b79e66ae19402a2700160b2f0cd8f783470
2020-06-16 22:57:05 +00:00
Dmitry Tantsur
2b87caa63b CI: make grenade voting again
Change-Id: I9f14126e1e8e9da2efe812bfbc5c14ee823c207c
2020-06-15 14:45:55 +02:00
Dmitry Tantsur
47315f9d07 devstack: Use uwsgi binary from path; temporary disable grenade
The previous uwsgi invocation assumed that the uwsgi binary is in the
same directory as the project binaries are installed into (probably
/usr/bin).  That may not be correct -- for example if using a packaged
uwsgi on Fedora the binary will live in /usr/sbin/uwsgi (not /usr/bin
where the project files from pip are).

Switch the invocation to just find it in the path.

Additionally, grenade is disabled, otherwise we cannot land this change
without fixing stable branches first.

Depends-On: https://review.opendev.org/#/c/731159/
Change-Id: I66d0554dc6d0ec6ef019b5310cd887a5415c2e03
2020-06-15 14:45:08 +02:00
Kaifeng Wang
52138f2c54 Update doc for multi-arch x86
Recent test shows the $grub_cpu is x86_64 for grubx64.efi,
replace the outdated i386 with x64.

Change-Id: I554b74aee85727e1d8c56d2bf9b5e0b682b6dbd2
2020-06-11 23:22:05 +08:00
Hervé Beraud
80167d4908 Use unittest.mock instead of mock
The mock third party library was needed for mock support in py2
runtimes. Since we now only support py36 and later, we can use the
standard lib unittest.mock module instead.

Change-Id: Iccf78a04a66dcef383d9e38ac3990f3c838bdf84
2020-06-10 20:21:00 +02:00
Zuul
602af2bb23 Merge "Enable Basic HTTP authentication middleware." 2020-06-08 16:27:19 +00:00
Arne Wiebalck
6175bc4f5f [doc] Add misconfigured BMC channel to trouble shooting guide
Change-Id: I7285528511fd9cecd428a3a502281b4bd84dcd82
2020-06-05 10:31:05 +02:00
Steve Baker
196c019771 Enable Basic HTTP authentication middleware.
When the config option ``auth_strategy`` is set to ``http_basic`` then
non-public API calls require a valid HTTP Basic authentication header to be
set. The config option ``http_basic_auth_user_file`` defaults to
``/etc/ironic-inspector/htpasswd`` and points to a file which supports the
Apache htpasswd syntax[1]. This file is read for every request, so no
service restart is required when changes are made.

The only password digest supported is bcrypt, and the ``bcrypt``
python library is used for password checks since it supports ``$2y$``
prefixed bcrypt passwords as generated by the Apache htpasswd utility.

To try basic authentication, the following can be done:

* Set ``/etc/ironic-inspector/inspector.conf`` ``DEFAULT`` ``auth_strategy``
  to ``http_basic``
* Populate the htpasswd file with entries, for example:
  ``htpasswd -nbB myName myPassword >> /etc/ironic-inspector/htpasswd``
* Make basic authenticated HTTP requests, for example:
  ``curl --user myName:myPassword http://localhost:6385/v1/introspection``

[1] https://httpd.apache.org/docs/current/misc/password_encryptions.html

Change-Id: If50dfbfc18445ad9fe27e17cb0ee1b317ff25a0b
Depends-On: https://review.opendev.org/729070
Story: 2007656
Task: 39826
2020-06-05 01:28:40 +12:00
Riccardo Pittau
7470320272 Remove introspection timeout option
The default value is inherited from ironic-base.

Depends-On: I8496ccc32c633e167be2083448d4f267865f07fa
Change-Id: Ib1985274bbc679a621d5a68f9bcf5491512913cd
2020-06-02 18:20:20 +02:00
Zuul
3a9e117aad Merge "Set default timeouts for ironic inspector base job" 2020-05-29 06:49:53 +00:00
Riccardo Pittau
5004f93867 Update lower-constraints.txt
We need to list all dependencies in lower-constraints

Change-Id: I5b213248be3a522accb48c2698a42f547fc9698a
2020-05-27 16:48:20 +02:00
Riccardo Pittau
542db84113 Set default timeouts for ironic inspector base job
The same timeout values are shared between different jobs and
they should just be the default for the base job.

Change-Id: Ic41fe7ade21ece2d1110ef8a6ccb74df6ddd2b6f
2020-05-27 14:19:57 +02:00
Hervé Beraud
5960cde402 Cap jsonschema 3.2.0 as the minimal version
Previous versions of jsonschema (<3.2.0) doesn't support python 3.8 [1].
Python 3.8 is part of the victoria supported runtimes [2] so we now force
to use jsonschema version 3.2.0 to avoid issues, remove ambiguity and ensure
that everything works with python 3 in general.

[1] https://github.com/Julian/jsonschema/pull/627
[2] https://governance.openstack.org/tc/reference/runtimes/victoria.html#python-runtimes-for-victoria

Change-Id: I944e60f8c1962bfa3b6478b14e682eeca7948098
2020-05-26 21:50:42 +02:00
Zuul
e15cfae6a7 Merge "Bump hacking min version to 3.0.1" 2020-05-26 05:39:53 +00:00
Zuul
ace96c47c9 Merge "Stop configuring install_command in tox." 2020-05-25 22:49:39 +00:00
maaoyu
5d61513923 Add py38 package metadata
Now that we are running the Victoria tests that include a
voting py38, we can now add the Python 3.8 metadata to the
package information to reflect that support.

Change-Id: I0aa7f17f72438dd8eefb8f223ff7222064e4e99c
2020-05-25 10:55:05 +08:00
Iury Gregory Melo Ferreira
06ee50077c Set tempest_test_timeout for managed job
Most of the failures in this job is because tempest couldn't
finish the test on a given time, we increased the introspection
timeout but we forgot to allow tempest to run for more than
20 min (default)

Change-Id: I25435fe93f2f6d6cd50befe9cdf6bb1e548cef88
2020-05-21 16:36:39 +02:00
zhangbailin
c2224fde50 Bump hacking min version to 3.0.1
flake8 new release 3.8.0 added new checks and gate pep8
job start failing. hacking 3.0.1 fix the pinning of flake8 to
avoid bringing in a new version with new checks.

Though it is fixed in latest hacking but 2.0 and 3.0 has cap for
flake8 as <4.0.0 which mean flake8 new version 3.9.0 can also
break the pep8 job if new check are added.

To avoid similar gate break in future, we need to bump the hacking min
version.

- http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014828.html

Change-Id: I2a903c90d72cd596ef976d9aab478f96a2750680
2020-05-21 07:47:46 +08:00
Zuul
8f572f6c41 Merge "Increase timeout for introspection in ironic-inspector-tempest-managed" 2020-05-20 19:10:34 +00:00
Andreas Jaeger
68ab6a01b6 Switch to newer openstackdocstheme and reno versions
Switch to openstackdocstheme 2.2.0 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems

Update Sphinx version as well.

Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.

Set openstackdocs_auto_version to not auto-version the documents.

Set openstackdocs_auto_name to use 'project' as name.

Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.

openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.

Change-Id: I9591e0f0215e9eb790ec2e3ea1a7ccbd55bb76d0
2020-05-20 10:59:56 +02:00
Riccardo Pittau
0a037c5ffa Increase timeout for introspection in ironic-inspector-tempest-managed
The job is often failing during introspection because of a timeout error,
so increasing the timeout value to prevent multiple rechecks.

Change-Id: I4da76ec3cf7b82f7aed30c087bbfe31cbea91f45
2020-05-19 15:23:28 +02:00
Zuul
a2018dabd9 Merge "Add Python3 victoria unit tests" 2020-05-19 12:01:30 +00:00
Zuul
25114c48c2 Merge "Stop running a periodic task for the noop PXE filter" 2020-05-19 09:10:32 +00:00
Zuul
d9c7af7c32 Merge "Treat endpoints with trailing slashes the same way as without them" 2020-05-18 15:29:17 +00:00
OpenStack Proposal Bot
9951b72e2a Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I607903f8ce15fe4e50f80ed1450d2ef7f28e944a
2020-05-16 06:54:47 +00:00
Zuul
c792a3e1fc Merge "Stop creating a green thread in the introspection unit tests" 2020-05-15 14:05:38 +00:00
Zuul
02e76ba9f4 Merge "No need to import print function anymore" 2020-05-15 12:20:48 +00:00