Apparently, virtual floppies on some machines are represented as normal
block devices, but with size = 0. We should filter them out in ironic-lib,
but for now at least don't fail miserably.
Story: #2007907
Task: #40308
Change-Id: Ia96a9a8b85841612fb13616754bfdbf651b212d8
Periodically elect a leader to do the cleanup sync with
Ironic (to avoid unnecessary calls to Ironic in a
multi-inspector setup).
Add config option 'leader_election_interval' to control
the period in which the leaders is elected.
Co-authored-by: Arne Wiebalck <arne.wiebalck@cern.ch>
Story: #2007801
Change-Id: I6f60aea41865f09f9e53e5d91b1e887f0b39efbd
Some operators simply don't need the periodic clean up sync
task as part of their ironic deployment with ironic-inspector
as they are not using the PXE filtering to manage access for
machines as part of discovery.
In these "standalone" use cases, there is typically no neutron,
and everything is managed externally from ironic-inspector.
Change-Id: I0036b2cdb7d562e90855ccabd108392f2f97c6f9
Adds a new option to set arbitrary fields on newly discovered nodes,
which is useful to e.g. set non-default driver interfaces.
Change-Id: I2e23fde9c5aae00ed39bd60c204e7c3eb029586a
Story: #2007771
Task: #40091
This change documents configuring inspector for client-side
authentication with a standalone Ironic API service.
Since this documention refers to a keystone auth feature which is
about to be released, requirements and lower-constraints are updated
to reflect the required release (see https://review.opendev.org/737365 ).
Change-Id: I567fc8c7f2147339856563ad880334791f93d99b
Morden bare metals usually support PXEs from all NICs, in
our current logic only the port matching mac address in the
BOOTIF will be set to pxe-enabled. This does not work for UEFI
nor user friendly to bonding.
This patch adds a configuration option [processing]update_pxe_enabled
to control whether this field should be updated according to
introspection data, defaults to False to keep backwards compatibility.
Change-Id: I6f3b00180f62dc6f500ac2cdb5d8f8cc7c7190cf
- Removed ironic-inspector-non-standalone-tempest
- add the non-standalone case to ironic-inspector-tempest-managed and
make voting in check and gate.
- Renamed ironic-inspector-tempest-managed to match the new scenario.
- Keep a copy of ironic-inspector-tempest-managed
Change-Id: Icf9406c2b9e2829a36fa37e49b2692a76d67bdb6
Link local address is a valid address on IPv6 network when we are using
SLAAC instead of DHCPv6, current interface validation bypass link local
address and fails the introspection.
Interfaces without link carrier don't have link local addresses so this
should be fine.
Change-Id: I4cf195fc8906a2d91989df3f588e1e96ca9684b1
Story: 2007816
Task: 40094
The cimc driver was removed from ironic some time ago
and as such it does not make sense to continue to include
the reference in ironic-inspector.
Change-Id: I4f226b79e66ae19402a2700160b2f0cd8f783470
The previous uwsgi invocation assumed that the uwsgi binary is in the
same directory as the project binaries are installed into (probably
/usr/bin). That may not be correct -- for example if using a packaged
uwsgi on Fedora the binary will live in /usr/sbin/uwsgi (not /usr/bin
where the project files from pip are).
Switch the invocation to just find it in the path.
Additionally, grenade is disabled, otherwise we cannot land this change
without fixing stable branches first.
Depends-On: https://review.opendev.org/#/c/731159/
Change-Id: I66d0554dc6d0ec6ef019b5310cd887a5415c2e03
The mock third party library was needed for mock support in py2
runtimes. Since we now only support py36 and later, we can use the
standard lib unittest.mock module instead.
Change-Id: Iccf78a04a66dcef383d9e38ac3990f3c838bdf84
When the config option ``auth_strategy`` is set to ``http_basic`` then
non-public API calls require a valid HTTP Basic authentication header to be
set. The config option ``http_basic_auth_user_file`` defaults to
``/etc/ironic-inspector/htpasswd`` and points to a file which supports the
Apache htpasswd syntax[1]. This file is read for every request, so no
service restart is required when changes are made.
The only password digest supported is bcrypt, and the ``bcrypt``
python library is used for password checks since it supports ``$2y$``
prefixed bcrypt passwords as generated by the Apache htpasswd utility.
To try basic authentication, the following can be done:
* Set ``/etc/ironic-inspector/inspector.conf`` ``DEFAULT`` ``auth_strategy``
to ``http_basic``
* Populate the htpasswd file with entries, for example:
``htpasswd -nbB myName myPassword >> /etc/ironic-inspector/htpasswd``
* Make basic authenticated HTTP requests, for example:
``curl --user myName:myPassword http://localhost:6385/v1/introspection``
[1] https://httpd.apache.org/docs/current/misc/password_encryptions.html
Change-Id: If50dfbfc18445ad9fe27e17cb0ee1b317ff25a0b
Depends-On: https://review.opendev.org/729070
Story: 2007656
Task: 39826
The default value is inherited from ironic-base.
Depends-On: I8496ccc32c633e167be2083448d4f267865f07fa
Change-Id: Ib1985274bbc679a621d5a68f9bcf5491512913cd
The same timeout values are shared between different jobs and
they should just be the default for the base job.
Change-Id: Ic41fe7ade21ece2d1110ef8a6ccb74df6ddd2b6f
Now that we are running the Victoria tests that include a
voting py38, we can now add the Python 3.8 metadata to the
package information to reflect that support.
Change-Id: I0aa7f17f72438dd8eefb8f223ff7222064e4e99c
Most of the failures in this job is because tempest couldn't
finish the test on a given time, we increased the introspection
timeout but we forgot to allow tempest to run for more than
20 min (default)
Change-Id: I25435fe93f2f6d6cd50befe9cdf6bb1e548cef88
flake8 new release 3.8.0 added new checks and gate pep8
job start failing. hacking 3.0.1 fix the pinning of flake8 to
avoid bringing in a new version with new checks.
Though it is fixed in latest hacking but 2.0 and 3.0 has cap for
flake8 as <4.0.0 which mean flake8 new version 3.9.0 can also
break the pep8 job if new check are added.
To avoid similar gate break in future, we need to bump the hacking min
version.
- http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014828.html
Change-Id: I2a903c90d72cd596ef976d9aab478f96a2750680
Switch to openstackdocstheme 2.2.0 and reno 3.1.0 versions. Using
these versions will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems
Update Sphinx version as well.
Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.
Set openstackdocs_auto_version to not auto-version the documents.
Set openstackdocs_auto_name to use 'project' as name.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
Change-Id: I9591e0f0215e9eb790ec2e3ea1a7ccbd55bb76d0
The job is often failing during introspection because of a timeout error,
so increasing the timeout value to prevent multiple rechecks.
Change-Id: I4da76ec3cf7b82f7aed30c087bbfe31cbea91f45