This change drops check on UUID validness from our API.
It also has a subtle effect of doing Ironic node fetching in
the introspection status and data fetch calls, which might make them
slightly longer (but only when name is used).
A new helper common.ironic.get_node is created to unify how we fetch nodes
from Ironic. It also provides nicer exceptions.
Change-Id: I20cf65e57910568b70a62c3f9269a962e78a07e2
Closes-Bug: #1523902
As requested in the related bug, this pull request allows to run the
introspection again on previously stored data. This should make it simple
to correct mistakes in the introspection rules.
For this purpose, new API entry point was introduced:
/v1/introspection/<UUID>/data/unprocessed that supports an empty POST
method to trigger the introspection over stored data. New function
`reapply` was introduced that takes care about the entry point and carries
out the introspection. The `process` function was modified to allow
reusing common parts in the new reapply function. The storage access
methods were updated to allow saving the "raw" memdisk data besides the
processed introspection data.
Following preconditions are checked the reapply function having been
triggered:
* no data is being sent along with the request
* Swift store is configured and enabled and the stored data is present
for the node UUID
* node_info object is cached for the UUID and it is possible to lock the
object
Should the preconditions fail, an immediate response is given to the user:
* 400 if the request contained data or in case Swift store is not enabled
in configuration
* 409 if it wasn't possible to acquire lock for the node_info object
* 404 in case Ironic didn't keep track of related BM node
If the preconditions are met, a background task is executed to carry out
the processing and a 202 Accepted response is returned to the endpoint
user.
As requested, these steps are performed in the background task:
* preprocessing hooks
* post processing hooks, storing result in Swift
* introspection rules
These steps are avoided, based on the RFE:
* not_found_hook is skipped
* power operations
Limitations:
* IMPI credentials are not updated --- ramdisk not running
* there's no way to update the raw data atm.
* the raw data is never cleaned from the store
* check for stored data presence is performed in background;
missing data situation still results in a 202 response
Change-Id: Ic027c9d15f7f5475fcc3f599d081d1e8d5e244d4
Closes-Bug: #1525237
This was designed to clean up action effects, but proved too confusing.
We should recommend using explicit clean up action instead.
Change-Id: Ia414979956cc0cbd5ed040831c49dba18671f86d
Introspection naturally happens in large bulks, after which it's inactive.
Small pool for DHCP addresses means that we'll have conflicts due to how
dnsmasq distributes them by default - using hashing. This option tells dnsmasq
to allocate IP addresses sequentially instead to avoid these conflicts.
See https://bugzilla.redhat.com/show_bug.cgi?id=1301659 for detailed analysis.
The drawback of this option is that long-running clients may switch IP
addresses if their lease expires. This is not a concern for short introspection
process.
This change may obsolete the need in the delay between 2 introspections.
Change-Id: Id277f3d31902bee16d3b048dbde5c34af905f0bc
Add new node_not_found_hook - enroll_node_not_found hook,
which allows to enroll unknown nodes to Ironic automatically.
Change-Id: If1528688504e4be4b2369b985bc576544d96868d
Related-Bug: #1524753
Some conditions do not have a native counterparts, so we need a way
to invert them (aka NOT operation). This patch adds a new generic
parameter "invert", defaulting to False.
Change-Id: I50342689ba52346a5a4fbf362536b629fc688986
Now, if operators want to check some attribute isn't specified,
they should use 'eq' condition with None, '', etc values:
{'op': 'eq', 'field': 'inventory.bmc_addres', 'value': ''}
It would be useful to have condition plugin witch verify this case,
'is-empty' checks that field is empty string, list, dict or None value:
{'op': 'is-empty', 'field': 'inventory.bmc_addres'}
Change-Id: I6596a067e769530092c3db34405e0f0917d2f052
Conditions: ``field`` supports new format, it allow to comparison
data both from inspection and node info:
{'field': 'node://ironic/style/path', 'op': 'eq', 'value': 'val'}
{'field': 'data://introspection/path', 'op': 'eq', 'value': 'val'}
Actions: ``value`` supports fetching data from introspection, it's
using python string formatting notation:
{'action': 'set-attribute', 'path': '/driver_info/ipmi_address',
'value': '{data[inventory][bmc_address]}'}
Related-Bug: #1524753
Change-Id: Ie05f82e7a29fba2f743217f0893c085fd843cd5b
Add paragraph on how to set resolvconf on Ubuntu 14.04 to not break when
installing ironic-inspector.
Change-Id: I9549700c6cfdfb31cc348d6502741a927f60814a
It is not currently possible to stop a running introspection. This
may be annoying for the operator, considering the amount of time it
takes for the bare metal node to call the continue API request,
especially knowing the introspection will fail/time-out eventually
(such as when debugging).
This patch introduces a REST API endpoint "POST
/v1/introspection/<node-UUID>/abort" in order to fill the gap. Upon the
abort method call, following preconditions are checked:
* there's a bare metal node matching the UUID
* introspection was not finished for the node
* introspection process is waiting for the node to give the continue call
Following Responses are returned to the caller in case the
preconditions were not met:
* 404 Response in case node wasn't found
* 409 Response (resource busy) in case the introspection process is not
waiting for the Continue call
Otherwise, a 202 Response is returned.
When the abort method is processed, the node is powered off and it is
black-listed in inspector's firewall to prevent it from booting the
introspection image. This happens asynchronously.
To prevent interference with the continue call processing, the
processing method was updated to give a 400 Response to the
introspection client in case continuing a finished or canceled
introspection.
Limitations:
* IMPI credentials are never updated in case introspection was canceled
* 202 response is returned even if the introspection was already finished
* the endpoint differs from requested "DELETE
/v1/introspection/<node-UUID>"
Links:
[1] https://bugs.launchpad.net/ironic-inspector/+bug/1525235
Change-Id: If043171f0d292ae2775dc1f26233dd4911599247
Closes-Bug: #1525235
Both check a value against a regular expression. The former requires
full match, while the latter requires matching anywhere in the string
representaion of value.
Change-Id: Ia59d17d6f8383aed97696d678fc1e7e329242692
* Stop requiring memory_mb, local_gb, cpu, cpu_arch, ipmi_address, interfaces;
take them from inventory instead
* Issue a warning when inventory is not supplied
* Raise an error when root device hints are requested but inventory
is not supplied
* Logging improvement around network interfaces handling
Closes-Bug: #1528831
Change-Id: Iaa1c34092463ff216379e30bcef55235517f6c92
Deprecated since liberty. We used to need it because ironic didn't have
'manageable' and 'enroll' states when ironic-inspector was started.
Change-Id: Ia38c40806836820219e86fe277ffd0b2fbd9ec58
Closes-Bug: #1506347
* Flatten the directory structure (we don't have that many doc files)
* Dropped HTTP-API from the root so that we don't maintain 2 copies
* Fixed links all over the place
* Leave one copy of README text in the root and include it in docs
* Update 'tox -epep8' to also check docs
Change-Id: Ic14cb73668544be27c6b96b384f93b239e49acfd
Dmitry Tantsur