Added 'scope' property to IntrospectionRule and logic to check if a node
falls in the same scope.This allows introspection rules to be applied on
selected nodes instead of every one of them.
Story: 2006995
Task: 37763
Change-Id: I77034f032ea0ec16886afdd928546eb801f7a90a
The introspection API documentation does not include any detail at all
about the payload returned. That information is in the
ironic-python-agent documentation instead. Add a link to that location
to make it easier for someone trying to find out what introspection
data is returned to do so.
Change-Id: I972803ac700f25823ac6715d21dda09ebe40e307
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
This patch adds support to provide unprocessed introspection data
to reapply a node. The provided introspection data will be save to
current introspection storage backend.
Change-Id: I969ae9c32f53f89c006a64a006388ddea9542aa5
Story: 1564863
Task: 11344
Adds a new node field "manage_boot" to store this value. When it is set
to False, neither boot device nor power state are touched for this node.
Instead, we expect a 3rd party to handle them.
We still manage the PXE filter because the node may need DHCP.
Change-Id: Id3585bd32138a069dfcfc0ab04ee4f5f10f0a5ea
Story: #1528920
Task: #11338
1) Update doc links according to OpenStack document migration
2) Use https instead of http for docs links
Change-Id: Ic6ae704cc097e5f27d7f37e5a773f55f0c79a617
This experimental feature was deprecated in the Ocata release,
as it was found unstable, untested and dangerous.
API version is bumped to 1.12 to indicate this change to users.
Change-Id: I1aad6ddfd03946edc19ae510accd6c8daf5fc268
Closes-Bug: #1654318
When using the Inspector rules API to query existing introspection
rules, inspector does not return 'invert' or 'multiple' attributes of
conditions associated with the rules.
Change-Id: I08606cea676ecf57bbb3b73077c4832240fbe0d2
Closes-Bug: #1670372
This adds the node state when the GET /v1/introspection/<node uuid or
name> API is performed.
Change-Id: I81c6834933f789cb644a854313aacaf49a4856a7
Closes-Bug: #1665664
InfiniBand is computer-networking communications standard
used in high-performance computing, features very high
throughput and very low latency.
This patch allow ironic-inspector to add the client_id
to ironic port extra. The client_id option allow pxe boot
from InfiniBand interface.
Closes-Bug: #1532534
Depends-On: Ifad453977e5d3be64b34e544f269835a72b4d73f
Change-Id: I479d54c29bcacb6bd5c1ab20033ae6e428b0e744
This feature is dangerous, barely maintained and not covered by any CI.
As it was hidden behind a configuration option, we can remove it without
breaking our API contract too much. This change deprecates the option,
and create an API version with this feature already de-activated.
Change-Id: I9e05c36b8c1194f4eeeb80c1f811e808854974c4
Partial-Bug: #1654318
This patch introduces an API endpoint to list introspection statuses. The
endpoint supports pagination with an uuid-marker and a limit query string
fields. Due to the pagination, this change introduces a new configuration
option: ``api_max_limit``.
APIImpact
Change-Id: I74d02698801d5290619161b2d8d7181ab51a0a5e
Partial-Bug: #1525238
Enhance the introspection status with the fields:
* uuid
* started_at
* finished_at
Change-Id: I36caa7d954a9bfb029d3f849fdf5e73f06f3da74
Partial-Bug: #1525238
This change introduces new return code (201 instead of 200) for
POST /v1/rules endpoint on success rule creation.
API less 1.6 continues returning 200.
Default API version was changed from minimum to maximum
which Inspector can support.
Change-Id: I911c7c241d16b9948ee4b6db92b127c7f8f374ae
From now on only rely on the IPA inventory and 2 additional fields:
boot_interface and root_device.
Also updated unit tests to use one inventory example.
Also removed duplicating unit tests and checks in test_process.
Also removed devstack support for the old ramdisk.
Change-Id: Ib382328295fc2c1b9143171b1047304febadcaca
Nodes now accept names in addition to UUIDs, so this
updates the docs accordingly.
Change-Id: Ifdd3cea73f7c19a8cacdd662e44898300b43f5cf
Closes-Bug: #1584116
This change drops check on UUID validness from our API.
It also has a subtle effect of doing Ironic node fetching in
the introspection status and data fetch calls, which might make them
slightly longer (but only when name is used).
A new helper common.ironic.get_node is created to unify how we fetch nodes
from Ironic. It also provides nicer exceptions.
Change-Id: I20cf65e57910568b70a62c3f9269a962e78a07e2
Closes-Bug: #1523902
As requested in the related bug, this pull request allows to run the
introspection again on previously stored data. This should make it simple
to correct mistakes in the introspection rules.
For this purpose, new API entry point was introduced:
/v1/introspection/<UUID>/data/unprocessed that supports an empty POST
method to trigger the introspection over stored data. New function
`reapply` was introduced that takes care about the entry point and carries
out the introspection. The `process` function was modified to allow
reusing common parts in the new reapply function. The storage access
methods were updated to allow saving the "raw" memdisk data besides the
processed introspection data.
Following preconditions are checked the reapply function having been
triggered:
* no data is being sent along with the request
* Swift store is configured and enabled and the stored data is present
for the node UUID
* node_info object is cached for the UUID and it is possible to lock the
object
Should the preconditions fail, an immediate response is given to the user:
* 400 if the request contained data or in case Swift store is not enabled
in configuration
* 409 if it wasn't possible to acquire lock for the node_info object
* 404 in case Ironic didn't keep track of related BM node
If the preconditions are met, a background task is executed to carry out
the processing and a 202 Accepted response is returned to the endpoint
user.
As requested, these steps are performed in the background task:
* preprocessing hooks
* post processing hooks, storing result in Swift
* introspection rules
These steps are avoided, based on the RFE:
* not_found_hook is skipped
* power operations
Limitations:
* IMPI credentials are not updated --- ramdisk not running
* there's no way to update the raw data atm.
* the raw data is never cleaned from the store
* check for stored data presence is performed in background;
missing data situation still results in a 202 response
Change-Id: Ic027c9d15f7f5475fcc3f599d081d1e8d5e244d4
Closes-Bug: #1525237
Add new node_not_found_hook - enroll_node_not_found hook,
which allows to enroll unknown nodes to Ironic automatically.
Change-Id: If1528688504e4be4b2369b985bc576544d96868d
Related-Bug: #1524753
It is not currently possible to stop a running introspection. This
may be annoying for the operator, considering the amount of time it
takes for the bare metal node to call the continue API request,
especially knowing the introspection will fail/time-out eventually
(such as when debugging).
This patch introduces a REST API endpoint "POST
/v1/introspection/<node-UUID>/abort" in order to fill the gap. Upon the
abort method call, following preconditions are checked:
* there's a bare metal node matching the UUID
* introspection was not finished for the node
* introspection process is waiting for the node to give the continue call
Following Responses are returned to the caller in case the
preconditions were not met:
* 404 Response in case node wasn't found
* 409 Response (resource busy) in case the introspection process is not
waiting for the Continue call
Otherwise, a 202 Response is returned.
When the abort method is processed, the node is powered off and it is
black-listed in inspector's firewall to prevent it from booting the
introspection image. This happens asynchronously.
To prevent interference with the continue call processing, the
processing method was updated to give a 400 Response to the
introspection client in case continuing a finished or canceled
introspection.
Limitations:
* IMPI credentials are never updated in case introspection was canceled
* 202 response is returned even if the introspection was already finished
* the endpoint differs from requested "DELETE
/v1/introspection/<node-UUID>"
Links:
[1] https://bugs.launchpad.net/ironic-inspector/+bug/1525235
Change-Id: If043171f0d292ae2775dc1f26233dd4911599247
Closes-Bug: #1525235
* Stop requiring memory_mb, local_gb, cpu, cpu_arch, ipmi_address, interfaces;
take them from inventory instead
* Issue a warning when inventory is not supplied
* Raise an error when root device hints are requested but inventory
is not supplied
* Logging improvement around network interfaces handling
Closes-Bug: #1528831
Change-Id: Iaa1c34092463ff216379e30bcef55235517f6c92
* Flatten the directory structure (we don't have that many doc files)
* Dropped HTTP-API from the root so that we don't maintain 2 copies
* Fixed links all over the place
* Leave one copy of README text in the root and include it in docs
* Update 'tox -epep8' to also check docs
Change-Id: Ic14cb73668544be27c6b96b384f93b239e49acfd
This patch allows for API discovery via the root API endpoint and
version endpoints. These endpoints will return a json blob containing
all the information required to talk to the different API versions and
resources.
Change-Id: Id427f1ca542523afb3513b047e32b5aad39bf743
Closes-Bug: #1477959
This patch introduces a simple JSON-based DSL to run on introspected
data. Conditions and actions are provided via new plugin entry points.
This patch is missing PUT operation on a rule, this can be added later.
Also not all planned conditions and actions are added in this patch,
will also follow up.
Implements: blueprint rules
Change-Id: If4d17b5f1462d03879cb4c2ff4e5cb3ea364b697
This adds the ability to store all of the data collected
during introspection. The configuration option
"[processing] store_data" (defaults to 'none'), determines
this behavior. Initially, only 'none' and 'swift' are
supported. If 'swift' is used, the data is stored in Swift
with the object name of "inspector_data-<UUID>".
Adds an endpoint /v1/introspection/<UUID>/data which
retrieves the data according to the method in
"[processing] store_data". Returns 404 if this option
is disabled.
There is a further option to store the location of the data
in the Ironic Node.extra column. For 'swift', this will be
the name of the swift object. The option,
"[processing] store_data_location" determines the key
name in the Node.extra column. (defaults to not storing
the location).
Change-Id: Ibc38064f7ea56f85b9f5a77ef6f62a50f0381ff4
Implements: blueprint store-introspection-data
Also adds endpoints / and /v1 returning {} that a client can
use to learn current API versions.
Functional testing code is updated to support API versions.
Change-Id: I4ada89a0f5128dea2234ae652222dc9b7f408502
Implements: blueprint api-versioning
As agreed on the summit I'm renaming the python modules
and doing some adjustments:
* This is a breaking change, so version is bumped to 2.0.0
* Used this chance to split conf options over proper sections
* RELEASES.rst is gone; it's too hard to keep it up-to-date;
anyway git does better job at doing history
* Dropped deprecated option ports_for_inactive_interfaces
* Dropped old /v1/discover endpoint and associated client call
* No longer set on_discovery and newly_discovered in Node.extra
(deprecated since 1.0.0, superseded by the get status API)
* Default firewall chain name is "ironic-inspector" and
is configurable
Notes:
* Some links will be updated after real move.
* Stable branches will probably use the old name.
* Some usage of discovery word is left in context of
"discovered data"
* DIB element will probably be deprecated, so leaving it
alone for now.
* Some usages of word "discovery" in the README will be updated
later to make this patch a bit smaller
* Ramdisk code will be moved to IPA, so not touching it too much
Change-Id: I59f1f5bfb1248ab69973dab845aa028df493054e
* Split away HTTP API and make sure usage info is enough for users
* Drop release notes for unsupported 0.2
* Various link updates and small fixes
* Forward-port 1.0.1 release notes
Change-Id: Ifa2b306d4a6fff19abc1565dabe7f6609363dc08
Dmitry Tantsur
Zygimantas Matonis
Doug Hellmann
Riccardo Pittau
Kaifeng Wang
Will Miller
Dmitry Tantsur
shangxiaobj
chenxing
dparalen
Dmitry Tantsur
Annie Lezil
yaojun
Anton Arefiev
Anh Tran
Moshe Levi
Yosef Hoffman
Serge Kovaleff
Sam Betts
John Trowbridge