The current code never closes connection. Newer openstacksdk versions
register Connection.close with the atexit mechanism, so any connections
that are not explicitly closed stay in memory forever.
Change-Id: I18bbb460cbaa4f58f9e736c071571c38ced35892
Replace all instances of `datetime.datetime.utcnow()`,
which is deprecated, with the timezone-aware oslo's
`timeutils.utcnow()` method, across the Ironic project.
Change-Id: I421d8e9a8e0bcee3ce3344f925a55f4f9f0d695d
pytz will be removed from RHEL/CentOS 10 because of the built-in
zoneinfo[1].
Because the current usage of pytz can be very easily replaced, this
removes the dependency on pytz.
[1] https://issues.redhat.com/browse/RHEL-219
Change-Id: Iafcaf2f1095cd7c738dac391a9af10622806e932
This is the first in a series of commits to add support for codespell. This is continuning the process completed in ironic-python-agent.
Future Commits will add a Tox Target, CI support and potentially a git-blame-ignore-revs file if their are lots of spelling mistakes that could clutter git blame.
Change-Id: Icb4e66359c3e79618c916b35793ea7b5f79b030d
This change fixes inspector so a project scoped service role user
can connect to inspector, and a project scoped admin user can also
access inspector as the OpenStack community pivoted it's RBAC
direction after the original RBAC work was done, and inspector
was sort of forgotten about.
Closes-Bug: #2049098
Change-Id: Ide9420843a680b09d682062a99b2c88c0fcf5228
The stevedore library tends to put large number of logs especially when
debug is enabled.
This suppresses from this library, as is done in oslo.log by default.
Change-Id: I8989bdf132e8498093cbe05a7858a9315e858994
The backend_url option can sometimes contain secrets.
For example when redis coordination backend is used and authentication
is enabled in redis, the plain redis password is put as an URL element.
[coordination]
backend_url=redis://:password@127.0.0.1:6379
Closes-Bug: #2012246
Change-Id: If0f142a742d407e5e91e422ef3109002b37c475d
Flask 2.3 removed this method, with recommended way of running
startup actions explicitly as part of app initialization.
Change-Id: I5dea1320c9aa63c1ef1742382cb46ea7cc56b10b
Seems we forgot some leftovers of autocommit in our unit tests,
and we never updated our unit tests to the newer query style
for sqlalchemy 2.0.
This patch corrects those issues.
Change-Id: I9f3eb1f8efadd8438ac7dd69b06ea545b9a8ee5e
If redfish_address is in brackets, unwrap it
and check that it is a valid IPv6 address.
If that is the case use the unwrapped address
to avoid "Name or service not known".
Closes-Bug: #2036455
Change-Id: I0d194091be22e8401d379b7ffa720f8004cca3d0
The prior code uses the local time zone, in my case
prsently 'PST' which pytz doesn't grok, however it does
grok UTC, and CI runs in UTC, and the API, as far as I know,
conveys in UTC. So this should just be for consistency.
Change-Id: Ia47b6adfc18be54f8e9623b34ef34b66436828dc
Starting with https://github.com/python/cpython/pull/98797, Python's
Mock has its own _lock. I hope they rename it to something really
private (e.g. __lock), but for now rename our attribute (and hope that
no downstream plugins relied on it, sigh).
Change-Id: I7ba858fb3f259b8e7a3becde94b7ba6b90615287
Primarily remove the workaround added in
Ia6d512ff2ae417bab938cb095fbb0884d195010a which added
continued use of autocommit, which is incompatible with
SQLAlchemy 2.0.
Also set the environment for unit tests to report compatability
warnings, although it appears none are being reported at this time.
Also cuts out the db upgrade cruft to only use the online database
migration code through oslo_db's enginefacade, which has the smarts
to handle online or offline migrations.
And then, retools unit/functional test data storage to utlize sqlite,
and in that re-tooled the queries to prevent locking conditions
which could exist with queries, and some additional refactoring/cleanup.
Also, don't mock and test time.sleep().
Additionally, it looks like we have discovered the root cause of the
memory/connection leakage issue which has been observed, due to the
way lists of nodes are processed/returned.
This change was based upon the work in
I506da42a9891a245831f325e34bec92e0a3f33f0 which is included in
this commit as the entire database structure and interaction
has been modified for ironic-inspector.
Co-Authored-By: aarefiev <aarefiev@mirantis.com>
Story: 2009727
Task: 44132
Change-Id: Ic88eb9dec5fddc924a72d9a23c17a304954ebf46
All strings are considered as unicode literal string from Python 3.
This patch drops the explicit unicode literal (u'...')
appearances from the unicode strings.
Change-Id: I662c72686a7e0404da62fb677c666885ff5ac65a
Follow the same process of root device selection as in IPA
which changed in https://review.opendev.org/c/openstack/ironic-python-agent/+/850861
The change introduces 'skip_block_devices' field into properties which
contains a list of hints pointing to devices that cannot be root devices
Change-Id: I94c8607ef9c610eadf1b5bce4fb154e97939a643
oslo.db 12.1.0 has changed the default value for the 'autocommit'
parameter of 'LegacyEngineFacade' from 'True' to 'False'. This is a
necessary step to ensure compatibility with SQLAlchemy 2.0. However, we
are currently relying on the autocommit behavior and need changes to
explicitly manage sessions. Until that happens, we need to override the
default.
Change-Id: Ia6d512ff2ae417bab938cb095fbb0884d195010a
Co-authored-by: Stephen Finucane <stephenfin@redhat.com>
What hit us was a regression in 2.2.0. The hack we landed only fixes one
URL (e.g. /v1/rules/ is still broken) and leaves some redundant code in place
around path handling. Werkzeug 2.2.1 fixes our problems.
Reverts commit 97f4e98d0b.
Story: #2010193
Task: #45904
Depends-On: https://review.opendev.org/c/openstack/requirements/+/851500
Change-Id: Ice7e9499fbb2585d353ece7c5fa30e425e92d362
Werkzeug 2.2.0 included a major rewrite[0] of the rule matching logic
which was to improve performance. Unfortunately it necessitates a
few minor changes to our logic.
This is sort of similar to the sushy-tools[1] change, except in this
case ironic-inspector utilizes it's own internal decorator to register
URLs. In this case, we needed to make it a little smarter to handle
the possible version path interaction.
[0]: https://github.com/pallets/werkzeug/pull/2433/files
[1]: https://review.opendev.org/c/openstack/sushy-tools/+/851162
Change-Id: Ia0f7ec9b4ce01967c06b64dc29e25c2e43e8a8b9
Story: 2010190
Task: 45892
as a followup to I24b08612c4ffc6aca60ca08f3ff5cc769c7c041d,
this solves the case when connectivity between inspector and ironic is
broken, which can lead to the same FSM being stuck in uninitialized mode
it can't get out of w/o restart.
Change-Id: Ie238a2fca7cc5ef4961c0cb0e639ffbbe69556f7
Story: #2008971
Task: #42611
When using nginx to terminate TLS (like it's done in Bifrost), it's more
secure to use a Unix socket for communication, so that local users
cannot access plain text communication.
Change-Id: I37b762cca035b5855deb92635c29e8eb97a87c20
It turns out that eventlet has been injecting a
``Transfer-Encoding`` header as of recent into WSGI application
response headers. The result of this ultimately depends on how
the HTTP client which is passing the request to the server is
written to handle data.
Apache, for example, will return that an invalid response was
received. In part because it sees the request end, with an HTTP
204 response code, but also an encoding indicating there is
a multipart body encoding inbound. Which is confusing.
Other C based HTTP clients can have any number of reactions up to
and including disconnecting sessions. Curl, depending on the
headers present either returns success but notes body weirdness
or actually returns return code 18.
Python-Requests kind of has it a little worse, and we see this
with clients. With it, it tries to prepare a respones content
body based upon the presence of the header indicating there is
a body. But it blows up thinking there is more data to read on
the socket when there is not more data to read.
Regardless, all of this is an RFC7230 violation.
Neither Content-Length nor Transfer-Encoding should be on an HTTP
204 response. However, Content-Length is the lesser evil, and we
have a similar endpoing in Ironic which *does* explicitly get
returned with a zero length content-length, and does not
demonstrate such issues.
As such, in the interest of the lesser evils until Eventlet's evil
ways of header injection are remedied, we're explicitly going to
force a Content-Length header to be sent indicating a zero length
response.
For more information, please see: https://github.com/eventlet/eventlet/issues/746
Change-Id: I014cc65c79222f4d4d7c2b6ff11a76e56659340c
This commit add support for state selector to the list introspection.
* ``GET /v1/introspection?state=[starting, waiting, processing,
finished, error, reapplying,
enrolling]``
Story: 1625183
Task: 11350
Change-Id: I2c5222110487a08a4e7b1efbcbc5dc3d552fae3e