Adds a configuration option [iptables]ip_version to specify the
desired ip version for the iptables pxe filter, which can be set to
4 or 6. When set to 6, the iptables pxe filter will use ip6tables
command to manage rules for the port 547 which is the port of DHCPv6
server side.
The string type is used to make room for the future, when there is need
to automatically determine ip version from the binding interface.
Change-Id: I7de2be5950a23def3ec6490f2e6dfa3d5c42798a
Story: 1756012
Task: 11411
Otherwise it's not possible to modify them, since they're not updated
via the regular node updating mechanism.
Change-Id: I338015ff9dafe07f4e70a23ddcf6cd488eda9907
Story: #2003788
Task: #26496
The dnsmasq pxe filter takes start/stop commands for the
dnsmasq service as options. Restarting the systemd service
requries root access.
This change adds a rootwrap filter to allow systemctl
control of the dnsmasq service.
NOTE: The systemd service name is the one used in the RDO
distribution. Additional filters may be needed for other
distributions.
Story: 2002818
Task: 24754
Change-Id: Ie961ec4d3b6b65a462e2d2493f5b9240c2bfa7a6
[DEFAULT]node_status_keep_time is deprecated long ago [1], this
patch removes it so that inspector will not automatically remove
node status in regards to configuration option.
This also make sense when we use other store backends in the
future.
Change-Id: I8261ce115fdb03ffcfe3a1cc4ca7c8ec747be832
Related-Bug: #1695858
This removes deprecated [iptables]manage_firewall and code.
Other deprecation markers relate to [firewall] are removed as well.
Change-Id: I449e16975b05a331b08dd160e0dec4a7c3cf6734
Story: #1665666
Task: #11358
At the beginning of introspection, ironic inspector sets boot device and
reboot node through ironic, currently it only stops when reboot the node
is failed. Actually the node is not guaranteed to reboot with pxe in either
case.
This patch eliminates the descripency, so that if anything goes wrong, it
will be exposed early.
Change-Id: I416e42137e59e04f7fd282aa309f2f89cf574209
Story: #2002977
Task: #22985
Modify introspection rules to allow formatting to be applied to strings
nested in dicts and lists in the actions.
Change-Id: Ia53e0de98438f7789e9b9136dcd85c1b1274b713
Story: #1670768
Task: #11362
This changes the dnsmasq PXE filter so that it keeps
macs that are no longer in ironic blacklisted unless
introspection is active or node_not_found_hook is set.
Replacing the previous behaviour that would
exclusively whitelist macs that are no longer in
ironic.
Story: 2001979
Task: 19589
Change-Id: Ib417089116dcbfb25f759708ee3cddcb88ae2111
Adds a new node field "manage_boot" to store this value. When it is set
to False, neither boot device nor power state are touched for this node.
Instead, we expect a 3rd party to handle them.
We still manage the PXE filter because the node may need DHCP.
Change-Id: Id3585bd32138a069dfcfc0ab04ee4f5f10f0a5ea
Story: #1528920
Task: #11338
Currently the default API version used when creating ironic client
objects is 1.19, which was from the Newton (6.1.0) release. While it is
possible to create a client object with a more recent version within
plugins, introspection rules always use the default. This prevents
access to and updating of fields added in versions after 1.19.
This change updates the default ironic API version to 1.38, which was
the version at the time of the most recent Queens series release
(10.1.0).
Change-Id: I395f18612e20d4f7d71e503391ca2381bad68192
Story: 2002166
Task: 20017
Unless one or more nodes are on introspection and
node_not_found_hook is not set a dhcp_hostsdir ignore
record for wildcard mac '*:*:*:*:*:*' is maintained.
The iptables filter driver blocks DHCP requests on the
Inspector interface unless one or more nodes are on
introspection and node_not_found_hook is not set.
This change brings the dnsmasq filter driver to parity
by implementing logic similar to the iptables driver.
Related: rhbz#1574672
Story: 2001970
Task: 16864
Change-Id: Ibdd2210ecb3833a0d91205a7919122b7c0576b9e
The fake classic driver will be removed this release.
Depends-On: Ia0e95cbc1bb4dbd32793705b876ab8b474b753ad
Change-Id: I85f2a2a3ed1ca689c639c60e86853c821e808105
This adds signal handler to reload mutable configuration options
on SIGHUP.
It has to be done manually, because ironic-inspector doesn't use
oslo.service.
Change-Id: I38955fe9dbfd339df2a10dcbb55e996bf515034a
Story: #1585595
Task: #12543
These calls are subject to transient network problems, we should
not abort ironic-inspector process in this case. Also due to
bug 1748893 the port listing API can sometimes return HTTP 400.
This change retries port listing 5 times with 1 second break
before aborting the periodic task and thus the process.
This change introduces a dependency on the retrying library,
which is already widely used in OpenStack (including ironic).
Change-Id: I92fd70ca5692ce9f6798eedf9e540d5aa7c6f1af
Closes-Bug: #1748893
When the processed lldp data is used for setting the local_link_connection
switch_id, it will set it even if the Chassis ID is not a mac. Need to
only set it when the ChassisId is a mac address, as is done when using
non-processed lldp data. Ironic validates that switch_id is either a
mac address or OpenFlow datapath ID.
This fixes a regresssion introduced in Pike.
Change-Id: I566acb5b19852b541df7554870ab2666f7df9614
Closes-Bug: 1748022
We should override the 'auth_type' to 'none' when using the old way of
setting up authentication with 'auth_strategy' so we can override the
default 'auth_type' value before getting the session information.
This fixes the following issue
Unhandled error: MissingRequiredOptions: Auth plugin requires parameters which were not given: auth_url
This also adds a new testcase to test the strategy='noauth' scenario.
Closes-Bug: #1748263
Change-Id: I875e2b17f5c6829ad81f86c32959cb106bf57e53
Now we have docs, lets point people there rather than attempting to
maintain a copy in tree.
Also update the devstack plugin to build ironic.conf from scratch rather
than from the sample.
Change-Id: Id65a4f803832fefe467d59147c39d2dea604ed3c
Inspector sets API urls for ironic and swift from the config.
The better way would be to discovery them from the keystone
catalog.
Supporting this requires to register keystoneauth adapter
options to all config sections for service clients auth.
swiftclient still does not support adapter session client, so
pass all options from adapter explicitly.
New options were added 'service_type`, `service_name`, `region_name`
`endpoint_override`, `interfaces`.
Related-Bug: #1699547
Change-Id: I2e7ec02fdeeea21ef43136ddeabc98d499a8ba7f
Co-Authored-By: Anton Arefiev <aarefiev@mirantis.com>
We now use the project openstack/ironic-tempest-plugin to store our
tempest plugin. All content from the
ironic_inspector/test/inspector_tempest_plugin/ directory has been
ported to that project.
We no longer want to have the plugin content stored here so we can
now delete it.
Change-Id: Ia8ea3a74d5aba1ea27eb6715c21667a30bac56b4