Allows nodes with a single IP stack to be deployed from a dual-stack
Ironic.
Detecting advertised address and usable Ironic URLs are done completely
independently which does open some space for a misconfiguration. I hope
it's not likely in the reality, especially since this feature is
targetting advanced standalone users.
Change-Id: Ifa506c58caebe00b37167d329b81c166cdb323f2
Closes-Bug: #2045548
If the node is locked, a lookup cannot be performed when an agent
token needs to be generated, which tends to error like this:
ironic_python_agent.ironic_api_client [-] Failed looking up node
with addresses '00:6f:bb:34:b3:4d,00:6f:bb:34:b3:4b' at
https://172.22.0.2:6385. Error 409: Node
c25e451b-d2fb-4168-b690-f15bc8365520 is locked by host 172.22.0.2,
please retry after the current operation is completed..
Check if inspection has completed.
Problem is, if we keep pounding on the door, we can actually worsen
the situation, and previously we would just just let tenacity
retry.
We will now hold for 30 seconds before proceeding, so we have
hopefully allowed the operation to complete.
Also fixes the error logging to help human's sanity.
Change-Id: I97d3e27e2adb731794a7746737d3788c6e7977a0
Use pure json instead of jsonutils.
Borrow encode function from oslo.serialization to be used in the
utils module.
Change-Id: Ied9a2259a4329a86b4f0853bd1fb187563c0a036
Pbr is a very heavy package to depend on. It requires git-core, which is
16 MiB on my Fedora. We only use it to detect the version, which can be
done without pbr using a much lighter importlib_metadata.
Copied from https://review.opendev.org/c/openstack/osprofiler/+/739379
Change-Id: I5f434e6bfde6f645804941f3a36d5458a28270e7
Typically, the Ironic API client in IPA will autodetect the API version
based on the output of a GET of the root of the API. If for some reason
this API endpoint is restricted, or the operator wishes to limit the
Ironic API version IPA uses, they can now set CONF.ironic_api_version to
avoid autodetection and force a version.
Change-Id: Ib96a1057792f45f2e4554671e32c436140463ee8
Adds a new flag (on by default) that enables generating a TLS
certificate and sending it to ironic via heartbeat. Whether
ironic supports auto-generated certificates is determined by
checking its API version.
Change-Id: I01f83dd04cfec2adc9e2a6b9c531391773ed36e5
Depends-On: https://review.opendev.org/747136
Depends-On: https://review.opendev.org/749975
Story: #2007214
Task: #40604
The latter has a more natural API and does not have a hard requirement
of eventlet. It is already a dependency of ironic-lib.
Change-Id: I68de9e989af137b34c19bbaf9b7c0a5ba6e1d4e3
Heartbeat connection errors are often a sign of a transitory
network failures which may resolve themselves. But an operator
looking at the screen doesn't necessarilly know that.
They don't understand that there could have been a network
failure, or a misconfiguration that caused the connectivity
failure and soft of kind of default to "well it failed"
without further clarification.
As such, this patch adds explicit catching of the requests
ConnectionError exception and rasies a new internal error
with a more verbose error message in that event to provide
operators with additional clarity.
Change-Id: I4cb2c0d1f577df1c4451308bd86efa8f94390b0c
Story: 2008046
Task: 40709
Adds a new kernel parameter for manual configuration and also creates
foundation for automatic TLS support later.
Change-Id: If341c3a8a268fc8cab6bd6be04b12ca32b31c8d8
Story: #2007214
Task: #40619
Agent lookups can fail as we presently use logging.exception,
better known in our code as LOG.exception, which can also generate
other fun issues on journald based systems where additional errors
could be raised resulting in us being unable to troubleshoot the
the actual issue.
Because of the mis-use of LOG.exception and the default behavior
of the backoff retry handler, the retry logic was also not
functional as any error no matter how small caused IPA to
just exit.
Change-Id: Ic4608b7c6ff9773d1403926efb3d59869c71343b
Story: 2007968
Task: 40465
Adds support to the agent to receive, store, and return
that token to ironic's API, when supported.
This feature allows ironic and ultimately the agent to
authenticate interactions, when supported, to prevent
malicious abuse of the API endpoint.
Sem-Ver: feature
Change-Id: I6db9117a38be946b785e6f5e75ada1bfdff560ba
In order for Ironic to know what parameters can be sent to IPA commands,
Ironic needs to know which version of IPA it is talking to. This patch
adds a new node heartbeat parameter agent_version which will carry the IPA
version information to Ironic.
Change-Id: I27e3311accf3a113a48a73df372ed46ff50c7e22
Partial-Bug: #1602265
Depends-On: I400adba5d908b657751a83971811e8586f46c673
This change introduces a new base test class that mocks out
utils.execute and forces an exception if it gets called.
This has rooted out many tests that were doing this as a side effect of
calling other functions, doing things like modprobe and running iscsi
on the host's actual machine.
The tests are all now appropriately patched in places where this was
happening, and the new base class permanently prevents this from
accidentally happening again.
If you really want to call utils.execute() then you need to re-mock it
in your unit test.
Change-Id: Idf87d09a9c01a6bfe2767f8becabe65c02983518
Add missing 'autospec' keyword argument to mock.patch and
mock.patch.object calls. Use 'autospec=True' except for a few cases
where it fails because the mocked function is a @classmethod and it
doesn't work. In that case explicity set it to 'autospec=False'
Change-Id: I620dce91abaa4440e1803aeefb3e93c0b65d1419
Parse the output of "ip route get $IP" taking
IPv6 into consideration. Also wrap the IP address
in square brackets if it is IPv6.
Change-Id: Ifc44e5aa3c5b814b6ceba04461bb68fe1d75c22b
Closes-Bug: #1650533
Lookup/Heartbeat via vendor passthru was deprecated in Newton.
This patch removes the corresponding functionality from IPA,
and also removes handling of 'ipa-driver-name' kernel parameter,
as it was only used in code related to old passthru.
Change-Id: I2c7989063ab3e4c0bae33f05d6d2ed857a2d9944
Closes-Bug: #1640533
In noauth mode when running stable/mitaka, Ironic responds to the
initial lookup request with code 406, NOT_ACCEPTABLE, due to the client
supplied microversion of 1.22 by IPA.
As such, we should fallback upon receiving the 406 error code.
Related-Bug: #1616461
Change-Id: Ief9c151cf27a3c38c33a837bb7d6581868a3dc22
Prior to this patch the ironic-python-agent service would only fallback
to use the old endpoints for /lookup and /heartbeat on a 404 error but,
since Ironic will check auth (if enabled) before it routes the requests
a 401 (Unauthorized) was returned.
Closes-Bug: #1612696
Change-Id: Idba5fed587e77aaa683d2c2b2126a520214712ce
Falls back to vendor passthru on receiving 404.
Also fixes logging around lookup: log traceback on unexpected
exceptions, log successful lookup and replace % with ,
Change-Id: I7160c99ca63585fc333482fa578fdf5e0962b2b6
Depends-On: I9080c07b03103cd7a323e2fc01be821733b07eea
Partial-Bug: #1570841
To support multi-tenant networking in Ironic we need to be able to
discover not just the NICs a baremetal machine has but also the physical
connectivity to switches in the network.
This patch collects LLDP (Link Layer Discovery Protocol) data as part of
the list interfaces stage of the generic hardware manager. This
information can then be processed by the ironic inspector to populate
the local link information on each ironic port.
The processing done on this data in ironic python agent is limited, this
is to allow for server side processing hooks to process as much or as
little of the data as they want. This is to allow for multi-vendor
environments that might use different parts of the LLDP packet to use a
generic ramdisk and configure the processing server side using inspector
plugins.
Reserved fields switch_port_descr and switch_chassis_descr have been
deprecated for removal in Ocata in favor of passing the whole packet.
Change-Id: Idae9b1ede1797029da1bd521501b121957ca1f1a
Partial-Bug: #1526403
These flags will be processed in a new ironic-inspector plugin
to support setting capabilities like cpu_vt (virtualization enabled).
Change-Id: I5fe9310c316841eabdd2d5e2ef2ae30afa03d29a
Partial-Bug: #1571580
In the DIB build the DHCP code (provided by the dhcp-all-interfaces element)
races with the service starting IPA. It does not matter for deployment itself,
as we're waiting for the route to the Ironic API to appear. However, for
inspection it may result in reporting back all NIC's without IP addresses.
Inspection fails in this case.
This change makes inspection wait for *all* NIC's to get their IP addresses up
to a small timeout. The timeout is 60 seconds by default and can be changed
via the new ipa-inspection-dhcp-wait-timeout kernel option (0 to not wait).
After the wait inspection proceedes in any case, so the worst downside
is making inspection 60 seconds longer.
To avoid waiting for NIC's that are not even connected, this change extends the
NetworkInterface class with 'has_carrier' field.
Closes-Bug: #1564954
Change-Id: I5bf14de4c1c622f4bf6e3eadbe20c44759da5d66
This patch is fixing a programmatic error in the heartbeat() method of
the APIClient() class. When 409 (Conflict) was returned from the the
Ironic API the code wasn't parsing the content of the response
correctly.
Change-Id: I01fbb8d866b2f94fe128d0bc40b69d05b5add1a3
Closes-Bug: #1556199
It's normal that ironic returns 409 Conflict from time to time, so
it's a bit confusing that we report this with Exception level and
traceback.
Change-Id: I1627c61facc3fadd0f5d9d324150e7d2833c7fbc
Closes-Bug: #1533113
The code that comprises the backoff looping call moved to
oslo.service in 0.10.0 and IPA can use that version so remove
the local backoff code and just prefer the oslo.service maintained
and supported version instead.
Change-Id: Ifec3490f9e5c68859deff4a951dcdf59caa7ca3a
Fix params order to correspond to real signature:
assertEqual(expected, actual)
Change-Id: I129aad5d8bb7ca0541c07913cb5edd8eef9e90ba
Closes-Bug: #1277104
This patch is a follow up patch fixing some nits left by the review
da9c3b0adc67efa916fc534d975823c0a45948a1, this patch adds the
wwn_with_extension and wwn_vendor_extension root device hints to the
"serializable_fields" list attribute of the BlockDevice class and fixes
some tests.
Change-Id: I6039be535988319276f9ac355c80997d34328ce8
Bring ironic-python-agent in line with the other ironic projects.
Stop ignoring all E12* errors except E129
Stop ignoring E711
Change-Id: Icb9bc198473d1b5e807c20869eb2af7f4d7ac360
Currently we only use these disk properties for root device hints.
However, they'll be really useful for inspector, especially for also
implementing root device hints.
Change-Id: I48aa6b6d2d198d16f2f8e387970f7230066cf8a2
After successful inspection we will know node UUID already, so no need
to do a proper lookup. In the future we might get rid of lookup completely
in this case.
Change-Id: Ic00049bf69f9ecc59ac4e389a3e6afe20ba67aba
* Added NetworkInterface.ip4_address
* Added HardwareManager.get_bmc_address()
* Added Memory.physical_mb
This is total memory as reported by dmidecode, and yes,
it's different from total, as it includes kernel reserved space.
* Added CPU.architecture
As a side effect, get_cpus was switched to lscpu.
Also fixes problem when get_cpus reported the current frequency
instead of maximum one.
Change-Id: I4080d4d551eb0bb995a94ef9a300351910c09fb9
Starts up an agent in a thread and then runs functional tests against
it.
Add the first functional test of the API: a simple test of the
commands API.
Co-Authored-By: Mario Villaplana <mario.villaplana@gmail.com>
Change-Id: If4ad611929d388a2a9454224646cb296bd0ba0ce
