I have a case where a user provided the checksum URL with SHA256
checksums, while Metal3 defaulted os_hash_algo to "md5". We're going
to change the Metal3 defaults in the next API version, but for now let
us issue a clear warning in such case.
Closes-Bug: #2085331
Change-Id: Ie4e62a378dc4a2089944f4302df3a8671b7c960f
(cherry picked from commit d8d32d93bd9fd0a9e759f7babe5db6fa804626de)
(cherry picked from commit aa01777ca8e4de7822bd8263ad85a0669bafbf55)
This causees a linting failure, and the equivalent of this rule was
removed later in I64909aa932635b729cc85717dc241ae31798b558
Change-Id: Id8e1a0901090f062ff36101f07acafe01a98a67b
This is a backport of two changes merged together to facilitate
backporting:
The first is a refactor of disk utilities:
Import disk_{utils,partitioner} from ironic-lib
With the iscsi deploy long gone, these modules are only used in IPA and
in fact represent a large part of its critical logic. Having them
separately sometimes makes fixing issues tricky if an interface of
a function needs changing.
This change imports the code mostly as it is, just removing run_as_root and
a deprecated function, as well as moving configuration options to config.py.
Also migrates one relevant function from ironic_lib.utils.
The second is the fix for the security issue:
Inspect non-raw images for safety
When IPA gets a non-raw image, it performs an on-the-fly conversion
using qemu-img convert, as well as running qemu-img frequently to get
basic information about the image before validating it.
Now, we ensure that before any qemu-img calls are made, that we have
inspected the image for safety and pass through the detected format.
If given a disk_format=raw image and image streaming is enabled
(default), we retain the existing behavior of not inspecting it in
any way and streaming it bit-perfect to the device. In this case, we
never use qemu-based tools on the image at all.
If given a disk_format=raw image and image streaming is disabled, this
change fixes a bug where the image may have been converted if it was not
actually raw in the first place. We now stream these bit-perfect to the
device.
Adds two config options:
- [DEFAULT]/disable_deep_image_inspection, which can be set to "True" in
order to disable all security features. Do not do this.
- [DEFAULT]/permitted_image_formats, default raw,qcow2, for image types
IPA should accept.
Both of these configuration options are wired up to be set by the lookup
data returned by Ironic at lookup time.
This uses a image format inspection module imported from Nova; this
inspector will eventually live in oslo.utils, at which point we'll
migrate our usage of the inspector to it.
Closes-Bug: #2071740
Co-Authored-By: Dmitry Tantsur <dtantsur@protonmail.com>
Change-Id: I5254b80717cb5a7f9084e3eff32a00b968f987b7
It is not a valid check to import the hwm without it being loaded into
IPA first, as objects such as the configuration object won't be loaded
yet.
Change-Id: Icf20e71e8061bb886885c1b2e29bd13ccac37ade
(cherry picked from commit ba5c1bfe2abc7ee5891d7ec56489c15e63e9a413)
Fixes an issue where we could call evaluate_hardware_support multiple
times each run. Now, instead, we cache the values and use the cache
where needed.
Adds unit test coverage for get_managers and the new method.
Fixes issue where we were caching hardware managers between unit tests.
Closes-bug: 2066308
Change-Id: Iebc5b6d2440bfc9f23daa322493379bbe69e84d0
(cherry picked from commit c39517b04479df1aeaf96402840238236870fa74)
If this seems like deja vu, that is because it is. We had this
very same issue with the original CoreOS ramdisk. Since we don't
control the whole OS of the ramdisk, it only made sense to teach
the agent to umount the folder.
The folder is referenced already, and the agent does have safeguards
in place, but unfortunately this issue led to a rebuild breaking where
cloud-init, glean, and the agent were all trying do the right thing
as they thought, and there were just multiple /mnt/config folders
present in the OS. These are separate issues we also need to try and
remedy.
What happens is when the device is locked via a mount, the partition
table is never updated to the running OS as the mount creates a lock.
So the agent ends up thinking, in the case of a rebuild, that everything
including creating a configuration drive on that device has been
successful, but when you reboot, there is no partition table entry
for the new partition as the change was not successfully written.
This state prevented the workload from rebooting properly.
This change eliminates that possibility moving forward by attempting
to ensure that the cloud configuration folder is no longer mounted.
Change-Id: I4399dd0934361003cca9ff95a7e3e3ae9bba3dab
(cherry picked from commit 6ac3f350c049d9dc62c941702c20e67eff2c20a1)
Update the URL to the upper-constraints file to point to the redirect
rule on releases.openstack.org so that anyone working on this branch
will switch to the correct upper-constraints list automatically when
the requirements repository branches.
Until the requirements repository has as stable/2024.1 branch, tests will
continue to use the upper-constraints list on master.
Change-Id: I134abf6cff0579f501873df5b0a4de0b82c612fc
... based on the change made in reno recently[1].
Also the overall regex is updated to be more consistent with the regex
used in ironic.
[1] https://review.opendev.org/c/openstack/reno/+/910547
Change-Id: I362de82fb5478b846df7a343da02a359f5f7dece
IPA still has 3 occurences of not_called() which are failing for me
when building the Ironic Debian package in Debian Unstable (ie: with
Python 3.12).
This patch uses assert_not_called() instead of not_called(), fixing
the problem.
Change-Id: I8bd27fa706b298b28ef5bef405134a2c9803d757
The tox deps option grants installation of single dependencies and
requirements, optionally pinned using constraints, before installing
a package, therefore not granting installation of the correct
constraint during the package installation.
To fix that tox 4.4.0 has introduced the constrain_package_deps
option [1]
[1] https://tox.wiki/en/4.12.1/faq.html#using-constraint-files
Change-Id: I770e55db5d6f53174c490749d27830f9209e98cc
The new implementation can return it when unable to lock the node.
Other possible errors are 400 and 404 (should not be retried), as well as
5xx (already retried).
Change-Id: I74c2f54a624dc47e8e2d1e67ae4c6a6078e01d2f
IPA can only be run as root and does not use rootwrap. We need to
eventually remove support for rootwrap from ironic-lib.
Change-Id: Iffd5cae5e3dc8637bc6dd10b3bcc9fe33932b8cf
IPA reports a few cpu fields including cores, arch, flags etc.
There is a need that user wants to utilize the physical number in
a baremetal since cores are just a logical representation of the
compute resource.
The socket number is more suitable for the quota control in some
use cases.
Change-Id: I94be86d6b12a3a7e7ca1041d948427a073412a31
As per the current release tested runtime, we test
till python 3.11 so updating the same in python
classifier in setup.cfg
Change-Id: I699e08c268040d387b91ccca4e6505184d3d1b59
With the new in-band inspection, we can derive the callback URL from
the Ironic URL, there is no need to duplicate it. This change uses
the presence of collectors as a sign to run inspection.
The previous approach of setting an inspection URL, with or without
explicitly setting collectors, still works for compatibility with
ironic-inspector.
Change-Id: Ie4279ee6d2995c9686f1dcdef1d6e5dc1dd20871
Allows nodes with a single IP stack to be deployed from a dual-stack
Ironic.
Detecting advertised address and usable Ironic URLs are done completely
independently which does open some space for a misconfiguration. I hope
it's not likely in the reality, especially since this feature is
targetting advanced standalone users.
Change-Id: Ifa506c58caebe00b37167d329b81c166cdb323f2
Closes-Bug: #2045548
Somehow, it has worked correctly for years, but now I've discovered that
the new inspection is (no longer?) tolerant to the missing header.
While here, copy all headers from the heartbeat code.
Change-Id: I9e5c609eb4435e520bc225dea08aedfdf169744b
Update various linting programs to their latest version, and fix any
issues created by the update.
Change-Id: I014c846560663a76a1663b568ef48659d0ab6d4d
Adds a tox target for codespell, `tox -e codespell`. Can optionally
be run as `tox -e codespell -- -w` to get automatic spelling fixes
applied where appropriate. Adds small amounts of configuration to
setup.cfg, including an ignore list of words.
Related-bug: #2047654
Change-Id: I98203b02a9c6b6fc36edd6b4bbcc7c92a634da8b