The proposed changes concern two steps:
First, when creating the RAID configuration, have a GPT partition
table type (this is not necessary, but more natural with UEFI).
Also, leave some space, either for the EFI partitions or the BIOS
boot partitions, outside the Software RAID.
Secondly, when installing the bootloader, make sure the correct
boot partitions are created or relocated.
Change-Id: Icf0a76b0de89e7a8494363ec91b2f1afda4faa3b
Story: #2006379
Task: #37635
If an md device is restarted, there is a chance, depending
on the OS, that the partition may not be found upon start
of the md device.
Instead, we should always rescan after re-assembling the raid
device.
Story: 2007275
Task: 38712
Change-Id: I92bac20812940e04381a54ef2905ef5f6e293813
Fixes errors that were being raised upon restarting the agent
directly written out software raid images as the raidset is
restarted for device consistency and partition updates later
on in the code path of deployment.
Story: 2007455
Task: 39187
Change-Id: I9abf51eb77b262932e70329af5ce1593106a3171
Somewhat common are dual boot images that have both a MBR loader
and the contents required for a UEFI boot, as largely the pointer
to where to begin reading the rest of the boot loader occurs in
the first few hundred bytes on disk which redirects the disk to
begin reading from a known address.
This goes sideways on UEFI machines where this method of booting
is not recognized nor supported. Thus we need to return false when
we encounter this state.
Change-Id: I8c0b42bb71b9e26ed7fec8894e21ce7fc06b94a1
Story: 2007455
Task: 39133
Let's use the crypt to generate the salt, the crypt.crypt
can handle the generation of the salt if we don't pass.
Change-Id: I63fca663940e44924a201b166bdd79d8f7710bee
Story: 2007443
Task: 39103
With the fix to the uefi code path so secure boot works properly
and is not accidently stomped on, we forgot to rescan the device
and force the partition table to update, which is vital for iscsi
based deploys.
Depends-On: https://review.opendev.org/706960
Change-Id: Ic2f338be075e93a2ce8c76c706d37db9bf8792ea
Story: 2007276
Task: 38713
Attempt to sync the clock and save it to the hardware clock.
This feature supports use of chrony or ntpdate.
Sem-Ver: feature
Change-Id: I178d7614429d582e742d9cba6d0fa3ae099775e3
Story: 1619054
Task: 11591
Current checking on md5 checksum field is a bit strict after we
have alternate hashing algorithm support from glance, this
patch ignores None value md5 checksum if it exists.
This dosn't provide any use to end users but maybe provide
convenience on internal logic.
Change-Id: I89d7ea8ac3464a430141e80be57b743673c3a173
In FIPS 140-2 mode, the underlying operating system will
prevent the loading of certian algorithms for hasing and
encryption. Python hashlib returns a ValueError exception
when the type cannot be instantiated.
This change catches the error and returns a relatively
user understandable reason as to why a failure has occured.
Change-Id: Id1a144b906303caa92ce88793fba8d1b14def738
Story: 2007306
Task: 38788
This patch changes the workflow for whole disk images when using uefi.
If we can identify the bootloader and it's valid we can update using
efibootmgr since grub2-install have problems specially on secure boot
mode.
We also updated the regex to search for the uefi partition on the disk,
since in some cases the parted command output can be without the FS
for the partition with esp Flag.
Change-Id: I7167e71e5d2352a045565289b200e5530d0ba11d
Story: #2006847
Task: #37435
WSME is no longer maintained and Pecan is an overkill for our (purely
internal) API. This change rewrites the API in Werkzeug (the library
underneath Flask). I don't use Flask here since it's also an overkill
for API with 4 meaningful endpoints.
Change-Id: Ifed45f70869adf00e795202a53a2a53c9c57ef30
Rather than assuming that the root fs is in the first partition
of the deployed image, use the UUID passed from the conductor.
Change-Id: Ie2299372e94386902e0a8be0597250ec52e1fec9
Story: #2006649
Task: #36887
Depends-on: https://review.opendev.org/686580
Since we've dropped support for Python 2.7, it's time to look at
the bright future that Python 3.x will bring and stop forcing
compatibility with older versions.
This patch removes the six library from requirements, not
looking back.
Change-Id: I4795417aa649be75ba7162a8cf30eacbb88c7b5e
Fixes regression in commit 9f8fa2853af00045118ccd44180e7053e6d027af:
utils.execute returns unicode by default, but this data is binary.
Change-Id: I5b54c1f6cfac5fff672245c523b9fb647478edbd
Lets not do silly things and if the disk looks bootable,
and we're not trying to do UEFI, then let us assume the
proper thing will occur upon power-up.
Looks at the boot sector data and if an executable is
found in the first 218 bytes, then it bypasses loading
a boot loader.
Also adds a dependency on the "file" linux distribution
package.
Change-Id: I11bc26670a08ee13174a43d7cd0f1ab9c1bd35cf
Story: 2006474
Task: 36410
In some cases, where the rts library is not installed, IPA
was recently changed to try and tear down the local side of
the iscsi connection by trying to tear down bond and target
being offered. The whole attempt with this is to ensure that
no disk locks are in place which can prevent partition table
updates.
Since we added this logic, in some cases these commands can
fail and cause the deployment process to fail when it would
have otherwise succeeded. As such, suppress the errors.
Change-Id: I0e04936ad337b394dd68e9b0396a9f1203218f9f
When deploying an image to a software raid array, it is currently
required that the deployed image assembles the md arrays automatically
so that the rootfs can be mounted. In order to remove this
requirement/limitation on the deployed image we can add rd.md.uuid to
the kernel command line with the raid array's uuid.
Story: 2006648
Task: 36884
Change-Id: I42cb198753ecd84b7eaef6b5aa7c2064535bfe0e
Falls back to attempt to use findfs to locate
a UUID or PARTUUID match as opposed to trying to
list and enumerate through lsblk output.
Can confirm that tinycore 8.x's findfs binary works
expected.
Story: 2006724
Task: 37141
Change-Id: I4d488e4a1ab680eb1353b158c3339cb30b056ada
With raid, we were able to observe a condition where
the file is still open for non-exlcusive access which
blocks the software raid from being shutdown... which
is realistically needed to force a rescan in that case.
Change-Id: I8dbfae091267f8af5340ff5ebeebcba375d05542
Adds bandit configuration template and exclude some of
tests that we don't want to fix for the moment.
Keeping job unvoted so that we can keep an eye on possible
issues while not breaking gate.
Change-Id: I092d686ba38723d7951e8f06415f28cc809ad365
Story: 2005791
Task: 33563
The deployment on top of a software RAID goes to the first partition
of the md device. Raise an exception if that partition does not exist.
Follow-up to Ieb2c95ff130b5cc1e643fcde500066d9458ddbec
Change-Id: I2b4c835d57d3888e3325aee40e8319ef8683cd27
This patch proposes to extend the IPA to be able to deploy on
software RAID devices. The IPA needs to be able to detect an
md device, find the underlying holder disks and configure grub
on them.
Change-Id: Ieb2c95ff130b5cc1e643fcde500066d9458ddbec
Story: #2004581
Task: #29102
In stein, ironic added the new os_hash_algo and os_hash_value checksum
fields provided by glance, but the checksum field is still mandatory,
which is inconvenient for standalone use case.
We could relax the checksum checking and proceed as long as there is at
least one of checksum mechanism available.
Change-Id: Ia90197416f76ada0422681044a16f1c07d7049a1
Story: 2005773
Task: 33490
grub-mkconfig runs a lvs command that attempts to access /run/lvm
once for each block device, currently it times out after 10 seconds
for each device and moves on. Multiple 10 second delays become
a problem (causing IPA API timeouts) when multiple block devices
are present. Bind mounting in /run avoids the delay and the
timeouts.
Task: 30616
Story: 2005507
Change-Id: Iae8b7808a35bff121f64971aadd4bd36b5f5bb71
We allow image_source to be a URL, let us also support URLs for checksums.
This change copies handling of multi-file checksum files from metalsmith.
Change-Id: Ie4d7e5c79b76bdd72d50eeb384cf10519278a80c
Story: #2005061
Task: #29605
This patch adds code that tries to read the partition table after we've
successfully written an image to make sure the image that we wrote has a
valid partition table so we can more easily guarantee that what we've
written is bootable and not just junk. Without a valid partition table
writing a config drive will fail for whole disk images.
Co-Authored-By: Dmitry Tantsur <dtantsur@redhat.com>
Change-Id: I5cfd8c433a4db3e0d2d5086250e629d16234b7a4
Story: 2001760
Task: 12159
Currently we support streaming raw whole disk images, but not
partition ones. This change enables it.
Change-Id: Ie95102aa3f2054a6b429f3d3e0926e90923c5faf
Story: #2003809
Task: #26558
Adds enhanced checksum support to IPA, when os_hash_algo and os_hash_value
are passed in via image_info, it will be used to calculate image checksum
and verification.
In other cases, the old md5 checksum is used.
Change-Id: I1d2f33e7059910326b4ac3f7786543b333a93a5a
Story: 2003938
Task: 26846
Installs the grub bootloader to the PreP Boot partition when the
prep_boot_partition_uuid is provided. This is required when
booting a partition image locally on ppc64* systems.
This change also passes the cpu_arch along to work_on_disk so
that the PReP partition is created when partitioning disks for
local boot on ppc64* systems,
Change-Id: I70667d43af962b357e6eeccba258f4fa5a91a09e
Depends-On: I2bc9f13ec605de7b7b96d96a1a4edebee0af76dc
Story: #1749057
Task: #22999
