Allows nodes with a single IP stack to be deployed from a dual-stack
Ironic.
Detecting advertised address and usable Ironic URLs are done completely
independently which does open some space for a misconfiguration. I hope
it's not likely in the reality, especially since this feature is
targetting advanced standalone users.
Change-Id: Ifa506c58caebe00b37167d329b81c166cdb323f2
Closes-Bug: #2045548
This reverts commit 33f01fa3c2f32f447ed36f00fea68321c3991c2e.
There are a few issues with the patch - see my comments there.
The most pressing and the reasons to revert are:
1) It breaks deployments when the vmedia is present but does not
have a network_data.json (the case for Metal3).
2) It assumes the presence of Glean which may not be the case.
Neither Julia nor myself have time to thoroughly fix the issue,
leaving a revert as the only option to unblock Metal3.
Change-Id: I3f1a18a4910308699ca8f88d8e814c5efa78baee
Closes-Bug: #2045255
When performing DHCP-less deployments, the agent can start and
discover more than one configuration drive present on a host.
For example, a host was previously deployed using Ironic, and
is now being re-deployed again.
If Glean was present in the ramdisk, the glean-early.sh would end
mounting the folder based upon label.
If cloud-init, somehow is still in the ramdisk, the other folder
could somehow get mounted.
This patch, which is intended to be backportable, causes the agent
to unmount any configuration drive folders, mount the most likely
candidate based upon device type, partition, and overall state of
the machine, and then utilize that configuration, if present,
to re-configure and reload networking.
Thus allowing dhcp-less re-deployments to be fixed without
forcing any breaking changes.
It should also be noted that this fix was generated in concert
with an additional tempest test case, because this overall failure
case needed to be reproduced to ensure we had a workable non-breaking
path forward.
Closes-Bug: 2032377
Change-Id: I9a3b3dbb9ca98771ce2decf893eba7a4c1890eee
_early_log prints to stdout, which is fine in some cases,
however in other cases it gets lost in the shuffle of process
launch by things like systemd.
Lets try to save everything, and re-log it so it is easy to
debug early issues.
Change-Id: I334a9073d17cccec4c669fae82edc3e388debc5c
IPA standalone mode is a developer-only option, and if enabled
accidentally on a production agent could cause undesired behavior.
Developers who need this behavior should build a purpose-built agent,
with standalone hardcoded to True in cmd/agent.py.
Change-Id: Icc67dbe15acbbf6fee886f274d2169a0769a5053
For ramdisk TLS (and other potential future enhancements) we need
to be able to inject configuration and certificates into the ramdisk.
Since we cannot pass files through kernel parameters, we need to
put them on the generated ISO or (in the future) config drive.
This change detects IPA configuration and copies it into the ramdisk
early enough for any configuration files to get picked.
Changed /dev/disk/by-label to blkid since the former may not exist
on all ramdisks (e.g. tinyIPA).
Change-Id: Ic64d7842a59795bbf02f194221dedc07c6b56e8c
This is very convenient for debugging and is something ironic and
ironic-inspector already do.
Register SSL options earlier so that they're accounted for.
Change-Id: I56aca8eec1dfeb065ac657452a7076a9e3d17cc3
Adds a new kernel parameter for manual configuration and also creates
foundation for automatic TLS support later.
Change-Id: If341c3a8a268fc8cab6bd6be04b12ca32b31c8d8
Story: #2007214
Task: #40619
Adds support to the agent to receive, store, and return
that token to ironic's API, when supported.
This feature allows ironic and ultimately the agent to
authenticate interactions, when supported, to prevent
malicious abuse of the API endpoint.
Sem-Ver: feature
Change-Id: I6db9117a38be946b785e6f5e75ada1bfdff560ba
Lookup/Heartbeat via vendor passthru was deprecated in Newton.
This patch removes the corresponding functionality from IPA,
and also removes handling of 'ipa-driver-name' kernel parameter,
as it was only used in code related to old passthru.
Change-Id: I2c7989063ab3e4c0bae33f05d6d2ed857a2d9944
Closes-Bug: #1640533
Use the namedtuple class to improve code readability by creating a Host
class with namedtuple to store the 'hostname' and 'port'
Replace foo[0] with foo.hostname, and foo[1] with foo.port to make code
more readable.
Change-Id: Ie2b5f9cf89e7ccbbcf0a2573dab6f6c5d14c018b
This patch moves the IPA oslo configs out of the agent cmd into their
own module so that it is safe to import them from other places in the
application without causing circular imports.
Change-Id: I100792bd0d1f369763afaa6f93e144e9967c3048
Some kernel modules take substantial time to initialize. For example,
with mpt2sas RAID driver inspection and deployment randomly fail
due to IPA starting before the driver finishes initialization.
As much as I hate it, the only way to guarantee that the hardware is
truely initalized is to wait for it. Apparently all hardware in Linux
is treated as hotplugged, so there is no such thing as "hardware
initialization is finished". Operators can add a sleep based on their
knowledge of their hardware.
The default behaviour remains the same.
Change-Id: I0446ae81d760dacaf31eea6ad9f9eaa098cf5e93
Partial-Bug: #1582797
We hoped that checking /sys/class/net/XXX/carrier will allow us
to not wait for interfaces that are not connected at all.
In reality this field turned out to be unreliable. For example, it is
also set to 0 when interface is down or is being configured.
The bug https://bugzilla.redhat.com/show_bug.cgi?id=1327255 shows
the case when carrier is 0 for all interfaces, including one that is
used to post back data, which is obvious non-sense.
This change removes check on carrier for the loop. To avoid 60 seconds
wait for people with several NIC's, it's changed to only wait for the
PXE booting NIC, which obviously must get an IP address.
This makes IP addresses in the inspection data for other NIC's somewhat
unreliable. A new option inspection_dhcp_all_interfaces is introduced
to allow waiting for all NIC's to get IP addresses.
This change should finally fix bug 1564954.
Change-Id: I8b04bf726980fdcf6bd536c6bb28e30ac50658fb
Related-Bug: #1564954
In the DIB build the DHCP code (provided by the dhcp-all-interfaces element)
races with the service starting IPA. It does not matter for deployment itself,
as we're waiting for the route to the Ironic API to appear. However, for
inspection it may result in reporting back all NIC's without IP addresses.
Inspection fails in this case.
This change makes inspection wait for *all* NIC's to get their IP addresses up
to a small timeout. The timeout is 60 seconds by default and can be changed
via the new ipa-inspection-dhcp-wait-timeout kernel option (0 to not wait).
After the wait inspection proceedes in any case, so the worst downside
is making inspection 60 seconds longer.
To avoid waiting for NIC's that are not even connected, this change extends the
NetworkInterface class with 'has_carrier' field.
Closes-Bug: #1564954
Change-Id: I5bf14de4c1c622f4bf6e3eadbe20c44759da5d66
Bring ironic-python-agent in line with the other ironic projects.
Stop ignoring all E12* errors except E129
Stop ignoring E711
Change-Id: Icb9bc198473d1b5e807c20869eb2af7f4d7ac360
This patch corrects the default ironic api port number to 6385 from
6835. The default value of 'ipa-api-url' is not used in production
environment since conductor and bare metal node have its own IP
address, but could be used in development environment.
Therefor this patch fixes this trivial error.
- default=APARAMS.get('ipa-api-url', 'http://127.0.0.1:6835'),
+ default=APARAMS.get('ipa-api-url', 'http://127.0.0.1:6385'),
Change-Id: Idb85e95b354a68111f94e8cddd5c1b6227e676ef
Adds a new module ironic_python_agent.inspector and new entry point
for extensions, which will allow vendor-specific inspection.
Inspection is run on service start up just before the lookup.
Due to this early start, and due to the fact we don't even know
MAC address of nodes on inspection (to say nothing about IP addresses),
exception handling is a bit different from other agent features:
we try hard not to error out until we send at least something to inspector.
Change-Id: I00932463d41819fd0a050782e2c88eddf6fc08c6
Adding documentation for methods in these files that were missing
docstrings.
Change-Id: I2ad9f85605720ab2295dec3d0436ff0af07847c2
Partial-bug: 1367915
oslo_log wasn't getting the correct config values passed in, so adding
'--debug' to the command line wouldn't enable debug logging.
Added docs about --debug and --standalone (the only two flags I've
seen used/supported).
Change-Id: Ie1ba64992444a65a40f2d65933942153b93e70c1
The function _get_agent_params() parse the parameters passed to the agent
via kernel cmdline or vmedia. Other parts of the code needs to access
these parameters as well, so this patch is moving _get_agent_params()
and the related functions to a common place (utils.py).
Change-Id: I860f84d1d13511fff56d4aa56358ee597a9760d5
All other IPA options are settable via APARAMS (kernel command line
or the kernel commandline-like interface provided by virtualmedia).
Being able to set this at PXE time allows for operators to boot
and functionally test new agent images without having to recompile
post testing (to change standalone setting).
Change-Id: Ie796a98c995704db09945b6f890e9bf4d07eaa1a
Closes-bug: 1426546
oslo.conifg 1.6.0 has moved its namespace from old
oslo.config to oslo_config
requirements has updated to oslo.conifg 1.6.0
Change-Id: I16b8dc680f8a7697b7fbbd888f5162d924b4c0fe
This allows a developer to run IPA without an Ironic API. This can
be useful for testing (especially functional testing) or testing
integration of things like hardware managers.
Change-Id: I2dc49fbe306430bf5b05a36fe56de5275fc128b2
Provides a function to listen for LLDP packets on the network.
Listens on one or all of the network interfaces, and then parses the found
packets.
Change-Id: I1545a41f46cd0916aab9c43ce036865454fa66e0
Co-Authored-By: Josh Gachnang <josh@pcsforeducation.com>
Update openstack/common files and use oslo.utils, oslo.concurrency
instead of modules from oslo-incubator.
Additionally, sort and set requirements.txt to correct versions in
openstack/requirements in order to ensure pep8 passes.
Change-Id: I15f88a31a4c889bba27cd0cd1c7fc481c0c0b51e
Renamed _get_kernel_params() to _get_agent_params() and
appropriate module-level attribute KPARAMS to APARAMS.
Updated agent tests to match new function name.
Change-Id: I4cdf1defee7487785967a092c81c906d40bf3214
Closes-Bug: #1367917
Config options containing "-" don't work when reading
configuration from a file; change these to "_". Leave
the old options for backwards compatibility.
Closes-Bug: #1386486
Change-Id: Ie10a548191effa2a505309d9d4ee32003f9676a2
Added missing docstrings and improved existing docstrings for every
method in cmd/agent.py
Change-Id: Ib8dbbf70bca139a43d75d59fb09dce899466e888
Partial-bug: 1367915
This commit adds support for booting IPA from virtual
media cdrom. When IPA is booted over virtual media cdrom,
the parameters to the IPA are passed in a text file within
the virtual media floppy.
Change-Id: Ia04585416aada85022af73fb2b945bd3895606f0
Closes-Bug: #1358723
During the first heartbeat, the heartbeater asks the agent to check
its advertised address; if the advertised IP is still the default
(None), the agent tries to replace it with the IP of the first network
interface it finds. If it fails to find either a network interface or
an IP address, the agent raises an exception.
Change-Id: I6d435d39e99ed0ff5c8b4883b6aa0b356f6cb4ae
Closes-Bug: #1309110
Use oslo.config instead of argparse for CLI parsing. As a side effect,
a bunch of logging arguments including --debug become available with
this change.
Change-Id: Ia8c4e91448f2a8cb15eb570125ac9c236e13274c
The parameters sent to `prepare_image` changed in
https://review.openstack.org/#/c/86490/
This patch brings `prepare_image` up to date with that change.
It also changes the way configdrive is written to disk, to match
that Ironic is now allowing Nova to build an ISO partition and
send the raw image to the agent.
This patch also swaps out subprocess.call for processutils.execute
in the standby module, since the commands were being changed anyway.
Lastly, this patch changes the expected `hashes` dict to be a
string parameter called `checksum`, to match what glance returns.
Change-Id: Id8af9be920ba51e7e1ce60f4ffd1477e413582c9
Allow configuration via command line arguments or kernel parameters.
Default to agent_ipmitool, the reference driver.
Depends on https://review.openstack.org/#/c/84795/12
Change-Id: I55c4a8713308d038002a6567471cd862bf89ec76
Allow the agent to read arguments from the kernel command line.
Priority is: agent command line, kernel command line, defaults.
Change-Id: Idfd43a8b7fdf6c368cf55d45b32cb7bcfbb56212
Currently, if a single lookup call to the Ironic API fails, the entire
agent errors out and restarts. This allows the agent to retry for a set
amount of time before throwing an uncaught exception forcing a restart.
Change-Id: I39752fb3f42ad3e4f15a49194f1554e1d3463cf8
Closes-Bug: 1297019
