Request class from Werkzeug now includes json capability by default.
See [1] and [2] for more info.
[1] 2cd4fa9484
[2] 7b52ecd8f3
Change-Id: I3c74b26ef4aff07c371364203a5b39c658b552a7
This is very convenient for debugging and is something ironic and
ironic-inspector already do.
Register SSL options earlier so that they're accounted for.
Change-Id: I56aca8eec1dfeb065ac657452a7076a9e3d17cc3
Adds a new flag (on by default) that enables generating a TLS
certificate and sending it to ironic via heartbeat. Whether
ironic supports auto-generated certificates is determined by
checking its API version.
Change-Id: I01f83dd04cfec2adc9e2a6b9c531391773ed36e5
Depends-On: https://review.opendev.org/747136
Depends-On: https://review.opendev.org/749975
Story: #2007214
Task: #40604
This change enables operators to set [DEFAULT]listen_tls to
true configure IPA to be host its WSGI server over TLS using
existing SSL support in oslo.service.
In addition to configuring this in IPA, a deployer will need to
also set [ssl]cert_file, [ssl]key_file, and optionally
[ssl]ca_file in their ipa config, in addition to embedding those
files into the IPA ramdisk in order for this to be functional.
In order to make this change work, we also need to monkey patch
socket library early, or else oslo.service will end up passing an
unpatched socket to the eventlet wsgi server, which causes
deadlocks.
Change-Id: Ib7decae410915f3c27b045ee08538c94d455b030
The listen_port and listen_host directives are intended to allow
deployers of IPA to change the port and host IPA listens on. These
configs have not been obeyed since the migration to the oslo.service
wsgi server.
Story: 2008016
Task: 40668
Change-Id: I76235a6e6ffdf80a0f5476f577b055223cdf1585
Adds support to the agent to receive, store, and return
that token to ironic's API, when supported.
This feature allows ironic and ultimately the agent to
authenticate interactions, when supported, to prevent
malicious abuse of the API endpoint.
Sem-Ver: feature
Change-Id: I6db9117a38be946b785e6f5e75ada1bfdff560ba
The change in frameworks with the API changed the overall execution
behavior from single threaded serialized execution threaded to
multithreaded through eventlet.
But we signaled ourselves to wait for the API to stop, but never
actually stopped the API.
As setting the flag to stop the API is a hard notification that
the API must now exit, there is no reason to wait and block exit,
hence the simple nature of this change.
Now the threads should exit, IPA should exit, and rescue should
ideally work.
Change-Id: I3faf2d169d4edac6a2321f8649bb9ce478885ea1
Story: 2006998
Task: 37768
WSME is no longer maintained and Pecan is an overkill for our (purely
internal) API. This change rewrites the API in Werkzeug (the library
underneath Flask). I don't use Flask here since it's also an overkill
for API with 4 meaningful endpoints.
Change-Id: Ifed45f70869adf00e795202a53a2a53c9c57ef30
This patch adds code into the tinyipa build process and IPA itself to
allow the required python code to be PYTHONOPTIMIZE precompiled into
pyo files, this speeds up IPA startup time in a nested virt by 50%.
Change-Id: Ib60c420719ea52a602c1752b572d3b217c2cefc7
