hdparm versions prior to 9.51 interpret the value, NULL, as a
password with string value: "NULL".
Example output of hdparm with NULL password:
[root@localhost ~]# hdparm --user-master u --security-unlock NULL /dev/sda
security_password="NULL"
/dev/sda:
Issuing SECURITY_UNLOCK command, password="NULL", user=user
SECURITY_UNLOCK: Input/output error
Example output of hdparm with "" as password:
[root@localhost ~]# hdparm --user-master u --security-unlock "" /dev/sda
security_password=""
/dev/sda:
Issuing SECURITY_UNLOCK command, password="", user=user
Note the values of security_password in the output above. The output
was observed on a CentOS 7 system, which ships hdparm 9.43 in the
offical repositories.
This change attempts to unlock the drive with the empty string if an
unlock with NULL was unsucessful.
Issuing a security-unlock will cause a state transition from SEC4
(security enabled, locked, not frozen) to SEC5 (security enabled,
unlocked, not frozen). In order to check that a password unlock attempt
was successful it makes sense to check that the drive is in the unlocked
state (a necessary condition for SEC5). Only after all unlock attempts
fail, do we consider the drive out of our control.
The conditions to check the drive is in the right state have been
adjusted to ensure that the drive is in the SEC5 state prior to issuing
a secure erase. Previously, on the "recovery from previous fail" path,
the security state was asserted to be "not enabled" after an unlock -
this could never have been the case.
A good overview of the ATA security states can be found here:
http://www.admin-magazine.com/Archive/2014/19/Using-the-ATA-security-features-of-modern-hard-disks-and-SSDs
Change-Id: Ic24b706a04ff6c08d750b9e3d79eb79eab2952ad
Story: 2001762
Task: 12161
Story: 2001763
Task: 12162
Currently the generic hardware manager uses dmidecode to get the
total physical memory and system details. This patch switches the
generic hardware manager to use lshw, as it is capable of reading
more than DMI [0]. This enables systems that do not support DMI
to use the generic hardware manager, such as IBM Power systems.
[0] https://github.com/lyonel/lshw/blob/master/README.md
Closes-Bug: #1715790
Change-Id: Ie370331df6bb5ef131c5cb60f458877e2a7ad71a
Depends-On: Idaf05b8efce28cd0cbf339cf693db4f55a693d9b
This is the followup patch for
commit d0a53149f82a3587515a4371f0f4cad8570dc715) fixing
issues with the unit tests not addressed initially.
Change-Id: I7889bf908bcb64b79bf303c6ae356fd3f4e94a83
This fixes an off-by-one error in a warning message.
This is a follow-up to 3189c16a5e95ade468fa8bc37302eb9979f5a8c9.
Change-Id: I89b56974c1b919f4c03498873d3ce9860d5644c5
Related-Bug: #1670916
This patch is changing the _wait_for_disks() method behavior to wait to
a specific disk if any device hints is specified. There are cases where
the deployment might fail or succeed randomly depending on the order and
time that the disks shows up.
If no root device hints is specified, the method will just wait for any
suitable disk to show up, like before.
The _wait_for_disks call was made into a proper hardware manager method.
It is now also called each time the cached node is updated, not only
on start up. This is to ensure that we wait for the device, matching
root device hints (which are part of the node).
The loop was corrected to avoid redundant sleeps and warnings.
Finally, this patch adds more logging around detecting the root device.
Co-Authored-By: Dmitry Tantsur <dtantsur@redhat.com>
Change-Id: I10ca70d6a390ed802505c0d10d440dfb52beb56c
Closes-Bug: #1670916
When inspecting block devices on a node, discover and
report the /dev/disk/by-path/XXX name along with the
/dev/XXX block device name.
The second name does not change between Linux system
reboots and has greater chances to be the same across
similarly configured nodes.
Note: this patch depends on
https://review.openstack.org/#/c/500524/
library patch, but this dependency can't be expressed
with Depends-On clause. Therefore once this patch
requires a followup patch to enable one currently disabled
test in this patch.
Change-Id: I09874f19890500d352521f89573e2aaf50a29022
Closes-Bug: #1679726
It seems to be incorrect at least for some iLO machines.
Also harden the code against invalid output from ipmitool.
Change-Id: I733785e9c7d86eadca963f0776910504bf91bcfe
Closes-Bug: #1714944
It may happen that BMC is configured to use non-zero channel.
In this case we should iterate across all of them as long as we
get a correct IP address (in this case different than "0.0.0.0"
which is a placeholder for not configured console).
Change-Id: I3c351af1882b24c8f56e4363249b19b5c3a4a446
Closes-Bug: #1702514
This change removes the now unused "warnerrors" setting,
which is replaced by "warning-is-error" in sphinx
releases >= 1.5 [1].
[1] http://lists.openstack.org/pipermail/openstack-dev/
2017-March/113085.html
Change-Id: I9bf18ff72f36dfd3496b9672604e8bb98999b133
Currently, get_bios_given_nic_name logs 'biosdevname not found' for
every NIC. This patch changes it to log only once when the executable
is not found.
Removes a redundant 'return' statement.
Change-Id: Ic42ec23876b6f7b28d8f6ac1bd37bdbfa20cf421
Adds an extra field ``biosdevname`` to network interface inventory
collected by ``default`` inspection collector (which collects the whole
inventory returned by hardware manager) of ironic-python-agent.
This feature requires biosdevname utility to collect the bios given NIC
names. The tooling module for tinyIPA is created for the same purpose.
For CoreOS IPA pxe images, biosdevname tooling module is limited,
because Docker repository is created and embedded into CoreOS pxe
images. The Docker repository uses debian to download the packages.
Debian does not have biosdevname package.
Adds an export variable TINYIPA_REQUIRE_BIOSDEVNAME. Set this
variable to ``true`` in your shell before building tinyIPA.
Closes-Bug: #1635351
Change-Id: Ia96af59e2a74868cac59e5a88cfbb3be60d85687
Removes two reserved fields ``switch_port_descr`` and
``switch_chassis_descr`` that were deprecated in the Newton cycle.
Change-Id: Icd2251af63a69d60d1e72eddf651a168fdae94fa
If there is a problem with psutil failing we have a catch-all
exception. Explain reasoning for the catch-all exception.
Change-Id: Id2e22e4ff93d96c795f474e72a684dfe3db87a58
Global requirements was recently updated to force psutil=>3.0.1. This
patch removes support for older versions of psutil as well as changing
to opportunistically attempt to work if a version >5 is released but
doesn't change the interface we use.
Change-Id: I1f7fab33fd275fb8b5cd7704dc13375402756d06
Related-bug: #1659137
An upper-constraints update to psutil caused IPA to start using psutil
5.0.1. We had a hard-coded assumption that psutil would be major version
1 or 2. This allows us to use the updated psutil and attempts to simply
fail gracefully if an unrecognized psutil version is used.
Change-Id: Ibe072440159561b34a29b478d955876e5fb7f103
Closes-Bug: 1659137
This patch adds a new hardware manager, which will disable the embedded
LLDP agent on Intel CNA network cards in order to allow the gathering of
LLDP data during the inspection process.
Change-Id: I572756ac6a7bf67a7f446738ba9d145e1c1bdc48
Closes-Bug: #1623659
This patch is adding a "hctl" attribute to the BlockDevices. HCTL stands
for: Host, Channel, Target and Lun, which is basically the SCSI address.
The idea behind this patch is to allow root device hints to find the
disk for deployment based on the SCSI address.
Partial-Bug: #1648036
Change-Id: If8897c68609e0df0378ee919b803ca5e497def02
This patch add Mellanox Manager to support Mellanox
InfiniBand NICs.
It adds client_id to the NetworkInterface for the
InfiniBand network interface.
The Mellanox Manager provides it own implementation of
get_interface_info. The mlnx get_interface_info generate
InfiniBand MAC and client-id from the InfiniBand network
interface address.
Closes-Bug: #1532534
Change-Id: I4e7f7649a1bdeaa3ee99b2748037b0f37fea486c
This patch dispatches out the network_interface_info
to allow vendor hardware managers to plug the spacific
implementation. It also move neworking releated methods
form hardware to netutils
Related-Bug: #1532534
Change-Id: Idcd25c4753c009b5ba70bea97ee4eb83391a77a9
Use hacking 0.12.0
Use the new checks that are available:
[H106] Don’t put vim configuration in source files.
[H203] Use assertIs(Not)None to check for None.
[H904] Delay string interpolations at logging calls.
Fix code so tests pass.
Change-Id: If22ad272c332f30624ce10861408d377908b152b
Depends-On: I2aa44b62f900d4dfd67701b01eadd0523fbfaf07
This patch is updating IPA to use the match_root_device_hints() method
provided by ironic-lib version 2.2.0.
Partial-Bug: #1561137
Depends-On: I1d9dc7a57ea391a3419710c289242b39a4201463
Change-Id: Id93dd0360137df600f5a656348279e56c6b84bf9
In Python 2.6 it was required to use {0}, {1}...{n} when using the
string format function. In Python 2.7 and Python 3 it it not required.
Change {N} to {} in code.
This brings the code in style alignment with other projects like
ironic and ironic-lib.
Change-Id: I81c4bb67b0974f73905f14b589b3dd0a7131650d
Depends-On: I8f0e5405f3e2d6e35418c73f610ac6b779dd75e5
This patch is adding a new cleaning step called "erase_devices_metadata"
to the GenericHardwareManager. This step is responsible for erasing the
metadata of the disks present in the node (partition tables, signatures,
filesystem identifiers etc...).
It's important to note that the "erase_devices" cleaning step will also
remove all these metadatas (because it will zero/shred the whole disk)
but, it takes a lot of time to run and for some usages of Ironic only
cleaning the device metadata and leaving the data from previous tenants
on the disk after the machine is recycled is fine. That's the use case
for systems using Ironic just to install the same base image onto many
nodes which will run another cloud on top afterwards (TripleO).
The new cleaning step has a default priority of 99, so it should run
before the "erase_devices" cleaning step so that we can guarantee that
the metadata was removed even in case of a failure when cleaning the
disks.
The version of the GenericHardwareManager was bumped to "1.1" with the
addition of this new clean step.
This patch make use of the "destroy_disk_metadata" method from ironic-lib
to get rid of the metadata.
Closes-Bug: #1603411
Change-Id: I3d7b39d5ee3e03ce63185e4168b1ac954a896c93
Address some comments on the original review, mainly changing
the release note to be more specific.
Change-Id: I0af397fab174e4a7b426fdc69e50dffce5578577
Per Doug's email[0], 'warnerrors' in setup.cfg hasn't actually been
working for some time now, and we've piled up a few warnings. Fix these
before a pbr release to unbreak it gets pushed out and breaks our doc
builds.
[0] http://lists.openstack.org/pipermail/openstack-dev/2016-June/097849.html
Change-Id: I6576a56234918febb21e7e4860544eb952123c09
When matching the root device hints passed to Ironic and the devices
present in the disk, the logic to the "size" attribute was different was
outside the main loop. This patch refactors that uses the same loop for
matching the size attribute, improving a little the readability.
This patch also makes sure that we convert the value of "size" to
integer before attempting to match it.
Change-Id: I619153232b9b58696369185ad5be90ccfd38a4ed
It is required to issue iscsistart -b on those hardware in order for
/dev/sda /dev/sdb etc to be exposed to the OS.
On this type of hw, without the fix
introspection fails with - missing: ['local_gb']' err.
Change-Id: If6667b123e9b890d97c03612596fb78ee2b0ae85
Closes-Bug: 1590606
This patch is extending the root device hints to also consider if a disk
is a rotational device or not. This hint makes it easier to separate
SSDs and HDDs when selecting the device to deploy the image onto.
Partial-Bug: #1599517
Change-Id: I270fe57df825929bdef7911b3a6757cf7163a5f1
Documentation follow-up to the LLDP patch, commit
a7f0af722f96950e3bf67e26b922f80c1bd503ab. Provide the meaning of the
acronymns TLV and LLDP.
Change-Id: Icce3eb5519dfcfc9b6f7e23003cf056646da6c50
To support multi-tenant networking in Ironic we need to be able to
discover not just the NICs a baremetal machine has but also the physical
connectivity to switches in the network.
This patch collects LLDP (Link Layer Discovery Protocol) data as part of
the list interfaces stage of the generic hardware manager. This
information can then be processed by the ironic inspector to populate
the local link information on each ironic port.
The processing done on this data in ironic python agent is limited, this
is to allow for server side processing hooks to process as much or as
little of the data as they want. This is to allow for multi-vendor
environments that might use different parts of the LLDP packet to use a
generic ramdisk and configure the processing server side using inspector
plugins.
Reserved fields switch_port_descr and switch_chassis_descr have been
deprecated for removal in Ocata in favor of passing the whole packet.
Change-Id: Idae9b1ede1797029da1bd521501b121957ca1f1a
Partial-Bug: #1526403
https://review.openstack.org/#/c/320295/ introduced two internal
variables: _DISK_WAIT_ATTEMPTS and _DISK_WAIT_DELAY. These values are
hardcoded. This patch adds configuration options for these so
that an operator can change them based on their own needs/fleet of
hardware.
Change-Id: I2ba97669ec710fb4a435307466cd8add9c2293ba
Closes-Bug: #1585663
These flags will be processed in a new ironic-inspector plugin
to support setting capabilities like cpu_vt (virtualization enabled).
Change-Id: I5fe9310c316841eabdd2d5e2ef2ae30afa03d29a
Partial-Bug: #1571580
Adds a new BootInfo object with 2 fields:
* current_boot_mode - bios or uefi, detected from presence of /sys/firmware/efi
as per the following answer: http://askubuntu.com/a/162896
This field will be used for setting the boot_mode capability in ironic-inspector
* pxe_interface - PXE booting interface, if it can be detected.
This fields is already used by ironic-inspector, added here for consistency.
Change-Id: Ib36b592ffaba3bfa055d65c9526607867d302584
Partial-Bug: #1571580
In order to support a more complex syntax for root device hints (e.g
operators: greater than, less than, in, etc...) we need to stop relying
on the kernel command line for passing the root device hints. This patch
changes this approach by getting the root device hints from a cached
node object that was set in the hardware module.
Two new functions: "cache_node" and "get_cached_node" were added to the
hardware module. The idea is to facilitate the access to a node object
representation from the hardware extension methods without changing
method signatures, which would break compatibility with out-of-tree
hardware managers.
Note that the new "get_cached_node" is just a guard function to
facilitate the tests for the code.
The function parse_root_device_hints() and its tests were removed since
it's not used/needed anymore.
Partial-Bug: #1561137
Change-Id: I830fe7da1a59b46e348213b6f451c2ee55f6008c
Some kernel modules take substantial time to initialize. For example,
with mpt2sas RAID driver inspection and deployment randomly fail
due to IPA starting before the driver finishes initialization.
This problem is probably impossible to solve in a generic case, as
modern Linux environment do not have a notion of "hardware is fully
initialized" moment. All hardware is essentially hotplug.
To solve it at least for the simplest case, this patch adds a wait loop
on start up waiting for at least one suitable disk to appear in inventory.
Note that root device hints are not considered, as the node might not
be known at that moment yet.
Change-Id: Id163ca28f7c140c302ea04947ded3f3c58b284de
Partial-Bug: #1582797
I would've voted -1 on the patch in question had I reviewed it, and per
standard OpenStack/Ironic procedure, I'm reverting it for re-review and
discussion.
In this case; I don't think the new method in the HWM interface is
needed, and that evaluate_hardware_support() is intended to handle the
cases handled.
This reverts commit 0962cae1da69a1a2981d5950ad741d91115dac06.
Change-Id: Ic08e44bdf116403444b257ee9f4e5b906f5eac53
Some kernel modules take substantial time to initialize. For example,
with mpt2sas RAID driver inspection and deployment randomly fail
due to IPA starting before the driver finishes initialization.
Add a new hardware manager method initialize_hardware, which gets
run on start up before other hardware manager method invocations.
The generic implementation is to call udev settle and wait for
at least one suitable disk device to appear with the hardcoded
timeout of 15 seconds. Also preload the IPMI modules instead of
calling modprobe every time the inventory is requested.
Change-Id: If7758bb6e3faac7d05451baa3a26adb8ab9953d5
Partial-Bug: #1582797
