e303a369dc
When IPA gets a non-raw image, it performs an on-the-fly conversion using qemu-img convert, as well as running qemu-img frequently to get basic information about the image before validating it. Now, we ensure that before any qemu-img calls are made, that we have inspected the image for safety and pass through the detected format. If given a disk_format=raw image and image streaming is enabled (default), we retain the existing behavior of not inspecting it in any way and streaming it bit-perfect to the device. In this case, we never use qemu-based tools on the image at all. If given a disk_format=raw image and image streaming is disabled, this change fixes a bug where the image may have been converted if it was not actually raw in the first place. We now stream these bit-perfect to the device. Adds two config options: - [DEFAULT]/disable_deep_image_inspection, which can be set to "True" in order to disable all security features. Do not do this. - [DEFAULT]/permitted_image_formats, default raw,qcow2, for image types IPA should accept. Both of these configuration options are wired up to be set by the lookup data returned by Ironic at lookup time. This uses a image format inspection module imported from Nova; this inspector will eventually live in oslo.utils, at which point we'll migrate our usage of the inspector to it. Closes-Bug: #2071740 Change-Id: I5254b80717cb5a7f9084e3eff32a00b968f987b7 |
||
---|---|---|
doc | ||
examples | ||
imagebuild | ||
ironic_python_agent | ||
releasenotes | ||
tools | ||
zuul.d | ||
.git-blame-ignore-revs | ||
.gitignore | ||
.gitreview | ||
.stestr.conf | ||
bindep.txt | ||
CONTRIBUTING.rst | ||
LICENSE | ||
plugin-requirements.txt | ||
README.rst | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
Ironic Python Agent
Team and repository tags
Overview
An agent for controlling and deploying Ironic controlled baremetal nodes.
The ironic-python-agent works with the agent driver in Ironic to provision the node. Starting with ironic-python-agent running on a ramdisk on the unprovisioned node, Ironic makes API calls to ironic-python-agent to provision the machine. This allows for greater control and flexibility of the entire deployment process.
The ironic-python-agent may also be used with the original Ironic pxe drivers as of the Kilo OpenStack release.
Building the IPA deployment ramdisk
For more information see the Image Builder section of the Ironic Python Agent developer guide.
Using IPA with devstack
This is covered in the Deploying Ironic with DevStack section of the Ironic dev-quickstart guide.
Project Resources
Project bugs are tracked on Launchpad:
Developer documentation can be found here:
Release notes for the project are available at:
https://docs.openstack.org/releasenotes/ironic-python-agent/
Source code repository for the project is located at:
- IRC channel:
-
#openstack-ironic on irc.oftc.net
To contribute, start here: Openstack: How to contribute.