A Python agent for provisioning and deprovisioning Bare Metal servers.
Go to file
Jay Faulkner e303a369dc Inspect non-raw images for safety
When IPA gets a non-raw image, it performs an on-the-fly conversion
using qemu-img convert, as well as running qemu-img frequently to get
basic information about the image before validating it.

Now, we ensure that before any qemu-img calls are made, that we have
inspected the image for safety and pass through the detected format.

If given a disk_format=raw image and image streaming is enabled
(default), we retain the existing behavior of not inspecting it in
any way and streaming it bit-perfect to the device. In this case, we
never use qemu-based tools on the image at all.

If given a disk_format=raw image and image streaming is disabled, this
change fixes a bug where the image may have been converted if it was not
actually raw in the first place. We now stream these bit-perfect to the
device.

Adds two config options:
- [DEFAULT]/disable_deep_image_inspection, which can be set to "True" in
  order to disable all security features. Do not do this.
- [DEFAULT]/permitted_image_formats, default raw,qcow2, for image types
  IPA should accept.

Both of these configuration options are wired up to be set by the lookup
data returned by Ironic at lookup time.

This uses a image format inspection module imported from Nova; this
inspector will eventually live in oslo.utils, at which point we'll
migrate our usage of the inspector to it.

Closes-Bug: #2071740
Change-Id: I5254b80717cb5a7f9084e3eff32a00b968f987b7
2024-09-04 09:11:28 -07:00
doc update dynamic-login to mention the sshkey option 2024-07-31 12:22:31 -05:00
examples [codespell] Fix spelling issues in IPA 2023-12-28 10:54:46 -08:00
imagebuild Remove imagebuild/common, it's not longer used by IPA-builder 2019-10-16 14:14:13 +02:00
ironic_python_agent Inspect non-raw images for safety 2024-09-04 09:11:28 -07:00
releasenotes Inspect non-raw images for safety 2024-09-04 09:11:28 -07:00
tools Adds bandit template and exclude some of tests 2019-06-20 14:39:36 +08:00
zuul.d Remove and disable examples job 2024-09-04 09:11:28 -07:00
.git-blame-ignore-revs [codespell] Adding git-blame-ignore-revs to clear codespell changes 2024-01-25 01:49:11 +00:00
.gitignore Remove the configuration sample file 2019-12-02 12:11:58 +01:00
.gitreview OpenDev Migration Patch 2019-04-19 19:48:56 +00:00
.stestr.conf Migrate to stestr as unit tests runner 2017-09-26 09:23:53 -07:00
bindep.txt Drop python2 from bindep.txt 2022-06-30 23:33:05 +00:00
CONTRIBUTING.rst Ironic (and IPA) use launchpad now 2023-05-17 15:38:57 -07:00
LICENSE add license file 2013-09-17 13:41:59 -07:00
plugin-requirements.txt Update hardware to 0.24,0 2020-01-15 12:44:31 +01:00
README.rst Ironic (and IPA) use launchpad now 2023-05-17 15:38:57 -07:00
requirements.txt Remove old excludes 2024-04-30 22:46:45 +09:00
setup.cfg Fix issues caused/found by new codespell 2024-05-23 15:49:48 -07:00
setup.py Fix for tox4 and setuptools 2023-01-02 14:40:35 +01:00
test-requirements.txt Remove old excludes 2024-04-30 22:46:45 +09:00
tox.ini Force constraints when installing a package during tox test 2024-02-12 14:59:39 +01:00

Ironic Python Agent

Team and repository tags

image

Overview

An agent for controlling and deploying Ironic controlled baremetal nodes.

The ironic-python-agent works with the agent driver in Ironic to provision the node. Starting with ironic-python-agent running on a ramdisk on the unprovisioned node, Ironic makes API calls to ironic-python-agent to provision the machine. This allows for greater control and flexibility of the entire deployment process.

The ironic-python-agent may also be used with the original Ironic pxe drivers as of the Kilo OpenStack release.

Building the IPA deployment ramdisk

For more information see the Image Builder section of the Ironic Python Agent developer guide.

Using IPA with devstack

This is covered in the Deploying Ironic with DevStack section of the Ironic dev-quickstart guide.

Project Resources

Project bugs are tracked on Launchpad:

https://bugs.launchpad.net/ironic-python-agent/+bugs

Developer documentation can be found here:

https://docs.openstack.org/ironic-python-agent/latest/

Release notes for the project are available at:

https://docs.openstack.org/releasenotes/ironic-python-agent/

Source code repository for the project is located at:

https://opendev.org/openstack/ironic-python-agent/

IRC channel:

#openstack-ironic on irc.oftc.net

To contribute, start here: Openstack: How to contribute.