Commit Graph

815 Commits (master)

Author SHA1 Message Date
Harald Jensås a8ede77e3e devstack - configurable ipv6 address mode
Add variable to define ipv6-address-mode and ipv6-ra-mode
in the devstack plugin.

Change-Id: I0a145bafc2ea37065b0e0fa7445837ded7bd8e46
2023-09-12 18:56:06 +00:00
Harald Jensås aa2dad9f75
devstack - fix IPv6 ping
Remove the $ in the condition so that we don't attept to
execute the output from ping (i.e PING - unknown command)

Change-Id: Ic90f7c93d9a7b86fbf3f2cdef46bc1b2bbea489d
2023-08-30 12:45:44 +02:00
Zuul b78f379997 Merge "Revert "Fix IRONIC_IMAGE_NAME=non-existent-image"" 2023-07-19 01:31:24 +00:00
Zuul e2273d2b81 Merge "Disable spanning tree" 2023-07-12 19:55:24 +00:00
Julia Kreger 0a11855d3f CI: Use focal dnsmasq
Investigation of our standalone test job issues, where jobs would
fail, hosts not get DHCP updates, and ultimately IPXE would
fail prior to getting a valid or the expected response,
revealed the discovery that dnsmasq was crashing often when
the port updates were going through, ultimately preventing
the mutli-scenario test jobs from running as the standalone
jobs represent a number of different scenarios which are
executed across a pool of test machines.

In this case, the path forward appears to be to downgrade
dnsmasq to stablize our CI and allow us to otherwise upgrade.

This patch adds the focal updates as a package source,
and installs the dnsmasq package.

Related-Bug: #2026757
Change-Id: Iacfd1ab677c612525601afcaeee5e5b067206ff3
2023-07-10 12:57:16 -07:00
Julia Kreger 6d3c4ced5f Disable spanning tree
So, I've long wondered if we still have some spanning tree behavior
going on in CI. Turns out we might, but we just rely upon the defaults
which creates a variable.

Anyway, regardless, I found some details in the ovs-vsctl manual[0], and
well, lets set the options!


Change-Id: I8f229fa6e738a69a668d4b891723431b2da362fa
2023-07-06 17:16:33 +00:00
Ghanshyam d5931adedb Revert "Fix IRONIC_IMAGE_NAME=non-existent-image"
This reverts commit 2f8ee2cf40.

Reason for revert: Tempest removed the setting of DEFAULT_IMAGE_NAME to 'non-existent-image', that should fix the issue

Change-Id: I4767518b3306a8c4da08d1f0650d78ef8d78ca9c
2023-06-27 04:14:12 +00:00
Iury Gregory Melo Ferreira 2f8ee2cf40 Fix IRONIC_IMAGE_NAME=non-existent-image
Our jobs started failling after a possible change in tempest
that introduced "non-existent-image" [1]


Change-Id: Iff7943446741e499100561a79c9f4930beab3da2
2023-06-22 22:02:29 -03:00
Julia Kreger d2039a29de Handle nova policy change
It appears nova's policies have changed, or to be more precise,
they have turned on new policy enforcement[0] and our plugin
was wrong.

+++ /opt/stack/ironic/devstack/lib/ironic:\n
ironic_configure_tempest:3205 :\n
oscwrap --os-cloud devstack-system-admin flavor show baremetal -f value -c id
ForbiddenException: 403: Client Error for url:
Policy doesn't allow os_compute_api:os-flavor-extra-specs:index to be performed.

[0]: dfd7aeaf6c

Change-Id: I8070852fbe9346e346c50088537797f353753d02
2023-05-23 21:33:57 -07:00
Julia Kreger fce8c3a651 CI: Change tinycore URL
We'v been able to observe one of the scenario test jobs failing
due to tinycorelinux being inaccessible. Possibly on an IPv6 only
test VM. Turns out tinycorelinux's main page is only accessible via

As such, I've changed the mirror to a mirror which is acessible via
IPv6 and which I've verified works for me.

Change-Id: I2b4ccd16189038ce2f054d7403775b012796aea3
2023-05-19 07:20:56 -07:00
Julia Kreger 9c0b4c90a1 Fix Cinder Integration fallout from CVE-2023-2088
In the recent change to cinder, to address CVE-2023-2088,
cinder changed the policy rules and behavior for unbinding,
or "detaching" a volume. This was because of a vulnerability
in compute nodes where a volume which was in use by a VM
could be detached outside of Nova, and nova wouldn't become
aware the volume was detached, and the volume could be accessible
to the next VM.

This vulnerability doesn't apply to bare metal operations as
volumes are attached to whole baremetal nodes with Ironic.

We now generate and use a service token when interacting with
Cinder which allows cinder to recognize "this request is
coming from a fellow OpenStack service", and by-pass
checking with Nova if the "instance" is managed by Nova,
or Not. This allows the volumes to be attached, and detached
as needed as part of the power operation flow and overall
set of lifecycle operations.

Related-Bug: 2004555
Closes-Bug: 2019892

Change-Id: Ib258bc9650496da989fc93b759b112d279c8b217
2023-05-18 07:43:31 -07:00
Zuul 1d0818cba2 Merge "Remove use of nomodeset by default" 2023-05-09 06:29:42 +00:00
Julia Kreger 7f281392c2 Change wholedisk image checksum to sha256
Change-Id: I0c90ac87ca88329e7fb315385345e8020a59fdd5
2023-05-02 13:03:13 -07:00
Julia Kreger f2605e9281 Remove use of nomodeset by default
The troubleshooting kernel command line option nomodeset
unfortunately changes the way framebuffer interactions work
with graphics devices which in some cases can result in kernel
memory to be used for graphics updates. When this happens on
some specific hardware common in rack mount servers with baseboard
management controllers, this can cause the memory bus to become
locked for a brief time while the graphics update is occuring.

This locked memory bus means disk IO can become blocked,
and network cards can overflow their buffers resulting in
packet loss on top of the latency incurred by the graphics
update executing.

As such, we've removed the nomodeset option from default usage and
added a note describing its removal to the documentation along
with a release note.

Change-Id: I9084d88c3ec6f13bd64b8707892758fa87dd7f86
2023-04-26 07:34:29 -07:00
Riccardo Pittau 87a5f1add5 Bump cirros to version 0.6.1
Use latest cirros available

Change-Id: I916b96d1386d3b1f090df11a7a8d2ef70fe22559
2023-01-26 11:55:58 +01:00
Zuul 320b1f0ca7 Merge "Fix unbound variable in devstack plugin" 2023-01-07 16:30:49 +00:00
Zuul c93641ff59 Merge "Use tinycore 13 for base ramdisk image" 2023-01-07 15:54:56 +00:00
Zuul bed680951a Merge "Remove lib/neutron-legacy leftovers" 2023-01-05 12:25:48 +00:00
Zuul 7f6a737e98 Merge "Use centos grub artifacts with centos ramdisk for vmedia" 2023-01-04 20:31:36 +00:00
Julia Kreger 1d07be8237 Use centos grub artifacts with centos ramdisk for vmedia
It appears we are getting an opcode error when attempting to boot
Centos 9-stream utilizing the EFI artifacts from Ubuntu.

Technically this should work, however further aftifacts in the boot
chain may be signed with other key credentials that Ubuntu's
grub does not know about, because the chain of trust is
MSFT -> Vendor shim (slow change rate) -> Vendor GRUB -> Kernel

Where vendor differences should never work, is if Secure Boot
is enforcing.

Exception on launch:
 X64 Exception Type - 06(#UD - Invalid Opcode)  CPU Apic ID - 00000000 !!!!

A similar Debian bug is open for a very similar issue:

However, no additional comments or information have been in follow
up to that reported issue. So in the mean time, we're going to try
and do what those smarter than I recommend, use the vendor's
binaries for their distribution.

There is one further, potentially far more depressing possibility,
that centos9's kernel doesn't support the type of hardware
we're getting. This is suggested by the precise opcode error, UD,
But again, easiest possibility first.

Change-Id: Id9bd30bc3c2f1076555317e4a3f277725fa7c1f4
2023-01-03 17:05:04 -08:00
Riccardo Pittau cab04afe6e Create IRONIC_VM_MACS_CSV_FILE if it does not exist
The IRONIC_VM_MACS_CSV_FILE is generated only if we execute the
ironic basic ops, so when IRONIC_BAREMETAL_BASIC_OPS is True.
In some jobs we set IRONIC_BAREMETAL_BASIC_OPS to False but we
still look for that file causing a "file not found" error which
does not trigger a trap until focal, but it does in jammy.
Let's create the file if it does not exist.

Change-Id: Ib938abe0723072419f336159cbffff33e46ea39b
2023-01-03 16:09:00 +01:00
Riccardo Pittau 7150478cd8 Fix unbound variable in devstack plugin
The RC_DIR does not existed (and it never existed, it was SRC_DIR)
Change that to TOP_DIR which is what we use commonly in other

Change-Id: I4a400fd434a20938cd38c0bb876da21fec7473a1
2023-01-02 10:10:50 +01:00
Riccardo Pittau 93158aadd0 Use tinycore 13 for base ramdisk image
We're builing tinyipa using tinycore 13.x since a while, we should use
the same version for the base ramdisk image.

Change-Id: I9d144f122c20f717ff946282ef7ffa16d82812f5
2023-01-02 09:44:26 +01:00
Sławek Kapłoński facd1bca66 Remove lib/neutron-legacy leftovers
In [1] we finally got rid of the unfinished lib/neutron module and kept
only lib/neutron-legacy. It's renamed to lib/neutron now and it's the
only neutron related module in Devstack.
So this patch removes leftovers related to the old lib/neutron-legacy.


Change-Id: Id938deab7188743e754d028dee8e0b2591ab6f7b
2022-12-20 11:18:25 +01:00
Ghanshyam Mann ceec890947 Use project scoped token for cinder, glance services
All services except Ironic (and keystone to support ironic
with system scope deployement), will not have system scope in
their API policy instead they are default to project scoped.

Change-Id: Id13a359086f9b24dbfcd2b565a42c50d0dab7736
2022-10-15 20:05:06 -05:00
Julia Kreger 9344eb22d1 Add upgrade check warning for allocations db
Adding an upgrade check to provide awareness to the state of
the database in regards if an unexpected engine is in use or
if the character set encoding is also not UTF8.

These will raise non-fatal warnings on the upgrade status

Change-Id: Ide0eb4690a056be557e5ea7d5ba5f6be37b50d0a
Story: 2010384
2022-10-13 10:54:55 -07:00
Julia Kreger d8fc96fd1f CI: Changes to support Anaconda CI jobs
Introduces additional job configuration to enable automated
integration testing via tempest of the anaconda deployment

Also, configures a private subnet with DNS, which is required
by anaconda executing, in order to facilitate processing of URLs.

Change-Id: I61b5205cf2c9f83dfcabf4314247c76fb6a56acd
2022-09-06 07:38:11 -07:00
Dmitry Tantsur f0a1778766 Finally remove support for netboot and the boot_option capability
Instance network boot (not to be confused with ramdisk, iSCSI or
anaconda deploy methods) is insecure, underused and difficult to
maintain. This change removes a lot of related code from Ironic.

The so called "netboot fallback" is still supported for legacy boot when
boot device management is not available or is unreliable.

Change-Id: Ia8510e4acac6dec0a1e4f5cb0e07008548a00c52
2022-08-02 12:47:31 +02:00
Julia Kreger f7471f07c3 CI: Only setup fake v6 interface if needed
In the case of CI test nodes natively supporting and using ipv6,
we don't need to actually setup a fake IPv6 network for ports
to bind to on the local system. So before doin gso, lets check
to see if we can ping the address first. If not, then set it up.

Change-Id: Ib68c706c1f9ef0ad0cf27e7a6acffd2c50ff37ea
2022-07-20 11:08:20 -07:00
Julia Kreger 8b99fcb0e4 CI: Default to TinyIPA when nested virt is not possible
Change-Id: I6bd52f61ff5e9f928b504b09a1ce6eb97cff57da
2022-06-23 14:24:41 -07:00
Julia Kreger e0c758bb95 CI: Add iweb to the use tinyipa on list
Change-Id: Ib1d415928a6555298d42e8d525f04eb1028a4bb8
2022-06-23 14:13:58 -07:00
Zuul 1b6114934c Merge "Switch to q35 machine type for test nodes" 2022-06-22 14:22:17 +00:00
Steve Baker 832dc8bf94 Switch to q35 machine type for test nodes
q35 is recommended as emulating modern baremetal with better support
for UEFI in general, and Secure Boot in particular.

Old pc type usage is removed, like IDE controller, PS2 mouse, manual
PSI addresses.

Change-Id: Ic33e0f23c5c514a45541534ddd68329d7b4d0480
2022-05-31 04:37:28 +00:00
Dmitry Tantsur 81f583f69b devstack: use CentOS 9 for DIB IPA builds
Additionally bumps CPU model to host-model as centos9 builds now
require a subset of CPU processors which include advanced features.
Host-model also allows for the VM to still start when running with
pure qemu, as opposed to KVM passthrough.

Change-Id: Ic261efd4bf6f5929687df5e7b1b51b541554af18
2022-05-25 08:57:15 -07:00
Zuul 49113385e8 Merge "Fix v6 CI job - Return it to normal non-voting status" 2022-05-05 14:46:27 +00:00
Julia Kreger a9f4acfdb0 Fix v6 CI job - Return it to normal non-voting status
* Fixes the IPv6 job by utilizing HOST_IPV6 instead of
  SERVICE_IPV6, as Devstack now automatically wraps
  SERVICE_IPV6 with brackets as if it is for a URL.
* Locks ipv6 job to bios mode. Ubuntu Focal OVMF/EDK2 does not
  support IPv6 PXE boot by default.
* Split from Devstack in terms of IP usage, since full explicit
  V6 usage is not a thing anymore. 4+6 is the default in devstack
  and regardless of what we set on the job we see both now used.
  So we delineate apart our usage for our own sanity.
* Reduce VM Interface count for IPv6 in an attempt to eliminate
  in-kernel routing confusion by two interfaces on the same physical
* Set IPv6 mode to dhcpv6-stateless due to fun issues in dhcp clients.
  When we move to UEFI, this will need to be changed to stateful as
  stateless is not supported in general by OVMF/E2DK.

Once the job has run in normal non-voting for a while, and we
ensure that it seems to be stable, we can make it voting again.

Change-Id: Ia833bfb64c6c3cc8e48cbe34ed200536652a8adf
2022-05-04 11:32:29 -07:00
Dmitry Tantsur b94e52f55a Fix ironic-lib from source and branch detection in IPA builds
Prevents the ironic-lib CI from testing ironic-lib changes in IPA.

Change-Id: I936f6c1506c585826501ff3ac0bad0c755b4d360
2022-05-02 12:19:59 +02:00
Julia Kreger fe3021fc37 Grenade: Turn up interfaces for vxlan
So... We can't do this in a single patch, and we *actually*
need to merge the vxlan fix before the subnode will ever pickup
the configuration

From the logs, I can observe the vxlan tunnel connects between
the nodes. Awesome.

Where things break is in the local setup of the local bridges
used to wire everything together.

setup_vxlan_network:3274 :   sudo ovs-vsctl add-port sub1brbm phy-brbm-infra
ovs-vsctl: Error detected while setting up 'phy-brbm-infra':
could not open network device phy-brbm-infra (No such device).
See ovs-vswitchd log for details.

Basically, with the same change on a separate patch, we're able to
observe the controller node work perfectly. It is the subnode
connectivity which is just broken.

So, activate the bridge interfaces seems ideal. This likely broke
at some point due to behavior changes in OpenVSwitch.

Change-Id: I11dbba1957d67187d859a1ef60563c0301da9812
2022-04-26 10:43:27 -07:00
Dmitry Tantsur 7ac4804126 Build the new cirros image even when netboot is the default
The standalone job changes boot_option in runtime, so local boot
can be used even when the default boot option is netboot.

Change-Id: Ia538907f3662e8cd84d988ea5d862c7f488558e1
2022-02-17 15:36:11 +01:00
Dmitry Tantsur bbceca562e CI: use a custom cirros partition image instead of the default
Cirros partition images are not compatible with local boot since they
don't ship grub (nor a normal root partition). This change adds a script
that builds a partition image with UEFI artifacts present. It still
cannot be booted in legacy mode, but it's a progress.

Set the tempest plugin's partition_netboot option. We need it to inform
the tempest plugin about the ability to do local boot. This option
already exists but is never set.

Also set the new default_boot_option parameter, which will be introduced
and used in Iaba563a2ecbca029889bc6894b2a7f0754d27b88.

Remove netboot from most of the UEFI jobs.

Change-Id: I15189e7f5928126c6b336b1416ce6408a4950062
2022-02-16 10:12:06 +01:00
Dmitry Tantsur 720b42d538 Avoid non-Stream CentOS and temporary disable the standalone job
The standalone job is failing because of a bug in IPA. To fix it we need
to make DIB jobs operational, and they're failing because of CentOS repos.

Change-Id: I8bd051ea709d328cb5efa2c2cbd5a226bdb4cfd3
2022-01-31 16:32:08 +01:00
Aija Jauntēva 365a4545fe Fix DevStack plugin ipxe-snponly-x86_64.efi name
Change-Id: Ic25eb356d1bc86c1dc4b09df7fc0df42b3821cf3
2022-01-27 09:59:51 -05:00
Dmitry Tantsur cfcea55cf6 Automatically configure enabled_***_interfaces
This change makes it easier to configure power and management interfaces
(and thus vendor drivers) by figuring out reasonable defaults.

Story: #2009316
Task: #43717
Change-Id: I8779603e566be5a84daf6f680c0bbe2f191923d9
2021-12-20 15:11:17 +01:00
Steve Baker 3f76724dfb Write initial grub config on startup
This change removes the documentation to copy master_grub_cfg.txt to
/tftpboot/grub/grub.cfg and instead writes it on conductor startup.
This grub config is a simple redirect config requested by grub network
boot. "master" has been renamed to "initial" as a more accurate label
of its function.

New configuration option [pxe]initial_grub_template allows the deployer
to specify a different initial grub template.

Change-Id: I71191dd399a6c49607f91d69b5b1673799a38624
2021-12-10 15:44:50 +13:00
Zuul 3b949b2086 Merge "Use test_with_retry to get the tap device name" 2021-12-08 19:27:53 +00:00
Dmitry Tantsur b37ee7c911 devstack: provide a default for OS_CLOUD
Not having it breaks the inspector grenade job.

Change-Id: I7ee28a85cb2005dd69e6711b301cd029b8ca40cc
2021-12-08 09:49:26 +01:00
Dmitry Tantsur f85f649136 Install isolinux on devstack
It is required for virtual media BIOS booting.

Clean up old bindep tags.

Change-Id: I345e5b5287594e62ac7a8abb4de3add242120dfd
2021-12-03 17:50:52 +01:00
Steve Baker 9b4631ae0d Use test_with_retry to get the tap device name
This change replaces the 10 second sleep with a retry that has a
timeout of 20 seconds to discover the name of the tap device.

There are gate failures when there is still not a tap device after the
10 second sleep, so this approach should be faster in the common case,
and the higher timeout should provide more reliability.

Change-Id: I5e59ade9f830182b483b9655aaaf6c93b0bfac44
2021-11-22 13:50:59 +13:00
Julia Kreger 350c2f7a50 CI: Fix devstack plugin with RBAC changes
Changes a neutron call to be project scoped as system
scoped can't create a resource and, and removes the unset
which no longer makes sense now that
has merged removing the legacy vars from devstack.

Also renames intenral use setting of OS_CLOUD to IRONIC_OS_CLOUD
as some services were still working with system scope or some sort
of mixed state occuring previously as some of the environment variables
were present still, however they have been removed from devstack.

This change *does* explicitly set an OS_CLOUD variable as well on
the base ironic job. This is because things like grenade for Xena
will expect the variable to be present.

Change-Id: I912527d7396a9c6d8ee7e90f0c3fd84461d443c1
2021-11-19 08:22:22 -08:00
Zuul 386c15836c Merge "Remove debian packages file for devstack" 2021-10-18 11:58:42 +00:00