Commit Graph

351 Commits (master)

Author SHA1 Message Date
Zuul f0fde6c22d Merge "CI: Remove ubuntu focal job" 2023-09-13 05:18:29 +00:00
likui 065b4bfc12 CI: Remove ubuntu focal job
Ubuntu focal was in testing runtime as best effort
testing in 2023.1 cycle. In 2023.2, we do not need to
test the focal as such. Removing its testing to more
focus on making Jammy testing more stable.


Change-Id: Ia3a9bfb6287fd283c3eeb49b43d2c0d12420596d
2023-09-11 10:52:15 +08:00
Julia Kreger 985c7fdf21 [CI] Unblock CI by fixing job regex and non-voting snmp
Two issues have occcured:

1) Zuul has decided some syntax is deprecated and generates an error.
   The exlcusionary nature of the syntax is just not supported by RE2
   which is the new requirement, so explicitly matching "^master$"
   as opposed to "not stable branches".

2) Marking the snmp job as non-voting, the root issue appears to be ipxe
or the VMs, unknown as of yet.

Change-Id: I68aa95eb1ed80a0fde1c29d708ebd606393481aa
2023-09-07 03:58:34 +00:00
Riccardo Pittau 570fad96d8 Revert "Move metal3 integration job to non-voting temporarily"
This reverts commit b5cdd18815.

Change-Id: Ib0b0bc8668ec3151c11cf5be1949523f95511d26
2023-08-29 10:39:57 +02:00
Riccardo Pittau fc29073b1d Use sparkingly new metalsmith cs9 job
Instead of the old dusty cs8 one.

Change-Id: Ieb515ddcc1c919e2e5c79784b13dd1a7ec815aab
2023-08-28 12:22:44 +02:00
Riccardo Pittau b5cdd18815 Move metal3 integration job to non-voting temporarily
It's currently broken

Change-Id: I326b0e4bf43b104144b6cc1cff6261bbbd4b8070
2023-08-25 16:46:37 +02:00
Stephen Finucane 8d2e93f30c Add job to test with SQLAlchemy master (2.x)
Change-Id: I75c021b02187ee0b746c49eb545b79b3a40608b1
Signed-off-by: Stephen Finucane <>
2023-07-11 10:50:55 -07:00
Zuul f5e33812bd Merge "CI: Use focal dnsmasq" 2023-07-11 09:08:41 +00:00
Zuul 6233276b20 Merge "Unit tests: Isolate mysql test migrations" 2023-07-11 01:13:06 +00:00
Julia Kreger 0a11855d3f CI: Use focal dnsmasq
Investigation of our standalone test job issues, where jobs would
fail, hosts not get DHCP updates, and ultimately IPXE would
fail prior to getting a valid or the expected response,
revealed the discovery that dnsmasq was crashing often when
the port updates were going through, ultimately preventing
the mutli-scenario test jobs from running as the standalone
jobs represent a number of different scenarios which are
executed across a pool of test machines.

In this case, the path forward appears to be to downgrade
dnsmasq to stablize our CI and allow us to otherwise upgrade.

This patch adds the focal updates as a package source,
and installs the dnsmasq package.

Related-Bug: #2026757
Change-Id: Iacfd1ab677c612525601afcaeee5e5b067206ff3
2023-07-10 12:57:16 -07:00
Iury Gregory Melo Ferreira 6c35a44424 Move standalone jobs to focal
We are seeing a lot of failures in our standalone jobs
after we switched to jammy, see[1].
Let's pin the jobs to focal and to isolate the problem and
fix in a separate patch.


Change-Id: I1a85c0c9285359ee92fb676ec56c817cbe350367
2023-07-07 12:29:34 -03:00
Julia Kreger 5cad8ac773 Unit tests: Isolate mysql test migrations
All database migration testing in opestack is done through
an opportunistic worker model, where if the database is available
and correctly configured for testing, i.e. openstack-citest user
and access appropriately granted, then the tests will create and
test migrations.

However, this has been problematic with mysql as of recent, as we
have seen a long standing migration issue boil to the surface often
with tests.

As a result, we're isolating that test down to it's own job so we
can limit the blast damage. This also helps us isolate is it all
of the tests, or is it just soley isolated down to the mysql test
run class, which is an additional data point.

By default, we continue to run Postgres migration tests in the
main jobs, as they haven't been impacted by this issue.

Change-Id: Iefc044c31ef029e400a7dad294504175a4462638
2023-06-29 09:23:34 -07:00
Riccardo Pittau f434643293 Use jammy for base jobs
Leave the snmp job on focal for the time being as it's failing on jammy
and we need to move forward with the migration.

Change-Id: I0b9b600c3eb10761054abdb9c13d7107269001b9
2023-06-06 17:09:42 +02:00
Jay Faulkner bf850cad14 Make metal3 job voting
Now that we have autocommit disabled, we need to make the metal3 job
voting to ensure we don't accidentally break sqlite support in the

Change-Id: I4915dc23b1101b9b799f392434f237e5ccb323e4
2023-05-25 16:36:15 +02:00
Iury Gregory Melo Ferreira da0d7494e7 Add ironic-grenade-skip-level Job
Change-Id: I359ac822f2fe39b38f29a47fd2e71c8c91476030
2023-05-24 19:59:51 +00:00
Julia Kreger 124ad571fd Explicitly pin CIRROS_VERSION
It appear the push to Cirros 0.6.1 has re-occured, and we now
have things failing as a result.

Specifically ironic-grenade is trying to run with Cirros 0.5.2,
yet the file is not found later on.

Anyhow, an explicit pin should resolve this.

Change-Id: I97a1403820c8dbe633cf1d529adc79e8af463e80
2023-05-23 15:10:00 -07:00
Zuul bfb0a4cdc4 Merge "CI: Disable mysql counters for grenade" 2023-05-19 19:04:52 +00:00
Julia Kreger 8b98dfafd8 CI: Disable mysql counters for grenade
Disabling the performance counters as we suspect it is causing
database interaction to freeze on the grenade CI job.

Change-Id: Id951815ab9bfd1ca16aa66fa4c87c0e1b3e788f6
2023-05-18 17:27:38 -07:00
Julia Kreger 9c0b4c90a1 Fix Cinder Integration fallout from CVE-2023-2088
In the recent change to cinder, to address CVE-2023-2088,
cinder changed the policy rules and behavior for unbinding,
or "detaching" a volume. This was because of a vulnerability
in compute nodes where a volume which was in use by a VM
could be detached outside of Nova, and nova wouldn't become
aware the volume was detached, and the volume could be accessible
to the next VM.

This vulnerability doesn't apply to bare metal operations as
volumes are attached to whole baremetal nodes with Ironic.

We now generate and use a service token when interacting with
Cinder which allows cinder to recognize "this request is
coming from a fellow OpenStack service", and by-pass
checking with Nova if the "instance" is managed by Nova,
or Not. This allows the volumes to be attached, and detached
as needed as part of the power operation flow and overall
set of lifecycle operations.

Related-Bug: 2004555
Closes-Bug: 2019892

Change-Id: Ib258bc9650496da989fc93b759b112d279c8b217
2023-05-18 07:43:31 -07:00
Julia Kreger 912dcbbdc9 CI: Mark BFV job non-voting for now
Until we're able to get the BFV job softed, we need to unblock
the gate, and as such moving the BFV job to non-voting to allow
other contributors to make progress.

Change-Id: I045d58afe195f08823af3b1a2fa6eabb6efb63ca
2023-05-16 11:18:43 -07:00
Riccardo Pittau cae05c70e6 Make rbac enforced test non-voting for the time being
We need to fix the tests first, so this needs to pass

Change-Id: I5a9536f24103032059f25f9f69fda354e9e38187
2023-05-05 17:35:24 +02:00
Julia Kreger a5a737e388 Set ironic-grenade to wait 120 seconds
Launching test VMs can take a while, and grenade can fail
if the VM's networking is not quite online in under sixty
seconds. As such, it is reasonable to use a larger window
so the failure rate of ironic-grenade will hopefully decline.

Change-Id: I07aead4b09ccb7e427a0d3d04e7a580cf4b00a95
2023-04-05 09:58:36 -07:00
Dmitry Tantsur a6d87a608c Add a non-voting metal3 CI job
We'll use only one node as we're limited in resources but that
should suffice for a basic test.

Change-Id: I8e845d46ba0e13027aa1e628b0ad45eb24f9b387
2023-03-06 12:16:27 +01:00
Julia Kreger 692a383fdc [CI] Swap anaconda urls
The anaconda job is failing as were getting a redirect issued back
upon attempting to validate URLs. The servers are now directing us
to use HTTPS instead.

Change-Id: Iac8e6e58653ac616250f4ce3ab3ae7f5164e5b03
2023-01-26 13:58:12 -08:00
Zuul e011922bac Merge "CI: Reset VM footprint to 2.6GB" 2023-01-11 00:48:16 +00:00
Julia Kreger 0230d361f4 CI: Reset VM footprint to 2.6GB
This commit partially reverts change set
where the amount of memory for test VMs was
increased to 4GB. This was because excess
junk getting stuck in the staged ramdisk
images used by CI.

Change-Id: Ia0c74cbeecdb9febf9f7a4e76db84e0f378a97fc
2023-01-03 17:42:55 -08:00
Julia Kreger 1d07be8237 Use centos grub artifacts with centos ramdisk for vmedia
It appears we are getting an opcode error when attempting to boot
Centos 9-stream utilizing the EFI artifacts from Ubuntu.

Technically this should work, however further aftifacts in the boot
chain may be signed with other key credentials that Ubuntu's
grub does not know about, because the chain of trust is
MSFT -> Vendor shim (slow change rate) -> Vendor GRUB -> Kernel

Where vendor differences should never work, is if Secure Boot
is enforcing.

Exception on launch:
 X64 Exception Type - 06(#UD - Invalid Opcode)  CPU Apic ID - 00000000 !!!!

A similar Debian bug is open for a very similar issue:

However, no additional comments or information have been in follow
up to that reported issue. So in the mean time, we're going to try
and do what those smarter than I recommend, use the vendor's
binaries for their distribution.

There is one further, potentially far more depressing possibility,
that centos9's kernel doesn't support the type of hardware
we're getting. This is suggested by the precise opcode error, UD,
But again, easiest possibility first.

Change-Id: Id9bd30bc3c2f1076555317e4a3f277725fa7c1f4
2023-01-03 17:05:04 -08:00
Riccardo Pittau 6b84fbf8f2 Fix CI
- Remove skipsdist that it was never supported and causes breakage
when used with usedevelop.
- add script to allowlist for pep8 test
- disable setuptools autodiscovery
- Increase base VM memory according to new requirements for CS9
based IPA

Change-Id: I0bfef09a5312a17be54ce5c09805f06b7c349026
2022-12-29 17:10:53 +01:00
Jay Faulkner d7c95306d6 Ironic doesn't use metering; don't start it in CI
We don't use metering. We do use every byte of ram we can get our hands

Change-Id: I839c7fd4cb6fe8661a25e6b4e00650575ae17520
2022-12-13 13:51:11 -08:00
Sławek Kapłoński 7c47ad04fc [grenade] Explicitly enable Neutron ML2/OVS services in the CI job
As with [1] basic grenade job will be switched to run with OVN as
Neutron backend, which is default in Devstack, we need to explicitly
disable ML2/OVN neutron services in the ironic-grenade job and use
ML2/OVS related services in that job.



Change-Id: I2ef96d1b3e19004f05253dfae508e9f07ae58f63
2022-12-09 11:52:08 +00:00
Riccardo Pittau ad0b8e4dce Cross test sushy with python 3.10
We don't test python 3.8 anymore in antelope

Change-Id: I4748f14f7a75ae9da204ffafb61c8e495822f040
2022-10-20 18:04:45 +02:00
OpenStack Release Bot 1499023c4a Switch to 2023.1 Python3 unit tests and generic template name
This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for antelope. Also,
updating the template name to generic one.

See also the PTI in governance [1].


Change-Id: Ie1e2138b16929c204235e459df5f9c26885140ab
2022-09-23 08:39:28 +00:00
Julia Kreger d8fc96fd1f CI: Changes to support Anaconda CI jobs
Introduces additional job configuration to enable automated
integration testing via tempest of the anaconda deployment

Also, configures a private subnet with DNS, which is required
by anaconda executing, in order to facilitate processing of URLs.

Change-Id: I61b5205cf2c9f83dfcabf4314247c76fb6a56acd
2022-09-06 07:38:11 -07:00
Dmitry Tantsur f0a1778766 Finally remove support for netboot and the boot_option capability
Instance network boot (not to be confused with ramdisk, iSCSI or
anaconda deploy methods) is insecure, underused and difficult to
maintain. This change removes a lot of related code from Ironic.

The so called "netboot fallback" is still supported for legacy boot when
boot device management is not available or is unreliable.

Change-Id: Ia8510e4acac6dec0a1e4f5cb0e07008548a00c52
2022-08-02 12:47:31 +02:00
Julia Kreger af838cca79 CI: Pull in diskimage-builder until new release is cut
Change-Id: I88a4863cd24258eb0b395303738c23e3468615c0
2022-06-30 16:29:01 -07:00
Zuul 936414a3cc Merge "Remove netboot jobs from the gate" 2022-06-25 00:21:16 +00:00
Zuul d807350f6e Merge "Use bifrost on centos9 integration job" 2022-06-24 10:44:22 +00:00
Zuul 6f90d5f6a7 Merge "Swap the metalsmith UEFI job for a legacy one" 2022-06-22 13:45:22 +00:00
Riccardo Pittau 089b0c8e63 Use bifrost on centos9 integration job
We don't support CentOS Stream 8 anymore.

Change-Id: I90f20395afbb5e4299dc807288d4a44863d56768
2022-06-16 14:07:58 +02:00
Dmitry Tantsur 5bbcabbabe Remove netboot jobs from the gate
Netboot option will be removed soon, this change stops covering it.
Some jobs have been renamed to reflect the new reality.

Change-Id: I7e248c3deb4778fcf59bc64821833987653fbbcd
2022-05-31 10:02:56 +02:00
Zuul 37d70d78d7 Merge "CI: Removing ironic job queue" 2022-05-26 19:54:24 +00:00
Dmitry Tantsur 81f583f69b devstack: use CentOS 9 for DIB IPA builds
Additionally bumps CPU model to host-model as centos9 builds now
require a subset of CPU processors which include advanced features.
Host-model also allows for the VM to still start when running with
pure qemu, as opposed to KVM passthrough.

Change-Id: Ic261efd4bf6f5929687df5e7b1b51b541554af18
2022-05-25 08:57:15 -07:00
Julia Kreger 63e53797ad CI: Removing ironic job queue
Change-Id: Idf7991d8f8a8cebcdc0413f26ad31542f8ffa8a8
2022-05-19 11:08:22 -07:00
Dmitry Tantsur f1257c79ca Swap the metalsmith UEFI job for a legacy one
UEFI is well covered by existing jobs, while the legacy job is covering
calling install_bootloader.

Change-Id: I18c5334a52591f3d8ccced15aee8eb332121dded
2022-05-17 12:46:53 +02:00
Zuul f73639d72c Merge "Fix names of two jobs" 2022-05-09 19:45:25 +00:00
Zuul 49113385e8 Merge "Fix v6 CI job - Return it to normal non-voting status" 2022-05-05 14:46:27 +00:00
Julia Kreger a9f4acfdb0 Fix v6 CI job - Return it to normal non-voting status
* Fixes the IPv6 job by utilizing HOST_IPV6 instead of
  SERVICE_IPV6, as Devstack now automatically wraps
  SERVICE_IPV6 with brackets as if it is for a URL.
* Locks ipv6 job to bios mode. Ubuntu Focal OVMF/EDK2 does not
  support IPv6 PXE boot by default.
* Split from Devstack in terms of IP usage, since full explicit
  V6 usage is not a thing anymore. 4+6 is the default in devstack
  and regardless of what we set on the job we see both now used.
  So we delineate apart our usage for our own sanity.
* Reduce VM Interface count for IPv6 in an attempt to eliminate
  in-kernel routing confusion by two interfaces on the same physical
* Set IPv6 mode to dhcpv6-stateless due to fun issues in dhcp clients.
  When we move to UEFI, this will need to be changed to stateful as
  stateless is not supported in general by OVMF/E2DK.

Once the job has run in normal non-voting for a while, and we
ensure that it seems to be stable, we can make it voting again.

Change-Id: Ia833bfb64c6c3cc8e48cbe34ed200536652a8adf
2022-05-04 11:32:29 -07:00
Ghanshyam Mann 2e94aa4241 Drop lower-constraints.txt and its testing
As discussed in TC PTG[1] and TC resolution[2], we are
dropping the lower-constraints.txt file and its testing.
We will keep lower bounds in the requirements.txt file but
with a note that these are not tested lower bounds and we
try our best to keep them updated.


Change-Id: Ide6b3e9d6c1171f1ae568c256a3e9affa45de17b
2022-04-30 17:58:31 -05:00
Riccardo Pittau b77a5d67da Fix names of two jobs
Making jobs names less misleading

This should impact sushy and sushy-tools only

sushy change
sushy-tools change

Change-Id: I83f3ac7ddc0662e32c205cd8ec0fab073aeaec56
2022-04-20 08:56:55 +00:00
Julia Kreger 9df7e67e69 Grenade: Change to use bios because we have funky networking
Grenade, for some confusing reason, creates a separate network,
and uses that for upgrade testing as opposed to the original network
the VMs were bound to. If Julia's memory is correct, this was for
multinode upgrade testing.

Anyway, When in UEFI mode, it appears that the TFTP packets
don't get tracked nor cross the boundrary. We likley need to
explicitly address this, but first, lets get the job working as
it was and can then update it.

Also, update requirements because markupsafe removed soft_unicode
method taht was deprecated since a while. Jinja2 started using the
new soft_str method since version 3.0.0

Change-Id: Iaebe966569962b0d3d43774d57b570469479f159
2022-04-04 14:13:58 +02:00