13234 Commits

Author SHA1 Message Date
Dmitry Tantsur
510f87a033
Try limiting MTU to at least 1280
Temporary make metal3-integration non-voting until we merge the fix for
regression https://review.opendev.org/c/openstack/ironic/+/928885.

Change-Id: If8f9907df62019b3cf6d6df7d83d5ff421f6be65
2024-09-12 10:35:40 +02:00
Zuul
072619978e Merge "Deduplicate and remove invalid information for steps" 2024-09-10 14:31:36 +00:00
Zuul
d41a1c6f72 Merge "Support Automatic Lessee from instance metadata" 2024-09-05 23:49:48 +00:00
Julia Kreger
c996aafa6d CVE-2024-44982: Harden all image handling and conversion code
It was recently learned by the OpenStack community that running qemu-img
on untrusted images without a format pre-specified can present a
security risk. Furthermore, some of these specific image formats have
inherently unsafe features. This is rooted in how qemu-img operates
where all image drivers are loaded and attempt to evaluate the input data.
This can result in several different vectors which this patch works to
close.

This change imports the qemu-img handling code from Ironic-Lib into
Ironic, and image format inspection code, which has been developed by
the wider community to validate general safety of images before converting
them for use in a deployment.

This patch contains functional changes related to the hardening of these
calls including how images are handled, and updates documentation to
provide context and guidance to operators.

Closes-Bug: 2071740
Change-Id: I7fac5c64f89aec39e9755f0930ee47ff8f7aed47
Signed-off-by: Julia Kreger <juliaashleykreger@gmail.com>
2024-09-04 15:18:58 -07:00
OpenStack Proposal Bot
e01522cd4c Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I4e4714bd26a38aa6dd3635b7b5a61b15e810fe14
2024-09-04 03:54:19 +00:00
Zuul
da5e44908b Merge "Enable the inspection test in the redfish standalone job" 2024-09-03 17:49:14 +00:00
Zuul
b0a650a086 Merge "Better handle missing inspection_network" 2024-09-03 14:58:38 +00:00
Jay Faulkner
0eda3d65ea Support Automatic Lessee from instance metadata
Ironic already has support for automatically setting a lessee on
deployment, but it is only supported for direct deployments with Ironic,
as it uses request context which is not preserved in the Nova driver.

Now, when combined with the related Nova change, Ironic can support this
behavior for fully integrated installations. On deploy time, Nova will
set several fields -- including project_id -- in instance info. If
enabled, Ironic will then use that project_id as the automatic lessee.
The previous behavior of using the project_id from the request context
is still supported as a fallback.

This is being tracked in nova as blueprint ironic-guest-metadata.

Closes-Bug: #2063352
Change-Id: Id381a3d201c2f1b137279decc0e32096d4d95012
2024-09-02 18:14:22 -07:00
Zuul
3f22f8c5f0 Merge "Temporarily disable PXE booting test in the standalone job" 2024-08-29 16:06:02 +00:00
Zuul
67542d639a Merge "idrac: inherit driver interface from redfish" 2024-08-29 04:55:05 +00:00
Jay Faulkner
42bd2a069a Use the correct command to fetch ovs state
Typo fix: s/osv/ovs/ in the command name.

Change-Id: I5c42accf5e020ad3ecf652bcabdb8b8521f95907
2024-08-28 08:49:21 -07:00
Doug Goldstein
52fdbb743d
idrac: inherit driver interface from redfish
With the removal of the wsman interfaces in the idrac driver and only
redfish being supported, the idrac driver should inherit from the
redfish driver to ensure that it properly supports all the redfish
supported interfaces. Furthermore with several of the interfaces being
no-op passthru to the redfish implementation there is no reason to not
let the user select those interfaces as well. With an eye towards not
having to support these in the future, direct users to use the stock
redfish versions in the docs as well.

Change-Id: I79ab44f31660e6d5311db46223e8bd60d2b3f213
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
2024-08-28 08:47:32 -05:00
Zuul
f8c5fa7939 Merge "Replace reference to ari/aki" 2024-08-27 23:10:59 +00:00
Dmitry Tantsur
72c792bb28
Temporarily disable PXE booting test in the standalone job
It only passes because the boot interface handling is broken in
ironic-tempest-plugin. Once something like
https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/925981
merges, it will start failing with a timeout.

Temporarily remove it from the list to allow progress on other changes.

Change-Id: I155f520be9b5815f390364c4de12528920b7594a
2024-08-27 14:46:50 +02:00
cid
aaec00275a Replace reference to ari/aki
Replace 'ari' and 'aki' with correct values for kernel/ramdisk
artifacts.

Closes-Bug: #2074090
Change-Id: I5b5bcf7e081fc0865ec43ccf6a988280ec7c9273
2024-08-27 13:46:10 +01:00
Zuul
d6188b752c Merge "Update network_data.json to include dns nameservers" 2024-08-26 21:05:11 +00:00
Jay Faulkner
1aa780377e Deduplicate and remove invalid information for steps
Lots of references to deprecated ways of doing things, as well as two
entire separate sections dedicated to how disk erasure works.

Also ensured we reference new valid config options surrounding disk
erasure.

Additional improvments could include adding documentation around how to
skip disks per node (or linking to any preexisting docs around it).

Change-Id: Ifa029e26eff0637b443d094d85e773b885d0979b
2024-08-26 11:24:37 -07:00
Zuul
e6e075de1f Merge "Clarify how to configure for non-master branch" 2024-08-26 16:20:29 +00:00
Zuul
02833477e0 Merge "Fix versions in release notes" 2024-08-26 16:20:10 +00:00
Zuul
58a79bedfa Merge "docs-audit-2024: Labeling references" 2024-08-26 13:14:20 +00:00
Zuul
569b7d0971 Merge "[docs] Add procedure to EoL and delete old bugfix branch" 2024-08-26 12:35:08 +00:00
Zuul
5a05bed8c2 Merge "Some documentaion improvements for ironic docs" 2024-08-23 14:21:32 +00:00
Riccardo Pittau
df39b78745 Fix versions in release notes
Change-Id: Id8f29cf987fe3e39f536b345c62cbf6d7073b51c
2024-08-23 10:14:13 +02:00
James Denton
11dfe23cf7 Update network_data.json to include dns nameservers
This patch updates network_data to include dns nameservers. This
is especially important when booting virtual media in a dhcp-less
environment.

Change-Id: Icf0d9b5781edd193b2313441e8586b745574edbb
2024-08-22 14:43:24 -05:00
Jay Faulkner
8e6b758bfa Clarify how to configure for non-master branch
Since we're a plugin, the TARGET_BRANCH instructions in the normal
devstack guide are not enough. We should specifically instruct people to
avoid this pitfall.

Change-Id: I7c9fd98c582984036e0b19714b8f387a31e8715f
2024-08-22 10:32:09 -07:00
Dmitry Tantsur
e3d6b644ff
Enable the inspection test in the redfish standalone job
Change-Id: If975a303b6a74efdb2688ad6ae961c34336d99bb
Depends-On: https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/925981
2024-08-22 17:50:44 +02:00
cid
17ba2b3db7 docs-audit-2024: Labeling references
Rewrite page headings with correct labeling for references
and specifications.

Closes-Bug: #2072352
Related-Bug: #2072349
Change-Id: I82313c18294ff8572ae6a6a02607068370f195c3
2024-08-22 15:02:59 +01:00
Dmitry Tantsur
018a7dcaed
Better handle missing inspection_network
Currently, if the inspection network is not provided, neutron-based
network interfaces fail with something like:

    Driver redfish does not support inspection (disabled or not implemented)

This is utterly misleading. Use a hand-crafted error message instead.
Same for the PXE boot interface. Also add missing documentation.

Change-Id: I79086db1c270e02a6c74b870acc336e8da54dea3
2024-08-22 15:32:22 +02:00
Riccardo Pittau
2a6abc8107 [docs] Add procedure to EoL and delete old bugfix branch
The process is currently manual and requires some precise steps.

Change-Id: I25c1c03426fa306681b48c4a5cfb53ff47c8c027
2024-08-22 10:13:05 +02:00
Zuul
501b8f463b Merge "Update configuration value in iRMC" 2024-08-21 19:20:53 +00:00
Muhammad Ahmad
c316443c94 Some documentaion improvements for ironic docs
The documentation contains a significant amount of grammar mistakes.

This could cause confusion in certain scenarios to correctly understanding the
context. Starting to go though the documentation and pushing this commit
as a start.

Change-Id: If2c18909a83ba501b5ffae494934fb631b009e54
2024-08-21 14:24:40 +05:00
Zuul
3d1422fb7b Merge "docs-audit-2024: Use gerunds for task headings" 2024-08-21 08:10:51 +00:00
Zuul
c40ec80a02 Merge "Add unit test to ensure full node object is not logged" 2024-08-20 09:20:44 +00:00
Mahnoor Asghar
040924ee63 Add unit test to ensure full node object is not logged
Change-Id: Ief6351f77a06966200c5cdaa443cc89e49198eec
2024-08-19 12:37:41 +02:00
Zuul
5821444b86 Merge "add virtual media GET api" 2024-08-16 22:40:24 +00:00
cid
a885a0544d Update configuration value in iRMC
Addresses the inline TODO within the Ironic codebase,
to set the ``kernel_append_params`` to the same value as
in the [pxe] configuration after the Xena release.

Current Release: Dalmatian

Change-Id: I1ce3ab560ab04979b7f31393a9877c4d1314925c
2024-08-15 20:09:24 +01:00
Bela Szanics
754cf3f582 Fix conductor startup warning message
Closes-Bug: 2077079
Change-Id: I4b3c7a95846504c1070a1f7ba60866bd35a7f8fa
2024-08-15 11:11:29 +00:00
Zuul
54e3f25c24 Merge "Link to configuration options" 2024-08-14 19:38:55 +00:00
Zuul
f6f645e126 Merge "Follow up to the runbooks change (#922142)" 2024-08-14 10:27:56 +00:00
cid
ba096e091a Follow up to the runbooks change (#922142)
Update api-ref, documentation to reflect the new
endpoints and the new way to set node provision state.

Related-Bug: #2027690
Change-Id: I2106691c08eb04d1001ccf97e6e08fc811356874
2024-08-13 11:52:36 +01:00
Zuul
bc81e17752 Merge "Update error message" 2024-08-13 00:04:22 +00:00
Zuul
50c12609cc Merge "DevStack: enable the new in-band inspection by default" 2024-08-12 17:01:07 +00:00
cid
a9a6ec7b39 Update error message
Removes reference to the deprecated and removed config
option, ``[pxe]ipxe_enabled`` mentioned as a valid
configuration option in error message.

Change-Id: I7747a52f74513645b0dce48781e6ad5dd08fd1e2
2024-08-12 14:10:00 +01:00
cid
582b2e991c Link to configuration options
Implement cross-referencing to configuration options
through out the Ironic documentation.

Closes-Bug: #2076111
Change-Id: I28712a3a92eb7e7d9875e49ea3ed8800168262fe
2024-08-09 18:45:51 +01:00
Kaifeng Wang
23b61e2ba8 Fix error message not interpolated
Change-Id: I19bd8b83b2537ac682be86b9bb71509fb40bdcd7
2024-08-08 21:47:32 +08:00
Riccardo Pittau
3f34f04bf0 [CI] Fix job parent name
ironic-tempest-partition-uefi-redfish-vmedia was renamed to
ironic-tempest-uefi-redfish-vmedia a long time ago

Change-Id: Iaa63e9cf12d47667955973033586fa65dd18e6b7
2024-08-08 11:23:26 +02:00
Himanshu Roy
c9cf2347ea add virtual media GET api
Closes-Bug: 2072307
Change-Id: I6020a7904639f5b6628bcabb5a861ecc397a8b05
Signed-off-by: Himanshu Roy <hroy@redhat.com>
2024-08-08 13:33:14 +05:30
Zuul
8b296e242b Merge "Self-Service via Runbooks" 2024-08-07 18:03:36 +00:00
cid
4750c4e9fa docs-audit-2024: Use gerunds for task headings
Ironic docs improvements. Addressing one of the issues from
the Ironic documentation audit. Using gerunds in titles and
including *Ironic* in the title to improve SEO.

Closes-Bug: #2072351
Related-Bug: #2072349
Change-Id: I9f9c47654386df416b51e8a0cd48f5a89f55e799
2024-08-07 15:18:25 +01:00
Zuul
701ad07b57 Merge "CI: set tftp folder permission" 2024-08-07 14:11:02 +00:00