One of the biggest frustrations larger operators have is when they
trigger a massive number of concurrent deployments. As one would
expect, the memory utilization of the conductor goes up. Except,
even with the default number of worker threads, if we're requested
to convert 80 images at the same time, or to perform the write-out
to the remote node at the same time, we will consume a large amount
of system RAM. Or more specifically, qemu-img will consume a large
amount of memory.
If the amount of memory goes too low, the system can trigger
OOMKiller which will slay processes using ram. Ideally, we do not
want this to happen to our conductor process, much less the work
that is being performed, so we need to add some guard rails to help
keep us from entering into situations where we may compromise the
conductor by taking on too much work.
Adds a guard in the conductor to prevent multiple parallel
deployment operations from running the conductor out of memory.
With the defaults, the conductor will attempt to throttle back
automatically and hold worker threads which will slow down the
amount of work also proceeding through the conductor, as we are
in a memory condition where we should be careful about the work.
The defaults allow this to occur for a total of 15 seconds between
re-check of available RAM, for a total number of six retries.
The minimum default is 1024 (MB), as this is the amount of memory
qemu-img allocates when trying to write images. This quite literally
means no additional qemu-img process can spawn until the default
memory situation has resolved itself.
Change-Id: I69db0169c564c5b22abd0cb1b890f409c13b0ac2
For historical reasons we always base64+gzip configdrives, even
when accessing them via a URL. This change allows binary images
to work for the redfish-virtual-media case.
Change-Id: If19144de800b67275e3f8fb297f0a5c4a54b2981
This commit builds on an attempt to introduce a base class that we can
use for protection testing. I'm removing the majority of the fake tokens
and context objects, ultimately removing anything that
keystonemiddleware_authtoken middleware does.
Doing this allows us to set authorization headers directly in the test,
which makes the test case really clear from an input and outcome
perspective because we can see who is make the request and the intended
outcome.
It also removes any need to mock or understand keystonemiddleware
implementation details to implement protection testing in ironic.
Change-Id: I9a3eb62bb41e0623df9aa5c34fde6f343053dd76
This adds a skipped test for every documented path and method
to aid in getting test coverage of existing ACL behaviour, in
preparation for doing the same for secure-rbac.
When adding test coverage, the skip keys should be removed, and
specific test inputs and asserts should be added. The test can be
duplicated and renamed to get the required allow/deny test coverage.
Its possible we can delete some of these stubs as the path/method
shares a policy name with another path/method that has test coverage.
test_acl_existing.yaml was generated with the script
http://paste.openstack.org/show/801106/
Change-Id: Iee91d80cef3b9e6024507171352c6de9e89ce36e
Two drivers already support turning secore boot on and off,
Redfish will follow soon. This patch adds ManagementInterface
calls to get and set the secure boot state.
Story: #2008270
Task: #41561
Change-Id: I96b2697163def52618b4c051a5c85adf7d1818a5
Currently we're loading a new System and ManagerCollection on each
operation. Cache the ManagerCollection instead.
Change-Id: I0ec9630003b31e869703e75ffcea1ece90ac3dc2
If media had been ejected beforehand then an immediate
insert may fail.
Change-Id: I6cf7169f83356c248d4df61e1d9bba157c8499db
Story: #2008504
Task: #41572
Currently sync_boot_mode does not happen for nodes with local boot
because of an early return. This patches fixes it.
Change-Id: I37b91f93f8f1ca41b814199ec1c5733611b28299
The 'existing' tests will need users with credentials other than admin
and member, and the secure-rbac tests will need different credentials
again.
As this no longer uses a cache, and is dynamically generated and passed
the actual *token* vality is not checked, and all ACL testing uses
role values.
Change-Id: Ief00e16da32a5196c21920c317c309241f2ad1cb
1) Do not issue a warning if the boot interface supports configdrive
2) Implement missing support for Swift URLs in configdrives
Change-Id: I4b06478a14ab514d785f8e3972e5afbd79f8d3b5
Prevent each driver comming online one at a time. So that
/driver returns nothign until all interfaces are registered
Story: #2008423
Task: #41368
Change-Id: I6ef3e6e36b96106faf4581509d9219e5c535a6d8
We use maintenance mode to signal that hardware needs additional
intervention, because of potential damage or stuck long-running
processes. This is not the case for PXE booting or invalid requested
manual clean steps, so don't set maintenance if no clean step is
running when the failure occurs.
Change-Id: I8a7ce072359660fc6640e5f20ec2d3c452033557
Adds the status upgrade check for the JSON to YAML migration
effort and updates the documentation where it seems appropriate
to move from "policy.json" to "policy.yaml"
Mostly shamelessly copied from https://review.opendev.org/#/c/748059/
however is in-line with ironic's configuration and patching methods.
Related Blueprint: policy-json-to-yaml
Change-Id: I1d5b3892451579ebfd4d75a0f7185e0ef3c984c8
Add a simple sample about configuring bonding via configdrive,
and it can make user to use port group more easily.
Story: 2008474
Task: 41514
Signed-off-by: huth <428437106@qq.com>
Change-Id: Ic425ecb35bfa173adf72b0ee104d28c6b79cb4b1
When using Redfish virtual media, it's possible to connect a configdrive
via a free USB slot when the ramdisk deploy is used.
Using Swift as configdrive storage is not supported in this case yet.
Story: #2008380
Task: #41302
Change-Id: Ib847dbfe96072cfe4137388ba88ef133bd7ab186
