This patch adds few of the security dashboard parameters
to iLO capabilities. It adds :
- overall_security_status
- last_firmware_scan_result
- security_override_switch
Story: 2008024
Task: 40678
Change-Id: I7ef2ce1a20fbc1b258fce0f8ebd53661b24e66ff
This commit adds functionality to perform out-of-band one button
secure erase for iLO5 based HPE Proliant servers. Using this a
user can securely erase the whole system. It includes deleting
any deployment settings profiles, all licenses, Active Health
System (AHS) and warranty data stored there, reseting BIOS and
erasing supported non-volatile storage data.
Change-Id: I2f46a67580e8a607a91a3f6660feb85ed1827dc8
Story: #2007964
Task: #40458
Describes virtual media based L3/DHCP-less ramdisk booting in the
`redfish` hardware type documentation.
Added warning to the deploy-ramdisk docs since the images
we publish will not work.
Co-Authored: Iury Gregory Melo Ferreira <iurygregory@gmail.com>
Change-Id: If9ead46db30ce519f128550f1071a1f01f7a5ccf
Story: 2006691
Task: 37073
Allows certain flexibility when it comes to low RAM vs high RAM nodes,
and large vs small images. Also deploy_interface is settable per node,
so this feature makes it easier to migrate from the iscsi deploy.
Story: #2008075
Task: #40766
Change-Id: Idf3bbc6d24042ce1d9a895095b5cb0979dd3183d
For low RAM nodes we need a way to convert even http:// images to raw
and serve them locally. Add a new image_download_source value "local"
that works the same as "http" but also affects http:// images.
Change-Id: I8da968ccfad6e7a508e9b763b9e3f96007438b6a
Story: #2008075
Task: #40765
Implemented via the same mechanism as for image_download_source=http.
Forcing raw format (and thus streaming) is supported as well.
Since we always re-calculate checksums for such images, the requirement
on providing them via the API is lifted.
Change-Id: Ife385c3b363c28559c90e5a54e9c6f6807d207ff
Story: #2008075
Task: #40764
This updates the notifications documentation so that the
node information in the sample node-related notifications
reflect the latest versions of the notification payloads.
Which includes the driver_internal_info recently added to
version 1.16 of NodeSetProvisionStatePayload.
Change-Id: I87fb443ff393a2a58f9d19a9011df062f85af3af
Story: #2008054
Task: #40771
It's very confusing that we use username/password everywhere, except
for [json_rpc]. Just use the standard options.
Also the version if keystoneauth is bumpted to one that supports
http_basic.
Change-Id: Icc834c3f8febd45c2548314ee00b85a7f9cebd2c
Based on latest changes [1] in the releases project that changed the
behavior of list_unreleased_changes.
[1] 4912f7d5d0
Change-Id: If5fd848bf3fddeb1ae66dc9aafa882588b83f41a
To prevent the administrator guide from growing too long, split
away advanced topics (i.e. stuff we don't expect most of admins
to read, use or understand).
Story: #2007771
Task: #40382
Change-Id: Ia3e3178692c96aaebdd4479e865a56fbe63c820a
Adds an iPXE interface to boot via a virtual media ISO as if it
was virtual media.
Story: 2007644
Task: 39823
Change-Id: Ie7971692758f3a5421f0826fdaf3d2366f652236
A recent comment on https://review.opendev.org/#/c/665835
pointed out that we should likely make some changes and a fix
a missing check for the introspection_vif_port_id which was
likely introduced after this functionality was originally
written.
Also adds some documentation on the subject since we lack
docs even pointing out how to delete a port. :\
Change-Id: I0ba8a3741eefa80eb56e25a1b339f8433b3fc0dc
The header for the file types.py denotes its dual-licensed status as
MIT with copyright to the original WSME authors, plus apache licensed
as part of Ironic.
Story: 1651346
Task: 10551
Change-Id: I986cc4a936c8679e932463ff3c91d1876a713196
Following the decomposition of the core step on the 'direct' deploy
interface, this change decomposed the iscsi and ansible deploy.
Co-Authored-By: Dmitry Tantsur <dtantsur@protonmail.com>
Change-Id: I537c6f6cf66c80b67b9045ea0618b02b7b93d36c
Story: #2006963
Task: #40152
Adds support to signal a pass-through request to the
redfish-virtual-media boot interface so a user can supply
a boot ISO to boot the machine.
Tested on an HPE Edgeline e910 series machine using the
``redfish-virtual-media`` boot interface.
Story: 2007633
Task: 39823
Change-Id: Ie74472969c75994794dc0ca19bbe7cfd395855c9
This change decomposes the current deploy step of the direct deploy
into multiple deploy steps:
* deploy (priority 100)
* write_image (priority 80)
* prepare_instance_boot (priority 60)
Note that this patch breaks backwards compatibility with 3rd party
drivers that inherit AgentDeploy rather than the base agent class.
Co-Authored-By: Dmitry Tantsur <dtantsur@protonmail.com>
Change-Id: Ief586473aca0e22b74efe83ef70c354fd5df17bf
Story: 2006963
Task: 37778
Currently all almost all of the deployment process is contained in a
single deploy step called deploy, on the deploy interface. This
restricts the customisation that can be applied via deploy steps, since
steps may only be added before or after this step.
This change allows deploy interfaces inheriting agent_base.AgentDeployMixin
to be used with in-band deploy steps. It is implemented by decomposing
the reboot_and_finish_deploy call into three deploy steps:
* tear_down_agent (priority 40)
* switch_to_tenant_network (priority 30)
* boot_instance (priority 20)
All steps with priorities between 99 and 41 can run in-band.
Backwards compatibility with drivers that do not support decomposed
steps is maintained via a 'has_decomposed_deploy_steps' method on the
agent heartbeat mixin.
The old reboot_and_finish_deploy call is also left for compatibility
but does nothing since the new steps will be automatically run.
Change-Id: Ie4fdd195efa941165e22bd4ce9484988a1760b2d
Story: #2006963
Task: #40151
I did something stupid when started driving forth the split of ipxe
from the pxe interface: I didn't think about the need to actually
separate bootloaders. In part, because the use case was a mixed
Power8/Power9 and x86 cluster. Mainly because the Power hardware
does not honor or care about the bootfile name provided over DHCP.
The firmware knows how to read the PXELINUX boot file format
and the machines are able to boot from there.
Where this all goes sideways is when:
* Enabled boot interfaces are set to ipxe,pxe
* No default boot interface is set
* Node is created without a default for x86 hardware.
* Node uses ipxe boot_interface, and creates files under /httpboot
* bootfile transmitted via DHCP is pxelinux.0.
Fun right?
The simple workaround for the power user is to just define the iPXE
loader, or maybe use UEFI. But that is neither here nor there, this
is still a bug and a possible use case is GRUB2 via PXE and iPXE.
Not that would really work via ipxe, but hopefully people get the
idea.
The solution kind of seems clear, duplicate configuration and
fallback if not defined.
Story: #2007003
Task: #40282
Change-Id: I4419254c23095929e52a0fda11789f2f5167dc6b
For software RAID, the image needs to have the root filesystem UUID
as metadata. This patch describe how to extract this UUID from an
existing image.
Change-Id: Ifdb63a80d4138a41fd0bac9880d14c90a4378fe5
