10656 Commits

Author SHA1 Message Date
Aija Jauntēva
796e2302c3 Add Redfish BIOS interface to idrac HW type
This change adds idrac hardware type support of a BIOS interface
implementation that utilizes the Redfish out-of-band (OOB) management
protocol and is compatible with the integrated Dell Remote Access
Controller (iDRAC) baseboard management controller (BMC). It is named
'idrac-redfish'.

The idrac hardware type declares support for that new interface
implementation, in addition to all BIOS interface implementations it has
been supporting. The highest priority BIOS interface remains the same,
the one which relies on the Web Services Management (WS-Man) OOB
management protocol. The new 'idrac-redfish' immediately follows it.

Co-Authored-By: Eric Barrera <eric_barrera@dell.com>
Co-Authored-By: Richard G. Pioso <richard.pioso@dell.com>
Co-Authored-By: Mike Raineri <mraineri@gmail.com>
Story: 2008100
Task: 40803
Depends-On: https://review.opendev.org/#/c/750020/
Change-Id: Ic5a1da418dccb0f3ec92914909aacd7c339d8837
2020-09-23 13:34:50 +00:00
Richard Pioso
65d5066394 Fix redfish BIOS to use @Redfish.SettingsApplyTime
This change fixes the 'redfish' BIOS interface 'apply_configuration'
cleaning/deploy step to work with Redfish Services that must be supplied
the Distributed Management Task Force (DMTF) Redfish standard
@Redfish.SettingsApplyTime annotation [1] to specify when to apply the
requested settings, such as the Dell EMC integrated Dell Remote Acesss
Controller (iDRAC).

Such services, typically offered by baseboard management controllers
(BMC), require POST of the annotation, along with the future intended
state of the settings. Otherwise, they may never be applied.

When the annotation is not supported, it is not provided with the future
intended state of the settings.

[1] http://redfish.dmtf.org/schemas/DSP0266_1.11.0.html#settings-resource

Co-Authored-By: Eric Barrera <eric_barrera@dell.com>
Co-Authored-By: Aija Jauntēva <aija.jaunteva@dell.com>
Co-Authored-By: Mike Raineri <mraineri@gmail.com>
Story: 2008163
Task: 40913
Depends-On: https://review.opendev.org/#/c/750020/
Change-Id: I28a948f306b40c36b12e6f786e1e43a61e84a0f2
2020-09-22 12:39:56 -04:00
Zuul
4633fe937d Merge "Allow configuring IPMI cipher suite" 2020-09-17 08:21:53 +00:00
Zuul
35882c438d Merge "Also wipe agent token on manual power off or reboot" 2020-09-17 08:10:38 +00:00
Zuul
8a504ef1cc Merge "Add redfish options to the generated docs" 2020-09-16 19:09:57 +00:00
Zuul
3297e98eab Merge "Accept and use a TLS certificate from the agent" 2020-09-16 15:14:34 +00:00
Dmitry Tantsur
2773c5fb25 Allow configuring IPMI cipher suite
Negotiation fails for some hardware, let's allow an explicit setting.

Change-Id: I04a3391f85412dcabc6105bd91beb1da25bdfc19
2020-09-16 15:52:07 +02:00
Zuul
8d38afd968 Merge "Add release note for dhcp-less deploy" 2020-09-16 10:22:24 +00:00
Zuul
8e5729ad32 Merge "Remove install unnecessary packages" 2020-09-16 08:17:25 +00:00
Dmitry Tantsur
ce6947755b Add redfish options to the generated docs
Change-Id: I594323976f9441ad85ad965908901a4b44cfb0b6
2020-09-14 17:14:14 +02:00
Dmitry Tantsur
bc04a42a96 Also wipe agent token on manual power off or reboot
We have a check in the code that is never true for manual power
actions because of what happens in the conductor manager. Remove it.

Change-Id: I50b7b78a41188c41e4944894851f1d12684f824a
2020-09-14 16:09:54 +02:00
Zuul
72baa1da58 Merge "Follow-up patch for One Button Secure Erase clean step" 2020-09-14 08:27:54 +00:00
wu.shiming
d875500490 Remove install unnecessary packages
The docs and releasenotes requirements migrated to doc/requirements.txt
we need not install things from requirements.txt.

Change-Id: I2633cd68b45d27ef3c964216a7d97cd442919101
2020-09-14 11:10:44 +08:00
Zuul
235506b001 Merge "Handle default_boot_mode during cleaning/inspection with PXE/iPXE" 2020-09-11 21:40:46 +00:00
Zuul
66dd15931c Merge "clean up mac address with the pxe configuration files" 2020-09-11 19:54:59 +00:00
Zuul
cae2e04416 Merge "Fix lower-constraints for Ubuntu Focal" 2020-09-11 16:06:04 +00:00
Iury Gregory Melo Ferreira
19d97e6562 Fix lower-constraints for Ubuntu Focal
Change-Id: Id3cc2d1b619790813b94b0cfd52ff6590aff060c
2020-09-11 04:23:12 +00:00
Julia Kreger
ab4fdb8e7c Add release note for dhcp-less deploy
The initial release note for the node object change doesn't
provide full context, and since it has received basic testing
we should be good to go at this point.

Change-Id: Iabb09b7087c400e2d0a278cc3add79bb8b0f3f62
2020-09-10 18:15:08 -07:00
Dmitry Tantsur
5f9efb34e9 Handle default_boot_mode during cleaning/inspection with PXE/iPXE
First, use default_boot_mode in get_boot_mode instead of BIOS.

Second, call sync_boot_mode for all ramdisk types in the PXE boot,
not only during deployment.

Change-Id: I3f13bacbdcb319c191eeb8ae93aecf8fba68f9ec
2020-09-10 17:32:27 +02:00
Ruby Loo
3334b71773 Add 'agent_token' to heartbeat request
Updates the API ref to include the 'agent_token' value in a
heartbeat request (from IPA). New since v1.62
(9341ca4ef7/ironic/api/controllers/v1/versions.py (L102)).

Change-Id: I5eea9704c1bf62561a5505227735159dad7a8e49
2020-09-10 14:19:21 +00:00
kesper
c715e35c87 Follow-up patch for One Button Secure Erase clean step
This commit addresses remaining comments on the One Button
Secure Erase clean step patch for iLO5 based Gen10 servers.

Change-Id: I606991b77dfc409a4ab0b966afdbb368fe8c2b54
2020-09-10 09:24:45 +00:00
Dmitry Tantsur
2b676a6864 Accept and use a TLS certificate from the agent
Accepts the certificate from a heartbeat and stores its path in
driver_internal_info for further usage by the agent client (or
any 3rd party deploy implementations).

Similarly to agent_url, the certificate is protected from further
changes (unless the local copy does not exist) and is removed
on reboot or tear down (unless fast-tracking).

Change-Id: I81b326116e62cd86ad22b533f55d061e5ed53e96
Story: #2007214
Task: #40603
2020-09-09 17:27:30 +02:00
Zuul
9341ca4ef7 Merge "Change [agent]image_download_source=http" 2020-09-09 05:26:31 +00:00
Armstrong Liu
41f15dba65 clean up mac address with the pxe configuration files
In pxe_utils.py/create_pxe_config function, mac pxe configs will always
be created, so when we clear pxe configs, no matter whether the ip
address is None or not, we need to clear them.

Change-Id: I5cee9c4465630b162baf911ef9efef5f471671c0
Signed-off-by: Armstrong Liu <vpbvmw651078@gmail.com>
2020-09-09 09:48:53 +08:00
Zuul
de432f3988 Merge "Fix: port attribute name propagate_uplink_status" 2020-09-08 21:13:56 +00:00
Zuul
725f1efe28 Merge "Add an option to require TLS for agent callback_url" 2020-09-08 20:10:23 +00:00
Dmitry Tantsur
b5d5e5774c Change [agent]image_download_source=http
As part of the plan to deprecate the iSCSI deploy interface, changing
this option to a value that will work out-of-box for more deployments.

The standalone CI jobs are switched to http as well, the rest of jobs
are left with swift. The explicit indirect jobs are removed.

Change-Id: Idc56a70478dfe65e9b936006a5355d6b96e536e1
Story: #2008114
Task: #40831
2020-09-08 16:28:31 +02:00
Zuul
f1ea2ee6d1 Merge "Allow HttpImageService to accept custom certificate" 2020-09-08 10:01:22 +00:00
Zuul
272ac68c2d Merge "Do not assume that prepare_image is the last command to run" 2020-09-08 05:37:16 +00:00
Zuul
fc2247246b Merge "Adds few of the security dashboard parameters to capabilities" 2020-09-07 18:45:21 +00:00
Zuul
30a9d33577 Merge "Switch Ironic to openstacksdk for Neutron" 2020-09-07 15:41:31 +00:00
Dmitry Tantsur
f6b65cb68f Add an option to require TLS for agent callback_url
Change-Id: Idf85dfd110de6181c6592644fd57e109ba87b971
Story: #2007214
Task: #40822
2020-09-07 17:13:24 +02:00
Zuul
b6cf0432a7 Merge "Remove token-less agent support" 2020-09-07 15:07:17 +00:00
vmud213
1154292d46 Allow HttpImageService to accept custom certificate
While validating and downloading image references, allow HttpImageService
to use config parameters to enable/disable TLS verification and to use custom
certificates on the secured connections.

Change-Id: I5f308271004a24203ecbbc1718ba9070ed65b960
Story: #2007939
Task: #40404
2020-09-07 14:51:34 +00:00
Nisha Agarwal
6ee91fc3a6 Adds few of the security dashboard parameters to capabilities
This patch adds few of the security dashboard parameters
to iLO capabilities. It adds :
 - overall_security_status
 - last_firmware_scan_result
 - security_override_switch

Story: 2008024
Task: 40678

Change-Id: I7ef2ce1a20fbc1b258fce0f8ebd53661b24e66ff
2020-09-07 07:44:11 +00:00
Zuul
3709cce11f Merge "ISO ramdisk virtual media test enablement" 2020-09-06 12:07:02 +00:00
Zuul
c2db0bbac3 Merge "OOB one button secure erase for iLO5 based HPE Proliant servers." 2020-09-06 11:21:35 +00:00
Julia Kreger
5b272b0c46 Remove token-less agent support
Removes the deprecated support for token-less agents which
better secures the ironic-python-agent<->ironic interactions
to help ensure heartbeat operations are coming from the same
node which originally checked-in with the Ironic and that
commands coming to an agent are originating from the same
ironic deployment which the agent checked-in with to begin
with.

Story: 2007025
Task: 40814
Change-Id: Id7a3f402285c654bc4665dcd45bd0730128bf9b0
2020-09-04 17:09:39 +00:00
Zuul
edb1baa2db Merge "Update deploy steps documentation" 2020-09-04 15:40:02 +00:00
Zuul
fd01522b6f Merge "Add missing log for clean failed" 2020-09-04 15:39:59 +00:00
Zuul
f22692e28e Merge "Trivial: fix minor typo on RFC number" 2020-09-04 11:18:15 +00:00
Dmitry Tantsur
ce46cc461d Do not assume that prepare_image is the last command to run
The get_deploy_steps command can be run after it breaking deploy.

Change-Id: I8e641a521a574462010a95a19e8a64ac36d4e52d
2020-09-04 11:33:31 +02:00
Zuul
b605ab585a Merge "Enhance certificate verification for ilo harware type" 2020-09-04 08:51:52 +00:00
kesper
9fb4074bfe OOB one button secure erase for iLO5 based HPE Proliant servers.
This commit adds functionality to perform out-of-band one button
secure erase for iLO5 based HPE Proliant servers. Using this a
user can securely erase the whole system. It includes deleting
any deployment settings profiles, all licenses, Active Health
System (AHS) and warranty data stored there, reseting BIOS and
erasing supported non-volatile storage data.

Change-Id: I2f46a67580e8a607a91a3f6660feb85ed1827dc8
Story: #2007964
Task: #40458
2020-09-04 07:20:35 +00:00
Kaifeng Wang
95f569adec Add missing log for clean failed
The clean error only logged when tear down cleaning is also failed,
otherwise it just goes to last_error and easily gets overwritten.

Change-Id: Ib9fa060432b2a7a68101218136c49272c8271e24
2020-09-04 11:34:29 +08:00
Julia Kreger
485126e8af Trivial: fix minor typo on RFC number
Turns out we had the wrong RFC number noted for dhcpv6 options.

I'm guessing I accidently hit 8 instead of 9 when typing it out
originally.

Change-Id: I8c09a060b31bf4710b11565a9e798a67fa0f7cb3
2020-09-03 07:49:57 -07:00
Zuul
05f47eb3e3 Merge "Add L3 boot section to the docs" 2020-09-03 13:54:53 +00:00
Zuul
eb648c1df0 Merge "documentation: follow-up to file:// support in direct deploy" 2020-09-03 13:50:53 +00:00
Zuul
4e0b2f4c37 Merge "Allow setting image_download_source per node" 2020-09-03 13:50:46 +00:00
Zuul
c15bc2a7a1 Merge "Support caching http:// images locally in the direct deploy" 2020-09-03 13:43:40 +00:00