When [pxe]enable_netboot_fallback option is enabled, it's necessary to
build PXE config for nodes in SERVICING provisioning state. Otherwise
node servicing tear down will fail and node will be placed into
servicing failed state.
Closes-Bug: #2069413
Change-Id: Ib00504563f9fa7bed99a0fa1949ac99ea6870875
Signed-off-by: Przemyslaw Szczerbik <przemyslaw.szczerbik@intel.com>
Currently, Ironic creates a pxe link file for every port,
even when a port's pxe_enabled property is set to false,
which means it can still boot from this port when it shouldn't.
With this commit, unless explicitly configured otherwise, only
pxe_enabled ports (pxe_enabled=True) will have the pxe link file.
Closes-Bug: #1741422
Change-Id: I013861dd5b9a7525058606f8dc8b05502a28af1e
The [conductor] graceful_timeout option does not exist, and
the [conductor] heartbeat_timeout option is actually used instead.
Change-Id: I689fcf8c392eecbcf8ee12b2f67f78f9f22d17aa
A recent evaluation of the lookup code yielded an awareness that
while we're sort of following the overall community pattern of
testing what we expect in terms of patterns and behavior, really
needed just a little bit more in the way of testing.
While ultimately, these tests are really just exercising front
end validation, it is still important to check to have increased
assurance of a secure codebase.
Change-Id: Iaa917191e0f118f8828161174ea1fe8c55c8f4ee
Apparently, this has been around for ages, btu the error was likely
not exactly right as a result of this. Anyway, quick fix.
Change-Id: Idee3c1edfdd65928eaa5f8d30b62474d85dec277
While looking at the overall heartbeat/agent workflow, it seemed
like the [agent]require_tls setting should likely be True by
default, as we are well past the initial phase where operators
might not have the TLS capability when upgrading.
Change-Id: Id526e948e6c5ed032d7542232b1c1a31cb285b26
While agent_url is software generated, it is still a public endpoint
and at least needs some upfront filtering applied. To do this, we
can leverage urllib in the standard library to disassemble the
url, and reconstruct it based upon the standards. The plus of this
approach is that it will remove some invalid formatting for us, and
if things are too out of line, an exception is raised as ValueError.
An important note, this is *not* explicitly urlparsing security[0] as
denoted in the Python urllib documentation, but that the application
should operate defensively.
[0]: https://docs.python.org/3/library/urllib.parse.html#url-parsing-security
Change-Id: I45ee1c8a73ed13511bc47a69130105f16d34be1e
Determine the appropriate GRUB commands during UEFI boot
based on the node's CPU architecture.
Closes-Bug: #2050054
Change-Id: I0c5f513cdc8f4112f8dfdeb4ccaf566d3424a2ca
Replace all instances of `datetime.datetime.utcnow()`,
which is deprecated, with the timezone-aware oslo's
`timeutils.utcnow()` method, across the Ironic project.
Closes-Bug: #2067740
Change-Id: I998681c14f945846f58e723b9be2202dbe8ea12c
Just changing "deployment or cleaning operations" to
"inband operations", since the agent can run in many
different inband operational steps.
Change-Id: Iaaa03ebc3dab724eb7afb0ee686bd22c8a2879be
Some of the configuation knobs require more specific details
regarding security or denial of service related possibilities
if tuned to inappropriate values.
Overall, just some minor improvements for clarity
Change-Id: I008d6e00a528bddba0f843f34968155a9da3ff36
A quick review of the security documentation yielded a need
to revise and clarify the security documentation a little,
which includes a couple security related features.
And also fix the syntax on the example policy entries while
adding a missing third, ! results in a "default false" response.
Change-Id: I3d10ca4631703051109c443d5591a7e86f858c66
This highlights:
- The dev-quickstart guide, which is more up to date than most
contributor docs.
- Common docs (OpenDev / OpenStack contributor guides)
- Bug information (also very up to date)
This removes:
- Top-level link to BfV and multitenant devstacks; these configs are
linked from devstack-guide
- Hilariously out of date information around branch support
Change-Id: If47d9776c65c91b972a3fab8364eacc50a29b2bb
Depends-On: https://review.opendev.org/c/openstack/ironic/+/920365
