- Basic support and testing for CRUD for node.shard.
- Policy checking for update node.shard.
- New API endpoint: GET /v1/shards
- Policy checking for GET /v1/shards
- Support for querying for nodes in a list of shards
Story: 2010378
Task: 46624
Change-Id: I385594339028c20cfc83fdcc4cbbec107efdacff
Per discussion in IRC, the retirement documentation sets forth
an understanding that sensitive data will be removed from the
baremetal node, however this is performed through cleaning which
inherently sets forth a requirement in automated cleaning.
Explicitly note, and provide options should an operator wish
to utilize the feature.
Change-Id: I6755433b97cacd6ebf6a8f7eb5b404697e0a4349
I got pinged with some questions by an operator who had
issues attempting to exit cleaning. In the discussion,
it was realized we lack basic troubleshooting guidance,
which led them to try everything but the command they needed.
As such, adding some guidance in an attempt to help operators
navigate these sorts of issues moving forward.
Change-Id: Ia563f5e50bbcc789ccc768bef5800a64b38ff3d7
This change adds support for the ``service`` role, which is intended
largely for service to service communiation, such as if one wanted to
utilzie a "nova" project, and have an ironic service user within it,
and then configure the ``nova-compute`` service utilizing those credentials.
Or vice versa, an "ironic" project, with a nova user.
In this case, access is exceptionally similar to the rights afforded to
a "project scoped manager" or an "owner-admin".
Change-Id: Ifd098a4567d60c90550afe5236ae2af143b6bac2
Since iRMC S6 2.00, iRMC firmware disables IPMI over LAN
with default iRMC firmware configuration.
To deal with this firmware incompatibility, this commit
modifies driver's methods which use IPMI to first try
IPMI and, if IPMI fails, try to use Redfish API.
Story: 2010396
Task: 46746
Change-Id: I1730279d2225f1248ecf7fe403a5e503b6c3ff87
Since iRMC S6 2.00, iRMC firmware doesn't support HTTP
connection to REST API.
To deal with this firmware incompatibility, this commit
adds verify step to check connection to REST API and adds
node vendor passthru to fetch&cache version of iRMC firmware.
Story: 2010396
Task: 46745
Change-Id: Ib04b66b0c7b1ef1c4175841689c16a7fbc0b1e54
Adding an entry to the troubleshooting documentation to cover the
very complex topic of cleaning + RAID + disk protocols + device
behavior/capabilities.
Change-Id: I8d322dd901634c59950a6a458b265111282d0494
Given the assistance we rendered last week where it ended up being
rooted in an image being misconfigured, it makes sense to at least
publish a troubleshooting note to aid in discoverability for
operators who encounter this issue in the future.
Change-Id: I8bc35571cc944ad20f413d53a47f94920dd1e928
Follow-up to change I058ceadab33f6969157b89aca5ba34ebd0be2a93
to mark some properties recommended, move documentation
and update contact information.
Co-Authored-By: Mike Raineri <michael.raineri@gmail.com>
Change-Id: I493f9402e15fa78bc5dae9d9bcbb124146f0d026
Add documentation for 'agent_burnin_fio_disk_smart_test' option
for disk burn-in.
Story: #2007523
Task: #43383
Change-Id: I686acddeb353839b045d5c0ad944114cb938f414
This commit modifies iRMC driver to use ironic.conf [deploy]
default_boot_mode as default value of boot_mode.
Before this commit, iRMC driver assumes Legacy BIOS as default
boot_mode and value of default_boot_mode doesn't have any effect
on iRMC driver's behavior.
Story: 2010381
Task: 46643
Change-Id: Ic5a235785a1a2bb37fef38bd3a86f40125acb3d9
In trying to figure out why I was unable to run
all of the test_migrations tests, I realized we need
to fix and clean up our unicode declarations.
Specifically, the way I found this was my local mysql
install was defaulted to using 4 Byte Unicode characters,
however some of our fields are 255 characters, which do not
fit inside of InnoDB tables.
They do, however fit with the "utf8" storage alias, which is
presently short for UTF8MB3, as opposed to UTF8MB4 which is
what my local database server was configured for. Because this
was in opportunistic tests, I wasn't able to really sort out
what was going on and thought we needed to shorten the fields.
In reality, it turns out we never defined the allocations
table to use UTF8 and Innodb for storage.
Storage engine wise, this is not a big deal, but may mean a
DBA will one day need to dump and reload the allocation table
of a deployment.
Character set wise... It is not great, but there is not a good
way for us to do this programatically. In my opinion, the chance
of an issue being encountered by an operator is unlikely, which
out weighs the risk and impact of dumping the entire table,
deleting the table, recreating the table with the updated schema
and then repopulating the entries. Of course, if operators are not
using allocations, then it really doesn't matter for them.
Along the way, I discovered we had used the "UTF8" type alias,
which may change one day, which would break Ironic. As such,
I've also updated the definitions used to create databases
and updated our documentation.
Recommended reading:
https://docs.sqlalchemy.org/en/14/dialects/mysql.html#unicodehttps://dev.mysql.com/doc/refman/8.0/en/charset-unicode-utf8mb4.html
Story: 2010348
Task: 46492
Change-Id: I4103152489bf61e2d614eaa297da858f7b2112a3
The 'all-plugin' tox environment was deprecated by this patch [1].
Instead of the 'all-plugin' it is recommended to use the 'all' tox
environment.
This patch removes any reference to 'all-plugin' tox environment and
updates the documentation so that the installation steps work with
the 'all' venv.
[1] https://review.opendev.org/c/openstack/tempest/+/543974
Change-Id: Id3451147d172002d67b4557680560a59b026ed77
Fixes the anaconda deploy(URL based) and adds
anaconda_boot entry to pxe_grub_config.template so
that ProLiants can be also deployed in PXE mode.
Story: 2010347
Task: 46490
Change-Id: I4b9e3a2060d9d73de5cab31cc08d3a764dc56e90
This patch adds new SNMPv3 auth protocols to iRMC which are supported
from iRMC S6.
Change-Id: Id2fca59bebb0745e6b16caaaa7838d1f1a2717e1
Story: 2010309
Task: 46353
This is a pre-release commit for the Yoga release following our docs [1]
[1] https://docs.openstack.org/ironic/latest/contributor/releasing.html
We will clean-up the releasenotes and include the prelude in other patch
Change-Id: I3b8df0dce64c4ee3b20b7a714b6647d6e1ec0330
Ironic has fake drivers for development use. Document that they are
not suitable for production.
Story: 1326269
Task: 9877
Change-Id: Ibe6d43e1740a95b1cb3886394afaf8545de00e54
Provide the ability to limit resource intensive or potentially
wide scale operations which could be a symptom of a highly
distructive and unplanned operation in progress.
The idea behind this change is to help guard the overall deployment
to prevent an overall resource exhaustion situation, or prevent an
attacker with valid credentials from putting an entire deployment
into a potentially disasterous cleaning situation since ironic only
other wise limits concurrency based upon running tasks by conductor.
Story: 2010007
Task: 45140
Change-Id: I642452cd480e7674ff720b65ca32bce59a4a834a
* Resolved PEP8 issues
* Trimmed comments to remove extraneous information
* Changed rfc1902.Integer() calls to the correct snmp.Integer() calls
* Fixed power state logic checking for new PDUs that don't have transitional states (e.g., 'pendingOn')
* Removed redundant warning messages
* Added unit tests for Raritan PD2, ServerTech Sentry 3/4, and Vertiv Geist drivers
* Updated documentation to list tested PDUs for the new drivers
* Updated release notes
Change-Id: I9da7b9042b817c346f75a44cd8287e1f63efcb56
This commit adds new clean steps create_csr and add_https_certificate
to allow users to create certificate signing request and adds
https certificate to the iLO.
Story: 2009118
Task: 43016
Change-Id: I1e2da0e0da5e397b6e519e817e0bf60a02bbf007
Previously, when a password change occured in ironic,
the session would not be invalidated, and this, in theory,
could lead to all sorts of issues with the old password
still being re-used for authentication.
In a large environment where credentials for BMCs may not
be centralized, this can quickly lead to repeated account
lockout experiences for the BMC service account.
Anyhow, now we consider it in tracking the sessions, so
when the saved password is changed, a new session is
established, and the old session is eventually expired out
of the cache.
Change-Id: I49e1907b89a9096aa043424b205e7bd390ed1a2f
The stock anaconda template previously lacked any ability
to indicate "don't validate the tls certificate".
The capability for the installation to operate *without*
requiring this to be the case is necessary for efficient
and simple CI testing as injecting CA certificates is
an overly complex interaction for CI testing.
Also updates the overall anaconda documentation to indicate
the constraint exists, but does not indicate explicitly how
to disable the setting via ironic.conf.
Change-Id: Ia8e4320cbedb205ab183af121da53562792a8faa
Adds capabilites for a project scoped admin to
create and delete nodes in Ironic's API.
These nodes are automatically associated with the
project of the requestor.
Effectively, this does allow anyone with sufficient
privilges, i.e. admin, in an OpenStack deployment
to be able to create new baremetal nodes and delete
those baremetal nodes. In this case, the user has
the "owner" level of rights in the RBAC model.
Change-Id: I3fd9ce5de0bc600275b5c4b7a95b0f9405342688
Fix typo. For anaconda deploy interface, ironic sets the
kickstart 'liveimg' command with the URL from the ironic node's
instance_info's "image_url" value [1], and that "image_url"
value is added by ironic code, using the "image_info" value.
We don't have code that uses any "liveimg_url" value.
[1] https://opendev.org/openstack/ironic/src/commit/
3d3a67daf7d2969d8da691d12351ab5bb32eca80/ironic/common/
pxe_utils.py#L1003
Change-Id: Ic8ce5fa83768c2632eb190cd87dbf81062c7083a
This commit adds documentation about driver_info[external_http_url]
Follow-up If6a117a756b7d2a04251792f88c2ee412a040b28
Change-Id: Ia4787c27ed4c53f4ecb911eb0f9d77ea455c25f3