1427 Commits

Author SHA1 Message Date
Iury Gregory Melo Ferreira
b869b46c63 Drop python 2.7 support and testing
OpenStack is dropping the py2.7 support in ussuri cycle.

Ironic is ready with python 3 and ok to drop the
python 2.7 support.

Complete discussion & schedule can be found in
- http://lists.openstack.org/pipermail/openstack-discuss/2019-October/010142.html
- https://etherpad.openstack.org/p/drop-python2-support

Ussuri Communtiy-wide goal - https://review.opendev.org/#/c/691178/

Change-Id: I3cc36d79ffabf31607d503dada9e7512c639647c
2019-11-22 14:06:45 +01:00
Zuul
8990e7dcbc Merge "Backward compatibility for the ramdisk_params change" 2019-11-21 08:46:01 +00:00
Zuul
631294442f Merge "Pass correct flags during PXE cleanup in iPXEBoot" 2019-11-20 11:26:46 +00:00
Zuul
389391fdb1 Merge "Drop [agent]heartbeat_timeout" 2019-11-20 08:01:18 +00:00
Vladyslav Drok
8e39fe9d44 Pass correct flags during PXE cleanup in iPXEBoot
They were not handled correctly and ipxe-related configs were left
after node tear down.

Story: 2006907
Task: 37549
Change-Id: I1ee6727d2fc52619544e327a10a62ae8a7e6f7fe
2019-11-19 12:39:54 +01:00
Zuul
eec5b2fd68 Merge "Stop supporting incompatible heartbeat interfaces" 2019-11-18 13:30:55 +00:00
Zuul
b6e72fbd1a Merge "Allow node owners to administer nodes" 2019-11-18 10:53:54 +00:00
Kaifeng Wang
6ec9677383 Drop [agent]heartbeat_timeout
The configuration option was deprecated before ocata (even earlier),
this patch drops the deprecated option.

Change-Id: I4cdff9a94aad580d22e93dcb5b9bd4aeef1412f8
2019-11-18 17:09:57 +08:00
Zuul
d7e7abe63f Merge "Block ability update callback_url" 2019-11-18 07:02:48 +00:00
Julia Kreger
931c125982 Block ability update callback_url
A malicious user with:

* API access normally reserved for the provisioning,
  cleaning, rescue networks.
* Insight about a node, such as a MAC address, or baremetal node
  UUID.
* Insight into the state of the node, such as the access provided
  to Compute API users, or other Bare Metal API users.

Can submit an erroneous ``heartbeat`` to the ironic-api endpoint
with a ``callback_url`` that is not of the actual intended agent.
This can potentially cause a rescue, cleaning, or deployment
operation to be derailed, or at worst commands to be sent to
to an endpoint the malicious user controls.

Story: 2006773
Task: 37295
Change-Id: I1a5e3c2b34d45c06fb74e82d0f30735ce9041914
2019-11-15 22:09:08 +00:00
Kaifeng Wang
61a3e833f2 Stop supporting incompatible heartbeat interfaces
agent_version is required for the heartbeat interfaces, we kept it for
quite a long time and now it's time to remove the support.

Change-Id: I36c3e4fbb465bb9163cf0a387e9efb36dba27a60
Story: 1602265
Task: 10478
2019-11-15 16:33:51 +08:00
Tzu-Mainn Chen
8253826e86 Allow node owners to administer nodes
Introduce is_node_owner to policy, giving Ironic admins
the option of modifying the policy file to allow users
specified by a node's owner field to perform API actions
on that node.

Change-Id: If08586f3e9705dd38ff83e4b500d9ee3cd45bce3
Story: #2006506
Task: #37214
2019-11-14 15:49:50 +00:00
Dmitry Tantsur
db31628dea Backward compatibility for the ramdisk_params change
Follow-up to commit 08fe4af481444441084fa60cd0ff0246e5e65dcb restoring
support for ipa-api-url in custom templates and adding a release note
explaining the change.

Story: #1528920
Change-Id: Ic8fc31fcde9a6f685bb1390a75a6a010c149f628
2019-11-04 14:20:27 +01:00
Steve Baker
7ebad2e344 Allow vendor_data to be included in a configdrive dict
configdrive can contain a vendor_data2.json file containing key/value
pairs injected by nova's vendordata mechanism[1].

This change lets Ironic accept a vendor_data key when configdrive is
provided as json, allowing parity with nova.

This change requires an openstacksdk release 0.37.0

[1] https://www.madebymikal.com/nova-vendordata-deployment-an-excessively-detailed-guide/

Change-Id: Id990b970619a113c5d5ead47fb550870d91b5e04
Task: 36756
Story: 2006597
Blueprint: nova-less-deploy
2019-10-31 08:55:39 +13:00
Riccardo Pittau
89c30cb923 Using loop instead of with_X
The loop keyword is the current recommended way to handle loops,
and supports filters.
It's available since Ansible version 2.5 so changing ansible
requirement in driver-requirements.

Change-Id: Ibff1f07ca00b8f5a5274d73f9e53196f49c33a66
2019-10-24 10:02:20 +02:00
Dmitry Tantsur
3ab93f0c84 Mask secrets when logging in json_rpc
Otherwise passwords are displayed in plain text in the DEBUG logs.

Change-Id: I4210492bc7cb42b205d2b93a018bfaa25bfe5752
Story: #2006744
Task: #37216
2019-10-21 15:49:30 +02:00
Zuul
7883102db0 Merge "Do not ignore 'fields' query parameter when building next url" 2019-10-19 05:50:11 +00:00
Zuul
8e850532ab Merge "Update sushy library version" 2019-10-18 21:12:57 +00:00
Arun S A G
e36f72d36d Do not ignore 'fields' query parameter when building next url
When an user calls the GET on an ironic resource it returns
MAX_LIMIT number of resources at a time along with a next url.
The default MAX_LIMIT is 1000.

If the user requested specific set of fields from ironic API
using the fields query parameter (eg: /v1/resource?fields=f1,f2,f3)
The next url returned by the API ignores fields query parameter.
This results in fields missing from the results after MAX_LIMIT
is reached.

This change fixes this problem by passing the fields as parameter
to collections.get_next method and using the fields argument to
build the query parameter.

Change-Id: I62b59e8148171c72de0ccf63a1517e754b520c76
Story: 2006721
Task: 37093
2019-10-18 11:37:41 -07:00
Christopher Dearborn
0ab2c08e47 Update sushy library version
This patch updates the sushy library version to a version that
contains a fix for a critical message registry bug.  This bug causes
the Redfish hardware type to not work against at least some Dell EMC
hardware.

See: https://review.opendev.org/#/c/666253/

Change-Id: I03b415ce4f07f9c306bafc05c52527f51061d864
Story: #2006702
Task: #37011
2019-10-18 18:32:36 +00:00
Zuul
5c20f860c8 Merge "DRAC: Drives conversion from JBOD to RAID" 2019-10-18 02:54:08 +00:00
Zuul
e4a1390b41 Merge "Read in non-blocking fashion when starting console" 2019-10-18 01:52:41 +00:00
Rachit7194
8e3f682e29 DRAC: Drives conversion from JBOD to RAID
Added physical drives conversion from JBOD to RAID
mode before RAID create_configuration cleaning step called
in iDRAC driver.

Change-Id: Ie6d1a9314d1543b73889f6d419541e75b7e06c89
Story: #2006479
Task: #36422
2019-10-16 12:29:56 -04:00
Ilya Etingof
a2ae57c457 Fix drive sensors collection in redfish mgmt interface
Fixes drive sensors information collection in `redfish` management
interface. Prior to this fix, wrong Redfish schema has been used for
Drive resource what has been causing exception and ultimately sensor
data collection failure.

Change-Id: I8b0f69d13420fa0a3fc21f044ed2bba6a540e638
2019-10-14 14:55:31 +00:00
Zuul
4895f36ffb Merge "Add Redfish vmedia boot interface to idrac HW type" 2019-10-14 12:57:54 +00:00
Ilya Etingof
0ad6f87587 Add Redfish vmedia boot interface to idrac HW type
This change adds idrac hardware type support of a virtual media boot
interface implementation that utilizes the Redfish out-of-band (OOB)
management protocol and is compatible with the integrated Dell Remote
Access Controller (iDRAC) baseboard management controller (BMC). It is
named 'idrac-redfish-virtual-media'.

The iDRAC Redfish Service almost entirely interoperates with the virtual
media boot workflow suggested by the Redfish standard. The only
difference is configuring the system to boot from the inserted virtual
media. The standard workflow expects it to be referred to as a CD-ROM or
floppy disk drive boot source, no different from their physical
counterparts. However, the iDRAC refers to them as virtual boot sources,
distinct from their physical counterparts. Presently, the standard does
not define virtual CD-ROM nor virtual floppy disk drive boot sources.
However, the iDRAC provides a Redfish OEM extension for setting the
system to boot from one of those virtual boot sources.

To circumvent the above issue, the Python class which implements
'idrac-redfish-virtual-media' is derived from the class which implements
the generic, vendor-independent 'redfish-virtual-media' interface. It
overrides the method which sets the boot device to facilitate use of the
aforementioned iDRAC Redfish Service OEM extension.

The idrac hardware type declares support for that new interface
implementation, in addition to all boot interface implementations it has
been supporting. The priority order is retained by assigning the new
'idrac-redfish-virtual-media' the lowest priority.

A new idrac hardware type Python package dependency is introduced. It is
on 'sushy-oem-idrac'.

[1] https://pypi.org/project/sushy-oem-idrac/

Co-Authored-By: Richard G. Pioso <richard.pioso@dell.com>
Story: 2006570
Task: 36675
Change-Id: I416019fc1ed3ab2a3a3dbc4443571123ef90e327
2019-10-11 20:01:09 -04:00
Zuul
388a38fa3a Merge "DRAC: Fix a bug for delete_config with multiple controllers" 2019-10-11 20:21:15 +00:00
Zuul
fa9b1cd970 Merge "DRAC: Fix a bug for clear_job_queue clean step with non-BIOS pending job" 2019-10-11 11:37:40 +00:00
Pradip Kadam
4be3fcef26 DRAC: Fix a bug for clear_job_queue clean step with non-BIOS pending job
If we create pending non-bios config job(E.g create/delete virtual disk)
with "At next reboot" option and execute "clear_job_queue" clean step,
then that job gets deleted after job execution instead of getting
deleted before job execution.

Change-Id: Ibeae18798a25e33fa070f1120ce0cc0981f66850
Story: #2006580
Task: #36695
2019-10-10 14:16:07 +00:00
Zuul
2b14daeec2 Merge "grub configuration should use user kernel & ramdisk" 2019-10-08 11:12:39 +00:00
shenjiatong
2364c8b247 grub configuration should use user kernel & ramdisk
compared with pxe_config.template, ramdisk boot with grub should use
aki_path and ari_path

Change-Id: Ibedf375cfeeb20917f06e52b1e86a6990a3c494b
Story: 2006639
Task: 36855
2019-10-07 22:23:03 +00:00
Rachit7194
e4f3b7b813 DRAC: Fix a bug for delete_config with multiple controllers
This fix a bug where a race condition can occur on a host that
has a mix of controllers where some supports realtime mode and
some do not. The approach is to use only realtime mode if all
controllers supports realtime. This removes the race condition.

Story: #2006502
Task: #36480

Change-Id: I18aa79774c0b562bf1e8b973db3d7860a01367e7
2019-10-03 09:37:53 -04:00
Zuul
2408987175 Merge "DRAC: Fix a bug for job creation when only required" 2019-10-02 11:15:41 +00:00
Rachit7194
fb83cfb76d DRAC: Fix a bug for job creation when only required
This patch fix a bug which creates configuration job on any
controller even if ``is_commit_required`` value is ``False``

Change-Id: I150fa02c75f5e228b3e18c24e9a101c2e1eb0274
Story: #2006562
Task: #36659
2019-10-01 09:27:04 -04:00
Mark Goddard
8024fcc395 Add versions to release notes series
Change-Id: Ie6fd537ce2872d8a3bd08398e66cc77083c61bd7
2019-09-26 14:21:44 +01:00
eb10eace8c Update master for stable/train
Add file to the reno documentation build to show release notes for
stable/train.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/train.

Change-Id: I2df9c72a1234501af6399944286715d15c6d14b4
Sem-Ver: feature
2019-09-25 08:43:36 +00:00
Mark Goddard
2fad52eced Release notes cleanup for 13.0.0 (mk2)
Several release notes have been added since the initial cleanup for
13.0.0. This patch tidies them.

Change-Id: I83772c28c4f135ef8c0a8eb10130a3937db765d1
2019-09-23 15:53:23 +01:00
Zuul
0450c4f2fd Merge "Allow retrying PXE boot if it takes too long" 2019-09-23 12:58:26 +00:00
Zuul
9de0a66aab Merge "Add iDRAC RAID deploy steps" 2019-09-23 11:43:45 +00:00
Zuul
add03f5fe7 Merge "Don't resume deployment or cleaning on heartbeat when polling" 2019-09-23 11:09:33 +00:00
Shivanand Tendulker
45b03d03b7 Add iDRAC RAID deploy steps
This change adds two new deploy steps to the idrac RAID interface -
apply_configuration and delete_configuration. These use the existing
RAID support in the idrac driver used for clean steps.

In order to make this work, the lifecycle controller job validation has
been modified to allow specification of a name prefix for jobs to check.
This is because configuring the node for PXE boot can result in creation
of a BIOS config job, which previously caused the validation to fail.
The RAID interface now only checks for existing jobs on the same RAID
controller, and so ignores the BIOS config job.

The disk space calculation has been modified to allow for virtual disks
that are pending deletion, as this is necessary to make the numbers work
when deleting existing virtual disks and creating new ones from the same
set of physical disks.

We also use the new deployment_polling flag in driver_internal_info to
signal that the RAID interface polls for completion of the deploy step.

Co-Authored-By: Shivanand Tendulker <stendulker@gmail.com>
Change-Id: I5803131fbdebce6f7896655a61a8fbdd4c1cd4a1
Story: 2003817
Task: 30004
2019-09-22 20:48:26 +01:00
Zuul
b7eb4a181c Merge "Serve virtual media boot images from ironic conductor" 2019-09-22 02:01:53 +00:00
Zuul
19d9c1c4b3 Merge "Fixed problem with UEFI iSCSI boot for nic adapters" 2019-09-21 15:43:01 +00:00
Mark Goddard
3e51982252 Don't resume deployment or cleaning on heartbeat when polling
Some drivers use a periodic task to poll for completion of a deploy
or clean step. The iDRAC RAID driver is one example of this. In
https://review.opendev.org/#/c/676152, the agent heartbeat handler was
modified to resume deployment if not currently in the core deploy step.
This makes sense for the ilo driver, which does not poll for completion
of RAID configuration, but the iDRAC driver polls the lifecycle
controller's job queue, and expects to be able to resume deployment once
the job is complete. However, there is now a race between the agent
heartbeat as the node boots up, and the job queue poller.

This change adds new flags, cleaning_polling and deployment_polling,
which can be used by a driver to signal that they are polling for
completion of a deploy step, and that the agent heartbeat should not be
used for this purpose.

We also add here some more cleanup of the cleaning and deployment step
metadata in driver_internal_info, since if these fields are left in
place they may affect subsequent cleaning or deployment steps.

Change-Id: I34591440ab993a80a0cc88be6e10e33f1ae4a660
Story: 2003817
Task: 36563
2019-09-21 12:52:28 +01:00
Zuul
f2086372ec Merge "Add deploy steps for iLO Management interface" 2019-09-21 09:33:52 +00:00
Zuul
4e88793256 Merge "Add an option to abort cleaning and deployment if node is in maintenance" 2019-09-21 08:50:13 +00:00
Dmitry Tantsur
b2834e6661 Allow retrying PXE boot if it takes too long
PXE is inherently unreliable and sometimes times out without an
obvious reason. It happens particularly often in resource constrained
environments, such as the CI. This change allows an operator to
set a timeout, after which the boot is retried again.

The _add_node_filters call had to be refactored to avoid hitting
the complexity limit.

Change-Id: I34a11f52e8e98e5b64f2d21f7190468a9e4b030d
Story: #2005167
Task: #29901
2019-09-20 15:24:28 +02:00
Zuul
9fa39045da Merge "Add Redfish inspect interface to idrac HW type" 2019-09-18 19:12:16 +00:00
Zuul
de67cad921 Merge "Add first idrac HW type Redfish interface support" 2019-09-18 17:12:52 +00:00
Ilya Etingof
199a218f5c Serve virtual media boot images from ironic conductor
Add the option to ironic to place bootable ISO images into local
HTTP server's document root so that BMC could boot from there.
This is an alternative to Swift-based boot controllable via the
``[redfish]use_swift`` ironic configuration option.

Change-Id: I390fbb3a27f1b7d0170caff84f54d4ca40e6bcb2
Story: 2006569
Task: 36674
2019-09-18 18:23:28 +02:00