The tl;dr, is when the allocation owner support was added,
it was done so to try and use the same exception
being raised for two distinct cases. An invalid request,
and a mismatch. The reality is, we should be raising them
separately because there are two different cases we need
to guard against.
This was discovered when changing Ironic's default RBAC
policy enforcement so that the legacy policy is no longer
enabled, which meant the default path on the owner logic was
thus triggered, resulting in the failure and need to fix it.
Closes-Bug: #2048698
Change-Id: I0feefc273a2d18e7812139f59df3f43aba7d7936
Before this change, if a user requested a node to be cleaned
or "managed" with cleaning enabled when the user is in the
system scope, Ironic would attempt to user's token to
make the request to Neutron.
This, unfortunately, does not work, as the neutron client explicitly
requires a project ID to make the request to Neutron. As a result,
Ironic now falls back to it's internal credential configuration to make
the forward request, which matches the behavior if a node has been
unprovisioned and the cleaning has been started automatically.
Closes-Bug: 2048416
Change-Id: Id91ec6afcf89642fb3069918e768016b8b657a31
Some of the object unit tests grub Mock object unintentionally, and
that results in failure during initializing an versioned object,
because the Mock object does not present its version correctly.
This fixes that problem.
The sqlalchemy-2x job is made non-voting because this job requires
oslo.utils 6.3.0 which is blocked by this problem.
Closes-Bug: #2043116
Related-Bug: #2042886
Change-Id: I1a622ab9c766d46b7eb4442848e91f25b26f6c61
It's important for consistent behavior to monkey_patch eventlet
before importing anything. While it makes an attempt to green any
existing created objects or locks, that code is buggy and fails
in some cases -- especially around rlocks.
It's not my belief that this resolves any specific bugs, but this
does reflect a better overall practice.
Change-Id: I57b2c91f9853287a08ee79ac87ae6e1767ddfb6f
We don't use pysnmp anymore, and we likely won't update this doc
in the future if libraries change again.
Change-Id: If3a3bf02167f187a0e4f8f0d20a77621b5def3eb
DEFAULT_IMAGE_NAME no longer exists in devstack; also our config
now always leads to multiple networks being created, so remove
the fork in the instructions.
Change-Id: I1b3e134c4d5a9633028af367e89ecc44699561cb
Adds the 'local-link-connection' and 'parse-lldp' inspection hooks in
the agent inspect interface for processing data received from the
ramdisk at the /v1/continue_inspection endpoint.
Change-Id: I540f03b961b858e8fc00cd4abbc905faa8f0c6c5
Story: #2010275
In-process token cache is deprecated since 4.2.0 release
and may be removed. Add the setting of memcache for
the auth_token token cache.
Change-Id: I23ad1d9fb1b33160452ab353972fa1274cde363d
It's possible to use virtual media based provisioning on
servers that only support DVD MediaTypes and do not support CD
MediaTypes. The problem in this scenario is that Ironic will keep
the media attached since it will only eject the ones matching the
CD device, now we check if there is any DVD device with media inserted
when looking for CD devices.
Closes-Bug: 2039042
Change-Id: I7a5e871133300fea8a77ad5bfd9a0b045c24c201
The new call prepare_remote_image contains the logic around
image_download_source, fetching images using a cache and publishing them
for further consumption. The code was extracted from _prepare_boot_iso,
which is now more straightforward.
Change-Id: I8567a10b77cdc3785686b79defcdafd75af53df0
So, I got myself nice and confused with testing parent_node logic
when I used a name, but the ironic internals are modeled around
queries involving UUID matching.
We now identify names, and reset the values to be a UUID.
Change-Id: I46ece586c254c58b80723bc905cad3144691fc5d
This change takes the first step in decomposing image_utils into more
manageable and reusable parts. The publishing bits there are coupled
with nodes and drivers. The new code is node-agnostic and features
a clean separation between Swift and local webserver code.
Change-Id: If95b46272abaeea314fd61bb50d2c40200386f98
Long story short, we auto-clamp down everything to 1400 bytes
due to VXLAN tunneling for multinode testing. But there are other
reasons to clamp it smaller, and we will need to clamp that further
for multinode should we mix it with OVN.
Anyway, this should make things cleaner and we should rely upon the
gate calcualted MTU as a starting place, not the guess based upon
interface list. i.e. test VM could be wrong but gate could know better.
Change-Id: I385679fe30d1447f1ed94cdf5a419e6acefbc595
Grenade is currently failing not finding the neutron command, we should
likely not be using it anyway since the deprecation message says it may
disappear after Z.
Change-Id: Ic24d59379bafcc5a630fe5c074fcc13303902965
This adds an `online` argument to the conductor touch methods so that
touch can be called with `online=False`. When called periodically this
allows the conductor `updated_at` to be within the threshold to avoid
locked nodes being failed as orphans by another conductor.
This will be used by drain shutdown (and graceful shutdown) so that
tasks can complete on existing locked nodes within the shutdown timeout,
while the conductor is also removed from the hash ring so new tasks are
not started on that conductor.
This change introduces the api but the existing behaviour won't change
until BaseConductorManager.del_host() no longer calls keepalive_halt().
Change-Id: Iedd62193fac1009137b9ee47a6ef5a9a8576f261
Especially in a single-conductor environment, the number of threads
should be larger than max_concurrent_deploy, otherwise the latter cannot
be reached in practice or will cause issues with heartbeats.
On the other hand, this change fixes an issue with how we use futurist.
Due to a misunderstanding, we ended up setting the workers pool size to
100 and then also allowing 100 more requests to be queued.
To be it shortly, this change moves from 100 threads + 100 queued to
300 threads and no queue.
Partial-Bug: #2038438
Change-Id: I1aeeda89a8925fbbc2dae752742f0be4bc23bee0
Adds basic testing for PXE/iPXE boot secenarios where the OVN
DHCP service is used instead of dnsmasq.
Also adds a release note and documentation to cover the details
and caveats of using ovn as we have discovered through this process.
Change-Id: I28cd20a7f271220d8ca335895ca9e302452fd069
They are huge, may expose sensitive data and are normally stored in
local files instead. Match the inspector behavior and drop logs.
Change-Id: I569ef8c7f9d78a7a65c48b6b46c12493c5c571c3
