1770 Commits

Author SHA1 Message Date
Dmitry Tantsur
d3872cfcdd Fix a race condition in the hash ring code
We're handling hash rings and updated_at differently: one
is stored on the class level, the other - on instance. Apparently,
there is a race there, resulting in updated_at never updated.
Store hash rings and updated_at in one tuple, so that they're
always loaded and stored together.

Also remove double loading of the hash ring in _get_ring that
could contribute to the problem.

Change-Id: Ib659014e07549ae3d5ec7e69da318301f5994ca8
2020-09-28 17:15:28 +02:00
Zuul
ac19e6050d Merge "Adding changes for iso less vmedia support" 2020-09-27 19:42:39 +00:00
Zuul
d108a5c34b Merge "Fix deprecated 'idrac' interface '__init__'s" 2020-09-27 04:13:24 +00:00
ankit
b4fafd8878 Adding changes for iso less vmedia support
This commit allows virtual media deployment/rescue
using kernel/ramdisk pair by creating iso on the fly
for ilo and ilo5 hardware types. Also it adds support
of dhcp less deploy to ilo and ilo5 hardware type.

Change-Id: I08e37a9f5268c15ba954b34ad706b900e5430da6
Story: #2006691
Task: #40893
2020-09-25 05:07:07 +00:00
Zuul
484dcd5b60 Merge "Add Redfish BIOS interface to idrac HW type" 2020-09-25 02:32:22 +00:00
Richard Pioso
5ff3defb5c Fix deprecated 'idrac' interface '__init__'s
This change fixes the deprecated 'idrac' hardware interface
implementation '__init__' methods to call their base class '__init__'
methods before emitting a log message warning about their deprecation.

Story: 2008197
Task: 40977
Change-Id: Ic6e2b6744850d429fae2d353a91649ea68371a59
2020-09-24 20:50:29 -04:00
Dmitry Tantsur
3e362dff5f Amend the agent_verify_ca release note to mention the configuration option
A follow-up to commit cb8cc0ca6544889c07bd8dc6a5b556b71d2f555a.

Change-Id: Iae0b27ec33b55bbe50a9417597c528dfed706d2f
2020-09-24 14:32:18 +02:00
Zuul
d2b5007c9e Merge "Release note updates for Victoria release" 2020-09-24 09:32:34 +00:00
Zuul
28c0f38322 Merge "Deprecate the iscsi deploy interface" 2020-09-24 06:09:10 +00:00
Julia Kreger
cd2e557ac7 Release note updates for Victoria release
Change-Id: If01d774bc719e9ad0d2c2a10f120f966ae8f1e39
2020-09-23 18:16:20 -07:00
Zuul
e32e5f27a4 Merge "Fix redfish BIOS to use @Redfish.SettingsApplyTime" 2020-09-23 14:17:53 +00:00
Aija Jauntēva
796e2302c3 Add Redfish BIOS interface to idrac HW type
This change adds idrac hardware type support of a BIOS interface
implementation that utilizes the Redfish out-of-band (OOB) management
protocol and is compatible with the integrated Dell Remote Access
Controller (iDRAC) baseboard management controller (BMC). It is named
'idrac-redfish'.

The idrac hardware type declares support for that new interface
implementation, in addition to all BIOS interface implementations it has
been supporting. The highest priority BIOS interface remains the same,
the one which relies on the Web Services Management (WS-Man) OOB
management protocol. The new 'idrac-redfish' immediately follows it.

Co-Authored-By: Eric Barrera <eric_barrera@dell.com>
Co-Authored-By: Richard G. Pioso <richard.pioso@dell.com>
Co-Authored-By: Mike Raineri <mraineri@gmail.com>
Story: 2008100
Task: 40803
Depends-On: https://review.opendev.org/#/c/750020/
Change-Id: Ic5a1da418dccb0f3ec92914909aacd7c339d8837
2020-09-23 13:34:50 +00:00
Richard Pioso
65d5066394 Fix redfish BIOS to use @Redfish.SettingsApplyTime
This change fixes the 'redfish' BIOS interface 'apply_configuration'
cleaning/deploy step to work with Redfish Services that must be supplied
the Distributed Management Task Force (DMTF) Redfish standard
@Redfish.SettingsApplyTime annotation [1] to specify when to apply the
requested settings, such as the Dell EMC integrated Dell Remote Acesss
Controller (iDRAC).

Such services, typically offered by baseboard management controllers
(BMC), require POST of the annotation, along with the future intended
state of the settings. Otherwise, they may never be applied.

When the annotation is not supported, it is not provided with the future
intended state of the settings.

[1] http://redfish.dmtf.org/schemas/DSP0266_1.11.0.html#settings-resource

Co-Authored-By: Eric Barrera <eric_barrera@dell.com>
Co-Authored-By: Aija Jauntēva <aija.jaunteva@dell.com>
Co-Authored-By: Mike Raineri <mraineri@gmail.com>
Story: 2008163
Task: 40913
Depends-On: https://review.opendev.org/#/c/750020/
Change-Id: I28a948f306b40c36b12e6f786e1e43a61e84a0f2
2020-09-22 12:39:56 -04:00
Dmitry Tantsur
d8dccc8d06 Deprecate the iscsi deploy interface
This change marks the iscsi deploy interface as deprecated and
stops enabling it by default.

An online data migration is provided for iscsi->direct, provided that:
1) the direct deploy is enabled,
2) image_download_source!=swift.

The CI coverage for iscsi deploy is left only on standalone jobs.

Story: #2008114
Task: #40830
Change-Id: I4a66401b24c49c705861e0745867b7fc706a7509
2020-09-22 15:39:36 +02:00
Zuul
6b8c675ff6 Merge "Do not retry locking when heartbeating" 2020-09-20 12:49:28 +00:00
Zuul
8fc5f669a2 Merge "Adds ilo-uefi-https boot interface to ilo5" 2020-09-18 21:53:50 +00:00
Dmitry Tantsur
e6e774f524 Do not retry locking when heartbeating
IPA will retry any heartbeats anyway, by not retrying on the ironic side,
we 1) make heartbeats quicker, 2) avoid several heartbeats queuing up on
a really busy systems with short heartbeating interval.

Change-Id: If030340a780c759f6433d37b6423d17b72e1a548
Story: #2008167
Task: #40918
2020-09-18 17:34:35 +02:00
vmud213
6d36b0b785 Adds ilo-uefi-https boot interface to ilo5
Change-Id: I224eca4d8b331711369b17903098daa9fec27d7d
Story: #2008073
Task: #40761
2020-09-17 13:20:53 +00:00
Zuul
4633fe937d Merge "Allow configuring IPMI cipher suite" 2020-09-17 08:21:53 +00:00
Zuul
35882c438d Merge "Also wipe agent token on manual power off or reboot" 2020-09-17 08:10:38 +00:00
Zuul
3297e98eab Merge "Accept and use a TLS certificate from the agent" 2020-09-16 15:14:34 +00:00
Dmitry Tantsur
2773c5fb25 Allow configuring IPMI cipher suite
Negotiation fails for some hardware, let's allow an explicit setting.

Change-Id: I04a3391f85412dcabc6105bd91beb1da25bdfc19
2020-09-16 15:52:07 +02:00
Zuul
8d38afd968 Merge "Add release note for dhcp-less deploy" 2020-09-16 10:22:24 +00:00
Dmitry Tantsur
bc04a42a96 Also wipe agent token on manual power off or reboot
We have a check in the code that is never true for manual power
actions because of what happens in the conductor manager. Remove it.

Change-Id: I50b7b78a41188c41e4944894851f1d12684f824a
2020-09-14 16:09:54 +02:00
Julia Kreger
ab4fdb8e7c Add release note for dhcp-less deploy
The initial release note for the node object change doesn't
provide full context, and since it has received basic testing
we should be good to go at this point.

Change-Id: Iabb09b7087c400e2d0a278cc3add79bb8b0f3f62
2020-09-10 18:15:08 -07:00
Dmitry Tantsur
5f9efb34e9 Handle default_boot_mode during cleaning/inspection with PXE/iPXE
First, use default_boot_mode in get_boot_mode instead of BIOS.

Second, call sync_boot_mode for all ramdisk types in the PXE boot,
not only during deployment.

Change-Id: I3f13bacbdcb319c191eeb8ae93aecf8fba68f9ec
2020-09-10 17:32:27 +02:00
Dmitry Tantsur
2b676a6864 Accept and use a TLS certificate from the agent
Accepts the certificate from a heartbeat and stores its path in
driver_internal_info for further usage by the agent client (or
any 3rd party deploy implementations).

Similarly to agent_url, the certificate is protected from further
changes (unless the local copy does not exist) and is removed
on reboot or tear down (unless fast-tracking).

Change-Id: I81b326116e62cd86ad22b533f55d061e5ed53e96
Story: #2007214
Task: #40603
2020-09-09 17:27:30 +02:00
Zuul
9341ca4ef7 Merge "Change [agent]image_download_source=http" 2020-09-09 05:26:31 +00:00
Zuul
725f1efe28 Merge "Add an option to require TLS for agent callback_url" 2020-09-08 20:10:23 +00:00
Dmitry Tantsur
b5d5e5774c Change [agent]image_download_source=http
As part of the plan to deprecate the iSCSI deploy interface, changing
this option to a value that will work out-of-box for more deployments.

The standalone CI jobs are switched to http as well, the rest of jobs
are left with swift. The explicit indirect jobs are removed.

Change-Id: Idc56a70478dfe65e9b936006a5355d6b96e536e1
Story: #2008114
Task: #40831
2020-09-08 16:28:31 +02:00
Zuul
f1ea2ee6d1 Merge "Allow HttpImageService to accept custom certificate" 2020-09-08 10:01:22 +00:00
Zuul
272ac68c2d Merge "Do not assume that prepare_image is the last command to run" 2020-09-08 05:37:16 +00:00
Zuul
fc2247246b Merge "Adds few of the security dashboard parameters to capabilities" 2020-09-07 18:45:21 +00:00
Zuul
30a9d33577 Merge "Switch Ironic to openstacksdk for Neutron" 2020-09-07 15:41:31 +00:00
Dmitry Tantsur
f6b65cb68f Add an option to require TLS for agent callback_url
Change-Id: Idf85dfd110de6181c6592644fd57e109ba87b971
Story: #2007214
Task: #40822
2020-09-07 17:13:24 +02:00
Zuul
b6cf0432a7 Merge "Remove token-less agent support" 2020-09-07 15:07:17 +00:00
vmud213
1154292d46 Allow HttpImageService to accept custom certificate
While validating and downloading image references, allow HttpImageService
to use config parameters to enable/disable TLS verification and to use custom
certificates on the secured connections.

Change-Id: I5f308271004a24203ecbbc1718ba9070ed65b960
Story: #2007939
Task: #40404
2020-09-07 14:51:34 +00:00
Nisha Agarwal
6ee91fc3a6 Adds few of the security dashboard parameters to capabilities
This patch adds few of the security dashboard parameters
to iLO capabilities. It adds :
 - overall_security_status
 - last_firmware_scan_result
 - security_override_switch

Story: 2008024
Task: 40678

Change-Id: I7ef2ce1a20fbc1b258fce0f8ebd53661b24e66ff
2020-09-07 07:44:11 +00:00
Zuul
c2db0bbac3 Merge "OOB one button secure erase for iLO5 based HPE Proliant servers." 2020-09-06 11:21:35 +00:00
Julia Kreger
5b272b0c46 Remove token-less agent support
Removes the deprecated support for token-less agents which
better secures the ironic-python-agent<->ironic interactions
to help ensure heartbeat operations are coming from the same
node which originally checked-in with the Ironic and that
commands coming to an agent are originating from the same
ironic deployment which the agent checked-in with to begin
with.

Story: 2007025
Task: 40814
Change-Id: Id7a3f402285c654bc4665dcd45bd0730128bf9b0
2020-09-04 17:09:39 +00:00
Dmitry Tantsur
ce46cc461d Do not assume that prepare_image is the last command to run
The get_deploy_steps command can be run after it breaking deploy.

Change-Id: I8e641a521a574462010a95a19e8a64ac36d4e52d
2020-09-04 11:33:31 +02:00
Zuul
b605ab585a Merge "Enhance certificate verification for ilo harware type" 2020-09-04 08:51:52 +00:00
kesper
9fb4074bfe OOB one button secure erase for iLO5 based HPE Proliant servers.
This commit adds functionality to perform out-of-band one button
secure erase for iLO5 based HPE Proliant servers. Using this a
user can securely erase the whole system. It includes deleting
any deployment settings profiles, all licenses, Active Health
System (AHS) and warranty data stored there, reseting BIOS and
erasing supported non-volatile storage data.

Change-Id: I2f46a67580e8a607a91a3f6660feb85ed1827dc8
Story: #2007964
Task: #40458
2020-09-04 07:20:35 +00:00
Zuul
4e0b2f4c37 Merge "Allow setting image_download_source per node" 2020-09-03 13:50:46 +00:00
Zuul
c15bc2a7a1 Merge "Support caching http:// images locally in the direct deploy" 2020-09-03 13:43:40 +00:00
ankit
778d715b5f Enhance certificate verification for ilo harware type
This patch enhance certificate verification for hardware
type ilo and ilo5 by adding attribute ilo_verify_ca which can take
directory and bolean values apart from file.

Change-Id: Ic48bf53097635498a8461be049ee5d2a50c6fe2a
2020-09-03 06:53:58 +00:00
Zuul
11aa5f6639 Merge "Support file:/// images for the direct deploy" 2020-09-03 05:26:51 +00:00
Zuul
32926667d4 Merge "Suffix the ISO names with '.iso'" 2020-09-02 19:40:20 +00:00
Zuul
c8169f2a1a Merge "Handle an older agent with agent_token" 2020-09-02 17:52:53 +00:00
Dmitry Tantsur
840ce16668 Allow setting image_download_source per node
Allows certain flexibility when it comes to low RAM vs high RAM nodes,
and large vs small images. Also deploy_interface is settable per node,
so this feature makes it easier to migrate from the iscsi deploy.

Story: #2008075
Task: #40766
Change-Id: Idf3bbc6d24042ce1d9a895095b5cb0979dd3183d
2020-09-02 15:39:53 +02:00