It was recently learned by the OpenStack community that running qemu-img
on un-trusted images without a format pre-specified can present a
security risk. Furthermore, some of these specific image formats have
inherently unsafe features. This is rooted in how qemu-img operates
where all image drivers are loaded and attempt to evaluate the input data.
This can result in several different vectors which this patch works to
close.
This change imports the qemu-img handling code from Ironic-Lib into
Ironic, and image format inspection code, which has been developed by
the wider community to validate general safety of images before converting
them for use in a deployment.
This patch contains functional changes related to the hardening of these
calls including how images are handled, and updates documentation to
provide context and guidance to operators.
Closes-Bug: 2071740
Change-Id: I7fac5c64f89aec39e9755f0930ee47ff8f7aed47
Signed-off-by: Julia Kreger <juliaashleykreger@gmail.com>
The metal3-integration CI job is not smart enough to know which
branches to pull for it to correctly test the branch, and so it
should be disabled on this branch.
Change-Id: If04a5b97722cc1a8e125c3348e09339c3a7ce0eb
(cherry picked from commit 4cb0af7fd6e9afa8fe8a3b2a2e47427929068843)
ironic-tempest-partition-uefi-redfish-vmedia was renamed to
ironic-tempest-uefi-redfish-vmedia a long time ago
Change-Id: Iaa63e9cf12d47667955973033586fa65dd18e6b7
(cherry picked from commit 3f34f04bf0c46173bbc9d865bd0b001b87ab592d)
Apparently, this has been around for ages, btu the error was likely
not exactly right as a result of this. Anyway, quick fix.
Change-Id: Idee3c1edfdd65928eaa5f8d30b62474d85dec277
(cherry picked from commit eaa0521bee0997f0d30641825e0ac2af9c1ace09)
Cirros partition images have some underlying limitations,
meaning it is not ideal for any step which requires the image
to hae commands executed in it to perform operations, such as
mounting additional filesystems in UEFI mode, or installing
grub in BIOS mode.
This is because cirros images are an unpacked ramdisk, in other
words, the posted disk image *has no* contents on the root
filesystem of the image. While we attempt to unpack[0] this as well,
this can also fail creating false failures resulting in check
jobs failing and then working on recheck.
As the constraint is the same as the BIOS mode check, and there
is no realistic fix, this change removes the boot mode check and
thus always disables partition image testing with tempest *when*
cirros is in use.
note 0: We presently unpack using a virtual machine launch so it
takes place with the same process as when cirros starts, however
linux doesn't always boot, and the tools don't really determine
if that is the case or not, and if we retool it, we should just
move to a direct extraction and image re-pack.
Change-Id: I7687ff1eddb14d22b981860d4c4c9b172bae45b7
(cherry picked from commit 8d0b556e3d61bcaf01a4a72b470b4cadfde352f1)
To serve as a mechanism to allow an interlocking device identification
this patch injects a publisher id value into ISO images *and* the kernel
command line for any software running from the ISO image to match
the ISO in use to the location of data housed locally from within the
image.
Related-Bug: 2032377
Change-Id: I9b74ec977fabc0a7f8ed6f113595a3f1624f6ee6
(cherry picked from commit fb850e7f005e0ef4b5c489b8c2b245791d0d33eb)
Also add missing error into the message.
Change-Id: I9610add40afbb7beb30d375a3a455434f5446cc7
(cherry picked from commit f43587effd68a0842fa3946dc165faccc8a925f2)
We need to map with virtual media devices and not boot
devices only.
Change-Id: I88b56ae26d9f1d8642ed6ffc5c055f8d56f6939a
(cherry picked from commit c1f3daf7b0006bd555b950a0cd0dfe8a04878ec7)
Fixes usage of redfish detach virtual media feature to be conform to
the general implementation.
Before the detach virtual media API call using redfish driver was not
working as intended and caused the operation to fail.
The method implementation was allowing only a single device_type
while it should be multiple devices to match the conductor manager
implementation.
Change-Id: I9edd3b77eeb3ec1b0484d4e6f0c6dea53e83f9ad
(cherry picked from commit 58fc21fc0b0ab7beb5a74654455265b95cc25a28)
Currently, service steps may fail to start in scenarios dependent on IPA
fasttrack. This change attempts to resolve this by incorporating
servicing states in the fast track allowed states whitelist while also
making _FASTTRACK_HEARTBEAT_ALLOWED a superset of _HEARTBEAT_ALLOWED
instead of duplicating values in the two constants.
Change-Id: I47984469c1432e7fc7b4f1494b9f6c551c34672f
(cherry picked from commit 619e1ac80ccc6f20e32a2a80d31637dd45d6d45b)
We ended up using two names for the same flag (and forgot it in one
place completely). To not just fix the issue but also prevent it in the
future, refactor asynchronous steps handling into a new helper module
with constants and helper functions.
I've settled on servicing_reboot as opposed to service_reboot because
that's the value we currently set (but not read), so it provides
better compatibility when backporting.
Remove excessive mocking in the Redfish unit tests.
Change-Id: I32b5f860b5d10864ce68f8d5f1dac3f76cd158d6
(cherry picked from commit 004e78c41368a3bb037726ce0c1ff550436a5717)
Serious issues:
- Nothing powers on nodes after servicing, so they end up active and
powered off in the end.
- Restoring power state was done three times.
Minor issues:
- Function _tear_down_node_servicing is called twice causing a traceback.
- Furthermore, process_event('done') is also called in another place
in deploy utils.
- Make sure nodes are never considered for fast-track when servicing, it
prevents clean-up of virtual media devices.
Change-Id: I92fd7a0009a816e93e316e4674c7509b61a474d4
(cherry picked from commit 6c8673c1b495095a0c92e0323976f3bc3834ac08)
Unlike clean, deploy and verify steps, service steps cannot run
automatically and thus do not have a usable notion of priority. It's not
possible to provide a priority through the API but our validation code
still requires it. This change gets rid of most priority handling for
service steps, leaving only some foundation for future enhancements.
Change-Id: I82aefc03a5c062b67e0f457612fe568399226dc8
(cherry picked from commit 22aa29b864eecd00bfb7c67cc2075030da1eb1d0)
Currently, service steps do not work with virtual media deployments
because states.SERVICING and states.SERVICEWAIT are missing from the whitelist
of valid provision_states. This change resolves this issue.
Change-Id: I5e3ec08d128b35385f2d90c9c852140b757b8dbf
(cherry picked from commit 70ccb6af111186431b898c4dc6c1c3e6564ab1d7)
The generate path does not contain the node UUID, causing conflicts.
Also make sure to always clean up any existing files first.
Change-Id: I30f948d64e7b87f33841dc22828db60338a62dd8
(cherry picked from commit a9a4fff71c15e6192e06652d64a1048bd5c2633d)
For compatibility with pysnmp-lextudio and pyasn1 we increase the
minimum required version of python-scciclient to latest available.
Also capping proliantutils to avoid breaking changes.
Change-Id: I64587d24383dc05927135d7e7e3a2a6975a58558
(cherry picked from commit 388b9ddcacc6539433fe2d37534414126dd47826)
Update the URL to the upper-constraints file to point to the redirect
rule on releases.openstack.org so that anyone working on this branch
will switch to the correct upper-constraints list automatically when
the requirements repository branches.
Until the requirements repository has as stable/2024.1 branch, tests will
continue to use the upper-constraints list on master.
Change-Id: I312d0d2a1e049a76e00075d9d40ff113af258bf5
This commit increases the length of the 'user' column to
accommodate longer UUIDs, ensuring that the full user UUIDs are stored
without exceeding the column limit.
Closes-Bug: #2054594
Change-Id: I59b435ca2bb5850bb2338228b64868c2003bfea3
Changing the ironic-tempest-uefi-redfish-vmedia and
ironic-tempest-ovn-uefi-ipmi-pxe jobs to only run
tempest test_baremetal_server_ops_wholedisk_image.
We saw failures on the partition tests for this jobs.
Related-Bug: #2057972
Change-Id: I2e26d7955ade11046bf89b6f4c9c2c4f16da1574