The stock anaconda template previously lacked any ability
to indicate "don't validate the tls certificate".
The capability for the installation to operate *without*
requiring this to be the case is necessary for efficient
and simple CI testing as injecting CA certificates is
an overly complex interaction for CI testing.
Also updates the overall anaconda documentation to indicate
the constraint exists, but does not indicate explicitly how
to disable the setting via ironic.conf.
Change-Id: Ia8e4320cbedb205ab183af121da53562792a8faa
To use a source as a path with the anaconda deployment interface,
the kickstart template needs to utilize a 'url' command as opposed
to a second stage ramdisk.
This allows a seamless automatic switch without a customized
kickstart template to just use a URL.
Change-Id: I31febd4e131ed0cc1b37adb9318be8cb17136a68
Fix typo. For anaconda deploy interface, ironic sets the
kickstart 'liveimg' command with the URL from the ironic node's
instance_info's "image_url" value [1], and that "image_url"
value is added by ironic code, using the "image_info" value.
We don't have code that uses any "liveimg_url" value.
[1] https://opendev.org/openstack/ironic/src/commit/
3d3a67daf7d2969d8da691d12351ab5bb32eca80/ironic/common/
pxe_utils.py#L1003
Change-Id: Ic8ce5fa83768c2632eb190cd87dbf81062c7083a
This commit adds documentation about driver_info[external_http_url]
Follow-up If6a117a756b7d2a04251792f88c2ee412a040b28
Change-Id: Ia4787c27ed4c53f4ecb911eb0f9d77ea455c25f3
This patch adds support to specify the URL to be used to publish
the node image when using virtual media.
The option is available under `driver_info['external_http_url']`,
if set this value has priority over the values in the configuration
file ([deploy]/external_http_url and [deploy]/http_url)
Story: 2010221
Task: 45970
Change-Id: If6a117a756b7d2a04251792f88c2ee412a040b28
Few unit tests change attribute of CONF variable via Python
assignment. This changes attribute of CONF, which is instance
of XxxOpt class defined in oslo_config, to Python literal value.
This affects result of another unit test.
To avoid this, we should change attribute of CONF variable with
set_override method.
Change-Id: I4bd8b1b4ea974834f1149fcaa79de85d24f5f7d1
Story: 2010214
Task: 45956
Depends-On: https://review.opendev.org/c/openstack/ironic/+/852253
This patch modifies iRMC driver to use certification file
when it connects to iRMC via HTTPS
Depends-On: https://review.opendev.org/c/openstack/ironic/+/852250
Change-Id: If69ce1cf2789d9d60fb8e544596cf7d29eab514d
Co-authored-by: Kobayashi Daisuke <kobayashi.da-06@fujitsu.com>
Co-authored-by: Song Shukun <song.shukun@jp.fujitsu.com>
Story: 2009801
Task: 44345
Fix indentation for case when raid_type is missing.
Generally, it is not expected that raid_type will be
missing, this is done as a precaution as raid_type
was introduced in Redfish 1.3.1. Now log warning
that raid_type is missing, thus cannot update
raid_config correctly.
Followup to I753c4b00c0a64bcdc89c9bc0afd46f1211f7847b
Change-Id: Id66b87309dd26a2a165b35ac1d81580e4605d629
At current, retry_attempt & retry_interval in ironic.conf [molds]
is instance of StrOpt. However it should be IntOpt class.
If it remains to StrOpt class, tenacity.retry wrapper in common/molds.py
will fail with TypeError.
Change-Id: Iafedf2ec0326009585c1cac251ecae65c9e666ac
Story: 2010215
Task: 45957
Image lookups in the PXE interface, for anaconda specific code,
were previously hard coded to try and invoke use of glance if
needed.
Except, not everything is glance.
Change-Id: I8791623be95e7e47739ee051753de97eb0e5e2a3
do_node_verify function runs vendor-driver-defined verify_step.
However, when vendor verify_step fails, it causes stuck of state
machine at verifying.
This is because do_node_verify function tries to retrieve name
of verify_step through node.verify_step but node doesn't have
verify_step attribute and there is no way to handle exception.
This commit fixes this issue.
Change-Id: Ie2ec6e08214661f7dc61c92de646e2f4d5bb5469
Story: 2010209
Task: 45942
Instance network boot (not to be confused with ramdisk, iSCSI or
anaconda deploy methods) is insecure, underused and difficult to
maintain. This change removes a lot of related code from Ironic.
The so called "netboot fallback" is still supported for legacy boot when
boot device management is not available or is unreliable.
Change-Id: Ia8510e4acac6dec0a1e4f5cb0e07008548a00c52
When you have a multi-db deployment, or even just many
different threads operating on the same server with different
transactions, you can run into a situation where one thread
initiates a transaction to get a list of nodes, and then
another triggers a delete of the chassis (and most likely node,
but hey, there is really no way to detect that and work.)
So as the API is processing the response and making the json
result set, the query to resolve a chassis_id on a node object
can begin to fail.
Before this patch, this would raise an exception to the client.
Now, we just suppress the error, and return the field value
as None.
In the grand scheme, the node is likely has also already
been deleted as well.
Change-Id: I3594ac580c01454c70922a965a2a653a8b568cbb
Closes-Bug: 1508995
Story: 1508995
Task: 10038
The sanboot trick to boot from local disk does not
work on all hardware. If it fails exit 0 from the
iPxe script so that boot continues on the next device
which may be the local disk.
Story: #2009258
Task: #43470
Change-Id: I1b6303a987a102dfbfd233334395321c25a55212
Both will be removed soon. The documentation change is separated
to reduce the size of the final patch.
Change-Id: If4b9b0d095500101ca71a453d71ad95252dd8c0c
It proved useful (supported by Metal3, used in OpenShift) and does not
require any conductor-level configuration.
Change-Id: I57e59ac21e3327b9ad2f1d1436e184b48999006b
Turns out I've had two people try to use disk label
twice in the last week to infer UEFI booting system.
This is not correct, unfortunately.
Clarify that the boot mode needs to be set appropriately.
Change-Id: I515358d40b03ea0d38dad2104a2d3d2c66e0ae8c
We added an additional check, and it turns out the test was passing
when no local webserver was present because it was getting checked,
but things would break when an actual webserver existed which returned
a redirect
Change-Id: If8d29ba3676cf8e11a1010890c90bb67b0d60cb3
Story: 2010181
Task: 45862
In the case of CI test nodes natively supporting and using ipv6,
we don't need to actually setup a fake IPv6 network for ports
to bind to on the local system. So before doin gso, lets check
to see if we can ping the address first. If not, then set it up.
Change-Id: Ib68c706c1f9ef0ad0cf27e7a6acffd2c50ff37ea
Presently, we don't save the state of the routing table,
which means troubleshooting the ipv6 job failures is difficult
because we just have no way of knowing what is truly going on
with the traffic flow.
Possibly, we may be encountering a case where router
advertisements are overrriding route table entries, and
the only way to know is to see the final state of the table.
Change-Id: Ib15cd21e47e3b884bae2cb956f9113e73034391b
Adds support for project manager role support which is a state between
project scoped admin and project scoped member.
Finally enabling to be merged since the higher end goal/work finally
merged on March 1st.
Related: https://review.opendev.org/c/openstack/governance/+/815158
Change-Id: Ia35f4a4c3c2af68dc64bfe32f206e57056876dc7
The use of the anaconda deployment interface can be
confusing when using a standalone deployment model.
Specifically this is because the anaconda deployment
interface was primarily modeled for usage with glance
and the inherent configuration of a fully integrated
OpenStack deployment. The additional prameters are
confusing, so this also (hopefully) provides clarity
into use and options.
Change-Id: I748fd86901bc05d3d003626b5e14e655b7905215
It requires network booting and legacy boot. While the latter will be
supported for a long time, the former is being removed.
Change-Id: Ie48e51fa95ba2059bd3cca6b8968f475934a75e5