12090 Commits

Author SHA1 Message Date
Julia Kreger
e75626392b CI: anaconda: permit tls certificate validation bypass
The stock anaconda template previously lacked any ability
to indicate "don't validate the tls certificate".

The capability for the installation to operate *without*
requiring this to be the case is necessary for efficient
and simple CI testing as injecting CA certificates is
an overly complex interaction for CI testing.

Also updates the overall anaconda documentation to indicate
the constraint exists, but does not indicate explicitly how
to disable the setting via ironic.conf.

Change-Id: Ia8e4320cbedb205ab183af121da53562792a8faa
2022-08-17 12:59:32 -07:00
Julia Kreger
5c1dd47e6c Add kickstart template 'url' option
To use a source as a path with the anaconda deployment interface,
the kickstart template needs to utilize a 'url' command as opposed
to a second stage ramdisk.

This allows a seamless automatic switch without a customized
kickstart template to just use a URL.

Change-Id: I31febd4e131ed0cc1b37adb9318be8cb17136a68
2022-08-17 12:57:57 -07:00
Zuul
c861423eb5 Merge "Document driver_info external_http_url" 2022-08-15 21:17:50 +00:00
Zuul
cc15027504 Merge "Override external_http_url at node level" 2022-08-15 20:06:29 +00:00
Ruby Loo
bd8e482392 anaconda: ks liveimg = instance_info/image_info
Fix typo. For anaconda deploy interface, ironic sets the
kickstart 'liveimg' command with the URL from the ironic node's
instance_info's "image_url" value [1], and that "image_url"
value is added by ironic code, using the "image_info" value.
We don't have code that uses any "liveimg_url" value.

[1] https://opendev.org/openstack/ironic/src/commit/
3d3a67daf7d2969d8da691d12351ab5bb32eca80/ironic/common/
pxe_utils.py#L1003

Change-Id: Ic8ce5fa83768c2632eb190cd87dbf81062c7083a
2022-08-11 15:00:04 +00:00
Iury Gregory Melo Ferreira
05c16f10d5 Document driver_info external_http_url
This commit adds documentation about driver_info[external_http_url]
Follow-up If6a117a756b7d2a04251792f88c2ee412a040b28

Change-Id: Ia4787c27ed4c53f4ecb911eb0f9d77ea455c25f3
2022-08-11 10:44:44 -03:00
Iury Gregory Melo Ferreira
c197a2d8b2 Override external_http_url at node level
This patch adds support to specify the URL to be used to publish
the node image when using virtual media.

The option is available under `driver_info['external_http_url']`,
if set this value has priority over the values in the configuration
file ([deploy]/external_http_url and [deploy]/http_url)

Story: 2010221
Task: 45970

Change-Id: If6a117a756b7d2a04251792f88c2ee412a040b28
2022-08-10 19:28:55 -03:00
Zuul
3d3a67daf7 Merge "Fix iRMC driver to use certification file in HTTPS" 2022-08-10 02:11:51 +00:00
Zuul
f8f83811c4 Merge "Log successful clean up in image cache" 2022-08-10 01:10:01 +00:00
Dmitry Tantsur
e48c62187c Log successful clean up in image cache
Change-Id: I6c53192b69a7b433b2758aa9374cd10b20191af7
2022-08-09 17:59:53 +02:00
Zuul
3058994fc0 Merge "Modify test code to avoid CONF modification affection" 2022-08-09 14:32:18 +00:00
Zuul
1d9c10cfca Merge "Update raid_type handling for Redfish raid_config" 2022-08-09 14:32:15 +00:00
Vanou Ishii
3b28d0984d Modify test code to avoid CONF modification affection
Few unit tests change attribute of  CONF variable via Python
assignment. This changes attribute of CONF, which is instance
of XxxOpt class defined in oslo_config, to Python literal value.

This affects result of another unit test.

To avoid this, we should change attribute of CONF variable with
set_override method.

Change-Id: I4bd8b1b4ea974834f1149fcaa79de85d24f5f7d1
Story: 2010214
Task: 45956
Depends-On: https://review.opendev.org/c/openstack/ironic/+/852253
2022-08-09 15:35:52 +09:00
Zuul
3498cc880b Merge "Change molds option to appropriate class" 2022-08-09 01:58:37 +00:00
Vanou Ishii
64d7a7f307 Fix iRMC driver to use certification file in HTTPS
This patch modifies iRMC driver to use certification file
when it connects to iRMC via HTTPS

Depends-On: https://review.opendev.org/c/openstack/ironic/+/852250
Change-Id: If69ce1cf2789d9d60fb8e544596cf7d29eab514d
Co-authored-by: Kobayashi Daisuke <kobayashi.da-06@fujitsu.com>
Co-authored-by: Song Shukun <song.shukun@jp.fujitsu.com>
Story: 2009801
Task: 44345
2022-08-08 23:39:13 +00:00
Zuul
b746d33053 Merge "Fix pxe image lookups" 2022-08-08 20:32:13 +00:00
Aija Jauntēva
3a621e3983 Update raid_type handling for Redfish raid_config
Fix indentation for case when raid_type is missing.
Generally, it is not expected that raid_type will be
missing, this is done as a precaution as raid_type
was introduced in Redfish 1.3.1. Now log warning
that raid_type is missing, thus cannot update
raid_config correctly.

Followup to I753c4b00c0a64bcdc89c9bc0afd46f1211f7847b

Change-Id: Id66b87309dd26a2a165b35ac1d81580e4605d629
2022-08-08 06:30:53 -04:00
Zuul
b34d79e3f4 Merge "Finally remove support for netboot and the boot_option capability" 2022-08-05 16:47:32 +00:00
Vanou Ishii
35bc014ed9 Change molds option to appropriate class
At current, retry_attempt & retry_interval in ironic.conf [molds]
is instance of StrOpt. However it should be IntOpt class.
If it remains to StrOpt class, tenacity.retry wrapper in common/molds.py
will fail with TypeError.

Change-Id: Iafedf2ec0326009585c1cac251ecae65c9e666ac
Story: 2010215
Task: 45957
2022-08-05 20:06:20 +09:00
Julia Kreger
7b47e09a38 Fix pxe image lookups
Image lookups in the PXE interface, for anaconda specific code,
were previously hard coded to try and invoke use of glance if
needed.

Except, not everything is glance.

Change-Id: I8791623be95e7e47739ee051753de97eb0e5e2a3
2022-08-04 10:42:01 -07:00
Zuul
86638d1dfd Merge "Stop documenting netboot and the boot_option capability" 2022-08-04 13:30:56 +00:00
Zuul
37af146088 Merge "Exit ipxe script if enable_netboot_fallback failed" 2022-08-03 23:28:19 +00:00
Zuul
2f06cc6902 Merge "Enable the ramdisk deploy by default" 2022-08-03 23:28:15 +00:00
Zuul
9a8daeaa15 Merge "Modify do_node_verify to avoid state machine stuck" 2022-08-03 23:28:08 +00:00
Vanou Ishii
f6d2b2ed93 Modify do_node_verify to avoid state machine stuck
do_node_verify function runs vendor-driver-defined verify_step.
However, when vendor verify_step fails, it causes stuck of state
machine at verifying.
This is because do_node_verify function tries to retrieve name
of verify_step through node.verify_step but node doesn't have
verify_step attribute and there is no way to handle exception.

This commit fixes this issue.

Change-Id: Ie2ec6e08214661f7dc61c92de646e2f4d5bb5469
Story: 2010209
Task: 45942
2022-08-03 14:41:13 +09:00
Dmitry Tantsur
f0a1778766 Finally remove support for netboot and the boot_option capability
Instance network boot (not to be confused with ramdisk, iSCSI or
anaconda deploy methods) is insecure, underused and difficult to
maintain. This change removes a lot of related code from Ironic.

The so called "netboot fallback" is still supported for legacy boot when
boot device management is not available or is unreliable.

Change-Id: Ia8510e4acac6dec0a1e4f5cb0e07008548a00c52
2022-08-02 12:47:31 +02:00
Julia Kreger
fb253a670f Suppress Chassis Not Found on API Operation
When you have a multi-db deployment, or even just many
different threads operating on the same server with different
transactions, you can run into a situation where one thread
initiates a transaction to get a list of nodes, and then
another triggers a delete of the chassis (and most likely node,
but hey, there is really no way to detect that and work.)

So as the API is processing the response and making the json
result set, the query to resolve a chassis_id on a node object
can begin to fail.

Before this patch, this would raise an exception to the client.

Now, we just suppress the error, and return the field value
as None.

In the grand scheme, the node is likely has also already
been deleted as well.

Change-Id: I3594ac580c01454c70922a965a2a653a8b568cbb
Closes-Bug: 1508995
Story: 1508995
Task: 10038
2022-08-02 02:56:07 +00:00
Derek Higgins
fb73bdf105 Exit ipxe script if enable_netboot_fallback failed
The sanboot trick to boot from local disk does not
work on all hardware. If it fails exit 0 from the
iPxe script so that boot continues on the next device
which may be the local disk.

Story: #2009258
Task: #43470

Change-Id: I1b6303a987a102dfbfd233334395321c25a55212
2022-08-01 17:26:49 -07:00
Zuul
45c9c3029f Merge "Add audit middleware options to ironic.conf" 2022-08-01 18:30:32 +00:00
Dmitry Tantsur
41484988ef Stop documenting netboot and the boot_option capability
Both will be removed soon. The documentation change is separated
to reduce the size of the final patch.

Change-Id: If4b9b0d095500101ca71a453d71ad95252dd8c0c
2022-08-01 16:36:25 +02:00
Dmitry Tantsur
f8135b22f6 Enable the ramdisk deploy by default
It proved useful (supported by Metal3, used in OpenShift) and does not
require any conductor-level configuration.

Change-Id: I57e59ac21e3327b9ad2f1d1436e184b48999006b
2022-08-01 16:34:20 +02:00
Zuul
e651fd6db5 Merge "Imported Translations from Zanata" 2022-08-01 11:39:06 +00:00
OpenStack Proposal Bot
c870b5525c Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I3b6a4d80bf2f35bac4d33e15e3ab0d913bdeac71
2022-08-01 03:53:34 +00:00
Zuul
7a2a12ac95 Merge "Imported Translations from Zanata" 2022-08-01 03:32:06 +00:00
OpenStack Proposal Bot
0335ad16c8 Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: I0a9b547e92b288a555c246d63d007b831a6e1190
2022-07-28 04:33:45 +00:00
Julia Kreger
56d3c5a031 Clarify disk_label with a warning
Turns out I've had two people try to use disk label
twice in the last week to infer UEFI booting system.

This is not correct, unfortunately.

Clarify that the boot mode needs to be set appropriately.

Change-Id: I515358d40b03ea0d38dad2104a2d3d2c66e0ae8c
2022-07-25 13:20:23 -07:00
Zuul
4d5c60650e Merge "CI: Only setup fake v6 interface if needed" 2022-07-25 17:07:51 +00:00
Zuul
e98d51502e Merge "CI: Save routing table information for troubleshooting" 2022-07-25 17:07:47 +00:00
Julia Kreger
9f66a95aa7 Fix adoption unit test image check
We added an additional check, and it turns out the test was passing
when no local webserver was present because it was getting checked,
but things would break when an actual webserver existed which returned
a redirect

Change-Id: If8d29ba3676cf8e11a1010890c90bb67b0d60cb3
Story: 2010181
Task: 45862
2022-07-22 07:01:28 -07:00
Zuul
b7c71bdbb8 Merge "[iRMC] Add SNMPv3 authentication functionality" 2022-07-22 00:54:38 +00:00
Zuul
7673cb827b Merge "Deprecate syslinux" 2022-07-22 00:53:46 +00:00
Zuul
36bbd363e8 Merge "project scoped manager support" 2022-07-22 00:53:43 +00:00
Zuul
bee0a4e31a Merge "Do not require stage2 for anaconda with standalone" 2022-07-21 18:46:10 +00:00
Julia Kreger
f7471f07c3 CI: Only setup fake v6 interface if needed
In the case of CI test nodes natively supporting and using ipv6,
we don't need to actually setup a fake IPv6 network for ports
to bind to on the local system. So before doin gso, lets check
to see if we can ping the address first. If not, then set it up.

Change-Id: Ib68c706c1f9ef0ad0cf27e7a6acffd2c50ff37ea
2022-07-20 11:08:20 -07:00
Julia Kreger
8c95131d81 CI: Save routing table information for troubleshooting
Presently, we don't save the state of the routing table,
which means troubleshooting the ipv6 job failures is difficult
because we just have no way of knowing what is truly going on
with the traffic flow.

Possibly, we may be encountering a case where router
advertisements are overrriding route table entries, and
the only way to know is to see the final state of the table.

Change-Id: Ib15cd21e47e3b884bae2cb956f9113e73034391b
2022-07-20 11:02:39 -07:00
Julia Kreger
0311ea7c92 project scoped manager support
Adds support for project manager role support which is a state between
project scoped admin and project scoped member.

Finally enabling to be merged since the higher end goal/work finally
merged on March 1st.

Related: https://review.opendev.org/c/openstack/governance/+/815158
Change-Id: Ia35f4a4c3c2af68dc64bfe32f206e57056876dc7
2022-07-20 07:17:52 -07:00
Julia Kreger
33bb2c248a Do not require stage2 for anaconda with standalone
The use of the anaconda deployment interface can be
confusing when using a standalone deployment model.

Specifically this is because the anaconda deployment
interface was primarily modeled for usage with glance
and the inherent configuration of a fully integrated
OpenStack deployment. The additional prameters are
confusing, so this also (hopefully) provides clarity
into use and options.

Change-Id: I748fd86901bc05d3d003626b5e14e655b7905215
2022-07-20 06:50:03 -07:00
Zuul
d005ed826c Merge "Remove support for trusted boot" 2022-07-20 09:01:12 +00:00
Zuul
db0e1cc0ec Merge "Docs: specify what to do with the created images" 2022-07-18 17:42:44 +00:00
Dmitry Tantsur
dbcce25d38 Remove support for trusted boot
It requires network booting and legacy boot. While the latter will be
supported for a long time, the former is being removed.

Change-Id: Ie48e51fa95ba2059bd3cca6b8968f475934a75e5
2022-07-18 17:44:35 +02:00