* Updates API version to 1.85 to permit an ``unhold`` verb
* Adds the ``deploy hold`` and ``clean hold`` provision states
to the internal state machine.
* Adds on documentation on steps to help provide greater clarity
to Ironic's users on how to utilize steps. It should be noted
this documentation also includes the power state reserved step
names from the DPU functionality patch.
* Fixes the state machine diagram. Changes type to PNG as SVG
rendering is broken due to python libraries utilized for SVG
generation which do not work on more recent Python versions.
Change-Id: I34f58f4e77e7757b89247fd64f5fcde26f679453
Template databases are not designed to run random SQL code. They should
only be accessed to modify the template itself. Use postgres instead.
Change-Id: Id7d38895d8d04964557447ecbc6ca29f39f626c9
Ironic supports enabling the audit middleware. This change adds
the option for the middleware to the ironic.conf file generated by
oslo-config-generator.
Depends-on: https://review.opendev.org/804316
Change-Id: Ic7adb755f47ea65fe975dfbc7cca905a376d728e
The prepare_service call from ironic.common.service is changed to also
configure guru meditation and profiler. A new call prepare_command is
provided for the cases it's not required.
Change-Id: I5b9b7b7bc827c8bcda06e9a967deae8577ad87f4
This is part of the work to add jobs which confirm ironic works with
FIPS enabled, but this change is also appropriate non-FIPS jobs.
Change-Id: I4af4e811104088d28d7be6df53c26e72db039e08
Adds a horribly written, just hacked together little tool to help
provide sizing insight into an ironic deployment's state and underlying
performance.
Key data:
* Queries the list of node from a pure python interface level with the
database and reports timeing for the list of nodes to be returned.
This information helps convey how long a periodic hits the database
just for the query.
* Requests *all* nodes using the query pattern/structure of the nova
resource tracker, and uses the marker to make any additional requsts.
The data is parsed, and collected, and counts identified vendors,
if any.
* Collects basic data on conductors in terms of running, conductor groups
as well as currently loaded drivers in the deployment.
All of this information provides operational insight into *what*
conditions exist within the deployment allowing developers to try
and identify solutions based on the unique circumstances of larger
deployments.
Also adds a utility to generate and semi-randomize data to allow us to
create a benchmark job in CI.
Change-Id: Iae660aea82db8f1c4567ee2982595ccfdf434fe3
Generating a yaml file called policy.json.sample is a bit misleading
because the file is not valid json, this change fixes that, with the
intention that the user can copy policy.yaml.sample to
/etc/ironic/policy.yaml and make customizations.
Change-Id: Ie6d5c8c38d785005d2bf2dc8f9f7ac42c2e8f7fb
Spotted in focal container while running pep8, updates the shebang
to use python3 explicitly, also removes the unused -tt argument.
Change-Id: Icb16ac63a83379cafe9a7dac380f2b87b881adc9
Opendev infra changed py36 defaults to run on centos8 and
of course, there is no python-devel mapping on centos.
Removed the entry and adjusted the test-setup.sh script
so the databases are started locally as they are not auto
started upon installation.
Change-Id: I826757ad73b0b14f119f9205475379b85f111383
The md5 function is not available on systems in FIPS mode, just
use the callable name (which is closer to how repr usually looks).
Change-Id: I4319ce2f42f35251595306b9a77ae1f8bc55595c
Starting from mysql version 8 it's not possible to create a user
implictly when using GRANT.
This patch makes the behavior compatible with that.
Change-Id: I2b73a532deb8782c2c0bb05070b727e9edc6e9d8
Co-written-by: Riccardo Pittau <elfosardo@gmail.com>
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
GMR requires configuring a path for storing the report via [oslo_reports]log_dir,
this is empty by default, and currently there is no means to specify this option,
thus doesn't respond with SIGUSR2.
Though gmr is optional, test requirement is still required so that we can
generate proper configuration sample for it.
Story: 2007570
Task: 39467
Change-Id: I0f03e9d01a3c4e42a4fc8bf2d8ceb2d1a587056c
currently it is impossible to use ironic-api for both internal and
public api at the same time when both of those are using (ssl
terminating) proxies as there's only one config option to override the
resource url's in responses ([api]public_endpoint).
This patch adds the http_proxy_to_wsgi middleware from oslo.middleware
to the ironic API service, which, with properly configured proxies,
makes the choice of correct URL automatic, and thus makes such scenario
possible.
As this middleware may potentially not properly handle some
endpoint URL schemas, leave the api.public_endpoint option as a backup,
but it will be ignored when proxy headers parsing is enabled.
Change-Id: I3ce6b0726b479c2835f8777957b2cb12d8098aec
Story: #2006303
Task: #36019
Adds bandit configuration template and exclude some of
tests that we don't want to fix for the moment.
Keeping job unvoted so that we can keep an eye on possible
issues while not breaking gate.
Change-Id: Ic577cad3b61421c04023ea887236992acb19f77c
Story: 2005791
Task: 33518
The exception modules in ironic and ironic-lib contain the same
almost identical class IronicException.
With this patch we directly use the one in ironic-lib.
Updating requirements and lower-constraints to use compatible
version of ironic-lib.
Also deprecating duplicated fatal_exception_format_errors
option.
Change-Id: I1ce0d12d912020346425fd658d3b1807607455a4
Story: 1626578
Task: 10515
This change adds an option to publish the endpoint via mDNS on start
up and clean it up on tear down.
Story: #2005393
Task: #30383
Change-Id: I55d2e7718a23cde111eaac4e431588184cb16bda
As we are not maintaining sample config file in the repo now,
the checkconfig can be removed since it's always generated from
the code.
Change-Id: I5bfd7c5cbb048a71864fac4fcfebb940529f87f1
This change will add how to create windows images article
in portgroup docs. these images will support to create port
bounding through ironic services.
This feature has tested on Fujitsu servers successfully.
Change-Id: I1ce941a16f080fce1699d8629a7e12a2c2d83ade
Bashate introduces a new error, E044, which attempts to
identify any questionable conditionals that would be
incorrectly using bracketing. That being said, it is
modeled on keeping the design simple, and errors on more
condensed lines where conditionals are included.
Since we don't need this, and the case where it is erroring
is invalid as the test is overly simple, lets ignore it.
Change-Id: Ie46dcd6cd6100f3c7e35c2c817828e45bd6b7921
The 'releasenotes' gate job does not run our tox section. This allowed a
releasenote to land that had a filename in an incorrect format because
it was not created with 'reno new'.
Move the running of 'tools/check-releasenotes.py' to the pep8 section
and whitelist the releasenote that got merged.
Change-Id: Id5bd8e0cbc9186c89f682224088a8f23998d59c3
This adds the healthcheck middleware from oslo, configurable via the
[healthcheck]/enabled option. This middleware adds a status check at
`/healthcheck`.
This is useful for load balancers to determine if a service is up (and
add or remove it from rotation), or for monitoring tools to see the
health of the server.
This endpoint is unauthenticated, as not all load balancers or
monitoring tools support authenticating with a health check endpoint.
Change-Id: I7929d5f4502c3f84b1cf30526c94a458081a6a29
Closes-Bug: #1748515
We now use the project openstack/ironic-tempest-plugin to store our
tempest plugin. All content from the ironic_tempest_plugin/ directory
has been ported to that project.
We no longer want to have the plugin content stored here so we delete
it.
Remove check in tools/flake8wrap.sh that prevented changes to the
ironic_tempest_plugin/ directory.
Change-Id: I700bd7b71472fa91f6bc02aebc055584df08e0ef
Add a check to the PEP8 test to prevent changes to the
ironic_tempest_plugin/ directory.
This will be removed when we remove the ironic_tempest_plugin/
directory.
Change-Id: I3cdbb39ebc661652ff9ceba5f3115ac26667953b
This patch does the following:
* Adds a configuration folder to contain automated generated config
files for Ironic.
* Adds `oslo_config.sphinxconfiggen` to the extensions list.
* Adds `oslo_policy.sphinxpolicygen` to the extensions list.
* Adds ironic-policy-generator.conf
This is important for Ironic to be included in the list of services
on https://docs.openstack.org/pike/configuration/
Change-Id: I51a7204ce00be2588e427c1951e8be7dc7a22647
Closes-bug: #1706176
This patch does the following:
* Adds osprofiler wsgi middleware
This middleware is used for 2 things:
- It checks that person who wants to trace is trusted and knows
secret HMAC key.
- It starts tracing in case of proper trace headers
and adds first wsgi trace point, with info about HTTP request.
* Adds initialization of osprofiler at start of service
- Initialize and set an oslo.messaging based notifier instance
to osprofiler, which will be used to send notifications to Ceilometer.
* Traces HTTP/RPC/DB API calls and SQL requests
NOTE to test this patch:
1) Make the following changes in localrc to configure DevStack to enable
OSProfiler:
enable_plugin panko https://git.openstack.org/openstack/panko
enable_plugin ceilometer https://git.openstack.org/openstack/ceilometer
enable_plugin osprofiler https://git.openstack.org/openstack/osprofiler
# Enable the following services
CEILOMETER_NOTIFICATION_TOPICS=notifications,profiler
ENABLED_SERVICES+=,ceilometer-acompute,ceilometer-acentral
ENABLED_SERVICES+=,ceilometer-anotification,ceilometer-collector
ENABLED_SERVICES+=,ceilometer-alarm-evaluator,ceilometer-alarm-notifier
ENABLED_SERVICES+=,ceilometer-api
NOTE: the order of enabling plugins matters.
2) Run stack.sh. Once DevStack environment is setup, enable profiler options
in ironic.conf and restart ironic services:
[profiler]
enabled = true
hmac_keys = SECRET_KEY
trace_sqlalchemy = true
3) Use openstackclient and run baremetal command with
--os-profile SECRET_KEY
[--profile can be used, but it is deprecated.]
For example, the following will cause the <trace-id> to be printed
after node list:
$ openstack --os-profile SECRET_KEY baremetal node list
.....
.....
Trace ID: <trace-id>
Display trace with command:
osprofiler trace show --html <trace-id>
4) The trace results can be saved using this command:
$ osprofiler trace show --html <trace-id> --out trace.html
OSprofiler spec: https://review.openstack.org/#/c/103825/
Co-Authored-By: Tovin Seven <vinhnt@vn.fujitsu.com>
Co-Authored-By: Hieu LE <hieulq@vn.fujitsu.com>
Partial-Bug: #1560704
Change-Id: Icd3d7c62cf7442de8a77fc67f119ae9b03725f02
Add simple script to setup mysql and postgresql databases, this script
can be run by users during testing and will be run by CI systems for
specific setup before running unit tests. This is exactly what is
currently done by OpenStack CI in project-config.
This allows to change in project-config the python-db jobs to
python-jobs since python-jobs will call this script initially.
See also
http://lists.openstack.org/pipermail/openstack-dev/2016-November/107784.html
Update devref for this.
Needed-By: I58c1d37d620ca058a4c2127e329d8d21b391965f
Change-Id: Id21d3481f7b4929c40c7351e6321d9ba5ad078b8
In addition to the normal bare-metal console logs that devstack
generates, create a "no ansi" version of the log that will be easier to
view/parse when viewing the logfiles.
Change-Id: Ic321db38f694d82362a6b1be91f891a06fb18c11
Before bashate was only running on the devstack/ directory. Have it
now run on the entire project for *.sh files.
Fix issues detected by bashate.
Also check the files:
devstack/files/hooks/qemu
devstack/lib/ironic
These files were located by doing:
$ find openstack/ironic/ -not \( -type d -name .?\* -prune \) \
-type f -not -name '*.sh' | xargs file | grep -i "shell script"
Change-Id: I238b7ab650781143fe8231e01250ab56120ff94f
This change adds initial metrics for Ironic based on new support in
ironic-lib. Emits timing metrics for basic Ironic API calls.
Bumps ironic-lib to 2.0.0 in requirements to add metrics support, as
well as adding ironic_lib.metrics and ironic_lib.metrics_statds to
ironic-config-generator.conf to get them in the sample config, which
is also regenerated.
Change-Id: Ic35802e4cd11763ebbedb8ddc28f7e8dc535cc2f
Partial-bug: #1526219
oslo_config provide a utility for generating sample config files,
which provide more detail about opts, like Minimum/Maximum value
and Allowed values.
So drop Ironic's "generate_sample.sh" which was copied from
oslo-incubator long time ago.
Add a new entry point "ironic" under oslo.config.opts namespace to
explore config options to oslo-config-generator.
After this patch, new config options of Ironic code should register
with ironic/conf/opts.py. New external libraries should
register with tools/config/ironic-config-generator.conf
There is a bug #1554657 with oslo-config about deprecated_group.
This bug have impact of some configs from keystonemiddleware
and oslo.messaging in ironic.conf.sample
So currently, deprecated option should always add the deprecated_group
even it didn't alter the group, otherwise the deprecated group value will
be 'DEFAULT'.
Update etc/ironic/ironic.conf.sample via running 'tox -egenconfig'.
Closes-Bug: #1564195
Change-Id: If7721e98e69b6f54f1ee04a07477396b86583371
This updates the state machine diagram and documentation to indicate
which transitions are initiated by API requests versus the ones that
are internally done by the conductor. Stable states are highlighted
a bit.
Change-Id: I1a2de81b14696286f1da47c06374ad235962c849
Closes-Bug: #1527316
This makes tox use a simple wrapper around flake8 like
Nova, which can be told to restrict the check to only
files changed in the current command. This can be invoked
in a simple manner with 'tox -epep8 -- -HEAD'. Since most
commits only touch a handful of files, this will usually
be far faster than checking all source files.
To check an entire branch for bisectability it can be
automated via
git rebase -i master -x 'tox -epep8 -- -HEAD'
Change-Id: I75b1cfe3198b1217f8b25877714a4af47ae7069f
This patch allows flake8 to run against the scripts under tools/ and
devstack/tools directories.
It also fix the current pep8 errors where it's needed.
Change-Id: I3f447564dd528c6efdee10a4a13f1ff1d7e1c3b1
In order to easily determine the file type of the scripts in
devstack/tools/ironic/scripts directory, this patch is adding the
correspoding extension to each script.
Change-Id: Ifb53b768b7a3b38561031c92c279fa520e289b3d
Apparently # is treated as a comment inside the string and as
consequence the rest of the command gets stripped. This patch drops
those comments from the bashate command.
This patch also moves the bashate command to its own script under
tools/.
Change-Id: Ic44bb64419ca1465f69c91fd579e8c84d69f84b8
Closes-Bug: #1527562
The disk partitioner related code from ironic/common/disk_partitioner.py
and ironic/drivers/modules/deploy_utils.py is being moved to ironic-lib.
The code in ironic needs to be removed and use ironic-lib to perform
disk related activities.
Change-Id: I7b1b1d8b45b947a7b5715f3c6ab49d84e84b6b90
Add posibility to configure the API to service requests via HTTPS instead
of HTTP using native ssl from oslo.service wsgi.
New options was added:
* enable_ssl_api - turn on ssl support;
Options defined in oslo.service for configure certs:
* ca_file - ca certificate file to use to verify connecting clients;
* cert_file - certificate file to use when starting the server securely;
* key_file - private key file to use when starting the server securely;
Closes-bug: #1430213
Change-Id: Id4b84d83f9aa6c7f898b3b9b59158d5b1a00e159
This refactors map_color() so that it returns a dictionary, instead
of the callers (of that method) doing that work.
Change-Id: I55a808d889fd3818c1f262dcab7af9ffa8c6e557