| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tl;dr is that UEFI NVRAM is in encoded
in UTF-16, and when we run the efibootmgr command,
we can get unicode characters back.
Except we previously were forcing everything to be
treated as UTF-8 due to the way oslo.concurrency's
processutils module works.
This could be observed with UTF character 0x00FF
which raises up a nice exception when we try to
decode it.
Anyhow! while fixing handling of this, we discovered
we could get basically the cruft out of the NVRAM,
by getting what was most likey a truncated string
out of our own test VMs. As such, we need to also
permit decoding to be tollerant of failures.
This could be binary data or as simple as flipped
bits which get interpretted invalid characters.
As such, we have introduced such data into one of our
tests involving UEFI record de-duplication.
NOTE: One of the unit tests from the stable/xena backport
were removed, as software raid was still in-flight at the
end of Wallaby.
Closes-Bug: 2015602
Change-Id: I006535bf124379ed65443c7b283bc99ecc95568b
(cherry picked from commit 76accfb880474445a5dcb07825889123b3dd0237)
(cherry picked from commit 9f84c8b3d1fa0e08bf1f799f37a11698f8da07a4)
(cherry picked from commit d77424d7315e24390d6b159eab8dd9b3d4c56942)
|
|
|
|
|
|
|
|
|
|
| |
Reno was assuming all tags ending in -eol represented an old, EOL'd
stable branch. That's not true for Ironic projects which have bugfix
branches. Update the regexp to exclude those branches.
Co-Authored-By: Adam McArthur <adam@mcaq.me>
Change-Id: I265969ab40a98a02962c2fc8460b6519ab576f99
(cherry picked from commit f8fc7e52f36de5c3515e60f5d2e6347a538a80d8)
|
|
|
|
|
|
|
| |
- passenv needed better structure
- usedevelop no longer allowed alongside skipsdist
Change-Id: I22dae3b1e4cca2dc328c21e889acf7fe98a80e0b
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, if smartctl is not found by IPA, it will silently skip ATA
secure erase and proceed to shred (if enabled). This is supposedly for
backwards compatibility, but is quite hard to diagnose.
This change adds a warning message to make it more obvious what is
happening.
TrivialFix
Change-Id: I03a381e99de79f201ec7e9a388777c3d48457e93
(cherry picked from commit b68fa6b2e13774dbde5d0b81f6bf0b0095536aa4)
|
|
|
|
|
|
|
|
|
|
|
| |
IPA dropped support for Python2 long ago,
and now Python2 is not even available in newer distros,
breaking installation if IPA binary dependencies.
Change-Id: I75a618f94de58f6de2bd96b37de1894bb0e61998
(cherry picked from commit d8a6bf5f61eb1365294c6c07840286f46c9535fc)
(cherry picked from commit 5cc653cbfe32699c9940d34842d5b4a5e2fe35a0)
(cherry picked from commit b62f13aeb776b9d6995b623d802ebaf3a20e3879)
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In case no BOM is present in the CSV file the utf-16 codec won't work.
We fail over to utf-16-le as Little Endian is commonly used.
NOTE: The original change landed this fix in efi_utils.py, however
that was introduced after the Xena development cycle, so this
backport moves the original change to where the code originally
came from to populate the efi_utils.py file.
Change-Id: I3e25ce4997f5dd3df87caba753daced65838f85a
(cherry picked from commit 697fa6f3b6db10408eaadd57450456de87f13519)
(cherry picked from commit 99b9d1403cacd3bbd489a6cf6913f32746ef6083)
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the event a device name is set to contain a raid device path,
it is possible for the Name and Events field values of mdadm's
detailed output to contain text which inadvertently gets captured and
mapped as component data for the "holder" devices of the RAID set.
This would cause invalid values to get passed to UEFI methods
which would cause a deployment to fail under these circumstances.
We now ignore the Name and Events fields in mdadm output.
Change-Id: If721dfe1caa5915326482969e55fbf4697538231
(cherry picked from commit f3e3de8097f05cc830768da7d3f3e9eae04b40a1)
(cherry picked from commit 6660e01e1f8a6e7a40b798eea5215b1eddcbe0c3)
(cherry picked from commit 5751f60353f3a4bf325a8c9335d743eec45fbcd1)
|
|/
|
|
|
|
|
|
|
|
|
|
| |
Also added a required project so *in theory*
the source code for ipa-b off of the branch
for the job as opposed to a pypi package bound
requirements. ipa-b is one of those projects we
*always* state latest is best, but in this case
we also don't want to fight other possible issues.
Depends-On: https://review.opendev.org/c/openstack/ironic-python-agent-builder/+/860433
Change-Id: I1e7a3b3c9ded13b10002bb47e98d4a7b486e1dd4
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While investigating another grub issue, I was confused by the path
taken in the logs reported, and noticed that on a ramdisk, we might
not actually have a valid response to os.path.ismount, I'm guessing
depending on what in memory filesystem is in use while also coupled
with attempting to check a filesystem.
Adds a test to validate that exceptions raised on these commands
where this issue can be encountered, are properly bypassed, and also
adds additional logging to make it easier to figure out what is
going on in the entire bootloader setup sequence.
Change-Id: Ibd3060bef2e56468ada6b1a5c1cc1632a42803c3
(cherry picked from commit e5d552474b21137ae2a66f17bdab5fc1bbf31ec6)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Recent releases of redhat grub2 will always fail when installing to
EFI paths, to encourage a transition to the signed shim bootloader.
Partition image deploys avoid calling grub2-install with the
preserve-efi-assets functions. Deploying whole disk images doesn't
require grub2-install. This leaves whole disk images installed onto
softraid devices, which still attempts to call grub2-install.
This change will still attempt to run grub2-install in this
one remaining case, but will ignore any failure.
A future enhancement can avoid calling grub2-install entirely so that
non-redhat secure-boot capable images can keep their signed
bootloaders.
Story: 2008923
Task: 42521
Change-Id: If432ef795d64d76442d739eb4f7d155ff847041e
(cherry picked from commit a057be7dadc898ec813b2cac14913cd8523fbbcc)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If present gather information about bonded interfaces.
Story: #2010093
Task: #45637
Change-Id: I394187640b4788ebec21c3391d33ed728fb72ffa
(cherry picked from commit 7e4fe3bf6a2ae41656b7923796f9c2d056a2ed04)
|
| |
| |
| |
| |
| |
| |
| |
| | |
UDev prefix is DM_ not ID_ for them. On top of that, they don't have
short serials (or at least don't always have).
Change-Id: I5b6075fbff72201a2fd620f789978acceafc417b
(cherry picked from commit 69e22545033f544d628f9c4ecd5a665ba0b5b85e)
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Removes multipath base devices from consideration by
default, and instead allows the device-mapper device
managed by multipath to be picked up and utilized
instead.
In effect, allowing us to ignore standby paths *and*
leverage multiple concurrent IO paths if so offered
via ALUA.
In reality, anyone who has previously built IPA with
multipath tooling might not have encountered issues
previously because they used Active/Active SAN storage
environments. They would have worked because the IO lock
would have been exchanged between controllers and paths.
However, Active/Passive environments will block passive
paths from access, ultimately preventing new locks from
being established without proper negotiation. Ultimately
requiring multipathing *and* the agent to be smart enough
to know to disqualify underlying paths to backend storage
volumes.
An additional benefit of this is active/active MPIO devices
will, as long as ``multipath`` is present inside the ramdisk,
no longer possibly result in duplicate IO wipes occuring
accross numerous devices.
Story: #2010003
Task: #45108
Resolves: rhbz#2076622
Resolves: rhbz#2070519
Change-Id: I0fd6356f036d5ff17510fb838eaf418164cdfc92
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We forgot to revert it. This job covers software RAID and manual
cleaning, so it's very important to avoid regressions, even if it costs
us some rechecks from time to time.
Change-Id: I2446afeaca866ffc3131b5e9f266526f35fc5ed7
(cherry picked from commit b921b761679df06afe19ac6f570f66fa1fdcf371)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The logic of adding a partition number to the device path does not work
for devicemapper devices (e.g. a multipath storage device).
Conflicts:
ironic_python_agent/efi_utils.py
ironic_python_agent/extensions/image.py
ironic_python_agent/tests/unit/extensions/test_image.py
ironic_python_agent/tests/unit/test_efi_utils.py
Change-Id: I9a445e847d282c50adfa4bad5e7136776861005d
(cherry picked from commit f09f6c9f1a09c7062d0450b3e0a4d3164fd53f7f)
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depending on the how the stars align with partition images
being written to a remote system, we *may* end up with
*either* a Partition UUID value, or a Partition's UUID value.
Which are distinctly different.
This is becasue the value, when collected as a result of writing
an image to disk *falls* back and passes the value to enable
partition discovery and matching.
Later on, when we realized we ought to create an fstab entry,
we blindly re-used the value thinking it was, indeed, always
a Partition's UUID and not the Partition UUID. Obviously,
the label type is quite explicit, either UUID or PARTUUID
respectively, when initial ramdisk utilities such as dracut
are searching and mounting filesystems.
Adds capability to identify the correct label to utilize
based upon the current state of the block devices on disk.
Granted, we are likely only exposed to this because of IO
race conditions under high concurrecy load operations.
Normally this would only be seen on test VMs, but
systems being backed by a Storage Area Network *can*
exibit the same IO race conditions as virtual machines.
Change-Id: I953c936cbf8fad889108cbf4e50b1a15f511b38c
Resolves: rhbz#2058717
Story: #2009881
Task: 44623
(cherry picked from commit 99ca1086dbfc7b6e41cf800b0bd899565e2e8922)
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I accidently put colons on the test data and remembered taking the
colon character out of the regex I was working on, but apparently
left it in, and accounted for the active entry indicator flag
which appears to have inconsistent support across vendors.
The regex has been fixed, and a test added from a Lenovo SR650
which has some additional string entry data in the UEFI output
which may separate entries.
Change-Id: I1f67b0fb1f645fa82e98bd7c7bba3ffc7755cc74
(cherry picked from commit e10f052c06c03016b0ff4d9c1f3191c79fc50a1a)
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
Use add instead of update to re-read the partition table with partx.
See [1] for more details.
Co-authored-by: Arne Wiebalck <arne.wiebalck@cern.ch>
[1] https: //opendev.org/openstack/ironic-python-agent/commit/dc8c1f16f9a00e2bff21612d1a9cf0ea0f3addf0
Change-Id: I2336e22dadc790cfbde87904612fcaa3b8c501db
(cherry picked from commit 23e67b5fea58295d0320f99d4513a66d720f09ee)
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some firmware seems to take an objection with EFI nvram
entries being deleted after one is added, resulting in the
entire entry table being reset to the last known good state.
This is problematic, as ultimately deployments can time out
if we previously booted with Networking, and the machine, while
commanded to do other wise, reboots back to networking regardless.
We will now delete entries first, before proceeding.
Additionally, for general use, this pattern may serve the
community better by avoiding cases where we would have
previously just relied upon efibootmgr[0] to warn us of duplicate
entries.
[0]: https://github.com/rhboot/efibootmgr/blob/103aa22ece98f09fe3ea2a0c83988f0ee2d0e5a8/src/efibootmgr.c#L228
Change-Id: Ib61a7100a059e79a8b0901fd8f46b9bc41d657dc
Story: 2009649
Task: 43808
(cherry picked from commit 67eddfa7e3fedbb530045f5b43a2c89db832fa2a)
(cherry picked from commit 33b39705a50513c5af411216b48e2a6f6ac9ab14)
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
When debugging boot manager problems it can be advantageous to
see all the full entries rather then just their labels.
Change-Id: I6a1bb78acaf5a4284727bdf533d4be6db2099f50
(cherry picked from commit caf695f70ab366498b46cb6f07f6751369c67e30)
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Re-read the partition table with 'partx -a', rather than 'partx -u'.
This should fix an timing issue where the bootloader installation
fails to mount the EFI partition from a whole disk image since it
is not yet aware of the new partitions (observed with both, the
iscsi and the direct deploy interface).
Change-Id: If5da3075e813ae01df3decf8f0647aba111b0515
(cherry picked from commit dc8c1f16f9a00e2bff21612d1a9cf0ea0f3addf0)
|
|/
|
|
|
|
|
|
|
|
|
| |
The EFI partition UUID may be None and this will break
the fstab editing. While this is not necessarily fatal when
instantiating a node, it creates an exception at the end of
bootloader installation, so only attempt to add a line to
fstab when the UUID is not None.
Change-Id: I68799980e67c05afe4ca68ca9733605dd166d54d
(cherry picked from commit 333ed70c94e366f16d8f2633f74a5ef05aa5fadb)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a race during software RAID creation:
we create the partition with parted, the kernel then
notifies udev, but we need to wait for udevd to create
the device files before calling mdadm to create the
md device.
Credits to jcosmao for finding this.
Change-Id: I642f28acc351cf50263e37dfbc8468bf59de2cc5
(cherry picked from commit 9d707e9f4bab40109b7e29df2136e86d65325ea3)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to make sure we have the correct time early, e.g.
by the time we create a TLS certificate, this patch proposes
to force an immediate NTP update when using chronyd. While
the previous approach uses the passed NTP server as well, the
update may happen only after chronyd has performed measurements
(which may be too late).
Story: #2009058
Task: #42843
Change-Id: I6edafe8edeb8549f324959e7a1ec175c3049a515
(cherry picked from commit 5531d5cee744f90ff24231a9ef467282b254adc2)
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Check if the ESP is already mounted before attempting to mount it
for the bootloader installation.
Change-Id: Ifd738b2c5663f1a211d7e13b5ba386be631d8db1
(cherry picked from commit 27568204aeb7f063bf236ad7f2f8043db627baa9)
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The IPA sends heartbeats to the conductor periodically and when
requested, e.g. at the end of asynchronous commands. In order
to avoid to send such notifications in too quick succession,
e.g. when two asynchronous commands finish at the same time or
when the periodic heartbeat was just sent right before a command
ended, this patch proposes to coalesce heartbeats which are
close together timewise and send only one for all of them
in a time interval of 5 seconds.
Co-Authored-By: Arne Wiebalck <arne.wiebalck@cern.ch>
Story: #2008983
Task: 42633
Change-Id: Idfbce44065e1e5a8b730b94741b2604c51f0ab14
(cherry picked from commit b605943796c24a174f0709b84170e0c6de7f4238)
|
|
|
|
|
|
|
|
|
| |
It's not uncommon that some commands fail when collecting logs.
We already log all failures in utils.execute, no need to duplicate
them with a non-fatal ERROR logging.
Change-Id: If151b3a3be979bd2b3ce01030e5d6242ad74eaa3
(cherry picked from commit 2fcf35e56d578d98d77ffc97b6441f83548d7704)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds support to identify and utilize a CSV file to signal which
bootloader to utilize, and set it when the OS is running as opposed
to when EFI is running. This works around EFI loader potentially
crashing some vendors hardware types when entry stored in the
image does not match the EFI loader record which was utilzied to
boot.
Grub2+shim specifically specifically needs the CSV file name
and entry label to match what the system was booted with in order
to prevent the machine from potentially crashing.
See https://storyboard.openstack.org/#!/story/2008962
and https://bugzilla.redhat.com/show_bug.cgi?id=1966129#c37
for more information.
Change-Id: Ibf1ef4fe0764c0a6f1a39cb7eebc23ecc0ee177d
Story: 2008962
Task: 42598
Co-Authored-By: Bob Fournier <bfournie@redhat.com>
(cherry picked from commit 2fab70c36ba40a345a9dd01aeb5019681e567aa5)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To make this function useful for purposes other than efibootmgr
entries, this change moves the path manipulation to _run_efibootmgr.
This change also adds boot*.efi entries to BOOTLOADERS_EFI so that it
includes every entry in the UEFI Spec 2.9[1] Table 3-2 UEFI Image
Types.
[1] https://uefi.org/sites/default/files/resources/UEFI_Spec_2_9_2021_03_18.pdf
Story: 2008923
Task: 42521
Change-Id: Ibe02786609aa0de65115897d8f4a9b4f36c8aed2
(cherry picked from commit 10d18c41136cc645ee99d41acfb6031b9158e1fb)
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For software RAID in UEFI mode, we create ESPs on all holder disks
and copy the bootloader there. Since there is no mechanism to keep
the ESPs in sync, e.g. on kernel upgrades or when kernel parameters
are updated, the ESPs will get out of sync eventually. This may lead
to a situation where a node boots with outdated parameters or does
not have any of the installed kernels in the boot menu anymore.
This change proposes to RAID the ESPs. While the UEFI firmware will
find an ESP partition (one leg of the mirror), the node will see
an md device and all subsequent updates will go to all member disks.
Also, remove the source ESP after copying in order to avoid mount
confusion (same UUID!).
Story: #2008745
Task: #42103
Change-Id: I9078ef37f1e94382c645ae98ce724ac9ed87c287
(cherry picked from commit c2d04dc1566bb947d0e6afd040b82be55c925b11)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
qemu-img attempts to launch multiple threads by default *and*
attempts to have multiple memory allocation arenas to operate
from. While multithreading can be good for performance, this
pattern and the memory footprint for process launch and
dependencies can turn the memory footprint for a cirros image
conversion (16MB) into 1.2GB of memory being asked for by the
qemu-img tool.
In order to limit this impact, as the default number of arenas
is governed by the number of CPUs times the number 8, it seems
reasonable to lower this to a more reasonable number which
also helps keep our possible memory footprint from being exceeded.
NOTE: This change is largely different than the original change
as an intermediate change converted write_image.sh to python.
As it is unlikely for us to backport the intermediate change,
it is logical for us to just modify the original script.
Otherwise the release note is ultimately what is backported for
release note tooling continutity.
Change-Id: I71a28ec59ec31c691205eb34d9fcab63a2ccb682
Story: 2008928
Task: 42528
(cherry picked from commit 9e4c7052a2fd9aac03858db696bf1ea9487f15e6)
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The _manage_uefi code has a check where it attempts to just
identify the precise partition number of the device, in order
for configuration to be parsed and passed. However, the same code
did not handle the existence of a `p1` partition instead of just a
partition #1. This is because the device naming format is different
with NVMe and Software RAID.
Likely, this wasn't an issue with software raid due to how complex the
code interaction is, but the docs also indicate to use only whole disk
images in that case.
This patch was pulled down my one RH's professional services folks
who has confirmed it does indeed fix the issue at hand. This is noted
as a public comment on the Red Hat bugzilla.
https://bugzilla.redhat.com/show_bug.cgi?id=1954096
Story: 2008881
Task: 42426
Related: rhbz#1954096
Change-Id: Ie3bd49add9a57fabbcdcbae4b73309066b620d02
(cherry picked from commit fe825fa97ed1f3c9fa8b1461b63ab133fec20b72)
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Due to a regression in lshw introduced by
https://github.com/lyonel/lshw/pull/60, there are some versions in the
wild that do not return sizes for memory banks <32GiB. In those cases,
work around the problem by looking at the top-level size (if available)
to find the total size. Previously we assumed that we only needed the
top-level size when there was no list of memory banks.
The issue is fixed upstream by https://github.com/lyonel/lshw/pull/65,
but the erroneous patch is still present in the lshw-B.02.19.2-5.el8
package in CentOS 8.4 and 8.5.
Change-Id: I6eb5981d28b9ae368239af0c1d0ec32ff79d95b3
Story: #2008865
Task: 42395
(cherry picked from commit ed791d97786f4ed37bf7b9f18eac8e2af46c3766)
|
|/
|
|
|
| |
Change-Id: I5d08deed86d79a7ea0b7a1625122af595037dab5
(cherry picked from commit c56cd4abc08840ba3670fbb024d3fe3e3b37209e)
|
|
|
|
|
|
|
|
| |
The line we're looking for is not there when IPA is in a container, at least
for CentOS based containers. Just fall back to sysrq on errors.
Change-Id: Ie4ee605ad9c6cda58808512a563247175859c71e
(cherry picked from commit b395181b1b1381ff0802744807a981df8453bc40)
|
|
|
|
|
|
|
|
| |
Currently if one interface cannot be handled (e.g. it has empty MAC),
the whole collection fails. Ignore unsupported interfaces instead.
Change-Id: Ibdaad62b39c239d4f3fb3111c2fae9e31e877b28
(cherry picked from commit 1ab405b5095975c3cf1334477fd40f738f7105b8)
|
|
|
|
|
|
|
|
|
|
| |
After GPT and MBR are destroyed systemd-udevd gets triggered
which may hold /dev/sda open preventing qemu-img from writting
its image.
Story: 2008830
Task: 42312
Change-Id: I6105192a16fcb7f6898910e8d0ab824d731d491d
|