| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
The deploy_steps change merged after they got updated for 16.2.
Change-Id: Ibc9e5707518243bda31135e4012877284dad72a4
(cherry picked from commit 16e3c6662b37ad3be0eebdc9a6fc61cff5ccff13)
|
|
|
|
| |
Change-Id: Ibfb2ecdf947042160d23948096378ac0dd2b9a15
|
|\ |
|
| |
| |
| |
| | |
Change-Id: I00efd4784346adb89b137424ed35bdeafe9b6f24
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This commit lays down some common personas we're trying to introduce
across OpenStack services. Later commits will use these personas in
ironic's existing policies.
This will help use improve the security posture of OpenStack as a whole
and provide a more consistent experience operators and end users.
Change-Id: I2960d0f808949582dc964f4f5688a462d397de9e
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: I4aac0a9f2e9bd1ae40f41722ab75e92f2a09cfef
|
|\ \ \ \
| |/ / /
|/| | /
| | |/
| |/| |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
One of the biggest frustrations larger operators have is when they
trigger a massive number of concurrent deployments. As one would
expect, the memory utilization of the conductor goes up. Except,
even with the default number of worker threads, if we're requested
to convert 80 images at the same time, or to perform the write-out
to the remote node at the same time, we will consume a large amount
of system RAM. Or more specifically, qemu-img will consume a large
amount of memory.
If the amount of memory goes too low, the system can trigger
OOMKiller which will slay processes using ram. Ideally, we do not
want this to happen to our conductor process, much less the work
that is being performed, so we need to add some guard rails to help
keep us from entering into situations where we may compromise the
conductor by taking on too much work.
Adds a guard in the conductor to prevent multiple parallel
deployment operations from running the conductor out of memory.
With the defaults, the conductor will attempt to throttle back
automatically and hold worker threads which will slow down the
amount of work also proceeding through the conductor, as we are
in a memory condition where we should be careful about the work.
The defaults allow this to occur for a total of 15 seconds between
re-check of available RAM, for a total number of six retries.
The minimum default is 1024 (MB), as this is the amount of memory
qemu-img allocates when trying to write images. This quite literally
means no additional qemu-img process can spawn until the default
memory situation has resolved itself.
Change-Id: I69db0169c564c5b22abd0cb1b890f409c13b0ac2
|
|\ \ \
| |_|/
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
Story: 2008043
Task: 40705
Change-Id: I3dc2d42b3edd2a9530595e752895e9d113f76ea8
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In order for us to understand if we're starting to break
compatability with scope changes, we need to at least have
some testing, someway, some place to provide insight.
Hopefully, this should provide that insight by running
the same API testing we run with by default.
Once we have fully defined the scoped authenticaiton
use requirements, we can begin to build the new test
matrix, but this gives us a start.
Change-Id: Ie12e2665c97326142b564b23603647ec9d97052c
|
|\ \ \ \
| |/ / / |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Testing every combination of role, endpoint and policy rule would
result in a huge test count, so to make testing the existing policy
rules complete and practical, the following guidelines are suggested:
- Only the default policy is tested, so inactive rules such as
is_node_owner, is_node_lessee are ignored.
- Each rule is tested completely on one endpoint which uses it.
- A rule (such as baremetal:node:list) which inherits a parent rule
(baremetal:node:get) is considered covered by the parent test.
- All endpoints need at least one test, but other endpoints which share
a fully tested rule only need one denied test which shows that they
are covered by some policy.
Also adds the initial pass of contributor documentation on how the
rbac testing works to try and express the mechanics and what to
expect to aid in reviewing/updating/editing the rules.
Co-Authored-By: Julia Kreger <juliaashleykreger@gmail.com>
Change-Id: I1cd88210e40e42f86464e6a817354620f5ab1d9c
|
|\ \ \ \
| |/ / /
|/| | | |
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: I6e5f0e560f3f125a83e0514c10bee664c17663f2
|
|\ \ \ \
| |/ / /
|/| | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
All capabilities, except for boot_mode, are read from instance_info.
This change makes instance_info.capabilities[boot_mode] work as well
and deprecates instance_info.deploy_boot_mode.
Note that the special handling of properties.capabilities[boot_mode]
is kept in this patch.
Change-Id: Ic2e7fd4c71b7a7bc2950d17f7e1bbdad73bbb8a7
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Generating a yaml file called policy.json.sample is a bit misleading
because the file is not valid json, this change fixes that, with the
intention that the user can copy policy.yaml.sample to
/etc/ironic/policy.yaml and make customizations.
Change-Id: Ie6d5c8c38d785005d2bf2dc8f9f7ac42c2e8f7fb
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If 'agent_url' has been cleared from internal_info
it indicates that the node has been powered off.
Change-Id: Idba486c98e1e92d35fca2e2d156866566acb9e40
Story: 2008583
Task: 41736
|
|\ \ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Indicate that idrac-redfish-virtual-media must be used instead,
otherwise a confusing failure will happen.
Change-Id: I3b6ced6dcf03580903f5ea7237fc057f372999f9
|
|\ \ \ \ \ \
| | |_|/ / /
| |/| | | | |
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
instance_info is the input from an operator, we should not change that.
Use driver_internal_info instead.
Change-Id: I12b4bc0d4599ccf5ef6fdca91f54f4294b127f9d
|
|\ \ \ \ \ |
|
| | |/ / /
| |/| | |
| | | | |
| | | | | |
Change-Id: Ib751316a98d7a1c4469b405117c8e1fd1f296757
|
|\ \ \ \ \ |
|
| | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | | |
Depends-On: https://review.opendev.org/c/openstack/metalsmith/+/773701
Change-Id: Ide1a8988e12958e684670a340bf3c09d516ffa23
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I80c82fdaaf759e7f6758147e05945317aa80ee58
|
|\ \ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Adds the `[DEFAULT]raw_image_growth_factor` configuration option which
is a scale factor used for estimating the size of a raw image converted
from compact image formats such as QCOW2. By default this is set to 2.0.
When clearing the cache to make space for a converted raw image, the full
virtual size is attempted first, and if not enough space is available a
second attempt is made with the (smaller) estimated size.
Story: 1750515
Task: 9791
Change-Id: Id86e7641329a95f71ac005ee448b0ff4d7d0bbcd
|
|\ \ \ \ \ \ |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Story: #2008270
Task: #41137
Change-Id: Ied53f8dc5b93522ac9ffc25ec93ad2347a7d1c7c
|
|\ \ \ \ \ \ \ |
|
| | |_|_|/ / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
For some (likely historical) reasons we only use it for PXE and iPXE,
but the same logic applies to any boot interface (since it depends
on how the management interface and the BMC work, not on the boot
method). This change moves its handling to conductor utils.
Change-Id: I948beb4053034d3c1b4c5b7c64100e41f6022739
|
|\ \ \ \ \ \ \ |
|
| |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
In devstack/lib/ironic, IRONIC_DEPLOY_DRIVER is defined at line 341.
However variables which use IRONIC_DEPLOY_DRIVER in default value
(e.g. IRONIC_DEPLOY_RAMDISK, IRONIC_DEPLOY_KERNEL, IRONIC_DEPLOY_ISO
and IRONIC_EFIBOOT) are defined at line 276-282.
This will cause problem at line 295-296:
if [[ "$IRONIC_BUILD_DEPLOY_RAMDISK" == "False" && \
! (-e "$IRONIC_DEPLOY_RAMDISK" && -e "$IRONIC_DEPLOY_KERNEL")
So, this commit moves definition of IRONIC_DEPLOY_DRIVER before
its first use.
Change-Id: I74acb32714ce8830d4697fc796146b894aa7d8c9
|
|\ \ \ \ \ \ \ |
|
| |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | | |
Change-Id: I8ab394ebfde2f5d78255d293367b38d9140d7e34
|
|\ \ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
The oslo.policy Enforcer() object knows what to do with instances of
oslo.context RequestContext() if you pass it one.
This makes it easier for people to perform policy enforcement since they
don't need to map important authorization information from the context
object into a dictionary (historically called `creds`). This practiced
didn't guarantee any consistency in `creds` implementations.
You also don't need to call context.to_policy_values() anymore. The
oslo.policy library will do that for you under the hood and map context
values into a set of policy attributes it understands.
This commit updates the calls to enforcement to pass in the context
object where applicable.
Change-Id: Ife4ba098303088023e4341354a1e3bc9f378ce93
|
| |/ / / / / /
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Currently ilo5 based hardware does not support redfish
based firmware update. This patch fixes the issue by
making the change to to check whether sushy_task.messages
is present. It was also not calling prepare_ramdisk()
before rebooting the system to update the firmware which
has been fixed in this patch.
Change-Id: I9d70fed0de1829973748c06a1342d7a7af0f93d4
Story: #2008403
Task: #41339
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
When setting the boot settings on Supermicro BMCs, the
BootSourceOverrideEnabled must be set to the desired
value whenever the BootSourceOverrideTarget is set or
it will revert to the default value (Once). This is
different than what is currently implemented for other
BMCs in which the BootSourceOverrideEnabled is not set
if it matches the current setting.
This change uses the vendor setting to determine if it's
a Supermicro BMC.
Story: 2008547
Task: 41652
Change-Id: I1b1a6baafd4cc4daa2fbdb82f69ded6253b1fcbf
|
| |_|_|_|_|/
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Get rid of the TODO in the code and prepare for more management
interfaces supporting detect_vendor(). Vendor detecting now runs
during transition to manageable and on power state sync (essentially
same as before but for all drivers not only IPMI).
Update the IPMI implementation to no longer hide exceptions since
they're not handled on the upper level. Simplify the regex and fix
the docstring.
Add the Redfish implementation as a foundation for future
vendor-specific changes.
Change-Id: Ie521cf2295613dde5842cbf9a053540a40be4b9c
|
|\ \ \ \ \ \
| | |/ / / /
| |/| | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Move the bits from iLO and iRMC, clean them up a bit.
Change-Id: I5b6da854ae0214141ae25a17b8ea3c7874636372
|