summaryrefslogtreecommitdiff
path: root/devstack/lib/ironic
Commit message (Collapse)AuthorAgeFilesLines
* Merge "Remove use of nomodeset by default"Zuul2023-05-091-2/+2
|\
| * Remove use of nomodeset by defaultJulia Kreger2023-04-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The troubleshooting kernel command line option nomodeset unfortunately changes the way framebuffer interactions work with graphics devices which in some cases can result in kernel memory to be used for graphics updates. When this happens on some specific hardware common in rack mount servers with baseboard management controllers, this can cause the memory bus to become locked for a brief time while the graphics update is occuring. This locked memory bus means disk IO can become blocked, and network cards can overflow their buffers resulting in packet loss on top of the latency incurred by the graphics update executing. As such, we've removed the nomodeset option from default usage and added a note describing its removal to the documentation along with a release note. Change-Id: I9084d88c3ec6f13bd64b8707892758fa87dd7f86
* | Change wholedisk image checksum to sha256Julia Kreger2023-05-021-1/+1
|/ | | | Change-Id: I0c90ac87ca88329e7fb315385345e8020a59fdd5
* Merge "Use tinycore 13 for base ramdisk image"Zuul2023-01-071-1/+1
|\
| * Use tinycore 13 for base ramdisk imageRiccardo Pittau2023-01-021-1/+1
| | | | | | | | | | | | | | We're builing tinyipa using tinycore 13.x since a while, we should use the same version for the base ramdisk image. Change-Id: I9d144f122c20f717ff946282ef7ffa16d82812f5
* | Merge "Remove lib/neutron-legacy leftovers"Zuul2023-01-051-1/+1
|\ \
| * | Remove lib/neutron-legacy leftoversSławek Kapłoński2022-12-201-1/+1
| |/ | | | | | | | | | | | | | | | | | | | | In [1] we finally got rid of the unfinished lib/neutron module and kept only lib/neutron-legacy. It's renamed to lib/neutron now and it's the only neutron related module in Devstack. So this patch removes leftovers related to the old lib/neutron-legacy. [1] https://review.opendev.org/c/openstack/devstack/+/865014 Change-Id: Id938deab7188743e754d028dee8e0b2591ab6f7b
* | Merge "Use centos grub artifacts with centos ramdisk for vmedia"Zuul2023-01-041-3/+11
|\ \
| * | Use centos grub artifacts with centos ramdisk for vmediaJulia Kreger2023-01-031-3/+11
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It appears we are getting an opcode error when attempting to boot Centos 9-stream utilizing the EFI artifacts from Ubuntu. Technically this should work, however further aftifacts in the boot chain may be signed with other key credentials that Ubuntu's grub does not know about, because the chain of trust is MSFT -> Vendor shim (slow change rate) -> Vendor GRUB -> Kernel Where vendor differences should never work, is if Secure Boot is enforcing. Exception on launch: X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!! A similar Debian bug is open for a very similar issue: https://groups.google.com/g/linux.debian.bugs.dist/c/BOiLLeROrmo However, no additional comments or information have been in follow up to that reported issue. So in the mean time, we're going to try and do what those smarter than I recommend, use the vendor's binaries for their distribution. There is one further, potentially far more depressing possibility, that centos9's kernel doesn't support the type of hardware we're getting. This is suggested by the precise opcode error, UD, https://xem.github.io/minix86/manual/intel-x86-and-64-manual-vol3/o_fe12b1e2a880e0ce-212.html But again, easiest possibility first. Change-Id: Id9bd30bc3c2f1076555317e4a3f277725fa7c1f4
* | Create IRONIC_VM_MACS_CSV_FILE if it does not existRiccardo Pittau2023-01-031-0/+3
|/ | | | | | | | | | | The IRONIC_VM_MACS_CSV_FILE is generated only if we execute the ironic basic ops, so when IRONIC_BAREMETAL_BASIC_OPS is True. In some jobs we set IRONIC_BAREMETAL_BASIC_OPS to False but we still look for that file causing a "file not found" error which does not trigger a trap until focal, but it does in jammy. Let's create the file if it does not exist. Change-Id: Ib938abe0723072419f336159cbffff33e46ea39b
* Use project scoped token for cinder, glance servicesGhanshyam Mann2022-10-151-6/+0
| | | | | | | | All services except Ironic (and keystone to support ironic with system scope deployement), will not have system scope in their API policy instead they are default to project scoped. Change-Id: Id13a359086f9b24dbfcd2b565a42c50d0dab7736
* Add upgrade check warning for allocations dbJulia Kreger2022-10-131-0/+5
| | | | | | | | | | | | Adding an upgrade check to provide awareness to the state of the database in regards if an unexpected engine is in use or if the character set encoding is also not UTF8. These will raise non-fatal warnings on the upgrade status check. Change-Id: Ide0eb4690a056be557e5ea7d5ba5f6be37b50d0a Story: 2010384
* CI: Changes to support Anaconda CI jobsJulia Kreger2022-09-061-1/+40
| | | | | | | | | | | Introduces additional job configuration to enable automated integration testing via tempest of the anaconda deployment interface. Also, configures a private subnet with DNS, which is required by anaconda executing, in order to facilitate processing of URLs. Change-Id: I61b5205cf2c9f83dfcabf4314247c76fb6a56acd
* Finally remove support for netboot and the boot_option capabilityDmitry Tantsur2022-08-021-11/+4
| | | | | | | | | | | Instance network boot (not to be confused with ramdisk, iSCSI or anaconda deploy methods) is insecure, underused and difficult to maintain. This change removes a lot of related code from Ironic. The so called "netboot fallback" is still supported for legacy boot when boot device management is not available or is unreliable. Change-Id: Ia8510e4acac6dec0a1e4f5cb0e07008548a00c52
* CI: Only setup fake v6 interface if neededJulia Kreger2022-07-201-3/+7
| | | | | | | | | In the case of CI test nodes natively supporting and using ipv6, we don't need to actually setup a fake IPv6 network for ports to bind to on the local system. So before doin gso, lets check to see if we can ping the address first. If not, then set it up. Change-Id: Ib68c706c1f9ef0ad0cf27e7a6acffd2c50ff37ea
* CI: Default to TinyIPA when nested virt is not possibleJulia Kreger2022-06-231-1/+1
| | | | Change-Id: I6bd52f61ff5e9f928b504b09a1ce6eb97cff57da
* CI: Add iweb to the use tinyipa on listJulia Kreger2022-06-231-3/+6
| | | | Change-Id: Ib1d415928a6555298d42e8d525f04eb1028a4bb8
* devstack: use CentOS 9 for DIB IPA buildsDmitry Tantsur2022-05-251-2/+6
| | | | | | | | | | | Additionally bumps CPU model to host-model as centos9 builds now require a subset of CPU processors which include advanced features. Host-model also allows for the VM to still start when running with pure qemu, as opposed to KVM passthrough. https://developers.redhat.com/blog/2021/01/05/building-red-hat-enterprise-linux-9-for-the-x86-64-v2-microarchitecture-level#architectural_considerations_for_rhel_9 Change-Id: Ic261efd4bf6f5929687df5e7b1b51b541554af18
* Merge "Fix v6 CI job - Return it to normal non-voting status"Zuul2022-05-051-4/+6
|\
| * Fix v6 CI job - Return it to normal non-voting statusJulia Kreger2022-05-041-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fixes the IPv6 job by utilizing HOST_IPV6 instead of SERVICE_IPV6, as Devstack now automatically wraps SERVICE_IPV6 with brackets as if it is for a URL. * Locks ipv6 job to bios mode. Ubuntu Focal OVMF/EDK2 does not support IPv6 PXE boot by default. * Split from Devstack in terms of IP usage, since full explicit V6 usage is not a thing anymore. 4+6 is the default in devstack and regardless of what we set on the job we see both now used. So we delineate apart our usage for our own sanity. * Reduce VM Interface count for IPv6 in an attempt to eliminate in-kernel routing confusion by two interfaces on the same physical network. * Set IPv6 mode to dhcpv6-stateless due to fun issues in dhcp clients. When we move to UEFI, this will need to be changed to stateful as stateless is not supported in general by OVMF/E2DK. Once the job has run in normal non-voting for a while, and we ensure that it seems to be stable, we can make it voting again. Change-Id: Ia833bfb64c6c3cc8e48cbe34ed200536652a8adf
* | Fix ironic-lib from source and branch detection in IPA buildsDmitry Tantsur2022-05-021-1/+7
|/ | | | | | Prevents the ironic-lib CI from testing ironic-lib changes in IPA. Change-Id: I936f6c1506c585826501ff3ac0bad0c755b4d360
* Grenade: Turn up interfaces for vxlanJulia Kreger2022-04-261-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | So... We can't do this in a single patch, and we *actually* need to merge the vxlan fix before the subnode will ever pickup the configuration From the logs, I can observe the vxlan tunnel connects between the nodes. Awesome. Where things break is in the local setup of the local bridges used to wire everything together. setup_vxlan_network:3274 : sudo ovs-vsctl add-port sub1brbm phy-brbm-infra ovs-vsctl: Error detected while setting up 'phy-brbm-infra': could not open network device phy-brbm-infra (No such device). See ovs-vswitchd log for details. Basically, with the same change on a separate patch, we're able to observe the controller node work perfectly. It is the subnode connectivity which is just broken. So, activate the bridge interfaces seems ideal. This likely broke at some point due to behavior changes in OpenVSwitch. Change-Id: I11dbba1957d67187d859a1ef60563c0301da9812
* Build the new cirros image even when netboot is the default20.0.0Dmitry Tantsur2022-02-171-4/+6
| | | | | | | The standalone job changes boot_option in runtime, so local boot can be used even when the default boot option is netboot. Change-Id: Ia538907f3662e8cd84d988ea5d862c7f488558e1
* CI: use a custom cirros partition image instead of the defaultDmitry Tantsur2022-02-161-0/+49
| | | | | | | | | | | | | | | | | | Cirros partition images are not compatible with local boot since they don't ship grub (nor a normal root partition). This change adds a script that builds a partition image with UEFI artifacts present. It still cannot be booted in legacy mode, but it's a progress. Set the tempest plugin's partition_netboot option. We need it to inform the tempest plugin about the ability to do local boot. This option already exists but is never set. Also set the new default_boot_option parameter, which will be introduced and used in Iaba563a2ecbca029889bc6894b2a7f0754d27b88. Remove netboot from most of the UEFI jobs. Change-Id: I15189e7f5928126c6b336b1416ce6408a4950062
* Avoid non-Stream CentOS and temporary disable the standalone jobDmitry Tantsur2022-01-311-1/+1
| | | | | | | The standalone job is failing because of a bug in IPA. To fix it we need to make DIB jobs operational, and they're failing because of CentOS repos. Change-Id: I8bd051ea709d328cb5efa2c2cbd5a226bdb4cfd3
* Fix DevStack plugin ipxe-snponly-x86_64.efi nameAija Jauntēva2022-01-271-1/+1
| | | | Change-Id: Ic25eb356d1bc86c1dc4b09df7fc0df42b3821cf3
* Automatically configure enabled_***_interfacesDmitry Tantsur2021-12-201-13/+2
| | | | | | | | | This change makes it easier to configure power and management interfaces (and thus vendor drivers) by figuring out reasonable defaults. Story: #2009316 Task: #43717 Change-Id: I8779603e566be5a84daf6f680c0bbe2f191923d9
* Write initial grub config on startupSteve Baker2021-12-101-14/+0
| | | | | | | | | | | | | This change removes the documentation to copy master_grub_cfg.txt to /tftpboot/grub/grub.cfg and instead writes it on conductor startup. This grub config is a simple redirect config requested by grub network boot. "master" has been renamed to "initial" as a more accurate label of its function. New configuration option [pxe]initial_grub_template allows the deployer to specify a different initial grub template. Change-Id: I71191dd399a6c49607f91d69b5b1673799a38624
* Merge "Use test_with_retry to get the tap device name"Zuul2021-12-081-5/+3
|\
| * Use test_with_retry to get the tap device nameSteve Baker2021-11-221-5/+3
| | | | | | | | | | | | | | | | | | | | | | This change replaces the 10 second sleep with a retry that has a timeout of 20 seconds to discover the name of the tap device. There are gate failures when there is still not a tap device after the 10 second sleep, so this approach should be faster in the common case, and the higher timeout should provide more reliability. Change-Id: I5e59ade9f830182b483b9655aaaf6c93b0bfac44
* | devstack: provide a default for OS_CLOUDDmitry Tantsur2021-12-081-0/+7
| | | | | | | | | | | | Not having it breaks the inspector grenade job. Change-Id: I7ee28a85cb2005dd69e6711b301cd029b8ca40cc
* | CI: Fix devstack plugin with RBAC changesJulia Kreger2021-11-191-19/+12
|/ | | | | | | | | | | | | | | | | | | | Changes a neutron call to be project scoped as system scoped can't create a resource and, and removes the unset which no longer makes sense now that I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829 has merged removing the legacy vars from devstack. Also renames intenral use setting of OS_CLOUD to IRONIC_OS_CLOUD as some services were still working with system scope or some sort of mixed state occuring previously as some of the environment variables were present still, however they have been removed from devstack. This change *does* explicitly set an OS_CLOUD variable as well on the base ironic job. This is because things like grenade for Xena will expect the variable to be present. Depends-On: https://review.opendev.org/c/openstack/devstack/+/818449 Change-Id: I912527d7396a9c6d8ee7e90f0c3fd84461d443c1
* SRBAC - Prepare for additional servicesJulia Kreger2021-10-081-4/+15
| | | | | | | | | | | | | | | In order to effectively handle cross-service integrations, we need to evaluate two separate items which are not standardized in devstack. Names, and common service references. Unfortunately, only a couple services presently have support in devstack for these settings, and cases where it was previously supported has been removed for unknown reasons, but this seems to be the overall plan. Sets the stage, so we can be early to the cross-service testing party of secure rbac. Change-Id: I8794374c02a24185b6e24a675ad9cb7b3dfd69df
* Retool devstack plugin to use pxe loaders configurationJulia Kreger2021-10-081-49/+73
| | | | | | | | | | Begins to peel back some of the override plugin/setting nature in use in the ironic devstack plugin by trying to place all of the files and letting the *defaults* take the service lead while also putting in place the required configuration for pxe loaders to be used. Change-Id: I73ca82e0d123fd6efab06dbbdeef40c2d9972887
* CI: Change CI ipxe file to snponlyJulia Kreger2021-10-041-1/+8
| | | | | | | | Ironic's configured default is snponly.efi, and realistically we should be using it for devstack as ipxe.efi lacks snp which is included in the EFI standard. Change-Id: I749420b127cc9954bfa02d9e4efaa0980a9242be
* Yoga: Change default boot mode to uefiJulia Kreger2021-10-041-1/+6
| | | | | | | | Change the default boot mode to UEFI, as discussed during the end of the Wallaby release cycle and previously agreed a very long time ago by the Ironic community. Change-Id: I6d735604d56d1687f42d0573a2eed765cbb08aec
* Devstack: don't scan /opt, /etc looking for isolinuxJulia Kreger2021-09-221-1/+1
| | | | | | | | | | /opt contains a mirror of an insane amount of stuff, and it chews disk io to scan it looking for isolinux.bin which should be under /usr on... well... every OS we support. Also, don't scan /etc. That is just weird. Change-Id: I52f4c1ba8808fea637df69a631eaa1c674dc8e69
* Use packaged grub efi for network bootSteve Baker2021-09-081-29/+12
| | | | | | | | | | | | | | | | Instead of using the efi written by grub-mknetdir, use the packaged signed binary. The core.efi generated by grub-mknetdir is not signed so it does not help with end-to-end secure-boot. Also, the successful run of ironic-tempest-ipa-partition-uefi-pxe-grub2[1] demonstrates that grub continues to boot even when the grub-mknetdir generated grub/x86_64-efi/*.lst are missing. Avoiding using grub-mknetdir makes for a much simpler setup of /tftpboot for grub network boot. [1] https://zuul.opendev.org/t/openstack/build/bab62f6bf032474cb80af3cb5a999117/log/tftpd-journal.txt Change-Id: Ide0aa416391c20371bbb8d1a18288b262872e313
* Make curl in DevStack Bypass ProxyVanou Ishii2021-08-111-3/+3
| | | | | | | | | | | This commit modifies curl option in wait_for_nova_resources to bypass proxy with --noproxy option. Without this option, if you run DevStack behind proxy, curl command fails with timeout & wait_for_nova_resources also fails. Because curl only accesses Placement service API, this modification should be fair. Change-Id: I5524a76594bb784f59be4d4e3970f72d4497891b
* Use shim-signed on Ubuntu, shim is empty nowDmitry Tantsur2021-08-031-2/+6
| | | | | | Also fix the documentation to use the correct paths and versions. Change-Id: I7f004d40c1b8c617f9a456216df091e44d69693f
* Merge "Scoped RBAC Devstack Plugin support"Zuul2021-07-211-43/+91
|\
| * Scoped RBAC Devstack Plugin supportJulia Kreger2021-07-151-43/+91
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds support to the ironic devstack plugin to configure ironic to be used in a scope-enforcing mode in line with the Secure RBAC effort. This change also defines two new integration jobs *and* changes one of the existing integration. In these cases, we're testing functional crub interactions, integration with nova, and integration with ironic-inspector. As other services come online with their plugins and devstack code being able to set the appropriate scope enforcement configuration, we will be able to change the overall operating default for all of ironic's jobs and exclude the differences. This effort identified issues in ironic-tempest-plugin, tempest, devstack, and required plugin support in ironic-inspector as well, and is ultimately required to ensure we do not break the Secure RBAC. Luckilly, it all works. Change-Id: Ic40e47cb11a6b6e9915efcb12e7912861f25cae7
* | Merge "Deprecate [pxe]ip_version parameter"Zuul2021-07-051-3/+0
|\ \
| * | Deprecate [pxe]ip_version parameterJulia Kreger2021-06-281-3/+0
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The parameter has not had any effect in the code since the dual stack PXE work went into place with Ironic as options are now generated and transmitted to Neutron for both IPv4 and IPv6. This option is only used by the internal ``dhcp_options_for_instance`` method in ``ironic.common.pxe_utils`` as a fallback if the calling method does not specify a version. However a later change resulted in the default behavior calling the dhcp option generation explicitly to generate both IPv4 and IPv6 parameters, making the option entirely redundant. Third party drivers using the ``dhcp_options_for_instance`` method should consider generating options for both IPv4 and IPv6 at all times. See change If7a296001e204ae0c9a49495731052ab33379628 for examples on how to do this. Change-Id: I343783389105f008ce6dafc8d25d93211710771a
* | Merge "Clean up vendor prefixes for iRMC boot"Zuul2021-06-291-1/+1
|\ \
| * | Clean up vendor prefixes for iRMC bootDmitry Tantsur2021-06-171-1/+1
| |/ | | | | | | | | | | | | | | | | Generic fields, such as deploy_iso, should not have vendor prefixes. This patch removes them from the iRMC boot interfaces with deprecation. Change-Id: Ie24de1893395dca0e2dc4a57a42916f075d29ce6 Story: #2008880 Task: #42431
* | CI: change ilo_deploy_iso to deploy_isoDmitry Tantsur2021-06-171-1/+1
|/ | | | Change-Id: Icedc1cd57c64bfc9b0bad535a6eb7c890e843410
* Clean up kernel_append_params for PXE/iPXEDmitry Tantsur2021-05-171-1/+1
| | | | | | | | | | | | | | Currently handling of kernel_append_params is very inconsistent. This change applies a straightforward process: 1. instance_info[kernel_append_params] 2. driver_info[kernel_append_params] 3. [pxe]kernel_append_params (renamed from pxe_append_params). Also adds a helper for subsequent fixes in other drivers. Change-Id: I79bcf4d8ef1f0f55a82e0991dd5bb1685b3f7957 Story: #2008902 Task: #42469
* Add iRMC Driver Support to DevStack CodeVanou Ishii2021-03-171-0/+9
| | | | | | | | | | | | This commit adds logic * to determine whether irmc hardware type is enabled * (if enabled) to install python package python-scciclient & snmp into DevStack code to support construction of Ironic environment with iRMC supported Fujitsu server through DevStack. Story: 2008722 Task: 42066 Change-Id: Ie50d8e4b43cdbfd8cd46333a75de20015e67829e
* devstack: a safeguard for disabled tempurlsDmitry Tantsur2021-02-251-1/+1
| | | | Change-Id: Id5fcd4cc1f73b80e8a9e9d2c50e2e4e1667c01cb
View Lorry Controller Status