| Commit message (Collapse) | Author | Age | Files | Lines |
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The troubleshooting kernel command line option nomodeset
unfortunately changes the way framebuffer interactions work
with graphics devices which in some cases can result in kernel
memory to be used for graphics updates. When this happens on
some specific hardware common in rack mount servers with baseboard
management controllers, this can cause the memory bus to become
locked for a brief time while the graphics update is occuring.
This locked memory bus means disk IO can become blocked,
and network cards can overflow their buffers resulting in
packet loss on top of the latency incurred by the graphics
update executing.
As such, we've removed the nomodeset option from default usage and
added a note describing its removal to the documentation along
with a release note.
Change-Id: I9084d88c3ec6f13bd64b8707892758fa87dd7f86
|
|/
|
|
| |
Change-Id: I0c90ac87ca88329e7fb315385345e8020a59fdd5
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
We're builing tinyipa using tinycore 13.x since a while, we should use
the same version for the base ramdisk image.
Change-Id: I9d144f122c20f717ff946282ef7ffa16d82812f5
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In [1] we finally got rid of the unfinished lib/neutron module and kept
only lib/neutron-legacy. It's renamed to lib/neutron now and it's the
only neutron related module in Devstack.
So this patch removes leftovers related to the old lib/neutron-legacy.
[1] https://review.opendev.org/c/openstack/devstack/+/865014
Change-Id: Id938deab7188743e754d028dee8e0b2591ab6f7b
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It appears we are getting an opcode error when attempting to boot
Centos 9-stream utilizing the EFI artifacts from Ubuntu.
Technically this should work, however further aftifacts in the boot
chain may be signed with other key credentials that Ubuntu's
grub does not know about, because the chain of trust is
MSFT -> Vendor shim (slow change rate) -> Vendor GRUB -> Kernel
Where vendor differences should never work, is if Secure Boot
is enforcing.
Exception on launch:
X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!!
A similar Debian bug is open for a very similar issue:
https://groups.google.com/g/linux.debian.bugs.dist/c/BOiLLeROrmo
However, no additional comments or information have been in follow
up to that reported issue. So in the mean time, we're going to try
and do what those smarter than I recommend, use the vendor's
binaries for their distribution.
There is one further, potentially far more depressing possibility,
that centos9's kernel doesn't support the type of hardware
we're getting. This is suggested by the precise opcode error, UD,
https://xem.github.io/minix86/manual/intel-x86-and-64-manual-vol3/o_fe12b1e2a880e0ce-212.html
But again, easiest possibility first.
Change-Id: Id9bd30bc3c2f1076555317e4a3f277725fa7c1f4
|
|/
|
|
|
|
|
|
|
|
|
| |
The IRONIC_VM_MACS_CSV_FILE is generated only if we execute the
ironic basic ops, so when IRONIC_BAREMETAL_BASIC_OPS is True.
In some jobs we set IRONIC_BAREMETAL_BASIC_OPS to False but we
still look for that file causing a "file not found" error which
does not trigger a trap until focal, but it does in jammy.
Let's create the file if it does not exist.
Change-Id: Ib938abe0723072419f336159cbffff33e46ea39b
|
|
|
|
|
|
|
|
| |
All services except Ironic (and keystone to support ironic
with system scope deployement), will not have system scope in
their API policy instead they are default to project scoped.
Change-Id: Id13a359086f9b24dbfcd2b565a42c50d0dab7736
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adding an upgrade check to provide awareness to the state of
the database in regards if an unexpected engine is in use or
if the character set encoding is also not UTF8.
These will raise non-fatal warnings on the upgrade status
check.
Change-Id: Ide0eb4690a056be557e5ea7d5ba5f6be37b50d0a
Story: 2010384
|
|
|
|
|
|
|
|
|
|
|
| |
Introduces additional job configuration to enable automated
integration testing via tempest of the anaconda deployment
interface.
Also, configures a private subnet with DNS, which is required
by anaconda executing, in order to facilitate processing of URLs.
Change-Id: I61b5205cf2c9f83dfcabf4314247c76fb6a56acd
|
|
|
|
|
|
|
|
|
|
|
| |
Instance network boot (not to be confused with ramdisk, iSCSI or
anaconda deploy methods) is insecure, underused and difficult to
maintain. This change removes a lot of related code from Ironic.
The so called "netboot fallback" is still supported for legacy boot when
boot device management is not available or is unreliable.
Change-Id: Ia8510e4acac6dec0a1e4f5cb0e07008548a00c52
|
|
|
|
|
|
|
|
|
| |
In the case of CI test nodes natively supporting and using ipv6,
we don't need to actually setup a fake IPv6 network for ports
to bind to on the local system. So before doin gso, lets check
to see if we can ping the address first. If not, then set it up.
Change-Id: Ib68c706c1f9ef0ad0cf27e7a6acffd2c50ff37ea
|
|
|
|
| |
Change-Id: I6bd52f61ff5e9f928b504b09a1ce6eb97cff57da
|
|
|
|
| |
Change-Id: Ib1d415928a6555298d42e8d525f04eb1028a4bb8
|
|
|
|
|
|
|
|
|
|
|
| |
Additionally bumps CPU model to host-model as centos9 builds now
require a subset of CPU processors which include advanced features.
Host-model also allows for the VM to still start when running with
pure qemu, as opposed to KVM passthrough.
https://developers.redhat.com/blog/2021/01/05/building-red-hat-enterprise-linux-9-for-the-x86-64-v2-microarchitecture-level#architectural_considerations_for_rhel_9
Change-Id: Ic261efd4bf6f5929687df5e7b1b51b541554af18
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Fixes the IPv6 job by utilizing HOST_IPV6 instead of
SERVICE_IPV6, as Devstack now automatically wraps
SERVICE_IPV6 with brackets as if it is for a URL.
* Locks ipv6 job to bios mode. Ubuntu Focal OVMF/EDK2 does not
support IPv6 PXE boot by default.
* Split from Devstack in terms of IP usage, since full explicit
V6 usage is not a thing anymore. 4+6 is the default in devstack
and regardless of what we set on the job we see both now used.
So we delineate apart our usage for our own sanity.
* Reduce VM Interface count for IPv6 in an attempt to eliminate
in-kernel routing confusion by two interfaces on the same physical
network.
* Set IPv6 mode to dhcpv6-stateless due to fun issues in dhcp clients.
When we move to UEFI, this will need to be changed to stateful as
stateless is not supported in general by OVMF/E2DK.
Once the job has run in normal non-voting for a while, and we
ensure that it seems to be stable, we can make it voting again.
Change-Id: Ia833bfb64c6c3cc8e48cbe34ed200536652a8adf
|
|/
|
|
|
|
| |
Prevents the ironic-lib CI from testing ironic-lib changes in IPA.
Change-Id: I936f6c1506c585826501ff3ac0bad0c755b4d360
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So... We can't do this in a single patch, and we *actually*
need to merge the vxlan fix before the subnode will ever pickup
the configuration
From the logs, I can observe the vxlan tunnel connects between
the nodes. Awesome.
Where things break is in the local setup of the local bridges
used to wire everything together.
setup_vxlan_network:3274 : sudo ovs-vsctl add-port sub1brbm phy-brbm-infra
ovs-vsctl: Error detected while setting up 'phy-brbm-infra':
could not open network device phy-brbm-infra (No such device).
See ovs-vswitchd log for details.
Basically, with the same change on a separate patch, we're able to
observe the controller node work perfectly. It is the subnode
connectivity which is just broken.
So, activate the bridge interfaces seems ideal. This likely broke
at some point due to behavior changes in OpenVSwitch.
Change-Id: I11dbba1957d67187d859a1ef60563c0301da9812
|
|
|
|
|
|
|
| |
The standalone job changes boot_option in runtime, so local boot
can be used even when the default boot option is netboot.
Change-Id: Ia538907f3662e8cd84d988ea5d862c7f488558e1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cirros partition images are not compatible with local boot since they
don't ship grub (nor a normal root partition). This change adds a script
that builds a partition image with UEFI artifacts present. It still
cannot be booted in legacy mode, but it's a progress.
Set the tempest plugin's partition_netboot option. We need it to inform
the tempest plugin about the ability to do local boot. This option
already exists but is never set.
Also set the new default_boot_option parameter, which will be introduced
and used in Iaba563a2ecbca029889bc6894b2a7f0754d27b88.
Remove netboot from most of the UEFI jobs.
Change-Id: I15189e7f5928126c6b336b1416ce6408a4950062
|
|
|
|
|
|
|
| |
The standalone job is failing because of a bug in IPA. To fix it we need
to make DIB jobs operational, and they're failing because of CentOS repos.
Change-Id: I8bd051ea709d328cb5efa2c2cbd5a226bdb4cfd3
|
|
|
|
| |
Change-Id: Ic25eb356d1bc86c1dc4b09df7fc0df42b3821cf3
|
|
|
|
|
|
|
|
|
| |
This change makes it easier to configure power and management interfaces
(and thus vendor drivers) by figuring out reasonable defaults.
Story: #2009316
Task: #43717
Change-Id: I8779603e566be5a84daf6f680c0bbe2f191923d9
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change removes the documentation to copy master_grub_cfg.txt to
/tftpboot/grub/grub.cfg and instead writes it on conductor startup.
This grub config is a simple redirect config requested by grub network
boot. "master" has been renamed to "initial" as a more accurate label
of its function.
New configuration option [pxe]initial_grub_template allows the deployer
to specify a different initial grub template.
Change-Id: I71191dd399a6c49607f91d69b5b1673799a38624
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change replaces the 10 second sleep with a retry that has a
timeout of 20 seconds to discover the name of the tap device.
There are gate failures when there is still not a tap device after the
10 second sleep, so this approach should be faster in the common case,
and the higher timeout should provide more reliability.
Change-Id: I5e59ade9f830182b483b9655aaaf6c93b0bfac44
|
| |
| |
| |
| |
| |
| | |
Not having it breaks the inspector grenade job.
Change-Id: I7ee28a85cb2005dd69e6711b301cd029b8ca40cc
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes a neutron call to be project scoped as system
scoped can't create a resource and, and removes the unset
which no longer makes sense now that
I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
has merged removing the legacy vars from devstack.
Also renames intenral use setting of OS_CLOUD to IRONIC_OS_CLOUD
as some services were still working with system scope or some sort
of mixed state occuring previously as some of the environment variables
were present still, however they have been removed from devstack.
This change *does* explicitly set an OS_CLOUD variable as well on
the base ironic job. This is because things like grenade for Xena
will expect the variable to be present.
Depends-On: https://review.opendev.org/c/openstack/devstack/+/818449
Change-Id: I912527d7396a9c6d8ee7e90f0c3fd84461d443c1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to effectively handle cross-service integrations, we need to
evaluate two separate items which are not standardized in devstack.
Names, and common service references. Unfortunately, only a couple
services presently have support in devstack for these settings, and
cases where it was previously supported has been removed for unknown
reasons, but this seems to be the overall plan.
Sets the stage, so we can be early to the cross-service testing party
of secure rbac.
Change-Id: I8794374c02a24185b6e24a675ad9cb7b3dfd69df
|
|
|
|
|
|
|
|
|
|
| |
Begins to peel back some of the override plugin/setting
nature in use in the ironic devstack plugin by trying to
place all of the files and letting the *defaults* take
the service lead while also putting in place the required
configuration for pxe loaders to be used.
Change-Id: I73ca82e0d123fd6efab06dbbdeef40c2d9972887
|
|
|
|
|
|
|
|
| |
Ironic's configured default is snponly.efi, and realistically
we should be using it for devstack as ipxe.efi lacks snp which
is included in the EFI standard.
Change-Id: I749420b127cc9954bfa02d9e4efaa0980a9242be
|
|
|
|
|
|
|
|
| |
Change the default boot mode to UEFI, as discussed during the end
of the Wallaby release cycle and previously agreed a very long time
ago by the Ironic community.
Change-Id: I6d735604d56d1687f42d0573a2eed765cbb08aec
|
|
|
|
|
|
|
|
|
|
| |
/opt contains a mirror of an insane amount of stuff, and it chews
disk io to scan it looking for isolinux.bin which should be under
/usr on... well... every OS we support.
Also, don't scan /etc. That is just weird.
Change-Id: I52f4c1ba8808fea637df69a631eaa1c674dc8e69
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of using the efi written by grub-mknetdir, use the packaged
signed binary. The core.efi generated by grub-mknetdir is not signed
so it does not help with end-to-end secure-boot.
Also, the successful run of
ironic-tempest-ipa-partition-uefi-pxe-grub2[1] demonstrates that grub
continues to boot even when the grub-mknetdir generated
grub/x86_64-efi/*.lst are missing. Avoiding using grub-mknetdir makes
for a much simpler setup of /tftpboot for grub network boot.
[1] https://zuul.opendev.org/t/openstack/build/bab62f6bf032474cb80af3cb5a999117/log/tftpd-journal.txt
Change-Id: Ide0aa416391c20371bbb8d1a18288b262872e313
|
|
|
|
|
|
|
|
|
|
|
| |
This commit modifies curl option in wait_for_nova_resources to
bypass proxy with --noproxy option. Without this option, if you run
DevStack behind proxy, curl command fails with timeout &
wait_for_nova_resources also fails.
Because curl only accesses Placement service API, this modification
should be fair.
Change-Id: I5524a76594bb784f59be4d4e3970f72d4497891b
|
|
|
|
|
|
| |
Also fix the documentation to use the correct paths and versions.
Change-Id: I7f004d40c1b8c617f9a456216df091e44d69693f
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adds support to the ironic devstack plugin to configure
ironic to be used in a scope-enforcing mode in line with
the Secure RBAC effort. This change also defines two new
integration jobs *and* changes one of the existing
integration.
In these cases, we're testing functional crub interactions,
integration with nova, and integration with ironic-inspector.
As other services come online with their plugins and
devstack code being able to set the appropriate scope
enforcement configuration, we will be able to change the
overall operating default for all of ironic's jobs and
exclude the differences.
This effort identified issues in ironic-tempest-plugin,
tempest, devstack, and required plugin support in
ironic-inspector as well, and is ultimately required
to ensure we do not break the Secure RBAC.
Luckilly, it all works.
Change-Id: Ic40e47cb11a6b6e9915efcb12e7912861f25cae7
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The parameter has not had any effect in the code since
the dual stack PXE work went into place with Ironic as options
are now generated and transmitted to Neutron for both IPv4 and
IPv6. This option is only used by the internal
``dhcp_options_for_instance`` method in
``ironic.common.pxe_utils`` as a fallback if the calling method
does not specify a version. However a later change resulted in the
default behavior calling the dhcp option generation explicitly
to generate both IPv4 and IPv6 parameters, making the option
entirely redundant.
Third party drivers using the ``dhcp_options_for_instance`` method
should consider generating options for both IPv4 and IPv6 at all
times. See change
If7a296001e204ae0c9a49495731052ab33379628 for examples on how
to do this.
Change-Id: I343783389105f008ce6dafc8d25d93211710771a
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Generic fields, such as deploy_iso, should not have vendor prefixes.
This patch removes them from the iRMC boot interfaces with deprecation.
Change-Id: Ie24de1893395dca0e2dc4a57a42916f075d29ce6
Story: #2008880
Task: #42431
|
|/
|
|
| |
Change-Id: Icedc1cd57c64bfc9b0bad535a6eb7c890e843410
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently handling of kernel_append_params is very inconsistent. This
change applies a straightforward process:
1. instance_info[kernel_append_params]
2. driver_info[kernel_append_params]
3. [pxe]kernel_append_params (renamed from pxe_append_params).
Also adds a helper for subsequent fixes in other drivers.
Change-Id: I79bcf4d8ef1f0f55a82e0991dd5bb1685b3f7957
Story: #2008902
Task: #42469
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds logic
* to determine whether irmc hardware type is enabled
* (if enabled) to install python package python-scciclient & snmp
into DevStack code to support construction of Ironic environment
with iRMC supported Fujitsu server through DevStack.
Story: 2008722
Task: 42066
Change-Id: Ie50d8e4b43cdbfd8cd46333a75de20015e67829e
|
|
|
|
| |
Change-Id: Id5fcd4cc1f73b80e8a9e9d2c50e2e4e1667c01cb
|