| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The troubleshooting kernel command line option nomodeset
unfortunately changes the way framebuffer interactions work
with graphics devices which in some cases can result in kernel
memory to be used for graphics updates. When this happens on
some specific hardware common in rack mount servers with baseboard
management controllers, this can cause the memory bus to become
locked for a brief time while the graphics update is occuring.
This locked memory bus means disk IO can become blocked,
and network cards can overflow their buffers resulting in
packet loss on top of the latency incurred by the graphics
update executing.
As such, we've removed the nomodeset option from default usage and
added a note describing its removal to the documentation along
with a release note.
Change-Id: I9084d88c3ec6f13bd64b8707892758fa87dd7f86
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bandit 1.7.5 dropped with logic to check requests invocations.
Specifically if a timeout is not explicitly set, then it results
in an error.
This should cause our bandit job to go green.
Closes-Bug: 2015284
Change-Id: I1dcb3075de63aae97bb22012a54736c293393185
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Avoid using the term "introspection". We need to settle on either
"inspection" or "introspection", and the Ironic API already uses
the former.
* Accept (and return) inventory and plugin data separately to reflect
the Ironic API (single JSON blobs are an Inspector legacy).
* Make sure to mention the container name in error logging.
* Use more readable formatting syntax for building Swift names.
* Do not mock objects with dicts (in unit tests).
* Simplify inventory API tests.
Change-Id: Id8c4bc6d35b9634f5a5ac2b345a8fd7f1dba13c0
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Simulating workloads with the fake driver currently misses the reality
that some operations take time to complete, rather than occuring
instantly. This makes it difficult to mock real workloads for
performance and functional testing of ironic itself.
This change adds configurable random wait times for fake drivers in a
new ironic.conf [fake] section. Each supported driver having one
configuration option controlling the delay. These delays are applied
to operations which typically block in other drivers.
The default value of zero continues the existing behaviour of no
delay. A single integer value will result in a constant delay in
seconds. Two values separated by a comma will result in a triangular
distribution weighted by the first value, specifically in python[1]:
random.triangular(a, b, a)
Change-Id: I7cb1b50d035939e6c4538b3373002a309bfedea4
[1] https://docs.python.org/3/library/random.html#random.triangular
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change adds the capability for the ironic-conductor
and standalone service process to transmit timer and counter
metrics to the message bus notifier which may be consumed by
a ceilometer, ironic-prometheus-exporter, or other consumer of
metrics event data on to the message bus.
This functionality is not presently supported on dedicated API
services such as those running as an ``ironic-api`` application
process, or Ironic WSGI application. This is due to the lack of
an internal trigger mechanism to transmit the data in a metrics
update to the message bus and/or notifier plugin.
This change requires ironic-lib 5.4.0 to collect and ship metrics via
the message bus.
Depends-On: https://review.opendev.org/c/openstack/ironic-lib/+/865311
Change-Id: If6941f970241a22d96e06d88365f76edc4683364
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While developing some internal metrics collection capability,
and the realization that a lock was needed, we realized that
the lock activity itself would be a bit noisy. And image actions
also get lock logging, and it is just really noisy, but not super
helpful for troubleshooting.
So, set it to WARNING instead.
Discussion wise, see:
https://review.opendev.org/c/openstack/ironic-lib/+/865311
Change-Id: I3ab14ee5b5cc063784d26e3c760f1422c692060d
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Grub2 looks for files in different paths depending on the boot mode
of the binary. Previously the grub_config_path setting was defaulted
to the path used exclusively for BIOS booting, which meant anyone
using it had to override the setting. Now, we've set the default
to the default for UEFI booting, and the world should be a happier,
and less override filled place.
Change-Id: Id6723e92efb62f8ca03099f15c90580cec887ddd
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Create [inventory] to hold CONF parameters for storage of introspection data
Story: 2010275
Task: 46204
Change-Id: I06fa4f69160206dd350856e264cbb0842e34fd2a
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
The Ironic inspector allows users to choose between SQL, Swift
and NoStore. Ironic should offer similar functionality.
Story: 2010275
Task: 46204
Change-Id: Ie174904420691be64ce6ca10bca3231f45a5bc58
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It relied on mocking tenacity.retry, but it's executed on class
initialization. Depending on the ordering, it may do nothing or
it may replace ImageService.call with a mock.
Instead, add a new tenacity helper that loads an option in runtime.
As a nice side effect, [glance]num_retries is now mutable.
Change-Id: I2e02231d294997e824db77c998ef8d352fa69075
|
| |/
|
|
|
|
|
|
|
| |
This patch adds new SNMPv3 auth protocols to iRMC which are supported
from iRMC S6.
Change-Id: Id2fca59bebb0745e6b16caaaa7838d1f1a2717e1
Story: 2010309
Task: 46353
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The ``[dhcp]dhcp_provider`` configuration option can now be set to
``dnsmasq`` as an alternative to ``none`` for standalone deployments.
This enables the same node-specific DHCP capabilities as the
``neutron`` provider. See the ``[dnsmasq]`` section for configuration
options.
Change-Id: I3ab86ed68c6597d4fb4b0f2ae6d4fc34b1d59f11
Story: 2010203
Task: 45922
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Provide the ability to limit resource intensive or potentially
wide scale operations which could be a symptom of a highly
distructive and unplanned operation in progress.
The idea behind this change is to help guard the overall deployment
to prevent an overall resource exhaustion situation, or prevent an
attacker with valid credentials from putting an entire deployment
into a potentially disasterous cleaning situation since ironic only
other wise limits concurrency based upon running tasks by conductor.
Story: 2010007
Task: 45140
Change-Id: I642452cd480e7674ff720b65ca32bce59a4a834a
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When we added concurrent disk erasures, we kept the concurrency
to 1 as to not risk any different oeprator behavior, at the cost
of not faster erasure times.
That being said, we have had the setting in place for some time
and we have received no reports of issues, so we are incrementing
it to four as that should be still quite relatively safe from a
concurrency standpoint for disk controllers in systems.
Change-Id: I6326422d60ec024a739ca596f46552bbd91b0419
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This commit adds new clean steps create_csr and add_https_certificate
to allow users to create certificate signing request and adds
https certificate to the iLO.
Story: 2009118
Task: 43016
Change-Id: I1e2da0e0da5e397b6e519e817e0bf60a02bbf007
|
| |\ \ \ \
| |/ / /
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
default_boot_mode is effective regardless of the management
interface capabilities as it also sets the default for the boot
image used.
Change-Id: I012aa4067f8fa54eab7a2b860259d1aea5b94955
|
| |\ \ \ \ |
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The stock anaconda template previously lacked any ability
to indicate "don't validate the tls certificate".
The capability for the installation to operate *without*
requiring this to be the case is necessary for efficient
and simple CI testing as injecting CA certificates is
an overly complex interaction for CI testing.
Also updates the overall anaconda documentation to indicate
the constraint exists, but does not indicate explicitly how
to disable the setting via ironic.conf.
Change-Id: Ia8e4320cbedb205ab183af121da53562792a8faa
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Adds capabilites for a project scoped admin to
create and delete nodes in Ironic's API.
These nodes are automatically associated with the
project of the requestor.
Effectively, this does allow anyone with sufficient
privilges, i.e. admin, in an OpenStack deployment
to be able to create new baremetal nodes and delete
those baremetal nodes. In this case, the user has
the "owner" level of rights in the RBAC model.
Change-Id: I3fd9ce5de0bc600275b5c4b7a95b0f9405342688
|
| |\ \ \ |
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
At current, retry_attempt & retry_interval in ironic.conf [molds]
is instance of StrOpt. However it should be IntOpt class.
If it remains to StrOpt class, tenacity.retry wrapper in common/molds.py
will fail with TypeError.
Change-Id: Iafedf2ec0326009585c1cac251ecae65c9e666ac
Story: 2010215
Task: 45957
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instance network boot (not to be confused with ramdisk, iSCSI or
anaconda deploy methods) is insecure, underused and difficult to
maintain. This change removes a lot of related code from Ironic.
The so called "netboot fallback" is still supported for legacy boot when
boot device management is not available or is unreliable.
Change-Id: Ia8510e4acac6dec0a1e4f5cb0e07008548a00c52
|
| |/ /
| |
| |
| |
| |
| |
| | |
It proved useful (supported by Metal3, used in OpenShift) and does not
require any conductor-level configuration.
Change-Id: I57e59ac21e3327b9ad2f1d1436e184b48999006b
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently when using SNMPv3, iRMC driver does not use SNMPv3
authentication parameters so the SNMPv3 authentication will
always fail. And iRMC cannot recognize FIPS mode, so when FIPS mode
is enabled, iRMC driver could still use non-FIPS-compliant algorithms.
This commit changes iRMC driver to require and use SNMPv3
authentication parameters when 'irmc_snmp_version' is set to v3 and
also makes iRMC driver to force 'irmc_snmp_version' to v3,
'irmc_snmp_auth_proto' to SHA and 'irmc_snmp_priv_proto' to AES
when FIPS mode is enabled, because currently among the algorithms
supported by iRMC, only SHA and AES are FIPS compliant.
Change-Id: Id6f8996e4d103f849325f54fe0619b4acb43453a
Story: 2010085
Task: 45590
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a configuration option and capability to automatically
record the lessee for a deployment based upon the original
auth_token information provided in the request context.
Additional token information is now shared through the context
which is extended in the same fashion as most other projects
saving request token information to their RequestContext,
instead of triggering excess API calls in the background to
Keystone to try and figure out requestor's information.
Change-Id: I42a2ceb9d2e7dfdc575eb37ed773a1bc682cec23
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adds swift and file support for `redfish` management interface
`firmware_update` step.
Adds `source` to step and `[redfish]firmware_source` to config
for setting up if and how files are staged. Support `http`, `local`
and `swift` for staging.
Adds `checksum` to step for checksum verification when file is
staged.
Story: 2008723
Task: 42067
Change-Id: Ibcc7815b32344d67f912d7dcda7283bac3582316
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When using nginx to terminate TLS (like it's done in Bifrost), it's more
secure to use a Unix socket for communication, so that local users
cannot access plain text communication.
Copies Inspector change I37b762cca035b5855deb92635c29e8eb97a87c20.
Change-Id: If00e5a3537b8fbaae3fa01f71bd515399464da36
|
| |/ /
| |
| |
| |
| |
| |
| | |
It's insecure and not very popular. See this post for details:
http://lists.openstack.org/pipermail/openstack-discuss/2021-December/026224.html
Change-Id: I9a2df47bb8c08cc991b3c615a9eb533aba3171f4
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Account prefix is configurable in Swift and can be different. This
change introduces a configuration parameter to customize the prefix
so that users can customize the prefix consistently.
To allow setting a consistent value in Ironic and Swift, the prefix
value is automatically suffixed by '_' like;
- AUTH => AUTH_
- AUTH_ => AUTH_
Story: 2009778
Task: 44259
Change-Id: I4862efa3af452f89f1dc4e15d2c3cc43b857f86d
|
| |/
|
|
|
|
|
|
|
| |
This change makes it easier to configure power and management interfaces
(and thus vendor drivers) by figuring out reasonable defaults.
Story: #2009316
Task: #43717
Change-Id: I8779603e566be5a84daf6f680c0bbe2f191923d9
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
This is useful when some nodes need the "agent" power interface, while
the others can be deployed normally.
Change-Id: Ief7df40c83ef03d0ec5ae92d09ceffd39d3c12a3
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change removes the documentation to copy master_grub_cfg.txt to
/tftpboot/grub/grub.cfg and instead writes it on conductor startup.
This grub config is a simple redirect config requested by grub network
boot. "master" has been renamed to "initial" as a more accurate label
of its function.
New configuration option [pxe]initial_grub_template allows the deployer
to specify a different initial grub template.
Change-Id: I71191dd399a6c49607f91d69b5b1673799a38624
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When using the new combined executable in a single-conductor scenario,
it may make sense to completely disable the remote RPC. The new
``rpc_transport`` value ``none`` achieves that.
Change-Id: I6a83358c65b3ed213c8a991d42660ca51fc3a8ec
Story: #2009676
Task: #44104
|
| |/
|
|
|
|
|
|
|
|
|
| |
Two calls to fileutils.ensure_tree were missing the follow-up chmod
for CONF.pxe.dir_permission. This is fixed with a local ensure_tree
function which creates the directory with the appropriate mode.
The configuration help for the permissions attributes clarify that the
system default umask is masked out on the supplied value.
Change-Id: I124d2ba09b0fc78b284c1ae871ca5a16fc44b8c9
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently the default boot.ipxe is not suitable for ironic-inspector
in a standalone configuration. This change adds a new option
[pxe]ipxe_fallback_script that makes boot.ipxe fall back to the provided
script.
Story: #2009294
Task: #43982
Change-Id: Id5547885e75beafb4423e9e2056c79c54b286275
|
