summaryrefslogtreecommitdiff
path: root/ironic
Commit message (Collapse)AuthorAgeFilesLines
* Wipe Agent Token when cleaning timeout occcursbugfix/19.0Julia Kreger2023-03-152-2/+8
| | | | | | | | | | | | In a relatively odd turn of events, should cleaning have started, but then timed out due to lost communications or a hard failure of the machine, an agent token could previously be orphaned preventing re-cleaning. We now explicitly remove the token in this case. Change-Id: I236cdf6ddb040284e9fd1fa10136ad17ef665638 (cherry picked from commit 47b5909486c336352c536eb2cadd121afea8cf12)
* Do not move nodes to CLEAN FAILED with empty last_errorDmitry Tantsur2023-03-028-27/+72
| | | | | | | | | | | | | | | | | | | | When cleaning fails, we power off the node, unless it has been running a clean step already. This happens when aborting cleaning or on a boot failure. This change makes sure that the power action does not wipe the last_error field, resulting in a node with provision_state=CLEANFAIL and last_error=None for several seconds. I've hit this in Metal3. Also when aborting cleaning, make sure last_error is set during the transition to CLEANFAIL, not when the clean up thread starts running. While here, make sure to log the current step in all cases, not only when aborting a non-abortable step. Change-Id: Id21dd7eb44dad149661ebe2d75a9b030aa70526f Story: #2010603 Task: #47476 (cherry picked from commit 9a0fa631ca53b40f4dc1877a73e65ded8ac37616)
* Merge "Fix selinux context of published image hardlink" into bugfix/19.0Zuul2023-02-022-7/+40
|\
| * Fix selinux context of published image hardlinkRiccardo Pittau2023-01-242-7/+40
| | | | | | | | | | | | | | | | If the published image is a hardlink, the source selinux context is preserved. This could cause access denied when retrieving the image using its URL. Change-Id: I550dac9d055ec30ec11530f18a675cf9e16063b5
* | Prevent pxe retry when agent token existsJulia Kreger2022-12-192-0/+18
|/ | | | | | | | | | | | | | | | A race condition can be observed in CI under heavy load where the conductor triggers are boot of the agent before it is fully online based upon state, but not considering the existence of an agent token. As a result, agent is never able to check in with Ironic and the overall operation fails. We now consider agent token's existence before retrying PXE as it is the very earliest indicator of a starting agent. Change-Id: Ice764866a08647031d16570860ec384204269501 Story: 2010107 Task: 45674 (cherry picked from commit d75424b5e5685a9cf04b30a5b0555efd1313e9c3)
* Add support auth protocols for iRMCShukun Song2022-11-294-9/+31
| | | | | | | | | | | This patch adds new SNMPv3 auth protocols to iRMC which are supported from iRMC S6. Change-Id: Id2fca59bebb0745e6b16caaaa7838d1f1a2717e1 Story: 2010309 Task: 46353 (cherry picked from commit 233c6408389be5f3e271b46154943bc744e0290e) (cherry picked from commit be0e687538c60b5273bc5a24829c137ad36b1661)
* Add SNMPv3 authentication functionalityShukun Song2022-11-158-60/+489
| | | | | | | | | | | | | | | | | | | | | | | Currently when using SNMPv3, iRMC driver does not use SNMPv3 authentication parameters so the SNMPv3 authentication will always fail. And iRMC cannot recognize FIPS mode, so when FIPS mode is enabled, iRMC driver could still use non-FIPS-compliant algorithms. This commit changes iRMC driver to require and use SNMPv3 authentication parameters when 'irmc_snmp_version' is set to v3 and also makes iRMC driver to force 'irmc_snmp_version' to v3, 'irmc_snmp_auth_proto' to SHA and 'irmc_snmp_priv_proto' to AES when FIPS mode is enabled, because currently among the algorithms supported by iRMC, only SHA and AES are FIPS compliant. Conflicts: ironic/common/utils.py Change-Id: Id6f8996e4d103f849325f54fe0619b4acb43453a Story: 2010085 Task: 45590 (cherry picked from commit 79f82c0262c84f1e317991052d065259b3a4683d) (cherry picked from commit c274231bf5bb9260d2b13865ab20f39131d30b4b)
* Redfish: Consider password part of the session cacheJulia Kreger2022-10-102-22/+55
| | | | | | | | | | | | | | | | | | | | Previously, when a password change occured in ironic, the session would not be invalidated, and this, in theory, could lead to all sorts of issues with the old password still being re-used for authentication. In a large environment where credentials for BMCs may not be centralized, this can quickly lead to repeated account lockout experiences for the BMC service account. Anyhow, now we consider it in tracking the sessions, so when the saved password is changed, a new session is established, and the old session is eventually expired out of the cache. Change-Id: I49e1907b89a9096aa043424b205e7bd390ed1a2f (cherry picked from commit c2ba869040f535e4bb83481d1fe9468e7e6991d8) (cherry picked from commit de15ee79474273485d6979b88b973ff3833c4f0a)
* Merge "Stable only: Factor out addition of packaging lib" into bugfix/19.0Zuul2022-10-072-1/+632
|\
| * Stable only: Factor out addition of packaging libJay Faulkner2022-10-042-1/+632
| | | | | | | | | | | | | | | | | | | | Adding a new library to a stable branch is against stable policy, but we landed the patch anyway. In order to faciliate making a release without violating policy against stable versions not introducing new requirements, we've imported the relevant needed methods from the packaging library locally. Change-Id: Idca63219ee0491404bcecdc3ff74160e220d6511
* | Modify do_node_verify to avoid state machine stuckVanou Ishii2022-10-051-1/+1
|/ | | | | | | | | | | | | | | | do_node_verify function runs vendor-driver-defined verify_step. However, when vendor verify_step fails, it causes stuck of state machine at verifying. This is because do_node_verify function tries to retrieve name of verify_step through node.verify_step but node doesn't have verify_step attribute and there is no way to handle exception. This commit fixes this issue. Change-Id: Ie2ec6e08214661f7dc61c92de646e2f4d5bb5469 Story: 2010209 Task: 45942 (cherry picked from commit f6d2b2ed930caaa1fa7a6827876845eb02610848)
* Prevent clear_job_queue and reset_idrac failures on older iDRACsJacob Anders2022-09-302-8/+124
| | | | | | | | | | | | | | Currently, clear_job_queue and reset_idrac steps are only supported on idrac-redfish driver on iDRAC9 hardware. However, Ironic still attempts to run these steps on iDRAC8 BMCs configured with idrac-redfish driver which results in verification failures. This change attempts to resolve it by catching the related exception, logging a warning and continuing verification. In case of cleaning, it still fails. Story: 2010091 Task: 45630 Change-Id: Icd8c5378469887962ff32eea2f38697c539f7e95 (cherry picked from commit 1dda97c783653aef638113cb1faa250836ed99e1)
* Fix iRMC driver to use certification file in HTTPSVanou Ishii2022-09-286-49/+418
| | | | | | | | | | | | | | | | | | | | | | | This patch modifies iRMC driver to use certification file when it connects to iRMC via HTTPS Conflicts: doc/source/admin/drivers/irmc.rst driver-requirements.txt ironic/drivers/modules/irmc/common.py ironic/drivers/modules/irmc/raid.py ironic/tests/unit/drivers/modules/irmc/test_common.py ironic/tests/unit/drivers/modules/irmc/test_power.py ironic/tests/unit/drivers/modules/irmc/test_raid.py releasenotes/notes/irmc-add-certification-file-option-34e7a0062c768e58.yaml Change-Id: If69ce1cf2789d9d60fb8e544596cf7d29eab514d Co-authored-by: Kobayashi Daisuke <kobayashi.da-06@fujitsu.com> Co-authored-by: Song Shukun <song.shukun@jp.fujitsu.com> Story: 2009801 Task: 44345 (cherry picked from commit 64d7a7f3077bc000a18c4a0c56f122941b262483) (cherry picked from commit 6c0152afa141d05ee28cba81178622021574ae17)
* Do not reboot into nowhere after BIOS settings with fast-trackDmitry Tantsur2022-08-313-24/+37
| | | | | | | | | | | | | Currently, the prepare_ramdisk implementation of the redfish-virtual-media boot interface skips configuring an ISO in fast-track mode. When rebooting after BIOS/RAID settings changes, we need to enforce the correct ISO configuration. Conflicts: ironic/drivers/modules/deploy_utils.py Change-Id: Ibdfe0775065f3b27478305dd18929a291df3ee3c (cherry picked from commit 89f421b166915a22626dcb919382ce13f4588973)
* Merge "Update raid_type handling for Redfish raid_config" into bugfix/19.0Zuul2022-08-302-1/+28
|\
| * Update raid_type handling for Redfish raid_configAija Jauntēva2022-08-102-1/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix indentation for case when raid_type is missing. Generally, it is not expected that raid_type will be missing, this is done as a precaution as raid_type was introduced in Redfish 1.3.1. Now log warning that raid_type is missing, thus cannot update raid_config correctly. Followup to I753c4b00c0a64bcdc89c9bc0afd46f1211f7847b Change-Id: Id66b87309dd26a2a165b35ac1d81580e4605d629 (cherry picked from commit 3a621e3983eb2eb1d013d687acc3f5981cdfbc64)
* | Merge "redfish: fixes usage of ValueDisplayName" into bugfix/19.0Zuul2022-08-302-8/+13
|\ \
| * | redfish: fixes usage of ValueDisplayNameDmitry Tantsur2022-08-262-8/+13
| | | | | | | | | | | | | | | | | | | | | It's spelled this way, not DisplayValueName. Change-Id: I170d78bdb7ed0f6c36a80a9f2ceb9629f44394ed (cherry picked from commit 9f1f58c6af3aabcb3ae56e5f7b292f07e81e2864)
* | | Merge "Modify test code to avoid CONF modification affection" into bugfix/19.0Zuul2022-08-307-115/+114
|\ \ \ | |/ / |/| |
| * | Modify test code to avoid CONF modification affectionVanou Ishii2022-08-107-115/+114
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Few unit tests change attribute of CONF variable via Python assignment. This changes attribute of CONF, which is instance of XxxOpt class defined in oslo_config, to Python literal value. This affects result of another unit test. To avoid this, we should change attribute of CONF variable with set_override method. Change-Id: I4bd8b1b4ea974834f1149fcaa79de85d24f5f7d1 Story: 2010214 Task: 45956 (cherry picked from commit 3b28d0984d5eb82320c632dd5840cebf6d0762ad) (cherry picked from commit 593a547a8dbbbeee2225520812f8b235c39656b0)
* | Change molds option to appropriate classVanou Ishii2022-08-101-2/+2
|/ | | | | | | | | | | | At current, retry_attempt & retry_interval in ironic.conf [molds] is instance of StrOpt. However it should be IntOpt class. If it remains to StrOpt class, tenacity.retry wrapper in common/molds.py will fail with TypeError. Change-Id: Iafedf2ec0326009585c1cac251ecae65c9e666ac Story: 2010215 Task: 45957 (cherry picked from commit 35bc014ed94ee0c78ee8d44113fcea721f0c1af0)
* Merge "Fix Redfish RAID to update raid_config" into bugfix/19.0Zuul2022-08-042-5/+153
|\
| * Fix Redfish RAID to update raid_configAija Jauntēva2022-08-032-5/+153
| | | | | | | | | | | | | | Story: 2003514 Task: 41940 Change-Id: I753c4b00c0a64bcdc89c9bc0afd46f1211f7847b (cherry picked from commit 29364b7fb40327dc277c535e5b829133274ad420)
* | Merge "Fix Redfish RAID for non-immediate controllers" into bugfix/19.0Zuul2022-08-042-146/+418
|\ \ | |/
| * Fix Redfish RAID for non-immediate controllersAija Jauntēva2022-08-032-146/+418
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes ``redfish`` RAID interface workflow to not create more than 1 logical disks per controller at the same time when controller does not support 'Immediate' application time and system needs rebooting. With this fix virtual disks are grouped by controller and executed in batches when reboot is required. This enables ``redfish`` RAID interface to be used with iDRAC systems directly as although there are many controllers that support 'Immediate' application time, they do it only when system has completed loading. System intermittently completes loading after IPA starts executing clean or deploy steps rendering controllers not supporting 'Immediate' apply time and requiring reboot. This fix handles such scenario instead of failing to create more than 1 virtual disk. Story: 2009863 Task: 44529 Conflicts: ironic/drivers/modules/redfish/raid.py Change-Id: Ia2ce34f09695731b0f48798f662006c4904e2223 (cherry picked from commit d7d8f8754b36af4b686ce540e699fc5cb945c10c)
* | Merge "Fix compatibility with jsonschema>=4.0.0" into bugfix/19.0Zuul2022-08-033-2/+3
|\ \ | |/ |/|
| * Fix compatibility with jsonschema>=4.0.0Dmitry Tantsur2022-07-283-2/+3
| | | | | | | | | | | | | | | | | | | | Specify the schema version for network_data and node, otherwise the latest one is used. Also fix one test where the error messages was changed. Change-Id: I4a614d7e73348bbe6c355a40881b013cbfe00b03 (cherry picked from commit 55b9579f14ea08a2dc732336d8f552cc14ab895d)
* | Fix redfish RAID failed tasksAija Jauntēva2022-08-032-39/+118
| | | | | | | | | | | | | | | | | | | | | | Redfish Tasks do not report failures via HTTP status codes. Instead have to check TaskState and TaskStatus. Story: 2009767 Task: 44244 Change-Id: I8f9a89d18d22d18a2e695fde894bcd27f18f8954 (cherry picked from commit 196d8f7fc055667af501ea0569ba5c501a2c6e8d)
* | Fix prepare ramdisk for 'wait' statesAija Jauntēva2022-08-034-31/+25
|/ | | | | | | | | | | | | Node can be in CLEANWAIT or DEPLOYWAIT during async step handling when it needs another reboot. Without this change node fails to boot back to IPA. This unifies all occurrences and create utility method for reuse. All occurrences are aligned to have the same set of states in case they are needed in future. Change-Id: I685c5827a70df4abb358635d89b86894671ac493 (cherry picked from commit dd1cb46f2b0146524f0cb4d3579ac5c5b9a6fa45)
* No deploy_kernel/ramdisk with the ramdisk deploy and no cleaningDmitry Tantsur2022-07-116-14/+54
| | | | | | | | | | Ramdisk deploys don't use IPA, no need to provide it. Cleaning may need the agent, so only skip verification if cleaning is disabled. Other boot interfaces may need fixing as well, I haven't checked them. Change-Id: Ia2739311f065e19ba539fe3df7268075d6075787 (cherry picked from commit 65583e64172a0188d125117d1f2288e105832395)
* Fix redfish-virtual-media for newer iDRACsAija Jauntēva2022-07-053-15/+57
| | | | | | | | | The issue with standard Redfish virtual media boot has been fixed now. Update to restrict use of redfish-virtual-media based on iDRAC firmware version. Change-Id: I8ead1d24a9bd502b64fe7dd058e77550fcee141c (cherry picked from commit 73040c88d99f066644277f32e86d196305fc8596)
* deploy_utils: only check glance for image properties kernel/ramdiskDmitry Tantsur2022-06-032-32/+3
| | | | | | | Other image services cannot have them, not use making a network call. Change-Id: I691ae5b67358ced5f0aa860b9ca6ccec58c897ad (cherry picked from commit 374d5e5a3037a6b985933e734e902b2e05d805bb)
* Merge "Fix rebuilds using anaconda deploy interface" into bugfix/19.0Zuul2022-03-292-33/+55
|\
| * Fix rebuilds using anaconda deploy interfaceRuby Loo2022-03-152-33/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The anaconda deploy interface was saving internal information in the node's instance_info, in the user-facing 'stage2' and 'ks_template' fields. This broke rebuilds using a different image with different stage2 or template specified in the image properties. This has been fixed by saving the information in the node's driver_internal_info instead. Addresses comments/nits from https://review.opendev.org/c/openstack/ironic/+/827924. Change-Id: Id9428518d21290fb38a0f7471a2cb69a6cb3ffb2 (cherry picked from commit ab68c9d88b76e4ff83f9dffddcc204676fdb50d5)
* | Anaconda deploy handles configdrive correctlyRuby Loo2022-03-155-10/+23
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The anaconda deploy interface wasn't handling configdrive correctly. This fixes: - the code was incorrectly treating the config drive as a dict, whereas it could also be in iso6600 format, gzipped and base64-encoded. It is handled properly now. - kickstart commands that deal with the config drive were added to the end of the kickstart file. Which means that they are executed after an ironic API request is sent to ironic to indicate that the node has been provisioned and is ready to be rebooted. Which means that there is a possible race condition wrt these commands being completed before the node is powered off. This has been fixed by putting the API request at the end of the kickstart file. Also, a sync was added to ensure that all modifications are written to disk. - extra newlines ('\n') were incorrectly added to the user data content. This broke the content-type decoding and cloud-init was unable to proces them. The extra newlines have been removed. Conflict: ironic/common/pxe_utils.py prepare_instance_kickstart_config() due to utils.write_to_file() change in master that isn't avail here. Manually fixed. Change-Id: If00342a1bfa3e87b2094061b0e2b0b69de3a8a4f (cherry picked from commit 09d8a94d5a9b3cabdf7fddc483821fd0df69e5ee)
* Merge "More fixes for anaconda deploy interface" into bugfix/19.0Zuul2022-03-144-45/+60
|\
| * More fixes for anaconda deploy interfaceRuby Loo2022-03-074-45/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The anaconda deploy interface has a few issues that are addressed here: - fixes logic in get_instance_image_info() for anaconda. If the ironic node's instance_info doesn't have both 'stage2' and 'ks_template' specified, we weren't using any values from the instance_info. This has been fixed to use values from instance_info if specified. Otherwise, they are set as follows: The 'stage2' value is taken from the image properties. We use the value for 'ks_template' if it is specified in the image properties. If not (since it is optional), we use the config option's '[anaconda]default_ks_template' value. setting. - For anaconda's stage2 directory, we were incorrectly creating a directory using the full path of the stage2 file. It now correctly creates the right directory. - The anaconda deploy interface expects the node's instance_info to be populated with the 'image_url'; added code to do that in PXEAnacondaDeploy's prepare() method. - When the deploy is finished and the bm node is being rebooted, we incorrectly set the node's provision state to 'active' instead of doing it via the provisioning state machine mechanism. - The code that was doing the validation of the kickstart file was incorrect and resulted in errors; this has been addressed. - The '%traceback' section in the packaged 'ks.cfg.template' file is deprecated and fails validation, so it has been removed. Change-Id: I953e948bcfa108d4c8e7b145da2f52b652e52a10 (cherry picked from commit 06cc5d47dcdc49193e5e4e748471eb0b9ae97bbb)
* | Merge "Inspector: better error message on DiscoveryFailure" into bugfix/19.0Zuul2022-03-072-3/+21
|\ \
| * | Inspector: better error message on DiscoveryFailureDmitry Tantsur2022-02-012-3/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The keystoneauth's error message on connection problems is very confusing: Version requested but version discovery document was not found and allow_version_hack was False While I'm trying to improve the situation in [1], it still won't be perfect. This patch adds some context to DiscoveryFailure. We should probably do the same for other services, but inspector is particularly affected since it can be used standalone. [1] https://review.opendev.org/c/openstack/keystoneauth/+/825540 Change-Id: Ibd41580d1389c7584639bf000e330fec5ee1b73d (cherry picked from commit 503e3658243bf8d793063734151c4f94e3af1fe4)
* | | Set correct initrd_filename for iPXE when using SwiftDmitry Tantsur2022-02-152-5/+14
| |/ |/| | | | | | | | | | | | | | | | | | | iPXE derives its "file names" from the last component of the URL path. In case of the conductor's local server it's {mode}_{component} where mode = deploy/rescue and component = kernel/ramdisk. However, in case of Swift/Ceph, the last component will be different. This patch accounts for it. Change-Id: I7ba5545032069509a9c302abe1c21537ccb5ec8a (cherry picked from commit c975eaa8c67d917feac75c9053cddcfb708e08a3)
* | Fix resource_url in the remaining resourcesDmitry Tantsur2022-02-0315-52/+71
| | | | | | | | | | | | | | | | | | | | Node history was particularly affected: limit was not converted from string to integer, so "next" link was never added. Add some safeguards to the generic API code. Change-Id: I1328e2f07621bf7e39b96eb4a7ddb66c9a2b65bb (cherry picked from commit 55144d3bd262be35c7a034fea083c3ed73fd63d8)
* | Add additional ramdisk testsJulia Kreger2022-02-013-1/+138
|/ | | | | | | | | | | Noticed we're missing some test coverage in regards to booting from ramdisks when I was investigating an issue which was reported against wallaby. Adds tests which *should* catch the issue I'm chasing in wallaby. Change-Id: I4965d0cc3966c50fa0485b5e194248dd2072f7a8 (cherry picked from commit e851d63464597f8825d4c14c0e632d39b82dbc4d)
* Merge "Fix validating input for redfish update_firmware" into bugfix/19.0Zuul2022-01-314-0/+156
|\
| * Fix validating input for redfish update_firmwareAija Jauntēva2022-01-174-0/+156
| | | | | | | | | | | | | | | | Story: 2009772 Task: 44249 Change-Id: I8e559b3c7e833c361e12d01d744510ac5c8d8cf6 (cherry picked from commit b824ea7fa8874e63cfe11bc82ce0dc049680344f)
* | Merge "Set resource_url when getting all ports or portgroups" into bugfix/19.0Zuul2022-01-203-2/+8
|\ \
| * | Set resource_url when getting all ports or portgroupsArne Wiebalck2022-01-183-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | Since the default value resource_url is None, make sure the parameter is set to 'ports' when getting all ports. Change-Id: Id603ae5a4a802dfc8f866b15c8d327d95eba9310 (cherry picked from commit 2ac740e09d44bb91d0ec4180a1b5e500bc844f7c)
* | | Set resource_url when getting all nodesArne Wiebalck2022-01-182-0/+10
|/ / | | | | | | | | | | | | | | Since the default value resource_url is None, make sure the parameter is set to 'nodes' when getting all nodes. Change-Id: I6cc52eb56c7888a433d24aa79154143d6f35cf83 (cherry picked from commit 69227c66c25d49beab3210bdf08f53cbde78d87f)
* | Merge "Do not fail inspection on invalid MAC" into bugfix/19.0Zuul2022-01-172-2/+14
|\ \
| * | Do not fail inspection on invalid MACDmitry Tantsur2022-01-172-2/+14
| |/ | | | | | | | | | | | | | | Some adapters may have addresses that are not MAC. See for example: https://github.com/metal3-io/ironic-image/issues/314 Change-Id: I0023e0750e372185747ca28cddd2a8dda110dd7f (cherry picked from commit 9308c0a0b689fec5ca72ecb008a824ea23667a07)
* | Merge "Fix Redfish RAID deploy steps" into bugfix/19.0Zuul2022-01-171-4/+8
|\ \ | |/ |/|
View Lorry Controller Status