Cirros, by default, as part of its initialization, copies the initial
ramdisk contents over the filesystem on disk. This changes the partition
image creation job so we do it upfront so the partition image looks like
and matches what we generally expect from a partition image as opposed
to just a kernel, ramdisk, and bootloader.
Change-Id: Idde30e33e9453f8564a7c3b9109c4e567146dee7
``redfish_system_id`` is being passed multiple times to the node at
creation as ``node_options`` never defaults back to it's initial state
throughout the iteration of the while loop.
Though it is surprisingly functional, it's fragile and this change aims
to fix that.
Closes-Bug: #2054597
Change-Id: I2c151afafb86191f047985ac00075a791639646d
A temporary path forward to increase CI stability, by pinning
to what appears to be a "good working version" of upstream dnsmasq
which does not crash fon us.
Change-Id: I3295c92fd7b7871ad351b94f4c6cf0f554279db0
dnsmasq-2.86 shipped in Ubuntu jammy has a
known issue[1] which is fixed in dnsmasq-2.87
but it's not yet released with Ubuntu jammy.
Until fixed version is available in Ubuntu
jammy let's use source install instead of
using a older version from Ubuntu focal.
[1] https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q3/016562.html
Update from Julia:
Pushing forward the source fix again as ubuntu removed the
prior path we were using as a focal package and replaced
it with a package which is demonstrating the same basic issue.
Related-Bug: #2026757
Change-Id: I7ffcd167fc1e3a8c1192d766743bb5620d85ef35
Extension to extend the default service project name
value, which if set can be overrridden in Ironic's policy
configuration.
Change-Id: I60cc53a34c7062261703492e720989efedca4f2b
When I thought change I2b4bcc748b6e43e4215dc45137becce301349032
was going to fix everything, that was with the mental model that
it was going to be enabled by default. That didn't happen in
review as part of the service, but the reality is we still have
some adjacent CI jobs which need it to operate properly.
Given CI, it is just invoked when scope enforcement is enabled
for CI purposes
Change-Id: I60074504742d8b09017acbb42d2706215b0169af
This is the first in a series of commits to add support for codespell. This is continuning the process completed in ironic-python-agent.
Future Commits will add a Tox Target, CI support and potentially a git-blame-ignore-revs file if their are lots of spelling mistakes that could clutter git blame.
Change-Id: Id328ff64c352e85b58181e9d9e35973a8706ab7a
Change the default RBAC policy in ironic such that the new RBAC
policy is enforced by default and the legacy policy is not usable
unless explicitly re-enabled.
Depends-On: https://review.opendev.org/c/openstack/metalsmith/+/905012
Change-Id: Id559f1d8b9a76c8a570b598585c2d58c56d08837
The host currently hard-coded is not functioning. This replaces
the hard-coded mirror by the local CI mirror detected. In case
mirror info is not available then upstream centos mirror is used.
Change-Id: I96a8cb45154c9dbb50efecc22d34c4ff75c6722a
After removing the iSCSI deploy and changing ISO parsing code to use
a corresponding library, Ironic no longer executes any commands as root
and it should stay this way.
Change-Id: I47d2bab9b94345fbcf89a2a80028853050a041ea
Two jobs are changed to test a reduced Redfish implementation:
one PXE job uses the minimum version (only boot/power management)
one vmedia job uses the reduced version (+ NICs, virtual media)
Change-Id: Ib3afdb26b9cd36c0e4f3d736b9c69a5bf508fc0e
Long story short, we auto-clamp down everything to 1400 bytes
due to VXLAN tunneling for multinode testing. But there are other
reasons to clamp it smaller, and we will need to clamp that further
for multinode should we mix it with OVN.
Anyway, this should make things cleaner and we should rely upon the
gate calcualted MTU as a starting place, not the guess based upon
interface list. i.e. test VM could be wrong but gate could know better.
Change-Id: I385679fe30d1447f1ed94cdf5a419e6acefbc595
Grenade is currently failing not finding the neutron command, we should
likely not be using it anyway since the deprecation message says it may
disappear after Z.
Change-Id: Ic24d59379bafcc5a630fe5c074fcc13303902965
Adds basic testing for PXE/iPXE boot secenarios where the OVN
DHCP service is used instead of dnsmasq.
Also adds a release note and documentation to cover the details
and caveats of using ovn as we have discovered through this process.
Change-Id: I28cd20a7f271220d8ca335895ca9e302452fd069
Remove the $ in the condition so that we don't attept to
execute the output from ping (i.e PING - unknown command)
Change-Id: Ic90f7c93d9a7b86fbf3f2cdef46bc1b2bbea489d
Investigation of our standalone test job issues, where jobs would
fail, hosts not get DHCP updates, and ultimately IPXE would
fail prior to getting a valid or the expected response,
revealed the discovery that dnsmasq was crashing often when
the port updates were going through, ultimately preventing
the mutli-scenario test jobs from running as the standalone
jobs represent a number of different scenarios which are
executed across a pool of test machines.
In this case, the path forward appears to be to downgrade
dnsmasq to stablize our CI and allow us to otherwise upgrade.
This patch adds the focal updates as a package source,
and installs the dnsmasq package.
Related-Bug: #2026757
Change-Id: Iacfd1ab677c612525601afcaeee5e5b067206ff3
So, I've long wondered if we still have some spanning tree behavior
going on in CI. Turns out we might, but we just rely upon the defaults
which creates a variable.
Anyway, regardless, I found some details in the ovs-vsctl manual[0], and
well, lets set the options!
[0]: http://www.openvswitch.org/support/dist-docs/ovs-vsctl.8.html
Change-Id: I8f229fa6e738a69a668d4b891723431b2da362fa
It appears nova's policies have changed, or to be more precise,
they have turned on new policy enforcement[0] and our plugin
was wrong.
+++ /opt/stack/ironic/devstack/lib/ironic:\n
ironic_configure_tempest:3205 :\n
oscwrap --os-cloud devstack-system-admin flavor show baremetal -f value -c id
ForbiddenException: 403: Client Error for url:
https://173.231.254.232/compute/v2.1/flavors/
e4312534-b349-4f70-9a1b-5806debff275/os-extra_specs,
Policy doesn't allow os_compute_api:os-flavor-extra-specs:index to be performed.
[0]: dfd7aeaf6c
Change-Id: I8070852fbe9346e346c50088537797f353753d02
We'v been able to observe one of the scenario test jobs failing
due to tinycorelinux being inaccessible. Possibly on an IPv6 only
test VM. Turns out tinycorelinux's main page is only accessible via
IPv4.
As such, I've changed the mirror to a mirror which is acessible via
IPv6 and which I've verified works for me.
Change-Id: I2b4ccd16189038ce2f054d7403775b012796aea3
In the recent change to cinder, to address CVE-2023-2088,
cinder changed the policy rules and behavior for unbinding,
or "detaching" a volume. This was because of a vulnerability
in compute nodes where a volume which was in use by a VM
could be detached outside of Nova, and nova wouldn't become
aware the volume was detached, and the volume could be accessible
to the next VM.
This vulnerability doesn't apply to bare metal operations as
volumes are attached to whole baremetal nodes with Ironic.
We now generate and use a service token when interacting with
Cinder which allows cinder to recognize "this request is
coming from a fellow OpenStack service", and by-pass
checking with Nova if the "instance" is managed by Nova,
or Not. This allows the volumes to be attached, and detached
as needed as part of the power operation flow and overall
set of lifecycle operations.
Related-Bug: 2004555
Closes-Bug: 2019892
Change-Id: Ib258bc9650496da989fc93b759b112d279c8b217
The troubleshooting kernel command line option nomodeset
unfortunately changes the way framebuffer interactions work
with graphics devices which in some cases can result in kernel
memory to be used for graphics updates. When this happens on
some specific hardware common in rack mount servers with baseboard
management controllers, this can cause the memory bus to become
locked for a brief time while the graphics update is occuring.
This locked memory bus means disk IO can become blocked,
and network cards can overflow their buffers resulting in
packet loss on top of the latency incurred by the graphics
update executing.
As such, we've removed the nomodeset option from default usage and
added a note describing its removal to the documentation along
with a release note.
Change-Id: I9084d88c3ec6f13bd64b8707892758fa87dd7f86