After removing the iSCSI deploy and changing ISO parsing code to use
a corresponding library, Ironic no longer executes any commands as root
and it should stay this way.
Change-Id: I47d2bab9b94345fbcf89a2a80028853050a041ea
The iSCSI deploy was very easy to start with, but it has since become
apparently that it suffers from scalability and maintenance issues.
It was deprecated in the Victoria cycle and can now be removed.
Hide the guide to upgrade to hardware types since it's very outdated.
I had to remove the iBMC diagram since my SVG-fu is not enough to fix it.
Change-Id: I2cd6bf7b27fe0be2c08104b0cc37654b506b2e62
The file is included in the ironic-lib module and there is no
difference (beside some comments) in the files.
For packagers, this solves the problem that ironic-lib and ironic are
currently not installable together given that both packages contain
the same file.
Story: 2006604
Task: 36772
Depends-On: https://review.opendev.org/684771
Change-Id: I2d800d4c2616ccd9d9f12a2fe59e259def15dc6b
Now we have docs, lets point people there rather than attempting to
maintain a copy in tree.
Also update the devstack plugin to know nothing about policy.json, as it
never allowed for customizing the location or the contents anyhow, and
to build ironic.conf from scratch rather than from the sample.
Change-Id: I10a4987204eb335f1fed29d4b1d7f3e075aa1792
Also address small issues in the release note for the migration
to hardware types.
Change-Id: I32998c5508e01882714a76751482a916d066f938
Partial-Bug: #1690185
As ``rescue`` API implementation has merged, we can let users use
configuration parameters related to this feature. This patch fixes
the help messages for the same.
Change-Id: Idab95302011c3bb3f1db560a6a3f9481371e7671
Partial-bug: #1526449
This patch removes the ``python-oneviewclient`` library from
``oneview`` hardware type since it was migrated to ``hponeview``
and ``python-ilorest-library``.
Change-Id: I3393189abdff6a0e56f54375877cc310d72ff5b1
Closes-Bug: #1693788
Adds basic CRUD on traits, including set and delete of individual
traits.
Bumps the API microversion to 1.37.
NOTE: This patch does not implement the advanced filtering outlined in
the OpenStack API working group's tags guidelines[1]. That will be
implemented in a separate microversion as a follow up patch.
[1] http://specs.openstack.org/openstack/api-wg/guidelines/tags.html
Change-Id: I313fa01fbf20bf0ff19f102ea63b02e72ac2b856
Partial-Bug: #1722194
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Ensure nodes don't get stuck in rescuewait forever when
a rescue ramdisk fails to boot and start heartbeating.
Change-Id: I15a92c0f619505e25768dc2fbc1b2a796f0b38fa
Related-bug: #1526449
Co-Authored-By: Jay Faulkner <jay@jvf.cc>
Co-Authored-By: Mario Villaplana <mario.villaplana@gmail.com>
Co-Authored-By: Jesse J. Cook <jesse.j.cook@member.fsf.org>
Co-Authored-By: Aparna <aparnavtce@gmail.com>
Co-Authored-By: Shivanand Tendulker <stendulker@gmail.com>
Adds methods `add_rescuing_network` and `remove_rescuing_network`
to add/remove rescuing network to `network` interface.
These methods are not added to `flat` network interface.
The 'flat' network uses same network for tenant and provisioning.
It makes sense to use the same for rescuing as well; as opposed
to a separate network like we have for cleaning.
Change-Id: I8f4123bfe7d293e8ff6f3bfc2f25445a39c94c73
Related-bug: #1526449
Co-Authored-By: Jay Faulkner <jay@jvf.cc>
Co-Authored-By: Mario Villaplana <mario.villaplana@gmail.com>
Co-Authored-By: Jesse J. Cook <jesse.j.cook@member.fsf.org>
Co-Authored-By: Aparna <aparnavtce@gmail.com>
Co-Authored-By: Shivanand Tendulker <stendulker@gmail.com>
This patch proposes to add new interfaces for management and power
for the Lenovo XClarity Driver.
Change-Id: Ic2743f9a4959a6165a7ec40f4772afb231205f36
Closes-Bug: #1702508
This patch implements uWSGI support for ironic API service.
ironic/api/app.wsgi is deprecated in favor of pbr generated
ironic-api-wsgi
Co-Authored-By: anascko <ovoshchana@mirantis.com>
Change-Id: Ieb68c1042e31b77f9a549fd90afe31a65008deca
Closes-Bug: #1719260
Closes-Bug: #1668966
This commit adds `rescue` interface to `BaseDriver` and implements
it for `fake-hardware` hardware type. It adds configuration
parameters '[DEFAULT]/enabled_rescue_interfaces' and
'[DEFAULT]/default_rescue_interface'. The default value of
configuration parameter '[DEFAULT]/enabled_rescue_interfaces' is
`no-rescue`.
It adds new rescue states and a new 'rescue' field to the Node
object. It adds objects.node.Node._convert_to_version().
The method handles converting the new rescue_interface field
between different versions of the Node.
Partial-bug: #1526449
Co-Authored-By: Jay Faulkner <jay@jvf.cc>
Co-Authored-By: Josh Gachnang <josh@pcsforeducation.com>
Co-Authored-By: Jesse J. Cook <jesse.j.cook@member.fsf.org>
Co-Authored-By: Mario Villaplana <mario.villaplana@gmail.com>
Co-Authored-By: Aparna <aparnavtce@gmail.com>
Co-Authored-By: Shivanand Tendulker <stendulker@gmail.com>
Change-Id: I1534247bf207a20a7a58534988192aef392eaff2
In a homogeneous hardware deployment that uses the same ramdisk for all
nodes, and possibly the same playbooks for actions with ansible deploy
interface, it is benefitial to make defaults of various `ansible_`
driver_info fields to be configurable via ironic configuration file
to simplify node enrollment.
This patch also deprecates `ansible_deploy_username` and
`ansible_deploy_key_file` options in node's driver_info in favor of
`ansible_username` and `ansible_key_file` respectively.
Change-Id: Ib198c07c1d414c0d78950e5d98a5176e12a7df13
Closes-Bug: #1736409
removes code that allowed some service sections to not have and use
keystoneauth adapter options.
Also deprecates `[keystone]region_name` option in favor of per-client
option of the same name.
Change-Id: Ifd58947b016bfa93b516dd47a170ba8f5abf277e
Closes-Bug: #1699547
deprecates the following options in [neutron] section:
- url
- url_timeout
- auth_strategy
Changes some internal networking-related functions/methods
to accept a request context as optional keyword argument (defaults to
None).
This allows to pass a global request id to neutron client and
in future will simplify creating a user auth plugin from request
context.
For backward compatibility, when calling those functions/methods
without a request context, a dummy request context will be generated
automatically.
Change-Id: Ib327c7a141cfbca63b870027ad8e901c0f48bb2d
Partial-Bug: #1699547
In many cases, including devstack and TripleO, the swift account to use
is based on the project_id of the 'service' project, so it makes sense
to use it as a default.
Similarly, the temporary URL key can be fetches from Swift, using HEAD
on the account used to access it.
In both cases it is assumed that the same project is used by Ironic
and Glance to access Swift. Explicit values have to be provided
otherwise.
Finally, the endpoint URL can be fetched from the service catalog. Care
is taken to strip the /v1/AUTH_<tenant ID> suffix.
Closes-Bug: #1737714
Change-Id: I701899928f0f780939f17aabc59eb90593ba95f0
in the change I52f1386df45ebe0a43b11fe1583e012dfa3af532
we lost most of swiftclient options in a belief that those are handled
by the keystoneauth session passed to the swiftclient.
In fact though, swiftclient only uses this session to get itself an
endpoint and a token, but it has no SessionClient, and does not use that
passed in session to make further requests to swift itself.
This patch restores all the logic that we had to decompose the session
object loaded from config to options that are passed to swiftclient
explicitly.
Change-Id: I08f382aa9d2ad22f7dbd65f7b54a8dd0a765ba44
Partial-Bug: #1699547
Closes-Bug: #1736158
During a rolling upgrade, when the new services are pinned to the
old release, the API version will also be pinned to the old release.
This will prevent users from accessing new features that may not quite
work.
The .sample was updated to reflect the change to the help string for
the [DEFAULT]/pin_release_version configuration option. The update also
pulled in changes for other options, from other (non-ironic) libraries.
Change-Id: I38a0f106b589945fb62071f3dfe5bff43c6fee93
Partial-Bug: #1708549
This updates ironic.conf.sample to include the new configuration
option default_resource_class. This is a followup to
265993316b.
Change-Id: I7615167c331f7db16b27575affb5c4ea66228a5f
Related-Bug: #1732190
This update enhances iRMC out-of-band hardware inspection for
FUJITSU PRIMERGY bare metal nodes having iRMC S4 and beyond.
The capabilities are server_model, rom_firmware_version,
pci_gpu_devices, trusted_boot and irmc_firmware_version.
Co-authored-By: Nguyen Van Trung <trungnv@vn.fujitsu.com>
Change-Id: I1958e18a5b9d933e2aa405b200bac7717f146611
Closes-Bug: #1637422
Inspector-client is a bit lacking behind other clients, as it does not
have Adapter-based SessionClient and thus does not support all
adapter-related options.
That's why we construct a session and an adapter from config section,
use adapter to resolve inspector API from service catalog
(or return the fixed endpoint_override one)
and then pass the session and inspector API endpoint to client.
This patch also deprecates `[inspector]service_url` in favor of
`[inspector]endpoint_override`.
As a side-effect, addressig inspector service now supports both regions
and interfaces to specify entry in service catalog.
Also, inspectorclient calls are now being made with the user token
(wrapped with a service token) when there is a token in the task's
request context.
Change-Id: I21836e712fa9764468ac2654525554b5b4f03741
Partial-Bug: #1699547
this patch changes the way glance client is instantiated, using
keystoneauth sessions and adapters.
In order to support glance API endpoint discovery from keystone catalog
and more unified way of client loading,
many options in `[glance]` config sections are deprecated,
mostly those that specified a (set of) glance API endpoint(s)
or parts of glance API address.
Instead, a single option `[glance]endpoint_override` must be used when
required to access a specific (possibly load-balanced)
glance API endpoint without discovering it from keystone catalog.
Another set of deprecated options are those that are duplicating
keystoneauth session options in [glance] section.
Also, intrinsic support for parsing the glance API URL from image ref
set to the full glance REST path to the image is removed as it was not
working any way since an 'http(s)://' image ref is not treated
as a glance image.
Change-Id: I6a93b71ac097e951dfc93fd1ee4d7ef483514f2c
Partial-Bug: #1699547
Closes-Bug: #1699542
As part of the process for doing an ironic release, we need to
add the new release to the release mappings as documented in
https://docs.openstack.org/ironic/latest/contributor/releasing.html.
This is needed for rolling upgrades to work.
This adds ironic 9.2 to the release mappings.
Change-Id: Id1ace223c91c2e63529c16450f7c0a92eaca521b
this patch pulls the ansible deploy interface code
and related ansible playbooks and auxiliary files
from ironic-staging-drivers project into main ironic tree.
As discussed in the spec, the use of ramdisk callbacks
(lookup and hearbeats) is now mandatory with this deploy interface.
Playbooks and modules were updated to require Ansible>=2.4,
and custom Ansible module for executing 'parted' was replaced
with usage of built-in Ansible module.
The custom Ansible callback plugin now uses journald logger
by default to adapt to the default DevStack setup.
Documentation and devstack plugin changes enabling automated
testing of this interface will be proposed in followup patches.
Change-Id: I43f54688287953ccb1c2836437aea76236e6560b
Related-Bug: #1526308
glance_host, glance_port and glance_protocol options in [glance]
config section were deprecated during Pike and can be removed already.
Change-Id: I93739a17cfaf1cee5fa23f3fc24325d63f68aa74
Now that the BFV implementation with iPXE was completed, the
parameters in [cinder] group can be exposed. This patch fixes the help
messages.
Change-Id: I9f20d478334901140f7c1639d8f0bb0612ae5de0
Related-Bug: #1559691
Now that we've released Pike and master is open for Queens
development, we need to remove the release mapping information
for Ocata, to prevent unsupported rolling upgrades from
Ocata to Queens. We only support rolling upgrades from Pike
to Queens (master).
Change-Id: I440b9a4c8ef6024a47b66b0de4fd841b7f15df2e
The policy-and-docs-in-code Queens goal outlines the work
required for projects to move policy into code and document the
operations and defaults.
This commit replaces occurrences of RuleDefault
with DocumentedRuleDefault where appropriate,
which requires additional attributes when used that supply more
documentation in rendered policy files.
Using DocumentedRuleDefault produces more descriptive generated policy
descriptons in 'configuration' section of ironic docs.
Change-Id: Idc35a5fbe2583e5fd712108a48eb9cec7cbecb76
Closes-Bug: #1716772
Currently ironic explicitly or implicitly sets the API urls
for most services in the config.
This is quite fragile and we should move to discovery from
the keystone catalog eventually.
To support this, this patch registers `keystoneauth1.adapter.Adapter`
options to all config sections for service clients auth.
Among others it exports `interfaces` option that we set to
['internal', 'public'] by default.
Other exported options are `service_type`, `service_name`, `region_name`
and `endpoint_override`.
The latter will eventually be used by all clients to specify a specific
endpoint to use (for example in noauth mode).
Effectively this patch starts to move all clients code to load client
configuration from config for all of auth, session and adapter.
The first to move is [service_catalog] section, with [conductor]api_url
option being deprecated in favor of [service_catalog]endpoint_override.
A sane default of 'service_type' = 'baremetal' is set for this config
section as well.
More patches moving other clients to consume these new options and
deprecate some other options will follow.
Change-Id: I1283ef3b4d736ac089df0cc74a5850a93b24b6ab
Partial-Bug: #1699547
Related-Bug: #1699542
Dmitry Tantsur