Switches to the built-in inspection by default and deprecates support
for ironic-inspector. The actual removal should happen after we get
inspection rules in since it's the last feature that is relevant for
bifrost.
Depends-On: https://review.opendev.org/c/openstack/ironic/+/907398
Change-Id: Id157d5ada2ff3f87f3f4d161423b1f3989f73194
This is the first in a series of commits to add support for codespell. This is continuning the process completed in ironic-python-agent.
Future Commits will add a Tox Target, CI support and potentially a git-blame-ignore-revs file if their are lots of spelling mistakes that could clutter git blame.
Change-Id: I41b2db35cdf21917ac20ed0866af3b9c94789f0b
Often it is beneficial to use the functionality provided by `use_cirros`
and `cirros_deploy_image_upstream_url` to download and test with images
of other OS distributions. This patch changes the variable names to
reflect that use case.
`use_cirros` -> `download_custom_deploy_image`
`cirros_deploy_image_upstream_url` -> `custom_deploy_image_upstream_url`
The functionality of the old variables is retained for backwards
compatability.
Co-Authored-By: Alex Welsh <alex@stackhpc.com>
Change-Id: I8b3a973bd5ef19333af563c170b2a28fbbfb5c76
The epel packages are installed but their content is purged in the
centos nodes. Removing and reinstalling them when we run tests in
CI to reenable their content.
Change-Id: Ibf1d810a37811151449f79a24bb837db6663cce5
It is now possible to do a PXE network boot with grub as an
alternative to iPXE. Grub is loaded via the signed shim, so it may
allow end-to-end automated deployments with secure-boot enabled.
To use grub network boot, deploy bifrost with variable
``default_boot_interface`` set to ``pxe``.
This feature is tested by job
bifrost-integration-redfish-uefi-fedora-latest.
test-bifrost.sh is also modified to only enable the hardware-type
driver which matches driver used for test nodes. This allows a default
interface to be set which is not supported by one of the enabled
drivers (for example, ironic will exit because the ilo driver doesn't
support the pxe boot interface)
Change-Id: I8ac33d0aa0f71b092d2c0538ac3a73491ff44921
Enable the dnsmasq DHCP provider by default, so it is tested in all
jobs except bifrost-integration-dhcp-ubuntu-focal and
bifrost-integration-dhcp-centos-9, which use the "none" provider and
the old static dnsmasq.conf.
Depends-On: https://review.opendev.org/c/openstack/ironic/+/851681
Change-Id: I3a41541ededb647a45f91cb17aff1c6c9b84ab41
Story: 2010203
Task: 45923
Probably should have happened a long time ago [1]. netstat doesn't
come out-of-the-box with some distributions these days.
[1] https://lwn.net/Articles/710533/
Change-Id: Idcd2099cca715837a3ad9bd595fa8f08531ef863
This is a documented feature, we need to validate it.
Rename a variable to prevent it from clashing with one in the roles.
Pull cloud configuration to be able to work with TLS.
Change-Id: Ie41060dba2ae8c2dd88e0e6f9b574b7214302983
With the changes to bifrost-ironic-install required_defaults for
the RedHat_family, we can now try to not get in the way of
deploying on distros like almalinux and rocky.
Fedora 32 has been EOL for close to a year, so we'll just assume
firewalld for that case. Distributions RedHat, CentOS and Fedora
are in the RedHat_family, so assume firewalld all distributions
in the family.
Change-Id: I1c8b768a3daf0af0d8e30d935558b6fdd912adfd
* Prefer modern SSH key algorithms
* Generate an ECDSA key if Cirros is used
* Always resolve symlinks when copying logs
Remove all previous work-arounds.
Change-Id: Ie9248584c71f7d326d5839710d6b9bdf6d779749
The epel repository is used only when we need to build a debian-based
IPA image, so we enable it only in that case for CentOS Stream 8/9.
The configuration procedure is explained in the official guide [1].
[1] https://docs.fedoraproject.org/en-US/epel/#_el9
Change-Id: I57513883c0fa8d6ffb2c70debb81d5e7e6d8b221
It's dangerous to allow a regular user to write into the source code of
the services. The repositories are still writable, so that the
development workflow can still use the ``--develop`` flag to make
modifications.
While here, remove the horribly outdated and broken ANSIBLE_INSTALL_ROOT.
Change-Id: Id2e25dd57668d24a11dc2cd16eea2b607b7a3f16
Make the HTTP directory not world readable by default.
Images may contain secrets, so regular users should not read them.
Add nginx and dnsmasq to the ironic group so that they can read ironic
files that are group accessible.
Change-Id: Iaa8585fb48e5db6c0d5063dca0d84c9d2300f0c9
It is recommended to pass the same variables (e.g. testing) to other
commands and playbooks, the new file makes it possible.
Change-Id: I2adc4e2dcfd8555b2c9e6c3bf0f512f603367091
There is no guarantee that /var is not on a separate filesystem. Also
we should not pollute the root directory with our stuff.
The TFTP directory /tftpboot is left where it is, since it needs to be
accessed by dnsmasq. We may consider moving it later on.
Removes the wildly outdated statement about purging the image cache
from the documentation.
Change-Id: Ib1e46e7a9c5eec193082858614026ca4c9f537ac
Trapping on ERR does not do what is implied here and is redundant when
trapping on EXIT is used together with `set -e`. The real problem is
that in the CI scripts we pipe test-bifrost.sh into tee with a log file
without setting -o pipefail in bash. This change fixes it.
This reverts commit b31bc66726.
Change-Id: Ifca4049f5967c0b2153ecffb4c153a96b4a62cc7
Using the emperor mode of uWSGI is redundant now that we depend on
systemd. This change switches uWSGI Keystone to systemd template services
based on the recipe from the uWSGI documentation [1].
A new role is created to encapsulate the uWSGI login in anticipation of
switching Ironic API to uWSGI as well. Reduce repetition in Keystone.
[1] https://uwsgi-docs.readthedocs.io/en/latest/Systemd.html
Change-Id: I50bc3f7a4faf14c36b92e7656b7149e9c833c85e