Commit Graph

103 Commits

Author SHA1 Message Date
Jim Rollenhagen 5c54c0938e Remove sample policy and config files
Now we have docs, lets point people there rather than attempting to
maintain a copy in tree.

Also update the devstack plugin to build ironic.conf from scratch rather
than from the sample.

Change-Id: Id65a4f803832fefe467d59147c39d2dea604ed3c
2018-02-06 10:36:12 -08:00
Pavlo Shchelokovskyy 918775cb01 Add keystoneauth adapters
Inspector sets API urls for ironic and swift from the config.
The better way would be to discovery them from the keystone
catalog.

Supporting this requires to register keystoneauth adapter
options to all config sections for service clients auth.
swiftclient still does not support adapter session client, so
pass all options from adapter explicitly.

New options were added 'service_type`, `service_name`, `region_name`
`endpoint_override`, `interfaces`.

Related-Bug: #1699547
Change-Id: I2e7ec02fdeeea21ef43136ddeabc98d499a8ba7f
Co-Authored-By: Anton Arefiev <aarefiev@mirantis.com>
2018-01-16 18:06:10 +00:00
Pavlo Shchelokovskyy 71a2bef7d9 Centralize config options
Consolidate all config options under ``conf`` directory.

New config modules should give a better picture of the configuration
options provided by the inspector.

Change-Id: I501ed0787ff4e1d91462f936e1a54de2c7abb35c
Related-Bug: #1561100
Co-Authored-By: Anton Arefiev <aarefiev@mirantis.com>
2018-01-04 20:43:58 -08:00
dparalen 260ad022c9 Follow up conf.py help text
This patch follows up on the review from the change
I2f7b8d3172f375cf65e759c9b881fcf41649c2f0 updating help text of the
purge_dhcp_hostsdir dnsmasq_pxe_filter configuration option.

Change-Id: Ice55d954b470ceda92f27a4a81d78eba46adffa7
2018-01-02 07:44:45 -08:00
dparalen 4ff0213e87 Allow concurrect updating of dnsmasq configuration
This allows multiple instances of inspector to try updating dnsmasq
configuration simultaneously.  The goal is to be able to (test) run an HA
inspector on a single node.

A new config option `dnsmasq_pxe_filter.purge_dhcp_hostsdir` is introduced to
be able to disable purging of the dhcp hosts directory in case multiple
inspector instances are expected to run on the same node.

Change-Id: I2f7b8d3172f375cf65e759c9b881fcf41649c2f0
Closes-Bug: #1722267
2017-11-27 18:54:55 +01:00
dparalen 8ddfacdf34 Introducing a dnsmasq PXE filter driver
A PXE filter driver is introduced that works by configuring and controlling
the dnsmasq service.

Closes-Bug: 1693813
Related-Bug: 1665666
Change-Id: I63fe91ee4f9ac3021bcfd9a4a378af56af800fac
2017-11-22 15:08:23 +01:00
Zuul f02eda0315 Merge "Refactoring the firewall" 2017-10-19 21:40:25 +00:00
dparalen 7b27585463 Refactoring the firewall
Adopting the PXE filter interface/driver concept

Related-Bug: 1665666
Change-Id: If83db978080b9c4e5d51ba50bbe8ed26e29abe83
2017-10-19 16:38:15 +02:00
Pavlo Shchelokovskyy 198ef70c2b Add request context and policy enforcement
this patch introduces an oslo.policy-based API access policy
enforcement engine to ironic-inspector.
As part of implementation, a proper oslo.context-based request
context is also generated and assigned to each request.

Short overview of changes:

- added custom RequestContext class

  - extends oslo.context to handle of "is_public_api" flag
    (False by default)

- added context to request in each API route

  - '/continue' api sets the "is_public_api" flag to True

- added documented definitions for API access policies and their
  defaults
- added enforcement of these policies on API requests
- added oslo.policy-specific entry points to setup.cfg
- added autogenerated policy sample file with defaults
- added documentation with autogenerated policies

Change-Id: Iff6f98fa9950d78608f0a7c325d132c11a1383b3
Closes-Bug: #1719812
2017-10-13 11:55:52 +00:00
Pavlo Shchelokovskyy a65a2ee5d2 Properly init config in unit tests
upcoming policy-related changes need a properly initialized
global oslo_config's CONF instance, which inspector's unit tests
currently lack.

As a side effect of implementing this, the 'dbsync' module was
changed to not register it's CLI options right on its import.

Also, setting default log levels was moved to a function which
is already registered as the one providing defaults to options
in oslo_config's entrypoints. Config sample is updated accordingly.

Change-Id: I20bc537605062900d00fcc0343172774c1cd1363
2017-10-06 08:23:06 +00:00
Jenkins 0d28939315 Merge "PXE filter options have no effect yet" 2017-08-15 18:13:02 +00:00
dparalen 552b3ef946 PXE filter options have no effect yet
Updating the CONTRIBUTING.rst, config.py and example.conf to inform the
Operator (and Developer) that the PXE filter options have no effect yet.

Change-Id: I032114934e300af1e1908369552f1b06c939002f
2017-08-15 16:02:43 +02:00
dparalen 7d4488b9d2 Syncing example.conf
Just noticed example.conf is out of sync

Change-Id: Ic9a8d0b75731bb99140d83678fe851faff7f2e78
2017-08-15 15:24:07 +02:00
Anton Arefiev 8fd9f73a9c Clean up deprecated config options
Remove deprecated in ocata options: `introspection_delay_drivers`
and `log_bmc_address`.

Change-Id: I52a7c48609af558cd641d544910be8bce13968a5
2017-08-09 11:38:29 +03:00
dparalen e02bc755a6 PXE boot filtering drivers
Introduce a driver concept for PXE filtering

Change-Id: I73297771c4118f368b80a5f1021a0d5c3fc8b96e
Closes-Bug: 1665666
2017-06-28 12:25:37 +02:00
Chris Krelle f61a75aaa0 add disabled option to VALID_ADD_PORTS_VALUES
This allows inspector to create nodes without creating ports for the node.

Change-Id: Ife4c06d20e9217f0a308fef19177884596c6cf2d
Closes-Bug: #1693892
2017-06-23 10:09:45 -07:00
Dmitry Tantsur dd37dbaae9 Deprecate removing old status and disable it by default
We no longer have to do it, now that we can remove statuses for removed nodes.

Change-Id: Iacc546d265270983c6a360a92073acde9d9b36c7
Closes-Bug: #1695858
2017-06-13 13:43:19 +02:00
Dmitry Tantsur bcfdc2e4ad Regenerate example.conf
Change-Id: Ib585acc8ace1b72932ad8ddeccaf339757869ad6
2017-06-09 14:06:26 +02:00
Vasyl Saienko 6917c21246 Update config sample
Change-Id: Ie12f112f74c64543f8ba0a57a0f8f805a029a5c1
2017-03-30 13:00:23 +03:00
Moshe Levi 1dce3b12d3 Adding InfiniBand Support
InfiniBand is computer-networking communications standard
used in high-performance computing, features very high
throughput and very low latency.
This patch allow ironic-inspector to add the client_id
to ironic port extra. The client_id option allow pxe boot
from InfiniBand interface.

Closes-Bug: #1532534
Depends-On: Ifad453977e5d3be64b34e544f269835a72b4d73f
Change-Id: I479d54c29bcacb6bd5c1ab20033ae6e428b0e744
2017-02-01 08:34:38 -05:00
Jenkins 0b634ed5b3 Merge "Clean up deprecated configuration options" 2017-02-01 12:00:20 +00:00
Jenkins 805dbca194 Merge "Deprecated log_bmc_address option" 2017-02-01 12:00:12 +00:00
Jenkins 595ad3a513 Merge "Deprecate introspection_delay_drivers option and make it no-op" 2017-01-30 16:07:21 +00:00
Dmitry Tantsur 73584d27bb Clean up deprecated configuration options
Mostly removes old authentication options and support for [discoverd].

Also update example.conf to the latest version.

Change-Id: Ided8705c4345a1170c211d926d916cec2173ccb9
2017-01-27 10:22:55 +01:00
Dmitry Tantsur 0a321235bf Deprecate introspection_delay_drivers option and make it no-op
With switch to virtualbmc we can no longer distinguish between virtual
and bare metal nodes. To stay on a safer side, introspection_delay now
affects all drivers.

I'm also aware of similar DHCP problems on bare metal.

Also renamed unit tests for clarity.

Change-Id: I7d69cd899ec4d893b21cc49d59834dd3c83e0fe2
2017-01-26 13:56:53 +01:00
Dmitry Tantsur 2de54194a0 Deprecated log_bmc_address option
We already have too many options to my taste, and this does not seem too useful:
we anyway don't log BMC address if it's empty.

I think we should provide consistent logging experience.

Change-Id: I8ae8856bdc1ff26065c626837df9edc3016737e4
2017-01-26 12:54:46 +01:00
Dmitry Tantsur 635db52b4d Deprecate setting IPMI credentials
This feature is dangerous, barely maintained and not covered by any CI.
As it was hidden behind a configuration option, we can remove it without
breaking our API contract too much. This change deprecates the option,
and create an API version with this feature already de-activated.

Change-Id: I9e05c36b8c1194f4eeeb80c1f811e808854974c4
Partial-Bug: #1654318
2017-01-17 14:01:25 +01:00
Pavlo Shchelokovskyy 208088186b Add drac_address to ipmi_address_fields
Since Ia23e8582a398dca9ca11762ee6fe1789fdba9777 ironic's DRAC drivers
deprecated 'drac_host' driver_info field in favor of 'drac_address'.

This patch adds 'drac_address' to default value for 'ipmi_address_fields'
config option so that inspector can support both nodes with old and new
driver_info field.

Change-Id: I90559d7a99462cd0de2a0c8ce047015955b8cfda
Related-Bug: #1644210
2016-12-15 17:15:25 +02:00
Pavlo Shchelokovskyy fe7b4e3267 Update config sample
all changes are from inspector dependencies.

Change-Id: Ib226a32716458ac6b22f2d13b60d08a49461cdfe
2016-12-15 16:42:39 +02:00
dparalen 7cb40d5fec Add API for listing all introspection statuses
This patch introduces an API endpoint to list introspection statuses.  The
endpoint supports pagination with an uuid-marker and a limit query string
fields.  Due to the pagination, this change introduces a new configuration
option: ``api_max_limit``.

APIImpact

Change-Id: I74d02698801d5290619161b2d8d7181ab51a0a5e
Partial-Bug: #1525238
2016-11-21 15:58:24 +01:00
Julia Kreger c4ec98b754 Correct conf.py missing space
Change-Id: Ie86169092dec09647d356b65c5eea76e49e7519e
2016-10-13 18:29:44 +00:00
Vasyl Saienko 8789b5a57b Add translation marker to help of config opts
This patch adds missed translation marker _() to help messages
of config options.

Change-Id: Ica5c7f148cb0610c008444375e6e8b5ec0e449b3
2016-09-13 10:30:01 +03:00
Zhenguo Niu a97c8cb6a3 Add config to skip power off after introspection
This adds configuration option 'processing.power_off'
defaulting to True, which will prevent powering off the
node after introspection

Change-Id: I16eb6b73fd57e84175bbce81c79e432ed8d1d3fa
Closes-Bug: #1488534
2016-07-19 19:44:06 +08:00
Zhenguo Niu 4735ab87f3 Update example.conf
Change-Id: I9ca9bc0cb82e388987342a3a597c15524bab8808
2016-07-19 19:40:07 +08:00
Dmitry Tantsur c98d3f479b Allow customizing ramdisk logs file names and simplify the default
The template for ramdisk logs file names can now be changed via
the configuration. The default now contains only node UUID and datetime.
Also a proper tar.gz extension is appended to avoid confusion.

Depends-On: Ie507e2e5c58cffa255bbfb2fa5ffb95cb98ed8c4
Change-Id: I738f9bd35705d0d11c95b0164186ed0b366b5252
2016-07-01 14:30:44 +02:00
Dmitry Tantsur b2c2767147 Add a plugin for capabilities detection
Supports boot_mode and CPU flags.

Change-Id: Idee87a9fa0c89e51993735e69906f5688bfe23aa
Closes-Bug: #1571580
2016-06-06 13:18:09 +00:00
Zhenguo Niu 3505a8e932 Use PortOpt type for port options
Change-Id: Icdc27af7a10ff249235e927431a41ec0874bd154
2016-05-04 17:44:27 +08:00
Pavlo Shchelokovskyy 35f332539d Use keystoneauth for Ironic and Swift clients
This patch does not change the options in config file yet to showcase
backward compatibility with old config options.

Change-Id: I1da93b59b2f4813c42008277bd6479dc6673e7f1
2016-03-25 13:08:15 +02:00
Jiri Tomasek 19fe16fd42 Added CORS support to Ironic Inspector
This adds the CORS support middleware to Ironic Inspector, allowing a deployer
to optionally configure rules under which a javascript client may
break the single-origin policy and access the API directly.

OpenStack CrossProject Spec:
   http://specs.openstack.org/openstack/openstack-specs/specs/cors-support.html
Oslo_Middleware Docs:
   http://docs.openstack.org/developer/oslo.middleware/cors.html
OpenStack Cloud Admin Guide:
   http://docs.openstack.org/admin-guide-cloud/cross_project_cors.html
DocImpact: Add link to CORS configuration in admin cloud guide.

Change-Id: I467d4e14b27f1d4808786d431aff66808c707a99
2016-03-14 15:29:09 +01:00
Pavlo Shchelokovskyy b804efeb02 Move ironic options to common/ironic
make it similar to how Swift options are handled

Change-Id: Ib155086f68970b6e74cb348778fcb4a6361c54ba
2016-03-07 13:56:55 +01:00
Dmitry Tantsur 5b02024cca Use futurist library for asynchronous tasks
A green thread is now used instead of spawn_n for running asynchronous
operations during introspection, processing and aborting.
The existing periodic tasks are now run using Futurist PeriodicWorker.

Main shut down procedure was split into a separate function for convenience.
Also updated the example.conf to the latest versions (some pending updates from
3rdparty libraries included).

Change-Id: Id0efa31aee68a80ec55e4136c53189484b452559
2016-03-02 15:40:01 +01:00
Anton Arefiev 5086d93b41 Add enroll_node_not_found hook
Add new node_not_found_hook - enroll_node_not_found hook,
which allows to enroll unknown nodes to Ironic automatically.

Change-Id: If1528688504e4be4b2369b985bc576544d96868d
Related-Bug: #1524753
2016-03-01 14:00:31 +02:00
Anton Arefiev 88bac30992 Update example.conf
Change-Id: I478f1a63a84de2ece34a5d5f391e5017226b93e6
2016-02-09 14:47:30 +02:00
Dmitry Tantsur 0423d93736 Track node identification during the whole processing
Currently our logging in processing is very inconsistent:
some log strings mention node UUID, some - node BMC IP, some nothing.
This change introduces a common prefix for all processing logs
based on as much information as possible.
Only code that actually have some context about the node (either
NodeInfo or introspection data) is updated.

Also logging BMC addresses can be disabled now.

Updates example.conf (a lot of updated comments from oslo).

Change-Id: Ib20f2acdc60bfaceed7a33467557b92857c32798
2016-01-13 12:23:15 +01:00
Yuiko Takada 52ef561c9f Use rootwrap to execute iptables instead of requiring root
This patch set adds support for rootwrap in order to execute iptables.

Co-Authored-By: Dmitry Tantsur <dtantsur@redhat.com>
Change-Id: I7c424c17222f119730b8c5ac0daafd9906282e4d
Closes-bug: #1495844
2015-09-23 13:27:15 +02:00
Dmitry Tantsur 13b11c8052 Smart root disk selection including support for root device hints
Creates a new plugin root_disk_selection which uses root device hints
and IPA inventory to calculate a root disk.

Update scheduler plugin to support 'root_disk' field in introspection
data. This field is populated by both root_disk_selection plugin
and IPA itself. The latter value is now used when root device hints
are not provided.

New option disk_partitioning_spacing regulates whether to substract
1 GiB from local_gb. Previously it was unconditionally done by
the ramdisk.

Change-Id: I8d60e3483ab5d7d181e231fe413fcd16192e0e97
Depends-On: Ie19b82ff2a914873ff4b2395b02643e086b934b1
Implements: blueprint root-device-hints
2015-09-16 19:22:32 +02:00
Dmitry Tantsur 5831723eb6 Make list of ipmi_address-alike driver fields configurable
Add cimc_address approved as part of
http://specs.openstack.org/openstack/ironic-specs/specs/approved/cisco-imc-pxe-driver.html

Change-Id: Id16e0e253eb21def26a089063a528308262d5a01
Closes-Bug: #1488525
2015-09-01 09:25:11 +02:00
John Trowbridge 6eb9f58c87 Store and expose introspection data
This adds the ability to store all of the data collected
during introspection. The configuration option
"[processing] store_data" (defaults to 'none'), determines
this behavior. Initially, only 'none' and 'swift' are
supported. If 'swift' is used, the data is stored in Swift
with the object name of "inspector_data-<UUID>".

Adds an endpoint /v1/introspection/<UUID>/data which
retrieves the data according to the method in
"[processing] store_data". Returns 404 if this option
is disabled.

There is a further option to store the location of the data
in the Ironic Node.extra column. For 'swift', this will be
the name of the swift object. The option,
"[processing] store_data_location" determines the key
name in the Node.extra column. (defaults to not storing
the location).

Change-Id: Ibc38064f7ea56f85b9f5a77ef6f62a50f0381ff4
Implements: blueprint store-introspection-data
2015-08-27 20:18:54 -04:00
Yuiko Takada cf117dcc2b Make Swift endpoint type configurable
Currently, Ironic Inspector talks with Swift using public API endpoint.
This patch fix this by making endpoint type configurable and also make
default value "internalURL".

Change-Id: Iab7d6a995d484bebb4338ffd307afcea132c0f20
Closes-Bug: #1470565
2015-08-12 18:48:36 +09:00
Yuiko Takada 6ce87e8f42 Migrate to oslo_log
Use oslo_log instead of logging module.

Change-Id: I0e9c9b9b68ba9c8c4f1c0cdd0746991c53e2d7e5
Closes-bug: #1475690
2015-08-12 09:23:18 +09:00