pytz will be removed from RHEL/CentOS 10 because of the built-in
zoneinfo[1].
Because the current usage of pytz can be very easily replaced, this
removes the dependency on pytz.
[1] https://issues.redhat.com/browse/RHEL-219
Change-Id: Iafcaf2f1095cd7c738dac391a9af10622806e932
Primarily remove the workaround added in
Ia6d512ff2ae417bab938cb095fbb0884d195010a which added
continued use of autocommit, which is incompatible with
SQLAlchemy 2.0.
Also set the environment for unit tests to report compatability
warnings, although it appears none are being reported at this time.
Also cuts out the db upgrade cruft to only use the online database
migration code through oslo_db's enginefacade, which has the smarts
to handle online or offline migrations.
And then, retools unit/functional test data storage to utlize sqlite,
and in that re-tooled the queries to prevent locking conditions
which could exist with queries, and some additional refactoring/cleanup.
Also, don't mock and test time.sleep().
Additionally, it looks like we have discovered the root cause of the
memory/connection leakage issue which has been observed, due to the
way lists of nodes are processed/returned.
This change was based upon the work in
I506da42a9891a245831f325e34bec92e0a3f33f0 which is included in
this commit as the entire database structure and interaction
has been modified for ironic-inspector.
Co-Authored-By: aarefiev <aarefiev@mirantis.com>
Story: 2009727
Task: 44132
Change-Id: Ic88eb9dec5fddc924a72d9a23c17a304954ebf46
Sync with ironic configuration to fix grenade job
Drop lower-constraints.txt and its testing (was [1])
Fix ironic-inspector-tempest-managed-non-standalone sine we're here
[1] https://review.opendev.org/c/openstack/ironic-inspector/+/840075
Change-Id: I9b08c6e61c39a0e5616e51256f76a19dc5fd00c0
Update minimum required versions of python packages.
The updates is based on crosscheck requirements from required
packages:
oslo-policy 3.7.0 depends on oslo.context>=2.22.0
increase oslo-service version to be able to use eventlet 0.26.0
oslo-service 1.24.0 depends on eventlet!=0.18.3, !=0.20.1, <0.21.0 and >=0.18.2
increase oslo-log version to fix error:
AttributeError: type object 'deprecated' has no attribute 'WALLABY'
oslo-log 4.3.0 depends on oslo.serialization>=2.25.0
oslo-log 4.3.0 depends on pbr>=3.1.1
oslo-log 4.3.0 depends on oslo.i18n>=3.20.0
Change-Id: I20a5a20b94ffd27ea34f23ac89ca2826eb548b1a
This fix the below warning for DeprecatedRule:
Since 3.7.0, oslo policy started the DeprecationWarning[1] if
deprecated_reason and deprecated_since param are not passed
in DeprecatedRule or they are passed in RuleDefault object.
Andf suppress the policy deprecation and default change warnings
Oslo policy log warnings if defaults for policies are changed.
With new RBAC change every policy rules' default is changed,
which end up lot of warnings in logs. We can suppress these for now
until we are enforcing new defaults.
- https://zuul.opendev.org/t/openstack/build/5cefaef6d02a4b7abe3c449491b81e68/log/job-output.txt#879
[1] https://github.com/openstack/oslo.policy/blob/3.7.0/oslo_policy/policy.py#L1538
Change-Id: If481a5afc3b23d1d196ffd7576d0784a9702da59
Adds the ironic-inspector-status command as well with the
requried upgrade check.
Mostly based upon https://review.opendev.org/#/c/763262/
which is based upon https://review.opendev.org/#/c/748059/
Note: Also had to update the version of eventlet because
existing minimum requirement was seemingly incompatible with
prior versions and would prevent lower constraints testing
to proceed due to issues with ``os`` being patched by eventlet.
Change-Id: I1f479f834f1d79e9eeb591c58a52b6ab80c24534
Also fixing user creation with GRANT in MySQL 8.0(Ubuntu Focal)
Ubuntu Focal (20.04) has mysql 8.0 and with mysql 8.0 there
is no implicit user creation with GRANT. We need to
create the user first before using GRANT command.
Change-Id: I4c0469628e82e86b4023a9b011d09f20f9b66aac
Identify acclerator devices by processing pci devices and update to
ironic node when found. Currently only Tesla T4 from NVIDIA is
supported.
Change-Id: Id702cb04cb2445d544965821680cd0cc5cfd37e5
Story: 2007971
Task: 40473
We are replacing all usages of the 'retrying' package with
'tenacity' as the author of retrying is not actively maintaining
the project. Tenacity is a fork of retrying, but has improved the
interface and extensibility (see [1] for more details). Our end
goal here is removing the retrying package from our requirements.
[1] https://github.com/jd/tenacity
Change-Id: I660192549918b9cd9738810cbfaf3dc4456f97fa
Story: #1635390
Task: #40647
When sending a literal empty response, Flask does not include a
ContentType in the response. While in many cases, we don't need
need a ContentType nor expect one on the API client, Apache
webserver can treat this as an error and generate an Error
indicating a Bad Gateway. When doing this, we also now include
an empty JSON body in the response for 202 messages. For 204
message errors, the message body is expected to be empty.
However, when this Bad Gateway error occurs, the API/Conductor
were proceeding like there was no issue. The API client on the
other hand thinks that a hard failure has occured.
Also adds some additional catches to provide additional logging
which turned out not to be needed in this case, but it would be
useful for others.
Change-Id: If2e7697e3fde58ab0a4193787e29d3acdca81ebf
This change documents configuring inspector for client-side
authentication with a standalone Ironic API service.
Since this documention refers to a keystone auth feature which is
about to be released, requirements and lower-constraints are updated
to reflect the required release (see https://review.opendev.org/737365 ).
Change-Id: I567fc8c7f2147339856563ad880334791f93d99b
When the config option ``auth_strategy`` is set to ``http_basic`` then
non-public API calls require a valid HTTP Basic authentication header to be
set. The config option ``http_basic_auth_user_file`` defaults to
``/etc/ironic-inspector/htpasswd`` and points to a file which supports the
Apache htpasswd syntax[1]. This file is read for every request, so no
service restart is required when changes are made.
The only password digest supported is bcrypt, and the ``bcrypt``
python library is used for password checks since it supports ``$2y$``
prefixed bcrypt passwords as generated by the Apache htpasswd utility.
To try basic authentication, the following can be done:
* Set ``/etc/ironic-inspector/inspector.conf`` ``DEFAULT`` ``auth_strategy``
to ``http_basic``
* Populate the htpasswd file with entries, for example:
``htpasswd -nbB myName myPassword >> /etc/ironic-inspector/htpasswd``
* Make basic authenticated HTTP requests, for example:
``curl --user myName:myPassword http://localhost:6385/v1/introspection``
[1] https://httpd.apache.org/docs/current/misc/password_encryptions.html
Change-Id: If50dfbfc18445ad9fe27e17cb0ee1b317ff25a0b
Depends-On: https://review.opendev.org/729070
Story: 2007656
Task: 39826
This patches removes the ironic-client dependency from the
ironic module in favor of openstacksdk.
Increase minimum required version of openstacksdk to use
recent added features.
Change-Id: I31964179835ad454e8205a59f483b419de4fb62d
Latest version of Werkzeug (1.0.0 at the moment) broke
compatibility with older Flask, actually causing issues when
running lower-constraints tests, since Flask will install
highest version of Werkzueg after 0.7.
With this patch we require Flask to be at least version 1.0
to re-establish compatibility.
See failed test https://review.opendev.org/706701 or run
lower-constraints test locally for confirmation.
Change-Id: Id05b4a205379fdf1b26cb239757bd370f3fe88e3
Since we've dropped support for Python 2.7, it's time to look at
the bright future that Python 3.x will bring and stop forcing
compatibility with older versions.
This patch removes the six library from requirements, not
looking back.
Change-Id: Ic443c7e4d5a5a849c4dc220207f8957e4c90bf53
Also increasing lower version of keystoneauth1 to a recommended
version for openstacksdk >= 0.30.0
Change-Id: Ifb9bbb8d091f28a8d65444caaeba301e2f707a14
oslo.db was not compatible with Python 3.7 until version 4.40.0
because Python 3.7 makes "async" a keyword [1].
To prevent bad surprises, this patch increases the minumum version
required for oslo.db to 4.40.0.
[1] https://review.opendev.org/574833
Change-Id: I6b915a0b0f78690defa962be96c8ae9d35d69345
Fix testenv which only installs test-requirement, also updated
upper constraint url.
mock minimum version is bumped to 3.0.0,
keystonemiddleware minimum version is bumped to 4.18.0.
Change-Id: I162bcf372598c2268c9c5e30947e49eedb0147e3
This change replaces the swiftclient dependency with openstacksdk.
The ultimate goal is to use only openstacksdk for all cross-service
interactions.
The configuration option max_retires has been broken for several
releases since commit 7e8cdc0d0f,
this change deprecates it.
Change-Id: I635519f88e90f4267ff7a9cb063a697ff39e4710
Following recent changes to global requirements [1], we need
to update sphinx requirements locally.
Also uncapping jsonschema following this [2] change.
[1] If558f184c959e4b63b56dec3ca1571d1034cfe5c
[2] I328cbd8216ec4591e08414dafc9ea099391efd86
Change-Id: If628a93b95cf73cb5af19b847758e9e50c5bf7a8
This change adds an option to publish the endpoint via mDNS on start
up and clean it up on tear down.
Story: #2005393
Task: #30384
Change-Id: Ia9407cb065979aac6761d3e4122d3884e45b559d
This patch is part of inspector HA work, which wraps inspector api into
oslo service.
oslo.service has also provided support to signal processing like SIGHUP or
SIGTERM, so these code were removed in this patch.
Deprecated current SSL cert/key options used by ironic-inspector, code
manually creates ssl context were removed. These options will be fed
from [ssl] section.
Change-Id: Ia5e16fcb9104556d62c90f5507f17b41f73a5208
Story: #2001842
Task: #12609
As Flask version was updated we need to update our own requirements.txt
to avoid reqirements-check job to fail on every patch that changes
anything related to requirements.
Change-Id: I22f471534eded46a8deecccdb07db71d0705226b
Signed-off-by: Chuck Short <chucks@redhat.com>
Adds oslo.messaging to ironic-inspector, and convert
inspect, abort and reapply to synchronized rpc calls.
This is the first step of API and worker seperation.
Change-Id: I15e86d7feb623b6b2889891b9700e5de6b3164cd
Story: #2001842
Task: # 12609
Fix the lower constraints settings to match the expected values.
We will manage the eventlet version using constraints now. See the
thread starting at
http://lists.openstack.org/pipermail/openstack-dev/2018-April/129096.html
for more details.
Change-Id: Ic44a750002943920c2f517f22df670989460dbc9
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
These calls are subject to transient network problems, we should
not abort ironic-inspector process in this case. Also due to
bug 1748893 the port listing API can sometimes return HTTP 400.
This change retries port listing 5 times with 1 second break
before aborting the periodic task and thus the process.
This change introduces a dependency on the retrying library,
which is already widely used in OpenStack (including ironic).
Change-Id: I92fd70ca5692ce9f6798eedf9e540d5aa7c6f1af
Closes-Bug: #1748893