This is a MVP of auto-discovery with no extra customization and no new
auto_discovered field from the spec.
Change-Id: I1528096aa08da6af4ac3c45b71d00e86947ed556
Adds inspection hooks in the agent inspect interface for processing
data received from the ramdisk at the /v1/continue_inspection
endpoint. The four default configuration hooks 'ramdisk-error',
'validate-interfaces', 'ports' and 'architecture' are added.
(The remaining inspection hooks will be added in further patches.)
Change-Id: I2cf1be465ba7a93fd66881b14972e960acd4dd4e
Story: #2010275
A huge list of initial work for service steps
* Adds service_step verb
* Adds service_step db/object/API field on the node object for the
status.
* Increments the API version to 1.87 for both changes.
* Increments the RPC API version to 1.57.
* Adds initial testing to facilitate ensurance that supplied steps
are passed through and executed upon.
Does not:
* Have tests for starting the agent ramdisk, although this is
relatively boiler plate.
* Have a collection of pre-decorated steps available for immediate
consumption.
Change-Id: I5b9dd928f24dff7877a4ab8dc7b743058cace994
FirmwareInterface base
New Config options [default]
- enabled_firmware_interfaces
- default_firmware_interface
New FirmwareInterface base with update method
Implementations of FirmwareInterface
- FakeFirmware (fake)
- NoFirmware (no-firmware)
New entrypoint ironic.hardware.interfaces.firmware
* fake and no-firmware
Api Controllers
- Updated: driver/node/utils/versions
- Created: firmware
Unit tests
api-ref for Node Firmware
Fake and Noop implementation for FirmwareInterface
Change-Id: Ib3b9cb22099819f97d5eab1e3f1b670cb91cbb25
Adds the parent node support and tests in one change
including all DB/Model/API changes along with RBAC and
basic API tests.
* Updates the API version to 1.83
* Adds parent_node and related index to the nodes table.
* Adds new API parameters to list by parent node relationship.
Depends-On: https://review.opendev.org/c/openstack/ironic/+/883967
Change-Id: I8d64fee7105718199986db4994e13352d639f04f
Unused by Nova and unlike memory_mb/local_gb also by Ironic (actually,
our usage of local_gb is worth double-checking as well, but at the very
least it's referenced by inspection implementations).
Change-Id: Ie8b0d9f58f4dcd102c183c30ae7f5acf68a5e4c3
Using kernel/ramdisk makes no sense with local boot, we need a better
way. We already have an internal image_type instance parameter, let's
make it public.
Glance support will be added in the next patch.
Change-Id: I4ce5f7a2317d952f976194d2022328f4afbb0258
Making updates to driver_internal_info can result in hard to read code
due the requirement to assign the whole driver_internal_info back to
the node to trigger the expected update operation. This change
replaces driver_internal_info update operations with a new
methods:
- set_driver_internal_info
- del_driver_internal_info
- timestamp_driver_internal_info
This change defines the functions and moves core conductor logic to
use them. Subsequent changes in this series will move drivers to use
the new functions.
Change-Id: Ib8917c3c674e77cd3aba6a1e73c65162e3ee1141
A node's interface can be temporarily overriden in instance_info.
However, some parts of the Ironic code still used a node's interface
attribute directly. This change adds a node get_interface method
and updates various parts of the Ironic code to use it.
Change-Id: Ifdaa21383f71b501bccb6cf8fe80e5b34661b6ae
* add fields to Node object
* expose them at endpoint `/v1/nodes/{node_ident}/states`
* update states on powersync / entering managed state.
* tests
* update api endpoint info in api-ref
Story: 2008567
Task: 41709
Change-Id: Iddd1421a6fa37d69da56658a2fefa5bc8cfd15e4
This change modifies the nodes _get_nodes_collection method to
consider and pass in an explicit lisst of requested fields into
the node list method, while also including the required fields
for things like ownership/policy checking.
And slightly modifies node_convert_with_links method to simplify
it while enabling field validity to be checked, and specific
requisite field lists provided in based upon that value.
And also optionally builds the traits list as they are nolonger
*always* populated on all objects with fully populated objects
as only partially hydrated objects are provided back when specific
fields are requested.
Story: 2008885
Task: 42572
Change-Id: Ided419263d84184cab902944b6c518f98618c9d2
Prior to this change, ironic would not pass the API consumer request
for a list of nodes down to the underlying layers with the list of
specific fields being requested.
This resulted in full objects being returned from the database where
in essence the entire database would be downloaded to construct the
objects, and in the case of joined views, whole roles would largely
be duplicated.
In order to be more efficent, we need to hand the user desired
fields down to the database, in order to return only that data,
and thus transform it.
In this case, we already have testing that handles the conversion
of objects at the lower layer, and in this case, the db object
conversion handler already understood fields, so we're just kind
of completing the awareness further downward for increased efficency.
This change only sets the stage, the final change to this is aligned
with API change to leverage this as the API is coded such that the
field does not include all of the required fields needed by the API
to render replies, which is fixed in the API patch to leverage this
with the API.
Story: 2008885
Task: 42495
Change-Id: I6283c4cc1b1ff608c4be24a6c41eb7b430a5ad68
A node object has many fields, and a huge opportunity
for performance improvement is to reduce the amount of work
performed at the lower layers when it is not necessary.
In particular, the easiest case to identify and handle is
when a list of fields to be fulfilled is explicitly supplied.
This is particularlly noteworthy when we collecting a list of
nodes for synconization with Nova, where only 9 columns are
really needed to supply Nova with the information required,
and thus numerous fields are discarded.
This is all particularlly compounded when traits are used,
which presently uses a joined load pattern from SQL.
With this patch, we explicitly load and convert only the fields
requested at the lowest level, and then perform a different style
of loading node traits which requires less overhead by SQLAlchemy
to de-duplicate the returned result set to the application.
This turns out to be far more efficent as we're reducing the amount
of data/object conversion work by 360%, even before we consider
populating traits, which is performed as a separate query when
traits are requested.
Story: 2008885
Task: 42434
Change-Id: Iac703d2a9b7b240a47477be8a64c7c33e28f692f
When the configdrive input is JSON (meta_data, etc), delay the rendering
until the ISO image is actually used. It has two benefits:
1) Avoid storing a large ISO image in instance_info,
2) Allow deploy steps to access the original user's input.
Fix configdrive masking to correctly mask dicts.
Story: #2008875
Task: #42419
Change-Id: I86d30bbb505b8c794bfa6412606f4516f8885aa9
The agent needs to use configdrive, and we do send it over the same
channel when running write_image. There is no point in preventing custom
deploy steps from accessing it.
Change-Id: I93d3966b2c6af1f60bfbb39b3a07056308c6866c
Adds the node's driver_internal_info to the
baremetal.node.provision_set.* notifications. The
driver_internal_info includes useful information
such as deploy and clean steps.
Change-Id: I98784f72e6f93cbc602753ef2da0dbef5ad2c9cf
Story: #2008054
It brings more harm than good, e.g. it breaks fast-track. Since
driver-specific fields are name-spaced, there should be no much
harm in keeping them around.
Change-Id: I397d23af64dfd56074cb563eedbe2d1ef8efff53
A new dictionary field `network_data` is added to the node object.
This new field can be populated by the operator with node static
network configuration.
Ironic API now performs formal JSON document validation of node
`network_data` field content against user-supplied JSON schema at
driver validation step.
As of this commit, the new `network_data` field is not actually
used by ironic, otherwise it should be perfectly functional. In
the following commits, network static configuration will be taken
from this field and handed over to ironic ramdisk bootstrapping
utilities.
Change-Id: I868b3b56a17f59e5aa1494b2e0ebc9c4e34ef173
Story: 2006691
Task: 36991
This change adds a `lessee` field to nodes, and exposes it
to policy. It also updates the non-admin node list API
to match for both owner and lessee; and updates the
allocation conductor to match owner allocations with nodes
with the appropriate lessee.
Change-Id: Ib31b49c7143ec8fd6cb486fc24038215b197c418
Story: 2006506
Task: 37930
Fixes W504 and E117, resulting in some indentation changes.
Also fixes code that exceeds the complexity requirement, that is bumped
to 20 (mostly to avoid refactoring the agent heartbeat call, resulting
in conflicts for the deploy steps work).
Change-Id: I8e49f2c039b0ddfca9138f8e148708b7e8b5df7e
In order to improve security of the lookup/heartbeat
endpoints, we need to generate and provide temporary tokens
to the initial callers, if supported, to facilitate the
verification of commands.
This is the first patch in an entire series which utimately
enables the endpoint communication to be better secured.
The idea behind this started in private story 2006634 which
is locked as a security related filing covering multiple
aspects of ironic/ironic-python-agent interaction centered
around miss-use and generally exposed endpoints. That story
will remain marked as a private bug because it has several
different items covered, some of which did not prove to be
actually exploitable, but spawned stories 2006777, 2006773,
2007025, and is ultimately similar to Story 1526748.
Operationally this is a minimally invasive security
enhancement to lay the foundation to harden interactions
with the agent. This will take place over a series of
patches to both Ironic and the Ironic-Python-Agent.
Also see "Security of /heartbeat and /lookup endpoints"
in http://lists.openstack.org/pipermail/openstack-discuss/2019-November/010789.html
Story: 2007025
Task: 37818
Change-Id: I0118007cac3d6548e9d41c5e615a819150b6ef1a
This change adds support for node retirement: nodes can
have additional properties 'retired' and 'retired_reason'
which change the way the nodes (can) traverse the FSM
and which operations are allowed. In particular:
- retired nodes cannot move from manageable to available;
- upon instance deletion, retired nodes move to manageable
(rather than available).
Story: #2005425
Task: #38142
Change-Id: I8113a44c28f62bf83f8e213aeb6704f96055d52b
Since we've dropped support for Python 2.7, it's time to look at
the bright future that Python 3.x will bring and stop forcing
compatibility with older versions.
This patch removes the six library from requirements, not
looking back.
Change-Id: Ib546f16965475c32b2f8caabd560e2c7d382ac5a
Pushing too long messages in the node last_error and maintenance reason can
cause node.save() failures, leaving the node in a transient state, with no
conductor actually handling it anymore.
Change-Id: Id4db377781f83cf4d97564ced9622d5a8a8c67af
Story: #2005377
Task: #30359
This patch implements the feature of storing informational free-form text
into ironic node, via the "description" field.
Operators can do simple queries on the context of description.
Change-Id: I787fb0df34566aff30dea4c4a3ba0e1ec820d044
Story: 2003089
Task: 23178
The automated clean patch [1] introduced a common pattern for version
conversion, this patch removes the custom fault field conversion to
reuse the common handler.
[1] https://review.openstack.org/#/c/585991/12/ironic/objects/node.py
Change-Id: Id5997b32a442aeea8162fc0ef5894a87ac24443d
This change adds the database models and API, as well as RPC objects
for the allocation API. Also the node database API is extended with
query by power state and list of UUIDs.
There is one discrepancy from the initially approved spec: since we
do not have to separately update traits in an allocation, the planned
allocation_traits table was replaced by a simple field.
Change-Id: I6af132e2bfa6e4f7b93bd20f22a668790a22a30e
Story: #2004341
Task: #28367
Adds "owner" field on the node object and exposes it for updates
via the API.
Additionally, fixed a couple minor items related to the prior
where we missed updating version numbers in rebases.
Change-Id: Iaaf3db97d21de9b11236cf2d18ffcc3f73f6e50c
Story: #2001814
Task: #12550
When handling the "pet" case, some nodes may be critical for the deployment.
For example, in an OpenStack installer like TripleO you may want to make
sure your controllers are not removed by an incorrect operation.
This changes introduces a new field "protected" on nodes. When it is
set to True, the "deleted" and "rebuild" provisioning actions fail with
HTTP 403. Deleting such nodes is also not possible.
Also adds "protected_reason" for the operators to specify the reason
a node is protected.
Story: #2003869
Task: #26706
Change-Id: I1950bf6dd65b6596cae69d431ef288e578a89d6e
Create the object for automated clean and add the logic
in the conductor to be able to enable clean for specific
nodes, when general automated clean is disabled.
Story: #2002161
Task: #24579
Change-Id: If0130082e16d1205fdf65d083854ef9849754f8b
Adds the fields and bumps the objects versions. Excludes the field from
the node API for now.
Also adds the conductor_group config option, and populates the field in
the conductors table.
Also fixes a fundamentally broken test in ironic.tests.unit.db.test_api.
Change-Id: Ice2f90f7739b2927712ed45c969865136a216bd6
Story: 2001795
Task: 22640
Task: 22642
Adds a 'deploy_step' field to the nodes API.
Co-Authored-By: Ruby Loo <rloo@oath.com>
Change-Id: I1baeeaaa6ed521e4189958fd7624cd6c5de96707
Story: #1753128
Task: #22592
Adds a 'deploy_step' field to the Node object.
Co-Authored-By: Ruby Loo <rloo@oath.com>
Change-Id: I3393cc0f6506fe0a8dd655b3e2b9c48fcc921808
Story: #1753128
Task: #22592
This patch also increments the object versions for all
objects that inherit the NodePayload object.
Change-Id: I9d986b5a40b185abd6fc694dc26395e8b5da7b72
This patch exposes fault field for related notification objects.
Story: #1596107
Task: #10469
Change-Id: Iee50985846fbe8e529613d69645c283d4fe1e380
Partial-Bug: #1596107
This adds a fault field to the node table of database, and necessary rpc
object change and version bumping.
Story: #1596107
Task: #10469
Change-Id: I5539aa0406dbfbde25bc9aa91d5c1e615875e50e
* Adds 'bios' interface to 'BaseDriver'
* Adds BIOSInterface driver class
* Adds fake & no-bios drivers and entries
* Implements it for 'fake-hardare' hardware type
* Adds configuration parameters:
+ [DEFAULT]/enabled_bios_interfaces
+ [DEFAULT]/default_bios_interface
* Adds 'bios_interface' field to Node object
* Handle 'bios_interface' field in _convert_to_version
* Adds bios in CLEANING_INTERFACE_PRIORITY
Drivers can implement this interface to do BIOS
configuration.
Co-Authored-By: Yolanda Robla Mota <yroblamo@redhat.com>
Co-Authored-By: Luong Anh Tuan <tuanla@vn.fujitsu.com>
Change-Id: I7e57130242b6cab21b54e35dc3c0b7819bdc43c0
Story: #1712032
Currently the driver_info is passed as is to the ramdisk when calling
get_clean_steps or execute_clean_step. This may lead to their exposure,
as ironic<->ramdisk communication is currently not secure.
This change applies the same logic we use in the API to filter
the fields.
Change-Id: I4fd44786fea6c7092d2b0029cea6d680d31babde
Closes-Bug: #1744836
a piece of code in node object was relying on result of 'assert'
to block negative values of properties.
When running Python in optimized mode (-OO) this assert will be
swallowed and negative values may slip through.
Replace this line with proper if-block.
Change-Id: Iec1edc55219cfd6c54afa52c1ecd0cf76340bddf
Adds a traits field to node notifications, and triggers notifications
when node traits are added or removed. Node traits are emitted in
notifications as a list of trait name strings.
Bumps the following notification payload versions:
NodePayload: 1.6
NodeSetPowerStatePayload: 1.6
NodeCorrectedPowerStatePayload: 1.6
NodeSetProvisionStatePayload: 1.6
NodeCRUDPayload: 1.4
Change-Id: I4e0333173250a641b317d466e52742cf7728ed90
Partial-Bug: #1722194
Adds a new traits object to expose traits DB operations to the API. It
also adds a new traits field into the node object, with the appropriate
version compatibility logic.
get_node_by_port_addresses is modified to ensure we correctly join in
the tags and traits in that DB call, this avoids a orphaned db object
lazy load style failure.
_set_from_db_object in the base object is modified such that the new
traits object doesn't have to include the dictionary style compatibility
mix-in.
Change-Id: I69403b9875a020fab7a7975810b57bf646417953
Partial-Bug: #1722194
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
This commit adds `rescue` interface to `BaseDriver` and implements
it for `fake-hardware` hardware type. It adds configuration
parameters '[DEFAULT]/enabled_rescue_interfaces' and
'[DEFAULT]/default_rescue_interface'. The default value of
configuration parameter '[DEFAULT]/enabled_rescue_interfaces' is
`no-rescue`.
It adds new rescue states and a new 'rescue' field to the Node
object. It adds objects.node.Node._convert_to_version().
The method handles converting the new rescue_interface field
between different versions of the Node.
Partial-bug: #1526449
Co-Authored-By: Jay Faulkner <jay@jvf.cc>
Co-Authored-By: Josh Gachnang <josh@pcsforeducation.com>
Co-Authored-By: Jesse J. Cook <jesse.j.cook@member.fsf.org>
Co-Authored-By: Mario Villaplana <mario.villaplana@gmail.com>
Co-Authored-By: Aparna <aparnavtce@gmail.com>
Co-Authored-By: Shivanand Tendulker <stendulker@gmail.com>
Change-Id: I1534247bf207a20a7a58534988192aef392eaff2
Dmitry Tantsur