38 Commits

Author SHA1 Message Date
Julia Kreger
6af3cb9eb2 nova ironic-hypevisor - support scoped auth config
The Secure RBAC effort has updated Ironic such that it
can support a mode where it is scope enforcing for all
interactions with the API. Due to the design, and operating
nature of Ironic's API, services speaking with it must
authenticate with a system scope to have a full picture
of the universe.

In this case, we need to update the nova configuration
accordingly such that the compute service understands
how to talk to ironic so that it can see the nodes under
management.

Ironic will likely update this again at a later point in
time to enable a "hybrid" mixed-mode as the operating model
and related permissions *should* allow nova to use a project
scoped "owner" account with Ironic, in order to access
and command nodes to deploy. But at this time, we're
focusing on the exclusive operating mode.

Change-Id: I1946725ce08c495178c419eaf38829f921c91bbe
Needed-By: https://review.opendev.org/c/openstack/ironic/+/778957
2021-06-15 11:32:45 -07:00
Jens Harbott
32c00890ed Prepare for dropping keystone admin endpoint
Keystone no longer has any special functionality hidden behind the admin
endpoint. Stop referencing it in consumers, so it can later be dropped
completely.

Change-Id: I04a5d77908005268cc7c59e7e9ddeea70f6732e2
2020-06-26 15:26:22 +02:00
Riccardo Pittau
e726ecb537 Remove sgabios.bin workaround
The bug has been fixed since a while, also in recent distributions,
for example Ubuntu 20.04, the sgabios.bin ROM is provided directly
by qemu-system-data as an actual file under /usr/share/qemu and
it conflicts with the one provided by sgabios, so removing the
workaround is actually needed to prevent failures.

Change-Id: Ib5f23dbd8839a0927418692054f4ed4abd76babc
2020-05-25 11:50:59 +02:00
Stephen Finucane
248d4bb8d2 Stop configuring '[DEFAULT] firewall_driver' for nova
This option has default to the 'NoopFirewallDriver' for some time and
will soon be removed. Stop configuring it entirely.

Change-Id: I4dbc0015cf26d7edf51d0d5fd978ccd3a1ad1b79
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2020-01-16 09:27:54 +00:00
Eric Fried
e273c0433f Set ksa retry conf options for n-cpu [ironic]
We're trying to get nova to talk to ironic through openstacksdk and need
to be able to specify retry limits/intervals there. We could reuse the
existing conf options, but better to support the standard ones exposed
from keystoneauth1 via [1] and [2].

Note that these will be ignored unless you have keystoneauth1 3.15.0
(for [1]) or 3.16.0 ([1] and [2]) and are building your adapter using
ksa-derived conf options (see the Needed-By).

Needed-By: https://review.opendev.org/642899

[1] https://review.opendev.org/#/c/666287/
[2] https://review.opendev.org/#/c/672930/

Change-Id: I79c416e25d635b0ffa419640b4bd91e36f78b1ab
2019-08-21 08:59:51 +00:00
Vanou Ishii
705e9cb5dc Fix error in configure_nova_hypervisor with hardware Ironic node
Trying to deploy OpenStack environment consisting of ironic nova
hypervisor & hardware Ironic node (not VM Ironic node) with devstack
got failed.

Devstack error says error occurred while calling configure_libvirt
in configure_nova_hypervisor. This happens because libvirt related
packages are not installed when specifying "VIRT_DRIVER=ironic"
and "IRONIC_IS_HARDWARE=True".

To fix this problem, this commit add "if" statement to check
Ironic node is hardware or not using "is_ironic_hardware" function
in "function-common" file.

Change-Id: I1113478175fadec79d0f8bf6ae842ed86e5e686b
Closes-Bug: #1834985
2019-07-05 01:22:09 +00:00
Erik Olof Gunnar Andersson
a13474fd78 Add region_name to ironic compute configuration
We should always pass on a region when talking to
ironic. This will also help detect and test issues
specific to regions.

Change-Id: Iaab3c1bcedc5aaa2106c0758cbb43bade3de2cf5
2019-04-18 21:14:40 -07:00
Matt Riedemann
59e6ff10ce Remove IRONIC_USE_RESOURCE_CLASSES check
Nova has dropped support for non-resource class
baremetal scheduling, so the IRONIC_USE_RESOURCE_CLASSES
flag is no longer useful and has been removed.

Depends-On: https://review.openstack.org/565805/
Change-Id: Ib2e6c96409c98877f6a43b76f176c1420d2d415e
2018-05-02 11:45:09 -04:00
Vasyl Saienko
64039ef300 Increse api_max_retries and api_retry_interval for ironic
There is no way to upgrade ironic before nova because of
grenade design. In multinode job we do not restart nova
as we test partial upgrade of ironic there.
On slow nodes upgrading ironic takes time and nova looses
ironic connectivity

This patch increases api_retry_interval and api_max_retries
to make sure we have a time to upgrade ironic before nova
compute stuck.

Change-Id: I3b1429d6561431a82edda04a0e574cac38771837
2018-01-23 12:07:19 +02:00
Jenkins
401f43d4e1 Merge "Stop using ironic host manager with resource classes" 2017-10-06 03:17:02 +00:00
Vladyslav Drok
b79be36cdb Remove setting some of the scheduler settings
It makes sense to set them only if resource classes are not used.

Change-Id: I76d8501a1d1a20357acadad4cd8f2d6cef3896c1
2017-08-30 19:19:56 +03:00
Sam Betts
def67a47e8 Stop using ironic host manager with resource classes
There should be no needs to use the ironic host manager when using
resource classes.

Change-Id: I9a51ea6582dfef28e4da5f8510742230d88cbaf3
2017-08-30 11:39:16 +01:00
Vasyl Saienko
0525e77d9f Increase host_subset_size for ironic
This patch increase host_subset_size when ironic is used to 999
to minimize race conditions.

Change-Id: I0874fe3b3628cb3e662ee01f24c4599247fdc82d
2017-08-15 22:03:23 +03:00
Sam Betts
801494550a Disable baremetal sched filters when using resource classes
When using resource classes to schedule baremetal nodes the baremetal
filters like ExactRam etc should not be used. This patch disables them
in the nova config if devstack is configured to enable ironic resource
classes.

Change-Id: Ic262ccaf8b541308042d61113a953653d2261964
2017-08-04 12:19:47 +01:00
Sean Dague
c13b8a1f33 try to use unversioned keystone endpoints everywhere
Change-Id: Iad2a3654d8ba181a7ad452d8aba872a8313d4ece
2017-05-01 09:12:20 -04:00
Jim Rollenhagen
983cccb75b Enable baremetal scheduler filters when using ironic
These are recommended for all ironic deploys; turn them on.

Change-Id: Ia3df144e626266ed1774c4cd9863aedb876c409f
2017-03-21 18:37:24 -04:00
Clenimar Filemon
57df186c13 Make Nova/Ironic communication use Identity v3
As long as nova already supports an Identity v3 auth flow when talking
to ironic (Id837d26bb21c158de0504627e488c0692aef1e24), make it use
v3 by default.

This way we don't fail in a keystone v3-only situation, for
example.

Change-Id: I028dfb52108d0630f47a53f8b420b70d4979eb55
2016-10-04 16:27:02 +00:00
Jenkins
ab7e062f5d Merge "Revert "Update auth params in Nova Hypervisor-Ironic"" 2016-05-09 16:44:31 +00:00
Dmitry Tantsur
3b79e5f9f7 Revert "Update auth params in Nova Hypervisor-Ironic"
This seems to break Ironic gate with n-cpu not starting
any more.

This reverts commit c527ded91bef5d4c56cbdb2402a4d68015364b37.

Change-Id: Idfb01448e8ecf53fbd2e1df61c8f08f3107981ac
Closes-Bug: #1579683
2016-05-09 09:36:04 +00:00
Jenkins
251b870e85 Merge "Update auth params in Nova Hypervisor-Ironic" 2016-05-06 20:50:07 +00:00
vsaienko
e3a04dd857 Fix ironic compute_driver name
This commit fixes breaking change [0].
Long driver names like 'nova.virt.libvirt.libvirtDriver' are
no longer available and 'libvirt.libvirtDriver' should be used
instead.

Reference:
[0] https://review.openstack.org/309504

Change-Id: I27a1b75b921c7401bc8614caadfd1e09e7dd5d65
Closes-Bug: 1574990
2016-04-26 10:26:30 +03:00
Clenimar Filemon
c527ded91b Update auth params in Nova Hypervisor-Ironic
As Nova hypervisor uses deprecated parameters when trying to
authenticate to Ironic, as well as a hardcoded /v2.0 endpoint, a fatal
error occurs when creating a keystone v3-only devstack.

This patch updates auth parameters (ironic section in nova.conf) that Nova
uses when trying to connect to Ironic to v3 parameters.

Change-Id: I2d7ebf750115613aa917448f20daaece614633ef
2016-04-20 13:59:42 -03:00
Yingxin
b298e57c9f Change scheduler configurations to use entrypoints
Full class path style configuration of options scheduler_host_manager
and scheduler_driver are deprecated because of dependent changes. This
commit changes the related configurations to use entrypoints in setting
up nova scheduler in devstack.

Related to blueprint scheduler-driver-use-stevedore
Depends-On: I8c169e12d9bfacdbdb1dadf68b8a1fa98c5ea5bc
Depends-On: I3fd42ead44487a21eb5cfaf5a91209277ce30ad0

Change-Id: Iad96c270073b63719237cf9a9aa1c2dc4daa213a
2016-01-29 05:11:27 +00:00
Ian Wienand
523f488036 Namespace XTRACE commands
I noticed this when debugging some grenade issues failures.

An include of grenade/functions stores the current value of XTRACE
(on) and disables xtrace for the rest of the import.

We then include devstack's "functions" library, which now overwrites
the stored value of XTRACE the current state; i.e. disabled.

When it finishes it restores the prior state (disabled), and then
grenade restores the same value of XTRACE (disabled).

The result is that xtrace is incorrectly disabled until the next time
it just happens to be turned on.

The solution is to name-space the store of the current-value of xtrace
so when we finish sourcing a file, we always restore the tracing value
to what it was when we entered.

Some files had already discovered this.  In general there is
inconsistency around the setting of the variable, and a lot of obvious
copy-paste.  This brings consistency across all files by using
_XTRACE_* prefixes for the sotre/restore of tracing values.

Change-Id: Iba7739eada5711d9c269cb4127fa712e9f961695
2015-11-27 15:36:04 +11:00
Adam Gandelman
de77c471f3 Make ironic's service check flexible
We currently assume we are deploying ironic with the rest of
a cloud and assert that glance/neutron/nova are enabled. This
makes it a bit more flexible and allows deploying with only
the minimum required services if desired, and asserts the others
are enabled when we intend on testing nova+ironic integration.

This is required for in-tree python-ironicclient functional tests,
which we aim to run against a minimal devstack deployment.

Change-Id: I99001d151161fa225b97c3ba6b167a61aa9b59fe
2015-03-11 17:17:49 -07:00
Zhongyue Luo
37026f5366 Avoid VM configuration with Ironic hardware mode.
If "IRONIC_HARDWARE" is True, VMs are not required when using Ironic.

Change-Id: I33ba294f1e2ea583cd4c24c392637a4ee60a39ab
2015-01-16 08:36:08 +08:00
Sean Dague
e263c82e48 add shebang lines to all lib files
With gerrit 2.8, and the new change screen, this will trigger syntax
highlighting in gerrit. Thus making reviewing code a lot nicer.

Change-Id: Id238748417ffab53e02d59413dba66f61e724383
2014-12-10 11:28:05 -05:00
Adam Gandelman
9eb8177eb7 Move sgabios setup to hypervisor-ironic
This moves setup of sgabios ROM to the ironic hypervisor library.
This is failing to backport to juno because of an error in the sideways ironic
grenade. install_ironic() is expected to setup only python things and happens
earlier than initial package installation.

Fixes-bug: #1396352
Change-Id: I75f0052045143571619e6712d57014228abf7a20
2014-11-25 22:22:36 +00:00
Adam Gandelman
4b45fca7bb Do not hardcode ironic svc port, protocol
The Ironic API server's port and protocol are hardcoded in various
places.  This updates the ironic bits to use configured values instead
and fixes a bug around iptables rule creationl.

Change-Id: I1ace68affff3afdbc0058be4d32f8044a24e9338
Closes-bug: #1393498
2014-11-18 11:57:20 -08:00
Devananda van der Veen
d0023fd7dd Switch config to use Ironic driver from Nova's tree
Change the Nova config to use the IronicDriver from the Nova tree,
so that the copy of this driver in Ironic's tree may be deleted.

Also removes the unneeded [ironic] "sql_connection" config parameter
which was cruft copied from the nova_bm configuration in commit
06fb29c66124b6c753fdd262eb262043b4551298

Change-Id: I35473b54d760bfa7395decbe6b086f64db60ab10
2014-09-08 11:27:16 -07:00
Adam Gandelman
6d27148eb6 Cleanup lib/ironic
This moves around a bunch of functionality and attempts to isolate setup
steps into discrete functions (new or existing), making them easier to
consume from outside of Devstack (ie, Grenade).

Change-Id: I480167dcc008506ec2fe8c412db4114b74496e60
2014-08-06 16:48:35 -07:00
Jamie Lennox
3561d7f9ed Use identity_uri instead of auth fragments
auth_token middleware now accepts a standard URL string as the parameter
identity_uri instead of specifying protocol etc individually. Change the
services over to use this.

Also changes over some other places in which the auth fragments are used
individually to the new variables and fixes up some misconfigurations of
auth_token.

identity_uri option was release in keystoneclient 0.8.0

Change-Id: Iac13bc3d08c524a6a0f39cdfbc1009e2f5c45c2a
2014-06-16 15:16:48 +10:00
Adam Gandelman
1bb9ef63c5 Update compute driver name for Ironic
Commit 08448e3a mistakenly updated the location of the Ironic compute
driver to be loaded from within the Nova tree.  However, no such module
exists as the compute and scheduler drivers both live in the Ironic tree.
This reverts that and adds a note explaining the setting.

Change-Id: I7f32f77bd7e5fd1f6b41014ac71bbf6e1a7d84cf
2014-03-31 11:41:54 -07:00
Jenkins
64ccbea8cf Merge "Ironic api-endpoint uses port 6385" 2014-03-28 13:44:50 +00:00
Ruby Loo
1117479908 Ironic api-endpoint uses port 6385
The Ironic api_endpoint value in nova.conf (ironic section) is incorrectly
set to port 6358. This sets it to the correct port: 6385.

Change-Id: Ic591588e3480cc25c6e276f11103b7b0007d642a
Closes-Bug: #1297939
2014-03-26 17:19:36 +00:00
Davide Guerri
08448e3a0c Fix wrong compute driver name for Ironic
Change-Id: Ia29e019065476f9884ab3fce4e26fe66700fb02d
2014-03-21 18:19:38 +00:00
Adam Gandelman
ea861741d8 Reuse existing libvirt setup functions for Ironic
When deploying Ironic, make use of the existing libvirt installation
and configuration used by the Nova libvirt driver. Ensures a functional
libvirt setup across distributions.

Change-Id: I904ae2bdd4e8299827270c351eb60b833f90ae75
2014-03-17 16:27:00 -07:00
Alexander Gordeev
06fb29c661 Integration testing preparation for Ironic
Add ability to create/register qemu vms for Ironic testing purposes

Implements bp:deprecate-baremetal-driver

Change-Id: If452438fcc0ff562531b33a36cd189b235654b48
2014-03-14 13:44:00 -07:00