510 Commits

Author SHA1 Message Date
Zuul
c72997d8d0 Merge "Always fall back to sysrq when power off fails" 2021-04-14 12:13:37 +00:00
Dmitry Tantsur
b395181b1b Always fall back to sysrq when power off fails
The line we're looking for is not there when IPA is in a container, at least
for CentOS based containers. Just fall back to sysrq on errors.

Change-Id: Ie4ee605ad9c6cda58808512a563247175859c71e
2021-04-13 19:05:04 +02:00
Zuul
5bac375f73 Merge "Capture the early logging" 2021-04-08 12:22:32 +00:00
Dmitry Tantsur
1ab405b509 Do not fail network interface collection on unsupported interface
Currently if one interface cannot be handled (e.g. it has empty MAC),
the whole collection fails. Ignore unsupported interfaces instead.

Change-Id: Ibdaad62b39c239d4f3fb3111c2fae9e31e877b28
2021-04-07 17:16:27 +02:00
Julia Kreger
df418984f0 Capture the early logging
_early_log prints to stdout, which is fine in some cases,
however in other cases it gets lost in the shuffle of process
launch by things like systemd.

Lets try to save everything, and re-log it so it is easy to
debug early issues.

Change-Id: I334a9073d17cccec4c669fae82edc3e388debc5c
2021-04-01 11:16:20 -07:00
f6ab33066b Update master for stable/wallaby
Add file to the reno documentation build to show release notes for
stable/wallaby.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/wallaby.

Sem-Ver: feature
Change-Id: Ibbcd82ef613d07f57623d5d22335f017ecd23edb
2021-03-31 16:53:48 +00:00
Zuul
49d123dd6e Merge "Validate vmedia for vmedia usage" 2021-03-29 23:38:10 +00:00
Julia Kreger
8dd6589e66 Validate vmedia for vmedia usage
Virtual media devices based logic needs to be
guarded from being used or considered based upon
if the machine actually booted from virtual media,
or not.

At the same time, actual devices need to be checked
in order to make sure they align with what we expect
in order to prevent consideration of content which
should not be leveraged.

Change-Id: If2d5c6f4815c9e42798a2d96d59015e1b1dbd457
Story: 2008749
Task: 42108
2021-03-29 13:22:43 -07:00
Jay Faulkner
de726d4acf Do not permit IPA standalone to be enabled by conf
IPA standalone mode is a developer-only option, and if enabled
accidentally on a production agent could cause undesired behavior.

Developers who need this behavior should build a purpose-built agent,
with standalone hardcoded to True in cmd/agent.py.

Change-Id: Icc67dbe15acbbf6fee886f274d2169a0769a5053
2021-03-25 12:45:28 +01:00
Steve Baker
e61336602f Fix root UUID for streamed partition images
The root UUID changes after a streamed partition image is written to
the block device, causing later deployment failure when assuming the
old UUID.

This change updates the root UUID after streaming the partition image
is complete.

This issue may have been missed in local testing because deploying the
same image repeatedly will result in stable root UUID across runs.

Change-Id: Ice4630c16fc216980488d1427f3b02e1b8a417fa
2021-03-19 12:08:43 +01:00
Bob Fournier
4afe4f6069 Check the base device if the read-only file cannot be read
For some drives, the partition e.g. `/dev/sda1` will not have the
'ro' file which can result in a metadata erasure failure but the base
device (`/dev/sda`) will have this file.  Add an additional check
for the base device.

Change-Id: Ia01bdbf82cee6ce15fabdc42f9c23036df55b4c5
Story: 2008696
Task: 42004
2021-03-09 07:05:27 -05:00
Derek Higgins
5492ad7da5 Increase the memory limit for qemu-img
We appear to be bumping up against this limit when deploying
RHCOS images(currently 977MB). Curiously the problem isn't
happening all the time but increasing the limit eliminates it.

This limit was intruduced to guard against a malicious image
allocating an arbitrary amount of memory. Nothing else runs
on hosts when IPA is running so we should be ok bumping up
the limit.

Story: #2008667
Task: #41955
Change-Id: I9405995915a874b00b7177c9642c5469d05d66a8
2021-03-02 11:38:57 +00:00
Mohammed Naser
ab267aabdd Allow clean_configuration to run against full-device arrays
At the moment, it is not possible for Ironic to clean up a
RAID array that is built from an entire device.  This patch
allows it to do so by overriding the behaviour of attempting
to find the device name if the device names does not end with
a number and is a real block device.

Story: #2008663
Task: #41948
Change-Id: I66b0990acaec45b1635795563987b99f9fa04ac7
2021-02-27 17:24:16 -05:00
Zuul
6ea3aff8d6 Merge "New deploy step for injecting arbitrary files" 2021-02-22 18:48:22 +00:00
Zuul
2979ee5314 Merge "Add support for using NVMe specific cleaning" 2021-02-19 12:13:55 +00:00
Jacob Anders
8bcf1be920 Add support for using NVMe specific cleaning
This change adds support for utilising NVMe specific cleaning tools
on supported devices. This will remove the neccessity of using shred to
securely delete the contents of a NVMe drive and enable using nvme-cli
tools instead, improving cleaning performance and reducing wear on the device.

Story: 2008290
Task: 41168
Change-Id: I2f63db9b739e53699bd5f164b79640927bf757d7
2021-02-18 22:51:34 +10:00
kartikeyaj0
319efe2c2d Fixes local boot for partition images
IPA is not properly checking if the root partition is already
mounted. Device is being passed to os.path.ismount() instead
of the mount point.

Story: 2008631
Task: 41839
Change-Id: I37a6e7e6bbe0bbbb0317c6e55bb822dafe7cce20
2021-02-17 10:56:31 +05:30
Dmitry Tantsur
59cb08fd28 New deploy step for injecting arbitrary files
This change adds a deploy step inject_files that adds a flexible
way to inject files into the instance.

Change-Id: I0e70a2cbc13744195c9493a48662e465ec010dbe
Story: #2008611
Task: #41794
2021-02-16 16:56:52 +01:00
Zuul
13c3c60ff1 Merge "Fix error message with UEFI-incompatible images" 2021-02-11 23:31:37 +00:00
Dmitry Tantsur
be30e0abe8 Clean up a release note
Change-Id: I67a69d83794813337d9cdd9d1f1a7bb8b65fcca8
2021-02-11 17:45:57 +01:00
Dmitry Tantsur
403d2f06c6 Fix error message with UEFI-incompatible images
It's somewhat confusing at the moment, since we're trying to find
a UEFI partition by UUID "None". Don't search for partition if
we don't know its UUID, and provide a better error message.

Change-Id: Ief874084132797a445ddae8009264712a05facfd
2021-02-10 18:08:58 +01:00
Riccardo Pittau
643506335f Add release version to release notes
Change-Id: I0481b86ed2dee1948805040e1b8c107f12cb9c1c
2021-02-01 10:12:33 +01:00
Xinliang Liu
68a43b9da8 Fix UEFI boot entry creation for aarch64
Diskimage-builder installs grub with option '--removable'[1], thus for
aarch64 no 'grubaa64.efi' file in efi directory only got 'BOOTAA64.EFI':
linaro@bm-ubuntu:~$ tree /boot/efi
/boot/efi
└── EFI
    └── BOOT
        └── BOOTAA64.EFI

2 directories, 1 file

[1]: 8f12d9530e/diskimage_builder/elements/bootloader/finalise.d/50-bootloader (L158)

Task: #41698
Story: #2008560
Change-Id: I9fc55c068ea980beae273411db9d3568eec25eb8
2021-01-27 03:32:23 +00:00
Kaifeng Wang
6072e2d65a Remove lldp-timeout support
The kernel parameter lldp-timeout was deprecated removed in this patch.

Change-Id: I98da49e61d9ed3236cc495d1ab351eba0931473b
2021-01-15 16:13:52 +08:00
Julia Kreger
4fb8163717 Fix boot mode detection for partition images
Previously, partition images were hard coded to be bios based
as opposed to consulting all of the values AND the node itself
before making the most appropriate determination. Now the agent
utilises the internal helper to properly determine the boot
mode when calling ironic-lib.

Story: 2008070
Task: 41265
Change-Id: Id5eeda69d5b9de2b393af414472d57b0d4380c43
2020-12-19 19:03:16 +00:00
Zuul
433bcffdf2 Merge "Add fstab pointer to EFI partition" 2020-12-17 22:42:58 +00:00
Zuul
49de16edd2 Merge "Prevent broken partition image UEFI deploys" 2020-12-17 22:41:31 +00:00
Zuul
e40984c084 Merge "Fix default disk label with partition images" 2020-12-17 22:41:25 +00:00
Julia Kreger
a12a5744b6 Add fstab pointer to EFI partition
Adds support for the EFI partition to be appended to fstab so the
filesystem can be automounted and EFI loader updated should the
deployed operating system need to do so.

This should enable bootloaders to be upgraded by linux based
operating systems after the instance has been deployed when
a partition image was utilized for the initial deployment.

Change-Id: Iec28a8841cc01ec8b01a3f5cca070c934c7a2531
Story: 2008070
Task: 40754
2020-12-17 14:17:31 +00:00
Zuul
9ae99506c0 Merge "Correctly decode error messages from ironic API" 2020-12-16 13:43:07 +00:00
Zuul
94b0e97e8b Merge "Generate TLS certificates with validity time in the past" 2020-12-15 20:08:09 +00:00
Zuul
13cfa68974 Merge "Copy any configuration from the virtual media" 2020-12-14 18:01:06 +00:00
Julia Kreger
f9870d5812 Prevent broken partition image UEFI deploys
Partition images can sometimes contain a /boot folder structure
event he assets for EFI booting on that filesystem. Which is a
good thing. The conundrum is that Ironic does not handle this
properly and potentially replaces the bootloader in this sequence
such that grub2-install is used instead of signed bootloader assets.

As such, we should be preserving the assets and using them from
a partition image much like we do when we have a wholedisk
image and can identify the assets.

Now we will preserve the EFI boot assets, copy them to the new EFI
boot partition, and call the EFI setup methods to manage the EFI
nvram.

Note, this change also splits the logic path out that performs the
end call of the EFI boot manager into a reusable method but does
not retool all of the testing as it is intertwined in the
install_grub2 testing.

Also adds some additional debug logging, as much of the bootloader
installation code has multiple fallback/cleanup points which makes
it difficult to debug from logs.

Story: 2008070
Task: 40753
Change-Id: If17d4b4c06df5504987e61a1fde6662e9acd6989
2020-12-14 14:37:14 +00:00
Julia Kreger
cb6c0059b5 Fix default disk label with partition images
Partition images through the agent have the unfortunate
side effect of being executed without full node context
by default. Luckilly we've had a similar problem and
cache the node.

This patch changes the lookup from a default of msdos
partitions to use the cached node object.

Change-Id: I002816c9372fdf1cc32f3c67f420073551479fd9
2020-12-14 06:36:18 -08:00
Dmitry Tantsur
557293ca6a Generate TLS certificates with validity time in the past
Otherwise a slight clock skew may prevent them from working, see
e.g. https://bugzilla.redhat.com/show_bug.cgi?id=1906448.

Change-Id: Icea103af06edef16c0dc4578877dc04cd6ec3b0c
2020-12-10 16:22:13 +01:00
Julia Kreger
7a83773fbc Option to enable bootloader config failure bypass
Some hardware is very well intentioned. However this intention
can result in the UEFI NVRAM table being full which prevents us
from adding new records to the table. We can't be sure what to
delete, so in this case some operators just need the ability to
tell ironic "it is okay if this fails, it will still work."

The added ``ignore_bootloader_failure`` option adds
this capability which can be set per-node either in the agent
configuation via the ramdisk image, or in the pxe_append_params
configuration parameter for the node itself with a
``ipa-ignore-bootloader-failure`` option in order to prevent
the failure from being raised.

Change-Id: If3c83fb2ea2025fce092d495a64f32077c70d2d6
Story: 2008386
Task: 41309
2020-12-10 06:42:48 -08:00
Dmitry Tantsur
53dbc87a35 Correctly decode error messages from ironic API
Knowing a status code is simply not enough for debugging.

Change-Id: If1d3f182ab028948ff05aea7e8024d4e7bc3d53c
2020-12-07 18:59:08 +01:00
Zuul
1a9491e651 Merge "Bring up VLAN interfaces and include in introspection report" 2020-12-02 13:59:28 +00:00
Zuul
22985da710 Merge "Make mdadm a soft requirement" 2020-11-23 19:37:59 +00:00
Dmitry Tantsur
b9b67fad77 Copy any configuration from the virtual media
For ramdisk TLS (and other potential future enhancements) we need
to be able to inject configuration and certificates into the ramdisk.
Since we cannot pass files through kernel parameters, we need to
put them on the generated ISO or (in the future) config drive.

This change detects IPA configuration and copies it into the ramdisk
early enough for any configuration files to get picked.

Changed /dev/disk/by-label to blkid since the former may not exist
on all ramdisks (e.g. tinyIPA).

Change-Id: Ic64d7842a59795bbf02f194221dedc07c6b56e8c
2020-11-23 16:04:45 +01:00
Dmitry Tantsur
ab8dee0386 Make mdadm a soft requirement
No point in requiring it for deployments that don't use software RAID.

Change-Id: I8b40f02cc81d3154f98fa3f2cbb4d3c7319291b8
2020-11-20 17:07:00 +01:00
Bob Fournier
6e3f28d720 Bring up VLAN interfaces and include in introspection report
Add the ability to bring up VLAN interfaces and include them in the
introspection report.  A new configuration field is added -
``ipa-enable-vlan-interfaces``, which defines either the VLAN interface
to enable, the interface to use, or 'all' - which indicates all
interfaces.  If the particular VLAN is not provided, IPA will
use the lldp info for the interface to determine which VLANs should
be enabled.

Change-Id: Icb4f66a02b298b4d165ebb58134cd31029e535cc
Story: 2008298
Task: 41183
2020-11-20 10:17:00 -05:00
Zuul
4762aca077 Merge "Add clean step 'erase_pstore'" 2020-11-18 17:38:00 +00:00
Arne Wiebalck
92e26b01e9 Add clean step 'erase_pstore'
Add an automatic clean step to clean the Linux kernel's pstore.
The step is disabled by default.

Story: #2008317
Task: #41214

Change-Id: Ie1a42dfff4c7e1c7abeaf39feca956bb9e2ea497
2020-11-17 18:00:16 +01:00
Zuul
c33b3fff66 Merge "Add UUID to BlockDevice object" 2020-11-11 21:42:51 +00:00
Vladyslav Drok
c7858d3cc8 Add UUID to BlockDevice object
It'd allow for example custom ansible playbooks to use UUIDs of the
introspected node's disks. In future it might also enable agent
to use UUID (or by_path value) to refer to a device instead of
name, as it happens currently.

Change-Id: Id00437d2295c39fb12f3c25a92b30b56a58eef13
2020-11-11 17:25:59 +00:00
Fedor Tarasenko
694ea7425d Support using LABEL as identifier for rootfs
Add possibility to use disk LABEL to identify rootfs uuid for
Software RAID deployment

Change-Id: I77f36e70ddc539af0190db1c1abe0fb2c66f34b4
Story: 2008303
Task: 41188
2020-11-03 13:03:34 +03:00
Zuul
f356356486 Merge "Follow-up to API version setting" 2020-11-02 11:48:22 +00:00
Zuul
d84e88769e Merge "Don't run os-prober from grub2-mkconfig" 2020-11-01 12:27:07 +00:00
Julia Kreger
066a96a926 Follow-up to API version setting
Follow-up on Ib96a1057792f45f2e4554671e32c436140463ee8 to
improve some of the wording and review feedback by
Dmitry Tantsur.

Change-Id: Id77b0d72f3d78e5befd05fbdb6b21bc780f4ddfe
2020-10-30 08:28:54 -07:00