When a hard error has occured with secure erase,
we should attempt an unlock of the device becuase
the current mode can prevent disk IO. This may upset
some things like raid controllers even if they are
in a pass-through mode.
Change-Id: I32e1d962fbbb4a305d5dbebea92ac48ebd9b67ca
Story: #2002546
Task: #22107
None of the existing ironic-python-agent integer config options included
min or max values. Added appropriate min/max values for the integer
config options.
Two of the integer options are for ports (listen_port and
advertise_port). These were changed to use the more appropriate
oslo_config cfg.PortOpt instead of cfg.IntOpt. PortOpt has the proper
min and max values built in.
Change-Id: I98709a45d099aea62c9973beb6817591cb445a9c
Story: 1731950
You can generate this error if after having provisioned a node
using GPT partitioning, you clean its MBR using say
dd if=/dev/zero bs=1024 count=1 of=/dev/sda
and then cleanup all Ironic/Bifrost informations to get it
reprovisioned.
In this case sgdisk -Z returns an error and last_error field
in Ironic contains:
Error writing image to device: Writing image to device
/dev/sda failed with exit code 2
Caution: invalid main GPT header, but valid backup;
regenerating main header\nfrom backup!\n
\nInvalid partition data!\
Change-Id: Ib617737fff5e40cb376edda0232e0726d9c71231
hdparm versions prior to 9.51 interpret the value, NULL, as a
password with string value: "NULL".
Example output of hdparm with NULL password:
[root@localhost ~]# hdparm --user-master u --security-unlock NULL /dev/sda
security_password="NULL"
/dev/sda:
Issuing SECURITY_UNLOCK command, password="NULL", user=user
SECURITY_UNLOCK: Input/output error
Example output of hdparm with "" as password:
[root@localhost ~]# hdparm --user-master u --security-unlock "" /dev/sda
security_password=""
/dev/sda:
Issuing SECURITY_UNLOCK command, password="", user=user
Note the values of security_password in the output above. The output
was observed on a CentOS 7 system, which ships hdparm 9.43 in the
offical repositories.
This change attempts to unlock the drive with the empty string if an
unlock with NULL was unsucessful.
Issuing a security-unlock will cause a state transition from SEC4
(security enabled, locked, not frozen) to SEC5 (security enabled,
unlocked, not frozen). In order to check that a password unlock attempt
was successful it makes sense to check that the drive is in the unlocked
state (a necessary condition for SEC5). Only after all unlock attempts
fail, do we consider the drive out of our control.
The conditions to check the drive is in the right state have been
adjusted to ensure that the drive is in the SEC5 state prior to issuing
a secure erase. Previously, on the "recovery from previous fail" path,
the security state was asserted to be "not enabled" after an unlock -
this could never have been the case.
A good overview of the ATA security states can be found here:
http://www.admin-magazine.com/Archive/2014/19/Using-the-ATA-security-features-of-modern-hard-disks-and-SSDs
Change-Id: Ic24b706a04ff6c08d750b9e3d79eb79eab2952ad
Story: 2001762
Task: 12161
Story: 2001763
Task: 12162
Increases the amount of ram for CoreOS IPA to 2GB
as the base CoreOS image is now 310MB.
Bumped CPU count for CoreOS runs to 2 CPUs as the
concurrency helps boot times for the CoreOS ramdisk.
Adds netbase, udev, and open-iscsi to debian jessie container
as they are no longer present in the default container.
Explicitly set path variable for execution in the debian
container as udevadm is in /sbin, and we may not have
/sbin on the path that is passed through to the
chroot.
Also fixed new pep8 test failures.
Story: #1600228
Task: #16287
Change-Id: I488445dfd261b7bca322a0be7b4d8ca6105750a3
Even though it was working opening the file in 'read' mode, it really
should be opened in 'write' mode, since we are redirecting the output
to the file.
Interestingly it does fail in 'read' mode if the command is:
echo something
But passes in 'write' mode.
Change-Id: Ic67091881e0be377e527b78d270ab48962881ae0
In Python 2.7, functools.wraps() does not provide the '__wrapped__'
attribute. This attribute is used by
oslo_utils.reflection.get_signature() when getting the signature of a
function. If a function is decorated without the '__wrapped__'
attribute then the signature will be of the decorator rather than the
underlying function.
From the six documentation for six.wraps():
This is exactly the functools.wraps() decorator, but it sets the
__wrapped__ attribute on what it decorates as functools.wraps()
does on Python versions after 3.2.
Change-Id: Ic0f7a6be9bc3e474a0229b264d1bfe6c8f7e6d85
This patch addresses few minor comments in commit
a659306272542dd38420cb118cc7b04b1e8cf377
Change-Id: Id5b48e3cc96c8807c471c947da3e233cebdf687e
Related-Bug: #1526449
Currently the generic hardware manager uses dmidecode to get the
total physical memory and system details. This patch switches the
generic hardware manager to use lshw, as it is capable of reading
more than DMI [0]. This enables systems that do not support DMI
to use the generic hardware manager, such as IBM Power systems.
[0] https://github.com/lyonel/lshw/blob/master/README.md
Closes-Bug: #1715790
Change-Id: Ie370331df6bb5ef131c5cb60f458877e2a7ad71a
Depends-On: Idaf05b8efce28cd0cbf339cf693db4f55a693d9b
If mounting the root partition fails for some reason, we try to unmount
the EFI partition, which is not mounted at this point. This results in
a new exception hiding the real failure. This change fixes it.
Change-Id: I0ec636a361eda71b4149e4a7ba1538a9bbf6ec34
Closes-Bug: #1732932
/ironic-python-agent/api/app.wsgi is an empty file.
As suggestion from John L. Villalovos, we probably should delete it.
Change-Id: I695aca42b76dfad1b74418c05a48c5cba3b7d71e
This is the followup patch for
commit d0a53149f82a3587515a4371f0f4cad8570dc715) fixing
issues with the unit tests not addressed initially.
Change-Id: I7889bf908bcb64b79bf303c6ae356fd3f4e94a83
Change c5bf7b088f1ec776b788a81f2775e1b2577720e8 introduced
a new requirement via a pre-existing ironic-lib method being
called that utilizes hexdump. Hexdump is not always present
and since we did not explicitly call it out as a new
requirement, we should at least somewhat gracefully handle
the exception.
Change-Id: Id0223ef1417f6e419770ceb56b2a3b80c6118a85
Closes-Bug: #1732470
Use latest version of flake8-import-order package, like we do in
openstack/ironic
Fix two issues detected by new version.
Change-Id: Idb8f0fd79c3d6b34611288f77948d042cd837806
In order for Ironic to know what parameters can be sent to IPA commands,
Ironic needs to know which version of IPA it is talking to. This patch
adds a new node heartbeat parameter agent_version which will carry the IPA
version information to Ironic.
Change-Id: I27e3311accf3a113a48a73df372ed46ff50c7e22
Partial-Bug: #1602265
Depends-On: I400adba5d908b657751a83971811e8586f46c673
An issue was discovered if we mock an already mock-ed function. This
was happening in our execute() detection code. Change it to not use a
mock and instead a function.
Add unit tests to show it works as intended.
Change-Id: Ia116b355e7adb3cbfb8ae34f4d59bf527f2889bb
While listening for LLDP packets, if one of the sockets marks itself as
ready to read then our code will try to read data from that socket, but
if something goes wrong while reading that data then it causes IPA to
raise out of the loop skipping any other of the other NICs which might
have worked. This patch adds code to catch and LOG any exception that is
raised while we are trying to read data from one of the sockets so that
we can proceed to process all the NICs.
Change-Id: I8546097f5ae23755a5fdb448902007a2d823b7bf
Closes-Bug: #1665025
Prevent IPA from picking up the IPv6 link-local address
as a callback_url in cases where it gets tried before other
addressing methods havn't complete yet. In this scenario IPA
sleeps for 10 seconds and then retries giving the nic a chance to
configure its routable IP address.
Change-Id: Ic53334c630180f0d77bb0231e548d2c44bfe55ca
Closes-Bug: #1732692
This fixes an off-by-one error in a warning message.
This is a follow-up to 3189c16a5e95ade468fa8bc37302eb9979f5a8c9.
Change-Id: I89b56974c1b919f4c03498873d3ce9860d5644c5
Related-Bug: #1670916
It provides cleaner per-tests config objects, with more options to
configure the fixture.
Also, allow overriding config fixture in particular test cases if
needed.
Change-Id: I2e9945b6168d97d7ee861924ac2f4ca5cd03dde2
This patch adds support for rescue mode with DHCP tenant networks in
CoreOS. Applying network config from a configdrive is not yet supported
but will be in a future patch.
Co-Authored-By: Jay Faulkner <jay@jvf.cc>
Co-Authored-By: Taku Izumi <izumi.taku@jp.fujitsu.com>
Co-Authored-By: Annie Lezil <annie.lezil@gmail.com>
Co-Authored-By: Aparna <aparnavtce@gmail.com>
Co-Authored-By: Shivanand Tendulker <stendulker@gmail.com>
Change-Id: I7898ff22800dedba73d7fbfb3801378867abe183
Partial-Bug: 1526449
IPA does not return 'root_uuid' as part of command status when
provisioning of whole disk image is done using 'agent' deploy
interface from ironic. This commit fixes the issue.
Also updated Dockerfile to include package 'bsdmainutils' related
to 'hexdump' binary.
Change-Id: I89597fe4a704686fe31c064c3443fd8404a300e5
Partial-Bug: #1713916
Improve the catching of calls to 'execute' related functions in unit
tests. Before we only caught calls to utils.execute(). Now we catch
calls to:
ironic_lib.utils.execute()
processutils.execute()
subprocess.call()
subprocess.check_call()
subprocess.check_output()
utils.execute()
Change-Id: If4720ebed00f15c2a19cb8badbe4dc3c808eeece
Have our unit tests derive from the base unit test class in
ironic_python_agent/tests/unit/base: IronicAgentTest
This is so if we add additional global common features to our base
test class, all of our tests will get those common features.
Change-Id: I5188112f06dcfda4f5b0fd41fa9b9dd270cde8d7
Minor change to a unit test; the names of the mock arguments to the
unit test method are not consistent with the actual ordering of the
mock decorators. This fixes it.
Change-Id: Id9e0dd1614703760b2fe143b2029f9bf6067420a
