1714 Commits

Author SHA1 Message Date
vmud213
1154292d46 Allow HttpImageService to accept custom certificate
While validating and downloading image references, allow HttpImageService
to use config parameters to enable/disable TLS verification and to use custom
certificates on the secured connections.

Change-Id: I5f308271004a24203ecbbc1718ba9070ed65b960
Story: #2007939
Task: #40404
2020-09-07 14:51:34 +00:00
Zuul
d5431ce11d Merge "Move redfish-virtual-media to the back of supported_boot_interfaces" 2020-08-25 12:00:32 +00:00
Zuul
a2ccff668e Merge "Ensure in-band deploy steps are present in time for fast-track deployments" 2020-08-24 14:09:04 +00:00
Julia Kreger
0071d28460 Ansible deploy - Ignore invalid devices
This change updates the ansible deploy driver to exclude
devices with "sr", "loop", and "mem" which can appear in the
devices list for consideration as the root device.

This change effectively causes them to be ignored.

Change-Id: I72a422553ee992d313b83df091af2c9deb8393b5
2020-08-21 10:24:52 -07:00
Dmitry Tantsur
c9720b025c Move redfish-virtual-media to the back of supported_boot_interfaces
Support for virtual media is still limited, we don't want it to become
the default (yet).

Change-Id: I5cd1c5acbc27f554104be13a71865748f801dbd7
2020-08-21 14:56:20 +00:00
Dmitry Tantsur
7dd611dc5e Ensure in-band deploy steps are present in time for fast-track deployments
Currently we load in-band deploy steps on the first heartbeat in DEPLOYWAIT.
With fast-track, however, this heartbeat may happen way too late, because
the node is up and heartbeating before it's moved to DEPLOYWAIT. This
results in in-band deploy steps not loaded. This change forces a refresh
of deploy steps in deploy.deploy if fast-track is used.

Also make sure that cached steps are cleared on reboot or power off since
they may become outdated next time the agent boots.

Change-Id: I003543452717183b9b3359e368757bcd824a5ce7
2020-08-21 14:01:57 +02:00
Zuul
47d4d10008 Merge "[Trivial]Fix some typos in docs" 2020-08-13 07:54:00 +00:00
Zuul
e078d0bbc8 Merge "Prevents power sync with ADOPTFAIL nodes" 2020-08-12 22:50:46 +00:00
Zuul
58c1af93e2 Merge "Fix console auto port allocation under IPv6" 2020-08-12 17:41:32 +00:00
Zuul
3fd9b55880 Merge "Adds support SUM based firmware update as deploy step" 2020-08-12 10:33:09 +00:00
melissaml
45644c64a2 [Trivial]Fix some typos in docs
Delete the duplicate words.

Change-Id: Ia6e0ebf19fbac7a035baf7b93c62cffa3e1e6ccd
2020-08-12 11:22:21 +08:00
Shivanand Tendulker
bc0cc8a8fa Adds support SUM based firmware update as deploy step
SUM based firmware update exists as an inband clean step. This commit
adds it as inband deploy step to `ilo` and `ilo5` hardware types.

Change-Id: I2ac03dc2148a56aa23e86c6adb29a16bac443de3
Story: #2007923
Task: #40337
2020-08-08 06:44:09 -04:00
Zuul
dbd983e644 Merge "agent_client: support custom TLS certificates" 2020-08-07 07:37:42 +00:00
Dmitry Tantsur
adcb05a84e agent_client: support custom TLS certificates
Adds a new driver_info parameter agent_verify_ca that is passed
to the request's verify parameter.

Story: #2007214
Task: #38461
Change-Id: I0301d1d1d52487c9bb0eab96eea6fe47dbc54c90
2020-08-06 15:00:22 +02:00
Kaifeng Wang
07a7a269bb Fix console auto port allocation under IPv6
By default _verify_port() only works for IPv4 network, the same port can be
allocated to multiple nodes in a IPv6 network because the port checking
passed and be used for other nodes.

This fix passes the socat_address to the port validation and use the
correct address family to do the socket binding.

Story: 2007946
Task: 40412

Change-Id: I1355afaa551baee7b9fd7883d2d29342d059c5a0
2020-08-05 22:46:24 +08:00
Dmitry Tantsur
0b0ab9eb16 Wipe agent token and URL on rescue and unrescue
Yet another place where we missed it :(

Change-Id: Iaa56e5965806e975ed0f97f2d6a0d15e13351c22
2020-08-04 09:39:37 +02:00
Julia Kreger
0134508266 Prevents power sync with ADOPTFAIL nodes
We shouldn't attempt to sync the power state on nodes in the adopt
failed state as they may be in some sort of intermediate state
indicitive of their adoption failure.

Change-Id: I779155ba2dc3f256273a7f45c5354ee8e6a6fabf
Story: 2007901
Task: 40296
2020-08-03 13:59:09 -07:00
Zuul
35e76ad82d Merge "Use TLS for json_rpc when configured" 2020-07-31 11:04:10 +00:00
Zuul
ed8cc5ade0 Merge "Fix idrac-wsman RAID apply_configuration" 2020-07-30 14:31:14 +00:00
Felix Maurer
feae197c5a Use TLS for json_rpc when configured
The configuration for json_rpc contains the option use_ssl but its value
was not respected by the json_rpc client. Therefore the client tried to
connect to HTTPS endpoints using HTTP.

Change-Id: I4336d71f57bcfbde90fa7b62a5435a7f9d0a73d3
2020-07-30 17:20:24 +03:00
Zuul
888f766cee Merge "Reset power state upon adoption failure" 2020-07-30 11:21:52 +00:00
Aija Jauntēva
328cb9291a Fix idrac-wsman RAID apply_configuration
Deploy step `apply_configuration` was failing with
TypeError: super(type, obj): obj must be an instance
or subtype of type.

Change-Id: I4de034c38585275543ab603a3ed45de1adf1d15b
Story: 2007963
Task: 40456
2020-07-30 04:22:51 -04:00
Zuul
f06599c754 Merge "Remove locks before RPC bus is started" 2020-07-29 17:29:49 +00:00
Zuul
3670be1283 Merge "Deprecate http_basic_username and http_basic_password in [json_rpc]" 2020-07-28 19:14:00 +00:00
Julia Kreger
b8e4aba1ec Remove locks before RPC bus is started
A partner performing some testing recognized a case where if a request
is sent to the Ironic Conductor while it is in the process of starting,
and the request makes it into be processed, yet latter the operation
fails with errors such as NodeNotLocked exception. Notably they were
able to reproduce this by requesting the attachment or detachment of
a VIF at the same time as restarting the conductor.

In part, this condition is due to to the conductor being restarted
where the conductors table includes the node being restarted and
the webserver has not possibly had a chance to observe that the
conductor is in the process of restarting as the hash ring is
still valid.

In short - Incoming RPC requests can come in during the initialization
window and as such we should not remove locks while the conductor could
possibly already be receiving work.

As such, we've added a ``prepare_host`` method which initializes
the conductor database connection and removes the stale locks.
Under normal operating conditions, the database client is reused.

rhbz# 1847305

Change-Id: I8e759168f1dc81cdcf430f3e33be990731595ec3
2020-07-28 08:03:21 -07:00
Julia Kreger
44d66d351f Reset power state upon adoption failure
When adoption fails, we should back out the power state
so we don't accidently save a state that shouldn't be
preserved due to the failure.

Change-Id: I4647d0141fc639d49ccb0ef195577f18cd35bd30
Story: 2007901
Task: 40447
2020-07-27 11:46:35 -07:00
Dmitry Tantsur
a1e079caec Make the final deploy step validation actually fail deploy
Since continue_node_deploy is an async RPC call, currently it ends up
just logging InvalidParameterValue, making deployment hang.

Related Story: #2006963

Change-Id: I2231de30778a2ab3adffa8a5b68ff7216717534c
2020-07-27 17:50:51 +02:00
Zuul
5afdc8ef11 Merge "Adds raid validation for in-band AgentRAID deploy step" 2020-07-24 15:06:20 +00:00
Zuul
51112dd04a Merge "Allow node lessee to see node's ports" 2020-07-24 15:06:16 +00:00
Dmitry Tantsur
74e9e1d82a Deprecate http_basic_username and http_basic_password in [json_rpc]
It's very confusing that we use username/password everywhere, except
for [json_rpc]. Just use the standard options.

Also the version if keystoneauth is bumpted to one that supports
http_basic.

Change-Id: Icc834c3f8febd45c2548314ee00b85a7f9cebd2c
2020-07-24 11:51:41 +02:00
Zuul
3e92fd054b Merge "iPXE ISO Ramdisk booting" 2020-07-23 21:10:53 +00:00
Zuul
39a38ecf4e Merge "Add an option to choose the hash ring algorithm" 2020-07-23 17:31:00 +00:00
Shivanand Tendulker
a5ce4dd8d0 Adds raid validation for in-band AgentRAID deploy step
This commit adds support for validation of raid configuration of
in-band AgentRAID deploy step 'apply_configuration' and adds a post
deploy hook to update root device hint.

Change-Id: I52c1ad3e10d9fab3c2366d40af39667a299eb774
2020-07-23 13:19:10 -04:00
Tzu-Mainn Chen
cf9188c2d9 Allow node lessee to see node's ports
Update the port node's filter to allow both owner and lessee to
see a node's ports. This filter is only used when listing ports.

Change-Id: I568e8d23375239d9c044df95b4bc24d5174c145b
2020-07-23 17:01:10 +00:00
Zuul
fbc3c798a1 Merge "Adds boot mode support to iLO management interface" 2020-07-23 09:50:12 +00:00
Zuul
8418e651c3 Merge "Add agent power interface" 2020-07-23 04:48:55 +00:00
Zuul
0e26dfe839 Merge "Account for power interfaces that cannot power on" 2020-07-23 04:48:48 +00:00
Dmitry Tantsur
9189b4bb26 Add an option to choose the hash ring algorithm
MD5 is not available in FIPS mode, we need a way to use something else.

Change-Id: Ie6e09ac66028cbe18717a7ea7a4c23730e3cb642
2020-07-22 18:27:19 +02:00
Zuul
1f63525a1f Merge "Iso booting via redfish virtual media" 2020-07-22 04:55:59 +00:00
Dmitry Tantsur
46f8c85752 Add agent power interface
This change adds a new 'agent' power interface that can be used together
with fast-track to deploy nodes without knowing their power credentials.
It relies on the agent staying powered on during the whole pre-deployment
and deployment process.

Story: #2007771
Task: #39995
Change-Id: I3d7157c1c4464b650adebbd7f894ee33d0f8f25b
2020-07-20 09:42:05 +02:00
Dmitry Tantsur
e804f6c56b Account for power interfaces that cannot power on
The future agent power interface will only be capable of rebooting, so:
1) Adjust agent_base to be able to use reboot instead power off+on
2) Adjust power sync to avoid trying to force power state for such nodes

Change-Id: Ia95a68729f684a06c722539816eadea5ebb80d1a
Story: #2007771
Task: #40381
2020-07-20 09:41:41 +02:00
Zuul
674ed29347 Merge "Add missing agent RAID compatibility for ilo5 and idrac" 2020-07-18 03:51:00 +00:00
Zuul
2876fd1790 Merge "Decompose the core deploy step on iscsi and ansible deploy" 2020-07-17 14:46:55 +00:00
Julia Kreger
0cbb0397b1 iPXE ISO Ramdisk booting
Adds an iPXE interface to boot via a virtual media ISO as if it
was virtual media.

Story: 2007644
Task: 39823
Change-Id: Ie7971692758f3a5421f0826fdaf3d2366f652236
2020-07-16 14:36:45 -07:00
Zuul
8b67330c45 Merge "Do not validate driver on changing non-driver fields" 2020-07-16 20:50:46 +00:00
Zuul
1062567531 Merge "Wipe agent token during reboot or power off" 2020-07-16 17:27:03 +00:00
Zuul
44533d7b49 Merge "Implement get_deploy_steps for AgentRAID" 2020-07-16 17:27:00 +00:00
Zuul
59e27224d9 Merge "Add get_node_network_data to Neutron NetworkInterface" 2020-07-16 15:18:19 +00:00
Zuul
b8f2745b2d Merge "Allow deleting nodes with a broken driver" 2020-07-16 14:07:53 +00:00
Dmitry Tantsur
a7976b3491 Implement get_deploy_steps for AgentRAID
This allows using software RAID as an in-band deploy step.

Change-Id: I66103598cf58267010a09b1bd654dc90f714c202
2020-07-15 16:31:43 +02:00