While validating and downloading image references, allow HttpImageService
to use config parameters to enable/disable TLS verification and to use custom
certificates on the secured connections.
Change-Id: I5f308271004a24203ecbbc1718ba9070ed65b960
Story: #2007939
Task: #40404
This change updates the ansible deploy driver to exclude
devices with "sr", "loop", and "mem" which can appear in the
devices list for consideration as the root device.
This change effectively causes them to be ignored.
Change-Id: I72a422553ee992d313b83df091af2c9deb8393b5
Currently we load in-band deploy steps on the first heartbeat in DEPLOYWAIT.
With fast-track, however, this heartbeat may happen way too late, because
the node is up and heartbeating before it's moved to DEPLOYWAIT. This
results in in-band deploy steps not loaded. This change forces a refresh
of deploy steps in deploy.deploy if fast-track is used.
Also make sure that cached steps are cleared on reboot or power off since
they may become outdated next time the agent boots.
Change-Id: I003543452717183b9b3359e368757bcd824a5ce7
SUM based firmware update exists as an inband clean step. This commit
adds it as inband deploy step to `ilo` and `ilo5` hardware types.
Change-Id: I2ac03dc2148a56aa23e86c6adb29a16bac443de3
Story: #2007923
Task: #40337
Adds a new driver_info parameter agent_verify_ca that is passed
to the request's verify parameter.
Story: #2007214
Task: #38461
Change-Id: I0301d1d1d52487c9bb0eab96eea6fe47dbc54c90
By default _verify_port() only works for IPv4 network, the same port can be
allocated to multiple nodes in a IPv6 network because the port checking
passed and be used for other nodes.
This fix passes the socat_address to the port validation and use the
correct address family to do the socket binding.
Story: 2007946
Task: 40412
Change-Id: I1355afaa551baee7b9fd7883d2d29342d059c5a0
We shouldn't attempt to sync the power state on nodes in the adopt
failed state as they may be in some sort of intermediate state
indicitive of their adoption failure.
Change-Id: I779155ba2dc3f256273a7f45c5354ee8e6a6fabf
Story: 2007901
Task: 40296
The configuration for json_rpc contains the option use_ssl but its value
was not respected by the json_rpc client. Therefore the client tried to
connect to HTTPS endpoints using HTTP.
Change-Id: I4336d71f57bcfbde90fa7b62a5435a7f9d0a73d3
Deploy step `apply_configuration` was failing with
TypeError: super(type, obj): obj must be an instance
or subtype of type.
Change-Id: I4de034c38585275543ab603a3ed45de1adf1d15b
Story: 2007963
Task: 40456
A partner performing some testing recognized a case where if a request
is sent to the Ironic Conductor while it is in the process of starting,
and the request makes it into be processed, yet latter the operation
fails with errors such as NodeNotLocked exception. Notably they were
able to reproduce this by requesting the attachment or detachment of
a VIF at the same time as restarting the conductor.
In part, this condition is due to to the conductor being restarted
where the conductors table includes the node being restarted and
the webserver has not possibly had a chance to observe that the
conductor is in the process of restarting as the hash ring is
still valid.
In short - Incoming RPC requests can come in during the initialization
window and as such we should not remove locks while the conductor could
possibly already be receiving work.
As such, we've added a ``prepare_host`` method which initializes
the conductor database connection and removes the stale locks.
Under normal operating conditions, the database client is reused.
rhbz# 1847305
Change-Id: I8e759168f1dc81cdcf430f3e33be990731595ec3
When adoption fails, we should back out the power state
so we don't accidently save a state that shouldn't be
preserved due to the failure.
Change-Id: I4647d0141fc639d49ccb0ef195577f18cd35bd30
Story: 2007901
Task: 40447
Since continue_node_deploy is an async RPC call, currently it ends up
just logging InvalidParameterValue, making deployment hang.
Related Story: #2006963
Change-Id: I2231de30778a2ab3adffa8a5b68ff7216717534c
It's very confusing that we use username/password everywhere, except
for [json_rpc]. Just use the standard options.
Also the version if keystoneauth is bumpted to one that supports
http_basic.
Change-Id: Icc834c3f8febd45c2548314ee00b85a7f9cebd2c
This commit adds support for validation of raid configuration of
in-band AgentRAID deploy step 'apply_configuration' and adds a post
deploy hook to update root device hint.
Change-Id: I52c1ad3e10d9fab3c2366d40af39667a299eb774
Update the port node's filter to allow both owner and lessee to
see a node's ports. This filter is only used when listing ports.
Change-Id: I568e8d23375239d9c044df95b4bc24d5174c145b
This change adds a new 'agent' power interface that can be used together
with fast-track to deploy nodes without knowing their power credentials.
It relies on the agent staying powered on during the whole pre-deployment
and deployment process.
Story: #2007771
Task: #39995
Change-Id: I3d7157c1c4464b650adebbd7f894ee33d0f8f25b
The future agent power interface will only be capable of rebooting, so:
1) Adjust agent_base to be able to use reboot instead power off+on
2) Adjust power sync to avoid trying to force power state for such nodes
Change-Id: Ia95a68729f684a06c722539816eadea5ebb80d1a
Story: #2007771
Task: #40381
Adds an iPXE interface to boot via a virtual media ISO as if it
was virtual media.
Story: 2007644
Task: 39823
Change-Id: Ie7971692758f3a5421f0826fdaf3d2366f652236