Adds a new argument disable_ramdisk to the manual cleaning API.
Only steps that are marked with requires_ramdisk=False can be
run in this mode. Cleaning prepare/tear down is not done.
Some steps (like redfish BIOS) currently require IPA to detect
a successful reboot. They are not marked with requires_ramdisk
just yet.
Change-Id: Icacac871603bd48536188813647bc669c574de2a
Story: #2008491
Task: #41540
At the moment, users do not have a way to easily prioritize those
cleaning steps into automatic cleaning. This patch allows the user
to enable those options and prioritize them as needed for automatic
cleaning.
Change-Id: I3b647e39982c0a98abac7b0a7c1c60215d6db4f2
Since the existing change is approved and in the gate now,
it doesn't make sense to edit it for the review feedback.
The included minor feedback is addressed by this change.
Change-Id: I046c194af01fe77c3eac541f245a377e8e8f71eb
Split the monolithic guide into several pages: configuration, enrollment
and deployment. Merge duplicating docs into the common locations.
Use code-block for nicer highlighting.
Change-Id: Iaeef9e0cf8deba20a125d3cfacd4ca8ca2f52e84
Chances are much higher the users will find it there. Also correct some
wording (node interfaces -> hardware interfaces), use double ticks for
field names and mention the Wallaby release.
Story: #2008652
Task: #42015
Change-Id: I33956976a9420ade836ab8d37a9488b9a207cef0
This change allows instance_info values to override node interface
definitions, so non-admins can make temporary changes to various
interfaces.
Story: #2008652
Task: #41918
Change-Id: I6c3dc74705bde02bd02882d14838f184f8d4a5e3
This reverts commit b0df0960e2c53a4fe6673ba0a1ed546ffd156dc7.
Reason for revert: Need to split in separate patches and backport virtual media boot part.
Change-Id: Ib182ee6f2894fcdcea369a60dc5bd922a16434e2
The tests were not enabled earlier on, for endpoints that
are not going to be exposed to users, really. So this patch
just updates them so they are tested as expected.
Change-Id: If3c989d5bcf03de5704e30165747642134952f75
This patch adds project scoped access, as part of the work
to delineate system and project scope access.
Adds policies:
* baremetal:volume:list_all
* baremetal:volume:list
* baremetal:volume:view_target_properties
Change-Id: I898310b515195b7065a3b1c7998ef3f29f5e8747
The Redfish hardware type does not currently implement the RAID
hardware interface.
This patch implements the Redfish RAID interface, allowing operators
to specify the desired RAID configuration on Ironic Redfish nodes.
Story: 2003514
Task: 24789
Depends-On: https://review.opendev.org/c/openstack/sushy/+/774532
Change-Id: Icf5ca865e0c1e168b96659229df622698bea1503
This patch implements the project scoped rbac policies for a
system and project scoped deployment of ironic. Because of the
nature of Ports and Portgroups, along with the subcontroller
resources, this change was a little more invasive than was
originally anticipated. In that process, along with some
discussion in the #openstack-ironic IRC channel, that it
would be most security concious to respond only with 404s if
the user simply does not have access to the underlying node
object.
In essence, their view of the universe has been restricted as
they have less acess rights, and we appropriately enforce that.
Not expecting that, or not conciously being aware of that, can
quickly lead to confusion though. Possibly a day or more of
Julia's life as well, but it comes down to perceptions and
awareness.
Change-Id: I68c5f2bae76ca313ba77285747dc6b1bc8b623b9
* Adds additional policies:
* baremetal:node_get:last_error
* baremetal:node:get:reservation
* baremetal:node:get:driver_internal_info
* baremetal:node:get:driver_info
* baremetal:node:update:driver_info
* baremetal:node:update:properties
* baremetal:node:update:chassis_uuid
* baremetal:node:update:instance_uuid
* baremetal:node:update:lessee
* baremetal:node:update:driver_interfaces
* baremetal:node:update:network_data
* baremetal:node:update:conductor_group
* baremetal:node:update:name
* With new policies, responses of filtering and posted data is
performed. Testing has been added to the RBAC testing files
to align with this and the defaults where pertinant.
* Adds another variation of the common policy check method
which may be useful in the long term. This is too soon to
tell, but the overall purpose is to allow similar logic
patterns to the authorize behavior. This is because the
standard policies are, at present, also used to control
behavior of response, and node response sanitization needs
to be carefully navigated.
This change excludes linked resources such as /nodes/<uuid>/ports,
portgroups, volumes/[targets|connectors]. Those will be in later
changes, as the node itself is quite a bit.
Special note:
* The indicator endpoint code in the API appears to be broken
and given that should be fixed in a separate patch.
Change-Id: I2869bf21f761cfc543798cf1f7d97c5500cd3681
This change adds support for utilising NVMe specific cleaning tools
on supported devices. This will remove the neccessity of using shred to
securely delete the contents of a NVMe drive and enable using nvme-cli
tools instead, improving cleaning performance and reducing wear on the device.
(this specific change adds extra documentation to the earlier set of
patches implementing this).
Story: 2008290
Task: 41168
Change-Id: Ia6d34b31680967a0d14687e5a54d68a1f1644308
In order to reduce the load on the database backend, only lazy-load
a node's ports, portgroups, volume_connectors, and volume_targets.
With the power-sync as the main user, this change should reduce the
number of DB operations by two thirds roughly.
Change-Id: Id9a9a53156f7fd866d93569347a81e27c6f0673c
