This RFE proposes a new microversion that will provide
aliases to two poorly named provisioning verbs
to match the existing CLI commands
Story: #2007551
Task: #39402
Change-Id: Ifd14aebbfb4b17c5108f44092dac0b89d1c2c50a
This patch addresses all the remaining comments on the
security dashboard clean steps for ilo driver.
Change-Id: Id454642439d09fa8edd7bab9259dfc4ba9b55a01
This commit adds new clean steps security_parameters_update,
update_minimum_password_length and update_auth_failure_logging_threshold
to allow users to edit following security parameters which fetched
during node inspection -
``Password_Complexity``, ``RequiredLoginForiLORBSU``,
``RequireHostAuthentication``, ``MinPasswordLength``,
``IPMI/DCMI_Over_LAN``, ``Authentication_failure_Logging``,
and ``Secure_Boot``.
Story: 2008024
Task: 40736
Change-Id: I0dd9a83ee23c6b846eda3ff171ab7b3138b22fa7
agent_status is used by anaconda ramdisk to inform the
conductor about state of the deployment. Valid agent
states are 'start', 'end' and 'error'. The agent_status_message
is used to describe the why the agent_status is set to a
particular state. Use of these parameters require API
version 1.72 or greater.
When anaconda finishes deployment the agent_status is
set to 'end'. When anaconda ramdisk is unable to deploy
the OS for some reason the agent_status is set to 'error'.
PXEAnacondaDeploy is implemented to handle the 'anaconda'
deploy interface. PXEAnacondaDeploy ties to together pieces
needed to deploy a node using anaconda ramdisk.
Co-Authored-By: Jay Faulkner <jay@jvf.cc>
Change-Id: Ieb452149730510b001c4712bbb2e0f28acfc3c2e
This change adds a generic method of configuring clean step
priorities instead of making changes in Ironic code every time a new
clean step is introduced.
Change-Id: I56b9a878724d27af2ac05232a1680017de4d8df5
Story: 1618014
The security docs give an example of how to enable admins to show
passwords via the API, but the policy guidance is wrong. There is no
"is_admin" _role_, it is instead a _rule_.
Change-Id: Ic14ebc04f01bece1460f6244ec2dd88c8dd00b0e
The initial RAID levels have been extended by levels 5 and 6.
Update the documentation to reflect this.
Change-Id: Ifd7eb9d836b6fbf0a08648654ef2080b9717be83
In some cases the operator can't specify `ipmi_cipher_suite`
for each node and the problem with session can still occour:
`Error in open session response message : no matching cipher suite`
This patch adds a new configuration option that will take a list
of possible cipher suite versions that can be used when the error
occurs and the node doesn't have the `ipmi_cipher_suite` set.
Story: 2008739
Task: 42093
Change-Id: I6788585a83268e20ff6447e570995871bc9c25d5
Virtual media deployments can be conducted outside of the provisioning
network as long as the node gets an IP address somehow and can reach
ironic and its HTTP server. This changes adds new configuration that
allows to use public IP addresses for virtual media while keeping PXE
boots working and constrained to the provisioning network.
Change-Id: I8b859b2812160ff3911eb7d648eab835ef61d934
Story: #2008566
Task: #41706
This change adds support to pre-built ISO images via the new driver_info
parameters redfish_deploy_iso and redfish_rescue_iso, similarly to the
iLO hardware type.
Also removes overly eager mocking in image unit tests.
Change-Id: I1366791a6c6eb34f3a43337c4199592783765912
Adds MVP support for idrac-redfish to RAID interface. Based on
generic redfish implementation, but requires OEM extension
to check when `Immediate` time becomes available shortly
after IPA starts executing steps.
Does not support foreign disks, convert from non-RAID mode.
Story: 2008602
Task: 41778
Depends-On: https://review.opendev.org/c/x/sushy-oem-idrac/+/776224
Change-Id: Iefb7f882c97e33a176962e4e907163d9e4809445
This patch increments the API version for the Secure RBAC
as was covered in the specification in order to signify to
API consumers that may need to be aware if the API surface
can support Secure RBAC policy configuration.
Change-Id: Ia659708bb89ff416b65367505d3e068c6d4a198f
Deprecates legacy policies which will be removed at a later point in
time. Notes these in a release note which covers project scoped access
enablement, and updates the Secure RBAC docs to cover additional details
Special thanks to Rammstein Radio on Pandora, for without this and all
of the amazing artists it brought to my coding jam sessions, this effort
would not have reached any sort of conclusion in the relatively short
time for such a massive amount of work.
Change-Id: I3bf0fa0de07e19d6058f0299e7abbff91b48b360
Adds a new argument disable_ramdisk to the manual cleaning API.
Only steps that are marked with requires_ramdisk=False can be
run in this mode. Cleaning prepare/tear down is not done.
Some steps (like redfish BIOS) currently require IPA to detect
a successful reboot. They are not marked with requires_ramdisk
just yet.
Change-Id: Icacac871603bd48536188813647bc669c574de2a
Story: #2008491
Task: #41540
Adds policy scope based RBAC handling for the allocations
endpoing which enables admins to create allocations if
they have baremetal nodes which are available to them.
Change-Id: I60e273afaf344fded9bdb8c4c8e143efc9971fc1
I never got around to adding in an initial pass on system scoped
interaction and use with secure rbac. This change adds a high level
overview to help explain the context.
Change-Id: I4dca32c882f484e75378aca8bb043ebd078a13cf
Split the monolithic guide into several pages: configuration, enrollment
and deployment. Merge duplicating docs into the common locations.
Use code-block for nicer highlighting.
Change-Id: Iaeef9e0cf8deba20a125d3cfacd4ca8ca2f52e84
