Workaround for grenade jobs to read CIRROS_VERSION variable from
stackrc.
We also give the possibility to specify a custom CIRROS_VERSION
In addition, fix transient iDRAC WS-Man BIOS test.
Depends-On: https://review.opendev.org/c/openstack/ironic/+/786387
Change-Id: Ic7f5dae5e6aa6916f0a7d73f43cc9552349385c5
This change fixes the idrac-wsman BIOS hardware interface
implementation's determination of the result of its factory_reset
cleaning/deploy step, and, on success, updating of the cached BIOS
settings to their defaults. It uses a deterministic means of identifying
when the reset has successfully completed and the default BIOS settings
are available to be read.
The time when the iDRAC last performed a system inventory is referred to
as Collect System Inventory on Restart (CSIOR). CSIOR updates the values
of BIOS settings that can be read from the iDRAC. The interface reads
the CSIOR and records it on the ironic bare metal node before requesting
the factory reset and rebooting the system to process the request.
Following the system reboot, the CSIOR is periodically read until its
value changes from its recorded value. If that occurs before the
configured amount of time has passed, the step succeeds and the cached
BIOS settings are updated. Otherwise, the step fails and the node is
placed in the failed state.
Story: 2008058
Task: 40739
Depends-On: https://review.opendev.org/c/openstack/python-dracclient/+/748571
Change-Id: I11b92612d6686b7133ddef67068664c9b81df30e
Update python-dracclient version to indicate Wallaby compatibility with
6.*.* releases.
Version 6.0.0 is available from PyPI [1].
[1] https://pypi.org/project/python-dracclient/6.0.0/
Change-Id: Ia7093a3ed48e19197f74da9e1c49416a974a76be
This commit adds new clean steps security_parameters_update,
update_minimum_password_length and update_auth_failure_logging_threshold
to allow users to edit following security parameters which fetched
during node inspection -
``Password_Complexity``, ``RequiredLoginForiLORBSU``,
``RequireHostAuthentication``, ``MinPasswordLength``,
``IPMI/DCMI_Over_LAN``, ``Authentication_failure_Logging``,
and ``Secure_Boot``.
Story: 2008024
Task: 40736
Change-Id: I0dd9a83ee23c6b846eda3ff171ab7b3138b22fa7
Add file to the reno documentation build to show release notes for
stable/wallaby.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/wallaby.
Sem-Ver: feature
Change-Id: I87ce46bfcca8b023ef26cf0cdc807de6956fb2b3
agent_status is used by anaconda ramdisk to inform the
conductor about state of the deployment. Valid agent
states are 'start', 'end' and 'error'. The agent_status_message
is used to describe the why the agent_status is set to a
particular state. Use of these parameters require API
version 1.72 or greater.
When anaconda finishes deployment the agent_status is
set to 'end'. When anaconda ramdisk is unable to deploy
the OS for some reason the agent_status is set to 'error'.
PXEAnacondaDeploy is implemented to handle the 'anaconda'
deploy interface. PXEAnacondaDeploy ties to together pieces
needed to deploy a node using anaconda ramdisk.
Co-Authored-By: Jay Faulkner <jay@jvf.cc>
Change-Id: Ieb452149730510b001c4712bbb2e0f28acfc3c2e
The fix for https://storyboard.openstack.org/#!/story/2008252 synced
the boot mode after changing the boot device, because Supermicro nodes
reset the boot mode if not included in the boot device set. However this
can cause a problem on Dell nodes when changing the mode uefi->bios or
bios->uefi. Restrict the syncing of the boot mode to Supermicro.
Story: 2008712
Task: 42046
Change-Id: I9f305cb3f33766c1c93cf4347368b1ce025fc635
This change adds support for managing an iDRAC -- reset, clear job
queue, and reset to known good state -- via the Redfish out-of-band
(OOB) management protocol to the idrac hardware type. This is offered by
new idrac-redfish management hardware interface implementation cleaning
steps: reset_idrac, clear_job_queue, and known_good_state.
known_good_state both resets an iDRAC and clears its job queue.
Story: 2007617
Task: 39628
Depends-On: https://review.opendev.org/c/x/sushy-oem-idrac/+/782254
Change-Id: Iad69c8d7cf3a373f5cfcc619a479a106efa2e4d4
This change adds a generic method of configuring clean step
priorities instead of making changes in Ironic code every time a new
clean step is introduced.
Change-Id: I56b9a878724d27af2ac05232a1680017de4d8df5
Story: 1618014
The security docs give an example of how to enable admins to show
passwords via the API, but the policy guidance is wrong. There is no
"is_admin" _role_, it is instead a _rule_.
Change-Id: Ic14ebc04f01bece1460f6244ec2dd88c8dd00b0e
Ironic's sample configuration page previously did not render any
of the items in the default section, except for those items added
by other libraries. This was because we were trying to use an iterator
instead of a list.
Using an iterator, in theory should have worked, and did work for
normal invocations, but didn't work when it came to sphinx generated
output.
Instead of trying to use itertools to assemble everything, we just
now instead assemble the list and use a list_opts method like some
of the other more complex groups to add values.
Confirmed in local build output that the sphinx generated output
works as expected now.
Change-Id: I7f1cffb2a91728ab632ab0ccaa6acbb7e86fb533
Bandit has started to fail on master.
>> Issue: [B701:jinja2_autoescape_false] Using jinja2 templates with autoescape=False is dangerous and can lead to XSS. Ensure autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.
Severity: High Confidence: Medium
Location: ironic/common/utils.py:491
More Info: https://bandit.readthedocs.io/en/latest/plugins/b701_jinja2_autoescape_false.html
489 # NOTE(pas-ha) not using default_for_string=False as we set the name
490 # of the template above for strings too.
491 env = jinja2.Environment(
492 loader=loader,
493 autoescape=jinja2.select_autoescape(),
494 undefined=jinja2.StrictUndefined if strict else jinja2.Undefined
495 )
It appears that Arun changed this around a little in
https://review.opendev.org/c/openstack/ironic/+/777448/10/ironic/common/utils.py
however this doesn't seem to pass reliably. As such, I'm returning
the notation of the label to the first line as it was before, which
seems to consistently pass bandit checking.
Change-Id: I7f5b7323b108b303b5b77609d5903128d4adca3c
The inclusion of a boot_method=vmedia kernel command line
argument is mandatory singnaling so IPA understands it has
been booted via virtual media, and to act accordingly.
Change-Id: I92751a3f4305fe0ded9ff379643b45132fe66157
Story: 2008749
Task: 42181
Utilities moved to ironic.common.molds.
New config section [molds] created and settings moved there.
Change-Id: I1177f7dd5d5157bb3a5c0bd09acd75c9a394ab47
