765 Commits

Author SHA1 Message Date
Zuul
547159c893 Merge "Use adapters for neutronclient" 2017-12-18 05:51:38 +00:00
Zuul
75499e1ccf Merge "Follow up Add additional capabilities discovery for iRMC driver" 2017-12-15 14:57:17 +00:00
Nguyen Hung Phuong
076b3e649e Follow up Add additional capabilities discovery for iRMC driver
This commit makes changes based upon review feedback
in I1958e18a5b9d933e2aa405b200bac7717f146611.
 - Updates documentation describes required software by python-scciclient
 - Updates release note

Co-authored-By: Tran Ha Tuyen <tuyenth@vn.fujitsu.com>

Related-Bug: #1637422
Change-Id: I1ca1e1e02b8c2102e0dbd858c0a51df0dd6b58fb
2017-12-15 14:26:06 +00:00
Pavlo Shchelokovskyy
4d43262955 Use adapters for neutronclient
deprecates the following options in [neutron] section:
- url
- url_timeout
- auth_strategy

Changes some internal networking-related functions/methods
to accept a request context as optional keyword argument (defaults to
None).
This allows to pass a global request id to neutron client and
in future will simplify creating a user auth plugin from request
context.
For backward compatibility, when calling those functions/methods
without a request context, a dummy request context will be generated
automatically.

Change-Id: Ib327c7a141cfbca63b870027ad8e901c0f48bb2d
Partial-Bug: #1699547
2017-12-14 13:36:03 +02:00
Zuul
a8b676f7dd Merge "Auto-detect the defaults for [glance]swift_{account,temp_url_key,endpoint_url}" 2017-12-13 16:09:25 +00:00
Dmitry Tantsur
83dd6a1c0e Auto-detect the defaults for [glance]swift_{account,temp_url_key,endpoint_url}
In many cases, including devstack and TripleO, the swift account to use
is based on the project_id of the 'service' project, so it makes sense
to use it as a default.

Similarly, the temporary URL key can be fetches from Swift, using HEAD
on the account used to access it.

In both cases it is assumed that the same project is used by Ironic
and Glance to access Swift. Explicit values have to be provided
otherwise.

Finally, the endpoint URL can be fetched from the service catalog. Care
is taken to strip the /v1/AUTH_<tenant ID> suffix.

Closes-Bug: #1737714
Change-Id: I701899928f0f780939f17aabc59eb90593ba95f0
2017-12-12 11:48:06 +01:00
Sam Betts
b642f28be4 Receive and store agent version on heartbeat
This patch enables receiving agent_version as part of heartbeat, and
stores this information on driver_internal_info. This is so that Ironic
can dynamically adjust which features and parameters it uses based on
which version of the agent is being used.

Change-Id: I400adba5d908b657751a83971811e8586f46c673
Partial-Bug: #1602265
2017-12-11 16:25:47 +00:00
Zuul
39a63602c7 Merge "Pin API version during rolling upgrade" 2017-12-07 07:13:53 +00:00
Zuul
6e920c1052 Merge "Fix swiftclient creation" 2017-12-06 22:51:13 +00:00
Pavlo Shchelokovskyy
9ee28252a4 Fix swiftclient creation
in the change I52f1386df45ebe0a43b11fe1583e012dfa3af532
we lost most of swiftclient options in a belief that those are handled
by the keystoneauth session passed to the swiftclient.

In fact though, swiftclient only uses this session to get itself an
endpoint and a token, but it has no SessionClient, and does not use that
passed in session to make further requests to swift itself.

This patch restores all the logic that we had to decompose the session
object loaded from config to options that are passed to swiftclient
explicitly.

Change-Id: I08f382aa9d2ad22f7dbd65f7b54a8dd0a765ba44
Partial-Bug: #1699547
Closes-Bug: #1736158
2017-12-06 14:14:29 +00:00
Ruby Loo
feac8cfb78 Pin API version during rolling upgrade
During a rolling upgrade, when the new services are pinned to the
old release, the API version will also be pinned to the old release.
This will prevent users from accessing new features that may not quite
work.

The .sample was updated to reflect the change to the help string for
the [DEFAULT]/pin_release_version configuration option. The update also
pulled in changes for other options, from other (non-ironic) libraries.

Change-Id: I38a0f106b589945fb62071f3dfe5bff43c6fee93
Partial-Bug: #1708549
2017-12-04 10:17:30 -05:00
Zuul
65a969118a Merge "Add additional capabilities discovery for iRMC driver" 2017-11-30 20:00:30 +00:00
Zuul
52f20d1565 Merge "Add ansible deploy interface" 2017-11-27 18:14:15 +00:00
Dmitry Tantsur
265993316b Add a configuration option for the default resource class
If no resource class is provided in a creation request, the value of
the new ``default_resource_class`` configuration option is used.

While this feature is implemented on the API level, it's not a part of
the API contract, so it's not covered by a microversion. It's particularly
important, because it allows this change to apply even to requests
using an old API version, thus making these versions usable after
the mandatory switch to resource classes in nova.

Change-Id: I58232d9c92d6ffca49d334e5fb7078bce19f1cb4
Closes-Bug: #1732190
2017-11-24 17:54:22 +01:00
Zuul
27ce77142b Merge "Use adapters for inspectorclient" 2017-11-22 23:06:32 +00:00
Zuul
d9780f2eee Merge "Use adapters for cinderclient" 2017-11-22 22:51:35 +00:00
Zuul
bbb58672ab Merge "Don't collect logs from powered off nodes" 2017-11-22 14:40:21 +00:00
Mark Goddard
752c82ccd9 Don't collect logs from powered off nodes
The agent deploy mixin tries to collect logs from the deployment ramdisk
after powering off a node. This is clearly not going to work, as it
requires a call to the IPA API.

This change avoids collecting logs from the ramdisk in failure scenarios
where the node is powered off.

Change-Id: I353e73e3612ece893276c683ce469f8561e9ebf9
Closes-Bug: #1732939
2017-11-21 16:01:46 +00:00
Nguyen Hung Phuong
7adbf11bb8 Add additional capabilities discovery for iRMC driver
This update enhances iRMC out-of-band hardware inspection for
FUJITSU PRIMERGY bare metal nodes having iRMC S4 and beyond.

The capabilities are server_model, rom_firmware_version,
pci_gpu_devices, trusted_boot and irmc_firmware_version.

Co-authored-By: Nguyen Van Trung <trungnv@vn.fujitsu.com>

Change-Id: I1958e18a5b9d933e2aa405b200bac7717f146611
Closes-Bug: #1637422
2017-11-21 17:49:42 +07:00
Pavlo Shchelokovskyy
303ac3f835 Use adapters for inspectorclient
Inspector-client is a bit lacking behind other clients, as it does not
have Adapter-based SessionClient and thus does not support all
adapter-related options.
That's why we construct a session and an adapter from config section,
use adapter to resolve inspector API from service catalog
(or return the fixed endpoint_override one)
and then pass the session and inspector API endpoint to client.

This patch also deprecates `[inspector]service_url` in favor of
`[inspector]endpoint_override`.

As a side-effect, addressig inspector service now supports both regions
and interfaces to specify entry in service catalog.

Also, inspectorclient calls are now being made with the user token
(wrapped with a service token) when there is a token in the task's
request context.

Change-Id: I21836e712fa9764468ac2654525554b5b4f03741
Partial-Bug: #1699547
2017-11-21 09:33:08 +02:00
Pavlo Shchelokovskyy
3e84bdb6db Use adapters for cinderclient
deprecates the `[cinder]url` option in favor of
[cinder]endpoint_override.

Change-Id: Idd02e8cf0892965a3138479e49ec40cfeda7c96d
Partial-Bug: #1699547
2017-11-21 09:32:21 +02:00
OpenStack Proposal Bot
d8083326cf Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Ic15ba2c45183073712a26bb906bde2d47c807ebc
2017-11-21 06:16:45 +00:00
Zuul
b9ebc7f121 Merge "Rework keystone auth for glance" 2017-11-20 17:38:10 +00:00
Pavlo Shchelokovskyy
63e0ff2f6c Rework keystone auth for glance
this patch changes the way glance client is instantiated, using
keystoneauth sessions and adapters.

In order to support glance API endpoint discovery from keystone catalog
and more unified way of client loading,
many options in `[glance]` config sections are deprecated,
mostly those that specified a (set of) glance API endpoint(s)
or parts of glance API address.
Instead, a single option `[glance]endpoint_override` must be used when
required to access a specific (possibly load-balanced)
glance API endpoint without discovering it from keystone catalog.

Another set of deprecated options are those that are duplicating
keystoneauth session options in [glance] section.

Also, intrinsic support for parsing the glance API URL from image ref
set to the full glance REST path to the image is removed as it was not
working any way since an 'http(s)://' image ref is not treated
as a glance image.

Change-Id: I6a93b71ac097e951dfc93fd1ee4d7ef483514f2c
Partial-Bug: #1699547
Closes-Bug: #1699542
2017-11-17 11:40:14 -05:00
Andreas Jaeger
af050b5d69 Remove setting of version/release from releasenotes
Release notes are version independent, so remove version/release
values. We've found that projects now require the service package
to be installed in order to build release notes, and this is entirely
due to the current convention of pulling in the version information.

Release notes should not need installation in order to build, so this
unnecessary version setting needs to be removed.

This is needed for new release notes publishing, see
I56909152975f731a9d2c21b2825b972195e48ee8 and the discussion starting
at
http://lists.openstack.org/pipermail/openstack-dev/2017-November/124480.html
.

Change-Id: Id30ea68f37bdb2623e683a1c1238596f3a8978f7
2017-11-17 10:13:05 +01:00
Zuul
068be1d6fc Merge "Fail deploy if agent returns >= 400" 2017-11-17 06:45:52 +00:00
Mark Goddard
9e2b3284ea Remove provisioning network ports during tear down
Previously, provisioning network ports were only deleted during a
successful deployment, when the node's network is flipped from the
provisioning network to the tenant network. In many failure scenarios
this code path would not be reached, as well as the case of aborting
deployment. This is not normally an issue, because during instance
termination, nova deletes all ports with a device ID matching the
instance's UUID, including any remaining provisioning ports.

This change removes the provisioning network ports when tearing down a
node to ensure that they are deleted in all scenarios.

Change-Id: I5656802ee04b44247f4a81bb311b5e306a737a4e
Closes-Bug: #1732412
Related-Bug: #1607394
2017-11-15 18:32:08 +00:00
Dmitry Tantsur
4432fa9950 Add no-vendor interface to the idrac hardware types
Vendor interfaces must not be mandatory. Missing no-vendor implementation
means that we require operators to enable the idrac vendor interface when
the idrac hardware type is enabled.

Change-Id: I6768a37bc268e367eaf93b12660a80d31eeca0c0
Closes-Bug: #1732166
2017-11-14 13:04:57 +01:00
Jim Rollenhagen
22ea3fb3b7 Fail deploy if agent returns >= 400
Currently the status code returned by IPA's POST /v1/commands API is
completely ignored by Ironic. This causes deploys to get stuck, as
future heartbeats will see that the command has not yet been accepted
and will continue to wait.

If IPA returns an error code to Ironic's agent client, we should bubble
that exception up, causing a deploy failure higher in the chain.

This adds an AgentAPIError exception class, and raises it when the agent
returns a 400 status code or higher when issuing a command.

Co-Authored-By: Jay Faulkner <jay@jvf.cc>

Related-bug: 1542506
Change-Id: I07fb8115d254e877d8781207eaec203e3fdf8ad6
2017-11-09 22:10:58 -08:00
Xavier
a02cbf46dc Revert "Fix persistent information when getting boot device"
Reverting these changes because python-hpOneView does not provide HTTPS
secure connection with custom CAcert and could cause a possible security issue.

This reverts commit 5de0ccccd69258b930ed8ab7b91ca3a1aad705c1.

Change-Id: I4cf20e59fac71ef2d548182c084bcbed2193fada
2017-11-09 16:14:14 -03:00
Hugo Nicodemos
6762458e95 Revert "Add a timeout for powering on/off a node on HPE OneView Driver"
Reverting these changes because python-hpOneView does not provide HTTPS
secure connection with custom CAcert and could cause a possible security issue.

This reverts commit bab1054a0a04dfb6b3e8f489b7df18f5966d9029.

Change-Id: I540c20ba697f35aced79e158d190b7a85d60311f
2017-11-09 16:13:45 -03:00
Hugo Nicodemos
9b523967e1 Revert "Remove python-oneviewclient from Ironic OneView drivers"
Reverting these changes because python-hpOneView does not provide HTTPS
secure connection with custom CAcert and could cause a possible security issue.

This reverts commit 037360f64d5db7401df1d656fa8f1932011b5587.

Change-Id: I2a95f3cd23f20c363fe97fc347c9d2619d2ab5e9
2017-11-09 16:12:03 -03:00
Pavlo Shchelokovskyy
9b1a7ceb4b Add ansible deploy interface
this patch pulls the ansible deploy interface code
and related ansible playbooks and auxiliary files
from ironic-staging-drivers project into main ironic tree.

As discussed in the spec, the use of ramdisk callbacks
(lookup and hearbeats) is now mandatory with this deploy interface.
Playbooks and modules were updated to require Ansible>=2.4,
and custom Ansible module for executing 'parted' was replaced
with usage of built-in Ansible module.

The custom Ansible callback plugin now uses journald logger
by default to adapt to the default DevStack setup.

Documentation and devstack plugin changes enabling automated
testing of this interface will be proposed in followup patches.

Change-Id: I43f54688287953ccb1c2836437aea76236e6560b
Related-Bug: #1526308
2017-11-09 10:30:56 +00:00
Dmitry Tantsur
93ab9aac34 Clean up release notes from the upcoming release
Change-Id: Iacdc3fdcf1fc221995963f8900a7e8ee06c9900d
2017-11-09 10:56:33 +01:00
Pavlo Shchelokovskyy
db52bedef7 Fix misplaced reno note
Change-Id: I3888548746816c2651ef4bf3930c5e9a685c5228
2017-11-08 18:16:32 +02:00
Zuul
a3896fa8c4 Merge "Follow up Secure boot support for irmc-virtual-media driver" 2017-11-07 13:30:31 +00:00
Hugo Nicodemos
57bf86b06a Update python-ilorest-library to hardware type OneView
Previously the python-ilorest-library didn't support python3,
this patch updates the library requirement to a minimum version
that supports python3.

Change-Id: I5907267a8b2f24b915f03fc0b149a885a458fe2a
2017-11-06 11:01:55 -03:00
Zuul
aafa9b32e4 Merge "Add release note for fix to port 0 being valid" 2017-11-03 23:41:57 +00:00
Zuul
9d4ee7b699 Merge "Remove python-oneviewclient from Ironic OneView drivers" 2017-11-03 17:15:21 +00:00
Ruby Loo
322c1719d0 Add release note for fix to port 0 being valid
This adds a release note about the fix for 0 (zero) being a
valid port number.

This is a follow up to d3da9dec0ea5102a3f7b217843d03f2147753b9e

Change-Id: Iaee651f76f61174e34815acc78cda42695716038
Closes-Bug: #1729628
2017-11-02 11:31:35 -04:00
Luong Anh Tuan
4b8b48fe65 Follow up Secure boot support for irmc-virtual-media driver
This commit makes changes based upon review feedback
in I13961aaf6e26591f724d5f52d0a503c71eb6824a.
- Updates documentation describes secure boot configuration details
- Updates test code

Change-Id: Iedb1507566f7792ce3749779c0687137f26adead
2017-11-02 08:56:38 +07:00
Zuul
896462138c Merge "Add ability to provide configdrive when rebuilding" 2017-11-01 22:27:16 +00:00
Zuul
569d3af276 Merge "Migrate python-oneviewclient validations to Ironic OneView drivers" 2017-11-01 20:35:41 +00:00
Hugo Nicodemos
037360f64d Remove python-oneviewclient from Ironic OneView drivers
This patch removes the python-oneviewclient library from
OneView drivers since it was migrated to python-hponeview
and python-ilorest-library.

Change-Id: I061381a941e7d7f82863b326bb7555d41395e661
Closes-Bug: #1693788
2017-11-01 13:42:22 -03:00
Ruby Loo
64ebfb35ed [reno] Update ironic-dbsync's check object version
This updates the release note pertaining to ironic-dbsync's
check of the object versions, to be explicit that these are the
database records that correspond to the IronicObjects.

This is a follow up to 6a91b38ca48eea2892a5a82b4369f1f9b277d019.

Change-Id: I1e2b3dc60529551746a0c7a258e5ce3cf509f59f
Partial-Bug: #1708243
2017-10-30 12:10:56 -04:00
Hugo Nicodemos
c2eb357aa1 Migrate python-oneviewclient validations to Ironic OneView drivers
As part of the process to stop the use of python-oneviewclient
in favor of python-hpOneView and python-ilorest-library, the
validations of the python-oneviewclient have to be migrated to
the Ironic OneView drivers.

Change-Id: If1eb72192ed58b7d3b8bae780924879fed947a77
Partial-Bug: #1693788
2017-10-30 10:50:02 -03:00
Zuul
faae2c535f Merge "ironic-dbsync: check object versions" 2017-10-27 21:25:39 +00:00
Zuul
09fae1c98f Merge "Add a timeout for powering on/off a node on HPE OneView Driver" 2017-10-24 13:20:50 +00:00
root
bab1054a0a Add a timeout for powering on/off a node on HPE OneView Driver
There is an aditional timeout parameter when powering on/off
an Ironic node that is not being used at OneView drivers.

Closes-Bug: 1722616
Change-Id: Ic94b8d3c24f1ded526d3c412432b64fe328879a8
2017-10-23 12:53:43 -03:00
Ruby Loo
6a91b38ca4 ironic-dbsync: check object versions
Now that we have rolling upgrades and the version column was
added and populated in the Pike release, we can add checks to
make sure the versions of objects in the DB are compatible
with this ironic release, before ironic-dbsync's upgrade or
online_data_migrations does its work. These ironic-dbsync
calls are made as part of upgrading to this (Queens) release.

Change-Id: I68758f8a29d483f5c0a7439fa2ea2962b2eb4124
Partial-Bug: #1708243
2017-10-23 12:52:25 +00:00