* Remove doc/source/install/conf.py, it's unused.
* Remove settings that are provided by openstackdocstheme from conf.py
files. Switch to newer openstackdocstheme for this.
* Remove unused deps from tox.ini: releasenotes and api-refonly need
doc/requirements but not requirements.
Change-Id: Iab5ad6cde40c3342770c0112155fe5e1d262d1e8
In order to improve security of the lookup/heartbeat
endpoints, we need to generate and provide temporary tokens
to the initial callers, if supported, to facilitate the
verification of commands.
This is the first patch in an entire series which utimately
enables the endpoint communication to be better secured.
The idea behind this started in private story 2006634 which
is locked as a security related filing covering multiple
aspects of ironic/ironic-python-agent interaction centered
around miss-use and generally exposed endpoints. That story
will remain marked as a private bug because it has several
different items covered, some of which did not prove to be
actually exploitable, but spawned stories 2006777, 2006773,
2007025, and is ultimately similar to Story 1526748.
Operationally this is a minimally invasive security
enhancement to lay the foundation to harden interactions
with the agent. This will take place over a series of
patches to both Ironic and the Ironic-Python-Agent.
Also see "Security of /heartbeat and /lookup endpoints"
in http://lists.openstack.org/pipermail/openstack-discuss/2019-November/010789.html
Story: 2007025
Task: 37818
Change-Id: I0118007cac3d6548e9d41c5e615a819150b6ef1a
This change covers changes to meet the goal of establishing contributor
documentation, which Ironic largely already had, but required some
enhancement and clarification.
This also includes rough context of the PTL duties and revision to the
primary repository CONTRIBUTING document, as suggested in some of the
goal related discussions.
Change-Id: Ia47eb56d7eb3c19c99fa7a61fb5605037dd9ebee
Story: #2007236
Task: #38528
The `redfish_system_id` property of redfish hardware type has been
made optional. If not specified in `driver_info`, and the target BMC
manages a single ComputerSystem, ironic will assume that system.
Otherwise, ironic will fail requiring explicit `redfish_system_id`
specification in `driver_info`.
Also bumpted sushy dependency to >= 3.1.0.
Change-Id: I425baa7c7294c6c8a707e89df63a17da8e49b666
Story: 2007258
Task: 38619
Disable the debug output, we don't need 10s of lines to display the RST
file during normal builds.
Change-Id: I3c53ca2591d92e3354efb9da99cf2ee19ea51b7d
This change adds support for node retirement: nodes can
have additional properties 'retired' and 'retired_reason'
which change the way the nodes (can) traverse the FSM
and which operations are allowed. In particular:
- retired nodes cannot move from manageable to available;
- upon instance deletion, retired nodes move to manageable
(rather than available).
Story: #2005425
Task: #38142
Change-Id: I8113a44c28f62bf83f8e213aeb6704f96055d52b
Using ironic-api-wsgi implies mod_wsgi, some other containers require
an importable module. This patch modifies ironic.api.wsgi to be usable
this way and documents it.
Change-Id: I8493eb36293a0214081e0adb59c3a267c9688819
Follow-up to commit 42dc9787e52670bb1e1baa36f08703dd802804f4:
* Refactor root device checking code to be in one place and extend
the error message.
* Extend unit tests to cover the actual override.
* Update documentation.
Change-Id: I1d73f2233c766ff52268e242b8071dec12b2daca
The ibmc hardware type and related code is no longer being tested in
third party CI. No party has stepped up to continue maintaining and
supporting this code. As such, our standard practice is to deprecate
and remove the driver code.
Change-Id: I8e16d8a2f68623f98ae5e3acce886b29f95eacb5
Story: 2007185
Task: 38310
On verifying deployment on aarch64 bare metals, the linuxefi and
initrdefi are not available in grubaa64.efi, update doc to note
the potential change required on multi-architecture setup.
Change-Id: I92786eaed2c3bf6fb9f25672183bd9511e7a6e6e
ironic-agent is deprecated. ironic-python-agent-ramdisk is the new
element to build a ramdisk with ironic-python-agent
Change-Id: Ib9feb0bb9ccc97f7eb3f0669db05b98d96fbe918
Add an owner to allocations. Depending on policy, a non-admin
can then create an allocation and have the owner set to their
project. Allocation processing then respects the owner.
Change-Id: I2965a4a601b9fa2c0212097da37b104a3e5514df
Story: #2006506
Task: #37540
This option has been removed from nova. Drop references to it from the
documentation.
Change-Id: If6efd14ba28f6cb1eee2ce0c3cd9bbb89549c252
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Depends-On: https://review.opendev.org/#/c/696514/
No need to make everyone install rabbitmq just to play with ironic.
Also make it clearer that MySQL is not required.
Change-Id: Ib286f30f16579815ca05c8477f7fd446cad6e453
Adds `instance_info/kernel_append_params` property support to
`redfish` hardware type. If given, this property overrides
`[redfish]/kernel_append_params` ironic option.
The rationale for adding this property is to allow passing
node-specific kernel parameters to instance kernel.
One of the use-cases for this is to pass node static network
configuration to the kernel.
Change-Id: Ib1617f5a7ab34968d8bfe06fe49f3ba68e56f99f
Story: 2006691
Task: 36988
configdrive can contain a vendor_data2.json file containing key/value
pairs injected by nova's vendordata mechanism[1].
This change lets Ironic accept a vendor_data key when configdrive is
provided as json, allowing parity with nova.
This change requires an openstacksdk release 0.37.0
[1] https://www.madebymikal.com/nova-vendordata-deployment-an-excessively-detailed-guide/
Change-Id: Id990b970619a113c5d5ead47fb550870d91b5e04
Task: 36756
Story: 2006597
Blueprint: nova-less-deploy
Adds additional details on how to use the iDrac driver with
Ironic.
Change-Id: I598181a8227179b8c587b31905e38aa7595eef87
Co-Authored-By: Pranjali Srivastava <srivastavapranjali@ymail.com>
The loop keyword is the current recommended way to handle loops,
and supports filters.
It's available since Ansible version 2.5 so changing ansible
requirement in driver-requirements.
Change-Id: Ibff1f07ca00b8f5a5274d73f9e53196f49c33a66
After a release we need to update the `templates` for zuul
in master to have the job for the new cycle.
Change-Id: Ic275ea9ec97f74732f4bafa99037c2d8a8229b91
- Ara report was removed and we have the Zuul web page
that shows the information about the job build.
Change-Id: I74f70ee21421746983cb3c8d290cc6a619819e34