2130 Commits

Author SHA1 Message Date
Zuul
cccc4483b0 Merge "Fixes anaconda deploy for PXE boot" 2022-12-12 16:58:55 +00:00
Aija Jauntēva
b70b4180f9 Follow-up to Redfish Interop Profile
Follow-up to change I058ceadab33f6969157b89aca5ba34ebd0be2a93
to mark some properties recommended, move documentation
and update contact information.

Co-Authored-By: Mike Raineri <michael.raineri@gmail.com>
Change-Id: I493f9402e15fa78bc5dae9d9bcbb124146f0d026
2022-11-30 12:08:56 -05:00
Zuul
c04344ca60 Merge "Align iRMC driver with Ironic's default boot_mode" 2022-11-25 16:32:42 +00:00
Arne Wiebalck
26a6b4ed00 [doc] Add documentation on SMART test after disk burn-in
Add documentation for 'agent_burnin_fio_disk_smart_test' option
for disk burn-in.

Story: #2007523
Task: #43383

Change-Id: I686acddeb353839b045d5c0ad944114cb938f414
2022-11-16 13:35:35 +01:00
Vanou Ishii
071cf9b2dd Align iRMC driver with Ironic's default boot_mode
This commit modifies iRMC driver to use ironic.conf [deploy]
default_boot_mode as default value of boot_mode.
Before this commit, iRMC driver assumes Legacy BIOS as default
boot_mode and value of default_boot_mode doesn't have any effect
on iRMC driver's behavior.

Story: 2010381
Task: 46643
Change-Id: Ic5a235785a1a2bb37fef38bd3a86f40125acb3d9
2022-11-06 21:57:11 -05:00
Zuul
c06cb281f9 Merge "Add support auth protocols for iRMC" 2022-10-19 23:10:56 +00:00
Zuul
f2bc2ff363 Merge " Remove reference to 'all-plugin' tox environment" 2022-10-14 23:55:44 +00:00
Julia Kreger
1435a15ce3 Fix allocations default table type
In trying to figure out why I was unable to run
all of the test_migrations tests, I realized we need
to fix and clean up our unicode declarations.

Specifically, the way I found this was my local mysql
install was defaulted to using 4 Byte Unicode characters,
however some of our fields are 255 characters, which do not
fit inside of InnoDB tables.

They do, however fit with the "utf8" storage alias, which is
presently short for UTF8MB3, as opposed to UTF8MB4 which is
what my local database server was configured for. Because this
was in opportunistic tests, I wasn't able to really sort out
what was going on and thought we needed to shorten the fields.

In reality, it turns out we never defined the allocations
table to use UTF8 and Innodb for storage.

Storage engine wise, this is not a big deal, but may mean a
DBA will one day need to dump and reload the allocation table
of a deployment.

Character set wise... It is not great, but there is not a good
way for us to do this programatically. In my opinion, the chance
of an issue being encountered by an operator is unlikely, which
out weighs the risk and impact of dumping the entire table,
deleting the table, recreating the table with the updated schema
and then repopulating the entries. Of course, if operators are not
using allocations, then it really doesn't matter for them.

Along the way, I discovered we had used the "UTF8" type alias,
which may change one day, which would break Ironic. As such,
I've also updated the definitions used to create databases
and updated our documentation.

Recommended reading:
https://docs.sqlalchemy.org/en/14/dialects/mysql.html#unicode
https://dev.mysql.com/doc/refman/8.0/en/charset-unicode-utf8mb4.html

Story: 2010348
Task: 46492

Change-Id: I4103152489bf61e2d614eaa297da858f7b2112a3
2022-10-13 21:21:24 +00:00
Lukáš Piwowarski
eb046d3419 Remove reference to 'all-plugin' tox environment
The 'all-plugin' tox environment was deprecated by this patch [1].
Instead of the 'all-plugin' it is recommended to use the 'all' tox
environment.

This patch removes any reference to 'all-plugin' tox environment and
updates the documentation so that the installation steps work with
the 'all' venv.

[1] https://review.opendev.org/c/openstack/tempest/+/543974

Change-Id: Id3451147d172002d67b4557680560a59b026ed77
2022-10-07 15:41:55 +02:00
Nisha Agarwal
0215d3cd76 Fixes anaconda deploy for PXE boot
Fixes the anaconda deploy(URL based) and adds
anaconda_boot entry to pxe_grub_config.template so
that ProLiants can be also deployed in PXE mode.

Story: 2010347
Task: 46490

Change-Id: I4b9e3a2060d9d73de5cab31cc08d3a764dc56e90
2022-10-07 11:31:09 +00:00
Shukun Song
233c640838 Add support auth protocols for iRMC
This patch adds new SNMPv3 auth protocols to iRMC which are supported
from iRMC S6.

Change-Id: Id2fca59bebb0745e6b16caaaa7838d1f1a2717e1
Story: 2010309
Task: 46353
2022-09-29 20:12:17 +09:00
Iury Gregory Melo Ferreira
a14b3d02fe Set stage for Zed Release with 21.1
This is a pre-release commit for the Yoga release following our docs [1]

[1] https://docs.openstack.org/ironic/latest/contributor/releasing.html

We will clean-up the releasenotes and include the prelude in other patch

Change-Id: I3b8df0dce64c4ee3b20b7a714b6647d6e1ec0330
2022-09-21 23:59:27 -03:00
Zuul
eeeaa274cf Merge "Concurrent Distructive/Intensive ops limits" 2022-09-21 16:38:35 +00:00
Zuul
2daafdbb3f Merge "Document existence of non-production "fake" driver" 2022-09-20 19:32:30 +00:00
Jay Faulkner
e340fc39b9 Document existence of non-production "fake" driver
Ironic has fake drivers for development use. Document that they are
not suitable for production.

Story: 1326269
Task: 9877
Change-Id: Ibe6d43e1740a95b1cb3886394afaf8545de00e54
2022-09-20 11:43:36 -07:00
Julia Kreger
9a8b1d149c Concurrent Distructive/Intensive ops limits
Provide the ability to limit resource intensive or potentially
wide scale operations which could be a symptom of a highly
distructive and unplanned operation in progress.

The idea behind this change is to help guard the overall deployment
to prevent an overall resource exhaustion situation, or prevent an
attacker with valid credentials from putting an entire deployment
into a potentially disasterous cleaning situation since ironic only
other wise limits concurrency based upon running tasks by conductor.

Story: 2010007
Task: 45140

Change-Id: I642452cd480e7674ff720b65ca32bce59a4a834a
2022-09-20 06:47:38 -07:00
Zuul
aae524a46c Merge "Adds create_csr and add_https_certificate clean step" 2022-09-13 11:51:23 +00:00
Zuul
a171e588fd Merge "Enables event subscription methods for ilo and ilo5 hardware types" 2022-09-12 15:49:33 +00:00
Alexander Lingo
4415c55028 Cleanup submitted SNMP driver code for additional PDUs
* Resolved PEP8 issues
* Trimmed comments to remove extraneous information
* Changed rfc1902.Integer() calls to the correct snmp.Integer() calls
* Fixed power state logic checking for new PDUs that don't have transitional states (e.g., 'pendingOn')
* Removed redundant warning messages
* Added unit tests for Raritan PD2, ServerTech Sentry 3/4, and Vertiv Geist drivers
* Updated documentation to list tested PDUs for the new drivers
* Updated release notes

Change-Id: I9da7b9042b817c346f75a44cd8287e1f63efcb56
2022-09-09 16:47:47 -07:00
ankit
9c19dd6ef3 Adds create_csr and add_https_certificate clean step
This commit adds new clean steps create_csr and add_https_certificate
to allow users to create certificate signing request and adds
https certificate to the iLO.

Story: 2009118
Task: 43016
Change-Id: I1e2da0e0da5e397b6e519e817e0bf60a02bbf007
2022-09-09 07:44:02 +00:00
Zuul
d5df494ad5 Merge "CI: anaconda: permit tls certificate validation bypass" 2022-09-05 17:32:37 +00:00
mallikarjuna.kolagatla
166bd1697a Enables event subscription methods for ilo and ilo5 hardware types
Enables event subscription methods by inheriting RedfishVendorPassthru
for ilo and ilo5 hardware types

Story: 2010207
Task: 45931
Change-Id: I96f7e44069402e3f1d25bcd527408008ca5e77cb
2022-09-05 11:58:44 +00:00
Zuul
7f933a1bed Merge "Redfish: Consider password part of the session cache" 2022-09-05 09:26:57 +00:00
Julia Kreger
c2ba869040 Redfish: Consider password part of the session cache
Previously, when a password change occured in ironic,
the session would not be invalidated, and this, in theory,
could lead to all sorts of issues with the old password
still being re-used for authentication.

In a large environment where credentials for BMCs may not
be centralized, this can quickly lead to repeated account
lockout experiences for the BMC service account.

Anyhow, now we consider it in tracking the sessions, so
when the saved password is changed, a new session is
established, and the old session is eventually expired out
of the cache.

Change-Id: I49e1907b89a9096aa043424b205e7bd390ed1a2f
2022-08-25 11:07:54 -07:00
Julia Kreger
e75626392b CI: anaconda: permit tls certificate validation bypass
The stock anaconda template previously lacked any ability
to indicate "don't validate the tls certificate".

The capability for the installation to operate *without*
requiring this to be the case is necessary for efficient
and simple CI testing as injecting CA certificates is
an overly complex interaction for CI testing.

Also updates the overall anaconda documentation to indicate
the constraint exists, but does not indicate explicitly how
to disable the setting via ironic.conf.

Change-Id: Ia8e4320cbedb205ab183af121da53562792a8faa
2022-08-17 12:59:32 -07:00
Julia Kreger
bc8705c160 Allow project scoped admins to create/delete nodes
Adds capabilites for a project scoped admin to
create and delete nodes in Ironic's API.

These nodes are automatically associated with the
project of the requestor.

Effectively, this does allow anyone with sufficient
privilges, i.e. admin, in an OpenStack deployment
to be able to create new baremetal nodes and delete
those baremetal nodes. In this case, the user has
the "owner" level of rights in the RBAC model.

Change-Id: I3fd9ce5de0bc600275b5c4b7a95b0f9405342688
2022-08-17 09:53:14 -07:00
Iury Gregory Melo Ferreira
2a66fd68a5 Ironic Release 21.0
This commit bumps the release_mappings to 21.0 to be
used in the bugfix branch

Change-Id: I2bde869dfb05eb8d9baf035686833980d79e69ef
2022-08-17 00:39:46 -03:00
Zuul
c861423eb5 Merge "Document driver_info external_http_url" 2022-08-15 21:17:50 +00:00
Ruby Loo
bd8e482392 anaconda: ks liveimg = instance_info/image_info
Fix typo. For anaconda deploy interface, ironic sets the
kickstart 'liveimg' command with the URL from the ironic node's
instance_info's "image_url" value [1], and that "image_url"
value is added by ironic code, using the "image_info" value.
We don't have code that uses any "liveimg_url" value.

[1] https://opendev.org/openstack/ironic/src/commit/
3d3a67daf7d2969d8da691d12351ab5bb32eca80/ironic/common/
pxe_utils.py#L1003

Change-Id: Ic8ce5fa83768c2632eb190cd87dbf81062c7083a
2022-08-11 15:00:04 +00:00
Iury Gregory Melo Ferreira
05c16f10d5 Document driver_info external_http_url
This commit adds documentation about driver_info[external_http_url]
Follow-up If6a117a756b7d2a04251792f88c2ee412a040b28

Change-Id: Ia4787c27ed4c53f4ecb911eb0f9d77ea455c25f3
2022-08-11 10:44:44 -03:00
Zuul
3d3a67daf7 Merge "Fix iRMC driver to use certification file in HTTPS" 2022-08-10 02:11:51 +00:00
Vanou Ishii
64d7a7f307 Fix iRMC driver to use certification file in HTTPS
This patch modifies iRMC driver to use certification file
when it connects to iRMC via HTTPS

Depends-On: https://review.opendev.org/c/openstack/ironic/+/852250
Change-Id: If69ce1cf2789d9d60fb8e544596cf7d29eab514d
Co-authored-by: Kobayashi Daisuke <kobayashi.da-06@fujitsu.com>
Co-authored-by: Song Shukun <song.shukun@jp.fujitsu.com>
Story: 2009801
Task: 44345
2022-08-08 23:39:13 +00:00
Dmitry Tantsur
41484988ef Stop documenting netboot and the boot_option capability
Both will be removed soon. The documentation change is separated
to reduce the size of the final patch.

Change-Id: If4b9b0d095500101ca71a453d71ad95252dd8c0c
2022-08-01 16:36:25 +02:00
Dmitry Tantsur
f8135b22f6 Enable the ramdisk deploy by default
It proved useful (supported by Metal3, used in OpenShift) and does not
require any conductor-level configuration.

Change-Id: I57e59ac21e3327b9ad2f1d1436e184b48999006b
2022-08-01 16:34:20 +02:00
Julia Kreger
56d3c5a031 Clarify disk_label with a warning
Turns out I've had two people try to use disk label
twice in the last week to infer UEFI booting system.

This is not correct, unfortunately.

Clarify that the boot mode needs to be set appropriately.

Change-Id: I515358d40b03ea0d38dad2104a2d3d2c66e0ae8c
2022-07-25 13:20:23 -07:00
Zuul
b7c71bdbb8 Merge "[iRMC] Add SNMPv3 authentication functionality" 2022-07-22 00:54:38 +00:00
Zuul
7673cb827b Merge "Deprecate syslinux" 2022-07-22 00:53:46 +00:00
Zuul
36bbd363e8 Merge "project scoped manager support" 2022-07-22 00:53:43 +00:00
Zuul
bee0a4e31a Merge "Do not require stage2 for anaconda with standalone" 2022-07-21 18:46:10 +00:00
Julia Kreger
0311ea7c92 project scoped manager support
Adds support for project manager role support which is a state between
project scoped admin and project scoped member.

Finally enabling to be merged since the higher end goal/work finally
merged on March 1st.

Related: https://review.opendev.org/c/openstack/governance/+/815158
Change-Id: Ia35f4a4c3c2af68dc64bfe32f206e57056876dc7
2022-07-20 07:17:52 -07:00
Julia Kreger
33bb2c248a Do not require stage2 for anaconda with standalone
The use of the anaconda deployment interface can be
confusing when using a standalone deployment model.

Specifically this is because the anaconda deployment
interface was primarily modeled for usage with glance
and the inherent configuration of a fully integrated
OpenStack deployment. The additional prameters are
confusing, so this also (hopefully) provides clarity
into use and options.

Change-Id: I748fd86901bc05d3d003626b5e14e655b7905215
2022-07-20 06:50:03 -07:00
Zuul
d005ed826c Merge "Remove support for trusted boot" 2022-07-20 09:01:12 +00:00
Zuul
db0e1cc0ec Merge "Docs: specify what to do with the created images" 2022-07-18 17:42:44 +00:00
Dmitry Tantsur
dbcce25d38 Remove support for trusted boot
It requires network booting and legacy boot. While the latter will be
supported for a long time, the former is being removed.

Change-Id: Ie48e51fa95ba2059bd3cca6b8968f475934a75e5
2022-07-18 17:44:35 +02:00
Shukun Song
79f82c0262 [iRMC] Add SNMPv3 authentication functionality
Currently when using SNMPv3, iRMC driver does not use SNMPv3
authentication parameters so the SNMPv3 authentication will
always fail. And iRMC cannot recognize FIPS mode, so when FIPS mode
is enabled, iRMC driver could still use non-FIPS-compliant algorithms.

This commit changes iRMC driver to require and use SNMPv3
authentication parameters when 'irmc_snmp_version' is set to v3 and
also makes iRMC driver to force 'irmc_snmp_version' to v3,
'irmc_snmp_auth_proto' to SHA and 'irmc_snmp_priv_proto' to AES
when FIPS mode is enabled, because currently among the algorithms
supported by iRMC, only SHA and AES are FIPS compliant.

Change-Id: Id6f8996e4d103f849325f54fe0619b4acb43453a
Story: 2010085
Task: 45590
2022-07-15 16:59:05 +09:00
Zuul
5d2283137c Merge "Make anaconda non-image deploys sane" 2022-07-14 01:28:00 +00:00
Julia Kreger
c8be82c525 Deprecate syslinux
Syslinux is a functionally abandoned Legacy BIOS boot mode bootloader
which has not seen updates since 2019, and is starting to see
discussion amongst linux distributions to remove explicit support
and packaging for Syslinux. Syslinux's relevance is also disappearing
as UEFI booting is becoming the standard. While syslinux did go ahead
and ensure their bootloader *could* be built and support UEFI,
distributions also didn't uniformly adopt packaging and support for
this bootloader.

This change proposes to deprecate it and notates the areas in which
functionality is deprecated.

Change-Id: Ic52007fa4f207561d282eb5ae54273885c0ab0c0
2022-07-13 06:50:55 -07:00
Zuul
442aeca652 Merge "Fix markup typo in Redfish driver docs" 2022-07-13 13:33:43 +00:00
Aija Jauntēva
737ff34e76 Fix markup typo in Redfish driver docs
Missing whitespace renders formatting incorrectly.

Change-Id: I471fd859a5d8557188e6ad41143552457b5bdb50
2022-07-13 02:56:21 -04:00
Aija Jauntēva
70812aa6ed Update known issue for iDRAC Swift firmware update
The issue is fixed in iDRAC firmware 6.00.00.00.

Change-Id: Ie5b9ce3ed2a9b1cd61d51f64d72403f7dbc5367b
2022-07-12 06:46:11 -04:00