This is an automatically generated patch to ensure unit testing
is in place for all the of the tested runtimes for antelope. Also,
updating the template name to generic one.
See also the PTI in governance [1].
[1]: https://governance.openstack.org/tc/reference/project-testing-interface.html
Change-Id: Ie1e2138b16929c204235e459df5f9c26885140ab
Introduces additional job configuration to enable automated
integration testing via tempest of the anaconda deployment
interface.
Also, configures a private subnet with DNS, which is required
by anaconda executing, in order to facilitate processing of URLs.
Change-Id: I61b5205cf2c9f83dfcabf4314247c76fb6a56acd
Instance network boot (not to be confused with ramdisk, iSCSI or
anaconda deploy methods) is insecure, underused and difficult to
maintain. This change removes a lot of related code from Ironic.
The so called "netboot fallback" is still supported for legacy boot when
boot device management is not available or is unreliable.
Change-Id: Ia8510e4acac6dec0a1e4f5cb0e07008548a00c52
Netboot option will be removed soon, this change stops covering it.
Some jobs have been renamed to reflect the new reality.
Change-Id: I7e248c3deb4778fcf59bc64821833987653fbbcd
* Fixes the IPv6 job by utilizing HOST_IPV6 instead of
SERVICE_IPV6, as Devstack now automatically wraps
SERVICE_IPV6 with brackets as if it is for a URL.
* Locks ipv6 job to bios mode. Ubuntu Focal OVMF/EDK2 does not
support IPv6 PXE boot by default.
* Split from Devstack in terms of IP usage, since full explicit
V6 usage is not a thing anymore. 4+6 is the default in devstack
and regardless of what we set on the job we see both now used.
So we delineate apart our usage for our own sanity.
* Reduce VM Interface count for IPv6 in an attempt to eliminate
in-kernel routing confusion by two interfaces on the same physical
network.
* Set IPv6 mode to dhcpv6-stateless due to fun issues in dhcp clients.
When we move to UEFI, this will need to be changed to stateful as
stateless is not supported in general by OVMF/E2DK.
Once the job has run in normal non-voting for a while, and we
ensure that it seems to be stable, we can make it voting again.
Change-Id: Ia833bfb64c6c3cc8e48cbe34ed200536652a8adf
Grenade, for some confusing reason, creates a separate network,
and uses that for upgrade testing as opposed to the original network
the VMs were bound to. If Julia's memory is correct, this was for
multinode upgrade testing.
Anyway, When in UEFI mode, it appears that the TFTP packets
don't get tracked nor cross the boundrary. We likley need to
explicitly address this, but first, lets get the job working as
it was and can then update it.
Also, update requirements because markupsafe removed soft_unicode
method taht was deprecated since a while. Jinja2 started using the
new soft_str method since version 3.0.0
Change-Id: Iaebe966569962b0d3d43774d57b570469479f159
We need configdrives to pass information reliably, and the new cirros
image does not work without them.
Change-Id: I6cafa050d5c1c8289483f968d26c50485fd4528a
Cirros partition images are not compatible with local boot since they
don't ship grub (nor a normal root partition). This change adds a script
that builds a partition image with UEFI artifacts present. It still
cannot be booted in legacy mode, but it's a progress.
Set the tempest plugin's partition_netboot option. We need it to inform
the tempest plugin about the ability to do local boot. This option
already exists but is never set.
Also set the new default_boot_option parameter, which will be introduced
and used in Iaba563a2ecbca029889bc6894b2a7f0754d27b88.
Remove netboot from most of the UEFI jobs.
Change-Id: I15189e7f5928126c6b336b1416ce6408a4950062
Not everyone on the team even knows what pxe_ipmitool used to mean :)
Furthermore, we don't need "ipa" in job names, everything uses IPA
for... even longer than pxe_ipmitool does not exist.
While here, one job was clearly meant to use BIOS boot, but it does not.
Change-Id: I8a37efa0f222361f30ddb7fa621548685a40f961
The standalone job is failing because of a bug in IPA. To fix it we need
to make DIB jobs operational, and they're failing because of CentOS repos.
Change-Id: I8bd051ea709d328cb5efa2c2cbd5a226bdb4cfd3
CI is memory intensive, and we realistically don't need 2 or
more API workers running for every single WSGI process which
does not implement it's own specific override value.
This should reduce the memory footprint by an average of six processes
which consume 60-90 MB each.
Change-Id: Ia0a986152c2b9fc9c5ff54cf698a351db452fbbd
Changes a neutron call to be project scoped as system
scoped can't create a resource and, and removes the unset
which no longer makes sense now that
I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
has merged removing the legacy vars from devstack.
Also renames intenral use setting of OS_CLOUD to IRONIC_OS_CLOUD
as some services were still working with system scope or some sort
of mixed state occuring previously as some of the environment variables
were present still, however they have been removed from devstack.
This change *does* explicitly set an OS_CLOUD variable as well on
the base ironic job. This is because things like grenade for Xena
will expect the variable to be present.
Depends-On: https://review.opendev.org/c/openstack/devstack/+/818449
Change-Id: I912527d7396a9c6d8ee7e90f0c3fd84461d443c1
Change the default boot mode to UEFI, as discussed during the end
of the Wallaby release cycle and previously agreed a very long time
ago by the Ironic community.
Change-Id: I6d735604d56d1687f42d0573a2eed765cbb08aec
Neutron's firewall initialization with OVS seems
to be the source of our pain with ports not being found
by ironic jobs. This is because firewall startup errors
crashes out the agent with a RuntimeError while it is deep
in it's initial __init__ sequence.
This ultimately seems to be rooted with communication
with OVS itself, but perhaps the easiest solution is
to just disable the firewall....
Related: https://bugs.launchpad.net/neutron/+bug/1944201
Change-Id: I303989a825a7e35f1cb7b401134fd63553f6791c
Observed an OOM incident causing
ironic-tempest-ipa-partition-pxe_ipmitool to fail.
One vm started, the other seemed to try to start twice, but both times
stopped shortly into the run and the base OS had recorded in it an OOM
failure.
It appears the actual QEMU memory footprint being consumed when
configured at 3GB is upwards of 4GB, which obviously is too big to
fit in our 8GB VM instance.
Dialing back slightly, in hopes it stabilizes the job.
Change-Id: Id8cef722ed305e96d89b9960a8f60f751f900221
This is part of the work to add jobs which confirm ironic works with
FIPS enabled, but this change is also appropriate non-FIPS jobs.
Change-Id: I4af4e811104088d28d7be6df53c26e72db039e08
The lower-constraints test was removed becuase of an issue where pip
could not correctly determine the required packages versions to install,
ending in an almost infinite loop that would end up in timeout, failure,
and general mayhem.
Recently the issue has been fixed and, if properly configured, the
lower-constraints test can provide good indication of which minimum
versions are required to support the current code.
This patch adds the test back to the current development branch.
The long term goal is to keep the lower-constraints file in the stable
branches, but remove the test job to avoid issues during backports.
Change-Id: I5fff32ec5dd1a045116bcf02349650b1f5e3a196
The devstack default limit enforcement for glance defaults
to 1GB, and unfortunately this is too small for many to use
larger images such as centos which includes hardware firmware
images for execution on baremetal where drivers need the vendor
blobs in order to load/run.
Sets ironic-base to 5GB, and updates examples accordingly.
Depends-On: https://review.opendev.org/c/openstack/devstack/+/801309
Change-Id: I41294eb571d07a270a69e5b816cdbad530749a94
Adds support to the ironic devstack plugin to configure
ironic to be used in a scope-enforcing mode in line with
the Secure RBAC effort. This change also defines two new
integration jobs *and* changes one of the existing
integration.
In these cases, we're testing functional crub interactions,
integration with nova, and integration with ironic-inspector.
As other services come online with their plugins and
devstack code being able to set the appropriate scope
enforcement configuration, we will be able to change the
overall operating default for all of ironic's jobs and
exclude the differences.
This effort identified issues in ironic-tempest-plugin,
tempest, devstack, and required plugin support in
ironic-inspector as well, and is ultimately required
to ensure we do not break the Secure RBAC.
Luckilly, it all works.
Change-Id: Ic40e47cb11a6b6e9915efcb12e7912861f25cae7
Utilizes a simple bifrost job to stand up a simple ironic deployment
where fake nodes will be created added, and a simple benchmark will
then be executed.
Change-Id: I33e29ee303b2cf4987b36c7aad2482bc3673f669