Split the monolithic guide into several pages: configuration, enrollment
and deployment. Merge duplicating docs into the common locations.
Use code-block for nicer highlighting.
Change-Id: Iaeef9e0cf8deba20a125d3cfacd4ca8ca2f52e84
Chances are much higher the users will find it there. Also correct some
wording (node interfaces -> hardware interfaces), use double ticks for
field names and mention the Wallaby release.
Story: #2008652
Task: #42015
Change-Id: I33956976a9420ade836ab8d37a9488b9a207cef0
This change allows instance_info values to override node interface
definitions, so non-admins can make temporary changes to various
interfaces.
Story: #2008652
Task: #41918
Change-Id: I6c3dc74705bde02bd02882d14838f184f8d4a5e3
This reverts commit b0df0960e2c53a4fe6673ba0a1ed546ffd156dc7.
Reason for revert: Need to split in separate patches and backport virtual media boot part.
Change-Id: Ib182ee6f2894fcdcea369a60dc5bd922a16434e2
The tests were not enabled earlier on, for endpoints that
are not going to be exposed to users, really. So this patch
just updates them so they are tested as expected.
Change-Id: If3c989d5bcf03de5704e30165747642134952f75
This patch adds project scoped access, as part of the work
to delineate system and project scope access.
Adds policies:
* baremetal:volume:list_all
* baremetal:volume:list
* baremetal:volume:view_target_properties
Change-Id: I898310b515195b7065a3b1c7998ef3f29f5e8747
The Redfish hardware type does not currently implement the RAID
hardware interface.
This patch implements the Redfish RAID interface, allowing operators
to specify the desired RAID configuration on Ironic Redfish nodes.
Story: 2003514
Task: 24789
Depends-On: https://review.opendev.org/c/openstack/sushy/+/774532
Change-Id: Icf5ca865e0c1e168b96659229df622698bea1503
This patch implements the project scoped rbac policies for a
system and project scoped deployment of ironic. Because of the
nature of Ports and Portgroups, along with the subcontroller
resources, this change was a little more invasive than was
originally anticipated. In that process, along with some
discussion in the #openstack-ironic IRC channel, that it
would be most security concious to respond only with 404s if
the user simply does not have access to the underlying node
object.
In essence, their view of the universe has been restricted as
they have less acess rights, and we appropriately enforce that.
Not expecting that, or not conciously being aware of that, can
quickly lead to confusion though. Possibly a day or more of
Julia's life as well, but it comes down to perceptions and
awareness.
Change-Id: I68c5f2bae76ca313ba77285747dc6b1bc8b623b9
* Adds additional policies:
* baremetal:node_get:last_error
* baremetal:node:get:reservation
* baremetal:node:get:driver_internal_info
* baremetal:node:get:driver_info
* baremetal:node:update:driver_info
* baremetal:node:update:properties
* baremetal:node:update:chassis_uuid
* baremetal:node:update:instance_uuid
* baremetal:node:update:lessee
* baremetal:node:update:driver_interfaces
* baremetal:node:update:network_data
* baremetal:node:update:conductor_group
* baremetal:node:update:name
* With new policies, responses of filtering and posted data is
performed. Testing has been added to the RBAC testing files
to align with this and the defaults where pertinant.
* Adds another variation of the common policy check method
which may be useful in the long term. This is too soon to
tell, but the overall purpose is to allow similar logic
patterns to the authorize behavior. This is because the
standard policies are, at present, also used to control
behavior of response, and node response sanitization needs
to be carefully navigated.
This change excludes linked resources such as /nodes/<uuid>/ports,
portgroups, volumes/[targets|connectors]. Those will be in later
changes, as the node itself is quite a bit.
Special note:
* The indicator endpoint code in the API appears to be broken
and given that should be fixed in a separate patch.
Change-Id: I2869bf21f761cfc543798cf1f7d97c5500cd3681
This change adds support for utilising NVMe specific cleaning tools
on supported devices. This will remove the neccessity of using shred to
securely delete the contents of a NVMe drive and enable using nvme-cli
tools instead, improving cleaning performance and reducing wear on the device.
(this specific change adds extra documentation to the earlier set of
patches implementing this).
Story: 2008290
Task: 41168
Change-Id: Ia6d34b31680967a0d14687e5a54d68a1f1644308
In order to reduce the load on the database backend, only lazy-load
a node's ports, portgroups, volume_connectors, and volume_targets.
With the power-sync as the main user, this change should reduce the
number of DB operations by two thirds roughly.
Change-Id: Id9a9a53156f7fd866d93569347a81e27c6f0673c
It is possible that an interface has both IPv4 and IPv6 addresses,
primarily when using SLAAC with OpenStack Neutron. When this is
the case, it is very likely that the first fixed IP would be a
SLAAC assigned port and the second IP is the IPv4 address.
In an environment where you are looking to boot via IPv4, no DHCPv6
infrastructure exists as IPv6 connectivity is provided via SLAAC,
you would not be able to use this network to boot off of.
This patch instead grabs all the fixed IP addresses, then inserts
the options that match the IP versions which are attached to the
interface, potentially resulting in both IPv4 and IPv6 options
being included (though the IPv6 ones would be largely omitted).
In environments where only IPv4 or IPv6 is in use on the port, it
will still only insert the options for those specific IP versions.
Story #2008660
Task #41933
Change-Id: I52e4ee022b17cb7f007534cb368136567b139a34
No longer explicit handle secure boot in PXE/iPXE derivatives since it's
now handled there.
Change-Id: I13b1d53578285b7171bfadb53bb2a7f69e7b53e3
Story: #2008270
Task: #41567
