This commit adds new clean steps security_parameters_update,
update_minimum_password_length and update_auth_failure_logging_threshold
to allow users to edit following security parameters which fetched
during node inspection -
``Password_Complexity``, ``RequiredLoginForiLORBSU``,
``RequireHostAuthentication``, ``MinPasswordLength``,
``IPMI/DCMI_Over_LAN``, ``Authentication_failure_Logging``,
and ``Secure_Boot``.
Story: 2008024
Task: 40736
Change-Id: I0dd9a83ee23c6b846eda3ff171ab7b3138b22fa7
Currently if the baremetal boot mode is unknown and the driver doesn't
support setting the boot mode then the error is logged and deployment
continues.
However if the BMC doesn't support getting or setting the boot mode
then setting the boot mode raises an error which results in the deploy
failing. This is the case for HPE Gen9 baremetal, which doesn't have a
'BootSourceOverrideMode' attribute in its system Boot field, and
raises a 400 iLO.2.14.UnsupportedOperation in response to setting the
boot mode.
This is raised from set_boot_mode as a RedfishError. This change
raises UnsupportedDriverExtension exception when the 'mode' attribute
is missing from the 'boot' field, allowing the deployment to continue.
Change-Id: I360ff8180be252de21f5fcd2208947087e332a39
This change adds 'anaconda' group and 'default_ks_template'
configuration option under that group to ironic configuration file.
Along with this change a new boot_option named 'kickstart' is added
to identify anaconda kickstart deploy in the boot interface.
deploy_utils.get_boot_option method is modified to check if
node.deploy_interface is set to 'anaconda' and return boot_option
'kickstart'.
This change also validates whether required parameters are set when
the boot_option on the node is set to 'kickstart'.
When boot_option is 'kickstart' we also validate if the glance image
source has 'squashfs_id' property associated with it.
Change-Id: I2ef7c33e2e63e6d08c084b4c5dbd77a44ddd2d14
Story: 2007839
Task: 41675
Adds MVP support for idrac-redfish to RAID interface. Based on
generic redfish implementation, but requires OEM extension
to check when `Immediate` time becomes available shortly
after IPA starts executing steps.
Does not support foreign disks, convert from non-RAID mode.
Story: 2008602
Task: 41778
Depends-On: https://review.opendev.org/c/x/sushy-oem-idrac/+/776224
Change-Id: Iefb7f882c97e33a176962e4e907163d9e4809445
This patch increments the API version for the Secure RBAC
as was covered in the specification in order to signify to
API consumers that may need to be aware if the API surface
can support Secure RBAC policy configuration.
Change-Id: Ia659708bb89ff416b65367505d3e068c6d4a198f
Deprecates legacy policies which will be removed at a later point in
time. Notes these in a release note which covers project scoped access
enablement, and updates the Secure RBAC docs to cover additional details
Special thanks to Rammstein Radio on Pandora, for without this and all
of the amazing artists it brought to my coding jam sessions, this effort
would not have reached any sort of conclusion in the relatively short
time for such a massive amount of work.
Change-Id: I3bf0fa0de07e19d6058f0299e7abbff91b48b360
This commit adds logic
* to determine whether irmc hardware type is enabled
* (if enabled) to install python package python-scciclient & snmp
into DevStack code to support construction of Ironic environment
with iRMC supported Fujitsu server through DevStack.
Story: 2008722
Task: 42066
Change-Id: Ie50d8e4b43cdbfd8cd46333a75de20015e67829e
Adds a new argument disable_ramdisk to the manual cleaning API.
Only steps that are marked with requires_ramdisk=False can be
run in this mode. Cleaning prepare/tear down is not done.
Some steps (like redfish BIOS) currently require IPA to detect
a successful reboot. They are not marked with requires_ramdisk
just yet.
Change-Id: Icacac871603bd48536188813647bc669c574de2a
Story: #2008491
Task: #41540
Adds policy scope based RBAC handling for the allocations
endpoing which enables admins to create allocations if
they have baremetal nodes which are available to them.
Change-Id: I60e273afaf344fded9bdb8c4c8e143efc9971fc1
I never got around to adding in an initial pass on system scoped
interaction and use with secure rbac. This change adds a high level
overview to help explain the context.
Change-Id: I4dca32c882f484e75378aca8bb043ebd078a13cf
The Redfish RAID release note did not reference the related
story. This patch updates the release note to include a link to
the story.
The formatting of the release note is also updated to respect the
maximum 80 characters per line convention.
Change-Id: Iac0c6fdb116c14a402c0ea86f98f6a72064adbbc
Story: 2003514
Task: 42024
