febb6e24a0
This enables an operator to override Ironic's autogenerated cleaning step functionality, instead providing a runbook to be used for automated cleaning. Operators will be able to configure runbooks globally, by resource class, and as a node override. Configuration exists to enable/disable this functionality at the will of the deployer, and defaults to maintaining existing behavior. Runbooks are also validated, by default, against node traits and will fail cleaning on a mismatch; this behavior is also configurable. Unit tests generated and fixed by the various different AI agents I've been trying out through the lifetime of this change, then heavily edited. Generated-By: Cursor, Jetbrains Junie, claude-code Closes-bug: #2100545 Change-Id: I7c312885793ee72b1ca8c415354b9e73a3dac9d7
44 lines
2.4 KiB
YAML
44 lines
2.4 KiB
YAML
features:
|
|
- |
|
|
Ironic operators can now assign specific steps to run during automated
|
|
cleaning instead of relying on the driver-based implicit steps typically
|
|
used for automated cleaning.
|
|
|
|
To generally opt-in to this behavior, first set
|
|
``[conductor]/automated_cleaning_step_source`` to either 'hybrid' or
|
|
'runbook'. A setting of 'autogenerated' (default), preserves existing
|
|
behavior. Setting 'runbook' causes Ironic to attempt to find and use a
|
|
configured runbook for automated cleaning, and fails cleaning if one is
|
|
not found. The 'hybrid' setting causes Ironic to attempt to find and use a
|
|
configured runbook for automated cleaning. If one is not found, we fallback
|
|
to the default autogenerated cleaning.
|
|
|
|
Configuration for cleaning runbooks is tiered to allow maximum flexibility;
|
|
Ironic will try to find a cleaning runbook in the following places. Values
|
|
representing the runbook name or the runbook UUID are accepted; and the
|
|
most specific value found is used. First, ``node.driver_info['cleaning_runbook']``
|
|
is a node specific override, disabled by default. To enable it, set
|
|
``[conductor]automated_cleaning_runbook_from_node`` to True. Next,
|
|
``[conductor]automated_cleaning_runbook_by_resource_class`` allows you to
|
|
map resource classes to the expected runbook for them to use in
|
|
automated cleaning. The global default, and final fallback, is
|
|
``[conductor]automated_cleaning_runbook``.
|
|
|
|
As with normal runbook usage, the runbook name must match an active trait
|
|
in node.traits. This behavior can be changed by setting
|
|
``[conductor]automated_cleaning_runbook_validate_traits`` to False. A cleaning
|
|
attempt that resolves to an incompatible runbook will cause an error
|
|
and leave the node uncleaned in a clean fail state.
|
|
|
|
security:
|
|
- |
|
|
This change permits declarative cleaning via use of runbooks. Please note
|
|
there is no validation that a runbook performs typical, expected cleaning
|
|
actions such as a disk wipe. Operators should be careful to ensure they
|
|
are using sufficient steps to securely wipe the system.
|
|
|
|
Additionally, operators of multitenant Ironic clusters should be careful
|
|
before setting ``[conductor]automated_cleaning_runbook_from_node`` to True,
|
|
as it may permit a node owner to render cleaning ineffective. This is not
|
|
a concern in deployments utilizing node.lessee via automated_lessee.
|