A new ``ironic.console.container`` provider is added called
``kubernetes`` which allows Ironic conductor to manage console
containers as Kubernetes pods. The kubernetes resources are defined in
the template file configured by ``[vnc]kubernetes_container_template``
and the default template creates one secret to store the app info, and
one pod to run the console container.
It is expected that Ironic conductor is deployed inside the kubernetes
cluster. The associated service account will need roles and bindings
which allow it to manage the required resources (with the default
template this will be secrets and pods).
This provider holds the assumption that ironic-novnc will be deployed in
the same kubernetes cluster, and so can connect to the VNC servers via
the pod's ``status.hostIP``.
Assisted-By: gemini
Change-Id: Ib91f7d7c15be51d68ebf886e44efaf191a14437b
Signed-off-by: Steve Baker <sbaker@redhat.com>
The centos Containerfile still exists and the launch scripts have been
adapted to work on both distros.
The ubuntu container has been tested with noble. The container built
in the CI jobs is bound to the version of ubuntu which the host is
running, which will provide functional testing validation when jobs are
moved to newer releases.
Change-Id: I1954e418543acf939bf65189121484e038f3737c
Signed-off-by: Steve Baker <sbaker@redhat.com>
Signed-off-by: Julia Kreger <juliaashleykreger@gmail.com>
Implements the foundational infrastructure for a new standalone
networking service that can operate independently of the main ironic
conductor. This commit establishes the service skeleton with:
- RPC API layer with oslo.messaging integration for remote calls
- Public API interface for conductor/API to interact with the service
- RPC service implementation for handling network requests
- Stub networking manager with method signatures (implementation
added in subsequent commit)
- Service entry point (ironic-networking command) for deployment
- Configuration options for service behavior and networking backend
- Infrastructure and packaging changes for the new service
The manager includes stub implementations that raise NetworkError,
with the full implementation of network operations, driver framework
and switch drivers are added in subsequence commits.
Related-Bug: 2113769
Assisted-by: Claude/sonnet-4.5
Change-Id: I351c7afe96cbcebd6b2e2bb5f0b4f17b5d804ceb
Signed-off-by: Allain Legacy <alegacy@redhat.com>
Deprecation of ironic-inspector was announced long ago (during 2023.2
cycle) and ironic-inspector was retired this cycle. So it's time to
drop the all remaining code to force migration to the built-in
agent interface.
Change-Id: I14a87599f9f47b167f8f1a84704982301d033381
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This change adds a NoDeploy class to allow for a truly minimal
deployment interface with no-op implementations for all required
methods.
Closes-Bug: #2106550
Change-Id: Ic6faf34860efef9165ad868d57972cd5007eacd4
Signed-off-by: Afonne-CID <afonnepaulc@gmail.com>
The current containerised graphical console approach has a Selenium
script managing a Chrome browser session. This change replaces that with
firefox and a custom extension to perform the required actions to login
and load the BMC console. This supports the same vendors as the previous
approach (iDRAC, iLO, Supermicro).
This change is required by Red Hat as Chrome is not packaged in RHEL.
However switching to firefox has allowed a more robust and featureful
implementation so it is presented here on its own merits.
This is implemented with bash, calling out to dedicated python scripts
for these specific tasks:
- Detecting which vendor specific javascript to use for the
redfish-graphical driver
- Building the required certificate fingerprint when app_info.verify_ca
is false, which is written to the profile's cert_override.txt
- Building a custom policy.json which is specific to the BMC and vendor
implementation.
Functional differences with the chrome/selenium version
- Firefox kiosk mode has a more locked-down environment, including
disabling context menus. This means the brittle workaround to disable
them is no longer required.
- Firefox global policy allows the environment to be locked down
further, including limiting accessing to all URLs except the BMC.
- There is now a dedicated loading page which can show status updates
until the first BMC page loads. This page shows error messages if any
of the early redfish calls fail.
- VNC client sessions are now shared with multiple clients, and firefox
will be started on the first connection, and stopped when the last
connection ends.
- Starting Xvfb is now deferred until the first VNC client connection.
This results in a never-connected container using 5MB vs 30MB
once Xvfb is started. Starting Xvfb has ~1sec time penality on first
connection.
- The browser now runs in a dedicated non-root user
- All redfish consoles now hide toolbar elements with a CSS overlay rather than
simulating other methods such as clicking the "Full Screen" button.
- ilo6/ilo5 detection is now done by a redfish call and the ilo5 path
has less moving parts.
Change-Id: Ib42704a016dc891833a0ddbeae8054cac2c57d4d
Signed-off-by: Steve Baker <sbaker@redhat.com>
Assisted-By: gemini
The only thing of note is the use of data files: while pbr allowed you
to include directories in a glob, setuptools only allows individual
files. This necessitates expanding out the list of files we wish to
copy.
Change-Id: I65156249c3494708d79789be23afb2d69c194848
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Used pycodestyle, pyflakes, flake8-logging-format, and flake8-logging to
bring ruff to the ironic tree.
Change-Id: I4e355b0d2cf065f8844794b14474c34b65e7562b
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
Removed default config options while bumping the versions of some
pre-commit hooks. Moved the configuration of doc8 to pyproject.toml to
hopefully consolidate everything in one place. Enable codespell hook to
correct the spelling for users.
Change-Id: I76933b52ed8009f5e97c382b82dd786adf3a5444
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
pip 23.1 removed the "setup.py install" fallback for projects
that do not have pyproject.toml and now uses a pyproject.toml
which is vendored in pip.
To address that, this change adds the minimal pyproject.toml
to enable pbr to be properly used to build editable wheels.
This is required to support installing devstack on
centos stream 9 and related distros with GLOBAL_VENV=True
Without this change the wsgi scripts are not generated in
editable mode. i.e. pip install -e /opt/stack/keystone
See https://pip.pypa.io/en/stable/news/#v23-1
and https://github.com/pypa/pip/issues/8368 for more
details on the removal of the fallback support.
setuptools v64.0.0 is used to support editable installs
via its PEP-660 implmentation
https://github.com/pypa/setuptools/pull/3488
This patch was taken nearly verbatim from the equivalent nova change.
Co-Authored-By: Sean Mooney <work@seanmooney.info>
Change-Id: I34888e8f87b4a3ab09546ba58ef5f2cf495bc7e3
