Currently, the nova virt driver for ironic has a file containing nothing
but our states as constants. A recent bug was caused, in part, by these
not being properly updated. The goal here is to move ironic state
machine code and constants into separate files -- once merged, I will
update the nova driver to use a copy of this file (and add a comment to
the file here saying it's synced over there). This should help prevent
this kinda issue in the future and in the long run cause less duplicated
work.
Assisted-by: Claude Code (claude)
Signed-off-by: Jay Faulkner <jay@jvf.cc>
Change-Id: Ief4533b69899c893f150ef3a7006fb99f7e42964
Adds a tool that will ingest a TBN configuration file along with test
network/port-like objects in order to simulate how TBN would plan the
network for a node.
Change-Id: Ia7fbb9b651e4ed4c63a105484856de7f38bc541c
Signed-off-by: Clif Houck <me@clifhouck.com>
The centos Containerfile still exists and the launch scripts have been
adapted to work on both distros.
The ubuntu container has been tested with noble. The container built
in the CI jobs is bound to the version of ubuntu which the host is
running, which will provide functional testing validation when jobs are
moved to newer releases.
Change-Id: I1954e418543acf939bf65189121484e038f3737c
Signed-off-by: Steve Baker <sbaker@redhat.com>
Signed-off-by: Julia Kreger <juliaashleykreger@gmail.com>
This script runs a liveness check on the configured conductor hostname
and will fail if the conductor is not online. Its intended purpose is to
be used as a kubernetes pod startup or liveness probe for the conductor
container.
Change-Id: I88288e0d7a1da4ec99f31c20771299cce2499bf0
Signed-off-by: Steve Baker <sbaker@redhat.com>
Implements the foundational infrastructure for a new standalone
networking service that can operate independently of the main ironic
conductor. This commit establishes the service skeleton with:
- RPC API layer with oslo.messaging integration for remote calls
- Public API interface for conductor/API to interact with the service
- RPC service implementation for handling network requests
- Stub networking manager with method signatures (implementation
added in subsequent commit)
- Service entry point (ironic-networking command) for deployment
- Configuration options for service behavior and networking backend
- Infrastructure and packaging changes for the new service
The manager includes stub implementations that raise NetworkError,
with the full implementation of network operations, driver framework
and switch drivers are added in subsequence commits.
Related-Bug: 2113769
Assisted-by: Claude/sonnet-4.5
Change-Id: I351c7afe96cbcebd6b2e2bb5f0b4f17b5d804ceb
Signed-off-by: Allain Legacy <alegacy@redhat.com>
The current containerised graphical console approach has a Selenium
script managing a Chrome browser session. This change replaces that with
firefox and a custom extension to perform the required actions to login
and load the BMC console. This supports the same vendors as the previous
approach (iDRAC, iLO, Supermicro).
This change is required by Red Hat as Chrome is not packaged in RHEL.
However switching to firefox has allowed a more robust and featureful
implementation so it is presented here on its own merits.
This is implemented with bash, calling out to dedicated python scripts
for these specific tasks:
- Detecting which vendor specific javascript to use for the
redfish-graphical driver
- Building the required certificate fingerprint when app_info.verify_ca
is false, which is written to the profile's cert_override.txt
- Building a custom policy.json which is specific to the BMC and vendor
implementation.
Functional differences with the chrome/selenium version
- Firefox kiosk mode has a more locked-down environment, including
disabling context menus. This means the brittle workaround to disable
them is no longer required.
- Firefox global policy allows the environment to be locked down
further, including limiting accessing to all URLs except the BMC.
- There is now a dedicated loading page which can show status updates
until the first BMC page loads. This page shows error messages if any
of the early redfish calls fail.
- VNC client sessions are now shared with multiple clients, and firefox
will be started on the first connection, and stopped when the last
connection ends.
- Starting Xvfb is now deferred until the first VNC client connection.
This results in a never-connected container using 5MB vs 30MB
once Xvfb is started. Starting Xvfb has ~1sec time penality on first
connection.
- The browser now runs in a dedicated non-root user
- All redfish consoles now hide toolbar elements with a CSS overlay rather than
simulating other methods such as clicking the "Full Screen" button.
- ilo6/ilo5 detection is now done by a redfish call and the ilo5 path
has less moving parts.
Change-Id: Ib42704a016dc891833a0ddbeae8054cac2c57d4d
Signed-off-by: Steve Baker <sbaker@redhat.com>
Assisted-By: gemini
In threading mode the options implemented in oslo.service are not used,
in favor of the options imported from cotyledon.
Change-Id: I8a94bfea5fe9f9f54077e5d958198ede09f78903
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
While trying to create some fake data, I realized the randomizer
code was not running, nor were changes being committed, and largely
the code was still patterned on ipmi, when really we should be
patterning on fake. Also drops the number of nodes to create to 5000,
instead of 10,000, as we're ultimately going to create a fairly unhappy
fake ironic database with this model.
Using the fake interface *and* fake config, provides us an easy
path to begin to benchmark drastic changes to the conductor model
as part of removing eventlet.
Change-Id: I179c842d369eb9a3a60878556559746cca27bcaa
Signed-off-by: Julia Kreger <juliaashleykreger@gmail.com>
The files in tools/vnc-container allow a container image to be built
which supports Ironic's graphical console functionality.
For each node with an enabled graphical console, the service ironic-novncproxy
(or nova-novncproxy) will connect to a VNC server exposed by a container
running this image.
If the devstack ir-novnc serivce is enabled then this container image
will be built locally and ironic configured to used it for the systemd
console container provider.
This makes a devstack environment functional in accessing graphical
consoles for Dell, HPE and Supermicro.
Related-Bug: 2086715
Change-Id: I0842570cca22ac0e67d358c30225e8e08561f459
This migrates ironic-lib code and usages to code in ironic.common.
Relevant unit tests were migrated as well.
Also removes support for ironic-lib from CI and devstack.
Change-Id: Ic96a09735f04ff98c6fec23d782566da3061c409
For oslo-config-generator, you have to list the external libraries that
provide configuration options so it knows to pull them in. Several of
the listed ironic_lib modules are no longer in that project causing
failures.
Change-Id: If270ac0701769a6ce8131816b1cb4921120bd7ab
Ironic has maintained a CI job for years after postresql support was
deprecated in order to prevent unintentional breakage of that support.
Now, we have confirmed evidence that other openstack components, such as
keystone, required for testing this postgresql support no longer
function in this job.
As a result, ironic can no longer test postgresql support. Operators
utilizing postgresql who have not yet migrated must migrate now.
Change-Id: If6e4432b000996789346a1f7449410cfc8497fe1
Migrate all existing linters to pre-commit. This consolodates our bandit
and codespell job into the general pep8 job.
Change-Id: I6b40a3338d98fab500e22918b6bd5b8bff2106fd
This is a quick and easy way to get Ironic up for testing; updated to be
even quicker and easier if you don't need multiprocess or mysql.
Co-Authored-By: CID <cid@gr-oss.io>
Change-Id: Ibef8a24868fd1f507e69e6d615d6327031d11495
This is the first in a series of commits to add support for codespell. This is continuning the process completed in ironic-python-agent.
Future Commits will add a Tox Target, CI support and potentially a git-blame-ignore-revs file if their are lots of spelling mistakes that could clutter git blame.
Change-Id: Id328ff64c352e85b58181e9d9e35973a8706ab7a
This ensures the options for oslo.versionedobjects library are
included in the file generated by oslo-config-generator.
Change-Id: Ib63c4dd1c14905ec200e67a8fe9ba5f20b160b08
* Updates API version to 1.85 to permit an ``unhold`` verb
* Adds the ``deploy hold`` and ``clean hold`` provision states
to the internal state machine.
* Adds on documentation on steps to help provide greater clarity
to Ironic's users on how to utilize steps. It should be noted
this documentation also includes the power state reserved step
names from the DPU functionality patch.
* Fixes the state machine diagram. Changes type to PNG as SVG
rendering is broken due to python libraries utilized for SVG
generation which do not work on more recent Python versions.
Change-Id: I34f58f4e77e7757b89247fd64f5fcde26f679453
Template databases are not designed to run random SQL code. They should
only be accessed to modify the template itself. Use postgres instead.
Change-Id: Id7d38895d8d04964557447ecbc6ca29f39f626c9
Ironic supports enabling the audit middleware. This change adds
the option for the middleware to the ironic.conf file generated by
oslo-config-generator.
Depends-on: https://review.opendev.org/804316
Change-Id: Ic7adb755f47ea65fe975dfbc7cca905a376d728e
The prepare_service call from ironic.common.service is changed to also
configure guru meditation and profiler. A new call prepare_command is
provided for the cases it's not required.
Change-Id: I5b9b7b7bc827c8bcda06e9a967deae8577ad87f4
This is part of the work to add jobs which confirm ironic works with
FIPS enabled, but this change is also appropriate non-FIPS jobs.
Change-Id: I4af4e811104088d28d7be6df53c26e72db039e08
Adds a horribly written, just hacked together little tool to help
provide sizing insight into an ironic deployment's state and underlying
performance.
Key data:
* Queries the list of node from a pure python interface level with the
database and reports timeing for the list of nodes to be returned.
This information helps convey how long a periodic hits the database
just for the query.
* Requests *all* nodes using the query pattern/structure of the nova
resource tracker, and uses the marker to make any additional requsts.
The data is parsed, and collected, and counts identified vendors,
if any.
* Collects basic data on conductors in terms of running, conductor groups
as well as currently loaded drivers in the deployment.
All of this information provides operational insight into *what*
conditions exist within the deployment allowing developers to try
and identify solutions based on the unique circumstances of larger
deployments.
Also adds a utility to generate and semi-randomize data to allow us to
create a benchmark job in CI.
Change-Id: Iae660aea82db8f1c4567ee2982595ccfdf434fe3
Generating a yaml file called policy.json.sample is a bit misleading
because the file is not valid json, this change fixes that, with the
intention that the user can copy policy.yaml.sample to
/etc/ironic/policy.yaml and make customizations.
Change-Id: Ie6d5c8c38d785005d2bf2dc8f9f7ac42c2e8f7fb
Spotted in focal container while running pep8, updates the shebang
to use python3 explicitly, also removes the unused -tt argument.
Change-Id: Icb16ac63a83379cafe9a7dac380f2b87b881adc9
Opendev infra changed py36 defaults to run on centos8 and
of course, there is no python-devel mapping on centos.
Removed the entry and adjusted the test-setup.sh script
so the databases are started locally as they are not auto
started upon installation.
Change-Id: I826757ad73b0b14f119f9205475379b85f111383
The md5 function is not available on systems in FIPS mode, just
use the callable name (which is closer to how repr usually looks).
Change-Id: I4319ce2f42f35251595306b9a77ae1f8bc55595c
Starting from mysql version 8 it's not possible to create a user
implictly when using GRANT.
This patch makes the behavior compatible with that.
Change-Id: I2b73a532deb8782c2c0bb05070b727e9edc6e9d8
Co-written-by: Riccardo Pittau <elfosardo@gmail.com>
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
GMR requires configuring a path for storing the report via [oslo_reports]log_dir,
this is empty by default, and currently there is no means to specify this option,
thus doesn't respond with SIGUSR2.
Though gmr is optional, test requirement is still required so that we can
generate proper configuration sample for it.
Story: 2007570
Task: 39467
Change-Id: I0f03e9d01a3c4e42a4fc8bf2d8ceb2d1a587056c
currently it is impossible to use ironic-api for both internal and
public api at the same time when both of those are using (ssl
terminating) proxies as there's only one config option to override the
resource url's in responses ([api]public_endpoint).
This patch adds the http_proxy_to_wsgi middleware from oslo.middleware
to the ironic API service, which, with properly configured proxies,
makes the choice of correct URL automatic, and thus makes such scenario
possible.
As this middleware may potentially not properly handle some
endpoint URL schemas, leave the api.public_endpoint option as a backup,
but it will be ignored when proxy headers parsing is enabled.
Change-Id: I3ce6b0726b479c2835f8777957b2cb12d8098aec
Story: #2006303
Task: #36019
Adds bandit configuration template and exclude some of
tests that we don't want to fix for the moment.
Keeping job unvoted so that we can keep an eye on possible
issues while not breaking gate.
Change-Id: Ic577cad3b61421c04023ea887236992acb19f77c
Story: 2005791
Task: 33518
The exception modules in ironic and ironic-lib contain the same
almost identical class IronicException.
With this patch we directly use the one in ironic-lib.
Updating requirements and lower-constraints to use compatible
version of ironic-lib.
Also deprecating duplicated fatal_exception_format_errors
option.
Change-Id: I1ce0d12d912020346425fd658d3b1807607455a4
Story: 1626578
Task: 10515
This change adds an option to publish the endpoint via mDNS on start
up and clean it up on tear down.
Story: #2005393
Task: #30383
Change-Id: I55d2e7718a23cde111eaac4e431588184cb16bda
As we are not maintaining sample config file in the repo now,
the checkconfig can be removed since it's always generated from
the code.
Change-Id: I5bfd7c5cbb048a71864fac4fcfebb940529f87f1
This change will add how to create windows images article
in portgroup docs. these images will support to create port
bounding through ironic services.
This feature has tested on Fujitsu servers successfully.
Change-Id: I1ce941a16f080fce1699d8629a7e12a2c2d83ade
Bashate introduces a new error, E044, which attempts to
identify any questionable conditionals that would be
incorrectly using bracketing. That being said, it is
modeled on keeping the design simple, and errors on more
condensed lines where conditionals are included.
Since we don't need this, and the case where it is erroring
is invalid as the test is overly simple, lets ignore it.
Change-Id: Ie46dcd6cd6100f3c7e35c2c817828e45bd6b7921
