The centos Containerfile still exists and the launch scripts have been
adapted to work on both distros.
The ubuntu container has been tested with noble. The container built
in the CI jobs is bound to the version of ubuntu which the host is
running, which will provide functional testing validation when jobs are
moved to newer releases.
Change-Id: I1954e418543acf939bf65189121484e038f3737c
Signed-off-by: Steve Baker <sbaker@redhat.com>
Signed-off-by: Julia Kreger <juliaashleykreger@gmail.com>
The current containerised graphical console approach has a Selenium
script managing a Chrome browser session. This change replaces that with
firefox and a custom extension to perform the required actions to login
and load the BMC console. This supports the same vendors as the previous
approach (iDRAC, iLO, Supermicro).
This change is required by Red Hat as Chrome is not packaged in RHEL.
However switching to firefox has allowed a more robust and featureful
implementation so it is presented here on its own merits.
This is implemented with bash, calling out to dedicated python scripts
for these specific tasks:
- Detecting which vendor specific javascript to use for the
redfish-graphical driver
- Building the required certificate fingerprint when app_info.verify_ca
is false, which is written to the profile's cert_override.txt
- Building a custom policy.json which is specific to the BMC and vendor
implementation.
Functional differences with the chrome/selenium version
- Firefox kiosk mode has a more locked-down environment, including
disabling context menus. This means the brittle workaround to disable
them is no longer required.
- Firefox global policy allows the environment to be locked down
further, including limiting accessing to all URLs except the BMC.
- There is now a dedicated loading page which can show status updates
until the first BMC page loads. This page shows error messages if any
of the early redfish calls fail.
- VNC client sessions are now shared with multiple clients, and firefox
will be started on the first connection, and stopped when the last
connection ends.
- Starting Xvfb is now deferred until the first VNC client connection.
This results in a never-connected container using 5MB vs 30MB
once Xvfb is started. Starting Xvfb has ~1sec time penality on first
connection.
- The browser now runs in a dedicated non-root user
- All redfish consoles now hide toolbar elements with a CSS overlay rather than
simulating other methods such as clicking the "Full Screen" button.
- ilo6/ilo5 detection is now done by a redfish call and the ilo5 path
has less moving parts.
Change-Id: Ib42704a016dc891833a0ddbeae8054cac2c57d4d
Signed-off-by: Steve Baker <sbaker@redhat.com>
Assisted-By: gemini
The files in tools/vnc-container allow a container image to be built
which supports Ironic's graphical console functionality.
For each node with an enabled graphical console, the service ironic-novncproxy
(or nova-novncproxy) will connect to a VNC server exposed by a container
running this image.
If the devstack ir-novnc serivce is enabled then this container image
will be built locally and ironic configured to used it for the systemd
console container provider.
This makes a devstack environment functional in accessing graphical
consoles for Dell, HPE and Supermicro.
Related-Bug: 2086715
Change-Id: I0842570cca22ac0e67d358c30225e8e08561f459
