Turns out some of the standalone jobs, anaconda in particular,
can reference some artifacts on disk in such a way which causes
the security logic to block the request. This is an easy fix.
Change-Id: I79204117cdbffab1f619981767471475870b4571
(cherry picked from commit 42be33b52b)
I have requested a new release from dnsmasq here:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q4/017828.html
but until they perform one, we should at least checkout and build
a version of dnsmasq with this fix, instead of downgrading to one that
is slightly less broken.
Related-Bug: 2026757
Change-Id: I8abac5fa729035341c90d7881cb35aff751da101
(cherry picked from commit 360e21124c)
This change makes it possible to test the new "agent" implementation.
The PXE environment is not migrated so far, so managed inspection is
assumed by default.
Change-Id: I60a11454aefc01333e3f788e2b09ec6e47423223
Right now, when restacking to get new code checked out, we fail due to
the dnsmasq directory already existing. Now, skip the downgrade if we
detect the correct version -- as we would on a second run.
Change-Id: I5c3d28f75b66d14540cbafa03bff8b7def688da5
In trying to chase down why the raw tftp boot of grub is not
happy, I determined that the tftp folder being created had the
wrong permissions out of the box. Ironic has an optional knob for
this, so we're going to set it by default.
Change-Id: If2a0e5e47163a3525ecd245e8b54cacea9a615de
This commit introduces support for provisioning ARM (aarch64)
fake-bare-metal VMs in Ironic for the purpose of eventually supporting
CI testing on ARM64 architecture-based hardware.
Change-Id: Ie4bff8892228275ad0fb940c30e8071f7f4c423f
There has been no testing of this hardware type in quite some time,
and the last we heard the vendor was moving towards redfish.
Change-Id: Ib32db463981ec54430884ac760956b7c7b40b17f
Codespell upgrade caused failures, fixed spelling where
appropriate, added ignores where appropriate.
Some new package release broke pep8 runs; fixed by no
longer pinning Pygments version.
Change-Id: I670bbb170823d6a0ace8eeb9d9e486e8e9bf7404
This makes all the image upload commands in the devstack plugin use
--file instead of stdin redirection, and also uses an absolute path.
One of the commands was already doing it this way. By doing the upload
like this, it makes the devstack plugin usable with the OCaaS devstack
mode (for faster openstack client ops) since we can't pass the image
stream via stdin. Most people will be using --file for uploading
anyway, so this is probably more realistic anyway.
Change-Id: I8d97ed731133d02aed46a078c50769692ad7ba04
Cirros partition images have some underlying limitations,
meaning it is not ideal for any step which requires the image
to hae commands executed in it to perform operations, such as
mounting additional filesystems in UEFI mode, or installing
grub in BIOS mode.
This is because cirros images are an unpacked ramdisk, in other
words, the posted disk image *has no* contents on the root
filesystem of the image. While we attempt to unpack[0] this as well,
this can also fail creating false failures resulting in check
jobs failing and then working on recheck.
As the constraint is the same as the BIOS mode check, and there
is no realistic fix, this change removes the boot mode check and
thus always disables partition image testing with tempest *when*
cirros is in use.
note 0: We presently unpack using a virtual machine launch so it
takes place with the same process as when cirros starts, however
linux doesn't always boot, and the tools don't really determine
if that is the case or not, and if we retool it, we should just
move to a direct extraction and image re-pack.
Change-Id: I7687ff1eddb14d22b981860d4c4c9b172bae45b7
Had someone try to boot the tinycore ISO on a UEFI machine, and they
got a nice error. Just turns out we needed to update our docs a little
bit to provide appropriate clarity.
Change-Id: I1adfb62ea22d0b58740ceadc8c338fc04d9b78de
Cirros, by default, as part of its initialization, copies the initial
ramdisk contents over the filesystem on disk. This changes the partition
image creation job so we do it upfront so the partition image looks like
and matches what we generally expect from a partition image as opposed
to just a kernel, ramdisk, and bootloader.
Change-Id: Idde30e33e9453f8564a7c3b9109c4e567146dee7
``redfish_system_id`` is being passed multiple times to the node at
creation as ``node_options`` never defaults back to it's initial state
throughout the iteration of the while loop.
Though it is surprisingly functional, it's fragile and this change aims
to fix that.
Closes-Bug: #2054597
Change-Id: I2c151afafb86191f047985ac00075a791639646d
A temporary path forward to increase CI stability, by pinning
to what appears to be a "good working version" of upstream dnsmasq
which does not crash fon us.
Change-Id: I3295c92fd7b7871ad351b94f4c6cf0f554279db0
dnsmasq-2.86 shipped in Ubuntu jammy has a
known issue[1] which is fixed in dnsmasq-2.87
but it's not yet released with Ubuntu jammy.
Until fixed version is available in Ubuntu
jammy let's use source install instead of
using a older version from Ubuntu focal.
[1] https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q3/016562.html
Update from Julia:
Pushing forward the source fix again as ubuntu removed the
prior path we were using as a focal package and replaced
it with a package which is demonstrating the same basic issue.
Related-Bug: #2026757
Change-Id: I7ffcd167fc1e3a8c1192d766743bb5620d85ef35
Extension to extend the default service project name
value, which if set can be overrridden in Ironic's policy
configuration.
Change-Id: I60cc53a34c7062261703492e720989efedca4f2b
When I thought change I2b4bcc748b6e43e4215dc45137becce301349032
was going to fix everything, that was with the mental model that
it was going to be enabled by default. That didn't happen in
review as part of the service, but the reality is we still have
some adjacent CI jobs which need it to operate properly.
Given CI, it is just invoked when scope enforcement is enabled
for CI purposes
Change-Id: I60074504742d8b09017acbb42d2706215b0169af
This is the first in a series of commits to add support for codespell. This is continuning the process completed in ironic-python-agent.
Future Commits will add a Tox Target, CI support and potentially a git-blame-ignore-revs file if their are lots of spelling mistakes that could clutter git blame.
Change-Id: Id328ff64c352e85b58181e9d9e35973a8706ab7a
Change the default RBAC policy in ironic such that the new RBAC
policy is enforced by default and the legacy policy is not usable
unless explicitly re-enabled.
Depends-On: https://review.opendev.org/c/openstack/metalsmith/+/905012
Change-Id: Id559f1d8b9a76c8a570b598585c2d58c56d08837
The host currently hard-coded is not functioning. This replaces
the hard-coded mirror by the local CI mirror detected. In case
mirror info is not available then upstream centos mirror is used.
Change-Id: I96a8cb45154c9dbb50efecc22d34c4ff75c6722a
After removing the iSCSI deploy and changing ISO parsing code to use
a corresponding library, Ironic no longer executes any commands as root
and it should stay this way.
Change-Id: I47d2bab9b94345fbcf89a2a80028853050a041ea
Two jobs are changed to test a reduced Redfish implementation:
one PXE job uses the minimum version (only boot/power management)
one vmedia job uses the reduced version (+ NICs, virtual media)
Change-Id: Ib3afdb26b9cd36c0e4f3d736b9c69a5bf508fc0e
Long story short, we auto-clamp down everything to 1400 bytes
due to VXLAN tunneling for multinode testing. But there are other
reasons to clamp it smaller, and we will need to clamp that further
for multinode should we mix it with OVN.
Anyway, this should make things cleaner and we should rely upon the
gate calcualted MTU as a starting place, not the guess based upon
interface list. i.e. test VM could be wrong but gate could know better.
Change-Id: I385679fe30d1447f1ed94cdf5a419e6acefbc595
