This change involves:
- Moves ironic-standalone jobs to use 32GB nodes which is a
relatively simple change.
- Changes other jobs excluding multinode jobs to use DIB image
builds by default.
- Changes one of job names to remove tinyipa from the name.
- Also notes a job which can be removed, but removal will be in
a later change... and adds a release note in case anyone looks.
Change-Id: If9110c8f5041428df3e59f40fe0cb71bcf8580a8
Turns out some of the standalone jobs, anaconda in particular,
can reference some artifacts on disk in such a way which causes
the security logic to block the request. This is an easy fix.
Change-Id: I79204117cdbffab1f619981767471475870b4571
Allow to deploy virtual environment with port groups by using
following environment variables:
IRONIC_USE_PORT_GROUP: boolean to enable port group usage
IRONIC_PORT_GROUP_MODE: the mode for port group, by default is
balance-rr.
Related-Bug: #1718481
Change-Id: I9cc8e54cf94ecc65ac93d01671f8778be2f6dc78
Adds basic suppot to spin up a SONiC VM instance as a switch to have
wired to the switch VM to enable command behavior verification.
Also fixes some related issues due to an earlier rebase need on
the switch test VMs where the interface name was changed and
ultimately a different field need to be extracted for the
later commands to execute properly in order to provide data
to later callers for actions such as creating ports in ironic.
Change-Id: Ie4a2ac4da08359d20b5aa35faf741c5307bef6e0
Adds additional basic simulator support to stand up a virtual
Cisco Nexus 9000 switch for testing in devstack to faciltate
development and testing.
Change-Id: Id66e6bcc646a6d35a2caa5ecbc6b8cd881adb7aa
Adds necessary logic to support spinning up a local network simulator
for Dell Force10 OS10 switches which is a Linux based operating system
image as opposed to the former force10 OS 9 switches.
This change takes a *very* similar approach to OS9 support, but there
are several differences between OS9 and OS10, mainly in configuration
formatting, commands, access control, and even the overall virtual
machine installation process which leverages ONIE and multiple
"disk" artifacts.
Change-Id: Iab3c69031eeff1f612e254d099539c8fc146b553
In order to test NGS compatability and generally move the state forward
we need to be able to wire in switch simulators.
This is *not* intended to be run in CI, due to known performance issues.
This first pass hooks up Dell Force10 switches with OS version 9.13, and
does so we can configure the switch as part of the setup.
This makes the prior behavior of configure-vm.py and the VM templates
to be able to execute as it did before
I0ef1ad1b2e50cb26839c618a1367704d51ed8a4d to enable the simulator attachments
because we can't exercise network switch simulators with dynamic
post-vm start network attachments, becuase the attachment to the switch sim
must be done in advance of switch VM launch.
Change-Id: I4addd71adea0b3f6e56b967db848546b5c56561e
Delete the deploy kernel, ramdisk, and ISO files during cleanup
to trigger rebuild on the subsequent stack.sh run.
Closes-Bug: #2076358
Change-Id: I6600b67c9b3455d8191126b24a1941ae7c384e36
We still need a custom dnsmasq, but due to recent ubuntu upgrades and
devstack changes we always fail the version check and skip the install
of newer dnsmasq. Instead, now we use a sentinel file.
Change-Id: Iefde1721d4ab24521dc2b8f1fe46bf8bd4519f6f
The files in tools/vnc-container allow a container image to be built
which supports Ironic's graphical console functionality.
For each node with an enabled graphical console, the service ironic-novncproxy
(or nova-novncproxy) will connect to a VNC server exposed by a container
running this image.
If the devstack ir-novnc serivce is enabled then this container image
will be built locally and ironic configured to used it for the systemd
console container provider.
This makes a devstack environment functional in accessing graphical
consoles for Dell, HPE and Supermicro.
Related-Bug: 2086715
Change-Id: I0842570cca22ac0e67d358c30225e8e08561f459
A new entry point ``ironic.console.container`` is added to determine how
console containers are orchestrated when ``ironic.conf``
``[vnc]enabled=True``. By default the ``fake`` provider is specified by
``[vnc]container_provider`` which performs no orchestration. The only
functional implementation included is ``systemd`` which manages
containers as Systemd Quadlet containers. These containers run as user
services and rootless podman containers. Having ``podman`` installed is
also a dependency for this provider. See ``ironic.conf`` ``[vnc]``
options to see how this provider can be configured.
The ``systemd`` provider is opinionated and will not be appropriate for
some Ironic deployment methods, especially those which run Ironic inside
containers. External implementations of ``ironic.console.container`` are
encouraged to integrate with other deployment / management methods.
Related-Bug: 2086715
Change-Id: Ib890c3c7be91ddd78a43b9c5261dd1d8c1054c04
Wraps `wget` commands with sleep and mutiple retry support
for resilient network downloads.
Partial-Bug: #2098417
Change-Id: Id3e083cc97b71211e5080ad21e2c09d04d8559fa
By default, nova's tempest code checks every second for the status of
an instance being built. But for baremetal, this can take longer. Much
longer because the many steps in a sequence of action to facilitate
deployment.
As such, changing the timer to 10 second will reduce the amount
of logging generated by CI test jobs, which presently can fail
with too much data to be logged causing subunit to fail and rendering
logging lost.
Change-Id: I1f7e0198b61717ffaaeb471dfcb200a5ab58c506
This is a forklift of the nova novncproxy service to act as the noVNC
front-end to graphical consoles.
The service does the following:
- serves noVNC web assets for the browser based VNC client
- creates a websocket to proxy VNC traffic to an actual VNC server
- decouples authentication traffic so that the source server can have
a different authentication method than the browser client
The forklifted code has been adapted to Ironic conventions, including:
- [vnc] config options following Ironic conventions and using existing
config options where appropriate
- Removing the unnecessary authentication method VeNCrypt, leaving only
the None auth method.
- Adapting the ironic-novncproxy command to use Ironic's service launch
approach, allowing it to be started as part of the all-in-one ironic
- Replace Nova's approach of looking up the instance via the token.
Instead the node UUID is included in the websocket querystring
alongside the token
- Removing cookie fallback when token is missing from querystring
- Removing expected protocol validation in the websocket handshake
- Removing internal access path support
- Removing enforce_session_timeout as this will be done at the
container level
Related-Bug: 2086715
Change-Id: I575a8671e2262408ba1d690cfceabe992c2d4fef
When running the devstack plugin on Centos, the default
libvirt artifact permissions on the filesystem prevents
libvirt from launching UEFI VMs.
This allows for the VM to be able to launch.
Change-Id: I04fcc86175e90e6ca024a44841f4f05bcb5b1f63
The emulator *and* the EFI binary paths are different
when using Centos/Fedora, and Fedora/Centos are distinctly
different with EFI folder paths.
Change-Id: I2c6ba884735f22cc9153de0a24282758ffbdc496
While doing some work on a fips-enabled machine, using centos,
I noticed the check is looking for a ubuntu package version.
Realistically, that is wrong, since 2.90 in general is what
we're seeking.
Change-Id: I02179f10a360a5dd83f4efe28c1ecbb51afb57ab
IPv6 job using UEFI and OVN with dhcpv6-stateful address mode.
Updates the devstack plugin to ensure CentOS DIB ironic-python-agent is
always used for dhcpb6-stateful, udhcpc in tinycore does not support
DHCPv6.
Ensure mtu on the ironic-provision network matches PUBLIC_BRIDGE_MTU
when Ironic IPv6 is used. This ensures we do not get packet drops from
over-mtu.
Devstack plugin will ignore any HOST_IPV6 address discovered, always
using the magigv6 interface and 'fc00::1' as IRONIC_HOST_IPV6.
Change-Id: Iab97d78d7a075eaef3bdcfc08fc4f184a5ea490a
So the prime driver behind pinning the MTU down on our interfaces is so
traffic can cross mutlinode vxlan tunnels between nodes where the devstack
plugin is executing to support more complex tests.
But the reality is that doesn't always make sense, and when Neutron
has a default mtu override based upon "upstream" traffic constraints,
that is likey okay as well.
Part of the CI configuration auto-pins the MTU down, which is fine
for single node testing, however with multinode we need to pin the
MTU further down to try and prevent packets from being dropped on
the internal interfaces use to wire up test VMs.
Change-Id: Idc145f4eea87a8db69202b8d7953975d7d5cba2c
Each run of devstack results in the dnsmasq version being restored to
the distro package version before being replaced by this override. This
means that a second run of stack.sh fails because the dnsmasq checkout
directory already exists.
This change moves the checkout to a tmp dir. This also stops git
complaining about nested git repos from the devstack repo.
Change-Id: Ida3892f2e706fa5a791a048f26440d84876be125
This migrates ironic-lib code and usages to code in ironic.common.
Relevant unit tests were migrated as well.
Also removes support for ironic-lib from CI and devstack.
Change-Id: Ic96a09735f04ff98c6fec23d782566da3061c409
I have requested a new release from dnsmasq here:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q4/017828.html
but until they perform one, we should at least checkout and build
a version of dnsmasq with this fix, instead of downgrading to one that
is slightly less broken.
Related-Bug: 2026757
Change-Id: I8abac5fa729035341c90d7881cb35aff751da101
This adds a wsgi entrypoint module which can be used with a wsgi runner,
such as uwsgi, to launch Ironic API processes without the need of a
separate script.
The legacy WSGI script is currently being installed by PBR, and as part
of the migration to a pyproject.yaml-compatible PBR, we cannot use the
wsgi-scripts plugin anymore, and will be removing the script installed
by it in a future Ironic release.
The new WSGI script, because it has statements at the module top-level,
cannot be autodocumented; we now exclude it.
Also we don't treat all warnings as errors in pdf docs builds to allow
the use of mock autosummary, starting with including the wsgi module.
Co-Authored-By: Doug Goldstein <cardoe@cardoe.com>
Change-Id: I584ac6a25c4e6cd9744a609b50d12b434a930dc6
An interesting, and frustrating aspect of 4k block devices is that the math begins
to be impacted across the whole of the useage of the device.
Specifically the LVM block spacing also begins to be thrown
"out of alignment" which changes user calculations.
Most users doing smaller allocations likely won't matter, but users doing
thin volumes or filling the percentage of the remaining usable volume, also then
break.
So realistically, the best path to ensure we have appropriate 4k device testing,
and our dependent tooling in diskimage-builder is also getting tested, is to run
the more complex case in our CI job.
This change is dependent upon two other changes which are under review.
Change-Id: I5b23403c783fa84b4158708741524c3dc9a92722
grenade by default enable GLOBAL_VENV which means it
install and run everything from virtual env
- https://review.opendev.org/c/openstack/grenade/+/930507
We faced the error in ironic grenade scripts in virtual env
so GLOBAL_VENV was disabled explicitly. This fixing the scripts
and enable GLOBAL_VENV in ironic jobs also.
Change-Id: I48ee1dd4adc2e5bcc18c5f116d979e7524248495
No jobs are setting this, nor have any set it in some time. Remove it.
Change-Id: I38a092de125e382607d89d8e5a3b85db809a6d61
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
