| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Change-Id: Icaffb5d346001d62e5c9522708dd44f01faeb3a6
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently, the launcher first notifies systemd, then starts checking the
services (RPC and WSGI). So any failures will be reported, but only
after systemd declares the service ready.
This change adds a polling loop to make sure RpcService.start() finishes
successfully.
Change-Id: Ib460622d69a9cb1cb82e796a6ab294bbbb40c359
|
| |
|
|
|
|
|
| |
Launcher.wait() does not raise, it returns an integer code. Propagate it
to sys.exit() so that failures are correctly recognized.
Change-Id: I38bf39e4e4845415640b3468e9fb3029f70dcded
|
| |
|
|
|
|
|
|
|
|
| |
When using the new combined executable in a single-conductor scenario,
it may make sense to completely disable the remote RPC. The new
``rpc_transport`` value ``none`` achieves that.
Change-Id: I6a83358c65b3ed213c8a991d42660ca51fc3a8ec
Story: #2009676
Task: #44104
|
| |
|
|
|
|
|
|
|
|
|
| |
This adds a new executable /usr/bin/ironic (cool that we no longer have
a CLI with this name) that starts API and conductor together in the same
process. When an RPC host name matches the current one, the call is not
routed through the remote RPC, a local function call is done instead.
Story: #2009676
Task: #43953
Change-Id: I51bf7226aea145dc7c8fd93d61caa233ca16c9c9
|
| |
|
|
|
|
|
|
| |
The prepare_service call from ironic.common.service is changed to also
configure guru meditation and profiler. A new call prepare_command is
provided for the cases it's not required.
Change-Id: I5b9b7b7bc827c8bcda06e9a967deae8577ad87f4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The database schema upgrade check had support for an
explicit list of known versions to handle the upgrade.
who knew!
Anyhow, we haven't used it in three years since the addition,
and it seems to make more sense to just be able to indicate
"we know initial field versions may not be able to be retrieved
and act accordingly". As such, when no table is found, the
pre-upgrade version check execution will continue onward fearlessly!
Call it a spiritual successor to Ibcf0728bc5d1b0cbdd78796526f9c93fc99e8c08
Change-Id: Icae5162c2501b0d1217ad0e6ee34ebef40e95204
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The upgrade path logic was built to force a developer pattern to break
things such as new tables and features across multiple patches, and
the status check *can* explicitly fail if we don't explicitly go
hint to it that we've added table. Yes, we have a hard coded list...
Anyway, a better pattern is allow the db sync process to do the
appropriate needful. Run the status check, if it fails, fallback
and update the schema.
Also handles the explicit failure error and tries to return a human
friendly error message for when the table is not present.
In the end this allows us to merge schema changes such as additional
tables with their underlying objects and properly handle things as
long as the schema update works as expected. This allows us to
leverage an operational model of performing upgrades.
Change-Id: Id5f2a8068bc064e1ed1e376524850e4739f79ef2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When I merged the db status check in for database indexes, I missed
the most improtant line, which is where the object is populated with
the method name to be executed by the upgrade checks framework.
In the rush to try and clean-up after the impact of the Secure RBAC
work, I just didn't manually test the final file I uploaded into
review. I assumed it just worked because the job passed, but didn't
think about the resulting return codes which we *should* experience
on an upgrade from a prior version. Later on, I noticed that because
of the way the status checks are invoked, I also added the code to
do the index check in the wrong order, so I had to restructure things
so the method definition was known by the object on the class which
holds the method names list.
I guess I copied/pasted this over from another file I was testing
in just didn't run the final file. :( Funny enough, the index check
works like a charm now.
Also updates the status check invocation check in the upgrade script
for grenade, *as* warnings *are* permissible and not fatal.
Change-Id: Ifa9da65dc8df5bf9a369d6faeab310386dfd944a
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Secure RBAC, along with numerous periodics, and even some common API
access patterns heavily access the ironic database and sometimes cause
queries across multiple columns to match nodes to return.
None of this is bad, but what is bad is we didn't have indexes on these
columns.
This change adds docs, and the schema upgrade to create the column
indexes, and a release note to provide more visible documentation
for operators.
It must be stressed that this does *not* improve query times
when all records are asked for on a database connection.
Also adds an upgrade check in to raise a warning for operator
visibility.
Story: 2008863
Task: 42392
Change-Id: I76821c032180a58d0f99d31110fbe0f844c0cb3f
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
The iSCSI deploy was very easy to start with, but it has since become
apparently that it suffers from scalability and maintenance issues.
It was deprecated in the Victoria cycle and can now be removed.
Hide the guide to upgrade to hardware types since it's very outdated.
I had to remove the iBMC diagram since my SVG-fu is not enough to fix it.
Change-Id: I2cd6bf7b27fe0be2c08104b0cc37654b506b2e62
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Adds the status upgrade check for the JSON to YAML migration
effort and updates the documentation where it seems appropriate
to move from "policy.json" to "policy.yaml"
Mostly shamelessly copied from https://review.opendev.org/#/c/748059/
however is in-line with ironic's configuration and patching methods.
Related Blueprint: policy-json-to-yaml
Change-Id: I1d5b3892451579ebfd4d75a0f7185e0ef3c984c8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change marks the iscsi deploy interface as deprecated and
stops enabling it by default.
An online data migration is provided for iscsi->direct, provided that:
1) the direct deploy is enabled,
2) image_download_source!=swift.
The CI coverage for iscsi deploy is left only on standalone jobs.
Story: #2008114
Task: #40830
Change-Id: I4a66401b24c49c705861e0745867b7fc706a7509
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removes the deprecated support for token-less agents which
better secures the ironic-python-agent<->ironic interactions
to help ensure heartbeat operations are coming from the same
node which originally checked-in with the Ironic and that
commands coming to an agent are originating from the same
ironic deployment which the agent checked-in with to begin
with.
Story: 2007025
Task: 40814
Change-Id: Id7a3f402285c654bc4665dcd45bd0730128bf9b0
|
| |
|
|
|
|
|
|
|
|
| |
This patch fixes the issues that pep8 is showing in our CI.
Flake8 changes in tox.ini:
-Added ironic/tests/base.py and ironic/cmd/__init__.py
to per-file-ignores to ignore E402.
-Added E741 to ignore.
Change-Id: Icf92aa186fb4b2be0d59736a56260d01a5c3279a
|
| |
|
|
|
|
|
|
|
| |
Monkey patch the original current_thread to use the up-to-date _active
global variable. This solution is based on that documented at:
https://github.com/eventlet/eventlet/issues/592
Change-Id: I97c2a756076299a01170beb5bec3fa0e49593146
Story: 2007614
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
GMR requires configuring a path for storing the report via [oslo_reports]log_dir,
this is empty by default, and currently there is no means to specify this option,
thus doesn't respond with SIGUSR2.
Though gmr is optional, test requirement is still required so that we can
generate proper configuration sample for it.
Story: 2007570
Task: 39467
Change-Id: I0f03e9d01a3c4e42a4fc8bf2d8ceb2d1a587056c
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default value of "netboot" was introduced to this configuration
variable as part of commit 93f947c852409af2c56a499428b09ff69ab345a1
in Ocata release.
This patch changes the default value of configuration parameter
'[deploy]/default_boot_option' and devstack variable
'IRONIC_DEFAULT_BOOT_OPTION' to 'local'.
Change-Id: I9bf56a7088281bbe20b8b6c2e47c6ab6559bfea4
Story: #1619339
Task: #10505
|
| |
|
|
|
|
|
|
|
|
| |
In an ideal world we would have all messages translated to at least major
languages. In reality, ironic has never boasted a great set of translation,
and according to Zanata only 2.94% of messages are translated for ironic
in Train (1.33% for ironic-inspector). Given that ironic-python-agent is
not translated at all, using i18n by default seems an overkill.
Change-Id: I12287c6b7208af487cc9eee825ae7f38ec707d91
|
| |
|
|
|
|
|
|
|
|
| |
It is only required for one specific feature, let people install it
if they need it.
This change is a part of the major effort to reduce the number of
ironic dependencies.
Change-Id: Ia45ce1d573c89f583d641be3d37d1c127e6345bc
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The new version enables a lot of standard flake8 checks. Some of them
are temporary disabled to reduce the scope of this patch:
* Complexity check requires a few functions to be rewritten (apparently,
it was not enabled previously).
* Indentation check failures are numerous and potentially contradictive.
These checks will be enabled in follow-ups.
W606 is removed from excludes since we no longer hit it.
Change-Id: I1e5a6f8e5e90c55cfc6f740b26c30196512d3be3
|
| |
|
|
|
|
| |
No need to import print_function from future anymore
Change-Id: I49164db5bd283c42602c75539c0c5fffe6ec2630
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to improve security of the lookup/heartbeat
endpoints, we need to generate and provide temporary tokens
to the initial callers, if supported, to facilitate the
verification of commands.
This is the first patch in an entire series which utimately
enables the endpoint communication to be better secured.
The idea behind this started in private story 2006634 which
is locked as a security related filing covering multiple
aspects of ironic/ironic-python-agent interaction centered
around miss-use and generally exposed endpoints. That story
will remain marked as a private bug because it has several
different items covered, some of which did not prove to be
actually exploitable, but spawned stories 2006777, 2006773,
2007025, and is ultimately similar to Story 1526748.
Operationally this is a minimally invasive security
enhancement to lay the foundation to harden interactions
with the agent. This will take place over a series of
patches to both Ironic and the Ironic-Python-Agent.
Also see "Security of /heartbeat and /lookup endpoints"
in http://lists.openstack.org/pipermail/openstack-discuss/2019-November/010789.html
Story: 2007025
Task: 37818
Change-Id: I0118007cac3d6548e9d41c5e615a819150b6ef1a
|
| |
|
|
|
|
| |
Allocations and deploy templates were both added in the Stein cycle.
Change-Id: Icda5bc89fd0c652dd2ab1eb1c262dda3c8a62f57
|
| |
|
|
|
|
| |
In docstring :param should be used instead of :param:.
Change-Id: Id531e58087b8196b30dda12aa4245a1eefd638ac
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adds a check for compatibility of the object versions (in the DB)
with the release of ironic. This check is used by the
'ironic-status upgrade check' command.
The ironic-status command is added to devstack and grenade (when
upgrading).
Change-Id: I2043dc01856106d50356637db327a2817db90366
Story: 2004990
Task: 29459
|
| |/
|
|
|
|
|
|
|
|
| |
Adds deploy_templates and deploy_template_steps tables to the database,
provides a DB API for these tables, and a DeployTemplate versioned
object.
Change-Id: I5b8b59bbea1594b1220438050b80f1c603dbc346
Story: 1722275
Task: 28674
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds the database models and API, as well as RPC objects
for the allocation API. Also the node database API is extended with
query by power state and list of UUIDs.
There is one discrepancy from the initially approved spec: since we
do not have to separately update traits in an allocation, the planned
allocation_traits table was replaced by a simple field.
Change-Id: I6af132e2bfa6e4f7b93bd20f22a668790a22a30e
Story: #2004341
Task: #28367
|
| |
|
|
|
|
|
|
|
| |
The version check is run before tables are created, so it cannot
succeed for them.
Change-Id: Ibcf0728bc5d1b0cbdd78796526f9c93fc99e8c08
Story: #2004589
Task: #28467
|
| |
|
|
|
|
|
|
|
|
|
| |
This adds basic framework for ironic-status upgrade
check commands. For now it has only "check_placeholder"
check implemented.
Real checks can be added to this tool in the future.
Change-Id: I7d5f018656322b92c663a2adaaf6330a55c00fb8
Story: 2003657
Task: 26133
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This adds a migration step that will be executed as the last step
in the 'ironic-dbsync online_data_migration' command. It updates
all the objects that aren't in their latest version, to be in
their latest version.
Co-Authored-By: Dmitry Tantsur <dtantsur@redhat.com>
Change-Id: Ib39319a75205ce7692f0525f99200a5de3d60a88
Story: #2004174
Task: #27656
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When performing a skip version upgrade from a release earlier than Pike,
Ironic will crash when check_versions cannot find the 'version' columns
in the database.
This change adds a safety check which detects old database
version missing the 'version' columns. Instead of crashing, it will
inform the user that skip version upgrades are not supported and
that database migrations need to be run for each skipped versions instead.
Story: 2002558
Task: 22122
Change-Id: Ifa100c6fd168fc59b56bba0c41836958b10f2d47
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* removes any bits related to loading classic drivers from
the drivers factory code
* removes exceptions that only happen when classic drivers
can be loaded
* removes the BaseDriver, moves the useful functionality to
the BareDriver class
* /v1/drivers/?type=classic now always returns an empty list
* removes the migration updating classic drivers to hardware
types
The documentation will be updated separately.
Change-Id: I8ee58dfade87ae2a2544c5dcc27702c069f5089d
|
| |
|
|
|
| |
Story: #2001985
Change-Id: Idb9946e24e22bc64475dabb475d9cef09ee4d26b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the pep8 E402 (Module level import not at top of file) errors.
For the Alembic files move the definitions of 'revision' and
'down_revision' below the imports. This is now done in Alembic [1]
For other files fix as needed by moving the imports or lines before
the imports.
In a few cases add a "# noqa E402" to whitelist the issue.
[1] https://bitbucket.org/zzzeek/alembic/commits/dc2aae0374b76ccab8494be6e103d84089bc449b
Change-Id: I48c96d5da0cb747b3ca3fceea9b4ffa85a9ebe22
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For API versions >= 1.28, Port & portgroup's .extra['vif_port_id'] was
deprecated in Ocata. Before we can remove support for this, we need to
copy that information to the object's internal_info['tenant_vif_port_id'].
This copy/migration is done at the API layer when the user specifies the
.extra[] value, as well as when the 'ironic db-sync online_data-migrations'
is run.
In order to know whether the ports and port groups have been migrated,
their IronicObject versions are incremented.
This also fixes it so that for API versions < 1.28, the deprecation
warning is not shown, since we still need to support extra['vif_port_id']
in this case.
When a port or portgroup's .extra['vif_port_id'] is removed via a
PATCH API request, that VIF is removed from that object's internal_info.
Change-Id: I69468c935e68dd9d37a474c318c3ceb9cdfc5868
Partial-Bug: 1722850
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This changes the ironic (ironic-api and ironic-conductor)
services so that when a SIGHUP signal is issued, the
service reloads (and uses) the values of mutable configuration
options.
The mutable configuration options (set by oslo.config Opts' mutable=True)
are:
- [DEFAULT]/pin_release_version
- [DEFAULT]/debug
- [DEFAULT]/log_config_append
and are indicated as such in ironic's sample config
(https://docs.openstack.org/ironic/latest/configuration/sample-config.html)
by "# Note: This option can be changed without restarting.".
Configuration options are mutable if their oslo.config Opt's mutable=True
is set. This mutable setting is respected when the oslo method
mutate_config_files is called instead of reload_config_files.
Icec3e664f3fe72614e373b2938e8dee53cf8bc5e allows services to tell
oslo.service they want mutate_config_files to be called by specifying the
'restart_method=mutate' parameter, which this patch does.
Change-Id: I0df46bb21dda035b25daad17737dbfedb861e868
Closes-Bug: #1585595
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove I202 (Additional newline in a group of imports) from the ignore
list. I202 is a check from the flake8-import-order [1] package.
There was a note to remove this check once the tempest plugin was
removed. As the tempest plugin has been removed we can now remove the
exclusion of this check.
Update files which failed this test.
[1] https://github.com/PyCQA/flake8-import-order
Change-Id: I6018d5a90174b3d4b6b8d8e05cee1c1104ccfde9
|
| |
|
|
| |
Change-Id: I08f5db70cdbdae4b61b2384ffdc17f6533c57896
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds a new data migration: migrate_to_hardware_types.
It works by walking through known classic drivers, detecting matching
hardware types and interfaces and updates nodes accordingly.
Nodes that cannot be updated (e.g. matching hardware type is not
enabled) are skipped. A new migration option reset_unsupported_interfaces
can be set to True to allow resetting optional interfaces to their
no-op versions.
The example implementation are provided for the community supported
IPMI and SNMP drivers, as well as for fake drivers based on them.
Change-Id: I732b44f2ab1ef73f56b352415ffd9cdd8a0e232b
Partial-Bug: #1690185
|
| |
|
|
|
|
|
|
|
| |
This allows migration to be tuned to a specific deployment. For example,
when we will migrate nodes to hardware types, an option will be used
to specify what to do with missing interfaces.
Change-Id: Ie5045b20b7420fc9b5d864bfb18258a4d8b93334
Related-Bug: #1690185
|
| |
|
|
|
|
|
|
|
|
| |
This may cause troubles as some config options may not be
registered yet on the import of dbsync module. Accessing
dbapi attributes, which is lazy-loaded, will force the
object to initialize, and it may fail at such an early
stage.
Change-Id: I3b37498325a191f7c42b3b856b1b2cf326d57492
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many moons ago, we thought that we would implement rolling upgrades
using a similar model to nova. This included adding an instance
of an IronicObjectIndirectionAPI to the ironic-api service. What
it was meant to do was for ironic-api to invoke it if it received
an IronicObject that it didn't know what to do with (because it
didn't recognize that object's version). That API would have
invoked the conductor service, asking it to generate a version
of that object which ironic-api would understood.
To use this mechanism, the assumption is that the conductor is
the gateway to the DB.
This mechanism doesn't work for ironic for a few reasons:
- ironic API reads (and occasionally) writes directly to the database.
We don't want to change it to get access to the DB via the
conductor all the time, since for e.g. we don't want to slow down
the conductor
- Nova's rolling upgrade process is to initially take down all their
conductor services (which handles their DB interactions) at the
same time, while their other services are still running. Unless
ironic changes to have a similar model, we cannot take down all
the conductor services at the same time if ironic is to provide
services during a rolling upgrade.
Thus, this patch removes the unused IronicObjectIndirectionAPI from
the ironic-api service. Note that the IronicObjectIndrectionAPI
class itself (in ironic/objects/indirection.py) was left, in case
things ever change in the future. (And because removing that would
involve touching most, if not all, of the files in the objects/
subdirectory.)
Change-Id: I1aa264a8619105939968c0b8128b358badf00210
Closes-Bug: #1586320
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Now that we have rolling upgrades and the version column was
added and populated in the Pike release, we can add checks to
make sure the versions of objects in the DB are compatible
with this ironic release, before ironic-dbsync's upgrade or
online_data_migrations does its work. These ironic-dbsync
calls are made as part of upgrading to this (Queens) release.
Change-Id: I68758f8a29d483f5c0a7439fa2ea2962b2eb4124
Partial-Bug: #1708243
|
| |\ \
| |/ |
|
