├── .gitignore ├── .gitreview ├── .stestr.conf ├── CONTRIBUTING.rst ├── LICENSE ├── README.rst ├── api-ref └── source │ ├── conf.py │ ├── index.rst │ ├── introspection-api-v1-continue.inc │ ├── introspection-api-v1-introspection-management.inc │ ├── introspection-api-v1-introspection.inc │ ├── introspection-api-v1-rules.inc │ ├── introspection-api-versions.inc │ ├── parameters.yaml │ └── samples │ ├── api-root-response.json │ ├── api-v1-common-node-uuid.json │ ├── api-v1-common-rule-uuid.json │ ├── api-v1-continue-request.json │ ├── api-v1-create-rule-request.json │ ├── api-v1-create-rule-response.json │ ├── api-v1-data-introspection-response.json │ ├── api-v1-get-introspection-response.json │ ├── api-v1-get-introspections-response.json │ ├── api-v1-get-rule-response.json │ ├── api-v1-get-rules-response.json │ └── api-v1-root-response.json ├── bindep.txt ├── devstack ├── example.local.conf ├── plugin.sh ├── settings └── upgrade │ ├── resources.sh │ ├── settings │ ├── shutdown.sh │ └── upgrade.sh ├── doc ├── Makefile ├── requirements.txt └── source │ ├── .gitignore │ ├── admin │ ├── dnsmasq-pxe-filter.rst │ ├── index.rst │ └── upgrade.rst │ ├── cli │ ├── index.rst │ └── ironic-inspector-status.rst │ ├── conf.py │ ├── configuration │ ├── index.rst │ ├── ironic-inspector.rst │ ├── policy.rst │ ├── sample-config.rst │ └── sample-policy.rst │ ├── contributor │ ├── index.rst │ └── jobs-description.rst │ ├── images │ └── states.svg │ ├── index.rst │ ├── install │ └── index.rst │ └── user │ ├── http-api.rst │ ├── index.rst │ ├── troubleshooting.rst │ ├── usage.rst │ └── workflow.rst ├── ironic-inspector.8 ├── ironic_inspector ├── __init__.py ├── api_tools.py ├── cmd │ ├── __init__.py │ ├── all.py │ ├── conductor.py │ ├── dbsync.py │ ├── migration.py │ ├── status.py │ └── wsgi.py ├── common │ ├── __init__.py │ ├── auth_basic.py │ ├── context.py │ ├── coordination.py │ ├── device_hints.py │ ├── exception.py │ ├── i18n.py │ ├── ironic.py │ ├── keystone.py │ ├── lldp_parsers.py │ ├── lldp_tlvs.py │ ├── locking.py │ ├── mdns.py │ ├── rpc.py │ ├── rpc_service.py │ ├── service_utils.py │ └── swift.py ├── conductor │ ├── __init__.py │ └── manager.py ├── conf │ ├── __init__.py │ ├── accelerators.py │ ├── capabilities.py │ ├── coordination.py │ ├── default.py │ ├── discovery.py │ ├── dnsmasq_pxe_filter.py │ ├── exception.py │ ├── extra_hardware.py │ ├── healthcheck.py │ ├── iptables.py │ ├── ironic.py │ ├── mdns.py │ ├── opts.py │ ├── pci_devices.py │ ├── port_physnet.py │ ├── processing.py │ ├── pxe_filter.py │ ├── service_catalog.py │ └── swift.py ├── db │ ├── __init__.py │ ├── alembic.ini │ ├── api.py │ ├── migration.py │ ├── migrations │ │ ├── env.py │ │ ├── script.py.mako │ │ └── versions │ │ │ ├── 18440d0834af_introducing_the_aborting_state.py │ │ │ ├── 2970d2d44edc_add_manage_boot_to_nodes.py │ │ │ ├── 578f84f38d_inital_db_schema.py │ │ │ ├── 882b2d84cb1b_attribute_constraints_relaxing.py │ │ │ ├── b55109d5063a_added_scope_column_to_rules_table.py │ │ │ ├── bf8dec16023c_add_introspection_data_table.py │ │ │ ├── d00d6e3f38c4_change_created_finished_at_type.py │ │ │ ├── d2e48801c8ef_introducing_node_state_attribute.py │ │ │ ├── d588418040d_add_rules.py │ │ │ └── e169a4a81d88_add_invert_field_to_rule_condition.py │ └── model.py ├── introspect.py ├── introspection_state.py ├── known_accelerators.yaml ├── locale │ └── en_GB │ │ └── LC_MESSAGES │ │ └── ironic_inspector.po ├── main.py ├── node_cache.py ├── plugins │ ├── __init__.py │ ├── accel_device.py │ ├── base.py │ ├── base_physnet.py │ ├── capabilities.py │ ├── discovery.py │ ├── example.py │ ├── extra_hardware.py │ ├── introspection_data.py │ ├── lldp_basic.py │ ├── local_link_connection.py │ ├── pci_devices.py │ ├── physnet_cidr_map.py │ ├── raid_device.py │ ├── rules.py │ └── standard.py ├── policy.py ├── process.py ├── pxe_filter │ ├── __init__.py │ ├── base.py │ ├── dnsmasq.py │ ├── interface.py │ └── iptables.py ├── rules.py ├── test │ ├── __init__.py │ ├── base.py │ ├── functional.py │ └── unit │ │ ├── __init__.py │ │ ├── db │ │ ├── __init__.py │ │ ├── test_api.py │ │ └── test_migrations.py │ │ ├── policy_fixture.py │ │ ├── test_acl.py │ │ ├── test_api_tools.py │ │ ├── test_basic_auth.py │ │ ├── test_common_ironic.py │ │ ├── test_coordination.py │ │ ├── test_device_hints.py │ │ ├── test_dnsmasq_pxe_filter.py │ │ ├── test_introspect.py │ │ ├── test_iptables.py │ │ ├── test_keystone.py │ │ ├── test_locking.py │ │ ├── test_main.py │ │ ├── test_manager.py │ │ ├── test_mdns.py │ │ ├── test_node_cache.py │ │ ├── test_plugins_accel_device.py │ │ ├── test_plugins_base.py │ │ ├── test_plugins_base_physnet.py │ │ ├── test_plugins_capabilities.py │ │ ├── test_plugins_discovery.py │ │ ├── test_plugins_extra_hardware.py │ │ ├── test_plugins_introspection_data.py │ │ ├── test_plugins_lldp_basic.py │ │ ├── test_plugins_local_link_connection.py │ │ ├── test_plugins_pci_devices.py │ │ ├── test_plugins_physnet_cidr_map.py │ │ ├── test_plugins_raid_device.py │ │ ├── test_plugins_rules.py │ │ ├── test_plugins_standard.py │ │ ├── test_process.py │ │ ├── test_pxe_filter.py │ │ ├── test_rules.py │ │ ├── test_swift.py │ │ ├── test_utils.py │ │ └── test_wsgi_service.py ├── utils.py ├── version.py └── wsgi_service.py ├── releasenotes ├── config.yaml ├── notes │ ├── .placeholder │ ├── Inspector_rules_API_does_not_return_all_attributes-98a9765726c405d5.yaml │ ├── Reapply_update_started_at-8af8cf254cdf8cde.yaml │ ├── UUID-started_at-finished_at-in-the-status-API-7860312102923938.yaml │ ├── ability-to-turn-off-periodic-sync-5309ff2aa8a9ec14.yaml │ ├── abort-introspection-ae5cb5a9fbacd2ac.yaml │ ├── accelerators-2aa4f0cedf359810.yaml │ ├── accept-link-local-address-1fbb9cbdc3f980bb.yaml │ ├── active-introspection-949f4a50c9d5218a.yaml │ ├── active-node-not-in-cache-b2d7b77603f02a66.yaml │ ├── active_states_timeout-3e3ab110870483ec.yaml │ ├── add-disabled-option-to-add-ports-f8c6c9b3e6797652.yaml │ ├── add-ibmc-43de3a7af7b5b18d.yaml │ ├── add-list-introspection-state-selector-3bbb37dd08e35d09.yaml │ ├── add-lldp-basic-plugin-98aebcf43e60931b.yaml │ ├── add-lldp-plugin-4645596cb8b39fd3.yaml │ ├── add-lldp-plugin-dependency-c323412654f71b3e.yaml │ ├── add-node-state-to-introspection-api-response-85fb7f4e72ae386a.yaml │ ├── add-proxy-headers-support-127f99f5ff87f03f.yaml │ ├── add-support-for-listing-all-introspection-statuses-2a3d4379c3854894.yaml │ ├── add-support-for-long-running-ramdisk-ffee3c177c56cebb.yaml │ ├── add_node-with-version_id-24f51e5888480aa0.yaml │ ├── allow-periodics-shutdown-inspector-ac28ea5ba3224279.yaml │ ├── bmc-logging-deprecation-4ca046a64fac6f11.yaml │ ├── bug-2036455-bd3f6381b78c20db.yaml │ ├── capabilities-15cc2268d661f0a0.yaml │ ├── change-devstack-plugin-to-use-centos8ipa-71621f2b42554374.yaml │ ├── change_started_finished_at_type_to_datetime-c5617e598350970c.yaml │ ├── check-formatted-value-from-nonstring-3d851cb42ce3a0ac.yaml │ ├── compact-debug-logging-b15dd9bbdd3ce27a.yaml │ ├── construct-fly-free-fab62c0a5cb71fa5.yaml │ ├── contains-matches-ee28958b08995494.yaml │ ├── continue-http-500-62f33d425aade9d7.yaml │ ├── cors-5f345c65da7f5c99.yaml │ ├── cpu-memory-cfdc72b625780871.yaml │ ├── custom-ramdisk-log-name-dac06822c38657e7.yaml │ ├── db-status-consistency-enhancements-f97fbaccfc81a60b.yaml │ ├── default-policy-file-change-a1d0a4aa19dcb37d.yaml │ ├── deprecate-d23ae14b5bd3779e.yaml │ ├── deprecate-rollback-dea95ac515d3189b.yaml │ ├── deprecate-root-device-hint-909d389b7efed5da.yaml │ ├── deprecate-setting-ipmi-creds-1581ddc63b273811.yaml │ ├── deprecate-ssl-opts-40ce8f4618c786ef.yaml │ ├── deprecate-store-data-location-037eaab9cd326646.yaml │ ├── deprecated-ironic-1751ceec6295917d.yaml │ ├── deprecated-options-removal-ocata-a44dadf3bcf8d6fc.yaml │ ├── disable-dhcp-c86a3a0ee2696ee0.yaml │ ├── discovery-default-driver-94f990bb0676369b.yaml │ ├── dnsmask-pxe-filter-rootwrap-systemctl-099964ad39d38b4c.yaml │ ├── dnsmasq-pxe-filter-37928d3fdb1e8ec3.yaml │ ├── dnsmasq-pxe-filter-eoib-mac-support-7567bbc7c6bf1878.yaml │ ├── drop-maintenance-a9a87a9a2af051ad.yaml │ ├── drop-py-2-7-bd0a8558f4321435.yaml │ ├── edeploy-typeerror-6486e31923d91666.yaml │ ├── empty-condition-abc707b771be6be3.yaml │ ├── empty-ipmi-address-2-4d57c34aec7d14e2.yaml │ ├── empty-ipmi-address-5b5ca186a066ed32.yaml │ ├── enroll-hook-d8c32eba70848210.yaml │ ├── enroll-node-fields-3f4e22213fd90307.yaml │ ├── enroll-nodes-with-bmc-v6address-ba224f4a8a151c53.yaml │ ├── extend-rules-9a9d38701e970611.yaml │ ├── extra-check-9cf0a7d89e534ccd.yaml │ ├── extra-hardware-data-2346f0163e4b7699.yaml │ ├── extra-hardware-swift-aeebf299b9605bb0.yaml │ ├── find-node-input-filtering-e8ea529252e80739.yaml │ ├── firewall-refactoring-17e8ad764f2cde8d.yaml │ ├── firewall-rerun-f2d0f64cca2698ff.yaml │ ├── fix-CalledProcessError-on-startup-28d9dbed85a81542.yaml │ ├── fix-cache-error-on-start-27f492ba863d5f92.yaml │ ├── fix-crash-when-use-postgresql-ac6c708f48f55c83.yaml │ ├── fix-deadlock-during-cleanup-bcb6b517ef299791.yaml │ ├── fix-extra-hardware-process-c0635a972de37b0a.yaml │ ├── fix-llc-switch-id-not-mac-e2de3adc0945ee70.yaml │ ├── fix-lldp-decode-83f4ad3869b0c7a7.yaml │ ├── fix-mysql-6b79049fe96edae4.yaml │ ├── fix-periodic-tasks-configuration-edd167f0146e60b5.yaml │ ├── fix-pxe-filter-get-blacklist-2dde59d51c1d010f.yaml │ ├── fix-rules-endpoint-response-d60984c40d927c1f.yaml │ ├── fix-wrong-provision-state-name-150c91c48d471bf9.yaml │ ├── fix_llc_hook_bugs-efeea008c2f792eb.yaml │ ├── fix_llc_port_assume-4ea47d26501bddc3.yaml │ ├── fix_node_uuid_for_manual_inspection-2fa3f11343cab417.yaml │ ├── flask-debug-6d2dcc2b482324dc.yaml │ ├── futurist-557fcd18d4eaf1c1.yaml │ ├── googbye-patches-args-071532024b9260bd.yaml │ ├── handle-patch-port-failure-9a8b85749104506f.yaml │ ├── handle_eventlet_wsgi_evil_override-3905c6eef0ad7fa3.yaml │ ├── healthcheck-middleware-5994e8a8b54dbdb4.yaml │ ├── hook-deps-83a867c7af0300e4.yaml │ ├── http-basic-auth-fbe1da9669f5388c.yaml │ ├── http-basic-public-api-2cf0e206bea4b34e.yaml │ ├── ignore-resolve-error-5c20514598e0dbbf.yaml │ ├── infiniband-support-960d6846e326dec4.yaml │ ├── inspector-is-going-away-296119ff4b5454f0.yaml │ ├── introduce_skip_list_to_inspector-825cab226dd212f4.yaml │ ├── introspection-data-db-store-0586292de05cbfd7.yaml │ ├── introspection-delay-drivers-deprecation-1d0c25b112fbd4da.yaml │ ├── introspection-state-03538fac198882b6.yaml │ ├── introspection_rules_scope-9b06c3ad4e273a52.yaml │ ├── ipa-inventory-0a1e8d644da850ff.yaml │ ├── ipa-support-7eea800306829a49.yaml │ ├── ipmi-credentials-removal-0021f89424fbf7a3.yaml │ ├── ipv6-bmc-address-start-inspection-7a72794f25eb9f19.yaml │ ├── ironic-lib-hints-20412a1c7fa796e0.yaml │ ├── is-empty-missing-a590d580cb62761d.yaml │ ├── keystone-noauth-9ba5ad9884c6273c.yaml │ ├── keystoneauth-plugins-aab6cbe1d0e884bf.yaml │ ├── ksadapters-abc9edc63cafa405.yaml │ ├── leader-election-c6692d9962f30ad1.yaml │ ├── legacy-rbac-policy-disabled-6fc45ad1237f4d57.yaml │ ├── less-iptables-calls-759e89d103df504c.yaml │ ├── listen-v6-effec95455e900f8.yaml │ ├── local_gb-250bd415684a7855.yaml │ ├── log-info-not-found-cache-error-afbc87e80305ca5c.yaml │ ├── logs-collector-logging-356e56cd70a04a2b.yaml │ ├── lookup-all-macs-eead528c0b764ad7.yaml │ ├── loopback-bmc-e60d64fe74bdf142.yaml │ ├── manage-boot-2ae986f87098576b.yaml │ ├── manage-boot-power-off-d8ed644f11659c38.yaml │ ├── mdns-a5f4034257139e31.yaml │ ├── migrate-introspection-data-bcd692c9ad3f22d7.yaml │ ├── migrations-1.3.20-0d337d000bd0a7e0.yaml │ ├── migrations-autogenerate-4303fd496c3c2757.yaml │ ├── missing-pxe-mac-d9329dab85513460.yaml │ ├── multiattribute_node_lookup-17e219ba8d3e5eb0.yaml │ ├── names-82d9f84153a228ec.yaml │ ├── nested-value-formatting-e04f187475e5e475.yaml │ ├── no-downgrade-migrations-514bf872d9f944ed.yaml │ ├── no-fail-on-power-off-enroll-node-e40854f6def397b8.yaml │ ├── no-logs-stored-data-6db52934c7f9a91a.yaml │ ├── no-old-ramdisk-095b05e1245131d8.yaml │ ├── no-rollback-e15bc7fee0134545.yaml │ ├── no-root_device_hint-0e7676d481d503bb.yaml │ ├── node-id-920629472f01c83a.yaml │ ├── node-locking-4d135ca5b93524b1.yaml │ ├── optional-root-disk-9b972f504b2e6262.yaml │ ├── parse-headers-with-the-microversion-parse-library-1b655eb52998f1df.yaml │ ├── patch-head-backslash-24bcdd03ba254bf2.yaml │ ├── pci_devices-plugin-5b93196e0e973155.yaml │ ├── periodics-18bf7fb57777c043.yaml │ ├── persistent-boot-207b32257a97451e.yaml │ ├── pgsql-imperative-enum-dda76f150a205d0a.yaml │ ├── physnet-base-4499ad3a7c08725f.yaml │ ├── physnet-cidr-map-hook-b38bf8051ad5ba69.yaml │ ├── policy-engine-c44828e3131e6c62.yaml │ ├── port-creation-plugin-c0405ec646b1051d.yaml │ ├── port-list-retry-745d1cf41780e961.yaml │ ├── post-introspection-data-9cdd39a3de446e92.yaml │ ├── prelude-10.0.0-773ef7f14a5dfdf5.yaml │ ├── preprocessing-error-01e55b4db20fb7fc.yaml │ ├── processing-data-type-check-7c914339d3ab15ba.yaml │ ├── processing-logging-e2d27bbac95a7213.yaml │ ├── project-status-4ce6dc06e8b8a0d1.yaml │ ├── pxe-enabled-cbc3287ebe3fcd49.yaml │ ├── pxe-enabled-for-pxe-a199e81128557bc0.yaml │ ├── pxe-filter-add-deny-unknown-host-option-b84b2aa1f7f49a17.yaml │ ├── pxe-filter-dnsmasq-manage-deleted-ironic-macs-4bb766efad8c6d02.yaml │ ├── pxe-filter-dnsmasq-not-known-hosts-filter-76ae5bd7a8db6f75.yaml │ ├── pxe-filter-driver-stuck-ea5844cf3eafa61f.yaml │ ├── ramdisk-logs-on-all-failures-24da41edf3a98400.yaml │ ├── reapply-introspection-5edbbfaf498dbd12.yaml │ ├── remove-deprecated-conf-opts-361ab0bb342f0e7e.yaml │ ├── remove-deprecated-ssl-opt-f6e6bd841f2c1061.yaml │ ├── remove-opt-group-firewall-96266983e476c29e.yaml │ ├── remove-opt-keep-node-status-7d6b96f1a6e498a8.yaml │ ├── remove-policy-json-b4746d64c1511023.yaml │ ├── remove-py38-547c59b20ab9424d.yaml │ ├── remove-store-data-location-e68462ff6ba257e0.yaml │ ├── remove_filter_logging-1a80419083c42bc6.yaml │ ├── reply-with-content-type-644b741261c87c8c.yaml │ ├── reset-interfaces-ff78d50b9f05d47d.yaml │ ├── retry_to_handle_transient_failures-e1da302fd1d06528.yaml │ ├── role-service-for-openstack-rbac-changes-7ca8533f76e504d5.yaml │ ├── rollback-formatting-7d61c9af2600d42f.yaml │ ├── rollback-removal-a03a989e2e9f776b.yaml │ ├── rootwrap-removal-68af457a0104a2ba.yaml │ ├── rpc-backends-0e7405aa1c7723a0.yaml │ ├── rules-invert-2585173a11db3c31.yaml │ ├── sdk-2-leak-500f3669afb6713e.yaml │ ├── secure-rbac-0d4fcbc865d45858.yaml │ ├── set-node-to-error-when-swift-failure-3e919ecbf9db6401.yaml │ ├── short_circuit_port_update_for_manual_inspection-5dc296df9d409c69.yaml │ ├── sighup-support-e6eaec034d963108.yaml │ ├── size-hint-ea2a264468e1fcb7.yaml │ ├── sphinx-docs-4d0a5886261e57bf.yaml │ ├── split-services-99873ff27ef2d89b.yaml │ ├── sqlalchemy-minimum-version-cd34a2e10d7946fd.yaml │ ├── status-removal-fa1d9a98ffad9f60.yaml │ ├── stein-prelude-42f0d90bf2c6a1a9.yaml │ ├── stop-when-setbootdev-failed-68d84fec0843bdc8.yaml │ ├── story-2002166-371315335fd8e62d.yaml │ ├── support-ip6tables-ce30f614de502adb.yaml │ ├── support-microversion-latest-dcf9598c5218e979.yaml │ ├── support_redfish_address-94eae2c0d2879f53.yaml │ ├── swift-deprecations-d7680b867fae7f3d.yaml │ ├── swift-max-retries-dfaecb74bd3aba9a.yaml │ ├── swift-max-retries-removal-8f3c117240448760.yaml │ ├── tempest_plugin_removal-91a01f5950f543e1.yaml │ ├── trailing-slashes-93c2466b71829ec1.yaml │ ├── trait-actions-eec05cbb6a944619.yaml │ ├── unix-socket-2f4281f8db5dd80a.yaml │ ├── unmanaged-delay-d39871e1346d9448.yaml │ ├── unmanaged-result-4de3788e7820e3c5.yaml │ ├── unprocessed-07842e56eb60e253.yaml │ ├── unset_property_instrospectionrules-78d64b8b7643e40d.yaml │ ├── update-default-ironic-api-stein-b3b01ec542fa8f15.yaml │ ├── validate-ipv6-address-fda29c929754352e.yaml │ ├── vaporize-ironicclient-8c6afbecc0152dad.yaml │ └── zero-size-55c4b4f2b9e8384d.yaml └── source │ ├── 2023.1.rst │ ├── 2023.2.rst │ ├── 2024.1.rst │ ├── 2024.2.rst │ ├── 2025.1.rst │ ├── _static │ └── .placeholder │ ├── _templates │ └── .placeholder │ ├── conf.py │ ├── index.rst │ ├── liberty.rst │ ├── locale │ ├── en_GB │ │ └── LC_MESSAGES │ │ │ └── releasenotes.po │ └── fr │ │ └── LC_MESSAGES │ │ └── releasenotes.po │ ├── mitaka.rst │ ├── newton.rst │ ├── ocata.rst │ ├── pike.rst │ ├── queens.rst │ ├── rocky.rst │ ├── stein.rst │ ├── train.rst │ ├── unreleased.rst │ ├── ussuri.rst │ ├── victoria.rst │ ├── wallaby.rst │ ├── xena.rst │ ├── yoga.rst │ └── zed.rst ├── requirements.txt ├── rootwrap.conf ├── rootwrap.d └── ironic-inspector.filters ├── setup.cfg ├── setup.py ├── test-requirements.txt ├── tools ├── bandit.yml ├── config-generator.conf ├── policy-generator.conf ├── states_to_dot.py └── test-setup.sh ├── tox.ini └── zuul.d ├── ironic-inspector-jobs.yaml └── project.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled files 2 | *.py[co] 3 | *.a 4 | *.o 5 | *.so 6 | 7 | # Sphinx 8 | _build 9 | doc/source/contributor/api/ 10 | doc/source/_static/*.sample 11 | 12 | # release notes build 13 | releasenotes/build 14 | 15 | # generated config files 16 | example.conf 17 | policy.yaml.sample 18 | 19 | # Packages/installer info 20 | *.egg 21 | *.egg-info 22 | dist 23 | build 24 | eggs 25 | parts 26 | var 27 | sdist 28 | develop-eggs 29 | .installed.cfg 30 | .eggs/ 31 | 32 | # Other 33 | *.DS_Store 34 | .idea 35 | .stestr 36 | .testrepository 37 | .tox 38 | .venv 39 | .*.swp 40 | .coverage 41 | cover 42 | AUTHORS 43 | ChangeLog 44 | *.sqlite 45 | *~ 46 | 47 | # Vagrant 48 | .vagrant 49 | -------------------------------------------------------------------------------- /.gitreview: -------------------------------------------------------------------------------- 1 | [gerrit] 2 | host=review.opendev.org 3 | port=29418 4 | project=openstack/ironic-inspector.git 5 | -------------------------------------------------------------------------------- /.stestr.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | test_path=${TESTS_DIR:-./ironic_inspector/test/unit/} 3 | top_dir=./ 4 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | =============================================== 2 | Hardware introspection for OpenStack Bare Metal 3 | =============================================== 4 | 5 | .. warning:: 6 | This project is now in the maintenance mode and new deployments of it are 7 | discouraged. Please use `built-in in-band inspection in ironic 8 | `_ 9 | instead. For existing deployments, see the `migration guide 10 | `_. 11 | 12 | Introduction 13 | ============ 14 | 15 | .. image:: https://governance.openstack.org/tc/badges/ironic-inspector.svg 16 | :target: https://governance.openstack.org/tc/reference/tags/index.html 17 | 18 | This is an auxiliary service for discovering hardware properties for a 19 | node managed by `Ironic`_. Hardware introspection or hardware 20 | properties discovery is a process of getting hardware parameters required for 21 | scheduling from a bare metal node, given its power management credentials 22 | (e.g. IPMI address, user name and password). 23 | 24 | * Free software: Apache license 25 | * Source: https://opendev.org/openstack/ironic-inspector/ 26 | * Bugs: https://bugs.launchpad.net/ironic-inspector 27 | * Downloads: https://tarballs.openstack.org/ironic-inspector/ 28 | * Documentation: https://docs.openstack.org/ironic-inspector/latest/ 29 | * Python client library and CLI tool: `python-ironic-inspector-client 30 | `_ 31 | (`documentation 32 | `_). 33 | 34 | .. _Ironic: https://wiki.openstack.org/wiki/Ironic 35 | 36 | .. note:: 37 | **ironic-inspector** was called *ironic-discoverd* before version 2.0.0. 38 | 39 | Release Notes 40 | ============= 41 | 42 | For information on any current or prior version, see `the release notes`_. 43 | 44 | .. _the release notes: https://docs.openstack.org/releasenotes/ironic-inspector/ 45 | -------------------------------------------------------------------------------- /api-ref/source/index.rst: -------------------------------------------------------------------------------- 1 | :tocdepth: 2 2 | 3 | ============================ 4 | Bare Metal Introspection API 5 | ============================ 6 | 7 | By default **ironic-inspector** listens on ``[::]:5050``, host and port 8 | can be changed in the configuration file. Protocol is JSON over HTTP. 9 | 10 | .. warning:: 11 | The ironic-inspector project is in the maintenance mode, its API reference 12 | is provided for historical reasons. New applications should use the 13 | `baremetal API `_ instead. 14 | 15 | .. rest_expand_all:: 16 | 17 | .. include:: introspection-api-versions.inc 18 | .. include:: introspection-api-v1-introspection.inc 19 | .. include:: introspection-api-v1-introspection-management.inc 20 | .. include:: introspection-api-v1-continue.inc 21 | .. include:: introspection-api-v1-rules.inc 22 | -------------------------------------------------------------------------------- /api-ref/source/introspection-api-v1-continue.inc: -------------------------------------------------------------------------------- 1 | .. -*- rst -*- 2 | 3 | ========================== 4 | Process introspection data 5 | ========================== 6 | 7 | After the ramdisk collects the required information from the bare metal 8 | node, it should post it back to Inspector via ``POST /v1/continue`` API. 9 | 10 | .. warning:: 11 | Operators are reminded not to expose the Ironic Inspector API to 12 | unsecured and untrusted networks. API below is available to 13 | *unauthenticated* clients because **ironic-python-agent** ramdisk 14 | does not have access to keystone credentials. 15 | 16 | 17 | Ramdisk Callback 18 | ================ 19 | 20 | .. rest_method:: POST /v1/continue 21 | 22 | It is the API for the ramdisk to post back all discovered data. 23 | This should not be used for clients other than the ramdisk. 24 | 25 | Full list of hardware inventory keys may be found in **ironic-python-agent** 26 | documentation: `hardware inventory `_. 27 | 28 | Normal response codes: 201 29 | 30 | Error codes: 400 31 | 32 | Request 33 | ------- 34 | 35 | List of mandatory hardware keys: 36 | 37 | .. rest_parameters:: parameters.yaml 38 | 39 | - inventory: inventory 40 | - memory: memory 41 | - cpu: cpu 42 | - interfaces: interfaces 43 | - disks: disks 44 | - root_disk: root_disk 45 | - bmc_address: bmc_address 46 | - boot_interface: boot_interface 47 | - error: ramdisk_error 48 | - logs: logs 49 | 50 | **Example node introspection continue request:** 51 | 52 | .. literalinclude:: samples/api-v1-continue-request.json 53 | :language: javascript 54 | 55 | 56 | Response 57 | -------- 58 | 59 | The response will contain Ironic node ``uuid`` record. 60 | 61 | .. rest_parameters:: parameters.yaml 62 | 63 | - uuid: node_uuid 64 | 65 | **Example JSON representation:** 66 | 67 | .. literalinclude:: samples/api-v1-common-node-uuid.json 68 | :language: javascript 69 | -------------------------------------------------------------------------------- /api-ref/source/samples/api-root-response.json: -------------------------------------------------------------------------------- 1 | { 2 | "versions": [ 3 | { 4 | "id": "1.12", 5 | "links": [ 6 | { 7 | "href": "http://127.0.0.1:5050/v1", 8 | "rel": "self" 9 | } 10 | ], 11 | "status": "CURRENT" 12 | } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /api-ref/source/samples/api-v1-common-node-uuid.json: -------------------------------------------------------------------------------- 1 | { 2 | "uuid": "c244557e-899f-46fa-a1ff-5b2c6718616b" 3 | } -------------------------------------------------------------------------------- /api-ref/source/samples/api-v1-common-rule-uuid.json: -------------------------------------------------------------------------------- 1 | { 2 | "uuid": "b0ea6361-03cd-467c-859c-7230547dcb9a" 3 | } -------------------------------------------------------------------------------- /api-ref/source/samples/api-v1-continue-request.json: -------------------------------------------------------------------------------- 1 | { 2 | "root_disk": { 3 | "rotational": true, 4 | "vendor": "0x1af4", 5 | "name": "/dev/vda", 6 | "hctl": null, 7 | "wwn_vendor_extension": null, 8 | "wwn_with_extension": null, 9 | "model": "", 10 | "wwn": null, 11 | "serial": null, 12 | "size": 13958643712 13 | }, 14 | "boot_interface": "52:54:00:4e:3d:30", 15 | "inventory": { 16 | "bmc_address": "192.167.2.134", 17 | "interfaces": [ 18 | { 19 | "lldp": null, 20 | "product": "0x0001", 21 | "vendor": "0x1af4", 22 | "name": "eth1", 23 | "has_carrier": true, 24 | "ipv4_address": "172.24.42.101", 25 | "client_id": null, 26 | "mac_address": "52:54:00:47:20:4d" 27 | }, 28 | { 29 | "lldp": null, 30 | "product": "0x0001", 31 | "vendor": "0x1af4", 32 | "name": "eth0", 33 | "has_carrier": true, 34 | "ipv4_address": "172.24.42.100", 35 | "client_id": null, 36 | "mac_address": "52:54:00:4e:3d:30" 37 | } 38 | ], 39 | "disks": [ 40 | { 41 | "rotational": true, 42 | "vendor": "0x1af4", 43 | "name": "/dev/vda", 44 | "hctl": null, 45 | "wwn_vendor_extension": null, 46 | "wwn_with_extension": null, 47 | "model": "", 48 | "wwn": null, 49 | "serial": null, 50 | "size": 13958643712 51 | } 52 | ], 53 | "memory": { 54 | "physical_mb": 2048, 55 | "total": 2105864192 56 | }, 57 | "cpu": { 58 | "count": 2, 59 | "frequency": "2100.084", 60 | "flags": [ 61 | "fpu", 62 | "mmx", 63 | "fxsr", 64 | "sse", 65 | "sse2", 66 | ], 67 | "architecture": "x86_64" 68 | } 69 | }, 70 | "logs": "" 71 | } -------------------------------------------------------------------------------- /api-ref/source/samples/api-v1-create-rule-request.json: -------------------------------------------------------------------------------- 1 | { 2 | "uuid":"7459bf7c-9ff9-43a8-ba9f-48542ecda66c", 3 | "description":"Set deploy info if not already set on node", 4 | "actions":[ 5 | { 6 | "action":"set-attribute", 7 | "path":"driver_info/deploy_kernel", 8 | "value":"8fd65-c97b-4d00-aa8b-7ed166a60971" 9 | }, 10 | { 11 | "action":"set-attribute", 12 | "path":"driver_info/deploy_ramdisk", 13 | "value":"09e5420c-6932-4199-996e-9485c56b3394" 14 | } 15 | ], 16 | "conditions":[ 17 | { 18 | "op":"is-empty", 19 | "field":"node://driver_info.deploy_ramdisk" 20 | }, 21 | { 22 | "op":"is-empty", 23 | "field":"node://driver_info.deploy_kernel" 24 | } 25 | ], 26 | "scope":"Delivery_1" 27 | } -------------------------------------------------------------------------------- /api-ref/source/samples/api-v1-create-rule-response.json: -------------------------------------------------------------------------------- 1 | { 2 | "actions": [ 3 | { 4 | "action": "set-attribute", 5 | "path": "driver_info/deploy_kernel", 6 | "value": "8fd65-c97b-4d00-aa8b-7ed166a60971" 7 | }, 8 | { 9 | "action": "set-attribute", 10 | "path": "driver_info/deploy_ramdisk", 11 | "value": "09e5420c-6932-4199-996e-9485c56b3394" 12 | } 13 | ], 14 | "conditions": [ 15 | { 16 | "field": "node://driver_info.deploy_ramdisk", 17 | "invert": false, 18 | "multiple": "any", 19 | "op": "is-empty" 20 | }, 21 | { 22 | "field": "node://driver_info.deploy_kernel", 23 | "invert": false, 24 | "multiple": "any", 25 | "op": "is-empty" 26 | } 27 | ], 28 | "description": "Set deploy info if not already set on node", 29 | "links": [ 30 | { 31 | "href": "/v1/rules/7459bf7c-9ff9-43a8-ba9f-48542ecda66c", 32 | "rel": "self" 33 | } 34 | ], 35 | "uuid": "7459bf7c-9ff9-43a8-ba9f-48542ecda66c", 36 | "scope": "" 37 | } 38 | -------------------------------------------------------------------------------- /api-ref/source/samples/api-v1-get-introspection-response.json: -------------------------------------------------------------------------------- 1 | { 2 | "error": null, 3 | "finished": true, 4 | "finished_at": "2017-08-16T12:24:30", 5 | "links": [ 6 | { 7 | "href": "http://127.0.0.1:5050/v1/introspection/c244557e-899f-46fa-a1ff-5b2c6718616b", 8 | "rel": "self" 9 | } 10 | ], 11 | "started_at": "2017-08-16T12:22:01", 12 | "state": "finished", 13 | "uuid": "c244557e-899f-46fa-a1ff-5b2c6718616b" 14 | } -------------------------------------------------------------------------------- /api-ref/source/samples/api-v1-get-introspections-response.json: -------------------------------------------------------------------------------- 1 | { 2 | "introspection": [ 3 | { 4 | "error": null, 5 | "finished": true, 6 | "finished_at": "2017-08-17T11:36:16", 7 | "links": [ 8 | { 9 | "href": "http://127.0.0.1:5050/v1/introspection/05ccda19-581b-49bf-8f5a-6ded99701d87", 10 | "rel": "self" 11 | } 12 | ], 13 | "started_at": "2017-08-17T11:33:43", 14 | "state": "finished", 15 | "uuid": "05ccda19-581b-49bf-8f5a-6ded99701d87" 16 | }, 17 | { 18 | "error": null, 19 | "finished": true, 20 | "finished_at": "2017-08-16T12:24:30", 21 | "links": [ 22 | { 23 | "href": "http://127.0.0.1:5050/v1/introspection/c244557e-899f-46fa-a1ff-5b2c6718616b", 24 | "rel": "self" 25 | } 26 | ], 27 | "started_at": "2017-08-16T12:22:01", 28 | "state": "finished", 29 | "uuid": "c244557e-899f-46fa-a1ff-5b2c6718616b" 30 | } 31 | ] 32 | } 33 | -------------------------------------------------------------------------------- /api-ref/source/samples/api-v1-get-rule-response.json: -------------------------------------------------------------------------------- 1 | { 2 | "actions": [ 3 | { 4 | "action": "set-attribute", 5 | "path": "driver", 6 | "value": "agent_ipmitool" 7 | }, 8 | { 9 | "action": "set-attribute", 10 | "path": "driver_info/ipmi_username", 11 | "value": "username" 12 | }, 13 | { 14 | "action": "set-attribute", 15 | "path": "driver_info/ipmi_password", 16 | "value": "password" 17 | } 18 | ], 19 | "conditions": [ 20 | { 21 | "field": "node://driver_info.ipmi_password", 22 | "invert": false, 23 | "multiple": "any", 24 | "op": "is-empty" 25 | }, 26 | { 27 | "field": "node://driver_info.ipmi_username", 28 | "invert": false, 29 | "multiple": "any", 30 | "op": "is-empty" 31 | } 32 | ], 33 | "description": "Set IPMI driver_info if no credentials", 34 | "links": [ 35 | { 36 | "href": "/v1/rules/b0ea6361-03cd-467c-859c-7230547dcb9a", 37 | "rel": "self" 38 | } 39 | ], 40 | "uuid": "b0ea6361-03cd-467c-859c-7230547dcb9a" 41 | } 42 | -------------------------------------------------------------------------------- /api-ref/source/samples/api-v1-get-rules-response.json: -------------------------------------------------------------------------------- 1 | { 2 | "rules": [ 3 | { 4 | "description": "Set deploy info if not already set on node", 5 | "links": [ 6 | { 7 | "href": "/v1/rules/7459bf7c-9ff9-43a8-ba9f-48542ecda66c", 8 | "rel": "self" 9 | } 10 | ], 11 | "uuid": "7459bf7c-9ff9-43a8-ba9f-48542ecda66c" 12 | }, 13 | { 14 | "description": "Set IPMI driver_info if no credentials", 15 | "links": [ 16 | { 17 | "href": "/v1/rules/b0ea6361-03cd-467c-859c-7230547dcb9a", 18 | "rel": "self" 19 | } 20 | ], 21 | "uuid": "b0ea6361-03cd-467c-859c-7230547dcb9a" 22 | } 23 | ] 24 | } 25 | -------------------------------------------------------------------------------- /api-ref/source/samples/api-v1-root-response.json: -------------------------------------------------------------------------------- 1 | { 2 | "resources": [ 3 | { 4 | "links": [ 5 | { 6 | "href": "http://127.0.0.1:5050/v1/introspection", 7 | "rel": "self" 8 | } 9 | ], 10 | "name": "introspection" 11 | }, 12 | { 13 | "links": [ 14 | { 15 | "href": "http://127.0.0.1:5050/v1/continue", 16 | "rel": "self" 17 | } 18 | ], 19 | "name": "continue" 20 | }, 21 | { 22 | "links": [ 23 | { 24 | "href": "http://127.0.0.1:5050/v1/rules", 25 | "rel": "self" 26 | } 27 | ], 28 | "name": "rules" 29 | } 30 | ] 31 | } 32 | -------------------------------------------------------------------------------- /bindep.txt: -------------------------------------------------------------------------------- 1 | # needed for mysql 2 | mysql-client [platform:dpkg !platform:debian-bookworm] 3 | mysql-server [platform:dpkg !platform:debian-bookworm] 4 | mariadb-client [platform:debian-bookworm] 5 | mariadb-server [platform:debian-bookworm] 6 | # needed for psql 7 | postgresql 8 | postgresql-client [platform:dpkg] 9 | 10 | # libsrvg2 is needed for sphinxcontrib-svg2pdfconverter in docs builds. 11 | librsvg2-tools [doc platform:rpm] 12 | librsvg2-bin [doc platform:dpkg] 13 | -------------------------------------------------------------------------------- /devstack/settings: -------------------------------------------------------------------------------- 1 | enable_service ironic-inspector ironic-inspector-dhcp 2 | -------------------------------------------------------------------------------- /devstack/upgrade/resources.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2015 Hewlett-Packard Development Company, L.P. 4 | # Copyright 2016 Intel Corporation 5 | # Copyright 2016 Red Hat, Inc. 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 8 | # not use this file except in compliance with the License. You may obtain 9 | # a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 16 | # License for the specific language governing permissions and limitations 17 | # under the License. 18 | ## based on Ironic/devstack/upgrade/resources.sh 19 | 20 | set -o errexit 21 | 22 | source $GRENADE_DIR/grenaderc 23 | source $GRENADE_DIR/functions 24 | 25 | source $TOP_DIR/openrc admin admin 26 | 27 | # Inspector relies on a couple of Ironic variables 28 | source $TARGET_RELEASE_DIR/ironic/devstack/lib/ironic 29 | 30 | INSPECTOR_DEVSTACK_DIR=$(cd $(dirname "$0")/.. && pwd) 31 | source $INSPECTOR_DEVSTACK_DIR/plugin.sh 32 | 33 | set -o xtrace 34 | 35 | 36 | function early_create { 37 | : 38 | } 39 | 40 | function create { 41 | : 42 | } 43 | 44 | function verify { 45 | : 46 | } 47 | 48 | function verify_noapi { 49 | : 50 | } 51 | 52 | function destroy { 53 | : 54 | } 55 | 56 | # Dispatcher 57 | case $1 in 58 | "early_create") 59 | early_create 60 | ;; 61 | "create") 62 | create 63 | ;; 64 | "verify_noapi") 65 | verify_noapi 66 | ;; 67 | "verify") 68 | verify 69 | ;; 70 | "destroy") 71 | destroy 72 | ;; 73 | "force_destroy") 74 | set +o errexit 75 | destroy 76 | ;; 77 | esac 78 | -------------------------------------------------------------------------------- /devstack/upgrade/settings: -------------------------------------------------------------------------------- 1 | # Enabling Inspector grenade plug-in 2 | # Based on Ironic/devstack/grenade/settings 3 | register_project_for_upgrade ironic-inspector 4 | register_db_to_save ironic_inspector 5 | -------------------------------------------------------------------------------- /devstack/upgrade/shutdown.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # based on Ironic/devstack/upgrade/shutdown.sh 4 | 5 | set -o errexit 6 | 7 | source $GRENADE_DIR/grenaderc 8 | source $GRENADE_DIR/functions 9 | 10 | # We need base DevStack functions for this 11 | source $BASE_DEVSTACK_DIR/functions 12 | source $BASE_DEVSTACK_DIR/stackrc # needed for status directory 13 | source $BASE_DEVSTACK_DIR/lib/tls 14 | source $BASE_DEVSTACK_DIR/lib/apache 15 | 16 | # Inspector relies on a couple of Ironic variables 17 | source $TARGET_RELEASE_DIR/ironic/devstack/lib/ironic 18 | 19 | # Keep track of the DevStack directory 20 | INSPECTOR_DEVSTACK_DIR=$(cd $(dirname "$0")/.. && pwd) 21 | source $INSPECTOR_DEVSTACK_DIR/plugin.sh 22 | 23 | 24 | set -o xtrace 25 | 26 | stop_inspector 27 | if is_inspector_dhcp_required; then 28 | stop_inspector_dhcp 29 | fi 30 | -------------------------------------------------------------------------------- /doc/requirements.txt: -------------------------------------------------------------------------------- 1 | os-api-ref>=1.4.0 # Apache-2.0 2 | reno>=3.1.0 # Apache-2.0 3 | sphinx>=2.0.0 # BSD 4 | sphinxcontrib-svg2pdfconverter>=0.1.0 # BSD 5 | sphinxcontrib-apidoc>=0.2.0 # BSD 6 | openstackdocstheme>=2.2.0 # Apache-2.0 7 | -------------------------------------------------------------------------------- /doc/source/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | build/ -------------------------------------------------------------------------------- /doc/source/admin/index.rst: -------------------------------------------------------------------------------- 1 | Administrator Guide 2 | =================== 3 | 4 | How to upgrade Ironic Inspector 5 | ------------------------------- 6 | 7 | .. toctree:: 8 | :maxdepth: 2 9 | 10 | upgrade 11 | 12 | Dnsmasq PXE filter driver 13 | ------------------------- 14 | 15 | .. toctree:: 16 | :maxdepth: 2 17 | 18 | dnsmasq-pxe-filter 19 | -------------------------------------------------------------------------------- /doc/source/admin/upgrade.rst: -------------------------------------------------------------------------------- 1 | Upgrade Guide 2 | ------------- 3 | 4 | The `release notes `_ 5 | should always be read carefully when upgrading the ironic-inspector service. 6 | Starting with the Mitaka series, specific upgrade steps and considerations are 7 | well-documented in the release notes. 8 | 9 | Upgrades are only supported one series at a time, or within a series. 10 | Only offline (with downtime) upgrades are currently supported. 11 | 12 | When upgrading ironic-inspector, the following steps should always be taken: 13 | 14 | * Update ironic-inspector code, without restarting the service yet. 15 | 16 | * Stop the ironic-inspector service. 17 | 18 | * Run database migrations:: 19 | 20 | ironic-inspector-dbsync --config-file upgrade 21 | 22 | * Start the ironic-inspector service. 23 | 24 | * Upgrade the ironic-python-agent image used for introspection. 25 | 26 | .. note:: 27 | There is no implicit upgrade order between ironic and ironic-inspector, 28 | unless the `release notes`_ say otherwise. 29 | 30 | Migrating introspection data 31 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 32 | 33 | Starting with Stein release, ironic-inspector supports two introspection data 34 | storage backends: ``swift`` and ``database``. If you decide to change the 35 | backend, you can use the provided command to migrate the data:: 36 | 37 | ironic-inspector-migrate-data --from swift --to database --config-file /etc/ironic-inspector/inspector.conf 38 | 39 | .. note:: 40 | Configuration for **both** backends is expected to be present in the 41 | configuration file for this command to succeed. 42 | -------------------------------------------------------------------------------- /doc/source/cli/index.rst: -------------------------------------------------------------------------------- 1 | Command References 2 | ================== 3 | 4 | Here are references for commands not elsewhere documented. 5 | 6 | .. toctree:: 7 | :maxdepth: 1 8 | 9 | ironic-inspector-status 10 | -------------------------------------------------------------------------------- /doc/source/configuration/index.rst: -------------------------------------------------------------------------------- 1 | Configuration Guide 2 | =================== 3 | 4 | The ironic-inspector service operation is defined by a configuration 5 | file. The overview of configuration file options follow. 6 | 7 | .. toctree:: 8 | :maxdepth: 1 9 | 10 | Ironic Inspector Configuration Options 11 | Policies 12 | 13 | .. only:: html 14 | 15 | Sample files 16 | ------------ 17 | 18 | .. toctree:: 19 | :maxdepth: 1 20 | 21 | Sample Ironic Inspector Configuration 22 | Sample policy file 23 | -------------------------------------------------------------------------------- /doc/source/configuration/ironic-inspector.rst: -------------------------------------------------------------------------------- 1 | 2 | --------------------- 3 | ironic-inspector.conf 4 | --------------------- 5 | 6 | .. show-options:: 7 | :config-file: tools/config-generator.conf 8 | -------------------------------------------------------------------------------- /doc/source/configuration/policy.rst: -------------------------------------------------------------------------------- 1 | ======== 2 | Policies 3 | ======== 4 | 5 | .. warning:: 6 | JSON formatted policy files were deprecated in the Wallaby development 7 | cycle due to the Victoria deprecation by the ``olso.policy`` library. 8 | Use the `oslopolicy-convert-json-to-yaml`__ tool 9 | to convert the existing JSON to YAML formatted policy file in backward 10 | compatible way. 11 | 12 | .. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html 13 | 14 | 15 | The following is an overview of all available policies in **ironic inspector**. 16 | For a sample configuration file, refer to :doc:`sample-policy`. 17 | 18 | .. show-policy:: 19 | :config-file: tools/policy-generator.conf 20 | -------------------------------------------------------------------------------- /doc/source/configuration/sample-config.rst: -------------------------------------------------------------------------------- 1 | ====================================== 2 | Ironic Inspector Configuration Options 3 | ====================================== 4 | 5 | The following is a sample Ironic Inspector configuration for 6 | adaptation and use. It is auto-generated from Ironic Inspector 7 | when this documentation is built, so if you find issues with an 8 | option, please compare your version of Ironic Inspector with the 9 | version of this documentation. 10 | 11 | The sample configuration can also be downloaded as a :download:`file 12 | `. 13 | 14 | .. literalinclude:: /_static/ironic-inspector.conf.sample 15 | -------------------------------------------------------------------------------- /doc/source/configuration/sample-policy.rst: -------------------------------------------------------------------------------- 1 | ======================= 2 | Ironic Inspector Policy 3 | ======================= 4 | 5 | The following is a sample **ironic-inspector** policy file, autogenerated from 6 | Ironic Inspector when this documentation is built. 7 | To avoid issues, make sure your version of **ironic-inspector** 8 | matches that of the example policy file. 9 | 10 | The sample policy can also be downloaded as a :download:`file 11 | `. 12 | 13 | .. literalinclude:: /_static/ironic-inspector.policy.yaml.sample 14 | -------------------------------------------------------------------------------- /doc/source/contributor/index.rst: -------------------------------------------------------------------------------- 1 | .. _contributing_link: 2 | 3 | .. include:: ../../../CONTRIBUTING.rst 4 | 5 | Python API 6 | ~~~~~~~~~~ 7 | 8 | .. toctree:: 9 | :maxdepth: 1 10 | 11 | api/modules 12 | 13 | Ironic Inspector CI 14 | ~~~~~~~~~~~~~~~~~~~ 15 | 16 | It's important to understand the role of each job in the CI. To facilitate 17 | that, we have created the documentation below. 18 | 19 | .. toctree:: 20 | :maxdepth: 1 21 | 22 | Job roles in the CI 23 | -------------------------------------------------------------------------------- /doc/source/contributor/jobs-description.rst: -------------------------------------------------------------------------------- 1 | .. _jobs-description: 2 | 3 | ================ 4 | Jobs description 5 | ================ 6 | 7 | The description of each jobs that runs in the CI when you submit a patch for 8 | `openstack/ironic-inspector` is shown in the following table. 9 | 10 | .. note:: 11 | All jobs are configured to use a pre-build tinyipa ramdisk, a wholedisk 12 | image that is downloaded from a Swift temporary url, `pxe` boot and 13 | `ipmi` driver. 14 | 15 | 16 | .. list-table:: Table. OpenStack Ironic Inspector CI jobs description 17 | :widths: 45 55 18 | :header-rows: 1 19 | 20 | * - Job name 21 | - Description 22 | * - ironic-inspector-grenade 23 | - Deploys Ironic and Ironic Inspector in DevStack and runs upgrade for 24 | all enabled services. 25 | * - ironic-inspector-tempest 26 | - Deploys Ironic and Ironic Inspector in DevStack. 27 | Runs tempest tests that match the regex `InspectorBasicTest` and 28 | deploys 1 virtual baremetal. 29 | * - ironic-inspector-tempest-discovery 30 | - Deploys Ironic and Ironic Inspector in DevStack. 31 | Runs tempest tests that match the regex `InspectorDiscoveryTest` and 32 | deploys 1 virtual baremetal. 33 | * - ironic-inspector-tempest-python3 34 | - Deploys Ironic and Ironic Inspector in DevStack under Python3. 35 | Runs tempest tests that match the regex `Inspector` and deploys 1 36 | virtual baremetal. 37 | * - openstack-tox-functional-py36 38 | - Run tox-based functional tests for Ironic Inspector under Python3.6 39 | * - bifrost-integration-tinyipa-ubuntu-xenial 40 | - Tests the integration between Ironic Inspector and Bifrost. 41 | * - ironic-inspector-tox-bandit 42 | - Runs bandit security tests in a tox environment to find known issues in 43 | the Ironic Inspector code. 44 | -------------------------------------------------------------------------------- /doc/source/index.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../../README.rst 2 | 3 | Using Ironic Inspector 4 | ====================== 5 | 6 | .. toctree:: 7 | :maxdepth: 2 8 | 9 | install/index 10 | cli/index 11 | configuration/index 12 | user/index 13 | admin/index 14 | 15 | Contributor Docs 16 | ================ 17 | 18 | .. toctree:: 19 | :maxdepth: 2 20 | 21 | contributor/index 22 | 23 | Indices and tables 24 | ================== 25 | 26 | * :ref:`genindex` 27 | * :ref:`modindex` 28 | * :ref:`search` 29 | -------------------------------------------------------------------------------- /doc/source/user/http-api.rst: -------------------------------------------------------------------------------- 1 | HTTP API 2 | -------- 3 | 4 | See https://docs.openstack.org/api-ref/baremetal-introspection/ 5 | -------------------------------------------------------------------------------- /doc/source/user/index.rst: -------------------------------------------------------------------------------- 1 | User Guide 2 | ========== 3 | 4 | How Ironic Inspector Works 5 | -------------------------- 6 | 7 | .. toctree:: 8 | :maxdepth: 2 9 | 10 | workflow 11 | 12 | How to use Ironic Inspector 13 | --------------------------- 14 | 15 | .. toctree:: 16 | :maxdepth: 2 17 | 18 | usage 19 | 20 | HTTP API Reference 21 | ------------------ 22 | 23 | * `Bare Metal Introspection API Reference 24 | `_. 25 | 26 | Troubleshooting 27 | --------------- 28 | 29 | .. toctree:: 30 | :maxdepth: 2 31 | 32 | troubleshooting 33 | 34 | 35 | .. toctree:: 36 | :hidden: 37 | 38 | http-api 39 | -------------------------------------------------------------------------------- /ironic-inspector.8: -------------------------------------------------------------------------------- 1 | .\" Manpage for ironic-inspector. 2 | .TH man 8 "08 Oct 2014" "1.0" "ironic-inspector man page" 3 | .SH NAME 4 | ironic-inspector \- hardware introspection daemon for OpenStack Ironic. 5 | .SH SYNOPSIS 6 | ironic-inspector CONFFILE 7 | .SH DESCRIPTION 8 | This command starts ironic-inspector service, which starts and finishes 9 | hardware discovery and maintains firewall rules for nodes accessing PXE 10 | boot service (usually dnsmasq). 11 | .SH OPTIONS 12 | The ironic-inspector does not take any options. However, you should supply 13 | path to the configuration file. 14 | .SH SEE ALSO 15 | README page located at https://docs.openstack.org/ironic-inspector/latest/ 16 | provides some information about how to configure and use the service. 17 | .SH BUGS 18 | No known bugs. 19 | .SH AUTHOR 20 | Dmitry Tantsur (divius.inside@gmail.com) 21 | -------------------------------------------------------------------------------- /ironic_inspector/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/ironic-inspector/5c0d5d251d305258dc64e3f64542275167fcdebf/ironic_inspector/__init__.py -------------------------------------------------------------------------------- /ironic_inspector/cmd/__init__.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import eventlet 14 | eventlet.monkey_patch() 15 | -------------------------------------------------------------------------------- /ironic_inspector/cmd/all.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | """The Ironic Inspector service.""" 14 | 15 | import sys 16 | 17 | from oslo_config import cfg 18 | from oslo_service import service 19 | 20 | from ironic_inspector.common.i18n import _ 21 | from ironic_inspector.common.rpc_service import RPCService 22 | from ironic_inspector.common import service_utils 23 | from ironic_inspector import wsgi_service 24 | 25 | CONF = cfg.CONF 26 | 27 | 28 | def main(args=sys.argv[1:]): 29 | # Parse config file and command line options, then start logging 30 | service_utils.prepare_service(args) 31 | 32 | if not CONF.standalone: 33 | msg = _('To run ironic-inspector in standalone mode, ' 34 | '[DEFAULT]standalone should be set to True.') 35 | sys.exit(msg) 36 | 37 | launcher = service.ServiceLauncher(CONF, restart_method='mutate') 38 | launcher.launch_service(wsgi_service.WSGIService()) 39 | launcher.launch_service(RPCService(CONF.host)) 40 | launcher.wait() 41 | 42 | 43 | if __name__ == '__main__': 44 | sys.exit(main()) 45 | -------------------------------------------------------------------------------- /ironic_inspector/cmd/conductor.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | """The Ironic Inspector Conductor service.""" 14 | 15 | import sys 16 | 17 | from oslo_config import cfg 18 | from oslo_service import service 19 | 20 | from ironic_inspector.common.i18n import _ 21 | from ironic_inspector.common.rpc_service import RPCService 22 | from ironic_inspector.common import service_utils 23 | 24 | CONF = cfg.CONF 25 | 26 | 27 | def main(args=sys.argv[1:]): 28 | # Parse config file and command line options, then start logging 29 | service_utils.prepare_service(args) 30 | 31 | if CONF.standalone: 32 | msg = _('To run ironic-inspector-conductor, [DEFAULT]standalone ' 33 | 'should be set to False.') 34 | sys.exit(msg) 35 | 36 | launcher = service.ServiceLauncher(CONF, restart_method='mutate') 37 | launcher.launch_service(RPCService(CONF.host)) 38 | launcher.wait() 39 | 40 | 41 | if __name__ == '__main__': 42 | sys.exit(main()) 43 | -------------------------------------------------------------------------------- /ironic_inspector/cmd/status.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2018 NEC, Corp. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | 15 | import sys 16 | 17 | from oslo_config import cfg 18 | from oslo_upgradecheck import common_checks 19 | from oslo_upgradecheck import upgradecheck 20 | 21 | from ironic_inspector.common.i18n import _ 22 | import ironic_inspector.conf as conf 23 | from ironic_inspector import policy # noqa Import for configuratiog loading. 24 | 25 | CONF = conf.CONF 26 | 27 | 28 | class Checks(upgradecheck.UpgradeCommands): 29 | 30 | """Upgrade checks for the ironic-status upgrade check command 31 | 32 | Upgrade checks should be added as separate methods in this class 33 | and added to _upgrade_checks tuple. 34 | """ 35 | 36 | # A tuple of check tuples of (, ). 37 | # The name of the check will be used in the output of this command. 38 | # The check function takes no arguments and returns an 39 | # oslo_upgradecheck.upgradecheck.Result object with the appropriate 40 | # oslo_upgradecheck.upgradecheck.Code and details set. If the 41 | # check function hits warnings or failures then those should be stored 42 | # in the returned Result's "details" attribute. The 43 | # summary will be rolled up at the end of the check() method. 44 | _upgrade_checks = ( 45 | # Added in Wallaby to raise visibility of the Victoria deprecation 46 | # of oslo.policy's json policy support. 47 | (_('Policy File JSON to YAML Migration'), 48 | (common_checks.check_policy_json, {'conf': CONF})), 49 | ) 50 | 51 | 52 | def main(): 53 | return upgradecheck.main( 54 | cfg.CONF, project='ironic', upgrade_command=Checks()) 55 | 56 | 57 | if __name__ == '__main__': 58 | sys.exit(main()) 59 | -------------------------------------------------------------------------------- /ironic_inspector/cmd/wsgi.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | """WSGI script for Ironic Inspector API, installed by pbr.""" 13 | 14 | import sys 15 | 16 | from oslo_config import cfg 17 | 18 | from ironic_inspector.common.i18n import _ 19 | from ironic_inspector.common import service_utils 20 | from ironic_inspector import main 21 | 22 | CONF = cfg.CONF 23 | 24 | 25 | def initialize_wsgi_app(): 26 | # Parse config file and command line options, then start logging 27 | service_utils.prepare_service(sys.argv[1:]) 28 | 29 | if CONF.standalone: 30 | msg = _('To run ironic-inspector-api, [DEFAULT]standalone should be ' 31 | 'set to False.') 32 | sys.exit(msg) 33 | 34 | return main.get_app() 35 | -------------------------------------------------------------------------------- /ironic_inspector/common/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/ironic-inspector/5c0d5d251d305258dc64e3f64542275167fcdebf/ironic_inspector/common/__init__.py -------------------------------------------------------------------------------- /ironic_inspector/common/context.py: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 3 | # not use this file except in compliance with the License. You may obtain 4 | # a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 10 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 11 | # License for the specific language governing permissions and limitations 12 | # under the License. 13 | 14 | from oslo_context import context 15 | 16 | 17 | class RequestContext(context.RequestContext): 18 | """Extends security contexts from the oslo.context library.""" 19 | 20 | def __init__(self, is_public_api=False, **kwargs): 21 | """Initialize the RequestContext 22 | 23 | :param is_public_api: Specifies whether the request should be processed 24 | without authentication. 25 | :param kwargs: additional arguments passed to oslo.context. 26 | """ 27 | super(RequestContext, self).__init__(**kwargs) 28 | self.is_public_api = is_public_api 29 | 30 | def to_policy_values(self): 31 | policy_values = super(RequestContext, self).to_policy_values() 32 | policy_values.update({'is_public_api': self.is_public_api}) 33 | return policy_values 34 | 35 | @classmethod 36 | def from_dict(cls, values, **kwargs): 37 | kwargs.setdefault('is_public_api', values.get('is_public_api', False)) 38 | return super(RequestContext, RequestContext).from_dict(values, 39 | **kwargs) 40 | 41 | @classmethod 42 | def from_environ(cls, environ, **kwargs): 43 | kwargs.setdefault('is_public_api', environ.get('is_public_api', False)) 44 | return super(RequestContext, RequestContext).from_environ(environ, 45 | **kwargs) 46 | -------------------------------------------------------------------------------- /ironic_inspector/common/i18n.py: -------------------------------------------------------------------------------- 1 | # Copyright 2015 NEC Corporation 2 | # All Rights Reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 5 | # not use this file except in compliance with the License. You may obtain 6 | # a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | # License for the specific language governing permissions and limitations 14 | # under the License. 15 | 16 | import oslo_i18n 17 | 18 | _translators = oslo_i18n.TranslatorFactory(domain='ironic_inspector') 19 | 20 | # The primary translation function using the well-known name "_" 21 | _ = _translators.primary 22 | -------------------------------------------------------------------------------- /ironic_inspector/common/rpc.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | 15 | from oslo_config import cfg 16 | import oslo_messaging as messaging 17 | from oslo_messaging.rpc import dispatcher 18 | 19 | from ironic_inspector.conductor import manager 20 | 21 | CONF = cfg.CONF 22 | TRANSPORT = None 23 | 24 | 25 | def init(): 26 | global TRANSPORT 27 | TRANSPORT = messaging.get_rpc_transport(CONF) 28 | 29 | 30 | def get_client(topic=None): 31 | """Get a RPC client instance. 32 | 33 | :param topic: The topic of the message will be delivered to. This argument 34 | is ignored if CONF.standalone is True. 35 | """ 36 | assert TRANSPORT is not None 37 | if CONF.standalone: 38 | target = messaging.Target(topic=manager.MANAGER_TOPIC, 39 | server=CONF.host, 40 | version='1.3') 41 | else: 42 | target = messaging.Target(topic=topic, version='1.3') 43 | return messaging.get_rpc_client(TRANSPORT, target) 44 | 45 | 46 | def get_server(endpoints): 47 | """Get a RPC server instance.""" 48 | 49 | assert TRANSPORT is not None 50 | target = messaging.Target(topic=manager.MANAGER_TOPIC, server=CONF.host, 51 | version='1.3') 52 | return messaging.get_rpc_server( 53 | TRANSPORT, target, endpoints, executor='eventlet', 54 | access_policy=dispatcher.DefaultRPCAccessPolicy) 55 | -------------------------------------------------------------------------------- /ironic_inspector/common/service_utils.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from oslo_config import cfg 14 | from oslo_log import log 15 | 16 | from ironic_inspector.common import rpc 17 | from ironic_inspector.conf import opts 18 | 19 | 20 | LOG = log.getLogger(__name__) 21 | CONF = cfg.CONF 22 | 23 | 24 | def prepare_service(args=None): 25 | args = [] if args is None else args 26 | log.register_options(CONF) 27 | opts.set_config_defaults() 28 | opts.parse_args(args) 29 | rpc.init() 30 | log.setup(CONF, 'ironic_inspector') 31 | 32 | LOG.debug("Configuration:") 33 | CONF.log_opt_values(LOG, log.DEBUG) 34 | -------------------------------------------------------------------------------- /ironic_inspector/conductor/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/ironic-inspector/5c0d5d251d305258dc64e3f64542275167fcdebf/ironic_inspector/conductor/__init__.py -------------------------------------------------------------------------------- /ironic_inspector/conf/__init__.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License.from oslo_config import cfg 12 | 13 | from oslo_config import cfg 14 | 15 | from ironic_inspector.conf import accelerators 16 | from ironic_inspector.conf import capabilities 17 | from ironic_inspector.conf import coordination 18 | from ironic_inspector.conf import default 19 | from ironic_inspector.conf import discovery 20 | from ironic_inspector.conf import dnsmasq_pxe_filter 21 | from ironic_inspector.conf import exception 22 | from ironic_inspector.conf import extra_hardware 23 | from ironic_inspector.conf import healthcheck 24 | from ironic_inspector.conf import iptables 25 | from ironic_inspector.conf import ironic 26 | from ironic_inspector.conf import mdns 27 | from ironic_inspector.conf import pci_devices 28 | from ironic_inspector.conf import port_physnet 29 | from ironic_inspector.conf import processing 30 | from ironic_inspector.conf import pxe_filter 31 | from ironic_inspector.conf import service_catalog 32 | from ironic_inspector.conf import swift 33 | 34 | 35 | CONF = cfg.CONF 36 | 37 | 38 | accelerators.register_opts(CONF) 39 | capabilities.register_opts(CONF) 40 | coordination.register_opts(CONF) 41 | discovery.register_opts(CONF) 42 | default.register_opts(CONF) 43 | dnsmasq_pxe_filter.register_opts(CONF) 44 | exception.register_opts(CONF) 45 | extra_hardware.register_opts(CONF) 46 | healthcheck.register_opts(CONF) 47 | iptables.register_opts(CONF) 48 | ironic.register_opts(CONF) 49 | mdns.register_opts(CONF) 50 | pci_devices.register_opts(CONF) 51 | port_physnet.register_opts(CONF) 52 | processing.register_opts(CONF) 53 | pxe_filter.register_opts(CONF) 54 | service_catalog.register_opts(CONF) 55 | swift.register_opts(CONF) 56 | -------------------------------------------------------------------------------- /ironic_inspector/conf/accelerators.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | import os 15 | 16 | from oslo_config import cfg 17 | 18 | from ironic_inspector.common.i18n import _ 19 | 20 | 21 | _OPTS = [ 22 | cfg.StrOpt('known_devices', 23 | default=os.path.abspath(os.path.join( 24 | os.path.dirname(__file__), '../known_accelerators.yaml')), 25 | help=_('The predefined accelerator devices which contains ' 26 | 'information used for identifying accelerators.')), 27 | ] 28 | 29 | 30 | def register_opts(conf): 31 | conf.register_opts(_OPTS, 'accelerators') 32 | 33 | 34 | def list_opts(): 35 | return _OPTS 36 | -------------------------------------------------------------------------------- /ironic_inspector/conf/capabilities.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from oslo_config import cfg 15 | 16 | from ironic_inspector.common.i18n import _ 17 | 18 | 19 | DEFAULT_CPU_FLAGS_MAPPING = { 20 | 'vmx': 'cpu_vt', 21 | 'svm': 'cpu_vt', 22 | 'aes': 'cpu_aes', 23 | 'pse': 'cpu_hugepages', 24 | 'pdpe1gb': 'cpu_hugepages_1g', 25 | 'smx': 'cpu_txt', 26 | } 27 | 28 | 29 | _OPTS = [ 30 | cfg.BoolOpt('boot_mode', 31 | default=False, 32 | help=_('Whether to store the boot mode (BIOS or UEFI).')), 33 | cfg.DictOpt('cpu_flags', 34 | default=DEFAULT_CPU_FLAGS_MAPPING, 35 | help=_('Mapping between a CPU flag and a capability to set ' 36 | 'if this flag is present.')), 37 | ] 38 | 39 | 40 | def register_opts(conf): 41 | conf.register_opts(_OPTS, 'capabilities') 42 | 43 | 44 | def list_opts(): 45 | return _OPTS 46 | -------------------------------------------------------------------------------- /ironic_inspector/conf/coordination.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from oslo_config import cfg 15 | 16 | from ironic_inspector.common.i18n import _ 17 | 18 | 19 | # NOTE(kaifeng) The capability of various backend varies, please check tooz 20 | # documentation for driver compatibilities: 21 | # https://docs.openstack.org/tooz/latest/user/compatibility.html 22 | _OPTS = [ 23 | cfg.StrOpt('backend_url', 24 | default='memcached://localhost:11211', 25 | secret=True, 26 | help=_('The backend URL to use for distributed coordination. ' 27 | 'EXPERIMENTAL.')), 28 | ] 29 | 30 | 31 | def register_opts(conf): 32 | conf.register_opts(_OPTS, 'coordination') 33 | 34 | 35 | def list_opts(): 36 | return _OPTS 37 | -------------------------------------------------------------------------------- /ironic_inspector/conf/discovery.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from oslo_config import cfg 15 | 16 | from ironic_inspector.common.i18n import _ 17 | 18 | 19 | _OPTS = [ 20 | cfg.StrOpt('enroll_node_driver', 21 | default='fake-hardware', 22 | help=_('The name of the Ironic driver used by the enroll ' 23 | 'hook when creating a new node in Ironic.')), 24 | cfg.DictOpt('enroll_node_fields', default={}, 25 | help=_('Additional fields to set on newly discovered nodes.')), 26 | cfg.ListOpt('enabled_bmc_address_version', 27 | default=['4', '6'], 28 | help=_('IP version of BMC address that will be ' 29 | 'used when enrolling a new node in Ironic. ' 30 | 'Defaults to "4,6". Could be "4" (use v4 address ' 31 | 'only), "4,6" (v4 address have higher priority and ' 32 | 'if both addresses found v6 version is ignored), ' 33 | '"6,4" (v6 is desired but fall back to v4 address ' 34 | 'for BMCs having v4 address, opposite to "4,6"), ' 35 | '"6" (use v6 address only and ignore v4 version).')), 36 | ] 37 | 38 | 39 | def register_opts(conf): 40 | conf.register_opts(_OPTS, 'discovery') 41 | 42 | 43 | def list_opts(): 44 | return _OPTS 45 | -------------------------------------------------------------------------------- /ironic_inspector/conf/dnsmasq_pxe_filter.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from oslo_config import cfg 15 | 16 | from ironic_inspector.common.i18n import _ 17 | 18 | 19 | _OPTS = [ 20 | cfg.StrOpt('dhcp_hostsdir', 21 | default='/var/lib/ironic-inspector/dhcp-hostsdir', 22 | help=_('The MAC address cache directory, exposed to dnsmasq.' 23 | 'This directory is expected to be in exclusive control ' 24 | 'of the driver.')), 25 | cfg.BoolOpt('purge_dhcp_hostsdir', default=True, 26 | help=_('Purge the hostsdir upon driver initialization. ' 27 | 'Setting to false should only be performed when the ' 28 | 'deployment of inspector is such that there are ' 29 | 'multiple processes executing inside of the same host ' 30 | 'and namespace. In this case, the Operator is ' 31 | 'responsible for setting up a custom cleaning ' 32 | 'facility.')), 33 | cfg.StrOpt('dnsmasq_start_command', default='', 34 | help=_('A (shell) command line to start the dnsmasq service ' 35 | 'upon filter initialization. Default: don\'t start.')), 36 | cfg.StrOpt('dnsmasq_stop_command', default='', 37 | help=_('A (shell) command line to stop the dnsmasq service ' 38 | 'upon inspector (error) exit. Default: don\'t stop.')), 39 | 40 | ] 41 | 42 | 43 | def register_opts(conf): 44 | conf.register_opts(_OPTS, 'dnsmasq_pxe_filter') 45 | 46 | 47 | def list_opts(): 48 | return _OPTS 49 | -------------------------------------------------------------------------------- /ironic_inspector/conf/exception.py: -------------------------------------------------------------------------------- 1 | # Copyright 2010 United States Government as represented by the 2 | # Administrator of the National Aeronautics and Space Administration. 3 | # All Rights Reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 6 | # not use this file except in compliance with the License. You may obtain 7 | # a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 14 | # License for the specific language governing permissions and limitations 15 | # under the License. 16 | 17 | """Ironic base exception handling. 18 | 19 | Includes decorator for re-raising Ironic-type exceptions. 20 | 21 | SHOULD include dedicated exception logging. 22 | 23 | """ 24 | from oslo_config import cfg 25 | 26 | from ironic_inspector.common.i18n import _ 27 | 28 | 29 | opts = [ 30 | cfg.BoolOpt('fatal_exception_format_errors', 31 | default=False, 32 | help=_('Used if there is a formatting error when generating ' 33 | 'an exception message (a programming error). If True, ' 34 | 'raise an exception; if False, use the unformatted ' 35 | 'message.'), 36 | deprecated_group='ironic_lib'), 37 | ] 38 | 39 | CONF = cfg.CONF 40 | 41 | 42 | def register_opts(conf): 43 | conf.register_opts(opts, group='exception') 44 | -------------------------------------------------------------------------------- /ironic_inspector/conf/extra_hardware.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from oslo_config import cfg 15 | 16 | from ironic_inspector.common.i18n import _ 17 | 18 | 19 | _OPTS = [ 20 | cfg.BoolOpt('strict', 21 | default=False, 22 | help=_('If True, refuse to parse extra data if at least one ' 23 | 'record is too short. Additionally, remove the ' 24 | 'incoming "data" even if parsing failed.')), 25 | ] 26 | 27 | 28 | def register_opts(conf): 29 | conf.register_opts(_OPTS, group='extra_hardware') 30 | 31 | 32 | def list_opts(): 33 | return _OPTS 34 | -------------------------------------------------------------------------------- /ironic_inspector/conf/healthcheck.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from oslo_config import cfg 14 | 15 | from ironic_inspector.common.i18n import _ 16 | 17 | _OPTS = [ 18 | cfg.BoolOpt('enabled', 19 | default=False, 20 | help=_('Enable the health check endpoint at /healthcheck. ' 21 | 'Note that this is unauthenticated. More information ' 22 | 'is available at ' 23 | 'https://docs.openstack.org/oslo.middleware/latest/' 24 | 'reference/healthcheck_plugins.html.')), 25 | ] 26 | 27 | 28 | def register_opts(conf): 29 | conf.register_opts(_OPTS, group='healthcheck') 30 | 31 | 32 | def list_opts(): 33 | return _OPTS 34 | -------------------------------------------------------------------------------- /ironic_inspector/conf/iptables.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from oslo_config import cfg 15 | 16 | from ironic_inspector.common.i18n import _ 17 | 18 | 19 | _OPTS = [ 20 | cfg.StrOpt('dnsmasq_interface', 21 | default='br-ctlplane', 22 | help=_('Interface on which dnsmasq listens, the default is for ' 23 | 'VM\'s.')), 24 | cfg.StrOpt('firewall_chain', 25 | default='ironic-inspector', 26 | help=_('iptables chain name to use.')), 27 | cfg.ListOpt('ethoib_interfaces', 28 | default=[], 29 | help=_('List of Ethernet Over InfiniBand interfaces ' 30 | 'on the Inspector host which are used for physical ' 31 | 'access to the DHCP network. Multiple interfaces would ' 32 | 'be attached to a bond or bridge specified in ' 33 | 'dnsmasq_interface. The MACs of the InfiniBand nodes ' 34 | 'which are not in desired state are going to be ' 35 | 'blocked based on the list of neighbor MACs ' 36 | 'on these interfaces.')), 37 | cfg.StrOpt('ip_version', 38 | default='4', 39 | choices=[('4', _('IPv4')), 40 | ('6', _('IPv6'))], 41 | help=_('The IP version that will be used for iptables filter. ' 42 | 'Defaults to 4.')), 43 | ] 44 | 45 | 46 | def register_opts(conf): 47 | conf.register_opts(_OPTS, 'iptables') 48 | 49 | 50 | def list_opts(): 51 | return _OPTS 52 | -------------------------------------------------------------------------------- /ironic_inspector/conf/ironic.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from oslo_config import cfg 15 | 16 | from ironic_inspector.common.i18n import _ 17 | from ironic_inspector.common import keystone 18 | 19 | 20 | IRONIC_GROUP = 'ironic' 21 | SERVICE_TYPE = 'baremetal' 22 | 23 | 24 | _OPTS = [ 25 | cfg.IntOpt('retry_interval', 26 | default=2, 27 | help=_('Interval between retries in case of conflict error ' 28 | '(HTTP 409).')), 29 | cfg.IntOpt('max_retries', 30 | default=30, 31 | help=_('Maximum number of retries in case of conflict error ' 32 | '(HTTP 409).')), 33 | ] 34 | 35 | 36 | def register_opts(conf): 37 | conf.register_opts(_OPTS, IRONIC_GROUP) 38 | keystone.register_auth_opts(IRONIC_GROUP, SERVICE_TYPE) 39 | 40 | 41 | def list_opts(): 42 | return keystone.add_auth_options(_OPTS, SERVICE_TYPE) 43 | -------------------------------------------------------------------------------- /ironic_inspector/conf/mdns.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | 15 | from oslo_config import cfg 16 | from oslo_config import types as cfg_types 17 | 18 | opts = [ 19 | cfg.IntOpt('registration_attempts', 20 | min=1, default=5, 21 | help='Number of attempts to register a service. Currently ' 22 | 'has to be larger than 1 because of race conditions ' 23 | 'in the zeroconf library.'), 24 | cfg.IntOpt('lookup_attempts', 25 | min=1, default=3, 26 | help='Number of attempts to lookup a service.'), 27 | cfg.Opt('params', 28 | # This is required for values that contain commas. 29 | type=cfg_types.Dict(cfg_types.String(quotes=True)), 30 | default={}, 31 | help='Additional parameters to pass for the registered ' 32 | 'service.'), 33 | cfg.ListOpt('interfaces', 34 | help='List of IP addresses of interfaces to use for mDNS. ' 35 | 'Defaults to all interfaces on the system.'), 36 | ] 37 | 38 | CONF = cfg.CONF 39 | opt_group = cfg.OptGroup(name='mdns', title='Options for multicast DNS') 40 | 41 | 42 | def register_opts(conf): 43 | conf.register_group(opt_group) 44 | conf.register_opts(opts, group=opt_group) 45 | -------------------------------------------------------------------------------- /ironic_inspector/conf/pci_devices.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from oslo_config import cfg 15 | 16 | from ironic_inspector.common.i18n import _ 17 | 18 | 19 | _OPTS = [ 20 | cfg.MultiStrOpt('alias', 21 | default=[], 22 | help=_('An alias for PCI device identified by ' 23 | '\'vendor_id\' and \'product_id\' fields. Format: ' 24 | '{"vendor_id": "1234", "product_id": "5678", ' 25 | '"name": "pci_dev1"}')), 26 | ] 27 | 28 | 29 | def register_opts(conf): 30 | conf.register_opts(_OPTS, group='pci_devices') 31 | 32 | 33 | def list_opts(): 34 | return _OPTS 35 | -------------------------------------------------------------------------------- /ironic_inspector/conf/port_physnet.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from oslo_config import cfg 15 | 16 | from ironic_inspector.common.i18n import _ 17 | 18 | 19 | _OPTS = [ 20 | cfg.ListOpt('cidr_map', 21 | default=[], 22 | sample_default=('10.10.10.0/24:physnet_a,' 23 | '2001:db8::/64:physnet_b'), 24 | help=_('Mapping of IP subnet CIDR to physical network. When ' 25 | 'the physnet_cidr_map processing hook is enabled the ' 26 | 'physical_network property of baremetal ports is ' 27 | 'populated based on this mapping.')), 28 | ] 29 | 30 | 31 | def register_opts(conf): 32 | conf.register_opts(_OPTS, group='port_physnet') 33 | 34 | 35 | def list_opts(): 36 | return _OPTS 37 | -------------------------------------------------------------------------------- /ironic_inspector/conf/pxe_filter.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from oslo_config import cfg 15 | 16 | from ironic_inspector.common.i18n import _ 17 | 18 | 19 | _OPTS = [ 20 | cfg.StrOpt('driver', default='iptables', 21 | help=_('PXE boot filter driver to use, possible filters are: ' 22 | '"iptables", "dnsmasq" and "noop". Set "noop " to ' 23 | 'disable the firewall filtering.')), 24 | cfg.IntOpt('sync_period', default=15, min=0, 25 | help=_('Amount of time in seconds, after which repeat periodic ' 26 | 'update of the filter.')), 27 | cfg.BoolOpt('deny_unknown_macs', default=False, 28 | help=_('By default inspector will open the DHCP server for ' 29 | 'any node when introspection is active. Opening DHCP ' 30 | 'for unknown MAC addresses when introspection is ' 31 | 'active allow for users to add nodes with no ports to ' 32 | 'ironic and have ironic-inspector enroll ports based ' 33 | 'on node introspection results. NOTE: If this option ' 34 | 'is True, nodes must have at least one enrolled port ' 35 | 'prior to introspection.')) 36 | ] 37 | 38 | 39 | def register_opts(conf): 40 | conf.register_opts(_OPTS, 'pxe_filter') 41 | 42 | 43 | def list_opts(): 44 | return _OPTS 45 | -------------------------------------------------------------------------------- /ironic_inspector/conf/service_catalog.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from ironic_inspector.common import keystone 15 | 16 | 17 | def register_opts(conf): 18 | keystone.register_auth_opts('service_catalog', 'baremetal-introspection') 19 | 20 | 21 | def list_opts(): 22 | return keystone.add_auth_options([], 'baremetal-introspection') 23 | -------------------------------------------------------------------------------- /ironic_inspector/conf/swift.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | from oslo_config import cfg 15 | 16 | from ironic_inspector.common.i18n import _ 17 | from ironic_inspector.common import keystone 18 | 19 | 20 | SWIFT_GROUP = 'swift' 21 | SERVICE_TYPE = 'object-store' 22 | 23 | 24 | _OPTS = [ 25 | cfg.IntOpt('delete_after', 26 | default=0, 27 | help=_('Number of seconds that the Swift object will last ' 28 | 'before being deleted. (set to 0 to never delete the ' 29 | 'object).')), 30 | cfg.StrOpt('container', 31 | default='ironic-inspector', 32 | help=_('Default Swift container to use when creating ' 33 | 'objects.')), 34 | ] 35 | 36 | 37 | def register_opts(conf): 38 | conf.register_opts(_OPTS, SWIFT_GROUP) 39 | keystone.register_auth_opts(SWIFT_GROUP, SERVICE_TYPE) 40 | 41 | 42 | def list_opts(): 43 | return keystone.add_auth_options(_OPTS, SERVICE_TYPE) 44 | -------------------------------------------------------------------------------- /ironic_inspector/db/__init__.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | from oslo_db.sqlalchemy import enginefacade 14 | 15 | # TODO(aarefiev): enable foreign keys for SQLite once all unit 16 | # tests with failed constraint will be fixed. 17 | enginefacade.configure(sqlite_fk=False) 18 | -------------------------------------------------------------------------------- /ironic_inspector/db/alembic.ini: -------------------------------------------------------------------------------- 1 | [alembic] 2 | # path to migration scripts 3 | script_location = %(here)s/migrations 4 | 5 | # Logging configuration 6 | [loggers] 7 | keys = root,sqlalchemy,alembic 8 | 9 | [handlers] 10 | keys = console 11 | 12 | [formatters] 13 | keys = generic 14 | 15 | [logger_root] 16 | level = WARN 17 | handlers = console 18 | qualname = 19 | 20 | [logger_sqlalchemy] 21 | level = WARN 22 | handlers = 23 | qualname = sqlalchemy.engine 24 | 25 | [logger_alembic] 26 | level = INFO 27 | handlers = 28 | qualname = alembic 29 | 30 | [handler_console] 31 | class = StreamHandler 32 | args = (sys.stderr,) 33 | level = NOTSET 34 | formatter = generic 35 | 36 | [formatter_generic] 37 | format = %(levelname)-5.5s [%(name)s] %(message)s 38 | datefmt = %H:%M:%S 39 | -------------------------------------------------------------------------------- /ironic_inspector/db/migrations/env.py: -------------------------------------------------------------------------------- 1 | # Copyright 2015 Cisco Systems 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | 15 | from logging.config import fileConfig 16 | 17 | from alembic import context 18 | from oslo_db.sqlalchemy import enginefacade 19 | 20 | from ironic_inspector.db import model 21 | 22 | # this is the Alembic Config object, which provides 23 | # access to the values within the .ini file in use. 24 | config = context.config 25 | 26 | # Interpret the config file for Python logging. 27 | # This line sets up loggers basically. 28 | fileConfig(config.config_file_name) 29 | 30 | # add your model's MetaData object here 31 | # for 'autogenerate' support 32 | # from myapp import mymodel 33 | # target_metadata = mymodel.Base.metadata 34 | target_metadata = model.Base.metadata 35 | 36 | # other values from the config, defined by the needs of env.py, 37 | # can be acquired: 38 | # my_important_option = config.get_main_option("my_important_option") 39 | # ... etc. 40 | 41 | 42 | def run_migrations_online(): 43 | """Run migrations in 'online' mode. 44 | 45 | In this scenario we need to create an Engine 46 | and associate a connection with the context. 47 | 48 | """ 49 | engine = enginefacade.writer.get_engine() 50 | with engine.connect() as connection: 51 | context.configure( 52 | connection=connection, 53 | target_metadata=target_metadata 54 | ) 55 | with context.begin_transaction(): 56 | context.run_migrations() 57 | 58 | 59 | run_migrations_online() 60 | -------------------------------------------------------------------------------- /ironic_inspector/db/migrations/script.py.mako: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | """${message} 14 | 15 | Revision ID: ${up_revision} 16 | Revises: ${down_revision | comma,n} 17 | Create Date: ${create_date} 18 | 19 | """ 20 | 21 | # revision identifiers, used by Alembic. 22 | revision = ${repr(up_revision)} 23 | down_revision = ${repr(down_revision)} 24 | branch_labels = ${repr(branch_labels)} 25 | depends_on = ${repr(depends_on)} 26 | 27 | from alembic import op 28 | import sqlalchemy as sa 29 | ${imports if imports else ""} 30 | 31 | def upgrade(): 32 | ${upgrades if upgrades else "pass"} 33 | -------------------------------------------------------------------------------- /ironic_inspector/db/migrations/versions/2970d2d44edc_add_manage_boot_to_nodes.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | """Add manage_boot to nodes 14 | 15 | Revision ID: 2970d2d44edc 16 | Revises: e169a4a81d88 17 | Create Date: 2016-05-16 14:03:02.861672 18 | 19 | """ 20 | 21 | from alembic import op 22 | import sqlalchemy as sa 23 | 24 | # revision identifiers, used by Alembic. 25 | revision = '2970d2d44edc' 26 | down_revision = '18440d0834af' 27 | branch_labels = None 28 | depends_on = None 29 | 30 | 31 | def upgrade(): 32 | op.add_column('nodes', sa.Column('manage_boot', sa.Boolean(), 33 | nullable=True, default=True)) 34 | -------------------------------------------------------------------------------- /ironic_inspector/db/migrations/versions/578f84f38d_inital_db_schema.py: -------------------------------------------------------------------------------- 1 | # Copyright 2015 Cisco Systems, Inc. 2 | # All rights reserved. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 5 | # not use this file except in compliance with the License. You may obtain 6 | # a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 | # License for the specific language governing permissions and limitations 14 | # under the License. 15 | # 16 | 17 | """inital_db_schema 18 | 19 | Revision ID: 578f84f38d 20 | Revises: 21 | Create Date: 2015-09-15 14:52:22.448944 22 | 23 | """ 24 | 25 | from alembic import op 26 | import sqlalchemy as sa 27 | 28 | # revision identifiers, used by Alembic. 29 | revision = '578f84f38d' 30 | down_revision = None 31 | branch_labels = None 32 | depends_on = None 33 | 34 | 35 | def upgrade(): 36 | op.create_table( 37 | 'nodes', 38 | sa.Column('uuid', sa.String(36), primary_key=True), 39 | sa.Column('started_at', sa.Float, nullable=True), 40 | sa.Column('finished_at', sa.Float, nullable=True), 41 | sa.Column('error', sa.Text, nullable=True), 42 | mysql_ENGINE='InnoDB', 43 | mysql_DEFAULT_CHARSET='UTF8' 44 | ) 45 | 46 | op.create_table( 47 | 'attributes', 48 | sa.Column('name', sa.String(255), primary_key=True), 49 | sa.Column('value', sa.String(255), primary_key=True), 50 | sa.Column('uuid', sa.String(36), sa.ForeignKey('nodes.uuid')), 51 | mysql_ENGINE='InnoDB', 52 | mysql_DEFAULT_CHARSET='UTF8' 53 | ) 54 | 55 | op.create_table( 56 | 'options', 57 | sa.Column('uuid', sa.String(36), sa.ForeignKey('nodes.uuid'), 58 | primary_key=True), 59 | sa.Column('name', sa.String(255), primary_key=True), 60 | sa.Column('value', sa.Text), 61 | mysql_ENGINE='InnoDB', 62 | mysql_DEFAULT_CHARSET='UTF8' 63 | ) 64 | -------------------------------------------------------------------------------- /ironic_inspector/db/migrations/versions/b55109d5063a_added_scope_column_to_rules_table.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | """Added 'scope' column to 'Rules' table 14 | 15 | Revision ID: b55109d5063a 16 | Revises: bf8dec16023c 17 | Create Date: 2019-12-11 14:15:57.510289 18 | 19 | """ 20 | 21 | from alembic import op 22 | import sqlalchemy as sa 23 | 24 | # revision identifiers, used by Alembic. 25 | revision = 'b55109d5063a' 26 | down_revision = 'bf8dec16023c' 27 | branch_labels = None 28 | depends_on = None 29 | 30 | 31 | def upgrade(): 32 | op.add_column('rules', sa.Column('scope', sa.String(255), 33 | nullable=True, default=None)) 34 | -------------------------------------------------------------------------------- /ironic_inspector/db/migrations/versions/bf8dec16023c_add_introspection_data_table.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | """add_introspection_data_table 14 | 15 | Revision ID: bf8dec16023c 16 | Revises: 2970d2d44edc 17 | Create Date: 2018-07-19 18:51:38.124614 18 | 19 | """ 20 | 21 | from alembic import op 22 | from oslo_db.sqlalchemy import types as db_types 23 | import sqlalchemy as sa 24 | 25 | # revision identifiers, used by Alembic. 26 | revision = 'bf8dec16023c' 27 | down_revision = '2970d2d44edc' 28 | branch_labels = None 29 | depends_on = None 30 | 31 | 32 | def upgrade(): 33 | op.create_table( 34 | 'introspection_data', 35 | sa.Column('uuid', sa.String(36), sa.ForeignKey('nodes.uuid'), 36 | primary_key=True), 37 | sa.Column('processed', sa.Boolean, default=False, primary_key=True), 38 | sa.Column('data', db_types.JsonEncodedDict(mysql_as_long=True).impl, 39 | nullable=True), 40 | mysql_ENGINE='InnoDB', 41 | mysql_DEFAULT_CHARSET='UTF8' 42 | ) 43 | -------------------------------------------------------------------------------- /ironic_inspector/db/migrations/versions/d2e48801c8ef_introducing_node_state_attribute.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | """Introducing Node.state attribute 14 | 15 | Revision ID: d2e48801c8ef 16 | Revises: e169a4a81d88 17 | Create Date: 2016-07-29 10:10:32.351661 18 | 19 | """ 20 | 21 | from alembic import op 22 | import sqlalchemy as sa 23 | from sqlalchemy import sql 24 | 25 | from ironic_inspector import introspection_state as istate 26 | 27 | 28 | # revision identifiers, used by Alembic. 29 | revision = 'd2e48801c8ef' 30 | down_revision = 'e169a4a81d88' 31 | branch_labels = None 32 | depends_on = None 33 | 34 | Node = sql.table('nodes', 35 | sql.column('error', sa.String), 36 | sql.column('state', sa.Enum(*istate.States.all()))) 37 | 38 | 39 | def upgrade(): 40 | state_enum = sa.Enum(*istate.States.all(), name='node_state') 41 | state_enum.create(op.get_bind()) 42 | 43 | op.add_column('nodes', sa.Column('version_id', sa.String(36), 44 | server_default='')) 45 | op.add_column('nodes', sa.Column('state', state_enum, 46 | nullable=False, 47 | default=istate.States.finished, 48 | server_default=istate.States.finished)) 49 | # correct the state: finished -> error if Node.error is not null 50 | stmt = Node.update().where(Node.c.error != sql.null()).values( 51 | {'state': op.inline_literal(istate.States.error)}) 52 | op.execute(stmt) 53 | -------------------------------------------------------------------------------- /ironic_inspector/db/migrations/versions/e169a4a81d88_add_invert_field_to_rule_condition.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | """Add invert field to rule condition 14 | 15 | Revision ID: e169a4a81d88 16 | Revises: d588418040d 17 | Create Date: 2016-02-16 11:19:29.715615 18 | 19 | """ 20 | 21 | from alembic import op 22 | import sqlalchemy as sa 23 | 24 | 25 | # revision identifiers, used by Alembic. 26 | revision = 'e169a4a81d88' 27 | down_revision = 'd588418040d' 28 | branch_labels = None 29 | depends_on = None 30 | 31 | 32 | def upgrade(): 33 | op.add_column('rule_conditions', sa.Column('invert', sa.Boolean(), 34 | nullable=True, default=False)) 35 | -------------------------------------------------------------------------------- /ironic_inspector/known_accelerators.yaml: -------------------------------------------------------------------------------- 1 | pci_devices: 2 | - vendor_id: "10de" 3 | device_id: "1eb8" 4 | type: GPU 5 | device_info: NVIDIA Corporation Tesla T4 6 | - vendor_id: "10de" 7 | device_id: "1df6" 8 | type: GPU 9 | device_info: NVIDIA Corporation GV100GL 10 | -------------------------------------------------------------------------------- /ironic_inspector/plugins/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/ironic-inspector/5c0d5d251d305258dc64e3f64542275167fcdebf/ironic_inspector/plugins/__init__.py -------------------------------------------------------------------------------- /ironic_inspector/plugins/example.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | """Example plugin.""" 15 | 16 | from oslo_log import log 17 | 18 | from ironic_inspector.plugins import base 19 | 20 | 21 | LOG = log.getLogger('ironic_inspector.plugins.example') 22 | 23 | 24 | class ExampleProcessingHook(base.ProcessingHook): # pragma: no cover 25 | def before_processing(self, introspection_data, **kwargs): 26 | LOG.debug('before_processing: %s', introspection_data) 27 | 28 | def before_update(self, introspection_data, node_info, **kwargs): 29 | LOG.debug('before_update: %s (node %s)', introspection_data, 30 | node_info.uuid) 31 | 32 | 33 | def example_not_found_hook(introspection_data, **kwargs): 34 | LOG.debug('Processing node not found %s', introspection_data) 35 | 36 | 37 | class ExampleRuleAction(base.RuleActionPlugin): # pragma: no cover 38 | def apply(self, node_info, params, **kwargs): 39 | LOG.debug('apply action to %s: %s', node_info.uuid, params) 40 | -------------------------------------------------------------------------------- /ironic_inspector/pxe_filter/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/ironic-inspector/5c0d5d251d305258dc64e3f64542275167fcdebf/ironic_inspector/pxe_filter/__init__.py -------------------------------------------------------------------------------- /ironic_inspector/pxe_filter/interface.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); 2 | # you may not use this file except in compliance with the License. 3 | # You may obtain a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 10 | # implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | """The code of the PXE boot filtering interface.""" 15 | 16 | import abc 17 | 18 | 19 | class FilterDriver(object, metaclass=abc.ABCMeta): 20 | """The PXE boot filtering interface.""" 21 | 22 | @abc.abstractmethod 23 | def init_filter(self): 24 | """Initialize the internal driver state. 25 | 26 | This method should be idempotent and may perform system-wide filter 27 | state changes. Can be synchronous. 28 | 29 | :returns: nothing. 30 | """ 31 | 32 | @abc.abstractmethod 33 | def sync(self, ironic): 34 | """Synchronize the filter with ironic and inspector. 35 | 36 | To be called both periodically and as needed by inspector. The filter 37 | should tear down its internal state if the sync method raises in order 38 | to "propagate" filtering exception between periodic and on-demand sync 39 | call. To this end, a driver should raise from the sync call if its 40 | internal state isn't properly initialized. 41 | 42 | :param ironic: an ironic client instance. 43 | :returns: nothing. 44 | """ 45 | 46 | @abc.abstractmethod 47 | def tear_down_filter(self): 48 | """Reset the filter. 49 | 50 | This method should be idempotent and may perform system-wide filter 51 | state changes. Can be synchronous. 52 | 53 | :returns: nothing. 54 | """ 55 | 56 | @abc.abstractmethod 57 | def get_periodic_sync_task(self): 58 | """Get periodic sync task for the filter. 59 | 60 | :returns: a periodic task to be run in the background. 61 | """ 62 | -------------------------------------------------------------------------------- /ironic_inspector/test/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/ironic-inspector/5c0d5d251d305258dc64e3f64542275167fcdebf/ironic_inspector/test/__init__.py -------------------------------------------------------------------------------- /ironic_inspector/test/unit/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/ironic-inspector/5c0d5d251d305258dc64e3f64542275167fcdebf/ironic_inspector/test/unit/__init__.py -------------------------------------------------------------------------------- /ironic_inspector/test/unit/db/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/ironic-inspector/5c0d5d251d305258dc64e3f64542275167fcdebf/ironic_inspector/test/unit/db/__init__.py -------------------------------------------------------------------------------- /ironic_inspector/test/unit/policy_fixture.py: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 3 | # not use this file except in compliance with the License. You may obtain 4 | # a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 10 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 11 | # License for the specific language governing permissions and limitations 12 | # under the License. 13 | 14 | import os 15 | 16 | import fixtures 17 | from oslo_config import cfg 18 | from oslo_policy import opts as policy_opts 19 | 20 | from ironic_inspector import policy as inspector_policy 21 | 22 | CONF = cfg.CONF 23 | 24 | policy_data = """ 25 | --- 26 | """ 27 | 28 | 29 | class PolicyFixture(fixtures.Fixture): 30 | def setUp(self): 31 | super(PolicyFixture, self).setUp() 32 | self.policy_dir = self.useFixture(fixtures.TempDir()) 33 | self.policy_file_name = os.path.join(self.policy_dir.path, 34 | 'policy.yaml') 35 | with open(self.policy_file_name, 'w') as policy_file: 36 | policy_file.write(policy_data) 37 | policy_opts.set_defaults(CONF) 38 | CONF.set_override('policy_file', self.policy_file_name, 'oslo_policy') 39 | inspector_policy._ENFORCER = None 40 | self.addCleanup(inspector_policy.get_enforcer().clear) 41 | inspector_policy._ENFORCER.suppress_deprecation_warnings = True 42 | -------------------------------------------------------------------------------- /ironic_inspector/version.py: -------------------------------------------------------------------------------- 1 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 2 | # not use this file except in compliance with the License. You may obtain 3 | # a copy of the License at 4 | # 5 | # http://www.apache.org/licenses/LICENSE-2.0 6 | # 7 | # Unless required by applicable law or agreed to in writing, software 8 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10 | # License for the specific language governing permissions and limitations 11 | # under the License. 12 | 13 | import pbr.version 14 | 15 | version_info = pbr.version.VersionInfo('ironic-inspector') 16 | -------------------------------------------------------------------------------- /releasenotes/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | closed_branch_tag_re: 'r"(?!^(bugfix-)).+-eo[lm]"' 3 | -------------------------------------------------------------------------------- /releasenotes/notes/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/ironic-inspector/5c0d5d251d305258dc64e3f64542275167fcdebf/releasenotes/notes/.placeholder -------------------------------------------------------------------------------- /releasenotes/notes/Inspector_rules_API_does_not_return_all_attributes-98a9765726c405d5.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Querying **ironic-inspector** rules API now also returns the ``invert`` and 5 | ``multiple`` attributes of the associated conditions. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/Reapply_update_started_at-8af8cf254cdf8cde.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - The POST /v1/introspection//data/unprocessed API updates the 4 | started_at time when ironic inspector begins processing the node. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/UUID-started_at-finished_at-in-the-status-API-7860312102923938.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Extend the introspection status returned from 5 | ``GET@/v1/introspection/`` to contain the ``uuid``, ``started_at`` 6 | and ``finished_at`` fields. 7 | 8 | upgrade: 9 | - Add a new dependency, ``pytz``. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/ability-to-turn-off-periodic-sync-5309ff2aa8a9ec14.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds the ability for periodic clean-up and synchronization tasks with 5 | ``ironic`` to be able to be disabled by setting the 6 | ``[DEFAULT]clean_up_period`` to a value of ``0``. This is intended for 7 | "stand-alone" operators only as it may result in unexpected behaviors if 8 | used in a non-standalone environment. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/abort-introspection-ae5cb5a9fbacd2ac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Introduced API "POST /v1/introspection//abort" for aborting 4 | the introspection process. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/accelerators-2aa4f0cedf359810.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds an ``accelerators`` plugin to identify accelerator devices and update 5 | the bare metal node for future scheduling. The accelerator devices will be 6 | saved to node properties under the key ``accelerators``. Introduces a 7 | configuration option ``[accelerators]known_devices`` to specify a 8 | configuration file which contains required information to identify 9 | accelerator devices, by default it uses the in-tree configuration file 10 | named ``known_accelerators.yaml``. -------------------------------------------------------------------------------- /releasenotes/notes/accept-link-local-address-1fbb9cbdc3f980bb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes an issue where IPv6 link local addresses are ignored during 5 | interface validation, making introspection fail. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/active-introspection-949f4a50c9d5218a.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds the capability for introspection data to be posted to the API 5 | when a baremetal node is in ``active`` or ``rescue`` states. This 6 | feature may be useful for data center operators who wish to update 7 | introspection data periodically. 8 | 9 | To enable this feature, set ``[processing]permit_active_introspection`` 10 | to ``True``. When this is set, the value of ``[processing]power_off`` is 11 | overridden for nodes in ``active`` or ``rescue`` states. 12 | -------------------------------------------------------------------------------- /releasenotes/notes/active-node-not-in-cache-b2d7b77603f02a66.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes introspection of active nodes that are not in the lookup cache, 5 | see `story 2006233 `_. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/active_states_timeout-3e3ab110870483ec.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Timeout in an active state led to an 5 | `undefined transition error `_. 6 | This is fixed and an introspection finishes now with ``Timeout`` error. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/add-disabled-option-to-add-ports-f8c6c9b3e6797652.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Add ``disabled`` option to ``add_ports``, so discovered nodes can be 5 | created without creating ports. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/add-ibmc-43de3a7af7b5b18d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | ``[DEFAULT]/ipmi_address_fields`` now has ``ibmc_address`` in the default 5 | configuration, allowing introspection to try and match the BMC address if 6 | no ports are defined when using the `ibmc` driver. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/add-list-introspection-state-selector-3bbb37dd08e35d09.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds support for filter by state in the list introspection API. 5 | See `story 1625183 6 | `_. 7 | 8 | * ``GET /v1/introspection?state=starting,...`` 9 | -------------------------------------------------------------------------------- /releasenotes/notes/add-lldp-basic-plugin-98aebcf43e60931b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Add a plugin to parse raw LLDP Basic Management, 802.1, and 4 | 802.3 TLVs and store the data in Swift. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/add-lldp-plugin-4645596cb8b39fd3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Added GenericLocalLinkConnectionHook processing plugin to process LLDP data 4 | returned during inspection and set port ID and switch ID in an Ironic 5 | node's port local link connection information using that data. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/add-lldp-plugin-dependency-c323412654f71b3e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Add a check from the ``link_local_connection`` plugin to use data stored by 5 | the ``lldp_basic``; this avoids parsing the LLDP packets twice. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/add-node-state-to-introspection-api-response-85fb7f4e72ae386a.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Adds node state to the ``GET /v1/introspection/`` and 4 | ``GET /v1/introspection`` API response data. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/add-proxy-headers-support-127f99f5ff87f03f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds a possibility to setup ironic inspector behind a proxy, while 5 | allowing the links of the resources API returns to remain correct. 6 | Inspector now respects the following headers that are passed with 7 | API requests: ``X-Forwarded-For``, ``X-Forwarded-Proto``, 8 | ``X-Forwarded-Host``, ``X-Forwarded-Port``, ``X-Forwarded-Prefix``. 9 | If the API is run providing ``SCRIPT_NAME`` environment variable, 10 | it is now also respected, and it allows to return the correct links 11 | in response to requests, even if inspector API is not placed at the 12 | web server root resource. 13 | -------------------------------------------------------------------------------- /releasenotes/notes/add-support-for-listing-all-introspection-statuses-2a3d4379c3854894.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Add an API endpoint for listing introspection statuses. Operators can use 5 | this to get the status for all running or previously run introspection 6 | processing. 7 | 8 | - | 9 | Introduce a new configuration option ``api_max_limit`` that defines the 10 | maximum number of items per page when API results are paginated. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/add-support-for-long-running-ramdisk-ffee3c177c56cebb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Add configuration option `processing.power_off` defaulting to True, 4 | which allows to leave nodes powered on after introspection. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/add_node-with-version_id-24f51e5888480aa0.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | A ``version_id`` is now explicitly generated during the 5 | ``node_cache.start_introspection/.add_node`` call to avoid race conditions 6 | such as in case of the `two concurrent introspection calls bug`_. 7 | 8 | .. _two concurrent introspection calls bug: https://bugs.launchpad.net/ironic-inspector/+bug/1719627 9 | -------------------------------------------------------------------------------- /releasenotes/notes/allow-periodics-shutdown-inspector-ac28ea5ba3224279.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - | 4 | Allows a periodic task to shut down an **ironic-inspector** process 5 | upon a failure. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/bmc-logging-deprecation-4ca046a64fac6f11.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | The configuration option "log_bmc_address" is deprecated. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/bug-2036455-bd3f6381b78c20db.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes an issue where inspection would fail if an IPv6 address wrapped in 5 | brackets is used for the redfish BMC address. See bug: 6 | `2036455 `_. 7 | 8 | -------------------------------------------------------------------------------- /releasenotes/notes/capabilities-15cc2268d661f0a0.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Added a new "capabilities" processing hook detecting the CPU and boot mode 4 | capabilities (the latter disabled by default). 5 | -------------------------------------------------------------------------------- /releasenotes/notes/change-devstack-plugin-to-use-centos8ipa-71621f2b42554374.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - | 4 | The devstack plugin for ``ironic-inspector`` has been changed to 5 | utilize pre-built ``ironic-python-agent`` images based on Centos8 6 | instead of legacy CoreOS based images. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/change_started_finished_at_type_to_datetime-c5617e598350970c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Change database columns ``started_at`` and ``finished_at`` to type 5 | DateTime from type Float so that timestamps fit into these columns 6 | correctly. 7 | upgrade: 8 | - | 9 | A database migration is required to change some columns from Float to 10 | DateTime type. This may take some time based on the number of introspection 11 | statuses in DB. 12 | -------------------------------------------------------------------------------- /releasenotes/notes/check-formatted-value-from-nonstring-3d851cb42ce3a0ac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Fix setting non string 'value' field for rule's actions. As 4 | non string value is obviously not a formatted value, add the 5 | check to avoid AttributeError exception. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/compact-debug-logging-b15dd9bbdd3ce27a.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - Make debug-level logging more compact by removing newlines from firewall 4 | logging and disabling some 3rdparty debug messages by default. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/construct-fly-free-fab62c0a5cb71fa5.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Remove upper constraint for python construct library and use the latest 5 | version available. 6 | The minimum compatible version for python construct is now 2.9.39 7 | -------------------------------------------------------------------------------- /releasenotes/notes/contains-matches-ee28958b08995494.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - New condition plugins "contains" and "matches" allow to match value against 4 | regular expressions. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/continue-http-500-62f33d425aade9d7.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Fixed "/v1/continue" to return HTTP 500 on unexpected exceptions, not 4 | HTTP 400. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/cors-5f345c65da7f5c99.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added CORS support middleware to Ironic Inspector, allowing a deployer 5 | to optionally configure rules under which a javascript client may 6 | break the single-origin policy and access the API directly. 7 | 8 | OpenStack CrossProject Spec: 9 | https://specs.openstack.org/openstack/openstack-specs/specs/cors-support.html 10 | Oslo_Middleware Docs: 11 | https://docs.openstack.org/developer/oslo.middleware/cors.html 12 | OpenStack Cloud Admin Guide: 13 | https://docs.openstack.org/admin-guide-cloud/cross_project_cors.html 14 | -------------------------------------------------------------------------------- /releasenotes/notes/cpu-memory-cfdc72b625780871.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | No longer fails introspection if memory or CPU information is not provided 5 | in the inventory. These are no longer required for scheduling, 6 | introspection should not require them either. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/custom-ramdisk-log-name-dac06822c38657e7.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - File name for stored ramdisk logs can now be customized via 4 | "ramdisk_logs_filename_format" option. 5 | upgrade: 6 | - The default file name for stored ramdisk logs was change to contain only 7 | node UUID (if known) and the current date time. A proper ".tar.gz" 8 | extension is now appended. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/db-status-consistency-enhancements-f97fbaccfc81a60b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | A new state ``aborting`` was introduced to distinguish between the node 5 | introspection abort precondition (being able to perform the state 6 | transition from the ``waiting`` state) from the activities necessary to 7 | abort an ongoing node introspection (power-off, set finished timestamp 8 | etc.) 9 | fixes: 10 | - | 11 | The ``node_info.finished(, error=)`` now updates node 12 | state together with other status attributes in a single DB transaction. 13 | -------------------------------------------------------------------------------- /releasenotes/notes/default-policy-file-change-a1d0a4aa19dcb37d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The default value of ``[oslo_policy] policy_file`` config option has been 5 | changed from ``policy.json`` to ``policy.yaml``. 6 | Operators who are utilizing customized policy files or previously generated 7 | static policy files (which are not needed by default), should generate 8 | new policy files and modify them to meet their needs in the event of 9 | any new policies or rules have been added. 10 | Please consult the `oslopolicy-convert-json-to-yaml `_ 11 | tool to convert a JSON to YAML formatted policy file in 12 | backward compatible way. 13 | deprecations: 14 | - | 15 | Use of legacy policy files was deprecated by the ``oslo.policy`` library 16 | during the Victoria development cycle. As a result, this deprecation is 17 | being noted in the Wallaby with an anticipated future removal of support 18 | by ``oslo.policy``. As such operators will need to convert to YAML policy 19 | files. Please see the upgrade notes for details on migration of any 20 | custom policy files. 21 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecate-d23ae14b5bd3779e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | This project is now in the maintenance mode and new deployments of it are 5 | discouraged. Please use `built-in in-band inspection in ironic 6 | `_ 7 | instead. For existing deployments, see the `migration guide 8 | `_. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecate-rollback-dea95ac515d3189b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - The rollback actions for introspection rules are deprecated. No in-tree 4 | actions are using them, 3rdpart should stop using them as soon as possible. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecate-root-device-hint-909d389b7efed5da.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - Using the root_device_hint alias for the raid_device plugin is deprecated. 4 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecate-setting-ipmi-creds-1581ddc63b273811.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | Support for setting IPMI credentials via ironic-inspector is deprecated 5 | and will be removed completely in Pike. A new API version 1.9 was 6 | introduced with this feature de-activated. For reasoning see 7 | https://bugs.launchpad.net/ironic-python-agent/+bug/1654318. 8 | other: 9 | - | 10 | Default API version is temporary pinned to 1.8 (before deprecating setting 11 | IPMI credentials). It will be reset to the latest version again when 12 | support for setting IPMI credentials is removed. 13 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecate-ssl-opts-40ce8f4618c786ef.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | Configuration options ``[DEFAULT]ssl_cert_path`` and 5 | ``[DEFAULT]ssl_key_path`` are deprecated for ironic-inspector now uses 6 | oslo.service as underlying HTTP service instead of Werkzeug. Please use 7 | ``[ssl]cert_file`` and ``[ssl]key_file``. -------------------------------------------------------------------------------- /releasenotes/notes/deprecate-store-data-location-037eaab9cd326646.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | Deprecates the configuration option ``[processing]store_data_location``. 5 | The introspection data can be retrieved from the ironic-inspector API, 6 | there is no need to keep an extra link in ironic. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecated-ironic-1751ceec6295917d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The deprecated options from the ``ironic`` section ``os_region``, 5 | ``auth_strategy``, ``ironic_url``, ``os_service_type`` and 6 | ``os_endpoint_type`` have been removed. Please use **keystoneauth** 7 | options instead. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecated-options-removal-ocata-a44dadf3bcf8d6fc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Removed previously deprecated authentication options from "ironic", 5 | "swift", and "keystone_authtoken" sections. 6 | - | 7 | Removed long deprecated support for "discoverd" section in configuration 8 | file. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/disable-dhcp-c86a3a0ee2696ee0.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - DHCP is now disabled completely when no nodes are on introspection and 4 | the "node_not_found_hook" is not set. This reduces probability of serving 5 | DHCP to wrong nodes, if their NIC is not registered in Ironic. See 6 | https://bugs.launchpad.net/ironic-inspector/+bug/1557979 and 7 | https://bugzilla.redhat.com/show_bug.cgi?id=1317695 for details. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/discovery-default-driver-94f990bb0676369b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The ``[discovery]enroll_node_driver`` option, specifying the hardware type 5 | or driver to use for newly discovered nodes, was changed from ``fake`` 6 | classic driver to ``fake-hardware`` hardware type. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/dnsmask-pxe-filter-rootwrap-systemctl-099964ad39d38b4c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | A new rootwrap filter is now included to allow control of the systemd 5 | dnsmasq service used by ironic-inspector. This fixes a permission issue 6 | when systemctl commands are used as ``dnsmasq_start_command`` and 7 | ``dnsmasq_stop_command`` in the configuration for the dnsmasq pxe filter. 8 | See bug `2002818 `_. 9 | 10 | .. Note:: The filter uses the systemd service name used by the RDO 11 | distribution (``openstack-ironic-inspector-dnsmasq.service``). 12 | -------------------------------------------------------------------------------- /releasenotes/notes/dnsmasq-pxe-filter-37928d3fdb1e8ec3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Introduces the **dnsmasq** PXE filter driver. This driver takes advantage of 5 | the ``inotify`` facility to reconfigure the **dnsmasq** service in real time 6 | to implement a caching black-/white-list of port MAC addresses. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/dnsmasq-pxe-filter-eoib-mac-support-7567bbc7c6bf1878.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | The dnsmasq pxe-filter now supports mapping between host InfiniBand MAC to 5 | EthernetOverInfiniBand MAC. (This was previously only supported by the 6 | iptables pxe-filter.) 7 | -------------------------------------------------------------------------------- /releasenotes/notes/drop-maintenance-a9a87a9a2af051ad.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - Removed support for introspecting nodes in maintenance mode, deprecated in 4 | the liberty cycle. Use "inspecting", "manageable" or "enroll" states 5 | instead. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/drop-py-2-7-bd0a8558f4321435.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Python 2.7 support has been dropped. Last release of ironic-inspector 5 | to support Python 2.7 is OpenStack Train. The minimum version of 6 | Python now supported by ironic-inspector is Python 3.6. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/edeploy-typeerror-6486e31923d91666.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Fixes a problem which caused an unhandled TypeError exception to 4 | bubble up when inspector was attempting to convert some eDeploy data 5 | to integer. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/empty-condition-abc707b771be6be3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Added new condition plugin "is-empty", which allows to match 4 | empty string, list, dictionary or None. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/empty-ipmi-address-2-4d57c34aec7d14e2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | The older ``ipmi_address`` field in the introspection data no longer has 5 | priority over the newer ``bmc_address`` inventory field during lookup. 6 | This fixes lookup based on MAC addresses, when the BMC address is reported 7 | as ``0.0.0.0`` for any reason (see `bug 1714944 8 | `_). 9 | -------------------------------------------------------------------------------- /releasenotes/notes/empty-ipmi-address-5b5ca186a066ed32.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | ``0.0.0.0`` and an empty string in the ``bmc_address`` inventory field 5 | are now correctly treated as missing BMC address. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/enroll-hook-d8c32eba70848210.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - Switch required Ironic API version to '1.11', which supports 'enroll' state. 4 | features: 5 | - Add a new node_not_found hook - enroll, which allows automatically discover 6 | Ironic's node. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/enroll-node-fields-3f4e22213fd90307.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds a new configuration option ``[discovery]enroll_node_fields`` that 5 | specifies additional fields to set on a node (e.g. driver interfaces). 6 | -------------------------------------------------------------------------------- /releasenotes/notes/enroll-nodes-with-bmc-v6address-ba224f4a8a151c53.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds support to enroll node with IPv6 BMC address. Introduces 5 | a configuration option ``[discovery]enabled_bmc_address_version`` 6 | to specify the order of preferred IP version of the BMC address. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/extend-rules-9a9d38701e970611.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Conditions now support comparing fields from node info; 4 | - Actions support formatting to fetch values from introspection data. 5 | See https://docs.openstack.org/developer/ironic-inspector/usage.html#introspection-rules -------------------------------------------------------------------------------- /releasenotes/notes/extra-check-9cf0a7d89e534ccd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | The ``extra_hardware`` processing hook no longer refuses to parse extra 5 | data if some records are empty or have unexpected length. These records 6 | are now discarded. 7 | 8 | The previous behavior can be returned by setting the new option 9 | ``[extra_hardware]strict`` to ``True``. 10 | - | 11 | The ``extra_hardware`` processing hook no longer removes the incoming 12 | ``data`` object if it has unexpected data format, assuming that this 13 | object is used for something else. 14 | 15 | The previous behavior can be returned by setting the new option 16 | ``[extra_hardware]strict`` to ``True``. 17 | -------------------------------------------------------------------------------- /releasenotes/notes/extra-hardware-data-2346f0163e4b7699.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The raw data from the ``extra_hardware`` processing hook is no longer 5 | stored in Swift in an object named ``extra_hardware-``. 6 | The same information is already available as part of the unprocessed 7 | introspection data without a hard dependency on Swift. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/extra-hardware-swift-aeebf299b9605bb0.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Fixed extra_hardware plugin connection to Swift. 4 | -------------------------------------------------------------------------------- /releasenotes/notes/find-node-input-filtering-e8ea529252e80739.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | security: 3 | - | 4 | Fixes insufficient input filtering when looking up a node by information 5 | from the introspection data. It could potentially allow SQL injections 6 | via the ``/v1/continue`` API endpoint. See `story 2005678 7 | `_ for details. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/firewall-refactoring-17e8ad764f2cde8d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | The PXE filter drivers mechanism is now enabled. The firewall-based 5 | filtering was re-implemented as the ``iptables`` PXE filter driver. 6 | deprecations: 7 | - | 8 | The firewall-specific configuration options were moved from the 9 | ``firewall`` to the ``iptables`` group. All options in the ``iptables`` 10 | group are now deprecated. 11 | - | 12 | The generic firewall options ``firewall_update_period`` and 13 | ``manage_firewall`` were moved under the ``pxe_filter`` group as 14 | ``sync_period`` and ``driver=iptables/noop`` respectively. 15 | fixes: 16 | - | 17 | Should the ``iptables`` PXE filter encounter an unexpected exception in the 18 | periodic ``sync`` call, the exception will be logged and the filter driver 19 | will be reset in order to make subsequent ``sync`` calls fail (and 20 | propagate the failure, exiting the **ironic-inspector** process eventually). 21 | -------------------------------------------------------------------------------- /releasenotes/notes/firewall-rerun-f2d0f64cca2698ff.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Fixed a regression in the firewall code, which causes re-running 4 | introspection for an already inspected node to fail. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/fix-CalledProcessError-on-startup-28d9dbed85a81542.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Exception CalledProcessError is raised when running `iptables` cmd on start up. 5 | The issue is caused by eventlet bug, see: 6 | https://github.com/eventlet/eventlet/issues/357 7 | The issue affects *ironic-inspector* only if it manages firewall - configured 8 | with ``manage_firewall = True`` configuration option. 9 | 10 | -------------------------------------------------------------------------------- /releasenotes/notes/fix-cache-error-on-start-27f492ba863d5f92.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes an issue where a failed inspection due to a transient failure can 5 | prevent retry attempts to inspect to be perceived as a failure. If a prior 6 | inspection fails and is in ``error`` state, when a new introspection is 7 | requested, the state is now appropriately set to ``starting``. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/fix-crash-when-use-postgresql-ac6c708f48f55c83.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Use only single quotes for strings inside SQL statements. Fixes a crash 4 | when PostgreSQL is used as a database backend. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/fix-deadlock-during-cleanup-bcb6b517ef299791.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fix bug where periodic clean up failed with DBDeadlock if introspection 5 | timed out. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/fix-extra-hardware-process-c0635a972de37b0a.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes an issue when extra_hardware plugin failed to save extra hardware 5 | information to Swift, the collected information is not processed and 6 | consumed. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/fix-llc-switch-id-not-mac-e2de3adc0945ee70.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes bug in which the ``switch_id`` field in a port's ``local_link_connection`` can be set to 5 | a non-MAC address if the processed LLDP has a value other than a 6 | MAC address for ``ChassisID``. The bare metal API requires the ``switch_id`` 7 | field to be a MAC address, and will return an error otherwise. 8 | See `bug 1748022 `_ 9 | for details. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/fix-lldp-decode-83f4ad3869b0c7a7.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | In case the lldp raw data collected by the inspection process 5 | includes non utf-8 information, the parser fails breaking 6 | the inspection process. 7 | This patch works around that excluding the malformed data 8 | and adding an entry in the logs to provide information 9 | on the failed tlv. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/fix-mysql-6b79049fe96edae4.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | critical: 3 | - | 4 | Fixed several issues with MySQL database support: 5 | 6 | * https://bugs.launchpad.net/bugs/1501746 7 | * https://bugs.launchpad.net/bugs/1506160 8 | * https://bugs.launchpad.net/bugs/1501746 9 | -------------------------------------------------------------------------------- /releasenotes/notes/fix-periodic-tasks-configuration-edd167f0146e60b5.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Ensure the configuration options ``firewall.firewall_update_period`` and 5 | ``clean_up_period`` are applied to the ``periodic_clean_up`` and 6 | ``periodic_update`` tasks after the config file is read. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/fix-pxe-filter-get-blacklist-2dde59d51c1d010f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes an issue while mapping port InfiniBand MAC 5 | address to EthernetOverInfiniBand MAC. Prior to this fix, 6 | it will fail to map and raise an exception. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/fix-rules-endpoint-response-d60984c40d927c1f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - API "POST /v1/rules" returns 201 response code instead of 4 | 200 on creating success. API version was bumped to 1.6. 5 | API less than 1.6 continues to return 200. 6 | - Default API version was changed from minimum to maximum 7 | which Inspector can support. 8 | fixes: 9 | - Fix response return code for rule creating endpoint, it 10 | returns 201 now instead of 200 on success. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/fix-wrong-provision-state-name-150c91c48d471bf9.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Wrong provision state name 'inspectfail' in *ironic-inspector* valid 5 | states for node inspection. 6 | This issue leads to state inconsistency between *ironic* and 7 | *ironic-inspector*. For example, if *ironic* inspection timeout is 8 | lower than *ironic-inspector*'s, and inspection timeout occurs, *ironic* 9 | will transition node into 'inspect failed' provision state. In such case 10 | when node inspection finishes without errors the node will be in 11 | 'inspect failed' provision state with inspection in 'finished' state. 12 | -------------------------------------------------------------------------------- /releasenotes/notes/fix_llc_hook_bugs-efeea008c2f792eb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - LLC hook now formats the chassis ID and port ID MAC addresses into Unix 4 | format as expected by ironic. 5 | - LLC hook ensures that correct port information is passed to the patch_port 6 | function 7 | -------------------------------------------------------------------------------- /releasenotes/notes/fix_llc_port_assume-4ea47d26501bddc3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - LLC hook no longer assumes all inspected ports are added to ironic 4 | -------------------------------------------------------------------------------- /releasenotes/notes/fix_node_uuid_for_manual_inspection-2fa3f11343cab417.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes an issue during manual inspection of active nodes 5 | where the node uuid was not passed back to the inspector 6 | when it tried to identify a matching port. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/flask-debug-6d2dcc2b482324dc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | security: 3 | - Never enable Flask debug mode as it may allow remote code execution. 4 | See https://bugs.launchpad.net/bugs/1506419 for details. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/futurist-557fcd18d4eaf1c1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - Minimum possible value for the "max_concurrency" setting is now 2. 4 | other: 5 | - Switched to Futurist library for asynchronous tasks. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/googbye-patches-args-071532024b9260bd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - Removed deprecated support for passing "node_patches" and "ports_patches" 4 | arguments to processing hooks. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/handle-patch-port-failure-9a8b85749104506f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Fixes issue that can result in introspection failure when a network switch 4 | sends incomplete information for LLDP switch_id or port_id. The validation 5 | expects these fields when a port is updated, this fix now handles the 6 | validation exception. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/handle_eventlet_wsgi_evil_override-3905c6eef0ad7fa3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | issues: 3 | - | 4 | The response headers for empty body HTTP 204 replies, at present, violate 5 | RFC7230. This was not intentional, but underlying libraries also 6 | make inappropriate changes to the headers, which can cause clients to 7 | experience odd failures. This is anticipated to be corrected once an 8 | underlying issue in 9 | `eventlet `_ is resolved. 10 | fixes: 11 | - | 12 | Fixes HTTP responses so the Eventlet library, which is used to support 13 | the operation of the WSGI application, does not incorrectly inject 14 | a ``Transfer-Encoding`` header into the HTTP response, even on HTTP 204 15 | replies, which is a violation of RFC7230. This header ultimately can 16 | cause varying client reactions which are not expected and can raise 17 | exceptions. For now, this has been remedied via an explicit return of 18 | a ``Content-Length`` header, which is also an RFC7230 violation, but 19 | it appears to be the lesser of known evils at this time. 20 | -------------------------------------------------------------------------------- /releasenotes/notes/healthcheck-middleware-5994e8a8b54dbdb4.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | The new ``[healthcheck] enabled`` option has been added. When this option 5 | is set to ``True``, the healthcheck middleware is enabled in API pipeline 6 | and the additional API endpoint to monitor service availability becomes 7 | available at ``/healthcheck`` path. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/hook-deps-83a867c7af0300e4.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Processing hooks can now define dependencies on other processing hooks. 5 | **ironic-inspector** start up fails when required hooks are not enabled 6 | before the hook that requires them. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/http-basic-auth-fbe1da9669f5388c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Enable Basic HTTP authentication middleware. 5 | 6 | When the config option ``[DEFAULT]auth_strategy`` is set to ``http_basic`` 7 | then non-public API calls require a valid HTTP Basic authentication header 8 | to be set. 9 | The config option ``[DEFAULT]http_basic_auth_user_file`` defaults to 10 | ``/etc/ironic-inspector/htpasswd`` and points to a file that supports the 11 | Apache htpasswd syntax[1]. This file is read for every request, so no 12 | service restart is required when changes are made. 13 | 14 | The only password digest supported is bcrypt, and the ``bcrypt`` 15 | python library is used for password checks since it supports ``$2y$`` 16 | prefixed bcrypt passwords as generated by the Apache htpasswd utility. 17 | 18 | To try basic authentication, the following can be done: 19 | 20 | * Set ``/etc/ironic-inspector/inspector.conf`` ``[DEFAULT]auth_strategy`` 21 | to ``http_basic`` 22 | * Populate the htpasswd file with entries, for example: 23 | ``htpasswd -nbB myName myPassword >> /etc/ironic-inspector/htpasswd`` 24 | * Make basic authenticated HTTP requests, for example: 25 | ``curl --user myName:myPassword http://localhost:6385/v1/introspection`` 26 | 27 | [1] https://httpd.apache.org/docs/current/misc/password_encryptions.html 28 | -------------------------------------------------------------------------------- /releasenotes/notes/http-basic-public-api-2cf0e206bea4b34e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Using auth_strategy=http_basic incorrectly required authentication for 5 | public paths such as / and /v1. These paths are now public. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/ignore-resolve-error-5c20514598e0dbbf.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | No longer throws an exception if an address of some node cannot be 5 | resolved, but just logs a warning instead. This fixes the issue that 6 | if an address of any other node is not resolvable, no new node can be 7 | registered, even if its own address is resolvable. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/infiniband-support-960d6846e326dec4.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | InfiniBand interface discovery is now supported through introspection. The 5 | ironic-inspector will add the client-id to the corresponding ironic port 6 | that represents the InfiniBand interface. The ironic-inspector should be 7 | configured with a list of interfaces ``firewall.ethoib_interfaces`` to 8 | indicate which Ethernet Over InfiniBand Interfaces are used for DHCP. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/inspector-is-going-away-296119ff4b5454f0.yaml: -------------------------------------------------------------------------------- 1 | deprecations: 2 | - | 3 | The indepedent Ironic Inspector project and service, has been in 4 | maintenance mode since 2024. All inspection functionality has been 5 | enhanced and moved into Ironic. Deployers should not expect further 6 | releases of an independent ironic-inspector service. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/introduce_skip_list_to_inspector-825cab226dd212f4.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Follow the same process for determining root device as Ironic Python Agent 5 | which has been changed to accommodate for the feature enabling users to 6 | specify a list of devices that should be skipped during cleaning/deployment 7 | The field ``skip_block_devices`` is one of the properties of a node 8 | -------------------------------------------------------------------------------- /releasenotes/notes/introspection-data-db-store-0586292de05cbfd7.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds the support to store introspection data in ironic-inspector database. 5 | Set the option ``[processing]store_data`` to ``database`` to use this 6 | feature. -------------------------------------------------------------------------------- /releasenotes/notes/introspection-delay-drivers-deprecation-1d0c25b112fbd4da.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The default value for the configuration option 5 | "introspection_delay_drivers" was changed to ``.*``, which means that by 6 | default "introspection_delay" is now applied to all drivers. Set 7 | "introspection_delay" to 0 to disable the delay. 8 | deprecations: 9 | - | 10 | The configuration option "introspection_delay_drivers" is deprecated. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/introspection-state-03538fac198882b6.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Node introspection state is now kept in a dedicated database column. The 4 | introspection is now using a finite state machine. The state isn't exposed 5 | to the user yet. 6 | issues: 7 | - Due to the nature of the NodeInfo.state attribute (being updated 8 | independently from the rest of the node_info attributes) if a (DB) 9 | connection was lost before the Node.state column was updated, 10 | Node.finished_at and Node.error columns may not be in sync with the 11 | Node.state column. 12 | upgrade: 13 | - Node.state and Node.version_id database columns are introduced. 14 | - The introspection state column defaults to the state ``finished`` unless 15 | the introspection error column value on a node row isn't null, then node 16 | state is set to ``error``. 17 | -------------------------------------------------------------------------------- /releasenotes/notes/introspection_rules_scope-9b06c3ad4e273a52.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Added the capability to define a scope for the inspection process. 5 | Previously, all introspection rules were applied when inspecting 6 | any node. There was no mechanism to apply only a selected set of 7 | rules. This change introduces a ``scope`` field to introspection rules. 8 | If a scope is set on an introspection rule, it will only apply to nodes 9 | that have a matching ``inspection_scope`` property. If not set, it will 10 | apply to all nodes. -------------------------------------------------------------------------------- /releasenotes/notes/ipa-inventory-0a1e8d644da850ff.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | Starting with this release, ironic-python-agent becomes the default 4 | introspection ramdisk, with the old bash-based ramdisk being deprecated. 5 | features: 6 | - Inspector no longer requires old-style "local_gb", "memory_mb", "cpus" 7 | and "cpu_arch" fields from the introspection ramdisk. They are still 8 | supported, though, for compatibility with the old ramdisk. 9 | upgrade: 10 | - The root_disk_selection processing hook will now error out if root device 11 | hints are specified on ironic node, but ironic-python-agent is not used 12 | as an introspection ramdisk. 13 | deprecations: 14 | - Using old bash-based ramdisk is deprecated, please switch to 15 | ironic-python-agent as soon as possible. 16 | -------------------------------------------------------------------------------- /releasenotes/notes/ipa-support-7eea800306829a49.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - IPA (ironic-python-agent) is now fully supported in the devstack plugin 4 | and will become the default ramdisk in the next release. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/ipmi-credentials-removal-0021f89424fbf7a3.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Experimental setting IPMI credentials support was removed from all versions 5 | of the API. The current **ironic-inspector** API version was bumped to 6 | `1.12` to mark this change. 7 | - | 8 | The default API version was synchronized with the current API version again 9 | after removal of the IPMI credentials setting. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/ipv6-bmc-address-start-inspection-7a72794f25eb9f19.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes inspection of nodes with IPv6 BMC address. Inspection could not be 5 | initiated because an IPv6 address was treated as a hostname, which could 6 | not be resolved. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/ironic-lib-hints-20412a1c7fa796e0.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Adds support for using operators with the root device hints mechanism. 4 | The supported operators are ``=``, ``==``, ``!=``, ``>=``, 5 | ``<=``, ``>``, ``<``, ``s==``, ``s!=``, ``s>=``, ``s>``, 6 | ``s<=``, ``s<``, ````, ```` and ````. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/is-empty-missing-a590d580cb62761d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Fixed the "is-empty" condition to return True on missing values. 4 | -------------------------------------------------------------------------------- /releasenotes/notes/keystone-noauth-9ba5ad9884c6273c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Ironic introspection no longer tries to access the Identity service if the 5 | ``auth_strategy`` option is set to ``noauth`` and the ``auth_type`` option 6 | is not set to ``none``. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/keystoneauth-plugins-aab6cbe1d0e884bf.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Ironic-Inspector is now using keystoneauth and proper auth_plugins 4 | instead of keystoneclient for communicating with Ironic and Swift. 5 | It allows to finely tune authentication for each service independently. 6 | For each service, the keystone session is created and reused, minimizing 7 | the number of authentication requests to Keystone. 8 | upgrade: 9 | - Operators are advised to specify a proper keystoneauth plugin 10 | and its appropriate settings in [ironic] and [swift] config sections. 11 | Backward compatibility with previous authentication options is included. 12 | Using authentication information for Ironic and Swift from 13 | [keystone_authtoken] config section is no longer supported. 14 | deprecations: 15 | - Most of current authentication options for either Ironic or Swift are 16 | deprecated and will be removed in a future release. Please configure 17 | the keystoneauth auth plugin authentication instead. 18 | -------------------------------------------------------------------------------- /releasenotes/notes/ksadapters-abc9edc63cafa405.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | Several configuration options related to ironic API access 5 | are deprecated and will be removed in the Rocky release. 6 | These include: 7 | 8 | - ``[ironic]/os_region`` - use ``[ironic]/region_name`` option instead 9 | - ``[ironic]/auth_strategy`` - set ``[ironic]/auth_type`` option to 10 | ``none`` to access ironic API in noauth mode 11 | - ``[ironic]/ironic_url`` - use ``[ironic]/endpoint_override`` option 12 | to set specific ironic API endpoint address if discovery of ironic API 13 | endpoint is not desired or impossible (for example in standalone mode) 14 | - ``[ironic]/os_service_type`` - use ``[ironic]/service_type`` option 15 | - ``[ironic]/os_endpoint_type`` - use ``[ironic]/valid_interfaces`` 16 | option to set ironic endpoint types that will be attempted to be used 17 | - | 18 | Several configuration options related to swift API access are deprecated 19 | and will be removed in Rocky release. 20 | These include: 21 | 22 | - ``[swift]/os_service_type`` - use ``[swift]/service_type`` option 23 | - ``[swift]/os_endpoint_type`` - use ``[swift]/valid_interfaces`` option 24 | - ``[swift]/os_region`` - use ``[swift]region_name`` option 25 | -------------------------------------------------------------------------------- /releasenotes/notes/leader-election-c6692d9962f30ad1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds periodic leader election for the cleanup sync with Ironic. 5 | The election interval is configured by the new 6 | ``leader_election_interval`` config option. -------------------------------------------------------------------------------- /releasenotes/notes/legacy-rbac-policy-disabled-6fc45ad1237f4d57.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The legacy Role Based Access Control policy used by ironic-inspector has 5 | been disabled by default. The end result of this is that the legacy 6 | ``baremetal_admin`` and ``baremetal_observer`` roles are no longer enabled 7 | by default. System scoped access can be utilized to connect to the 8 | ``ironic-inspector`` service, or alternatively a user with an ``admin`` 9 | or ``service`` role. 10 | 11 | The Ironic project does not anticipate any issues with this change, as the 12 | the ``ironic-inspector`` service is a service *for* the system itself. 13 | That being said, if the operator deployed configuration is reliant upon 14 | the deprecated roles, configuration changes will be required. 15 | 16 | This change is a result of the new policy which was introduced as part of 17 | `Consistent and Secure RBAC`_ community goal and the underlying 18 | ``[oslo_policy] enforce_scope`` and ``[oslo_policy] enforce_new_defaults`` 19 | settings being changed to ``True``. 20 | 21 | Operators wishing to revert to the old policy configuration may do so 22 | by setting the following values in ``ironic-inspector.conf``.:: 23 | 24 | [oslo_policy] 25 | enforce_new_defaults=False 26 | enforce_scope=False 27 | 28 | Operators who revert the configuration are encouraged to make the 29 | necessary changes to their configuration, as the legacy RBAC policy 30 | will be removed at some point in the future. Please review 31 | `2024.1-Release Timeline`_. Failure to do so will may force operators 32 | to craft custom policy override configuration. 33 | 34 | .. _`Consistent and Secure RBAC`: https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html 35 | .. _`2024.1-Release Timeline`: https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#id3 36 | -------------------------------------------------------------------------------- /releasenotes/notes/less-iptables-calls-759e89d103df504c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Only issue iptables calls when list of active MAC's changes. 4 | -------------------------------------------------------------------------------- /releasenotes/notes/listen-v6-effec95455e900f8.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | API now listens on ``::`` by default, change the ``listen_address`` 5 | configuration option to modify. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/local_gb-250bd415684a7855.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Handling of ``local_gb`` property was moved from the ``scheduler`` hook 5 | to ``root_disk_selection``. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/log-info-not-found-cache-error-afbc87e80305ca5c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - Log level for error when node was not found in Inspector cache was 4 | changed from error to info level. It was done because not_found_hook 5 | may handle this case, so this wouldn't be error anymore. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/logs-collector-logging-356e56cd70a04a2b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - Improve logging for ramdisk logs collection. 4 | -------------------------------------------------------------------------------- /releasenotes/notes/lookup-all-macs-eead528c0b764ad7.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - The lookup procedure now uses all valid MAC's, not only the MAC(s) that 4 | will be used for creating port(s). 5 | - The "enroll" node_not_found_hook now uses all valid MAC's to check node 6 | existence, not only the MAC(s) that will be used for creating port(s). 7 | -------------------------------------------------------------------------------- /releasenotes/notes/loopback-bmc-e60d64fe74bdf142.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Loopback BMC addresses (useful e.g. with virtualbmc) are no longer used 5 | for lookup. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/manage-boot-2ae986f87098576b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds new parameter ``manage_boot`` to the introspection API to allow 5 | disabling boot management (setting the boot device and rebooting) 6 | for a specific node. If it is set to ``False``, the boot is supposed 7 | to be managed by a 3rd party. 8 | 9 | If the new option ``can_manage_boot`` is set to ``False`` (the default is 10 | ``True), then ``manage_boot`` must be explicitly set to ``False``. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/manage-boot-power-off-d8ed644f11659c38.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | No longer tries to power off nodes after introspection if ``manage_boot`` 5 | is ``False``. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/mdns-a5f4034257139e31.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | A new option ``enable_mdns`` allows to enable publishing the baremetal 5 | introspection API endpoint via mDNS as specified in the `API SIG guideline 6 | `_. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/migrate-introspection-data-bcd692c9ad3f22d7.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds a migration tool ``ironic-inspector-migrate-data`` to facilitate the 5 | introspection data migration between supported introspection data storage 6 | backends. Currently the available introspection data storage backends are: 7 | ``database`` and ``swift``. For example, to migrate existing introspection 8 | data stored in the swift to database, execute following command: 9 | 10 | .. code-block:: shell 11 | 12 | $ ironic-inspector-migrate-data --from swift --to database --config-file /etc/ironic-inspector/inspector.conf 13 | 14 | Storage backends involved in the migration should have been properly 15 | configured in the ironic inspector configuration file. Before the 16 | introspection data migration can be started. The ironic inspector database 17 | should be upgraded to have the latest schema. 18 | -------------------------------------------------------------------------------- /releasenotes/notes/migrations-1.3.20-0d337d000bd0a7e0.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes database migrations with SQLAlchemy 1.3.20. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/migrations-autogenerate-4303fd496c3c2757.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - Allow autogeneration of database migrations. 4 | -------------------------------------------------------------------------------- /releasenotes/notes/missing-pxe-mac-d9329dab85513460.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Log a warning when add_ports is set to pxe, but no PXE MAC is returned from 4 | the ramdisk. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/multiattribute_node_lookup-17e219ba8d3e5eb0.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Looking up nodes during introspection or discovery now supports multiple 5 | attributes matching. For example, two nodes can use the same ``bmc_address`` 6 | and still can be distinguished by MAC addresses. 7 | upgrade: 8 | - | 9 | Uniqueness of a node ``bmc_address`` isn't enforced any more. 10 | - | 11 | The primary key of the ``attributes`` table is relaxed from the 12 | ``attributes.name, attributes.value`` column pair to a new column 13 | ``attributes.uuid``. 14 | fixes: 15 | - | 16 | Introspection fails on nodes with the same IPMI address but different IPMI 17 | ports. 18 | -------------------------------------------------------------------------------- /releasenotes/notes/names-82d9f84153a228ec.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Add support for using Ironic node names in API instead of UUIDs. 4 | Note that using node names in the introspection status API will require 5 | a call to Ironic to be made by the service. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/nested-value-formatting-e04f187475e5e475.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Modifies introspection rules to allow formatting to be applied to strings 4 | nested in dicts and lists in the actions. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/no-downgrade-migrations-514bf872d9f944ed.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Database migrations downgrade was removed. More info about 4 | database migration/rollback could be found here 5 | https://docs.openstack.org/openstack-ops/content/ops_upgrades-roll-back.html 6 | -------------------------------------------------------------------------------- /releasenotes/notes/no-fail-on-power-off-enroll-node-e40854f6def397b8.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Don't fail on finish power off if node in 'enroll' state. Nodes in 4 | 'enroll' state are not expected to have power credentials. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/no-logs-stored-data-6db52934c7f9a91a.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - Ramdisk logs are no longer part of data stored to Swift and returned 4 | by the API. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/no-old-ramdisk-095b05e1245131d8.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | Starting with this release only ironic-python-agent (IPA) is supported 4 | as an introspection ramdisk. 5 | upgrade: 6 | - Support for the old bash-based ramdisk was removed. Please switch to IPA 7 | before upgrading. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/no-rollback-e15bc7fee0134545.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - Introspection rules actions 'set-attribute', 'set-capability' and 4 | 'extend-attribute' no longer have the opposite effect on nodes that do not 5 | match a rule. 6 | fixes: 7 | - Dropped rollback actions from 'set-attribute', 'set-capability' and 8 | 'extend-attribute' introspection rules actions, as they were confusing, 9 | completely undocumented and broke some real world use cases 10 | (e.g. setting driver field). 11 | -------------------------------------------------------------------------------- /releasenotes/notes/no-root_device_hint-0e7676d481d503bb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - Removed the deprecated "root_device_hint" alias for the "raid_device" hook. 4 | -------------------------------------------------------------------------------- /releasenotes/notes/node-id-920629472f01c83a.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes ``AttributeError: 'Node' object has no attribute 'uuid'`` when 5 | trying to introspect an active node that is not currently in the cache. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/node-locking-4d135ca5b93524b1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Acquire a lock on a node UUID when handling it. 4 | -------------------------------------------------------------------------------- /releasenotes/notes/optional-root-disk-9b972f504b2e6262.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Avoid failing introspection on diskless nodes. The node property ``local_gb 5 | == 0`` is set in that case. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/parse-headers-with-the-microversion-parse-library-1b655eb52998f1df.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Delegate parsing of version headers in API requests to the 5 | ``microversion-parse`` library which also adds support for the new 6 | standard singular header: 7 | 'OpenStack-API-Version: baremetal-introspection '. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/patch-head-backslash-24bcdd03ba254bf2.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Introspection rules (e.g. set-attribute action) now accept 'path' 4 | field without leading forward slash as Ironic cli does. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/pci_devices-plugin-5b93196e0e973155.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Adds new processing hook pci_devices for setting node 4 | capabilities based on PCI devices present on a node 5 | and rules in the [pci_devices] aliases configuration 6 | option. Requires "pci-devices" collector to be enabled 7 | in IPA. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/periodics-18bf7fb57777c043.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | No longer aborts the whole process if one periodic task fails. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/persistent-boot-207b32257a97451e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Introspection now respects the ``force_persistent_boot_device`` 5 | parameter in a node's ``driver_info``. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/pgsql-imperative-enum-dda76f150a205d0a.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | For postgreSQL, the database migration command ``ironic-inspector-dbsync upgrade`` always 5 | failed (with `enum NODE_STATE does not exist `_). 6 | This is fixed and the migration now works. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/physnet-base-4499ad3a7c08725f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - Added base class (``BasePhysnetHook``) for plugins that assign a physical 4 | network to ports. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/physnet-cidr-map-hook-b38bf8051ad5ba69.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Added ``physnet_cidr_map`` processing plugin, the plugin uses the IP 4 | address of interfaces returned during inspection and set the port 5 | ``physical_network`` via lookup from a CIDR to physical network mapping in 6 | config option ``[port_physnet]/cidr_map``. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/policy-engine-c44828e3131e6c62.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds an API access policy enforcement based on **oslo.policy** rules. 5 | Similar to other OpenStack services, operators now can configure 6 | fine-grained access policies using ``policy.yaml`` file. See 7 | `policy.yaml.sample`_ in the code tree for the list of available policies 8 | and their default rules. This file can also be generated from the code tree 9 | with the following command:: 10 | 11 | tox -egenpolicy 12 | 13 | See the `oslo.policy package documentation`_ for more information 14 | on using and configuring API access policies. 15 | 16 | .. _policy.yaml.sample: https://git.openstack.org/cgit/openstack/ironic-inspector/plain/policy.yaml.sample 17 | .. _oslo.policy package documentation: https://docs.openstack.org/oslo.policy/latest/ 18 | upgrade: 19 | - | 20 | Due to the choice of default values for API access policies rules, 21 | some API parts of the **ironic-inspector** service will become available 22 | to wider range of users after upgrade: 23 | 24 | - general access to the whole API is by default granted to a user 25 | with either ``admin``, ``administrator`` or ``baremetal_admin`` role 26 | (previously it allowed access only to a user with ``admin`` role) 27 | - listing of current introspection statuses and showing a given 28 | introspection is by default also allowed to a user with the 29 | ``baremetal_observer`` role 30 | 31 | If these access policies are not appropriate for your deployment, override 32 | them in a ``policy.json`` file in the **ironic-inspector** configuration 33 | directory (usually ``/etc/ironic-inspector``). 34 | 35 | See the `oslo.policy package documentation`_ for more information 36 | on using and configuring API access policies. 37 | 38 | .. _oslo.policy package documentation: https://docs.openstack.org/oslo.policy/latest/ 39 | -------------------------------------------------------------------------------- /releasenotes/notes/port-creation-plugin-c0405ec646b1051d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Ports creating logic was moved from core processing code to the 5 | ``validate_interfaces`` processing hook. This may affect deployments 6 | that disable this hook or replace it with something else. Also make 7 | sure to place this hook before any hooks expecting ports to be created. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/port-list-retry-745d1cf41780e961.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | The periodic PXE filter update task now retries fetching port list from 5 | the Bare Metal service 5 times (with 1 second delay) before giving up. 6 | This ensures that a temporary networking glitch will not result in 7 | the ironic-inspector service stopping. 8 | upgrade: 9 | - | 10 | Adds dependency on the `retrying `_ 11 | python library. 12 | -------------------------------------------------------------------------------- /releasenotes/notes/post-introspection-data-9cdd39a3de446e92.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds support to reapply with provided unprocessed introspection data. The 5 | introspection data is supplied in the body of POST request to 6 | ``/v1/introspection//data/unprocessed``. The introspection data 7 | will also be saved to storage backend. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/prelude-10.0.0-773ef7f14a5dfdf5.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | The Train release of Ironic Inspector features support for running separate 4 | API and conductor services. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/preprocessing-error-01e55b4db20fb7fc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Fixed confusing error message shown to user when something bad happens 4 | during preprocessing (https://launchpad.net/bugs/1523907). 5 | -------------------------------------------------------------------------------- /releasenotes/notes/processing-data-type-check-7c914339d3ab15ba.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - The data processing API endpoint now validates that data received from 4 | the ramdisk is actually a JSON object instead of failing the internal error 5 | later (issue https://bugs.launchpad.net/bugs/1525876). 6 | -------------------------------------------------------------------------------- /releasenotes/notes/processing-logging-e2d27bbac95a7213.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - Logging during processing is now more consistent in terms of how it 4 | identifies the node. Now we try to prefix the log message with node UUID, 5 | BMC address and PXE MAC address (if available). Logging BMC addresses can 6 | be disabled via new "log_bmc_address" option in the "processing" section. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/project-status-4ce6dc06e8b8a0d1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | The ironic-inspector project is now in maintenance mode and will only 5 | receive bug fixes and other minor improvements from now on. The same 6 | functionality is being added to ironic itself. The preview of it is 7 | expected to be available in the Caracal release cycle, ironic-inspector 8 | will be deprecated afterwards. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/pxe-enabled-cbc3287ebe3fcd49.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Update ``pxe_enabled`` field on ports. It is set to ``True`` for the 5 | PXE-booting port and ``False`` for the remaining ports. Both newly 6 | discovered and existing ports are affected. 7 | upgrade: 8 | - | 9 | Bare metal API version `1.19` is now required. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/pxe-enabled-for-pxe-a199e81128557bc0.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds a configuration option ``[processing]update_pxe_enabled`` to control 5 | whether the pxe_enabled should be updated according to introspection data 6 | for ports. The default value is True which is backwards compatible. -------------------------------------------------------------------------------- /releasenotes/notes/pxe-filter-add-deny-unknown-host-option-b84b2aa1f7f49a17.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | By default the DHCP filtering will open the DHCP server for any node when 5 | introspection is active. It will only block DHCP for enrolled nodes that 6 | are not being introspected. Doing so is required to support interface 7 | discovery (which by default will enroll the pxe port to ironic if not 8 | present). This behaviour is not always wanted, as nodes not managed by 9 | ironic may boot the inspection image. 10 | 11 | A new option was added ``[pxe_filter]deny_unknown_macs`` which allow 12 | changing this behaviour so that the DHCP server only allow enrolled nodes 13 | being introspected and deny everything else. 14 | 15 | .. Note:: If this option is ``True``, nodes must have at least one 16 | enrolled port prior to introspection. 17 | 18 | -------------------------------------------------------------------------------- /releasenotes/notes/pxe-filter-dnsmasq-manage-deleted-ironic-macs-4bb766efad8c6d02.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | The ``dnsmasq`` PXE filter no longer whitelists the MAC addresses of ports 5 | deleted from the Bare Metal service. Instead they are blacklisted unless 6 | introspection is active or the ``node_not_found_hook`` is set in the 7 | configuration. This ensures that no previously enrolled node accidentally 8 | boot the inspection image when no node introspection is active. 9 | `Bug #2001979 `_. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/pxe-filter-dnsmasq-not-known-hosts-filter-76ae5bd7a8db6f75.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds wildcard ignore entry to ``dnsmasq`` PXE filter. When node 5 | introspection is active, or if ``node_not_found_hook`` is set in the 6 | configuration the ignore is removed from the wildcard entry. This ensures 7 | that unknown nodes do not accidentally boot into the introspection image 8 | when no node introspection is active. 9 | 10 | This brings ``dnsmasq`` PXE filter driver feature parity with the 11 | ``iptables`` PXE filter driver, which uses a firewall rule to block any 12 | DHCP request on the interface where Ironic Inspector's DHCP server is 13 | listening. 14 | -------------------------------------------------------------------------------- /releasenotes/notes/pxe-filter-driver-stuck-ea5844cf3eafa61f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | fixes: 4 | - | 5 | Inspector now ignores failures to list ironic ports during 6 | pxe filter driver sync, and just skips the sync in this case. 7 | Previously such errors resulted in pxe filter driver being stuck 8 | in an uninitialized state until ironic inspector was restarted. 9 | See bug `2008971 `_. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/ramdisk-logs-on-all-failures-24da41edf3a98400.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - The ramdisk logs are now stored on all preprocessing errors, not only 4 | ones reported by the ramdisk itself. This required moving the ramdisk 5 | logs handling from the "ramdisk_error" plugin to the generic processing 6 | code. 7 | upgrade: 8 | - Handling ramdisk logs was moved out of the "ramdisk_error" plugin, so 9 | disabling it will no longer disable handling ramdisk logs. As before, 10 | you can set "ramdisk_logs_dir" option to an empty value (the default) 11 | to disable storing ramdisk logs. 12 | -------------------------------------------------------------------------------- /releasenotes/notes/reapply-introspection-5edbbfaf498dbd12.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Introduced API "POST /v1/introspection/UUID/data/unprocessed" 4 | for reapplying the introspection over stored data. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-deprecated-conf-opts-361ab0bb342f0e7e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Removes deprecated configuration options: ``introspection_delay_drivers`` from the 5 | default section and ``log_bmc_address`` from the ``processing`` section. 6 | 7 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-deprecated-ssl-opt-f6e6bd841f2c1061.yaml: -------------------------------------------------------------------------------- 1 | upgrade: 2 | - | 3 | The deprecated SSL configuration options ``[DEFAULT]ssl_cert_path`` and 4 | ``[DEFAULT]ssl_key_path`` were removed, please use configuration options 5 | from ``[ssl]`` section. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-opt-group-firewall-96266983e476c29e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - | 4 | The deprecated configuration option ``[iptables]manage_firewall`` was 5 | removed, use ``[pxe_filter]driver`` to set filtering driver. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-opt-keep-node-status-7d6b96f1a6e498a8.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The deprecated configuration option ``[DEFAULT]node_status_keep_time`` 5 | was removed. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-policy-json-b4746d64c1511023.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - | 4 | The sample configuration file located at ``example.conf`` 5 | and the sample policy file located at ``policy.yaml.sample`` 6 | were removed in this release, as they are now published with documentation. 7 | See `the sample configuration file 8 | `_ 9 | and `the sample policy file 10 | `_. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-py38-547c59b20ab9424d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Support for Python 3.8 has been removed. Now the minimum python version 5 | supported is 3.9 . 6 | -------------------------------------------------------------------------------- /releasenotes/notes/remove-store-data-location-e68462ff6ba257e0.yaml: -------------------------------------------------------------------------------- 1 | upgrade: 2 | - | 3 | The deprecated configuration option ``[processing]store_data_location`` 4 | was removed. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/remove_filter_logging-1a80419083c42bc6.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - Remove debug logging for PXE filter driver which tends to fill up 4 | inspector logs when debug is enabled. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/reply-with-content-type-644b741261c87c8c.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes an issue which may occur with Apache httpd webservers acting as a 5 | proxy where the server may report ``Bad Gateway``, however inspector 6 | continues operating as if there was no problem. This was due to a 7 | lack of a ``Content-Type`` header on HTTP 202 and 204 replies, 8 | and lack of message body with HTTP 202 messages which Apache httpd 9 | can error upon. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/reset-interfaces-ff78d50b9f05d47d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The ``set-attribute`` action now automatically sets ``reset_interfaces`` to 5 | ``True`` if the driver is updated. If it's not desired, set it explicitly 6 | to ``False``. 7 | fixes: 8 | - | 9 | Fixes updating a driver with the ``set-attribute`` introspection rule 10 | action by providing ``reset_interfaces``. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/retry_to_handle_transient_failures-e1da302fd1d06528.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes issues in Inspector where various tasks would not have retry logic 5 | applied to them and may sporadically fail. This is because the OpenStack 6 | SDK does not comprehend the NodeLocked error, which previously 7 | python-ironicclient silently handled. Basic operations such as 8 | "power reboot" and "set boot device" will now be retried automatically if 9 | they fail. 10 | For more information, please see 11 | `story 2009107 `_. 12 | -------------------------------------------------------------------------------- /releasenotes/notes/role-service-for-openstack-rbac-changes-7ca8533f76e504d5.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes the Role Based Access Control state and capabilities to align with 5 | OpenStack Community RBAC goals which includes support for a ``service`` 6 | role by default to enable inter-service communication to be configured 7 | without an ``admin`` username. In large part, these changes were missed 8 | as the Inspector service is considered an "admin-only" service. 9 | 10 | Also in alignment with overall community position changes, where the 11 | ``admin`` role is sufficient without an explicit ``system`` scope. To 12 | help ensure a high level of security, explicit testing was also added 13 | for the ``manager`` role, which is unavailable as that role is reserved 14 | for administrative functions inside of a tenant's project. 15 | -------------------------------------------------------------------------------- /releasenotes/notes/rollback-formatting-7d61c9af2600d42f.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Do not fail the whole introspection due to a value formatting error during 5 | introspection rules rollback. See `bug 1686942 6 | `_ for an example 7 | and detailed investigation. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/rollback-removal-a03a989e2e9f776b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Support for rollback actions in introspection rules was removed. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/rootwrap-removal-68af457a0104a2ba.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The rootwrap rule to allow restarting the systemd service 5 | openstack-ironic-inspector-dnsmasq.service has been removed. No known 6 | tooling requires this rule since before Train. Any configuration tool which 7 | is setting [dnsmasq_pxe_filter]dnsmasq_start_command also needs to be 8 | writing an appropriate rootwrap.d file, as the inspector devstack plugin 9 | does. -------------------------------------------------------------------------------- /releasenotes/notes/rpc-backends-0e7405aa1c7723a0.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Adds rpc related configuration options for the communication between 5 | ironic-inspector API and worker. It needs to be configured properly 6 | during upgrade. Set ``[DEFAULT]transport_url`` to ``fake://`` if a 7 | rpc backend is not available or not desired. -------------------------------------------------------------------------------- /releasenotes/notes/rules-invert-2585173a11db3c31.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - Introspection rules conditions got a new generic "invert" parameter that 4 | inverts the result of the condition. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/sdk-2-leak-500f3669afb6713e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes memory leak with openstacksdk 2.0 and newer. This version requires 5 | connections to be explicitly closed, otherwise they stay in memory forever. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/secure-rbac-0d4fcbc865d45858.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | The default policy will been replaced with one which aligns with the 5 | Secure-RBAC scopes and roles. Since ironic-inspector is a tool used only 6 | by system-level admins, only the ``system`` scope is supported, and the 7 | only roles in the policy rules are ``admin`` and ``reader``. 8 | upgrade: 9 | - | 10 | The new policy is only enforced when ``[oslo_policy]`` config is changed to 11 | ``enforce_new_defaults=True`` and ``enforce_scope=True``, otherwise the 12 | existing deprecated policy is used. User accounts which rely on having 13 | the ``baremetal_admin`` or ``baremetal_observer`` roles will need to 14 | have system-scoped ``admin`` or ``reader`` roles to use the API when the 15 | new policy is enforced. 16 | deprecations: 17 | - | 18 | The previous policy is still enforced by default, but is now deprecated 19 | and will be removed in a future release. -------------------------------------------------------------------------------- /releasenotes/notes/set-node-to-error-when-swift-failure-3e919ecbf9db6401.yaml: -------------------------------------------------------------------------------- 1 | fixes: 2 | - Set the node to the error state when it 3 | failed get data from swift. 4 | -------------------------------------------------------------------------------- /releasenotes/notes/short_circuit_port_update_for_manual_inspection-5dc296df9d409c69.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes an issue happening during manual inspection of 5 | active nodes where the code attempts to delete or update 6 | ports, while the only modification allowed for active 7 | nodes is updating the MAC address if the node is in 8 | maintenance. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/sighup-support-e6eaec034d963108.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Issuing a SIGHUP to the ironic-inspector service will cause the service to 5 | reload and use any changed values for *mutable* configuration options. 6 | 7 | Mutable configuration options are indicated as such in the `sample 8 | configuration file `_ 9 | by ``Note: This option can be changed without restarting``. 10 | 11 | A warning is logged for any changes to immutable configuration options. -------------------------------------------------------------------------------- /releasenotes/notes/size-hint-ea2a264468e1fcb7.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - The "size" root device hint is now always converted to an integer for 4 | consistency with IPA. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/sphinx-docs-4d0a5886261e57bf.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | This release includes automatic `docs` generation via Sphinx. 4 | other: 5 | - | 6 | Introduced new docs generation via `Sphinx `_ 7 | and `ReST `_. 8 | 9 | * Separate `doc` folder includes `source` and `build` 10 | * Integration with `tox `_ as `docs` target 11 | * `makefile` for manual building 12 | * `Openstack Theme `_ support 13 | -------------------------------------------------------------------------------- /releasenotes/notes/split-services-99873ff27ef2d89b.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Allows splitting the ironic-inspector service into ironic-inspector-api and 5 | ironic-inspector-conductor which coordinate via tooz and its underlying 6 | backend. A new configuration option ``[DEFAULT]standalone`` is introduced 7 | to enable this feature. The configuration defaults to True, and 8 | ironic-inspector runs as a single service, which is compatible with the 9 | old behavior. When set to False, ``ironic-inspector-api-wsgi`` is used to 10 | start the API service, and ``ironic-inspector-conductor`` is used to start 11 | the conductor service. For ironic-inspector running in non-standalone 12 | mode, the user needs to set the new configuration option 13 | ``[coordination]backend_url``, which specifies the backend used for 14 | coordination. 15 | -------------------------------------------------------------------------------- /releasenotes/notes/sqlalchemy-minimum-version-cd34a2e10d7946fd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The minimum version of SQLAlchemy is now ``1.4.0``, in preparation for the 5 | future anticipated release of SQLAlchemy ``2.0.0``. 6 | - | 7 | The minimum version of Oslo.DB is now ``12.1.0``, in preparation for the 8 | future anticipated release of SQLAlchemy ``2.0.0``. 9 | - | 10 | Database schema upgrades from versions prior to ``7.3.0`` are not 11 | supported. Please upgrade to an intermediate release prior to upgrading 12 | to this release. 13 | fixes: 14 | - | 15 | Fixes an issue where database responses of nodes would get orphaned 16 | in inspector process RAM, and would not be garbage collected. 17 | We were able to discover and reproduce this issue while working on 18 | database connectivity locks remaining in place. 19 | Please see `story 2009727 `_ 20 | for more details. 21 | deprecations: 22 | - | 23 | Plugin maintainers should be aware that the Node Cache object field 24 | ``version_id`` filed is no longer in use. It is still returned 25 | by the data model if stored for the purposes of compatibility, but 26 | Inspector will not update the field through the normal course of it's 27 | operation. 28 | other: 29 | - | 30 | Plugin maintainers who are directly working with the database will 31 | need to update their plugins. Specifically the Database API has 32 | been delineated into using ``enginefacade`` with a dedicated 33 | reader and writer model, in anticipation of support for SQLAlchemy 2.0 34 | and an eventual merge of Inspector into Ironic at some point in the 35 | future. Database actions are now performed through the 36 | ``ironic_inspector.db.api`` module, where previously they were spread 37 | across ``ironic_inspector.db`` and ``ironic_inspector.node_cache``. 38 | -------------------------------------------------------------------------------- /releasenotes/notes/status-removal-fa1d9a98ffad9f60.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Old status records are no longer removed by default. They are still 5 | removed if a node is removed from Ironic. 6 | deprecations: 7 | - | 8 | The ``node_status_keep_time`` configuration option is deprecated. 9 | Now that we can remove status information about nodes removed from 10 | **ironic**, this option does not make much sense, 11 | and `may be confusing `_ 12 | -------------------------------------------------------------------------------- /releasenotes/notes/stein-prelude-42f0d90bf2c6a1a9.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | prelude: > 3 | The Stein release of ironic-inspector features support of storing 4 | introspection data in the database instead of the Object Store service, 5 | as well as fixes for IPv6. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/stop-when-setbootdev-failed-68d84fec0843bdc8.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Stops introspection when setting boot device is failed, as the node is 5 | not guaranteed to perform a PXE boot in this case. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/story-2002166-371315335fd8e62d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Updates the default Ironic API version to 1.38. 5 | 6 | This version is used by default within the Bare Metal Inspection service 7 | when communicating with the Bare Metal API. It is the default used by 8 | processing plugins, which may override the version, and by introspection 9 | rules, which may not override the version. 10 | 11 | 1.38 was the API version at the time of the most recent Queens series 12 | Bare Metal service release (10.1.0). 13 | 14 | See `story 2002166 `__. 15 | -------------------------------------------------------------------------------- /releasenotes/notes/support-ip6tables-ce30f614de502adb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds a configuration option ``[iptables]ip_version`` to specify the 5 | desired ip version for the iptables pxe filter, possible values are ``4`` 6 | and ``6``, the default value is ``4``. When set to ``6``, the iptables 7 | pxe filter will use ``ip6tables`` command to manage rules for the DHCPv6 8 | port ``547``. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/support-microversion-latest-dcf9598c5218e979.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds support to use ``latest`` as the microversion value in the request 5 | to the ironic-inspector API. -------------------------------------------------------------------------------- /releasenotes/notes/support_redfish_address-94eae2c0d2879f53.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes the node identification logic to enable a user to list 5 | the ``redfish_address`` label for ``driver_info`` field values for 6 | identification of a machine using the ``[DEFAULT]ipmi_address_fields`` 7 | configuration option. Previously the host would just not be matched as 8 | the full URL would be evaluated instead of what the URL may resolve to. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-deprecations-d7680b867fae7f3d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The deprecation configuration options ``os_service_type``, ``os_region`` 5 | and ``os_endpoint_type`` from the ``[swift]`` section have been removed. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-max-retries-dfaecb74bd3aba9a.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | The configuration option ``[swift]max_retries`` is deprecated. It has been 5 | doing nothing for a few releases already. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/swift-max-retries-removal-8f3c117240448760.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | deprecations: 3 | - | 4 | The deprecated ``[swift]max_retries`` parameter has been removed. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/tempest_plugin_removal-91a01f5950f543e1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | other: 3 | - | 4 | The tempest plugin code that was in 5 | ``ironic_inspector/test/inspector_tempest_plugin/`` has been removed. 6 | Tempest plugin code has been migrated to the project 7 | `openstack/ironic-tempest-plugin 8 | `_. This was 9 | an OpenStack wide `goal for the Queens cycle 10 | `_. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/trailing-slashes-93c2466b71829ec1.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes accessing API endpoints with trailing slashes. Now they're treated 5 | the same way as without slashes, although the latter remain canonical URLs. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/trait-actions-eec05cbb6a944619.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Adds new introspection rules actions to add or remove traits on nodes: 5 | ``add-trait`` and ``remove-trait``. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/unix-socket-2f4281f8db5dd80a.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | Supports listening on a Unix socket instead of a normal TCP socket. 5 | This is useful with an HTTP server such as nginx in proxy mode. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/unmanaged-delay-d39871e1346d9448.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | No longer uses introspection delay for nodes with ``manage_boot==False`` 5 | (i.e. boot is managed by ironic). It is useless and may actually break 6 | introspection if a node boots before it gets whitelisted in the PXE filter. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/unmanaged-result-4de3788e7820e3c5.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | The introspection start API is now synchronous when ``manage_boot==False``. 5 | This means that any failures will be propagated to ironic, preventing it 6 | from powering a node on and booting it without the PXE filter updated. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/unprocessed-07842e56eb60e253.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | features: 3 | - | 4 | The new API ``GET /v1/introspection//data/unprocessed`` allows 5 | retrieving raw (unprocessed) data if data store is enabled. 6 | -------------------------------------------------------------------------------- /releasenotes/notes/unset_property_instrospectionrules-78d64b8b7643e40d.yaml: -------------------------------------------------------------------------------- 1 | fixes: 2 | - | 3 | Allows the ``set-attribute`` introspection rule action to accept ``None`` 4 | as value for a property. 5 | -------------------------------------------------------------------------------- /releasenotes/notes/update-default-ironic-api-stein-b3b01ec542fa8f15.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | Updates the default Ironic API version to 1.56, which is the most 5 | recent version in the Stein series Bare Metal release (12.1.0). 6 | 7 | -------------------------------------------------------------------------------- /releasenotes/notes/validate-ipv6-address-fda29c929754352e.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | Fixes the issue that ports were not collected when there were only IPv6 5 | addresses (no IPv4), and the configuration option 6 | ``[processing]add_ports`` was not set to ``all``. Inspector will report 7 | "No suitable interfaces found" if no interface is collected. For more 8 | information see 9 | `Story 1744073 `_ 10 | -------------------------------------------------------------------------------- /releasenotes/notes/vaporize-ironicclient-8c6afbecc0152dad.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade: 3 | - | 4 | The python-ironicclient package has been removed as a dependency in favor 5 | of openstacksdk. 6 | Third party modules and plugins will require an update if they previously 7 | invoked ironicclient. -------------------------------------------------------------------------------- /releasenotes/notes/zero-size-55c4b4f2b9e8384d.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | fixes: 3 | - | 4 | No longer tries to set ``local_gb`` to -1 if the matched root device has 5 | size of zero. 6 | -------------------------------------------------------------------------------- /releasenotes/source/2023.1.rst: -------------------------------------------------------------------------------- 1 | ============================================= 2 | 2023.1 Series (11.2.0 - 11.4.x) Release Notes 3 | ============================================= 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/2023.1 7 | -------------------------------------------------------------------------------- /releasenotes/source/2023.2.rst: -------------------------------------------------------------------------------- 1 | ============================================= 2 | 2023.2 Series (11.5.0 - 11.7.x) Release Notes 3 | ============================================= 4 | 5 | .. release-notes:: 6 | :branch: stable/2023.2 7 | -------------------------------------------------------------------------------- /releasenotes/source/2024.1.rst: -------------------------------------------------------------------------------- 1 | ============================================= 2 | 2024.1 Series (11.8.0 - 12.1.x) Release Notes 3 | ============================================= 4 | 5 | .. release-notes:: 6 | :branch: stable/2024.1 7 | -------------------------------------------------------------------------------- /releasenotes/source/2024.2.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | 2024.2 Series Release Notes 3 | =========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/2024.2 7 | -------------------------------------------------------------------------------- /releasenotes/source/2025.1.rst: -------------------------------------------------------------------------------- 1 | =========================== 2 | 2025.1 Series Release Notes 3 | =========================== 4 | 5 | .. release-notes:: 6 | :branch: stable/2025.1 7 | -------------------------------------------------------------------------------- /releasenotes/source/_static/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/ironic-inspector/5c0d5d251d305258dc64e3f64542275167fcdebf/releasenotes/source/_static/.placeholder -------------------------------------------------------------------------------- /releasenotes/source/_templates/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openstack/ironic-inspector/5c0d5d251d305258dc64e3f64542275167fcdebf/releasenotes/source/_templates/.placeholder -------------------------------------------------------------------------------- /releasenotes/source/index.rst: -------------------------------------------------------------------------------- 1 | ============================== 2 | Ironic Inspector Release Notes 3 | ============================== 4 | 5 | .. toctree:: 6 | :maxdepth: 1 7 | 8 | unreleased 9 | 2025.1 10 | 2024.2 11 | 2024.1 12 | 2023.2 13 | 2023.1 14 | zed 15 | yoga 16 | xena 17 | wallaby 18 | victoria 19 | ussuri 20 | train 21 | stein 22 | rocky 23 | queens 24 | pike 25 | ocata 26 | newton 27 | mitaka 28 | liberty 29 | -------------------------------------------------------------------------------- /releasenotes/source/liberty.rst: -------------------------------------------------------------------------------- 1 | ============================================ 2 | Liberty Series (2.0.0 - 2.2.7) Release Notes 3 | ============================================ 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/liberty 7 | -------------------------------------------------------------------------------- /releasenotes/source/mitaka.rst: -------------------------------------------------------------------------------- 1 | =========================================== 2 | Mitaka Series (2.3.0 - 3.2.x) Release Notes 3 | =========================================== 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/mitaka 7 | -------------------------------------------------------------------------------- /releasenotes/source/newton.rst: -------------------------------------------------------------------------------- 1 | =========================================== 2 | Newton Series (3.3.0 - 4.2.x) Release Notes 3 | =========================================== 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/newton 7 | -------------------------------------------------------------------------------- /releasenotes/source/ocata.rst: -------------------------------------------------------------------------------- 1 | ========================================== 2 | Ocata Series (5.0.0 - 5.0.x) Release Notes 3 | ========================================== 4 | 5 | .. release-notes:: 6 | :branch: origin/stable/ocata 7 | -------------------------------------------------------------------------------- /releasenotes/source/pike.rst: -------------------------------------------------------------------------------- 1 | ========================================= 2 | Pike Series (6.0.0 - 6.0.x) Release Notes 3 | ========================================= 4 | 5 | .. release-notes:: 6 | :branch: stable/pike 7 | -------------------------------------------------------------------------------- /releasenotes/source/queens.rst: -------------------------------------------------------------------------------- 1 | ============================================ 2 | Queens Series (6.1.0 - 7.2.x) Release Notes 3 | ============================================ 4 | 5 | .. release-notes:: 6 | :branch: stable/queens 7 | -------------------------------------------------------------------------------- /releasenotes/source/rocky.rst: -------------------------------------------------------------------------------- 1 | ========================================== 2 | Rocky Series (8.0.0 - 8.0.x) Release Notes 3 | ========================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/rocky 7 | -------------------------------------------------------------------------------- /releasenotes/source/stein.rst: -------------------------------------------------------------------------------- 1 | ========================================== 2 | Stein Series (8.1.0 - 8.2.x) Release Notes 3 | ========================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/stein 7 | -------------------------------------------------------------------------------- /releasenotes/source/train.rst: -------------------------------------------------------------------------------- 1 | ========================================== 2 | Train Series (9.0.0 - 9.2.x) Release Notes 3 | ========================================== 4 | 5 | .. release-notes:: 6 | :branch: stable/train 7 | -------------------------------------------------------------------------------- /releasenotes/source/unreleased.rst: -------------------------------------------------------------------------------- 1 | ============================ 2 | Current Series Release Notes 3 | ============================ 4 | 5 | .. release-notes:: 6 | -------------------------------------------------------------------------------- /releasenotes/source/ussuri.rst: -------------------------------------------------------------------------------- 1 | ============================================= 2 | Ussuri Series (10.0.0 - 10.1.x) Release Notes 3 | ============================================= 4 | 5 | .. release-notes:: 6 | :branch: stable/ussuri 7 | -------------------------------------------------------------------------------- /releasenotes/source/victoria.rst: -------------------------------------------------------------------------------- 1 | =============================================== 2 | Victoria Series (10.2.0 - 10.4.x) Release Notes 3 | =============================================== 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/victoria 7 | -------------------------------------------------------------------------------- /releasenotes/source/wallaby.rst: -------------------------------------------------------------------------------- 1 | ============================================== 2 | Wallaby Series (10.5.0 - 10.6.x) Release Notes 3 | ============================================== 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/wallaby 7 | -------------------------------------------------------------------------------- /releasenotes/source/xena.rst: -------------------------------------------------------------------------------- 1 | =========================================== 2 | Xena Series (10.7.0 - 10.8.x) Release Notes 3 | =========================================== 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/xena 7 | -------------------------------------------------------------------------------- /releasenotes/source/yoga.rst: -------------------------------------------------------------------------------- 1 | ============================================ 2 | Yoga Series (10.9.0 - 10.11.x) Release Notes 3 | ============================================ 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/yoga 7 | -------------------------------------------------------------------------------- /releasenotes/source/zed.rst: -------------------------------------------------------------------------------- 1 | =========================================== 2 | Zed Series (10.12.0 - 11.1.x) Release Notes 3 | =========================================== 4 | 5 | .. release-notes:: 6 | :branch: unmaintained/zed 7 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | # Requirements lower bounds listed here are our best effort to keep them up to 2 | # date but we do not test them so no guarantee of having them all correct. If 3 | # you find any incorrect lower bounds, let us know or propose a fix. 4 | 5 | automaton>=1.9.0 # Apache-2.0 6 | alembic>=1.4.2 # MIT 7 | construct>=2.9.39 # MIT 8 | eventlet>=0.27.0 # MIT 9 | Flask>=1.1.0 # BSD 10 | futurist>=1.2.0 # Apache-2.0 11 | jsonpath-rw>=1.2.0 # Apache-2.0 12 | jsonschema>=3.2.0 # MIT 13 | keystoneauth1>=4.2.0 # Apache-2.0 14 | keystonemiddleware>=4.18.0 # Apache-2.0 15 | netaddr>=0.7.18 # BSD 16 | pbr>=3.1.1 # Apache-2.0 17 | PyYAML>=5.3.1 18 | openstacksdk>=0.40.0 # Apache-2.0 19 | oslo.concurrency>=3.26.0 # Apache-2.0 20 | oslo.config>=6.8.0 # Apache-2.0 21 | oslo.context>=2.22.0 # Apache-2.0 22 | oslo.db>=12.1.0 # Apache-2.0 23 | oslo.i18n>=3.20.0 # Apache-2.0 24 | oslo.log>=4.3.0 # Apache-2.0 25 | oslo.messaging>=14.1.0 # Apache-2.0 26 | oslo.middleware>=3.31.0 # Apache-2.0 27 | oslo.policy>=4.5.0 # Apache-2.0 28 | oslo.rootwrap>=5.8.0 # Apache-2.0 29 | oslo.serialization>=2.25.0 # Apache-2.0 30 | oslo.service>=1.31.0 # Apache-2.0 31 | oslo.upgradecheck>=1.2.0 # Apache-2.0 32 | oslo.utils>=4.5.0 # Apache-2.0 33 | tenacity>=6.2.0 # Apache-2.0 34 | stevedore>=1.20.0 # Apache-2.0 35 | SQLAlchemy>=1.4.0 # MIT 36 | tooz>=2.5.1 # Apache-2.0 37 | microversion_parse>=1.0.1 # Apache-2.0 38 | zeroconf>=0.24.0 # LGPL 39 | bcrypt>=3.1.3 # Apache-2.0 40 | -------------------------------------------------------------------------------- /rootwrap.conf: -------------------------------------------------------------------------------- 1 | # Configuration for ironic-inspector-rootwrap 2 | # This file should be owned by (and only-writeable by) the root user 3 | 4 | [DEFAULT] 5 | # List of directories to load filter definitions from (separated by ','). 6 | # These directories MUST all be only writeable by root ! 7 | filters_path=/etc/ironic-inspector/rootwrap.d,/usr/share/ironic-inspector/rootwrap 8 | 9 | # List of directories to search executables in, in case filters do not 10 | # explicitly specify a full path (separated by ',') 11 | # If not specified, defaults to system PATH environment variable. 12 | # These directories MUST all be only writeable by root ! 13 | exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin 14 | 15 | # Enable logging to syslog 16 | # Default value is False 17 | use_syslog=False 18 | 19 | # Which syslog facility to use. 20 | # Valid values include auth, authpriv, syslog, user0, user1... 21 | # Default value is 'syslog' 22 | syslog_log_facility=syslog 23 | 24 | # Which messages to log. 25 | # INFO means log all usage 26 | # ERROR means only log unsuccessful attempts 27 | syslog_log_level=ERROR 28 | -------------------------------------------------------------------------------- /rootwrap.d/ironic-inspector.filters: -------------------------------------------------------------------------------- 1 | # This file should be owned by (and only-writeable by) the root user 2 | 3 | [Filters] 4 | # ironic-inspector-rootwrap command filters for firewall manipulation 5 | # ironic_inspector/pxe_filter/iptables.py 6 | iptables: CommandFilter, iptables, root 7 | ip6tables: CommandFilter, ip6tables, root 8 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2013 Hewlett-Packard Development Company, L.P. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 12 | # implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | import setuptools 17 | 18 | setuptools.setup( 19 | setup_requires=['pbr>=2.0.0'], 20 | pbr=True, 21 | ) 22 | -------------------------------------------------------------------------------- /test-requirements.txt: -------------------------------------------------------------------------------- 1 | bandit>=1.1.0,<2.0.0 # Apache-2.0 2 | coverage>=4.0 # Apache-2.0 3 | pymemcache>=1.2.9 # Apache-2.0 4 | stestr>=1.0.0 # Apache-2.0 5 | fixtures>=3.0.0 # Apache-2.0/BSD 6 | oslotest>=3.2.0 # Apache-2.0 7 | -------------------------------------------------------------------------------- /tools/config-generator.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | output_file = example.conf 3 | namespace = ironic_inspector 4 | namespace = keystonemiddleware.auth_token 5 | namespace = oslo.db 6 | namespace = oslo.log 7 | namespace = oslo.messaging 8 | namespace = oslo.middleware.cors 9 | namespace = oslo.middleware.healthcheck 10 | namespace = oslo.policy 11 | namespace = oslo.service.service 12 | namespace = oslo.service.sslutils 13 | namespace = oslo.service.wsgi 14 | -------------------------------------------------------------------------------- /tools/policy-generator.conf: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | output_file = policy.yaml.sample 3 | namespace = ironic_inspector.api 4 | -------------------------------------------------------------------------------- /tools/test-setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -xe 2 | 3 | # This script will be run by OpenStack CI before unit tests are run, 4 | # it sets up the test system as needed. 5 | # Developers should setup their test systems in a similar way. 6 | 7 | # This setup needs to be run as a user that can run sudo. 8 | 9 | # The root password for the MySQL database; pass it in via 10 | # MYSQL_ROOT_PW. 11 | DB_ROOT_PW=${MYSQL_ROOT_PW:-insecure_slave} 12 | 13 | # This user and its password are used by the tests, if you change it, 14 | # your tests might fail. 15 | DB_USER=openstack_citest 16 | DB_PW=openstack_citest 17 | 18 | sudo -H mysqladmin -u root password $DB_ROOT_PW 19 | 20 | # It's best practice to remove anonymous users from the database. If 21 | # a anonymous user exists, then it matches first for connections and 22 | # other connections from that host will not work. 23 | sudo -H mysql -u root -p$DB_ROOT_PW -h localhost -e " 24 | DELETE FROM mysql.user WHERE User=''; 25 | FLUSH PRIVILEGES; 26 | CREATE USER '$DB_USER'@'%' IDENTIFIED BY '$DB_PW'; 27 | GRANT ALL PRIVILEGES ON *.* TO '$DB_USER'@'%' WITH GRANT OPTION;" 28 | 29 | # Now create our database. 30 | mysql -u $DB_USER -p$DB_PW -h 127.0.0.1 -e " 31 | SET default_storage_engine=MYISAM; 32 | DROP DATABASE IF EXISTS openstack_citest; 33 | CREATE DATABASE openstack_citest CHARACTER SET utf8;" 34 | 35 | # Same for PostgreSQL 36 | # The root password for the PostgreSQL database; pass it in via 37 | # POSTGRES_ROOT_PW. 38 | DB_ROOT_PW=${POSTGRES_ROOT_PW:-insecure_slave} 39 | 40 | # Setup user 41 | root_roles=$(sudo -H -u postgres psql -t -c " 42 | SELECT 'HERE' from pg_roles where rolname='$DB_USER'") 43 | if [[ ${root_roles} == *HERE ]];then 44 | sudo -H -u postgres psql -c "ALTER ROLE $DB_USER WITH SUPERUSER LOGIN PASSWORD '$DB_PW'" 45 | else 46 | sudo -H -u postgres psql -c "CREATE ROLE $DB_USER WITH SUPERUSER LOGIN PASSWORD '$DB_PW'" 47 | fi 48 | 49 | # Store password for tests 50 | cat << EOF > $HOME/.pgpass 51 | *:*:*:$DB_USER:$DB_PW 52 | EOF 53 | chmod 0600 $HOME/.pgpass 54 | 55 | # Now create our database 56 | psql -h 127.0.0.1 -U $DB_USER -d template1 -c "DROP DATABASE IF EXISTS openstack_citest" 57 | createdb -h 127.0.0.1 -U $DB_USER -l C -T template0 -E utf8 openstack_citest 58 | -------------------------------------------------------------------------------- /zuul.d/project.yaml: -------------------------------------------------------------------------------- 1 | - project: 2 | templates: 3 | - check-requirements 4 | - openstack-cover-jobs 5 | - openstack-python3-jobs 6 | - publish-openstack-docs-pti 7 | - release-notes-jobs-python3 8 | check: 9 | jobs: 10 | - ironic-inspector-grenade 11 | - ironic-inspector-tempest 12 | - ironic-inspector-tempest-discovery 13 | - openstack-tox-functional 14 | - bifrost-integration-tinyipa-ubuntu-jammy: 15 | voting: false 16 | - ironic-inspector-tox-bandit: 17 | voting: false 18 | - ironic-inspector-tox-codespell: 19 | voting: false 20 | gate: 21 | jobs: 22 | - ironic-inspector-grenade 23 | - ironic-inspector-tempest 24 | - ironic-inspector-tempest-discovery 25 | - openstack-tox-functional 26 | experimental: 27 | jobs: 28 | - ironic-inspector-tempest-managed-non-standalone 29 | --------------------------------------------------------------------------------