The files in tools/vnc-container allow a container image to be built
which supports Ironic's graphical console functionality.
For each node with an enabled graphical console, the service ironic-novncproxy
(or nova-novncproxy) will connect to a VNC server exposed by a container
running this image.
If the devstack ir-novnc serivce is enabled then this container image
will be built locally and ironic configured to used it for the systemd
console container provider.
This makes a devstack environment functional in accessing graphical
consoles for Dell, HPE and Supermicro.
Related-Bug: 2086715
Change-Id: I0842570cca22ac0e67d358c30225e8e08561f459
New ``console`` drivers ``redfish-graphical`` and ``fake-graphical``
have been added. This allows the graphical console to be accessed for
Dell iDRAC, HPE iLO, and Supermicro hosts. The ``fake-graphical`` driver
is useful for demonstrating the full integration of
``ironic-novncproxy`` and the ``systemd`` provider of
``ironic.console.container``.
Related-Bug: 2086715
Change-Id: If1899aedbcda606895bab120e301a006818b85a5
A new entry point ``ironic.console.container`` is added to determine how
console containers are orchestrated when ``ironic.conf``
``[vnc]enabled=True``. By default the ``fake`` provider is specified by
``[vnc]container_provider`` which performs no orchestration. The only
functional implementation included is ``systemd`` which manages
containers as Systemd Quadlet containers. These containers run as user
services and rootless podman containers. Having ``podman`` installed is
also a dependency for this provider. See ``ironic.conf`` ``[vnc]``
options to see how this provider can be configured.
The ``systemd`` provider is opinionated and will not be appropriate for
some Ironic deployment methods, especially those which run Ironic inside
containers. External implementations of ``ironic.console.container`` are
encouraged to integrate with other deployment / management methods.
Related-Bug: 2086715
Change-Id: Ib890c3c7be91ddd78a43b9c5261dd1d8c1054c04
This job was previously attempting to run all of our scenario tests,
which is nice, but the reality is that so many test steps also increases
chances for build history.
As such, dialing the job so we're performing the basic needful and
not trying to perform every test possible.
Change-Id: Ie4845fb5810a379bf6209179693eed27301b24a3
Wraps `wget` commands with sleep and mutiple retry support
for resilient network downloads.
Partial-Bug: #2098417
Change-Id: Id3e083cc97b71211e5080ad21e2c09d04d8559fa
This is a forklift of the nova novncproxy service to act as the noVNC
front-end to graphical consoles.
The service does the following:
- serves noVNC web assets for the browser based VNC client
- creates a websocket to proxy VNC traffic to an actual VNC server
- decouples authentication traffic so that the source server can have
a different authentication method than the browser client
The forklifted code has been adapted to Ironic conventions, including:
- [vnc] config options following Ironic conventions and using existing
config options where appropriate
- Removing the unnecessary authentication method VeNCrypt, leaving only
the None auth method.
- Adapting the ironic-novncproxy command to use Ironic's service launch
approach, allowing it to be started as part of the all-in-one ironic
- Replace Nova's approach of looking up the instance via the token.
Instead the node UUID is included in the websocket querystring
alongside the token
- Removing cookie fallback when token is missing from querystring
- Removing expected protocol validation in the websocket handshake
- Removing internal access path support
- Removing enforce_session_timeout as this will be done at the
container level
Related-Bug: 2086715
Change-Id: I575a8671e2262408ba1d690cfceabe992c2d4fef
Shellinabox hasn't received an update in 7 years.
Debian recently asked for maintainership to be handed over due to
open issue counts and lack of responses.
All sorts of open issues exist. It appears branches were deleted
in late 2024, forks still have them though.
Basically, looks like shellinabox is abandoned, and we should
treat it as such and abandon support in Ironic.
Change-Id: I5704e1a6a6a816e1cca3b5d0c791eed030cfc563
The emulator *and* the EFI binary paths are different
when using Centos/Fedora, and Fedora/Centos are distinctly
different with EFI folder paths.
Change-Id: I2c6ba884735f22cc9153de0a24282758ffbdc496
While doing some work on a fips-enabled machine, using centos,
I noticed the check is looking for a ubuntu package version.
Realistically, that is wrong, since 2.90 in general is what
we're seeking.
Change-Id: I02179f10a360a5dd83f4efe28c1ecbb51afb57ab
IPv6 job using UEFI and OVN with dhcpv6-stateful address mode.
Updates the devstack plugin to ensure CentOS DIB ironic-python-agent is
always used for dhcpb6-stateful, udhcpc in tinycore does not support
DHCPv6.
Ensure mtu on the ironic-provision network matches PUBLIC_BRIDGE_MTU
when Ironic IPv6 is used. This ensures we do not get packet drops from
over-mtu.
Devstack plugin will ignore any HOST_IPV6 address discovered, always
using the magigv6 interface and 'fc00::1' as IRONIC_HOST_IPV6.
Change-Id: Iab97d78d7a075eaef3bdcfc08fc4f184a5ea490a
These are functions used by both the novnc-proxy and the graphical
console drivers related to session management. They are added in this
position in the series for ease of reviewing, and to keep the
novnc-proxy change specific to code which has been forklifted and
adapted from Nova.
Change-Id: I72aa2205f92c153809300fd304558427141cda78
This change takes the identified authorization header and sends it
in the command to IPA as an argument. This enables a future IPA
patch to recognize an authorization rejection, and to leverage the
header to authenticate to the remote image service.
Also addresses a case where we neglect to preserve the auth token
in the case of a container URL reference with digest value and adds
a corresponding test which didn't exist either.
Change-Id: I8346eb56e90a5a3e2bc68a9e5cd345121f734245
When testing, I guess I didn't actually test loading the token
from config, and relied upon mocking. However, turns out the code
used the wrong load command (loads, versus load), which passed
unit testing, but didn't work when I gave the config a try.
Fixes the call and the testing so it properly passes now.
Change-Id: I4750a82ea07bc803600fddebd16f14a201ae406e
While doing some additional testing, I've started to get 429 errors
from Quay which were causing my requests to hang. This was because
the built in retry logic with adapter use. As such, I removed the
adapter use and I now get a 429 error as expected and logged properly.
This was not caught with existing testing because it was getting
captured and held inside of urllib3 with the adapter usage.
Change-Id: I68a532a9765fbf90870ef4372b93738940eabd9e
To allow other inspect interfaces to execute hooks in a common way, move
the execution code into a common inspect_utils module.
Change-Id: Idfe0a36443969347cff41fdb6900a3bc79209823
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
Adds a ``bootc`` deployment interface which can be enabled to
perform deployment of bootable containers. This enables a streamlined
workflow where an operator/user can push container updates and does not
need to build intermediate disk images and then post those disk images
to facilitate the deployment of a bare metal node.
Closes-Bug: 2085801
Change-Id: Iedb93fe47162abe0bd9391921792203301bfc456
So the prime driver behind pinning the MTU down on our interfaces is so
traffic can cross mutlinode vxlan tunnels between nodes where the devstack
plugin is executing to support more complex tests.
But the reality is that doesn't always make sense, and when Neutron
has a default mtu override based upon "upstream" traffic constraints,
that is likey okay as well.
Part of the CI configuration auto-pins the MTU down, which is fine
for single node testing, however with multinode we need to pin the
MTU further down to try and prevent packets from being dropped on
the internal interfaces use to wire up test VMs.
Change-Id: Idc145f4eea87a8db69202b8d7953975d7d5cba2c
Give an overview of the metal3 integration job, its workflow,
and adds usefule links to familiarize with the metal3 project
and reach the metal3 community.
Change-Id: I94bd6a90f813af7323a7c3363577953a69e62ade
