def _check_status(task):
"""Check inspection status for node given by a task."""
node = task.node
if node.provision_state != states.INSPECTING:
return
if not isinstance(task.driver.inspect, Inspector):
return
LOG.debug('Calling to inspector to check status of node %s',
task.node.uuid)
# NOTE(dtantsur): periodic tasks do not have proper tokens in context
task.context.auth_token = keystone.get_admin_auth_token()
try:
status = _call_inspector(client.get_status, node.uuid, task.context)
except Exception:
# NOTE(dtantsur): get_status should not normally raise
# let's assume it's a transient failure and retry later
LOG.exception(_LE('Unexpected exception while getting '
'inspection status for node %s, will retry later'),
node.uuid)
return
if status.get('error'):
LOG.error(_LE('Inspection failed for node %(uuid)s '
'with error: %(err)s'),
{'uuid': node.uuid, 'err': status['error']})
node.last_error = (_('ironic-inspector inspection failed: %s')
% status['error'])
task.process_event('fail')
elif status.get('finished'):
LOG.info(_LI('Inspection finished successfully for node %s'),
node.uuid)
task.process_event('done')
def GlanceImageService(client=None, version=1, context=None):
module = import_versioned_module(version, 'image_service')
service_class = getattr(module, 'GlanceImageService')
if (context is not None and CONF.glance.auth_strategy == 'keystone'
and not context.auth_token):
context.auth_token = keystone.get_admin_auth_token()
return service_class(client, version, context)
def GlanceImageService(client=None, version=1, context=None):
module = import_versioned_module(version, 'image_service')
service_class = getattr(module, 'GlanceImageService')
if (context is not None and CONF.glance.auth_strategy == 'keystone'
and not context.auth_token):
context.auth_token = keystone.get_admin_auth_token()
return service_class(client, version, context)
def GlanceImageService(client=None, version=1, context=None):
module_str = "ironic.common.glance_service"
module = importutils.import_versioned_module(module_str, version, "image_service")
service_class = getattr(module, "GlanceImageService")
if context is not None and CONF.glance.auth_strategy == "keystone" and not context.auth_token:
session = _get_glance_session()
context.auth_token = keystone.get_admin_auth_token(session)
return service_class(client, version, context)
def GlanceImageService(client=None, version=1, context=None):
module_str = 'ironic.common.glance_service'
module = importutils.import_versioned_module(module_str, version,
'image_service')
service_class = getattr(module, 'GlanceImageService')
if (context is not None and CONF.glance.auth_strategy == 'keystone'
and not context.auth_token):
session = _get_glance_session()
context.auth_token = keystone.get_admin_auth_token(session)
return service_class(client, version, context)
def _create_token_file(task):
"""Save PKI token to file."""
token_file_path = _get_token_file_path(task.node.uuid)
token = task.context.auth_token
if token:
timeout = CONF.conductor.deploy_callback_timeout
if timeout and keystone.token_expires_soon(token, timeout):
token = keystone.get_admin_auth_token()
utils.write_to_file(token_file_path, token)
else:
utils.unlink_without_raise(token_file_path)
def _create_token_file(task):
"""Save PKI token to file."""
token_file_path = _get_token_file_path(task.node.uuid)
token = task.context.auth_token
if token:
timeout = CONF.conductor.deploy_callback_timeout
if timeout and keystone.token_expires_soon(token, timeout):
token = keystone.get_admin_auth_token()
utils.write_to_file(token_file_path, token)
else:
utils.unlink_without_raise(token_file_path)
def _check_status(task):
"""Check inspection status for node given by a task."""
node = task.node
if node.provision_state != states.INSPECTING:
return
if not isinstance(task.driver.inspect, Inspector):
return
LOG.debug('Calling to inspector to check status of node %s',
task.node.uuid)
# NOTE(dtantsur): periodic tasks do not have proper tokens in context
if CONF.auth_strategy == 'keystone':
task.context.auth_token = keystone.get_admin_auth_token()
try:
status = _call_inspector(client.get_status, node.uuid, task.context)
except Exception:
# NOTE(dtantsur): get_status should not normally raise
# let's assume it's a transient failure and retry later
LOG.exception(
_LE('Unexpected exception while getting '
'inspection status for node %s, will retry later'), node.uuid)
return
error = status.get('error')
finished = status.get('finished')
if not error and not finished:
return
# If the inspection has finished or failed, we need to update the node, so
# upgrade our lock to an exclusive one.
task.upgrade_lock()
node = task.node
if error:
LOG.error(
_LE('Inspection failed for node %(uuid)s '
'with error: %(err)s'), {
'uuid': node.uuid,
'err': error
})
node.last_error = (_('ironic-inspector inspection failed: %s') % error)
task.process_event('fail')
elif finished:
LOG.info(_LI('Inspection finished successfully for node %s'),
node.uuid)
task.process_event('done')
def _check_status(task):
"""Check inspection status for node given by a task."""
node = task.node
if node.provision_state != states.INSPECTING:
return
if not isinstance(task.driver.inspect, Inspector):
return
LOG.debug('Calling to inspector to check status of node %s',
task.node.uuid)
# NOTE(dtantsur): periodic tasks do not have proper tokens in context
if CONF.auth_strategy == 'keystone':
task.context.auth_token = keystone.get_admin_auth_token()
try:
status = _call_inspector(client.get_status, node.uuid, task.context)
except Exception:
# NOTE(dtantsur): get_status should not normally raise
# let's assume it's a transient failure and retry later
LOG.exception(_LE('Unexpected exception while getting '
'inspection status for node %s, will retry later'),
node.uuid)
return
error = status.get('error')
finished = status.get('finished')
if not error and not finished:
return
# If the inspection has finished or failed, we need to update the node, so
# upgrade our lock to an exclusive one.
task.upgrade_lock()
node = task.node
if error:
LOG.error(_LE('Inspection failed for node %(uuid)s '
'with error: %(err)s'),
{'uuid': node.uuid, 'err': error})
node.last_error = (_('ironic-inspector inspection failed: %s')
% error)
task.process_event('fail')
elif finished:
LOG.info(_LI('Inspection finished successfully for node %s'),
node.uuid)
task.process_event('done')
def continue_deploy(self, task, **kwargs):
"""Method invoked when deployed with the IPA ramdisk.
This method is invoked during a heartbeat from an agent when
the node is in wait-call-back state. This deploys the image on
the node and then configures the node to boot according to the
desired boot option (netboot or localboot).
:param task: a TaskManager object containing the node.
:param kwargs: the kwargs passed from the heartbeat method.
:raises: InstanceDeployFailure, if it encounters some error during
the deploy.
"""
task.process_event('resume')
node = task.node
LOG.debug('Continuing the deployment on node %s', node.uuid)
ilo_common.cleanup_vmedia_boot(task)
iwdi = node.driver_internal_info.get('is_whole_disk_image')
uuid_dict = iscsi_deploy.do_agent_iscsi_deploy(task, self._client)
root_uuid = uuid_dict.get('root uuid')
if iscsi_deploy.get_boot_option(node) == "local" or iwdi:
efi_system_part_uuid = uuid_dict.get(
'efi system partition uuid')
self.configure_local_boot(
task, root_uuid=root_uuid,
efi_system_part_uuid=efi_system_part_uuid)
else:
# Agent vendorpassthru are made without auth token.
# We require auth_token to talk to glance while building boot iso.
task.context.auth_token = keystone.get_admin_auth_token()
self._configure_vmedia_boot(task, root_uuid)
# Set boot mode
ilo_common.update_boot_mode(task)
# Need to enable secure boot, if being requested
_update_secure_boot_mode(task, True)
self.reboot_and_finish_deploy(task)
def continue_deploy(self, task, **kwargs):
"""Method invoked when deployed with the IPA ramdisk.
This method is invoked during a heartbeat from an agent when
the node is in wait-call-back state. This deploys the image on
the node and then configures the node to boot according to the
desired boot option (netboot or localboot).
:param task: a TaskManager object containing the node.
:param kwargs: the kwargs passed from the heartbeat method.
:raises: InstanceDeployFailure, if it encounters some error during
the deploy.
"""
task.process_event('resume')
node = task.node
LOG.debug('Continuing the deployment on node %s', node.uuid)
ilo_common.cleanup_vmedia_boot(task)
iwdi = node.driver_internal_info.get('is_whole_disk_image')
uuid_dict = iscsi_deploy.do_agent_iscsi_deploy(task, self._client)
root_uuid = uuid_dict.get('root uuid')
if iscsi_deploy.get_boot_option(node) == "local" or iwdi:
efi_system_part_uuid = uuid_dict.get('efi system partition uuid')
self.configure_local_boot(
task,
root_uuid=root_uuid,
efi_system_part_uuid=efi_system_part_uuid)
else:
# Agent vendorpassthru are made without auth token.
# We require auth_token to talk to glance while building boot iso.
task.context.auth_token = keystone.get_admin_auth_token()
self._configure_vmedia_boot(task, root_uuid)
# Set boot mode
ilo_common.update_boot_mode(task)
# Need to enable secure boot, if being requested
_update_secure_boot_mode(task, True)
self.reboot_and_finish_deploy(task)
def __init__(self):
# TODO(pas-ha): swiftclient does not support keystone sessions ATM.
# Must be reworked when LP bug #1518938 is fixed.
session = _get_swift_session()
params = {
'retries': CONF.swift.swift_max_retries,
'preauthurl': keystone.get_service_url(
session,
service_type='object-store'),
'preauthtoken': keystone.get_admin_auth_token(session)
}
# NOTE(pas-ha):session.verify is for HTTPS urls and can be
# - False (do not verify)
# - True (verify but try to locate system CA certificates)
# - Path (verify using specific CA certificate)
verify = session.verify
params['insecure'] = not verify
if verify and isinstance(verify, six.string_types):
params['cacert'] = verify
self.connection = swift_client.Connection(**params)
def __init__(self):
# TODO(pas-ha): swiftclient does not support keystone sessions ATM.
# Must be reworked when LP bug #1518938 is fixed.
session = _get_swift_session()
params = {
'retries':
CONF.swift.swift_max_retries,
'preauthurl':
keystone.get_service_url(session, service_type='object-store'),
'preauthtoken':
keystone.get_admin_auth_token(session)
}
# NOTE(pas-ha):session.verify is for HTTPS urls and can be
# - False (do not verify)
# - True (verify but try to locate system CA certificates)
# - Path (verify using specific CA certificate)
verify = session.verify
params['insecure'] = not verify
if verify and isinstance(verify, six.string_types):
params['cacert'] = verify
self.connection = swift_client.Connection(**params)
def _check_status(task):
"""Check inspection status for node given by a task."""
node = task.node
if node.provision_state != states.INSPECTING:
return
if not isinstance(task.driver.inspect, Inspector):
return
LOG.debug('Calling to inspector to check status of node %s',
task.node.uuid)
# NOTE(dtantsur): periodic tasks do not have proper tokens in context
task.context.auth_token = keystone.get_admin_auth_token()
try:
status = _call_inspector(client.get_status, node.uuid, task.context)
except Exception:
# NOTE(dtantsur): get_status should not normally raise
# let's assume it's a transient failure and retry later
LOG.exception(
_LE('Unexpected exception while getting '
'inspection status for node %s, will retry later'), node.uuid)
return
if status.get('error'):
LOG.error(
_LE('Inspection failed for node %(uuid)s '
'with error: %(err)s'), {
'uuid': node.uuid,
'err': status['error']
})
node.last_error = (_('ironic-inspector inspection failed: %s') %
status['error'])
task.process_event('fail')
elif status.get('finished'):
LOG.info(_LI('Inspection finished successfully for node %s'),
node.uuid)
task.process_event('done')
def test_get_admin_auth_token(self):
mock_sess = mock.Mock()
mock_sess.get_token.return_value = 'fake_token'
self.assertEqual('fake_token',
keystone.get_admin_auth_token(mock_sess))
def test_get_admin_auth_token(self, mock_ks):
fake_client = FakeClient()
fake_client.auth_token = "123456"
mock_ks.return_value = fake_client
self.assertEqual("123456", keystone.get_admin_auth_token())
def test_get_admin_auth_token(self):
mock_sess = mock.Mock()
mock_sess.get_token.return_value = 'fake_token'
self.assertEqual('fake_token',
keystone.get_admin_auth_token(mock_sess))
def test_get_admin_auth_token(self, mock_ks):
fake_client = FakeClient()
fake_client.auth_token = '123456'
mock_ks.return_value = fake_client
self.assertEqual('123456', keystone.get_admin_auth_token())
