kolla-ansible

Ironic iPXE cannot be used to serve instance images

Bug #1856194 reported by Mark Goddard on 2019-12-12

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
kolla-ansible	Fix Released	Medium	Mark Goddard	kolla-ansible 10.0.0 "ussuri"
Train	Fix Released	Medium	Unassigned
Ussuri	Fix Released	Medium	Mark Goddard	kolla-ansible 10.0.0 "ussuri"

Bug Description

Ironic provides a feature to allow instance images to be served from a local HTTP server [1]. This is the same server used for PXE images with iPXE. This does not work currently because the ironic_ipxe container does not have access to /var/lib/ironic/images (ironic docker volume), where the images are cached. The resulting error looks like this:

2019-12-12 12:45:05.462 6 ERROR ironic.drivers.modules.deploy_utils [req-d47b4a83-7b2e-4232-8afd-c9192ebf1f8f fb3334ab10b140c08ca91e616b03adcf 1d9c65fef6db48e39019bf91e8673149 - default default] Agent deploy supports only HTTP(S) URLs as instance_info['image_source'] or swift temporary URL. Either the specified URL is not a valid HTTP(S) URL or is not reachable for node d154e69f-13f6-4574-ab34-7568c400cbab. Error: Validation of image href secreturl failed, reason: Got HTTP code 403 instead of 200 in response to HEAD request.: ImageRefValidationFailed: Validation of image href secreturl failed, reason: Got HTTP code 403 instead of 200 in response to HEAD request.

and apache logs from the ipxe httpd server:

[Thu Dec 12 09:18:08.316587 2019] [core:error] [pid 18] [client 192.168.33.3:41462] AH00037: Symbolic link not allowed or link target not accessible: /httpboot/agent_images/519fa67c-836d-45a5-8aad-ad1f1779aae1

Note that to make use of this feature, the following is required in ironic.conf:

[agent]
image_download_source = http

[1] https://docs.openstack.org/ironic/latest/admin/interfaces/deploy.html#deploy-with-custom-http-servers

See original description

Tags:

Mark Goddard (mgoddard) on 2019-12-12

Changed in kolla-ansible:
importance:	Undecided → Medium
description:	updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-12-12: Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.opendev.org/698729

Changed in kolla-ansible:
assignee:	nobody → Mark Goddard (mgoddard)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-12-16: Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/698729
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=2b662cfb127c9abc4930c498d7f9957a8065f5ce
Submitter: Zuul
Branch: master

commit 2b662cfb127c9abc4930c498d7f9957a8065f5ce
Author: Mark Goddard <email address hidden>
Date: Thu Dec 12 14:36:01 2019 +0000

Allow ironic_ipxe to serve instance images

    Ironic provides a feature to allow instance images to be served from a
    local HTTP server [1]. This is the same server used for PXE images with
    iPXE. This does not work currently because the ironic_ipxe container
    does not have access to /var/lib/ironic/images (ironic docker volume),
    where the images are cached. Note that to make use of this feature, the
    following is required in ironic.conf:

[agent]
image_download_source = http

This change fixes the issue by giving ironic_ipxe container access to
the ironic volume.

[1] https://docs.openstack.org/ironic/latest/admin/interfaces/deploy.html#deploy-with-custom-http-servers

Change-Id: I501d02cfd40fbacea32d551c3912640c5661d821
Closes-Bug: #1856194

Changed in kolla-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-01-28: Fix proposed to kolla-ansible (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/704605

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-01-29: Fix merged to kolla-ansible (stable/train)

Reviewed: https://review.opendev.org/704605
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=07031e38f5971c5e012dd11be8dc7c9c574c5f97
Submitter: Zuul
Branch: stable/train

commit 07031e38f5971c5e012dd11be8dc7c9c574c5f97
Author: Mark Goddard <email address hidden>
Date: Thu Dec 12 14:36:01 2019 +0000

Allow ironic_ipxe to serve instance images

    Ironic provides a feature to allow instance images to be served from a
    local HTTP server [1]. This is the same server used for PXE images with
    iPXE. This does not work currently because the ironic_ipxe container
    does not have access to /var/lib/ironic/images (ironic docker volume),
    where the images are cached. Note that to make use of this feature, the
    following is required in ironic.conf:

[agent]
image_download_source = http

This change fixes the issue by giving ironic_ipxe container access to
the ironic volume.

[1] https://docs.openstack.org/ironic/latest/admin/interfaces/deploy.html#deploy-with-custom-http-servers

    Change-Id: I501d02cfd40fbacea32d551c3912640c5661d821
    Closes-Bug: #1856194
    (cherry picked from commit 2b662cfb127c9abc4930c498d7f9957a8065f5ce)

tags:

added: in-stable-train

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-01-30: Fix included in openstack/kolla-ansible 9.0.1

This issue was fixed in the openstack/kolla-ansible 9.0.1 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.