[RFE] Reserved step name format to agent container launch
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ironic |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
The underlying idea is to provide a reserved step name format which bypasses conductor/ironic deployment first pass validation, specifically the "does this step exist" validation, and provides it through to the agent where the agent to execute as a step.
Naturally, we'll want an upfront "are they permitted to do this RBAC ACL as well.
For example, a step name could be provided such as "container:
Upon the agent getting the command to execute the step, it would retrieve the container from the container registry and execute it locally.
This would enable disjointed but fast iteration capabilities for operators working on customized deploy steps and specific operations, without forcing them to directly update their agent ramdisks or require explicit expertise in Python or the IPA architecture to enable them to create a step.
Overall, work items expected would be:
- an RBAC policy check for this specific step name
- Some minor additional logic to the reserved step name validation logic and ensure the step is sent *to* the agent.
- Functionality the agent to download and execute the supplied container URL.
Changed in ironic: | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
tags: | added: rfe |