✨ Make bootMACAddress optional for virtual media with inspection enabled #2793
Conversation
metal3-io-bot
added
the
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
metal3-io-bot
added
the
needs-ok-to-test
|
Hi @donpenney. Thanks for your PR. I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
metal3-io-bot
added
the
size/L
|
I'm not sure I understand the link between PreprovisioningNetworkDataName and BootMacAddress. Honestly, I suggest just dropping the requirement on BootMacAddress for virtual media based drivers. |
Thanks @dtantsur . I was aiming to be a bit surgical here to minimize behavoural changes. My thinking was that if the network config has been provided in an nmstate secret as part of the initial configuration, then the BootMacAddress was unnecessary for the inspection stage. I assumed it would always be the case for inspection with virtual media, but hadn't thought about using that as the determining factor, so I'll go that route instead. |
|
For background: since quite some time, the Ironic inspection implementation for Redfish is actually hybrid: it starts with getting MAC addresses from Redfish, then reboots into the agent ramdisk. Now that I said that, I think we should still require BootMacAddress if inspection is disabled on the BMH @donpenney. |
Virtual media BMC drivers (redfish-virtualmedia, idrac-virtualmedia, ilo5-virtualmedia) can boot from virtual media and discover the MAC address during hardware inspection. Therefore, bootMACAddress is optional when inspection is enabled but still required when inspection is disabled (since there's no other way to discover the MAC address). This change updates the virtual media driver implementations to return false from their NeedsMAC() methods, and adds validation logic to require bootMACAddress when virtual media is used with inspection disabled. Drivers that require PXE boot (like libvirt, ipmi) continue to require bootMACAddress in all cases. Changes: - pkg/hardwareutils/bmc/redfish_virtualmedia.go: NeedsMAC() returns false - pkg/hardwareutils/bmc/idrac_virtualmedia.go: NeedsMAC() returns false - internal/webhooks/metal3.io/v1alpha1/baremetalhost_validation.go: Add logic to require bootMACAddress for virtual media when inspection is disabled (via InspectionMode field or inspect.metal3.io annotation) - pkg/provisioner/ironic/ironic.go: Skip MAC-based port queries when bootMACAddress is empty to prevent false MAC conflicts Test Coverage: - internal/webhooks/metal3.io/v1alpha1/baremetalhost_validation_test.go: * bootMACAddress not required for virtual media with inspection enabled * bootMACAddress required for virtual media with inspection disabled * bootMACAddress valid when provided for virtual media with inspection disabled - pkg/hardwareutils/bmc/access_test.go: Update virtual media test expectations (needsMac: false) Assisted-By: Claude <[email protected]> Signed-off-by: Don Penney <[email protected]>
donpenney
force-pushed
the
allow-unset-boot-mac
branch
from
dcd4003 to
da22bd4
Compare
donpenney
changed the title
metal3-io-bot
removed
the
do-not-merge/work-in-progress
| } | ||
|
|
||
| if oldObj.Spec.BootMACAddress != "" && !strings.EqualFold(newObj.Spec.BootMACAddress, oldObj.Spec.BootMACAddress) { | ||
| if oldObj.Spec.BootMACAddress != "" && newObj.Spec.BootMACAddress != oldObj.Spec.BootMACAddress { |
There was a problem hiding this comment.
What's the reason you're reverting the EqualFold part? I think it was here on purpose so that we're not case sensitive.
|
|
||
| func validateBMCAccess(s metal3api.BareMetalHostSpec, bmcAccess bmc.AccessDetails) []error { | ||
| // isInspectionDisabled checks if inspection is disabled via annotation or spec field. | ||
| func isInspectionDisabled(host *metal3api.BareMetalHost) bool { |
There was a problem hiding this comment.
There is already host.InspectionDisabled
There was a problem hiding this comment.
Thanks! I'll get these fixed up and retested in my lab, then update the PR
|
/ok-to-test |
metal3-io-bot
added
ok-to-test
Changes:
1. Restore case-insensitive MAC comparison using strings.EqualFold()
- The EqualFold check was removed inadvertently but is necessary for
case-insensitive bootMACAddress validation
2. Use existing host.InspectionDisabled() method
- Remove duplicate isInspectionDisabled() function
- Replace custom implementation with the existing BareMetalHost method
- The host.InspectionDisabled() method provides identical functionality
Assisted-by: Claude (AI Assistant)
Signed-off-by: Don Penney <[email protected]>
|
/lgtm |
4 participants
Virtual media BMC drivers (redfish-virtualmedia, idrac-virtualmedia,
ilo5-virtualmedia) can boot from virtual media and discover the MAC
address during hardware inspection. Therefore, bootMACAddress is optional
when inspection is enabled but still required when inspection is disabled
(since there's no other way to discover the MAC address).
This change updates the virtual media driver implementations to return
false from their NeedsMAC() methods, and adds validation logic to require
bootMACAddress when virtual media is used with inspection disabled.
Drivers that require PXE boot (like libvirt, ipmi) continue to require
bootMACAddress in all cases.
Changes:
Add logic to require bootMACAddress for virtual media when inspection
is disabled (via InspectionMode field or inspect.metal3.io annotation)
bootMACAddress is empty to prevent false MAC conflicts
Test Coverage:
Update virtual media test expectations (needsMac: false)
Assisted-By: Claude [email protected]
Checklist: