⚠️ Completely remove support for ironic-inspector

Dockerfile

@@ -29,7 +29,6 @@ ARG INSTALL_TYPE=source
 # build arguments for source build customization
 ARG UPPER_CONSTRAINTS_FILE
 ARG IRONIC_SOURCE
-ARG IRONIC_INSPECTOR_SOURCE
 ARG IRONIC_LIB_SOURCE
 ARG SUSHY_SOURCE
 
@@ -59,15 +58,11 @@ COPY ironic-config/httpd-modules.conf /etc/httpd/conf.modules.d/
 COPY ironic-config/apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2
 COPY ironic-config/apache2-ipxe.conf.j2 /etc/httpd-ipxe.conf.j2
 
-# IRONIC-INSPECTOR #
-RUN mkdir -p /var/lib/ironic /var/lib/ironic-inspector && \
+# DATABASE
+RUN mkdir -p /var/lib/ironic && \
   sqlite3 /var/lib/ironic/ironic.db "pragma journal_mode=wal" && \
-  sqlite3 /var/lib/ironic-inspector/ironic-inspector.db "pragma journal_mode=wal" && \
   dnf remove -y sqlite
 
-COPY ironic-inspector-config/ironic-inspector.conf.j2 /etc/ironic-inspector/
-COPY ironic-inspector-config/inspector-apache.conf.j2 /etc/httpd/conf.d/
-
 # configure non-root user and set relevant permissions
 RUN configure-nonroot.sh && \
   rm -f /bin/configure-nonroot.sh

README.md

@@ -90,8 +90,6 @@ functionality:
   Defaults to use `IRONIC_EXTERNAL_IP` if available.
 - `IRONIC_EXTERNAL_HTTP_URL` - Override Ironic's external http URL. Defaults to
   use `IRONIC_EXTERNAL_IP` if available.
-- `IRONIC_INSPECTOR_CALLBACK_ENDPOINT_OVERRIDE` - Override Inspector's callback
-  URL. Defaults to use `IRONIC_EXTERNAL_IP` if available.
 - `IRONIC_ENABLE_VLAN_INTERFACES` - Which VLAN interfaces to enable on the
   agent start-up. Can be a list of interfaces or a special value `all`.
   Defaults to `all`.
@@ -121,9 +119,8 @@ podman build -t ironic-image -f Dockerfile --build-arg INSTALL_TYPE=rpm
 ## Custom source for ironic software
 
 When building the ironic image from source, it is also possible to specify a
-different source for ironic, ironic-inspector, ironic-lib or the sushy library
-using the build arguments **IRONIC_SOURCE**, **IRONIC_INSPECTOR_SOURCE**,
-**IRONIC_LIB_SOURCE**, and **SUSHY_SOURCE**.
+different source for ironic, ironic-lib or the sushy library using the build
+arguments **IRONIC_SOURCE**, **IRONIC_LIB_SOURCE**, and **SUSHY_SOURCE**.
 The accepted formats are gerrit refs, like _refs/changes/89/860689/2_,
 commit hashes, like _a1fe6cb41e6f0a1ed0a43ba5e17745714f206f1f_,
 repo tags or branches, or a local directory that needs to be under the

configure-nonroot.sh

@@ -2,7 +2,7 @@
 
 # This script changes permissions to allow Ironic container to run as non-root
 # user. As the same image is used to run ironic, ironic-httpd, ironic-dsnmasq,
-# ironic-inspector and ironic-log-watch via BMO's ironic k8s manifest, it has
+# and ironic-log-watch via BMO's ironic k8s manifest, it has
 # to be configured to work with multiple different users and groups, while they
 # share files via bind mounts (/shared, /certs/*), which can only get one
 # group id as "fsGroup". Additionally, dnsmasq needs three capabilities to run
@@ -14,29 +14,26 @@ set -eux
 # user and group are from ironic rpms (uid 997, gid 994)
 IRONIC_USER="ironic"
 IRONIC_GROUP="ironic"
-INSPECTOR_GROUP="ironic-inspector"
 
 # most containers mount /shared but dnsmasq can live without it
 mkdir -p /shared
-chown "${IRONIC_USER}":"${INSPECTOR_GROUP}" /shared
+chown "${IRONIC_USER}":"${IRONIC_GROUP}" /shared
 
-# we'll bind mount shared ca and ironic/inspector certificate dirs here
+# we'll bind mount shared ca and ironic certificate dirs here
 # that need to have correct ownership as the entire ironic in BMO
 # deployment shares a single fsGroup in manifest's securityContext
 mkdir -p /certs/ca
-chown "${IRONIC_USER}":"${INSPECTOR_GROUP}" /certs{,/ca}
+chown "${IRONIC_USER}":"${IRONIC_GROUP}" /certs{,/ca}
 chmod 2775 /certs{,/ca}
 
-# ironic, inspector and httpd related changes
+# ironic and httpd related changes
 chown -R root:"${IRONIC_GROUP}" /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
-chown -R "${IRONIC_USER}":"${INSPECTOR_GROUP}" /etc/ironic-inspector
-chmod 2775 /etc/ironic /etc/ironic-inspector /etc/httpd/conf /etc/httpd/conf.d
-chmod 664 /etc/ironic/* /etc/ironic-inspector/* /etc/httpd/conf/* /etc/httpd/conf.d/*
+chmod 2775 /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
+chmod 664 /etc/ironic/* /etc/httpd/conf/* /etc/httpd/conf.d/*
 
 chown -R root:"${IRONIC_GROUP}" /var/lib/ironic
-chown -R root:"${INSPECTOR_GROUP}" /var/lib/ironic-inspector
-chmod 2775 /var/lib/ironic /var/lib/ironic-inspector
-chmod 664 /var/lib/ironic/ironic.db /var/lib/ironic-inspector/ironic-inspector.db
+chmod 2775 /var/lib/ironic
+chmod 664 /var/lib/ironic/ironic.db
 
 # dnsmasq, and the capabilities required to run it as non-root user
 chown -R root:"${IRONIC_GROUP}" /etc/dnsmasq.conf /var/lib/dnsmasq

docs/releasing.md

@@ -15,12 +15,10 @@ Things you should check before making a release:
   [Metal3 release process](https://github.com/metal3-io/metal3-docs/blob/main/processes/releasing.md)
   for high-level process and possible follow-up actions
 - Verify the latest bugfix or stable branches (which is the most recent) in ironic
-  and ironic-inspector upstream repositories;
+  upstream repository;
 - Verify compatibility with latest sushy and ironic-lib upstream releases or master
-  branches based on ironic and ironic-inspector bugfix or stable requirements
-  and constraints
-- Verify openstack upper-constraints compatibility with ironic and ironic-inspector
-  bugfix or stable branches
+  branches based on ironic bugfix or stable requirements and constraints
+- Verify openstack upper-constraints compatibility with ironic bugfix or stable branches
 - Verify any other direct or indirect dependency is uplifted to close any public
   vulnerabilities
 
@@ -63,8 +61,7 @@ or if using existing repository, verify your intended remote is set to
      to replace the placeholder; if the ironic branch is a stable branch
      we should use the corresponding file from the same stable branch, in
      case of a bugfix branch we can use the current one from master
-   - Pin ironic and ironic-inspector to match the corresponding bugfix or
-     stable branches
+   - Pin ironic to match the corresponding bugfix or stable branches
 
 ### Tags
 

ironic-config/ironic.conf.j2

@@ -2,15 +2,15 @@
 auth_strategy = noauth
 debug = true
 default_deploy_interface = direct
-default_inspect_interface = {% if env.USE_IRONIC_INSPECTOR == "true" %}inspector{% else %}agent{% endif %}
+default_inspect_interface = agent
 default_network_interface = noop
 enabled_bios_interfaces = no-bios,redfish,idrac-redfish,irmc,ilo
 enabled_boot_interfaces = ipxe,ilo-ipxe,pxe,ilo-pxe,fake,redfish-virtual-media,idrac-redfish-virtual-media,ilo-virtual-media
 enabled_deploy_interfaces = direct,fake,ramdisk,custom-agent
 # NOTE(dtantsur): when changing this, make sure to update the driver
 # dependencies in Dockerfile.
 enabled_hardware_types = ipmi,idrac,irmc,fake-hardware,redfish,manual-management,ilo,ilo5
-enabled_inspect_interfaces = {% if env.USE_IRONIC_INSPECTOR == "true" %}inspector{% else %}agent{% endif %},irmc,fake,redfish,ilo
+enabled_inspect_interfaces = agent,irmc,fake,redfish,ilo
 enabled_management_interfaces = ipmitool,irmc,fake,redfish,idrac-redfish,ilo,ilo5,noop
 enabled_power_interfaces = ipmitool,irmc,fake,redfish,idrac-redfish,ilo
 enabled_raid_interfaces = no-raid,irmc,agent,fake,redfish,idrac-redfish,ilo5
@@ -135,24 +135,12 @@ power_off = {{ false if env.IRONIC_FAST_TRACK == "true" else true }}
 # Also keep in mind that only parameters unique for inspection go here.
 # No need to duplicate pxe_append_params/kernel_append_params.
 extra_kernel_params = ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1
-
-{% if env.USE_IRONIC_INSPECTOR == "true" %}
-endpoint_override = {{ env.IRONIC_INSPECTOR_BASE_URL }}
-{% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" %}
-cafile = {{ env.IRONIC_INSPECTOR_CACERT_FILE }}
-insecure = {{ env.IRONIC_INSPECTOR_INSECURE }}
-{% endif %}
-{% if env.IRONIC_INSPECTOR_CALLBACK_ENDPOINT_OVERRIDE %}
-callback_endpoint_override = {{ env.IRONIC_INSPECTOR_CALLBACK_ENDPOINT_OVERRIDE }}
-{% endif %}
-{% else %}
 hooks = $default_hooks,parse-lldp
 add_ports = all
 keep_ports = present
-{% endif %}
 
 [auto_discovery]
-enabled = {{ env.IRONIC_INSPECTOR_ENABLE_DISCOVERY }}
+enabled = {{ env.IRONIC_ENABLE_DISCOVERY }}
 driver = ipmi
 
 [ipmi]

ironic-rpm-list

@@ -2,7 +2,6 @@ crudini
 openstack-ironic
 openstack-ironic-api
 openstack-ironic-conductor
-openstack-ironic-inspector
 python3-gunicorn
 python3-ironic-prometheus-exporter
 python3-proliantutils

ironic-source-list

@@ -9,15 +9,6 @@ ironic @ git+https://opendev.org/openstack/ironic@{{ env.IRONIC_SOURCE }}
 {% else %}
 ironic @ git+https://opendev.org/openstack/ironic
 {% endif %}
-{% if env.IRONIC_INSPECTOR_SOURCE %}
-    {% if path.isdir('/sources/' + env.IRONIC_INSPECTOR_SOURCE) %}
-git+file:///sources/{{ env.IRONIC_INSPECTOR_SOURCE }}
-    {% else %}
-ironic-inspector @ git+https://opendev.org/openstack/ironic-inspector@{{ env.IRONIC_INSPECTOR_SOURCE }}
-    {% endif %}
-{% else %}
-ironic-inspector @ git+https://opendev.org/openstack/ironic-inspector
-{% endif %}
 {% if env.IRONIC_LIB_SOURCE %}
     {% if path.isdir('/sources/' + env.IRONIC_LIB_SOURCE) %}
 git+file:///sources/{{ env.IRONIC_LIB_SOURCE }}

prepare-image.sh

@@ -28,8 +28,6 @@ if [[ "$INSTALL_TYPE" == "source" ]]; then
     # emulate uid/gid configuration to match rpm install
     IRONIC_UID=997
     IRONIC_GID=994
-    INSPECTOR_UID=996
-    INSPECTOR_GID=993
     BUILD_DEPS="python3-devel gcc git-core python3-setuptools python3-jinja2"
     dnf upgrade -y
     # NOTE(dtantsur): pip is a requirement of python3 in CentOS
@@ -60,12 +58,10 @@ if [[ "$INSTALL_TYPE" == "source" ]]; then
 
     python3 -m pip install --ignore-installed --prefix /usr -r "$IRONIC_PKG_LIST_FINAL" -c "${UPPER_CONSTRAINTS_PATH}"
 
-    # ironic and ironic-inspector system configuration
-    mkdir -p /var/log/ironic /var/log/ironic-inspector /var/lib/ironic /var/lib/ironic-inspector
+    # ironic system configuration
+    mkdir -p /var/log/ironic /var/lib/ironic
     getent group ironic > /dev/null || groupadd -r ironic -g "${IRONIC_GID}"
     getent passwd ironic > /dev/null || useradd -r -g ironic -u "${IRONIC_UID}" -s /sbin/nologin ironic -d /var/lib/ironic
-    getent group ironic-inspector > /dev/null || groupadd -r ironic-inspector -g "${INSPECTOR_GID}"
-    getent passwd ironic-inspector > /dev/null || useradd -r -g ironic-inspector -u "${INSPECTOR_UID}" -s /sbin/nologin ironic-inspector -d /var/lib/ironic-inspector
 
     # clean installed build dependencies
     # shellcheck disable=SC2086
@@ -93,11 +89,10 @@ chown ironic:ironic /var/log/ironic
 rm -f /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/autoindex.conf /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.modules.d/*.conf
 
 # RDO-provided configuration forces creating log files
-rm -f /usr/share/ironic/ironic-dist.conf /etc/ironic-inspector/inspector-dist.conf
+rm -f /usr/share/ironic/ironic-dist.conf
 
-# add ironic and ironic-inspector to apache group
+# add ironic to apache group
 usermod -aG ironic apache
-usermod -aG ironic-inspector apache
 
 # apply patches if present #
 if [[ -n "${PATCH_LIST:-}" ]]; then