Skip to content

[release-4.20] Bug OCPBUGS-78745: PR2774 and PR2793 backports#470

Open
jacob-anders wants to merge 12 commits intoopenshift:release-4.20from
jacob-anders:pr-2774-2793-4.20-backports
Open

[release-4.20] Bug OCPBUGS-78745: PR2774 and PR2793 backports#470
jacob-anders wants to merge 12 commits intoopenshift:release-4.20from
jacob-anders:pr-2774-2793-4.20-backports

Conversation

@jacob-anders
Copy link

@jacob-anders jacob-anders commented Mar 17, 2026
edited
Loading

This is an attempt to backport
metal3-io#2793
and
metal3-io#2774
along with other commits required for the cherry-picks to apply cleanly

dtantsur and others added 8 commits March 17, 2026 21:30
@dtantsur @jacob-anders
Introduce InspectionMode field
01ca87a 
This change introduces the InspectionMode field from the BMH v1beta1
design proposal. It partly replaces the inspection annotation (namely,
its "disabled" value) by something more user-friendly and consistent
with AutomatedCleaningMode.

The "disabled" value of the inspection annotation is now deprecated.
Other values are not affected by this change.

Assisted-By: Claude Code
Signed-off-by: Dmitry Tantsur <dtantsur@protonmail.com>
(cherry picked from commit 414775e72baaea3dfac8ebd1e77756821ab55a52)
@sakhoury @jacob-anders
fix: make bootMACAddress webhook validation case-insensitive
82665f7 
Signed-off-by: Sharat Akhoury <sakhoury@redhat.com>
(cherry picked from commit 6f2a2016cfb3fcd7414ae53b661fb07f8850bf8d)
@Sunnatillo @jacob-anders
Add namespaced mode to BMO controller
859d3ac 
Signed-off-by: Sunnatillo <sunnat.samadov@est.tech>
(cherry picked from commit c30b92f3a79b6c659615b271a0b4ca6cba8652b8)
@lentzi90 @jacob-anders
E2E: Make use of DisableCertificateVerification setting
1cc8ad1 
This enables the E2E tests to disable certificate verification depending
on the value in the BMCs config file. It can be useful if running the
suite against real hardware.

Signed-off-by: Lennart Jern <lennart.jern@est.tech>
(cherry picked from commit 2f8a0d51d4dbdf3594ce123108582cd8b5526a0b)
@donpenney @jacob-anders
Make bootMACAddress optional for virtual media with inspection enabled
37ccc1d 
Virtual media BMC drivers (redfish-virtualmedia, idrac-virtualmedia,
ilo5-virtualmedia) can boot from virtual media and discover the MAC
address during hardware inspection. Therefore, bootMACAddress is optional
when inspection is enabled but still required when inspection is disabled
(since there's no other way to discover the MAC address).

This change updates the virtual media driver implementations to return
false from their NeedsMAC() methods, and adds validation logic to require
bootMACAddress when virtual media is used with inspection disabled.

Drivers that require PXE boot (like libvirt, ipmi) continue to require
bootMACAddress in all cases.

Changes:
- pkg/hardwareutils/bmc/redfish_virtualmedia.go: NeedsMAC() returns false
- pkg/hardwareutils/bmc/idrac_virtualmedia.go: NeedsMAC() returns false
- internal/webhooks/metal3.io/v1alpha1/baremetalhost_validation.go:
  Add logic to require bootMACAddress for virtual media when inspection
  is disabled (via InspectionMode field or inspect.metal3.io annotation)
- pkg/provisioner/ironic/ironic.go: Skip MAC-based port queries when
  bootMACAddress is empty to prevent false MAC conflicts

Test Coverage:
- internal/webhooks/metal3.io/v1alpha1/baremetalhost_validation_test.go:
  * bootMACAddress not required for virtual media with inspection enabled
  * bootMACAddress required for virtual media with inspection disabled
  * bootMACAddress valid when provided for virtual media with inspection disabled
- pkg/hardwareutils/bmc/access_test.go:
  Update virtual media test expectations (needsMac: false)

Assisted-By: Claude <noreply@anthropic.com>
Signed-off-by: Don Penney <dpenney@redhat.com>
(cherry picked from commit dcabe115c874324cd6a6422f1ba7d305890c8c33)
@donpenney @jacob-anders
Address review feedback
7f6fef0 
Changes:
1. Restore case-insensitive MAC comparison using strings.EqualFold()
   - The EqualFold check was removed inadvertently but is necessary for
     case-insensitive bootMACAddress validation

2. Use existing host.InspectionDisabled() method
   - Remove duplicate isInspectionDisabled() function
   - Replace custom implementation with the existing BareMetalHost method
   - The host.InspectionDisabled() method provides identical functionality

Assisted-by: Claude (AI Assistant)
Signed-off-by: Don Penney <dpenney@redhat.com>
(cherry picked from commit c91140004b583b96b4b55322c1045e4449e64d2f)
@donpenney @jacob-anders
Address review feedback
f9ad1b1 
Simplify the conditional logic for determining when a MAC address
is required. The new approach uses a single boolean expression
instead of separate assignment and conditional check, improving
code readability while maintaining the same functionality.

Assisted-by: Claude (AI Assistant)
Signed-off-by: Don Penney <dpenney@redhat.com>
(cherry picked from commit 0dfd43aee8c60af5b69c48dc3514175e0e4de75c)
@sakhoury @jacob-anders
Allow enabling ExternallyProvisioned for available hosts
789b925 
Signed-off-by: Sharat Akhoury <sakhoury@redhat.com>
(cherry picked from commit 298f6232068476d96e7f40b5114e1fd368043983)
@openshift-ci openshift-ci bot requested review from elfosardo and hroyrh March 17, 2026 11:32
@openshift-ci
Copy link

openshift-ci bot commented Mar 17, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jacob-anders
Once this PR has been reviewed and has the lgtm label, please assign elfosardo for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai
Copy link

coderabbitai bot commented Mar 17, 2026
edited
Loading

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Review skipped — only excluded labels are configured. (1)
  • do-not-merge/work-in-progress

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3a687cbc-e2f2-4d36-92a8-ec264ef39607

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
📝 Coding Plan
  • Generate coding plan for human review comments

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

jacob-anders and others added 4 commits March 17, 2026 21:42
@jacob-anders
Update vendor for cherry-picked changes
f4325fd 
Refresh vendored copies of baremetalhost_types.go,
idrac_virtualmedia.go, and redfish_virtualmedia.go
to match cherry-picked commits from PRs metal3-io#2774 and metal3-io#2793.
@elfosardo @jacob-anders
Fix invalidDNSNameinvalidipv6 test for Go 1.24+
5efcd10 
Update expected error to match Go 1.24+ stricter IPv6 URL parsing.

(cherry picked from commit b3042a3)
@jacob-anders
Fix downstream-only inspectionDisabled reference
fdd01a0 
The RHACM InfraEnv compatibility block in host_state_machine.go
is downstream-only code that called inspectionDisabled(), which
was removed by the InspectionMode cherry-pick. Replace with the
equivalent hsm.Host.InspectionDisabled() method.
@jacob-anders
Update test/vendor for cherry-picked changes
290f05a 
The test sub-module has its own vendor directory that also needs
refreshing after the cherry-picks.
@openshift-ci
Copy link

openshift-ci bot commented Mar 17, 2026

@jacob-anders: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@jacob-anders jacob-anders changed the title [release-4.20] PR2774 and PR2793 backports [release-4.20] Bug OCPBUGS-78745: PR2774 and PR2793 backports Mar 18, 2026
@openshift-ci-robot openshift-ci-robot added jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Mar 18, 2026
@openshift-ci-robot
Copy link

openshift-ci-robot commented Mar 18, 2026

@jacob-anders: This pull request references Jira Issue OCPBUGS-78745, which is invalid:

  • expected the bug to target either version "4.20." or "openshift-4.20.", but it targets "4.21.z" instead
  • expected Jira Issue OCPBUGS-78745 to depend on a bug targeting a version in 4.21.0, 4.21.z and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

This is an attempt to backport
metal3-io#2793
and
metal3-io#2774
along with other commits required for the cherry-picks to apply cleanly

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@jacob-anders
Copy link
Author

jacob-anders commented Mar 18, 2026

/jira refresh

@openshift-ci-robot
Copy link

openshift-ci-robot commented Mar 18, 2026

@jacob-anders: This pull request references Jira Issue OCPBUGS-78745, which is invalid:

  • expected the bug to target either version "4.20." or "openshift-4.20.", but it targets "4.21.z" instead
  • expected Jira Issue OCPBUGS-78745 to depend on a bug targeting a version in 4.21.0, 4.21.z and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@elfosardo elfosardo Awaiting requested review from elfosardo

@hroyrh hroyrh Awaiting requested review from hroyrh

Assignees

No one assigned

Labels

jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@jacob-anders @openshift-ci-robot @dtantsur @sakhoury @Sunnatillo @lentzi90 @donpenney @elfosardo