LP #1900623: Secure erase may false-fail due to Linux page cache
Use direct I/O for read/write when checking secure erase success
Currently maas_wipe performs a check on secure erase effectiveness
by writing a buffer filled with 'M' to the device before the secure
erase and checking after the secure erase if, by reading the same
position/size from the device, the buffer of 'M' could be retrieved
(showing that the secure erase operation didn't work).
These read/write operations are achieved using regular Python
primitives, but Linux counts with page cache, so this test is
compromised (may show a false-negative, due to caching).
This patch fixes that by performing the read/write operations in such
routine using direct I/O. It was tested in user's environment and indeed
it worked by eliminating the false "failure" of secure erase operation.
Signed-off-by: Guilherme G. Piccoli <email address hidden>
Retry IPMI power commands without K_g key on K_g key failure.
Some BMCs will claim they are IPMI 2.0 complainant, allow you to set an
IPMI K_g key, allow you to verify an IPMI K_g key is set, yet will deny
any IPMI requests that use an IPMI K_g key. The error given is the K_g
key is invalid. This can be very confusing to users as MAAS allows you
to set an K_g key leaving them to think the only fix is to reset the
machine in person. In this case simply not using an K_g key allows all
IPMI commands to work again.
When there is an IPMI failure which is due to an K_g key and an K_g key
is set MAAS will retry without the K_g key. This is logged as a event
so the user knows what is happening but can still use their machine.
Change the default OS to 20.04 LTS, Focal, on new installations.
The libvirt-bin metapackage was deprecated in 18.04 and removed from
20.04. MAAS now installs libvirt-daemon-system and libvirt-clients
which were previously installed by libvirt-bin. qemu-efi is no longer
installed as MAAS does not compose UEFI VMs with libvirt.
The websocket has also been updated to allow KVM hosts to be deployed
on any Ubuntu version. The API already allowed this.