diff --git a/playbooks/roles/bifrost-ironic-install/defaults/main.yml b/playbooks/roles/bifrost-ironic-install/defaults/main.yml index 7f0e0e13c..f393f8b42 100644 --- a/playbooks/roles/bifrost-ironic-install/defaults/main.yml +++ b/playbooks/roles/bifrost-ironic-install/defaults/main.yml @@ -197,3 +197,9 @@ ironic: keystone: default_username: "bifrost_user" default_password: "ChangeThisPa55w0rd" + + +# TODO(TheJulia): Thinking outloud, I think we ought to head in +# the direction of identifying the address of the conductor host +# in a more uniform fashion. What that is exactly, is TBD. +my_ip_address: "{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}" diff --git a/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml b/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml index e9f8b2ba4..1dd82d7d5 100644 --- a/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml +++ b/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml @@ -17,190 +17,16 @@ set_fact: enabled_drivers: "{{ enabled_drivers }},{{ pxe_drivers }}" when: enable_pxe_drivers | bool == true -- name: "Determine if ironic.conf needs to be put in place." - stat: path=/etc/ironic/ironic.conf - register: test_place_ironic_config -- name: "Copy ironic sample config" - copy: - src="{{ ironic_git_folder }}/etc/ironic/ironic.conf.sample" +- name: "Create ironic config" + template: + src="ironic.conf.j2" dest=/etc/ironic/ironic.conf owner=ironic group=ironic - mode=0644 - when: test_place_ironic_config.stat.exists == false -- name: "If testing, set agent_ssh as the enabled driver" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[DEFAULT]" - regexp='^\#?\s?enabled_drivers\s?=\s?(.*)$' - line="enabled_drivers = agent_ssh,pxe_ssh" - when: testing | bool == true -- name: "If not testing, set driver list" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[DEFAULT]" - regexp='^\#?\s?enabled_drivers\s?=\s?(.*)$' - line="enabled_drivers = {{ enabled_drivers }}" - when: testing | bool == false -- name: "Set rabbit user" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[DEFAULT]" - regexp='^\#?\s?rabbit_userid\s?=\s?(.*)$' - line="rabbit_userid = ironic" -- name: "Set rabbit password" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[DEFAULT]" - regexp='^\#?\s?rabbit_password\s?=\s?(.*)$' - line="rabbit_password = {{ ironic_db_password }}" -- name: "Set auth_strategy to noauth" - replace: - dest=/etc/ironic/ironic.conf - regexp='^\#\s?auth_strategy\s?=\s?keystone' - replace='auth_strategy = noauth' -- name: "If testing, enable debug logging" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[DEFAULT]" - regexp='^\#?\s?debug\s?=\s?(.*)$' - line="debug = true" - when: testing | bool == true -- name: "If not testing, disable debug logging" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[DEFAULT]" - regexp='^\#?\s?debug\s?=\s?$' - line="debug = false" - when: testing | bool == false -- name: "For agent, send extra params" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?pxe_append_params\s?=\s?(.*)$' - line="pxe_append_params = systemd.journald.forward_to_console=yes {{extra_kernel_options | default('')}}" -- name: "Configure conductor API url" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[conductor]" - regexp='^\#?\s?api_url\s?=\s?(.*)$' - line="api_url = http://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:6385/" - # Note(TheJulia): clean_nodes config option is deprecated and to be removed in Newton. -- name: "Configure conductor cleaning - Pre-Mitaka" - lineinfile: - dest=/etc/ironic/ironic.conf - insertbefore="[console]" - regexp='^\#?\s?clean_nodes\s?=\s?(.*)$' - line="clean_nodes = {{ cleaning | lower }}" -- name: "Configure conductor cleaning - Mitaka" - lineinfile: - dest=/etc/ironic/ironic.conf - insertbefore="[console]" - regexp='^\#?\s?automated_clean\s?=\s?(.*)$' - line="automated_clean = {{ cleaning | lower }}" -- name: "Configure database connection" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[database]" - regexp='^\#?\s?connection\s?=\s?(.*)$' - line="connection = mysql+pymysql://ironic:{{ ironic_db_password }}@localhost/ironic?charset=utf8" -- name: "Configure DHCP provider" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[dhcp]" - regexp='^\#?\s?dhcp_provider\s?=\s?(.*)$' - line="dhcp_provider = none" -- name: "Set PXE pxe_config_template" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?pxe_config_template\s?=\s?(.*)$' - line="pxe_config_template = $pybasedir/drivers/modules/ipxe_config.template" -- name: "Set PXE tftp_server" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?tftp_server\s?=\s?(.*)$' - line="tftp_server = {{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}" -- name: "Set PXE tftp_root" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?tftp_root\s?=\s?(.*)$' - line="tftp_root = /tftpboot" -- name: "Set iPXE pxe_bootfile_name" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?pxe_bootfile_name\s?=\s?(.*)$' - line="pxe_bootfile_name = undionly.kpxe" -- name: "Set iPXE http_url" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?http_url\s?=\s?(.*)$' - line="http_url = http://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{ file_url_port }}/" -- name: "Set iPXE http_root" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?http_root\s?=\s?(.*)$' - line="http_root = {{ http_boot_folder }}" -- name: "Set iPXE to be enabled" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?ipxe_enabled\s?=\s?(.*)$' - line="ipxe_enabled = true" -- name: "Set path to ipxe template file" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?ipxe_boot_script\s?=\s?(.*)$' - line="ipxe_boot_script = /etc/ironic/boot.ipxe" -- name: "Configure SSH libvirt URL if testing" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[ssh]" - regexp='^\#?\s?libvirt_uri\s?=\s?(.*)$' - line="libvirt_uri = qemu:///system" - when: testing | bool == true -- name: "Set CORS allowed_origin if enable_cors is set" - lineinfile: - dest=/etc/ironic/ironic.conf - insertbefore='^\#?\s?cors.subdomain(.*)$' - regexp='^\#?\s?allowed_origin\s?=\s?(.*)$' - line="allowed_origin = {{ cors_allowed_origin | default('allowed_origin=http://localhost:8000')}}" - when: enable_cors | bool == true -- name: "Set CORS allow_credentials if enable_cors is set" - lineinfile: - dest=/etc/ironic/ironic.conf - insertbefore='^\#?\s?cors.subdomain(.*)$' - regexp='^\#?\s?allow_credentials\s?=\s?(.*)$' - line="allow_credentials = {{ enable_cors_credential_support | default('true')}}" - when: enable_cors | bool == true -- name: "Set ilo driver to utilize web server" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[ilo]" - regexp='^\#?\s?use_web_server_for_images\s?=\s?(.*)$' - line="use_web_server_for_images = true" -- name: "Enable Inspector" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[inspector]" - regexp='^\#?\s?enabled( |)\s?=\s?(.*)$' - line="enabled = True" - when: enable_inspector | bool == true + mode=0640 - name: "Set sudoers for PXE driver support if enabled" lineinfile: dest: /etc/sudoers regexp: '^ironic(.*)/etc/ironic/rootwrap.conf(.*)' line: "ironic ALL = (root) NOPASSWD: /usr/local/bin/ironic-rootwrap /etc/ironic/rootwrap.conf *" when: enable_pxe_drivers | bool == true - -- name: "Disable the flat network driver if present" - lineinfile: - dest: /etc/ironic/ironic.conf - regexp: '^(#|)enabled_network_interfaces( |)\s?=( |)\s?(.*)$' - line: "enabled_network_interfaces = noop" diff --git a/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 b/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 new file mode 100644 index 000000000..a3793f89b --- /dev/null +++ b/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 @@ -0,0 +1,66 @@ +# {{ ansible_managed }} +# For additional details on configuring ironic, you may wish to reference +# the sample configuration file which can be located at +# http://git.openstack.org/cgit/openstack/ironic/tree/etc/ironic/ironic.conf.sample + + +[DEFAULT] +# NOTE(TheJulia): Until Bifrost supports neutron or some other network +# configuration besides a flat network where bifrost orchustrates the +# control instead of ironic, noop is the only available network driver. +enabled_network_interfaces = noop +{% if testing | bool == true %} +enabled_drivers = agent_ssh,pxe_ssh +debug = true +{% else %} +enabled_drivers = {{ enabled_drivers }} +debug = false +{% endif %} + +rabbit_userid = ironic +rabbit_password = {{ ironic_db_password }} + +auth_strategy = noauth + +[pxe] +pxe_append_params = systemd.journald.forward_to_console=yes {{ extra_kernel_options | default('') }} +pxe_config_template = $pybasedir/drivers/modules/ipxe_config.template +tftp_server = {{ my_ip_address }} +tftp_root = /tftpboot +pxe_bootfile_name = undionly.kpxe +ipxe_enabled = true +ipxe_boot_script = /etc/ironic/boot.ipxe + +[deploy] +http_url = http://{{ my_ip_address }}:{{ file_url_port }}/ +http_root = {{ http_boot_folder }} + +[conductor] +api_url = http://{{ my_ip_address }}:6385/ +clean_nodes = {{ cleaning | lower }} +automated_clean = {{ cleaning | lower }} + +[database] +connection = mysql+pymysql://ironic:{{ ironic_db_password }}@localhost/ironic?charset=utf8 + +[dhcp] +dhcp_provider = none + +{% if testing | bool == true %} +[ssh] +libvirt_uri = qemu:///system +{% endif %} + +{% if enable_cors | bool == true %} +[cors] +allowed_origin = {{ cors_allowed_origin | default('allowed_origin=http://localhost:8000') }} +allow_credentials = {{ enable_cors_credential_support | default('true') }} +{% endif %} + +[ilo] +use_web_server_for_images = true + +{% if enable_inspector | bool == true %} +[inspector] +enabled = true +{% endif %} diff --git a/releasenotes/notes/releasenotes/notes/templated_ironic_conf-bd052f2b2897d37a.yaml b/releasenotes/notes/releasenotes/notes/templated_ironic_conf-bd052f2b2897d37a.yaml new file mode 100644 index 000000000..74bcc63c7 --- /dev/null +++ b/releasenotes/notes/releasenotes/notes/templated_ironic_conf-bd052f2b2897d37a.yaml @@ -0,0 +1,22 @@ +--- +prelude: > + Ironic.conf is templated and only sets required + options now, as opposed to editing the Sample + configuration of Ironic. +features: + - Ironic.conf is templated and only sets required + options now, as opposed to editing the Sample + configuration of Ironic. +other: + - In the past, the sample config in Ironic may have + set some boilerplate that Bifrost took advantage + of. But now that config is entirely made up of + comments, and so this change does not change much + except stripping out all of those comments and + leaving just the required content in ironic.conf + to use Ironic with Bifrost. +upgrade: + - Upon installation, bifrost will replace the installed + ironic.conf file with a template generated file. + Custom setting changes to that file, which were previously + retained, will now be lost upon re-installation.