From 65dd1036dd87cff3f05a4ebc38a7a094611f54c2 Mon Sep 17 00:00:00 2001 From: Clint Byrum Date: Thu, 14 Apr 2016 00:07:07 -0700 Subject: [PATCH] Convert ironic.conf to template generated Previously the sample config was editted, but this incurred a maintenance burden, and was also extremely hard to read. Since the entire sample config is already commented out, this should have no impact on how much maintenance is required to keep up with new required config settings. Change-Id: I14c1bb8d118774c182665ca1e595a646377976e4 --- .../bifrost-ironic-install/defaults/main.yml | 6 + .../tasks/ironic_config.yml | 182 +----------------- .../templates/ironic.conf.j2 | 66 +++++++ ...emplated_ironic_conf-bd052f2b2897d37a.yaml | 22 +++ 4 files changed, 98 insertions(+), 178 deletions(-) create mode 100644 playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 create mode 100644 releasenotes/notes/releasenotes/notes/templated_ironic_conf-bd052f2b2897d37a.yaml diff --git a/playbooks/roles/bifrost-ironic-install/defaults/main.yml b/playbooks/roles/bifrost-ironic-install/defaults/main.yml index 7f0e0e13c..f393f8b42 100644 --- a/playbooks/roles/bifrost-ironic-install/defaults/main.yml +++ b/playbooks/roles/bifrost-ironic-install/defaults/main.yml @@ -197,3 +197,9 @@ ironic: keystone: default_username: "bifrost_user" default_password: "ChangeThisPa55w0rd" + + +# TODO(TheJulia): Thinking outloud, I think we ought to head in +# the direction of identifying the address of the conductor host +# in a more uniform fashion. What that is exactly, is TBD. +my_ip_address: "{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}" diff --git a/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml b/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml index e9f8b2ba4..1dd82d7d5 100644 --- a/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml +++ b/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml @@ -17,190 +17,16 @@ set_fact: enabled_drivers: "{{ enabled_drivers }},{{ pxe_drivers }}" when: enable_pxe_drivers | bool == true -- name: "Determine if ironic.conf needs to be put in place." - stat: path=/etc/ironic/ironic.conf - register: test_place_ironic_config -- name: "Copy ironic sample config" - copy: - src="{{ ironic_git_folder }}/etc/ironic/ironic.conf.sample" +- name: "Create ironic config" + template: + src="ironic.conf.j2" dest=/etc/ironic/ironic.conf owner=ironic group=ironic - mode=0644 - when: test_place_ironic_config.stat.exists == false -- name: "If testing, set agent_ssh as the enabled driver" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[DEFAULT]" - regexp='^\#?\s?enabled_drivers\s?=\s?(.*)$' - line="enabled_drivers = agent_ssh,pxe_ssh" - when: testing | bool == true -- name: "If not testing, set driver list" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[DEFAULT]" - regexp='^\#?\s?enabled_drivers\s?=\s?(.*)$' - line="enabled_drivers = {{ enabled_drivers }}" - when: testing | bool == false -- name: "Set rabbit user" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[DEFAULT]" - regexp='^\#?\s?rabbit_userid\s?=\s?(.*)$' - line="rabbit_userid = ironic" -- name: "Set rabbit password" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[DEFAULT]" - regexp='^\#?\s?rabbit_password\s?=\s?(.*)$' - line="rabbit_password = {{ ironic_db_password }}" -- name: "Set auth_strategy to noauth" - replace: - dest=/etc/ironic/ironic.conf - regexp='^\#\s?auth_strategy\s?=\s?keystone' - replace='auth_strategy = noauth' -- name: "If testing, enable debug logging" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[DEFAULT]" - regexp='^\#?\s?debug\s?=\s?(.*)$' - line="debug = true" - when: testing | bool == true -- name: "If not testing, disable debug logging" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[DEFAULT]" - regexp='^\#?\s?debug\s?=\s?$' - line="debug = false" - when: testing | bool == false -- name: "For agent, send extra params" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?pxe_append_params\s?=\s?(.*)$' - line="pxe_append_params = systemd.journald.forward_to_console=yes {{extra_kernel_options | default('')}}" -- name: "Configure conductor API url" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[conductor]" - regexp='^\#?\s?api_url\s?=\s?(.*)$' - line="api_url = http://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:6385/" - # Note(TheJulia): clean_nodes config option is deprecated and to be removed in Newton. -- name: "Configure conductor cleaning - Pre-Mitaka" - lineinfile: - dest=/etc/ironic/ironic.conf - insertbefore="[console]" - regexp='^\#?\s?clean_nodes\s?=\s?(.*)$' - line="clean_nodes = {{ cleaning | lower }}" -- name: "Configure conductor cleaning - Mitaka" - lineinfile: - dest=/etc/ironic/ironic.conf - insertbefore="[console]" - regexp='^\#?\s?automated_clean\s?=\s?(.*)$' - line="automated_clean = {{ cleaning | lower }}" -- name: "Configure database connection" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[database]" - regexp='^\#?\s?connection\s?=\s?(.*)$' - line="connection = mysql+pymysql://ironic:{{ ironic_db_password }}@localhost/ironic?charset=utf8" -- name: "Configure DHCP provider" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[dhcp]" - regexp='^\#?\s?dhcp_provider\s?=\s?(.*)$' - line="dhcp_provider = none" -- name: "Set PXE pxe_config_template" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?pxe_config_template\s?=\s?(.*)$' - line="pxe_config_template = $pybasedir/drivers/modules/ipxe_config.template" -- name: "Set PXE tftp_server" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?tftp_server\s?=\s?(.*)$' - line="tftp_server = {{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}" -- name: "Set PXE tftp_root" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?tftp_root\s?=\s?(.*)$' - line="tftp_root = /tftpboot" -- name: "Set iPXE pxe_bootfile_name" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?pxe_bootfile_name\s?=\s?(.*)$' - line="pxe_bootfile_name = undionly.kpxe" -- name: "Set iPXE http_url" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?http_url\s?=\s?(.*)$' - line="http_url = http://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{ file_url_port }}/" -- name: "Set iPXE http_root" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?http_root\s?=\s?(.*)$' - line="http_root = {{ http_boot_folder }}" -- name: "Set iPXE to be enabled" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?ipxe_enabled\s?=\s?(.*)$' - line="ipxe_enabled = true" -- name: "Set path to ipxe template file" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[pxe]" - regexp='^\#?\s?ipxe_boot_script\s?=\s?(.*)$' - line="ipxe_boot_script = /etc/ironic/boot.ipxe" -- name: "Configure SSH libvirt URL if testing" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[ssh]" - regexp='^\#?\s?libvirt_uri\s?=\s?(.*)$' - line="libvirt_uri = qemu:///system" - when: testing | bool == true -- name: "Set CORS allowed_origin if enable_cors is set" - lineinfile: - dest=/etc/ironic/ironic.conf - insertbefore='^\#?\s?cors.subdomain(.*)$' - regexp='^\#?\s?allowed_origin\s?=\s?(.*)$' - line="allowed_origin = {{ cors_allowed_origin | default('allowed_origin=http://localhost:8000')}}" - when: enable_cors | bool == true -- name: "Set CORS allow_credentials if enable_cors is set" - lineinfile: - dest=/etc/ironic/ironic.conf - insertbefore='^\#?\s?cors.subdomain(.*)$' - regexp='^\#?\s?allow_credentials\s?=\s?(.*)$' - line="allow_credentials = {{ enable_cors_credential_support | default('true')}}" - when: enable_cors | bool == true -- name: "Set ilo driver to utilize web server" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[ilo]" - regexp='^\#?\s?use_web_server_for_images\s?=\s?(.*)$' - line="use_web_server_for_images = true" -- name: "Enable Inspector" - lineinfile: - dest=/etc/ironic/ironic.conf - insertafter="[inspector]" - regexp='^\#?\s?enabled( |)\s?=\s?(.*)$' - line="enabled = True" - when: enable_inspector | bool == true + mode=0640 - name: "Set sudoers for PXE driver support if enabled" lineinfile: dest: /etc/sudoers regexp: '^ironic(.*)/etc/ironic/rootwrap.conf(.*)' line: "ironic ALL = (root) NOPASSWD: /usr/local/bin/ironic-rootwrap /etc/ironic/rootwrap.conf *" when: enable_pxe_drivers | bool == true - -- name: "Disable the flat network driver if present" - lineinfile: - dest: /etc/ironic/ironic.conf - regexp: '^(#|)enabled_network_interfaces( |)\s?=( |)\s?(.*)$' - line: "enabled_network_interfaces = noop" diff --git a/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 b/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 new file mode 100644 index 000000000..a3793f89b --- /dev/null +++ b/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 @@ -0,0 +1,66 @@ +# {{ ansible_managed }} +# For additional details on configuring ironic, you may wish to reference +# the sample configuration file which can be located at +# http://git.openstack.org/cgit/openstack/ironic/tree/etc/ironic/ironic.conf.sample + + +[DEFAULT] +# NOTE(TheJulia): Until Bifrost supports neutron or some other network +# configuration besides a flat network where bifrost orchustrates the +# control instead of ironic, noop is the only available network driver. +enabled_network_interfaces = noop +{% if testing | bool == true %} +enabled_drivers = agent_ssh,pxe_ssh +debug = true +{% else %} +enabled_drivers = {{ enabled_drivers }} +debug = false +{% endif %} + +rabbit_userid = ironic +rabbit_password = {{ ironic_db_password }} + +auth_strategy = noauth + +[pxe] +pxe_append_params = systemd.journald.forward_to_console=yes {{ extra_kernel_options | default('') }} +pxe_config_template = $pybasedir/drivers/modules/ipxe_config.template +tftp_server = {{ my_ip_address }} +tftp_root = /tftpboot +pxe_bootfile_name = undionly.kpxe +ipxe_enabled = true +ipxe_boot_script = /etc/ironic/boot.ipxe + +[deploy] +http_url = http://{{ my_ip_address }}:{{ file_url_port }}/ +http_root = {{ http_boot_folder }} + +[conductor] +api_url = http://{{ my_ip_address }}:6385/ +clean_nodes = {{ cleaning | lower }} +automated_clean = {{ cleaning | lower }} + +[database] +connection = mysql+pymysql://ironic:{{ ironic_db_password }}@localhost/ironic?charset=utf8 + +[dhcp] +dhcp_provider = none + +{% if testing | bool == true %} +[ssh] +libvirt_uri = qemu:///system +{% endif %} + +{% if enable_cors | bool == true %} +[cors] +allowed_origin = {{ cors_allowed_origin | default('allowed_origin=http://localhost:8000') }} +allow_credentials = {{ enable_cors_credential_support | default('true') }} +{% endif %} + +[ilo] +use_web_server_for_images = true + +{% if enable_inspector | bool == true %} +[inspector] +enabled = true +{% endif %} diff --git a/releasenotes/notes/releasenotes/notes/templated_ironic_conf-bd052f2b2897d37a.yaml b/releasenotes/notes/releasenotes/notes/templated_ironic_conf-bd052f2b2897d37a.yaml new file mode 100644 index 000000000..74bcc63c7 --- /dev/null +++ b/releasenotes/notes/releasenotes/notes/templated_ironic_conf-bd052f2b2897d37a.yaml @@ -0,0 +1,22 @@ +--- +prelude: > + Ironic.conf is templated and only sets required + options now, as opposed to editing the Sample + configuration of Ironic. +features: + - Ironic.conf is templated and only sets required + options now, as opposed to editing the Sample + configuration of Ironic. +other: + - In the past, the sample config in Ironic may have + set some boilerplate that Bifrost took advantage + of. But now that config is entirely made up of + comments, and so this change does not change much + except stripping out all of those comments and + leaving just the required content in ironic.conf + to use Ironic with Bifrost. +upgrade: + - Upon installation, bifrost will replace the installed + ironic.conf file with a template generated file. + Custom setting changes to that file, which were previously + retained, will now be lost upon re-installation.