Ironic inspector rules are registered both with the seed and (if using) overcloud ironic inspector services. These tasks often show up as changed even when no configuration changes have been made that would affect the rules. This is caused by inspector returning default values for fields that may be omitted in the requested rule. This change fixes the issue by including those defaults in the comparison. Change-Id: Ia24e328d4531201d76a65b6385e4463bb1f3c5c6 Story: 2007399 Task: 38997
Ironic Inspector Rules
This role provides a module, os_ironic_inspector_rule
, which may be
used to configure an introspection rule in OpenStack ironic inspector.
The role installs required python dependencies in a virtualenv, and uses
the os_ironic_inspector_rule
module to configure a set of rules.
Requirements
The OpenStack ironic inspector API should be accessible from the target host.
Role Variables
ironic_inspector_venv
is a path to a directory in which to create a
virtualenv.
ironic_inspector_auth_type
is an authentication type compatible with
the auth_type
argument of os_*
Ansible modules.
ironic_inspector_auth
is a dict containing authentication information
compatible with the auth
argument of os_*
Ansible modules.
ironic_inspector_cacert
is an optional path to a CA certificate.
ironic_inspector_url
is the URL of Ironic Inspector API endpoint,
required if no authentication is used.
ironic_inspector_rules
is a list of introspection rules which should
exist. See the Inspector rules API for details of parameters available
for rules.
Dependencies
This role depends on the Kayobe openstacksdk
role.
Example Playbook
The following playbook configures an introspection rule to set the IPMI username and password fields in a node's driver info if they are currently empty.
---
- name: Ensure ironic inspector introspection rules are configured
hosts: ironic-inspector
roles:
- role: ironic-inspector-rules
ironic_inspector_venv: "~/ironic-inspector-rules-venv"
ironic_inspector_auth_type: "password"
ironic_inspector_auth:
project_name: <keystone project>
username: <keystone user>
password: <keystone password>
auth_url: <keystone auth URL>
ironic_inspector_rules:
- description: "Set IPMI driver_info if no credentials"
conditions:
- field: "node://driver_info.ipmi_username"
op: "is-empty"
- field: "node://driver_info.ipmi_password"
op: "is-empty"
actions:
- action: "set-attribute"
path: "driver_info/ipmi_username"
value: "<IPMI username>"
- action: "set-attribute"
path: "driver_info/ipmi_password"
value: "<IPMI password>"
Author Information
- Mark Goddard (mark@stackhpc.com)