From 57365f16e3c8a0312114ff84b0d1ba7b07404abc Mon Sep 17 00:00:00 2001 From: Mauricio Lima Date: Fri, 13 Jan 2017 15:19:20 -0300 Subject: [PATCH] Fix ironic inspector Co-Authored-By: Jeffrey Zhang Depends-On: Id03619b4e26a0a77c2a39e2de21efd13be0e9200 Change-Id: I723345c1b23cb92ad94cefd965f07b94095ebb41 Closes-Bug: #1650345 --- ansible/group_vars/all.yml | 2 + .../roles/haproxy/templates/haproxy.cfg.j2 | 12 +++++ ansible/roles/ironic/defaults/main.yml | 31 +++++++++++-- ansible/roles/ironic/tasks/bootstrap.yml | 24 +++++++--- .../roles/ironic/tasks/bootstrap_service.yml | 19 ++++++++ ansible/roles/ironic/tasks/config.yml | 43 +++++++++++++++++- ansible/roles/ironic/tasks/deploy.yml | 6 ++- ansible/roles/ironic/tasks/register.yml | 44 +++++++++++++++++++ ansible/roles/ironic/tasks/start.yml | 12 +++++ .../ironic/templates/ironic-dnsmasq.conf.j2 | 10 +++++ .../ironic/templates/ironic-dnsmasq.json.j2 | 11 +++++ .../ironic/templates/ironic-inspector.conf.j2 | 35 +++++++++++++++ .../ironic/templates/ironic-inspector.json.j2 | 6 +-- .../roles/ironic/templates/ironic-pxe.json.j2 | 21 ++++++++- ansible/roles/ironic/templates/ironic.conf.j2 | 16 ++----- .../ironic/templates/pxelinux.default.j2 | 7 +++ etc/kolla/passwords.yml | 3 ++ 17 files changed, 274 insertions(+), 28 deletions(-) create mode 100644 ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2 create mode 100644 ansible/roles/ironic/templates/ironic-dnsmasq.json.j2 create mode 100644 ansible/roles/ironic/templates/ironic-inspector.conf.j2 create mode 100644 ansible/roles/ironic/templates/pxelinux.default.j2 diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index b51b98903e..be196432d4 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -188,6 +188,8 @@ murano_api_port: "8082" ironic_api_port: "6385" +ironic_inspector_port: "5050" + magnum_api_port: "9511" solum_application_deployment_port: "9777" diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2 index b9eb13c4e3..1bd9e1b717 100644 --- a/ansible/roles/haproxy/templates/haproxy.cfg.j2 +++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2 @@ -353,6 +353,11 @@ listen ironic_api {% for host in groups['ironic-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} +listen ironic_inspector + bind {{ kolla_internal_vip_address }}:{{ ironic_inspector_port }} +{% for host in groups['ironic-inspector'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_inspector_port }} check inter 2000 rise 2 fall 5 +{% endfor %} {% if haproxy_enable_external_vip | bool %} listen ironic_api_external @@ -360,6 +365,13 @@ listen ironic_api_external {% for host in groups['ironic-api'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_api_port }} check inter 2000 rise 2 fall 5 {% endfor %} +listen ironic_inspector_external + bind {{ kolla_external_vip_address }}:{{ ironic_inspector_port }} {{ tls_bind_info }} + http-request del-header X-Forwarded-Proto + http-request set-header X-Forwarded-Proto https if { ssl_fc } +{% for host in groups['ironic-inspector'] %} + server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_inspector_port }} check inter 2000 rise 2 fall 5 +{% endfor %} {% endif %} {% endif %} diff --git a/ansible/roles/ironic/defaults/main.yml b/ansible/roles/ironic/defaults/main.yml index 1b052ebe10..6f201b17e9 100644 --- a/ansible/roles/ironic/defaults/main.yml +++ b/ansible/roles/ironic/defaults/main.yml @@ -8,6 +8,10 @@ ironic_database_name: "ironic" ironic_database_user: "ironic" ironic_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}" +ironic_inspector_database_name: "ironic_inspector" +ironic_inspector_database_user: "ironic_inspector" +ironic_inspector_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}" + #################### # Docker @@ -20,22 +24,43 @@ ironic_conductor_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{ ironic_conductor_tag: "{{ openstack_release }}" ironic_conductor_image_full: "{{ ironic_conductor_image }}:{{ ironic_conductor_tag }}" +ironic_pxe_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-ironic-pxe" +ironic_pxe_tag: "{{ openstack_release }}" +ironic_pxe_image_full: "{{ ironic_pxe_image }}:{{ ironic_pxe_tag }}" + ironic_inspector_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-ironic-inspector" ironic_inspector_tag: "{{ openstack_release }}" ironic_inspector_image_full: "{{ ironic_inspector_image }}:{{ ironic_inspector_tag }}" -ironic_pxe_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-ironic-pxe" -ironic_pxe_tag: "{{ openstack_release }}" -ironic_pxe_image_full: "{{ ironic_pxe_image }}:{{ ironic_pxe_tag }}" +ironic_dnsmasq_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-dnsmasq" +ironic_dnsmasq_tag: "{{ openstack_release }}" +ironic_dnsmasq_image_full: "{{ ironic_dnsmasq_image }}:{{ ironic_dnsmasq_tag }}" #################### # OpenStack #################### +ironic_inspector_keystone_user: "ironic-inspector" + ironic_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}" ironic_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}" ironic_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ ironic_api_port }}" +ironic_inspector_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_inspector_port }}" +ironic_inspector_internal_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_inspector_port }}" +ironic_inspector_public_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_inspector_port }}" + ironic_logging_debug: "{{ openstack_logging_debug }}" openstack_ironic_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" + +openstack_ironic_inspector_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" + + +######### +# Ironic +######### + +ironic_dnsmasq_interface: "{{ api_interface }}" +ironic_dnsmasq_dhcp_range: +ironic_cleaning_network: diff --git a/ansible/roles/ironic/tasks/bootstrap.yml b/ansible/roles/ironic/tasks/bootstrap.yml index bbeba8e5f9..208cb681d6 100644 --- a/ansible/roles/ironic/tasks/bootstrap.yml +++ b/ansible/roles/ironic/tasks/bootstrap.yml @@ -7,10 +7,15 @@ login_port: "{{ database_port }}" login_user: "{{ database_user }}" login_password: "{{ database_password }}" - name: "{{ ironic_database_name }}" + name: "{{ item.database_name }}" register: database run_once: True - delegate_to: "{{ groups['ironic-api'][0] }}" + delegate_to: "{{ item.delegate_to }}" + with_items: + - database_name: "{{ ironic_database_name }}" + delegate_to: "{{ groups['ironic-api'][0] }}" + - database_name: "{{ ironic_inspector_database_name }}" + delegate_to: "{{ groups['ironic-inspector'][0] }}" - name: Creating Ironic database user and setting permissions kolla_toolbox: @@ -20,13 +25,20 @@ login_port: "{{ database_port }}" login_user: "{{ database_user }}" login_password: "{{ database_password }}" - name: "{{ ironic_database_name }}" - password: "{{ ironic_database_password }}" + name: "{{ item.database_name }}" + password: "{{ item.database_password }}" host: "%" - priv: "{{ ironic_database_name }}.*:ALL" + priv: "{{ item.database_name }}.*:ALL" append_privs: "yes" run_once: True - delegate_to: "{{ groups['ironic-api'][0] }}" + delegate_to: "{{ item.delegate_to }}" + with_items: + - database_name: "{{ ironic_database_name }}" + database_password: "{{ ironic_database_password }}" + delegate_to: "{{ groups['ironic-api'][0] }}" + - database_name: "{{ ironic_inspector_database_name }}" + database_password: "{{ ironic_inspector_database_password }}" + delegate_to: "{{ groups['ironic-inspector'][0] }}" - include: bootstrap_service.yml when: database.changed diff --git a/ansible/roles/ironic/tasks/bootstrap_service.yml b/ansible/roles/ironic/tasks/bootstrap_service.yml index 986d1a6572..b25da1de34 100644 --- a/ansible/roles/ironic/tasks/bootstrap_service.yml +++ b/ansible/roles/ironic/tasks/bootstrap_service.yml @@ -17,3 +17,22 @@ - "/etc/localtime:/etc/localtime:ro" run_once: True delegate_to: "{{ groups['ironic-api'][0] }}" + +- name: Running Ironic Inspector bootstrap container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + detach: False + environment: + KOLLA_BOOTSTRAP: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + image: "{{ ironic_inspector_image_full }}" + labels: + BOOTSTRAP: + name: "bootstrap_ironic_inspector" + restart_policy: "never" + volumes: + - "{{ node_config_directory }}/ironic-inspector/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + run_once: True + delegate_to: "{{ groups['ironic-inspector'][0] }}" diff --git a/ansible/roles/ironic/tasks/config.yml b/ansible/roles/ironic/tasks/config.yml index d082ecf088..e3efcde0cd 100644 --- a/ansible/roles/ironic/tasks/config.yml +++ b/ansible/roles/ironic/tasks/config.yml @@ -9,6 +9,7 @@ - "ironic-conductor" - "ironic-inspector" - "ironic-pxe" + - "ironic-dnsmasq" - name: Copying over config.json files for services template: @@ -19,6 +20,7 @@ - "ironic-conductor" - "ironic-inspector" - "ironic-pxe" + - "ironic-dnsmasq" - name: Copying over ironic.conf merge_configs: @@ -36,7 +38,46 @@ with_items: - "ironic-api" - "ironic-conductor" - - "ironic-inspector" + +- name: Copying over inspector.conf + merge_configs: + vars: + service_name: "ironic-inspector" + sources: + - "{{ role_path }}/templates/ironic-inspector.conf.j2" + - "{{ node_custom_config }}/global.conf" + - "{{ node_custom_config }}/database.conf" + - "{{ node_custom_config }}/messaging.conf" + - "{{ node_custom_config }}/ironic-inspector.conf" + - "{{ node_custom_config }}/ironic-inspector/inspector.conf" + - "{{ node_custom_config }}/ironic-inspector/{{ inventory_hostname }}/inspector.conf" + dest: "{{ node_config_directory }}/ironic-inspector/inspector.conf" + +- name: Copying over dnsmasq.conf + template: + src: "{{ item }}" + dest: "{{ node_config_directory }}/ironic-dnsmasq/dnsmasq.conf" + with_first_found: + - "{{ node_custom_config }}/ironic/ironic-dnsmasq.conf" + - "{{ node_custom_config }}/ironic/{{ inventory_hostname }}/ironic-dnsmasq.conf" + - "ironic-dnsmasq.conf.j2" + +- name: Copying pxelinux.cfg default + template: + src: "{{ item }}" + dest: "{{ node_config_directory }}/ironic-pxe/default" + with_first_found: + - "{{ node_custom_config }}/ironic/pxelinux.default" + - "{{ node_custom_config }}/ironic/{{ inventory_hostname }}/pxelinux.default" + - "pxelinux.default.j2" + +- name: Copying ironic-agent kernel and initramfs + copy: + src: "{{ node_custom_config }}/ironic/{{ item }}" + dest: "{{ node_config_directory }}/ironic-pxe/{{ item }}" + with_items: + - "ironic-agent.kernel" + - "ironic-agent.initramfs" - name: Check if policies shall be overwritten local_action: stat path="{{ node_custom_config }}/ironic/policy.json" diff --git a/ansible/roles/ironic/tasks/deploy.yml b/ansible/roles/ironic/tasks/deploy.yml index 09fa82b225..13589d6aa9 100644 --- a/ansible/roles/ironic/tasks/deploy.yml +++ b/ansible/roles/ironic/tasks/deploy.yml @@ -1,6 +1,7 @@ --- - include: register.yml - when: inventory_hostname in groups['ironic-api'] + when: inventory_hostname in groups['ironic-api'] or + inventory_hostname in groups['ironic-inspector'] - include: config.yml when: inventory_hostname in groups['ironic-api'] or @@ -9,7 +10,8 @@ inventory_hostname in groups['ironic-pxe'] - include: bootstrap.yml - when: inventory_hostname in groups['ironic-api'] + when: inventory_hostname in groups['ironic-api'] or + inventory_hostname in groups['ironic-inspector'] - include: start.yml when: inventory_hostname in groups['ironic-api'] or diff --git a/ansible/roles/ironic/tasks/register.yml b/ansible/roles/ironic/tasks/register.yml index 0a6d52a1e7..71e25143d0 100644 --- a/ansible/roles/ironic/tasks/register.yml +++ b/ansible/roles/ironic/tasks/register.yml @@ -17,6 +17,7 @@ retries: 10 delay: 5 run_once: True + when: inventory_hostname in groups['ironic-api'] with_items: - {'interface': 'admin', 'url': '{{ ironic_admin_endpoint }}'} - {'interface': 'internal', 'url': '{{ ironic_internal_endpoint }}'} @@ -38,3 +39,46 @@ retries: 10 delay: 5 run_once: True + when: inventory_hostname in groups['ironic-api'] + +- name: Creating the Ironic Inspector service and endpoint + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_service + -a "service_name=ironic-inspector + service_type=baremetal-introspection + description='Ironic Inspector baremetal introspection service' + endpoint_region={{ openstack_region_name }} + url='{{ item.url }}' + interface='{{ item.interface }}' + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_ironic_inspector_auth }}' }}" + -e "{'openstack_ironic_inspector_auth':{{ openstack_ironic_inspector_auth }}}" + register: ironic_inspector_endpoint + changed_when: "{{ ironic_inspector_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (ironic_inspector_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: ironic_inspector_endpoint.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True + when: inventory_hostname in groups['ironic-inspector'] + with_items: + - {'interface': 'admin', 'url': '{{ ironic_inspector_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ ironic_inspector_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ ironic_inspector_public_endpoint }}'} + +- name: Creating the Ironic Inspector project, user, and role + command: docker exec -t kolla_toolbox /usr/bin/ansible localhost + -m kolla_keystone_user + -a "project=service + user={{ ironic_inspector_keystone_user }} + password={{ ironic_inspector_keystone_password }} + role=admin + region_name={{ openstack_region_name }} + auth={{ '{{ openstack_ironic_inspector_auth }}' }}" + -e "{'openstack_ironic_inspector_auth':{{ openstack_ironic_inspector_auth }}}" + register: ironic_inspector_user + changed_when: "{{ ironic_inspector_user.stdout.find('localhost | SUCCESS => ') != -1 and (ironic_inspector_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" + until: ironic_inspector_user.stdout.split()[2] == 'SUCCESS' + retries: 10 + delay: 5 + run_once: True + when: inventory_hostname in groups['ironic-inspector'] diff --git a/ansible/roles/ironic/tasks/start.yml b/ansible/roles/ironic/tasks/start.yml index 874f3e176b..22195d4586 100644 --- a/ansible/roles/ironic/tasks/start.yml +++ b/ansible/roles/ironic/tasks/start.yml @@ -51,4 +51,16 @@ volumes: - "{{ node_config_directory }}/ironic-inspector/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla" when: inventory_hostname in groups['ironic-inspector'] + +- name: Staring ironic-dnsmasq container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ ironic_dnsmasq_image_full }}" + name: "ironic_dnsmasq" + volumes: + - "{{ node_config_directory }}/ironic-dnsmasq/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + when: inventory_hostname in groups['ironic-conductor'] diff --git a/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2 b/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2 new file mode 100644 index 0000000000..df0019a0ea --- /dev/null +++ b/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2 @@ -0,0 +1,10 @@ +port=0 +interface={{ api_interface }} +bind-interfaces +dhcp-range={{ ironic_dnsmasq_dhcp_range }} +dhcp-sequential-ip + +dhcp-option=option:tftp-server,{{ kolla_internal_vip_address }} +dhcp-option=option:server-ip-address,{{ kolla_internal_vip_address }} +dhcp-option=option:bootfile-name,pxelinux.0 +dhcp-option=210,/tftpboot/ diff --git a/ansible/roles/ironic/templates/ironic-dnsmasq.json.j2 b/ansible/roles/ironic/templates/ironic-dnsmasq.json.j2 new file mode 100644 index 0000000000..baab505285 --- /dev/null +++ b/ansible/roles/ironic/templates/ironic-dnsmasq.json.j2 @@ -0,0 +1,11 @@ +{ + "command": "dnsmasq --no-daemon --conf-file=/etc/dnsmasq.conf", + "config_files": [ + { + "source": "{{ container_config_directory }}/dnsmasq.conf", + "dest": "/etc/dnsmasq.conf", + "owner": "root", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 new file mode 100644 index 0000000000..86a8975315 --- /dev/null +++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 @@ -0,0 +1,35 @@ +[DEFAULT] +debug = {{ ironic_logging_debug }} +log_dir = /var/log/kolla/ironic + +listen_address = {{ api_interface_address }} +listen_port = {{ ironic_inspector_port }} + +[ironic] +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ ironic_inspector_keystone_user }} +password = {{ ironic_inspector_keystone_password }} + +[keystone_authtoken] +auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ ironic_inspector_keystone_user }} +password = {{ ironic_inspector_keystone_password }} + +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcache_secret_key }} +memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} + +[firewall] +dnsmasq_interface = {{ ironic_dnsmasq_interface }} + +[database] +connection = mysql+pymysql://{{ ironic_inspector_database_user }}:{{ ironic_inspector_database_password }}@{{ ironic_inspector_database_address }}/{{ ironic_inspector_database_name }} diff --git a/ansible/roles/ironic/templates/ironic-inspector.json.j2 b/ansible/roles/ironic/templates/ironic-inspector.json.j2 index e4c362050a..5db6cbc90c 100644 --- a/ansible/roles/ironic/templates/ironic-inspector.json.j2 +++ b/ansible/roles/ironic/templates/ironic-inspector.json.j2 @@ -1,9 +1,9 @@ { - "command": "ironic-inspector --config-file /etc/ironic-inspector/ironic.conf", + "command": "ironic-inspector --config-file /etc/ironic-inspector/inspector.conf", "config_files": [ { - "source": "{{ container_config_directory }}/ironic.conf", - "dest": "/etc/ironic-inspector/ironic.conf", + "source": "{{ container_config_directory }}/inspector.conf", + "dest": "/etc/ironic-inspector/inspector.conf", "owner": "ironic", "perm": "0600" }, diff --git a/ansible/roles/ironic/templates/ironic-pxe.json.j2 b/ansible/roles/ironic/templates/ironic-pxe.json.j2 index 3fdf9d88bd..74c4295ca4 100644 --- a/ansible/roles/ironic/templates/ironic-pxe.json.j2 +++ b/ansible/roles/ironic/templates/ironic-pxe.json.j2 @@ -1,4 +1,23 @@ { "command": "/usr/sbin/in.tftpd --verbose --foreground --user root --address 0.0.0.0:69 --map-file /map-file /tftpboot", - "config_files": [] + "config_files": [ + { + "source": "{{ container_config_directory }}/ironic-agent.kernel", + "dest": "/tftpboot/ironic-agent.kernel", + "owner": "root", + "perm": "0644" + }, + { + "source": "{{ container_config_directory }}/ironic-agent.initramfs", + "dest": "/tftpboot/ironic-agent.initramfs", + "owner": "root", + "perm": "0644" + }, + { + "source": "{{ container_config_directory }}/default", + "dest": "/tftpboot/pxelinux.cfg/default", + "owner": "root", + "perm": "0644" + } + ] } diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2 index c1f84ae554..15109880f9 100644 --- a/ansible/roles/ironic/templates/ironic.conf.j2 +++ b/ansible/roles/ironic/templates/ironic.conf.j2 @@ -21,18 +21,6 @@ api_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port automated_clean=false {% endif %} -{% if service_name == 'ironic-inspector' %} -[ironic] -os_auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v2.0 -os_username = {{ openstack_auth.username }} -os_password = {{ openstack_auth.password }} -os_tenant_name = {{ openstack_auth.project_name }} -identity_uri = {{ openstack_auth.auth_url }} - -[firewall] -dnsmasq_interface = {{ api_interface }} -{% endif %} - [database] connection = mysql+pymysql://{{ ironic_database_user }}:{{ ironic_database_password }}@{{ ironic_database_address }}/{{ ironic_database_name }} max_retries = -1 @@ -57,3 +45,7 @@ glance_host = {{ kolla_internal_fqdn }} [neutron] url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }} +cleaning_network = {{ ironic_cleaning_network }} + +[inspector] +enabled = true diff --git a/ansible/roles/ironic/templates/pxelinux.default.j2 b/ansible/roles/ironic/templates/pxelinux.default.j2 new file mode 100644 index 0000000000..5304611a3d --- /dev/null +++ b/ansible/roles/ironic/templates/pxelinux.default.j2 @@ -0,0 +1,7 @@ +default introspect + +label introspect +kernel ironic-agent.kernel +append initrd=ironic-agent.initramfs ipa-inspection-callback-url=http://{{ kolla_internal_vip_address }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes + +ipappend 3 diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index bafe4906b9..928974bc72 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -87,6 +87,9 @@ murano_keystone_password: ironic_database_password: ironic_keystone_password: +ironic_inspector_database_password: +ironic_inspector_keystone_password: + magnum_database_password: magnum_keystone_password: