Multiple DHCP ranges for Ironic Inspector

Add a new parameter 'ironic_dnsmasq_dhcp_ranges' and enable the configuration of the corresponding 'dhcp-range' and 'dhcp-option' blocks in Ironic Inspector dnsmasq for multiple ranges. The old parameters 'ironic_dnsmasq_dhcp_range' and 'ironic_dnsmasq_default_gateway' used for the only range are now removed. This change implements the same solution used in the TripleO several years ago in the: Ie49b07ffe948576f5d9330cf11ee014aef4b282d Also, this change contains: Iae15e9db0acc2ecd5b087a9ca430be948bc3e649 fix for lease time. The value can be changed globally or per range. Change-Id: Ib69fc0017b3bfbc8da4dfd4301710fbf88be661a Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com> Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
2021-11-08 21:23:21 +03:00 · 2021-11-08 21:23:21 +03:00 · 762aecbfae
commit 762aecbfae
parent e380cdd226
7 changed files with 83 additions and 21 deletions
--- a/ansible/roles/ironic/defaults/main.yml
+++ b/ansible/roles/ironic/defaults/main.yml
@ -252,8 +252,8 @@ openstack_ironic_inspector_auth: "{{ openstack_auth }}"
 # Ironic
 #########
 ironic_dnsmasq_interface: "{{ api_interface }}"
-ironic_dnsmasq_dhcp_range:
-ironic_dnsmasq_default_gateway:
+ironic_dnsmasq_dhcp_ranges:
+ironic_dnsmasq_dhcp_default_lease_time: "10m"
 # TODO(yoctozepto): Do not rely on deprecated enable_ironic_ipxe in Zed.
 ironic_dnsmasq_serve_ipxe: "{{ enable_ironic_ipxe | default(\"yes\") }}"
 ironic_dnsmasq_boot_file: "{% if ironic_dnsmasq_serve_ipxe | bool %}undionly.kpxe{% else %}pxelinux.0{% endif %}"
--- a/ansible/roles/ironic/tasks/precheck.yml
+++ b/ansible/roles/ironic/tasks/precheck.yml
@ -68,11 +68,10 @@
    - "ironic-agent.kernel"
    - "ironic-agent.initramfs"

- name: Ensure dnsmasq_dhcp_range configured for Ironic Dnsmasq
+- name: Ensure ironic_dnsmasq_dhcp_ranges is configured
  fail:
    msg: >
-      ironic_dnsmasq_dhcp_range must be set when enable ironic
+      ironic_dnsmasq_dhcp_ranges must be a list
  connection: local
  run_once: True
-  when:
-    - ironic_dnsmasq_dhcp_range is none
+  when: not ironic_dnsmasq_dhcp_ranges is sequence
--- a/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2
+++ b/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2
@ -5,16 +5,20 @@ port=0
 interface={{ ironic_dnsmasq_interface }}
 bind-interfaces

-dhcp-range={{ ironic_dnsmasq_dhcp_range }}
+{% for item in ironic_dnsmasq_dhcp_ranges %}
+{% set tag = item.tag | default('range_' ~ loop.index) %}
+{% set lease_time = item.lease_time | default(ironic_dnsmasq_dhcp_default_lease_time) %}
+dhcp-range=set:{{ tag }},{{ item.range }},{{ lease_time }}
+{% if item.routers is defined %}
+dhcp-option=tag:{{ tag }},option:router,{{ item.routers }}
+{% endif %}
+{% endfor %}
 dhcp-sequential-ip

 {% if api_address_family == 'ipv6' %}
 {# TODO(yoctozepto): IPv6-only support - DHCPv6 PXE support #}
 {# different options must be used here #}
 {% else %}{# ipv4 #}
-{% if ironic_dnsmasq_default_gateway is not none %}
-dhcp-option=3,{{ ironic_dnsmasq_default_gateway }}
-{% endif %}
 dhcp-option=option:tftp-server,{{ api_interface_address }}
 dhcp-option=option:server-ip-address,{{ api_interface_address }}
 dhcp-option=210,/var/lib/ironic/tftpboot/
--- a/doc/source/reference/bare-metal/ironic-guide.rst
+++ b/doc/source/reference/bare-metal/ironic-guide.rst
@ -18,22 +18,52 @@ Enable Ironic in ``/etc/kolla/globals.yml``:
   enable_ironic: "yes"

 In the same file, define a network interface as the default NIC for dnsmasq and
-a range of IP addresses that will be available for use by Ironic inspector.
-The optional netmask of the network should be provided in case when DHCP-relay
-is used. Finally, define a network to be used for the Ironic cleaning network:
+define a network to be used for the Ironic cleaning network:

 .. code-block:: yaml

   ironic_dnsmasq_interface: "eth1"
-   ironic_dnsmasq_dhcp_range: "192.168.5.100,192.168.5.110,255.255.255.0"
   ironic_cleaning_network: "public1"

-In the same file, optionally a default gateway to be used for the Ironic
-Inspector inspection network:
+Finally, define at least one DHCP range for Ironic inspector:

 .. code-block:: yaml

-   ironic_dnsmasq_default_gateway: 192.168.5.1
+   ironic_dnsmasq_dhcp_ranges:
+     - range: "192.168.5.100,192.168.5.110"
+
+Another example of a single range with a router (multiple routers
+are possible by separating addresses with commas):
+
+.. code-block:: yaml
+
+   ironic_dnsmasq_dhcp_ranges:
+     - range: "192.168.5.100,192.168.5.110"
+       routers: "192.168.5.1"
+
+To support DHCP relay, it is also possible to define a netmask in the range.
+It is advisable to also provide a router to allow the traffic to reach the
+Ironic server.
+
+.. code-block:: yaml
+
+  ironic_dnsmasq_dhcp_ranges:
+    - range: "192.168.5.100,192.168.5.110,255.255.255.0"
+      routers: "192.168.5.1"
+
+Multiple ranges are possible, they can be either for directly-connected
+interfaces or relays (if with netmask):
+
+.. code-block:: yaml
+
+  ironic_dnsmasq_dhcp_ranges:
+    - range: "192.168.5.100,192.168.5.110"
+    - range: "192.168.6.100,192.168.6.110,255.255.255.0"
+      routers: "192.168.6.1"
+
+The default lease time for each range can be configured globally via
+``ironic_dnsmasq_dhcp_default_lease_time`` variable or per range via
+``lease_time`` parameter.

 In the same file, specify the PXE bootloader file for Ironic Inspector. The
 file is relative to the ``/var/lib/ironic/tftpboot`` directory. The default is
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@ -587,9 +587,11 @@
 #############################
 # dnsmasq bind interface for Ironic Inspector, by default is network_interface
 #ironic_dnsmasq_interface: "{{ network_interface }}"
-# The following value must be set when enabling ironic, the value format is
-# "192.168.0.10,192.168.0.100,255.255.255.0" the last being an optional netmask.
-#ironic_dnsmasq_dhcp_range:
+# The following value must be set when enabling ironic, the value format is a
+# list of ranges - at least one must be configured, for example:
+# - range: 192.168.0.10,192.168.0.100
+# See Kolla Ansible docs on Ironic for details.
+#ironic_dnsmasq_dhcp_ranges:
 # PXE bootloader file for Ironic Inspector, relative to /var/lib/ironic/tftpboot.
 #ironic_dnsmasq_boot_file: "pxelinux.0"

--- a/releasenotes/notes/ironic-inspector-multiple-ranges-b7c734d38b90c331.yaml
+++ b/releasenotes/notes/ironic-inspector-multiple-ranges-b7c734d38b90c331.yaml
@ -0,0 +1,26 @@
+---
+features:
+  - |
+    Adds support for multiple DHCP ranges in the Ironic Inspector DHCP server.
+
+upgrade:
+  - |
+    Modifies the default lease time of the Ironic Inspector DHCP server to 10
+    minutes. This is small enough to use small pools of IP addresses for
+    inspection but gives more room for the inspection to succeed.
+    This default can be changed globally via
+    ``ironic_dnsmasq_dhcp_default_lease_time`` variable or per range via
+    ``lease_time`` parameter.
+  - |
+    Replace usage of ``ironic_dnsmasq_dhcp_range`` together with
+    ``ironic_dnsmasq_default_gateway`` to ``ironic_dnsmasq_dhcp_ranges``.
+    For example, if you have::
+
+      ironic_dnsmasq_dhcp_range: "10.42.0.2,10.42.0.254,255.255.255.0"
+      ironic_dnsmasq_default_gateway: "10.42.0.1"
+
+    replace it with::
+
+      ironic_dnsmasq_dhcp_ranges:
+        - range: "10.42.0.2,10.42.0.254,255.255.255.0"
+          routers: "10.42.0.1"
--- a/tests/templates/globals-default.j2
+++ b/tests/templates/globals-default.j2
@ -99,7 +99,8 @@ enable_aodh: "yes"

 {% if scenario == "ironic" %}
 enable_ironic: "yes"
-ironic_dnsmasq_dhcp_range: "10.42.0.2,10.42.0.254,255.255.255.0"
+ironic_dnsmasq_dhcp_ranges:
+  - range: "10.42.0.2,10.42.0.254,255.255.255.0"
 {% endif %}

 {% if scenario == "masakari" %}