Multiple DHCP ranges for Ironic Inspector

Add a new parameter 'ironic_dnsmasq_dhcp_ranges' and enable the configuration of the corresponding 'dhcp-range' and 'dhcp-option' blocks in Ironic Inspector dnsmasq for multiple ranges. The old parameters 'ironic_dnsmasq_dhcp_range' and 'ironic_dnsmasq_default_gateway' used for the only range are now removed. This change implements the same solution used in the TripleO several years ago in the: Ie49b07ffe948576f5d9330cf11ee014aef4b282d Also, this change contains: Iae15e9db0acc2ecd5b087a9ca430be948bc3e649 fix for lease time. The value can be changed globally or per range. Change-Id: Ib69fc0017b3bfbc8da4dfd4301710fbf88be661a Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com> Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
2021-11-08 21:23:21 +03:00 · 2021-11-08 21:23:21 +03:00 · 762aecbfae
commit 762aecbfae
parent e380cdd226
7 changed files with 83 additions and 21 deletions
--- a/ansible/roles/ironic/defaults/main.yml
+++ b/ansible/roles/ironic/defaults/main.yml
@ -252,8 +252,8 @@ openstack_ironic_inspector_auth: "{{ openstack_auth }}"
 # Ironic
 #########
 ironic_dnsmasq_interface: "{{ api_interface }}"
-ironic_dnsmasq_dhcp_range:
+ironic_dnsmasq_dhcp_ranges:
-ironic_dnsmasq_default_gateway:
+ironic_dnsmasq_dhcp_default_lease_time: "10m"
 # TODO(yoctozepto): Do not rely on deprecated enable_ironic_ipxe in Zed.
 ironic_dnsmasq_serve_ipxe: "{{ enable_ironic_ipxe | default(\"yes\") }}"
 ironic_dnsmasq_boot_file: "{% if ironic_dnsmasq_serve_ipxe | bool %}undionly.kpxe{% else %}pxelinux.0{% endif %}"
--- a/ansible/roles/ironic/tasks/precheck.yml
+++ b/ansible/roles/ironic/tasks/precheck.yml
@ -68,11 +68,10 @@
    - "ironic-agent.kernel"
    - "ironic-agent.initramfs"
- name: Ensure dnsmasq_dhcp_range configured for Ironic Dnsmasq
+- name: Ensure ironic_dnsmasq_dhcp_ranges is configured
  fail:
    msg: >
-      ironic_dnsmasq_dhcp_range must be set when enable ironic
+      ironic_dnsmasq_dhcp_ranges must be a list
  connection: local
  run_once: True
-  when:
+  when: not ironic_dnsmasq_dhcp_ranges is sequence
    - ironic_dnsmasq_dhcp_range is none
--- a/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2
+++ b/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2
@ -5,16 +5,20 @@ port=0
 interface={{ ironic_dnsmasq_interface }}
 bind-interfaces
-dhcp-range={{ ironic_dnsmasq_dhcp_range }}
+{% for item in ironic_dnsmasq_dhcp_ranges %}
 {% set tag = item.tag | default('range_' ~ loop.index) %}
 {% set lease_time = item.lease_time | default(ironic_dnsmasq_dhcp_default_lease_time) %}
 dhcp-range=set:{{ tag }},{{ item.range }},{{ lease_time }}
 {% if item.routers is defined %}
 dhcp-option=tag:{{ tag }},option:router,{{ item.routers }}
 {% endif %}
 {% endfor %}
 dhcp-sequential-ip
 {% if api_address_family == 'ipv6' %}
 {# TODO(yoctozepto): IPv6-only support - DHCPv6 PXE support #}
 {# different options must be used here #}
 {% else %}{# ipv4 #}
 {% if ironic_dnsmasq_default_gateway is not none %}
 dhcp-option=3,{{ ironic_dnsmasq_default_gateway }}
 {% endif %}
 dhcp-option=option:tftp-server,{{ api_interface_address }}
 dhcp-option=option:server-ip-address,{{ api_interface_address }}
 dhcp-option=210,/var/lib/ironic/tftpboot/
--- a/doc/source/reference/bare-metal/ironic-guide.rst
+++ b/doc/source/reference/bare-metal/ironic-guide.rst
@ -18,22 +18,52 @@ Enable Ironic in ``/etc/kolla/globals.yml``:
   enable_ironic: "yes"
 In the same file, define a network interface as the default NIC for dnsmasq and
-a range of IP addresses that will be available for use by Ironic inspector.
+define a network to be used for the Ironic cleaning network:
 The optional netmask of the network should be provided in case when DHCP-relay
 is used. Finally, define a network to be used for the Ironic cleaning network:
 .. code-block:: yaml
   ironic_dnsmasq_interface: "eth1"
   ironic_dnsmasq_dhcp_range: "192.168.5.100,192.168.5.110,255.255.255.0"
   ironic_cleaning_network: "public1"
-In the same file, optionally a default gateway to be used for the Ironic
+Finally, define at least one DHCP range for Ironic inspector:
 Inspector inspection network:
 .. code-block:: yaml
-   ironic_dnsmasq_default_gateway: 192.168.5.1
+   ironic_dnsmasq_dhcp_ranges:
     - range: "192.168.5.100,192.168.5.110"
 Another example of a single range with a router (multiple routers
 are possible by separating addresses with commas):
 .. code-block:: yaml
   ironic_dnsmasq_dhcp_ranges:
     - range: "192.168.5.100,192.168.5.110"
       routers: "192.168.5.1"
 To support DHCP relay, it is also possible to define a netmask in the range.
 It is advisable to also provide a router to allow the traffic to reach the
 Ironic server.
 .. code-block:: yaml
  ironic_dnsmasq_dhcp_ranges:
    - range: "192.168.5.100,192.168.5.110,255.255.255.0"
      routers: "192.168.5.1"
 Multiple ranges are possible, they can be either for directly-connected
 interfaces or relays (if with netmask):
 .. code-block:: yaml
  ironic_dnsmasq_dhcp_ranges:
    - range: "192.168.5.100,192.168.5.110"
    - range: "192.168.6.100,192.168.6.110,255.255.255.0"
      routers: "192.168.6.1"
 The default lease time for each range can be configured globally via
 ``ironic_dnsmasq_dhcp_default_lease_time`` variable or per range via
 ``lease_time`` parameter.
 In the same file, specify the PXE bootloader file for Ironic Inspector. The
 file is relative to the ``/var/lib/ironic/tftpboot`` directory. The default is
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@ -587,9 +587,11 @@
 #############################
 # dnsmasq bind interface for Ironic Inspector, by default is network_interface
 #ironic_dnsmasq_interface: "{{ network_interface }}"
-# The following value must be set when enabling ironic, the value format is
+# The following value must be set when enabling ironic, the value format is a
-# "192.168.0.10,192.168.0.100,255.255.255.0" the last being an optional netmask.
+# list of ranges - at least one must be configured, for example:
-#ironic_dnsmasq_dhcp_range:
+# - range: 192.168.0.10,192.168.0.100
 # See Kolla Ansible docs on Ironic for details.
 #ironic_dnsmasq_dhcp_ranges:
 # PXE bootloader file for Ironic Inspector, relative to /var/lib/ironic/tftpboot.
 #ironic_dnsmasq_boot_file: "pxelinux.0"
--- a/releasenotes/notes/ironic-inspector-multiple-ranges-b7c734d38b90c331.yaml
+++ b/releasenotes/notes/ironic-inspector-multiple-ranges-b7c734d38b90c331.yaml
@ -0,0 +1,26 @@
 ---
 features:
  - |
    Adds support for multiple DHCP ranges in the Ironic Inspector DHCP server.
 upgrade:
  - |
    Modifies the default lease time of the Ironic Inspector DHCP server to 10
    minutes. This is small enough to use small pools of IP addresses for
    inspection but gives more room for the inspection to succeed.
    This default can be changed globally via
    ``ironic_dnsmasq_dhcp_default_lease_time`` variable or per range via
    ``lease_time`` parameter.
  - |
    Replace usage of ``ironic_dnsmasq_dhcp_range`` together with
    ``ironic_dnsmasq_default_gateway`` to ``ironic_dnsmasq_dhcp_ranges``.
    For example, if you have::
      ironic_dnsmasq_dhcp_range: "10.42.0.2,10.42.0.254,255.255.255.0"
      ironic_dnsmasq_default_gateway: "10.42.0.1"
    replace it with::
      ironic_dnsmasq_dhcp_ranges:
        - range: "10.42.0.2,10.42.0.254,255.255.255.0"
          routers: "10.42.0.1"
--- a/tests/templates/globals-default.j2
+++ b/tests/templates/globals-default.j2
@ -99,7 +99,8 @@ enable_aodh: "yes"
 {% if scenario == "ironic" %}
 enable_ironic: "yes"
-ironic_dnsmasq_dhcp_range: "10.42.0.2,10.42.0.254,255.255.255.0"
+ironic_dnsmasq_dhcp_ranges:
  - range: "10.42.0.2,10.42.0.254,255.255.255.0"
 {% endif %}
 {% if scenario == "masakari" %}