Merge "Improve standalone ironic support"

ansible/group_vars/all.yml

@@ -431,16 +431,20 @@ nova_console: "novnc"
 # Valid options are [ public, internal, admin ]
 openstack_interface: "admin"
 
+# Enable core OpenStack services. This includes:
+# glance, keystone, neutron, nova, heat, and horizon.
+enable_openstack_core: "yes"
+
 # These roles are required for Kolla to be operation, however a savvy deployer
 # could disable some of these required roles and run their own services.
-enable_glance: "yes"
+enable_glance: "{{ enable_openstack_core | bool }}"
 enable_haproxy: "yes"
 enable_keepalived: "{{ enable_haproxy | bool }}"
-enable_keystone: "yes"
+enable_keystone: "{{ enable_openstack_core | bool }}"
 enable_mariadb: "yes"
 enable_memcached: "yes"
-enable_neutron: "yes"
+enable_neutron: "{{ enable_openstack_core | bool }}"
-enable_nova: "yes"
+enable_nova: "{{ enable_openstack_core | bool }}"
 enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}"
 enable_outward_rabbitmq: "{{ enable_murano | bool }}"
 
@@ -480,8 +484,8 @@ enable_fluentd: "yes"
 enable_freezer: "no"
 enable_gnocchi: "no"
 enable_grafana: "no"
-enable_heat: "yes"
+enable_heat: "{{ enable_openstack_core | bool }}"
-enable_horizon: "yes"
+enable_horizon: "{{ enable_openstack_core | bool }}"
 enable_horizon_blazar: "{{ enable_blazar | bool }}"
 enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}"
 enable_horizon_congress: "{{ enable_congress | bool }}"
@@ -546,7 +550,7 @@ enable_nova_ssh: "yes"
 enable_octavia: "no"
 enable_onos: "no"
 enable_opendaylight: "no"
-enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' }}"
+enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}"
 enable_ovs_dpdk: "no"
 enable_osprofiler: "no"
 enable_panko: "no"

ansible/roles/ironic/defaults/main.yml

@@ -182,7 +182,7 @@ ironic_console_serial_speed: "115200n8"
 ironic_ipxe_url: http://{{ api_interface_address }}:{{ ironic_ipxe_port }}
 ironic_enable_rolling_upgrade: "yes"
 ironic_inspector_kernel_cmdline_extras: []
-ironic_inspector_pxe_filter: iptables
+ironic_inspector_pxe_filter: "{% if enable_neutron | bool %}iptables{% else %}none{% endif %}"
 
 ####################
 ## Kolla

ansible/roles/ironic/templates/inspector.ipxe.j2

@@ -3,6 +3,14 @@
 :retry_dhcp
 dhcp || goto retry_dhcp
 
+{# Standalone ironic: use ironic-configured PXE configs #}
+{% if not enable_neutron | bool %}
+# load the MAC-specific file or fail if it's not found
+:boot_system
+chain pxelinux.cfg/${mac:hexhyp} || goto inspector_ipa
+{% endif %}
+
+:inspector_ipa
 :retry_boot
 imgfree
 kernel --timeout 30000 {{ ironic_ipxe_url }}/ironic-agent.kernel ipa-inspection-callback-url=http://{{ kolla_internal_vip_address }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd=agent.ramdisk {{ ironic_inspector_kernel_cmdline_extras | join(' ') }} || goto retry_boot

ansible/roles/ironic/templates/ironic-inspector.conf.j2

@@ -2,6 +2,9 @@
 debug = {{ ironic_logging_debug }}
 log_dir = /var/log/kolla/ironic-inspector
 
+{% if not enable_keystone | bool %}
+auth_strategy = noauth
+{% endif %}
 listen_address = {{ api_interface_address }}
 listen_port = {{ ironic_inspector_port }}
 transport_url = {{ rpc_transport_url }}
@@ -10,6 +13,7 @@ transport_url = {{ rpc_transport_url }}
 transport_url = {{ notify_transport_url }}
 
 [ironic]
+{% if enable_keystone | bool %}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
 project_domain_id = {{ default_project_domain_id }}
@@ -18,7 +22,12 @@ project_name = service
 username = {{ ironic_inspector_keystone_user }}
 password = {{ ironic_inspector_keystone_password }}
 os_endpoint_type = internalURL
+{% else %}
+auth_type = none
+endpoint_override = {{ ironic_internal_endpoint }}
+{% endif %}
 
+{% if enable_keystone | bool %}
 [keystone_authtoken]
 www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -32,6 +41,7 @@ password = {{ ironic_inspector_keystone_password }}
 memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}
 memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+{% endif %}
 
 {% if ironic_policy_file is defined %}
 [oslo_policy]

ansible/roles/ironic/templates/ironic.conf.j2

@@ -59,7 +59,6 @@ memcache_secret_key = {{ memcache_secret_key }}
 memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
 {% endif %}
 
-
 {% if enable_cinder | bool %}
 [cinder]
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -69,8 +68,9 @@ user_domain_id = default
 project_name = service
 username = {{ ironic_keystone_user }}
 password = {{ ironic_keystone_password }}
-
 {% endif %}
+
+{% if enable_glance | bool %}
 [glance]
 glance_api_servers = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -80,7 +80,9 @@ user_domain_id = default
 project_name = service
 username = {{ ironic_keystone_user }}
 password = {{ ironic_keystone_password }}
+{% endif %}
 
+{% if enable_neutron | bool %}
 [neutron]
 url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -91,9 +93,11 @@ project_name = service
 username = {{ ironic_keystone_user }}
 password = {{ ironic_keystone_password }}
 cleaning_network = {{ ironic_cleaning_network }}
+{% endif %}
 
 [inspector]
 enabled = true
+{% if enable_keystone | bool %}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
 auth_type = password
 project_domain_id = default
@@ -101,7 +105,10 @@ user_domain_id = default
 project_name = service
 username = {{ ironic_keystone_user }}
 password = {{ ironic_keystone_password }}
-service_url = {{ ironic_inspector_internal_endpoint }}
+{% else %}
+auth_type=none
+{% endif %}
+endpoint_override = {{ ironic_inspector_internal_endpoint }}
 
 [agent]
 deploy_logs_local_path = /var/log/kolla/ironic
@@ -128,3 +135,8 @@ http_url = {{ ironic_ipxe_url }}
 
 [oslo_middleware]
 enable_proxy_headers_parsing = True
+
+{% if not enable_neutron | bool %}
+[dhcp]
+dhcp_provider = none
+{% endif %}

etc/kolla/globals.yml

@@ -171,6 +171,19 @@ kolla_internal_vip_address: "10.10.10.254"
 # Valid options are [ none, novnc, spice, rdp ]
 #nova_console: "novnc"
 
+# These roles are required for Kolla to be operation, however a savvy deployer
+# could disable some of these required roles and run their own services.
+#enable_glance: "{{ enable_openstack_core | bool }}"
+#enable_haproxy: "yes"
+#enable_keepalived: "{{ enable_haproxy | bool }}"
+#enable_keystone: "{{ enable_openstack_core | bool }}"
+#enable_mariadb: "yes"
+#enable_memcached: "yes"
+#enable_neutron: "{{ enable_openstack_core | bool }}"
+#enable_nova: "{{ enable_openstack_core | bool }}"
+#enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}"
+#enable_outward_rabbitmq: "{{ enable_murano | bool }}"
+
 # OpenStack services can be enabled or disabled with these options
 #enable_aodh: "no"
 #enable_barbican: "no"
@@ -202,9 +215,8 @@ kolla_internal_vip_address: "10.10.10.254"
 #enable_freezer: "no"
 #enable_gnocchi: "no"
 #enable_grafana: "no"
-#enable_haproxy: "yes"
+#enable_heat: "{{ enable_openstack_core | bool }}"
-#enable_heat: "yes"
+#enable_horizon: "{{ enable_openstack_core | bool }}"
-#enable_horizon: "yes"
 #enable_horizon_blazar: "{{ enable_blazar | bool }}"
 #enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}"
 #enable_horizon_congress: "{{ enable_congress | bool }}"
@@ -264,7 +276,8 @@ kolla_internal_vip_address: "10.10.10.254"
 #enable_octavia: "no"
 #enable_onos: "no"
 #enable_opendaylight: "no"
-#enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' }}"
+#enable_openstack_core: "yes"
+#enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}"
 #enable_ovs_dpdk: "no"
 #enable_osprofiler: "no"
 #enable_panko: "no"

releasenotes/notes/ironic-standalone-66dbb02a190c8b5d.yaml

@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    Adds a new flag, ``enable_openstack_core``, which defaults to ``yes``.
+    Setting this flag to ``no`` will disable the core OpenStack services,
+    including Glance, Heat, Horizon, Keystone, Neutron, and Nova.
+  - |
+    Improves the default configuration of OpenStack Ironic when used in
+    standalone mode.