Add cap NET_ADMIN for ironic_dnsmasq

When attempting to inspect a node with ironic, it seems at times
ironic_dnsmasq fails to process dhcp bootp requests, giving the
following error repeating:

dnsmasq-dhcp: DHCPDISCOVER(eth0) 52:54:00:ff:15:55
dnsmasq-dhcp: DHCPOFFER(eth0) 192.169.5.100 52:54:00:ff:15:55
dnsmasq-dhcp: ARP-cache injection failed: Operation not permitted

Adding NET_ADMIN fixes this.

Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Closes-Bug: #1762805
Change-Id: I39acb81801710f849336380d3fde01c70cd8d8ce

ansible/roles/ironic/defaults/main.yml

@@ -51,6 +51,8 @@ ironic_services:
     container_name: ironic_dnsmasq
     group: ironic-inspector
     enabled: true
+    cap_add:
+      - NET_ADMIN
     image: "{{ ironic_dnsmasq_image_full }}"
     volumes:
       - "{{ node_config_directory }}/ironic-dnsmasq/:{{ container_config_directory }}/:ro"

ansible/roles/ironic/handlers/main.yml

@@ -103,6 +103,7 @@
     name: "{{ service.container_name }}"
     image: "{{ service.image }}"
     volumes: "{{ service.volumes }}"
+    cap_add: "{{ service.cap_add }}"
   when:
     - action != "config"
     - inventory_hostname in groups[service.group]

ansible/roles/ironic/tasks/config.yml

@@ -196,6 +196,7 @@
     name: "{{ item.value.container_name }}"
     image: "{{ item.value.image }}"
     privileged: "{{ item.value.privileged|default(False) }}"
+    cap_add: "{{ item.value.cap_add|default([]) }}"
     volumes: "{{ item.value.volumes }}"
   register: check_ironic_containers
   when: