openstack/openstack-ansible-os_ironic
Code Issues Proposed changes

Update ironic.conf for swift and keystone compat

Browse Source 
This change makes is intended to simplify the the ironic.conf file
so that we only carry what is needed. In the file we're setting the
swift configuration section when not in stand alone mode and the
keystone_auth section has been updated for the options that ironic
requires.

URI testing for ironic's rest API has been updated to run the tests
using a header for the authentication token. This is required now that
the keystone_auth section is filled in.

Co-Authored-By: Michael Davies <michael@the-davies.net>
Change-Id: Ic6bd466e6fa03c2382424666588c306bad473e99
Partially-implements: blueprint role-ironic
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2016-04-05 09:32:49 -05:00
parent c9ccde0c78
commit 2603e8de6a
No known key found for this signature in database
GPG Key ID: 69FEFFC5E2D9273F
6 changed files with 195 additions and 2103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
defaults/main.yml
View File

@ -17,7 +17,6 @@
# Verbosity Options
debug: False
verbose: True
# These variables are used in 'developer mode' in order to allow the role
# to build an environment directly from a git source without the presence
@ -73,19 +72,35 @@ ironic_service_project_name: "service"
ironic_service_project_domain_id: default
ironic_service_user_domain_id: default
ironic_service_role_name: "admin"
ironic_service_in_ldap: False
# Ironic image store information
ironic_swift_image_container: glance_images
ironic_swift_api_version: v1
# The ironic swift auth account and swift endpoints will be generated using the
# known swift data as provided by swift stat. If you wish to set either of these
# items to something else define these variables.
# ironic_swift_auth_account: AUTH_1234567890
# ironic_swift_endpoint: https://localhost:8080
# Is this Ironic installation working standalone?
# If you're wanting Ironic to work without being integrated to other OpenStack
# services, set this to True, and update the dhcp configuration appropriately
ironic_standalone: False
# Enables or disables automated cleaning. Automated cleaning
# is a configurable set of steps, such as erasing disk drives,
# that are performed on the node to ensure it is in a baseline
# state and ready to be deployed to.
ironic_automated_clean: false
# Database
ironic_galera_user: ironic
ironic_galera_database: ironic
## Keystone authentication middleware
ironic_keystone_auth_plugin: password
# Integrated Openstack configuration
ironic_openstack_driver_list: agent_ipmitool
ironic_openstack_auth_strategy: keystone
@ -102,6 +117,11 @@ ironic_standalone_dhcp_provider: none
ironic_standalone_sync_power_state_interval: -1
ironic_standalone_db_connection_string: "mysql+pymysql://{{ ironic_galera_user }}:{{ ironic_galera_password }}@{{ ironic_galera_address }}/ironic"
# Ironic db tuning
ironic_db_max_overflow: 10
ironic_db_max_pool_size: 120
ironic_db_pool_timeout: 30
# Common configuration
ironic_node_name: ironic
@ -114,6 +134,8 @@ ironic_bin: "{{ ironic_venv_bin }}"
ironic_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/ironic.tgz
ironic_tftp_server_address: "{{ ansible_ssh_host }}"
ironic_requires_pip_packages:
- virtualenv
- virtualenv-tools
@ -124,6 +146,7 @@ ironic_pip_packages:
- PyMySQL
- ironic
- python-ironicclient
- python-swiftclient
ironic_api_apt_packages:
- apache2
@ -164,7 +187,6 @@ ironic_wsgi_processes: "{{ (_ironic_wsgi_processes | int > 1) | ternary(_ironic_
ironic_glance_auth_strategy: "{{ ironic_openstack_auth_strategy }}"
# Neutron
# neutron_service_adminurl:
ironic_neutron_auth_strategy: "{{ ironic_openstack_auth_strategy }}"
### Config Overrides

74
tasks/ironic_post_install.yml
View File

@ -21,7 +21,9 @@
ironic_dhcp_provider: "{{ ironic_standalone_dhcp_provider }}"
ironic_sync_power_state_interval: "{{ ironic_standalone_sync_power_state_interval }}"
ironic_db_connection_string: "{{ ironic_standalone_db_connection_string }}"
when: ironic_standalone
when: ironic_standalone | bool
tags:
- always
- name: Setup ironic for integrated Openstack usage
set_fact:
@ -31,7 +33,9 @@
ironic_dhcp_provider: "{{ ironic_openstack_dhcp_provider }}"
ironic_sync_power_state_interval: "{{ ironic_openstack_sync_power_state_interval }}"
ironic_db_connection_string: "{{ ironic_openstack_db_connection_string }}"
when: not ironic_standalone
when: not ironic_standalone | bool
tags:
- always
- name: Get ironic command path
command: which ironic
@ -49,6 +53,72 @@
tags:
- ironic-command-bin
- name: Post swift tempURL secret key
shell: |
. ~/openrc
{{ ironic_bin }}/swift \
--os-username "service:{{ glance_service_user_name }}" \
--os-password {{ glance_service_password }} \
--os-auth-url {{ keystone_service_internalurl }} \
--os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }} \
post -m temp-url-key:{{ ironic_swift_temp_url_secret_key }}
when:
- inventory_hostname == groups['ironic_all'][0]
- not ironic_standalone | bool
tags:
- ironic-swift-auth
- always
- name: Get swift account
shell: |
. ~/openrc
{{ ironic_bin }}/swift \
--os-username "service:{{ glance_service_user_name }}" \
--os-password {{ glance_service_password }} \
--os-auth-url {{ keystone_service_internalurl }} \
--os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }} \
stat -v | awk '/StorageURL\:/ {print $2}'
register: swift_storage_url
when:
- (ironic_swift_auth_account is undefined) or (ironic_swift_endpoint is undefined)
- not ironic_standalone | bool
tags:
- ironic-swift-auth
- always
- name: Validate swift output
fail:
msg: |
No StorageURL output found using the `swift stat` command and either
the ``ironic_swift_auth_account`` or ``ironic_swift_auth_account``
variables are undefined. Ensure swift is functional and/or define
those variables.
when:
- (ironic_swift_auth_account is undefined) and (ironic_swift_endpoint is undefined)
- not ironic_standalone | bool
- not swift_storage_url.stdout
tags:
- ironic-swift-auth
- always
- name: Set the swift auth facts
set_fact:
ironic_swift_auth_account: "{{ swift_storage_url.stdout.split('/v1/')[-1] }}"
when:
- ironic_swift_auth_account is undefined
- not ironic_standalone | bool
tags:
- always
- name: Set the swift endpoint facts
set_fact:
ironic_swift_endpoint: "{{ swift_storage_url.stdout.split('/v1/')[0] }}"
when:
- ironic_swift_endpoint is undefined
- not ironic_standalone | bool
tags:
- always
- name: Generate ironic config
config_template:
src: "{{ item.src }}"

1
tasks/ironic_pre_install.yml
View File

@ -66,6 +66,7 @@
- { path: "{{ ironic_system_home_folder }}/.ssh", mode: "0700" }
- { path: "{{ ironic_system_home_folder }}/images" }
- { path: "{{ ironic_system_home_folder }}/master_images" }
- { path: "{{ ironic_system_home_folder }}/cache/api", mode: "0700" }
- { path: "/var/lock/ironic" }
- { path: "/var/run/ironic" }
- { path: "/var/www/cgi-bin", owner: root, group: root }

2150
templates/ironic.conf.j2
View File

File diff suppressed because it is too large Load Diff

28
tests/test-rest-api.yml
View File

@ -7,14 +7,26 @@
# needed by the functional test playbook below
- name: Install httplib2 so we can use the uri module
pip:
name: httplib2
name: "{{ item }}"
with_items:
- httplib2
- python-openstackclient
- name: Get auth token
shell: >
. /root/openrc && openstack token issue --format yaml | awk '/^id\:/ {print $2}'
register: get_keystone_token
- name: set token
set_fact:
keystone_token: "{{ get_keystone_token.stdout }}"
- name: Check the ironic-api
uri:
url: "{{ ironic_service_publicuri }}"
HEADER_X-Auth-Token: "{{ keystone_token }}"
status_code: 200
- name: list chassis
uri:
url: "{{ ironic_service_publicuri }}/v1/chassis"
HEADER_X-Auth-Token: "{{ keystone_token }}"
status_code: 200
return_content: yes
register: chassis_list
@ -22,6 +34,7 @@
assert: that="chassis_list.json.chassis == []"
- name: list drivers
uri:
HEADER_X-Auth-Token: "{{ keystone_token }}"
url: "{{ ironic_service_publicuri }}/v1/drivers"
status_code: 200
return_content: yes
@ -31,6 +44,7 @@
- name: list nodes
uri:
url: "{{ ironic_service_publicuri }}/v1/nodes"
HEADER_X-Auth-Token: "{{ keystone_token }}"
status_code: 200
return_content: yes
register: node_list
@ -42,6 +56,7 @@
method: POST
HEADER_Content-Type: "application/json"
HEADER_X-OpenStack-Ironic-API-Version: "1.9"
HEADER_X-Auth-Token: "{{ keystone_token }}"
body_format: json
body: "{\"name\": \"restnode\", \"driver\": \"agent_ipmitool\", \"driver_info\": {\"ipmi_address\": \"1.2.3.4\"}}"
status_code: 201
@ -58,15 +73,17 @@
method: POST
HEADER_Content-Type: "application/json"
HEADER_X-OpenStack-Ironic-API-Version: "1.9"
HEADER_X-Auth-Token: "{{ keystone_token }}"
body_format: json
body: " {\"node_uuid\": \"{{ node_response.json.uuid }}\", \"address\": \"00:00:00:00:00:01\"}"
status_code: 201
return_content: yes
- name: list ports
uri:
url: "{{ ironic_service_publicuri }}/v1/ports"
HEADER_X-Auth-Token: "{{ keystone_token }}"
HEADER_Content-Type: "application/json"
HEADER_X-OpenStack-Ironic-API-Version: "1.9"
url: "{{ ironic_service_publicuri }}/v1/ports"
body: " {\"node\": \"{{ node_response.json.uuid }}\"}"
body_format: json
return_content: yes
@ -82,15 +99,17 @@
method: POST
HEADER_Content-Type: "application/json"
HEADER_X-OpenStack-Ironic-API-Version: "1.9"
HEADER_X-Auth-Token: "{{ keystone_token }}"
body_format: json
body: " {\"node_uuid\": \"{{ node_response.json.uuid }}\", \"address\": \"00:00:00:00:00:02\"}"
status_code: 201
return_content: yes
- name: list ports again
uri:
url: "{{ ironic_service_publicuri }}/v1/ports"
HEADER_X-Auth-Token: "{{ keystone_token }}"
HEADER_Content-Type: "application/json"
HEADER_X-OpenStack-Ironic-API-Version: "1.9"
url: "{{ ironic_service_publicuri }}/v1/ports"
body: " {\"node\": \"{{ node_response.json.uuid }}\"}"
body_format: json
return_content: yes
@ -104,6 +123,7 @@
url: "{{ ironic_service_publicuri }}/v1/nodes/restnode/validate"
method: GET
HEADER_X-OpenStack-Ironic-API-Version: "1.9"
HEADER_X-Auth-Token: "{{ keystone_token }}"
status_code: 200
return_content: yes
register: validate_node
@ -123,6 +143,7 @@
- "validate_node.json.raid.result == true"
- name: update a node
uri:
HEADER_X-Auth-Token: "{{ keystone_token }}"
url: "{{ ironic_service_publicuri }}/v1/nodes/restnode"
body: " [{\"path\": \"/name\", \"value\": \"renamednode\", \"op\": \"replace\"}]"
method: PATCH
@ -139,6 +160,7 @@
method: DELETE
HEADER_Content-Type: "application/json"
HEADER_X-OpenStack-Ironic-API-Version: "1.9"
HEADER_X-Auth-Token: "{{ keystone_token }}"
status_code: 204
return_content: yes
vars_files:

17
tests/test-vars.yml
View File

@ -19,6 +19,7 @@ galera_root_user: root
galera_root_password: "secrete"
rabbitmq_servers: 10.100.100.101:5672
rabbitmq_use_ssl: False
rabbitmq_port: 5672
memcached_servers: 127.0.0.1
memcached_encryption_key: "secrete"
keystone_venv_tag: "testing"
@ -29,7 +30,7 @@ keystone_service_password: "secrete"
keystone_galera_address: 10.100.100.101
keystone_galera_database: keystone
keystone_galera_user: keystone
keystone_container_mysql_password: "SuperSecrete"
keystone_container_mysql_password: "secrete"
keystone_auth_admin_token: "SuperSecreteTestToken"
keystone_admin_user_name: admin
keystone_admin_tenant_name: admin
@ -62,8 +63,20 @@ ironic_service_password: "secrete"
ironic_galera_address: 10.100.100.101
ironic_galera_database: ironic
ironic_galera_user: ironic
ironic_galera_password: "SuperSecrete"
ironic_galera_password: "secrete"
ironic_rabbitmq_password: "secrete"
ironic_rabbitmq_userid: ironic
ironic_rabbitmq_vhost: /ironic
ironic_standalone: True
ironic_swift_endpoint: "http://localhost:8080"
ironic_swift_auth_account: "AUTH_1234567890"
ironic_swift_temp_url_secret_key: secrete
ironic_rabbitmq_userid: ironic
ironic_rabbitmq_password: secrete
ironic_rabbitmq_vhost: /ironic
glance_api_servers: http://localhost:9292
neutron_service_adminurl: http://localhost:9696
neutron_service_region: RegionOne
neutron_service_password: secrete
neutron_service_project_name: ironic
neutron_service_user_name: ironic