Update Inspector listener address and network

This patch allows ironic-inspector to listen on host IP
rather than 0.0.0.0, as well as allows an existing Neutron-managed
inspection network to be used for inspection traffic.

Change-Id: I645857ad62954f08b160e5889f93dc1f6423def2

defaults/main.yml

@@ -156,12 +156,14 @@ ironic_keystone_auth_plugin: password
 
 # Neutron network - Set these in a playbook/task - can be set manually.
 # Only "name" or "uuid" is needed, uuid will take preference if both are specified.
-# The cleaning network is not required to be set - it will default to the same as
+# The cleaning and inspection network is not required to be set; they will default
-# the provisioning network if not specified.
+# to the provisioning network if not specified.
 # ironic_neutron_provisioning_network_uuid: "UUID for provisioning network in neutron"
 # ironic_neutron_cleaning_network_uuid: "UUID for cleaning network in neutron"
+# ironic_neutron_inspection_network_uuid: "UUID for inspection network in neutron"
 # ironic_neutron_provisioning_network_name: "Name of provisioning network in neutron"
 # ironic_neutron_cleaning_network_name: "Name of cleaning network in neutron"
+# ironic_neutron_inspection_network_name: "Name of inspection network in neutron"
 
 # Integrated Openstack configuration
 ironic_enabled_network_interfaces_list: "flat,noop{{ (ironic_neutron_provisioning_network_uuid is defined) | ternary(',neutron','') }}"
@@ -293,6 +295,7 @@ ironic_inspector_service_description: "Ironic Baremetal Introspection Service"
 ironic_inspector_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(ironic_service_proto) }}"
 ironic_inspector_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(ironic_service_proto) }}"
 ironic_inspector_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(ironic_service_proto) }}"
+ironic_inspector_service_address: "{{ openstack_service_bind_address }}"
 ironic_inspector_service_port: 5050
 ironic_inspector_service_publicuri: "{{ ironic_inspector_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ ironic_inspector_service_port }}"
 ironic_inspector_service_publicurl: "{{ ironic_inspector_service_publicuri }}"

templates/inspector.conf.j2

@@ -1,6 +1,9 @@
 # {{ ansible_managed }}
 
 [DEFAULT]
+listen_address = {{ ironic_inspector_service_address }}
+listen_port = {{ ironic_inspector_service_port }}
+
 rootwrap_config = /etc/ironic-inspector/rootwrap.conf
 auth_strategy = keystone
 debug = {{ debug }}

templates/ironic.conf.j2

@@ -171,6 +171,7 @@ insecure = {{ keystone_service_adminuri_insecure | bool }}
 {% if ironic_neutron_provisioning_network_name is defined %}
 provisioning_network = {{ ironic_neutron_provisioning_network_uuid | default(ironic_neutron_provisioning_network_name) | default('') }}
 cleaning_network = {{ ironic_neutron_cleaning_network_uuid | default(ironic_neutron_cleaning_network_name) | default(ironic_neutron_provisioning_network_uuid) | default(ironic_neutron_provisioning_network_name) | default('') }}
+inspection_network = {{ ironic_neutron_inspection_network_uuid | default(ironic_neutron_inspection_network_name) | default(ironic_neutron_provisioning_network_uuid) | default(ironic_neutron_provisioning_network_name) | default('') }}
 {% endif %}
 
 [oslo_concurrency]