Add iPXE support to Ironic Conductor

This patchset adds support for iPXE, which can speed up baremetal provisioning considerably due to the use of HTTP versus TFTP. Change-Id: I8b49ae37a0380cd7a2191f050a52c85cc373026b
2020-06-17 19:14:42 +00:00 · 2020-06-17 19:14:42 +00:00 · 8f3a9e207c
commit 8f3a9e207c
parent 1fb838443e
11 changed files with 122 additions and 3 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -114,8 +114,8 @@ ironic_service_in_ldap: False
 # config file. If this is set to False, then Ironic will use
 # Swift to host the floppy images and generated boot_iso.
 ironic_enable_web_server_for_images: False
-ironic_http_url: null
-ironic_http_root: null
+ironic_http_url: "{{ ironic_ipxe_proto }}://{{ ansible_host }}:{{ ironic_ipxe_port }}"
+ironic_http_root: "/httpboot"
 #
 ### Swift Config
 #
@ -320,6 +320,10 @@ ironic_inspector_db_pool_timeout: 30

 ironic_inspector_pip_install_args: "{{ pip_install_options | default('') }}"

+# Ironic iPXE support
+ironic_ipxe_enabled: False
+ironic_ipxe_port: 8051
+ironic_ipxe_proto: "http"

 # Auth
 ironic_inspector_service_user_name: "ironic_inspector"
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -52,3 +52,16 @@
    name: "dnsmasq"
    state: restarted
  failed_when: false
+
+- name: Restart web server
+  service:
+    name: "nginx"
+    enabled: yes
+    state: restarted
+    daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
+  register: _restart
+  until: _restart is success
+  retries: 5
+  delay: 2
+  listen:
+    - "venv changed"
--- a/releasenotes/notes/adds-ipxe-conductor-support-d68b68548aa1cf1f.yaml
+++ b/releasenotes/notes/adds-ipxe-conductor-support-d68b68548aa1cf1f.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - New variables have been added to allow a deployer to enable
+    iPXE support for Ironic Conductor, which uses HTTP rather
+    than TFTP, and can speed up baremetal provisioning considerably.
+    To enable, simply set the ``ironic_ipxe_enabled`` override to ``True``.
--- a/tasks/ironic_conductor_post_install.yml
+++ b/tasks/ironic_conductor_post_install.yml
@ -66,4 +66,48 @@
  service:
    name: "{{ ironic_tftpd_service_name }}"
    state: started
-    enabled: true
+    enabled: true
+
+- name: Disable default nginx configuration
+  file:
+    path: /etc/nginx/sites-enabled/default
+    state: absent
+  when: "ironic_ipxe_enabled | bool"
+  notify:
+    - Restart web server
+
+- name: Remove default nginx config
+  file:
+    path: /etc/nginx/conf.d/default.conf
+    state: absent
+  when: "ironic_ipxe_enabled | bool"
+  notify:
+    - Restart web server
+
+- name: Ensure nginx configuration directories exist
+  file:
+    path: "{{ item }}"
+    state: directory
+  when: "ironic_ipxe_enabled | bool"
+  with_items:
+    - "/etc/nginx/{{ ironic_nginx_conf_path }}"
+    - "/etc/nginx/conf.d"
+
+- name: Configure nginx virtual hosts
+  template:
+    src: ironic-ipxe.conf.j2
+    dest: "/etc/nginx/{{ ironic_nginx_conf_path }}/ironic-ipxe.conf"
+  when: "ironic_ipxe_enabled | bool"
+  notify:
+    - Restart web server
+
+- name: Link to enable nginx virtual hosts
+  file:
+    src: "/etc/nginx/sites-available/ironic-ipxe.conf"
+    path: "/etc/nginx/sites-enabled/ironic-ipxe.conf"
+    state: link
+  when:
+    - ansible_os_family == "Debian"
+    - "ironic_ipxe_enabled | bool"
+  notify:
+    - Restart web server
--- a/templates/ironic-ipxe.conf.j2
+++ b/templates/ironic-ipxe.conf.j2
@ -0,0 +1,17 @@
+# {{ ansible_managed }}
+
+server {
+  listen 0.0.0.0:{{ ironic_ipxe_port }};
+  server_name ironic-ipxe;
+
+  # Logging
+  access_log /var/log/nginx/ironic-ipxe.access.log combined gzip buffer=32k;
+  error_log /var/log/nginx/ironix-ipxe.error.log notice;
+
+  # directory to store ipxe
+  location / {
+    root /httpboot;
+    autoindex off;
+    expires 1h;
+  }
+}
--- a/templates/ironic.conf.j2
+++ b/templates/ironic.conf.j2
@ -24,6 +24,10 @@ enabled_inspect_interfaces = {{ filtered_ironic_drivers | json_query('[*].inspec
 enabled_management_interfaces = {{ filtered_ironic_drivers | json_query('[*].management') | unique | join(',') }}
 enabled_power_interfaces = {{ filtered_ironic_drivers | json_query('[*].power') | unique | join(',') }}

+# Ironic boot interface (defaults to None)
+{% if ironic_ipxe_enabled | bool %}
+default_boot_interface = ipxe
+{% endif %}

 [agent]

@ -185,6 +189,13 @@ pool_max_size = {{ ironic_wsgi_processes }}
 [oslo_policy]

 [pxe]
+{% if ironic_ipxe_enabled | bool %}
+pxe_bootfile_name = undionly.kpxe
+uefi_pxe_bootfile_name = ipxe.efi
+pxe_config_template = $pybasedir/drivers/modules/ipxe_config.template
+uefi_pxe_config_template = $pybasedir/drivers/modules/ipxe_config.template
+{% endif %}
+
 tftp_server = {{ ironic_tftp_server_address }}
 pxe_append_params = {{ ironic_pxe_append_params }}
 tftp_root = {{ ironic_tftpd_root }}
--- a/templates/map-file
+++ b/templates/map-file
@ -1,4 +1,9 @@
+{% if not ironic_ipxe_enabled | bool %}
 re ^({{ ironic_tftpd_root }}/) {{ ironic_tftpd_root }}/\2
 re ^{{ ironic_tftpd_root }}/ {{ ironic_tftpd_root }}/
 re ^(^/) {{ ironic_tftpd_root }}/\1
 re ^([^/]) {{ ironic_tftpd_root }}/\1
+{% else %}
+r ^([^/]) {{ ironic_tftpd_root }}/\1
+r ^({{ ironic_tftpd_root }}/) {{ ironic_tftpd_root }}/\2
+{% endif %}
--- a/vars/debian.yml
+++ b/vars/debian.yml
@ -37,6 +37,8 @@ ironic_conductor_distro_packages:
  - ipmitool
  - tftpd-hpa
  - gdisk
+  - ipxe
+  - nginx

 ironic_conductor_standalone_distro_packages:
  - isc-dhcp-server
@ -45,6 +47,8 @@ ironic_library_modules_paths:
  - "/usr/lib/PXELINUX/pxelinux.0"
  - "/usr/lib/syslinux/modules/efi64/chain.c32"
  - "/usr/lib/syslinux/modules/bios/ldlinux.c32"
+  - "/usr/lib/ipxe/undionly.kpxe"
+  - "/usr/lib/ipxe/ipxe.efi"

 ironic_tftpd_service_name: tftpd-hpa
 ironic_tftpd_root: /tftpboot
@ -84,3 +88,5 @@ ironic_inspector_library_modules_paths:
  - "/usr/lib/syslinux/modules/efi64/chain.c32"
  - "/usr/lib/syslinux/modules/bios/ldlinux.c32"
  - "/usr/lib/syslinux/modules/efi64/ldlinux.e64"
+
+ironic_nginx_conf_path: "sites-available"
--- a/vars/main.yml
+++ b/vars/main.yml
@ -311,7 +311,11 @@ uwsgi_ironic_services: |-
  {{ services }}

 filtered_ironic_drivers: |-
+  {% if ironic_ipxe_enabled | bool %}
+  {% set concat_drivers = [{'boot': 'ipxe'}] %}
+  {% else %}
  {% set concat_drivers = [] %}
+  {% endif %}
  {% for driver in ironic_drivers_enabled %}
  {%   if driver in ironic_driver_types.keys() %}
  {%     set _ = concat_drivers.append(ironic_driver_types[driver]) %}
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@ -35,6 +35,8 @@ ironic_conductor_distro_packages:
  - ipmitool
  - tftp-server
  - gdisk
+  - ipxe-bootimgs
+  - nginx

 ironic_conductor_standalone_distro_packages:
  - isc-dhcp-server
@ -43,6 +45,8 @@ ironic_library_modules_paths:
  - "/usr/share/syslinux/pxelinux.0"
  - "/usr/share/syslinux/chain.c32"
  - "/usr/share/syslinux/linux.c32"
+  - "/usr/share/ipxe/undionly.kpxe"
+  - "/usr/share/ipxe/ipxe-x86_64.efi"

 ironic_tftpd_service_name: tftp
 ironic_tftpd_root: /var/lib/tftpboot
@ -72,3 +76,5 @@ ironic_inspector_library_modules_paths:
  - "/usr/lib/syslinux/modules/bios/ldlinux.c32"
  - "/usr/lib/SYSLINUX.EFI/efi64/syslinux.efi"
  - "/usr/lib/syslinux/modules/efi64/ldlinux.e64"
+
+ironic_nginx_conf_path: "conf.d"
--- a/vars/suse.yml
+++ b/vars/suse.yml
@ -36,6 +36,7 @@ ironic_conductor_distro_packages:
  - syslinux
  - tftp
  - gptfdisk
+  - nginx

 ironic_conductor_standalone_distro_packages:
  - dhcp-server
@ -73,3 +74,5 @@ ironic_inspector_library_modules_paths:
  - "/usr/lib/syslinux/modules/bios/ldlinux.c32"
  - "/usr/lib/SYSLINUX.EFI/efi64/syslinux.efi"
  - "/usr/lib/syslinux/modules/efi64/ldlinux.e64"
+
+ironic_nginx_conf_path: "conf.d"