Refactor ironic deploy image handling.

The deploy image is required in two places in an ironic deployment, first as images uploaded to glance for the ironic service, and second as files on a web server for the ironic-inspector service. Previously this role only placed the deploy images on the ironic inspector web server, but this patch provides the functionality to also upload the images to glance. The variables for ironic deploy image source locations are consolidated so that only one set are required to run the tasks for both ironic and ironic-inspector, and several overrides are available allowing the source to be overidden to a local mirror easily. Finally - the name of the files placed on the inspector web server and into glance represent the upstream name of the image files rather than generic names which lose versioning and release information. Change-Id: I1aed9d97a4ddbfb70d2375f5204c55374d1067c9
2022-11-03 18:08:01 +00:00 · 2022-11-03 18:08:01 +00:00 · b974a6c0e0
commit b974a6c0e0
parent d79071dddf
8 changed files with 116 additions and 34 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -374,6 +374,34 @@ ironic_inspector_swift_role_names:
  - _member_
  - swiftoperator

+#Ironic deploy images need to be uploaded to glance.
+ironic_deploy_image_glance_upload: True
+
+# Set the directory where the downloaded image will be stored
+# on the ironic_service_setup_host host. If the host is localhost,
+# then the user running the playbook must have access to it.
+ironic_deploy_image_path: "/root/openstack-ansible/ironic"
+ironic_deploy_image_path_owner: "root"
+
+#The default download URL is like https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs
+#Allow various parts of this to be overidden to local mirrors, or replaced completely with custom settings
+ironic_deploy_image_server: "https://tarballs.opendev.org/"
+ironic_deploy_image_server_path: "openstack/ironic-python-agent/dib/files/"
+ironic_deploy_image_base_name: "ipa-centos8-stable-yoga"
+ironic_deploy_image_kernel_name: "{{ ironic_deploy_image_base_name + '.kernel' }}"
+ironic_deploy_image_initramfs_name: "{{ ironic_deploy_image_base_name + '.initramfs' }}"
+ironic_deploy_image_list:
+ - url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_kernel_name }}"
+   sha_url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_kernel_name ~ '.sha256' }}"
+   container_format: 'aki'
+   disk_format: 'aki'
+   name: "{{ ironic_deploy_image_kernel_name }}"
+ - url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_initramfs_name }}"
+   sha_url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_initramfs_name ~ '.sha256' }}"
+   container_format: 'ari'
+   disk_format: 'ari'
+   name: "{{ ironic_deploy_image_initramfs_name }}"
+
 # Ironic inspector
 ironic_inspector_enable_discovery: True
 ironic_inspector_openstack_db_connection_string: "mysql+pymysql://{{ ironic_inspector_galera_user }}:{{ ironic_inspector_container_mysql_password }}@{{ ironic_inspector_galera_address }}:{{ ironic_inspector_galera_port }}/{{ ironic_inspector_galera_database }}?charset=utf8{% if ironic_inspector_galera_use_ssl | bool %}&ssl_verify_cert=true{% if ironic_inspector_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ ironic_inspector_galera_ssl_ca_cert }}{% endif %}{% endif %}"
@ -434,15 +462,3 @@ ironic_inspector_oslomsg_notify_ssl_ca_file: "{{ oslomsg_notify_ssl_ca_file | de
 ironic_inspector_optional_oslomsg_amqp1_pip_packages:
  - oslo.messaging[amqp1]
 ironic_inspector_oslomsg_amqp1_enabled: True
-
-ironic_inspector_ipa_initrd_name: ironic-deploy.initrd
-ironic_inspector_ipa_kernel_name: ironic-deploy.kernel
-
-# The URLs defined here provide the location to the kernel and ramdisk used
-# for booting via ironic-inspector. The integrated Ironic Python Agent may
-# not be backwards compatible, so the version listed should match the
-# deployed cloud.
-ironic_deploy_ramdisk_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs
-ironic_deploy_ramdisk_sha_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs.sha256
-ironic_deploy_kernel_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.kernel
-ironic_deploy_kernel_sha_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.kernel.sha256
--- a/doc/source/configure-inspector.rst
+++ b/doc/source/configure-inspector.rst
@ -29,10 +29,6 @@ Required Overrides
 ~~~~~~~~~~~~~~~~~~
  .. code-block::

-     # names of your ironic-python-agent initrd/kernel images
-     ironic_inspector_ipa_initrd_name: ironic-deploy.initramfs
-     ironic_inspector_ipa_kernel_name: ironic-deploy.vmlinuz
-
     # dnsmasq/dhcp information for inspector
     ironic_inspector_dhcp_pool_range: <START> <END> (subset of ironic IPs)
     ironic_inspector_dhcp_subnet: <IRONIC SUBNET CIDR>
--- a/releasenotes/notes/deploy_image_upload-f54663e8d7e2ab12.yaml
+++ b/releasenotes/notes/deploy_image_upload-f54663e8d7e2ab12.yaml
@ -0,0 +1,14 @@
+---
+features:
+  - |
+    The os_ironic ansible role can now upload the ironic deploy image
+    to glance. Several new variables are defined as ironic_deploy_image_*
+    which control this. It is possible to disable the upload to glance and
+    also to specify custom locations to stage the images from if required.
+upgrade:
+  - |
+    The variables ironic_inspector_ipa_initrd_name and ironic_inspector_ipa_initrd_name
+    are removed from the os_ironic role and more flexible functionality
+    is now provided with the ironic_deplo_image_* variables. Review any
+    overrides you have for the ironic service and adjust these new variables
+    if necessary.
--- a/tasks/ironic_deploy_image.yml
+++ b/tasks/ironic_deploy_image.yml
@ -0,0 +1,53 @@
+---
+# Copyright 2022, BBC R&D
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# We set the python interpreter to the ansible runtime venv if
+# the delegation is to localhost so that we get access to the
+# appropriate python libraries in that venv. If the delegation
+# is to another host, we assume that it is accessible by the
+# system python instead.
+- name: Setup the deploy image
+  delegate_to: "{{ ironic_service_setup_host }}"
+  vars:
+    ansible_python_interpreter: "{{ ironic_service_setup_host_python_interpreter }}"
+  block:
+    - name: Create image download directory
+      file:
+        path: "{{ ironic_deploy_image_path }}"
+        state: directory
+        mode: "0750"
+        owner: "{{ ironic_deploy_image_path_owner }}"
+
+    - name: Download image from artefact server
+      get_url:
+        url: "{{ item['url'] }}"
+        dest: "{{ ironic_deploy_image_path }}"
+        checksum: "sha256:{{ item['sha_url'] }}"
+      retries: 10
+      delay: 10
+      register: ironic_download_results
+      with_items:
+        - "{{ ironic_deploy_image_list }}"
+
+    - name: Upload images
+      openstack.cloud.image:
+        cloud: default
+        endpoint_type: admin
+        name: "{{ item.item.name }}"
+        container_format: "{{ item.item.container_format }}"
+        disk_format: "{{ item.item.disk_format }}"
+        filename: "{{ item.dest }}"
+      with_items:
+        - "{{ ironic_download_results.results }}"
--- a/tasks/ironic_inspector_post_install.yml
+++ b/tasks/ironic_inspector_post_install.yml
@ -21,27 +21,19 @@
 - name: Copy Inspector iPXE Configuration
  template:
    src: inspector.ipxe.j2
-    dest: "{{ ironic_http_root }}/inspector.ipxe"  
+    dest: "{{ ironic_http_root }}/inspector.ipxe"
    owner: "{{ ironic_system_user_name }}"
    group: "{{ ironic_system_group_name }}"

- name: Download IPA Kernel Image
+- name: Download IPA Images
  get_url:
-    url: "{{ ironic_deploy_kernel_url }}"
-    dest: "/httpboot/{{ ironic_inspector_ipa_kernel_name }}"
-    checksum: "sha256:{{ ironic_deploy_kernel_sha_url }}"
-    owner: "{{ ironic_system_user_name }}"
-    group: "{{ ironic_system_group_name }}"
-    mode: '0644'
-
- name: Download IPA Ramdisk Image
-  get_url:
-    url: "{{ ironic_deploy_ramdisk_url }}"
-    dest: "/httpboot/{{ ironic_inspector_ipa_initrd_name }}"
-    checksum: "sha256:{{ ironic_deploy_ramdisk_sha_url }}"
+    url: "{{ item.url }}"
+    dest: "/httpboot/{{ item.name }}"
+    checksum: "sha256:{{ item.sha_url }}"
    owner: "{{ ironic_system_user_name }}"
    group: "{{ ironic_system_group_name }}"
    mode: '0644'
+  with_items: "{{ ironic_deploy_image_list }}"

 - name: Configure nginx when inspector boot mode is http
  when: ironic_inspector_boot_mode == 'http'
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -196,3 +196,14 @@
  when: inventory_hostname in groups['ironic_inspector']
  tags:
    - ironic-inspector
+
+- include_tasks: ironic_deploy_image.yml
+  args:
+    apply:
+      tags:
+        - ironic-deploy-image
+  when:
+    - _ironic_api_is_first_play_host
+    - ironic_deploy_image_glance_upload
+  tags:
+    - always
--- a/templates/inspector.ipxe.j2
+++ b/templates/inspector.ipxe.j2
@ -5,6 +5,6 @@ dhcp || goto retry_dhcp

 :retry_boot
 imgfree
-kernel --timeout 30000 {{ ironic_http_url }}/{{ ironic_inspector_ipa_kernel_name }} ipa-inspection-callback-url={{ ironic_inspector_callback_url }} systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd={{ ironic_inspector_ipa_initrd_name }} || goto retry_boot
-initrd --timeout 30000 {{ ironic_http_url }}/{{ ironic_inspector_ipa_initrd_name }} || goto retry_boot
+kernel --timeout 30000 {{ ironic_http_url }}/{{ ironic_deploy_image_kernel_name }} ipa-inspection-callback-url={{ ironic_inspector_callback_url }} systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd={{ ironic_deploy_image_initramfs_name }} || goto retry_boot
+initrd --timeout 30000 {{ ironic_http_url }}/{{ ironic_deploy_image_initramfs_name }} || goto retry_boot
 boot
--- a/templates/pxelinux-default.j2
+++ b/templates/pxelinux-default.j2
@ -1,8 +1,8 @@
 default inspect

 label inspect
-kernel {{ ironic_inspector_ipa_kernel_name }}
-append initrd={{ ironic_inspector_ipa_initrd_name }} ipa-inspection-callback-url={{ ironic_inspector_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}/v1/continue nomodeset vga=normal console=tty0 console=ttyS0,115200n8 {{ ironic_inspector_pxe_append_params | default('') }}
+kernel {{ ironic_deploy_image_kernel_name }}
+append initrd={{ ironic_deploy_image_initramfs_name }} ipa-inspection-callback-url={{ ironic_inspector_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}/v1/continue nomodeset vga=normal console=tty0 console=ttyS0,115200n8 {{ ironic_inspector_pxe_append_params | default('') }}
 ipappend 3