diff --git a/defaults/main.yml b/defaults/main.yml index abf187ff..f439cd3c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -374,6 +374,34 @@ ironic_inspector_swift_role_names: - _member_ - swiftoperator +#Ironic deploy images need to be uploaded to glance. +ironic_deploy_image_glance_upload: True + +# Set the directory where the downloaded image will be stored +# on the ironic_service_setup_host host. If the host is localhost, +# then the user running the playbook must have access to it. +ironic_deploy_image_path: "/root/openstack-ansible/ironic" +ironic_deploy_image_path_owner: "root" + +#The default download URL is like https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs +#Allow various parts of this to be overidden to local mirrors, or replaced completely with custom settings +ironic_deploy_image_server: "https://tarballs.opendev.org/" +ironic_deploy_image_server_path: "openstack/ironic-python-agent/dib/files/" +ironic_deploy_image_base_name: "ipa-centos8-stable-yoga" +ironic_deploy_image_kernel_name: "{{ ironic_deploy_image_base_name + '.kernel' }}" +ironic_deploy_image_initramfs_name: "{{ ironic_deploy_image_base_name + '.initramfs' }}" +ironic_deploy_image_list: + - url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_kernel_name }}" + sha_url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_kernel_name ~ '.sha256' }}" + container_format: 'aki' + disk_format: 'aki' + name: "{{ ironic_deploy_image_kernel_name }}" + - url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_initramfs_name }}" + sha_url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_initramfs_name ~ '.sha256' }}" + container_format: 'ari' + disk_format: 'ari' + name: "{{ ironic_deploy_image_initramfs_name }}" + # Ironic inspector ironic_inspector_enable_discovery: True ironic_inspector_openstack_db_connection_string: "mysql+pymysql://{{ ironic_inspector_galera_user }}:{{ ironic_inspector_container_mysql_password }}@{{ ironic_inspector_galera_address }}:{{ ironic_inspector_galera_port }}/{{ ironic_inspector_galera_database }}?charset=utf8{% if ironic_inspector_galera_use_ssl | bool %}&ssl_verify_cert=true{% if ironic_inspector_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ ironic_inspector_galera_ssl_ca_cert }}{% endif %}{% endif %}" @@ -434,15 +462,3 @@ ironic_inspector_oslomsg_notify_ssl_ca_file: "{{ oslomsg_notify_ssl_ca_file | de ironic_inspector_optional_oslomsg_amqp1_pip_packages: - oslo.messaging[amqp1] ironic_inspector_oslomsg_amqp1_enabled: True - -ironic_inspector_ipa_initrd_name: ironic-deploy.initrd -ironic_inspector_ipa_kernel_name: ironic-deploy.kernel - -# The URLs defined here provide the location to the kernel and ramdisk used -# for booting via ironic-inspector. The integrated Ironic Python Agent may -# not be backwards compatible, so the version listed should match the -# deployed cloud. -ironic_deploy_ramdisk_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs -ironic_deploy_ramdisk_sha_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs.sha256 -ironic_deploy_kernel_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.kernel -ironic_deploy_kernel_sha_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.kernel.sha256 diff --git a/doc/source/configure-inspector.rst b/doc/source/configure-inspector.rst index ca39a09a..3cbf9a8b 100644 --- a/doc/source/configure-inspector.rst +++ b/doc/source/configure-inspector.rst @@ -29,10 +29,6 @@ Required Overrides ~~~~~~~~~~~~~~~~~~ .. code-block:: - # names of your ironic-python-agent initrd/kernel images - ironic_inspector_ipa_initrd_name: ironic-deploy.initramfs - ironic_inspector_ipa_kernel_name: ironic-deploy.vmlinuz - # dnsmasq/dhcp information for inspector ironic_inspector_dhcp_pool_range: (subset of ironic IPs) ironic_inspector_dhcp_subnet: diff --git a/releasenotes/notes/deploy_image_upload-f54663e8d7e2ab12.yaml b/releasenotes/notes/deploy_image_upload-f54663e8d7e2ab12.yaml new file mode 100644 index 00000000..2f30f847 --- /dev/null +++ b/releasenotes/notes/deploy_image_upload-f54663e8d7e2ab12.yaml @@ -0,0 +1,14 @@ +--- +features: + - | + The os_ironic ansible role can now upload the ironic deploy image + to glance. Several new variables are defined as ironic_deploy_image_* + which control this. It is possible to disable the upload to glance and + also to specify custom locations to stage the images from if required. +upgrade: + - | + The variables ironic_inspector_ipa_initrd_name and ironic_inspector_ipa_initrd_name + are removed from the os_ironic role and more flexible functionality + is now provided with the ironic_deplo_image_* variables. Review any + overrides you have for the ironic service and adjust these new variables + if necessary. diff --git a/tasks/ironic_deploy_image.yml b/tasks/ironic_deploy_image.yml new file mode 100644 index 00000000..62c6acff --- /dev/null +++ b/tasks/ironic_deploy_image.yml @@ -0,0 +1,53 @@ +--- +# Copyright 2022, BBC R&D +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# We set the python interpreter to the ansible runtime venv if +# the delegation is to localhost so that we get access to the +# appropriate python libraries in that venv. If the delegation +# is to another host, we assume that it is accessible by the +# system python instead. +- name: Setup the deploy image + delegate_to: "{{ ironic_service_setup_host }}" + vars: + ansible_python_interpreter: "{{ ironic_service_setup_host_python_interpreter }}" + block: + - name: Create image download directory + file: + path: "{{ ironic_deploy_image_path }}" + state: directory + mode: "0750" + owner: "{{ ironic_deploy_image_path_owner }}" + + - name: Download image from artefact server + get_url: + url: "{{ item['url'] }}" + dest: "{{ ironic_deploy_image_path }}" + checksum: "sha256:{{ item['sha_url'] }}" + retries: 10 + delay: 10 + register: ironic_download_results + with_items: + - "{{ ironic_deploy_image_list }}" + + - name: Upload images + openstack.cloud.image: + cloud: default + endpoint_type: admin + name: "{{ item.item.name }}" + container_format: "{{ item.item.container_format }}" + disk_format: "{{ item.item.disk_format }}" + filename: "{{ item.dest }}" + with_items: + - "{{ ironic_download_results.results }}" diff --git a/tasks/ironic_inspector_post_install.yml b/tasks/ironic_inspector_post_install.yml index 2962240b..df7f048b 100644 --- a/tasks/ironic_inspector_post_install.yml +++ b/tasks/ironic_inspector_post_install.yml @@ -21,27 +21,19 @@ - name: Copy Inspector iPXE Configuration template: src: inspector.ipxe.j2 - dest: "{{ ironic_http_root }}/inspector.ipxe" + dest: "{{ ironic_http_root }}/inspector.ipxe" owner: "{{ ironic_system_user_name }}" group: "{{ ironic_system_group_name }}" -- name: Download IPA Kernel Image +- name: Download IPA Images get_url: - url: "{{ ironic_deploy_kernel_url }}" - dest: "/httpboot/{{ ironic_inspector_ipa_kernel_name }}" - checksum: "sha256:{{ ironic_deploy_kernel_sha_url }}" - owner: "{{ ironic_system_user_name }}" - group: "{{ ironic_system_group_name }}" - mode: '0644' - -- name: Download IPA Ramdisk Image - get_url: - url: "{{ ironic_deploy_ramdisk_url }}" - dest: "/httpboot/{{ ironic_inspector_ipa_initrd_name }}" - checksum: "sha256:{{ ironic_deploy_ramdisk_sha_url }}" + url: "{{ item.url }}" + dest: "/httpboot/{{ item.name }}" + checksum: "sha256:{{ item.sha_url }}" owner: "{{ ironic_system_user_name }}" group: "{{ ironic_system_group_name }}" mode: '0644' + with_items: "{{ ironic_deploy_image_list }}" - name: Configure nginx when inspector boot mode is http when: ironic_inspector_boot_mode == 'http' diff --git a/tasks/main.yml b/tasks/main.yml index 227d3722..9c0fa35c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -196,3 +196,14 @@ when: inventory_hostname in groups['ironic_inspector'] tags: - ironic-inspector + +- include_tasks: ironic_deploy_image.yml + args: + apply: + tags: + - ironic-deploy-image + when: + - _ironic_api_is_first_play_host + - ironic_deploy_image_glance_upload + tags: + - always diff --git a/templates/inspector.ipxe.j2 b/templates/inspector.ipxe.j2 index 0f77a7b6..e37580d0 100644 --- a/templates/inspector.ipxe.j2 +++ b/templates/inspector.ipxe.j2 @@ -5,6 +5,6 @@ dhcp || goto retry_dhcp :retry_boot imgfree -kernel --timeout 30000 {{ ironic_http_url }}/{{ ironic_inspector_ipa_kernel_name }} ipa-inspection-callback-url={{ ironic_inspector_callback_url }} systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd={{ ironic_inspector_ipa_initrd_name }} || goto retry_boot -initrd --timeout 30000 {{ ironic_http_url }}/{{ ironic_inspector_ipa_initrd_name }} || goto retry_boot +kernel --timeout 30000 {{ ironic_http_url }}/{{ ironic_deploy_image_kernel_name }} ipa-inspection-callback-url={{ ironic_inspector_callback_url }} systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd={{ ironic_deploy_image_initramfs_name }} || goto retry_boot +initrd --timeout 30000 {{ ironic_http_url }}/{{ ironic_deploy_image_initramfs_name }} || goto retry_boot boot diff --git a/templates/pxelinux-default.j2 b/templates/pxelinux-default.j2 index 51786799..0f3a43ca 100644 --- a/templates/pxelinux-default.j2 +++ b/templates/pxelinux-default.j2 @@ -1,8 +1,8 @@ default inspect label inspect -kernel {{ ironic_inspector_ipa_kernel_name }} -append initrd={{ ironic_inspector_ipa_initrd_name }} ipa-inspection-callback-url={{ ironic_inspector_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}/v1/continue nomodeset vga=normal console=tty0 console=ttyS0,115200n8 {{ ironic_inspector_pxe_append_params | default('') }} +kernel {{ ironic_deploy_image_kernel_name }} +append initrd={{ ironic_deploy_image_initramfs_name }} ipa-inspection-callback-url={{ ironic_inspector_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}/v1/continue nomodeset vga=normal console=tty0 console=ttyS0,115200n8 {{ ironic_inspector_pxe_append_params | default('') }} ipappend 3