From b974a6c0e035e4885c34309fc6b1940bbb35fbb0 Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Thu, 3 Nov 2022 18:08:01 +0000 Subject: [PATCH] Refactor ironic deploy image handling. The deploy image is required in two places in an ironic deployment, first as images uploaded to glance for the ironic service, and second as files on a web server for the ironic-inspector service. Previously this role only placed the deploy images on the ironic inspector web server, but this patch provides the functionality to also upload the images to glance. The variables for ironic deploy image source locations are consolidated so that only one set are required to run the tasks for both ironic and ironic-inspector, and several overrides are available allowing the source to be overidden to a local mirror easily. Finally - the name of the files placed on the inspector web server and into glance represent the upstream name of the image files rather than generic names which lose versioning and release information. Change-Id: I1aed9d97a4ddbfb70d2375f5204c55374d1067c9 --- defaults/main.yml | 40 +++++++++----- doc/source/configure-inspector.rst | 4 -- .../deploy_image_upload-f54663e8d7e2ab12.yaml | 14 +++++ tasks/ironic_deploy_image.yml | 53 +++++++++++++++++++ tasks/ironic_inspector_post_install.yml | 20 +++---- tasks/main.yml | 11 ++++ templates/inspector.ipxe.j2 | 4 +- templates/pxelinux-default.j2 | 4 +- 8 files changed, 116 insertions(+), 34 deletions(-) create mode 100644 releasenotes/notes/deploy_image_upload-f54663e8d7e2ab12.yaml create mode 100644 tasks/ironic_deploy_image.yml diff --git a/defaults/main.yml b/defaults/main.yml index abf187ff..f439cd3c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -374,6 +374,34 @@ ironic_inspector_swift_role_names: - _member_ - swiftoperator +#Ironic deploy images need to be uploaded to glance. +ironic_deploy_image_glance_upload: True + +# Set the directory where the downloaded image will be stored +# on the ironic_service_setup_host host. If the host is localhost, +# then the user running the playbook must have access to it. +ironic_deploy_image_path: "/root/openstack-ansible/ironic" +ironic_deploy_image_path_owner: "root" + +#The default download URL is like https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs +#Allow various parts of this to be overidden to local mirrors, or replaced completely with custom settings +ironic_deploy_image_server: "https://tarballs.opendev.org/" +ironic_deploy_image_server_path: "openstack/ironic-python-agent/dib/files/" +ironic_deploy_image_base_name: "ipa-centos8-stable-yoga" +ironic_deploy_image_kernel_name: "{{ ironic_deploy_image_base_name + '.kernel' }}" +ironic_deploy_image_initramfs_name: "{{ ironic_deploy_image_base_name + '.initramfs' }}" +ironic_deploy_image_list: + - url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_kernel_name }}" + sha_url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_kernel_name ~ '.sha256' }}" + container_format: 'aki' + disk_format: 'aki' + name: "{{ ironic_deploy_image_kernel_name }}" + - url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_initramfs_name }}" + sha_url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_initramfs_name ~ '.sha256' }}" + container_format: 'ari' + disk_format: 'ari' + name: "{{ ironic_deploy_image_initramfs_name }}" + # Ironic inspector ironic_inspector_enable_discovery: True ironic_inspector_openstack_db_connection_string: "mysql+pymysql://{{ ironic_inspector_galera_user }}:{{ ironic_inspector_container_mysql_password }}@{{ ironic_inspector_galera_address }}:{{ ironic_inspector_galera_port }}/{{ ironic_inspector_galera_database }}?charset=utf8{% if ironic_inspector_galera_use_ssl | bool %}&ssl_verify_cert=true{% if ironic_inspector_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ ironic_inspector_galera_ssl_ca_cert }}{% endif %}{% endif %}" @@ -434,15 +462,3 @@ ironic_inspector_oslomsg_notify_ssl_ca_file: "{{ oslomsg_notify_ssl_ca_file | de ironic_inspector_optional_oslomsg_amqp1_pip_packages: - oslo.messaging[amqp1] ironic_inspector_oslomsg_amqp1_enabled: True - -ironic_inspector_ipa_initrd_name: ironic-deploy.initrd -ironic_inspector_ipa_kernel_name: ironic-deploy.kernel - -# The URLs defined here provide the location to the kernel and ramdisk used -# for booting via ironic-inspector. The integrated Ironic Python Agent may -# not be backwards compatible, so the version listed should match the -# deployed cloud. -ironic_deploy_ramdisk_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs -ironic_deploy_ramdisk_sha_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs.sha256 -ironic_deploy_kernel_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.kernel -ironic_deploy_kernel_sha_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.kernel.sha256 diff --git a/doc/source/configure-inspector.rst b/doc/source/configure-inspector.rst index ca39a09a..3cbf9a8b 100644 --- a/doc/source/configure-inspector.rst +++ b/doc/source/configure-inspector.rst @@ -29,10 +29,6 @@ Required Overrides ~~~~~~~~~~~~~~~~~~ .. code-block:: - # names of your ironic-python-agent initrd/kernel images - ironic_inspector_ipa_initrd_name: ironic-deploy.initramfs - ironic_inspector_ipa_kernel_name: ironic-deploy.vmlinuz - # dnsmasq/dhcp information for inspector ironic_inspector_dhcp_pool_range: (subset of ironic IPs) ironic_inspector_dhcp_subnet: diff --git a/releasenotes/notes/deploy_image_upload-f54663e8d7e2ab12.yaml b/releasenotes/notes/deploy_image_upload-f54663e8d7e2ab12.yaml new file mode 100644 index 00000000..2f30f847 --- /dev/null +++ b/releasenotes/notes/deploy_image_upload-f54663e8d7e2ab12.yaml @@ -0,0 +1,14 @@ +--- +features: + - | + The os_ironic ansible role can now upload the ironic deploy image + to glance. Several new variables are defined as ironic_deploy_image_* + which control this. It is possible to disable the upload to glance and + also to specify custom locations to stage the images from if required. +upgrade: + - | + The variables ironic_inspector_ipa_initrd_name and ironic_inspector_ipa_initrd_name + are removed from the os_ironic role and more flexible functionality + is now provided with the ironic_deplo_image_* variables. Review any + overrides you have for the ironic service and adjust these new variables + if necessary. diff --git a/tasks/ironic_deploy_image.yml b/tasks/ironic_deploy_image.yml new file mode 100644 index 00000000..62c6acff --- /dev/null +++ b/tasks/ironic_deploy_image.yml @@ -0,0 +1,53 @@ +--- +# Copyright 2022, BBC R&D +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# We set the python interpreter to the ansible runtime venv if +# the delegation is to localhost so that we get access to the +# appropriate python libraries in that venv. If the delegation +# is to another host, we assume that it is accessible by the +# system python instead. +- name: Setup the deploy image + delegate_to: "{{ ironic_service_setup_host }}" + vars: + ansible_python_interpreter: "{{ ironic_service_setup_host_python_interpreter }}" + block: + - name: Create image download directory + file: + path: "{{ ironic_deploy_image_path }}" + state: directory + mode: "0750" + owner: "{{ ironic_deploy_image_path_owner }}" + + - name: Download image from artefact server + get_url: + url: "{{ item['url'] }}" + dest: "{{ ironic_deploy_image_path }}" + checksum: "sha256:{{ item['sha_url'] }}" + retries: 10 + delay: 10 + register: ironic_download_results + with_items: + - "{{ ironic_deploy_image_list }}" + + - name: Upload images + openstack.cloud.image: + cloud: default + endpoint_type: admin + name: "{{ item.item.name }}" + container_format: "{{ item.item.container_format }}" + disk_format: "{{ item.item.disk_format }}" + filename: "{{ item.dest }}" + with_items: + - "{{ ironic_download_results.results }}" diff --git a/tasks/ironic_inspector_post_install.yml b/tasks/ironic_inspector_post_install.yml index 2962240b..df7f048b 100644 --- a/tasks/ironic_inspector_post_install.yml +++ b/tasks/ironic_inspector_post_install.yml @@ -21,27 +21,19 @@ - name: Copy Inspector iPXE Configuration template: src: inspector.ipxe.j2 - dest: "{{ ironic_http_root }}/inspector.ipxe" + dest: "{{ ironic_http_root }}/inspector.ipxe" owner: "{{ ironic_system_user_name }}" group: "{{ ironic_system_group_name }}" -- name: Download IPA Kernel Image +- name: Download IPA Images get_url: - url: "{{ ironic_deploy_kernel_url }}" - dest: "/httpboot/{{ ironic_inspector_ipa_kernel_name }}" - checksum: "sha256:{{ ironic_deploy_kernel_sha_url }}" - owner: "{{ ironic_system_user_name }}" - group: "{{ ironic_system_group_name }}" - mode: '0644' - -- name: Download IPA Ramdisk Image - get_url: - url: "{{ ironic_deploy_ramdisk_url }}" - dest: "/httpboot/{{ ironic_inspector_ipa_initrd_name }}" - checksum: "sha256:{{ ironic_deploy_ramdisk_sha_url }}" + url: "{{ item.url }}" + dest: "/httpboot/{{ item.name }}" + checksum: "sha256:{{ item.sha_url }}" owner: "{{ ironic_system_user_name }}" group: "{{ ironic_system_group_name }}" mode: '0644' + with_items: "{{ ironic_deploy_image_list }}" - name: Configure nginx when inspector boot mode is http when: ironic_inspector_boot_mode == 'http' diff --git a/tasks/main.yml b/tasks/main.yml index 227d3722..9c0fa35c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -196,3 +196,14 @@ when: inventory_hostname in groups['ironic_inspector'] tags: - ironic-inspector + +- include_tasks: ironic_deploy_image.yml + args: + apply: + tags: + - ironic-deploy-image + when: + - _ironic_api_is_first_play_host + - ironic_deploy_image_glance_upload + tags: + - always diff --git a/templates/inspector.ipxe.j2 b/templates/inspector.ipxe.j2 index 0f77a7b6..e37580d0 100644 --- a/templates/inspector.ipxe.j2 +++ b/templates/inspector.ipxe.j2 @@ -5,6 +5,6 @@ dhcp || goto retry_dhcp :retry_boot imgfree -kernel --timeout 30000 {{ ironic_http_url }}/{{ ironic_inspector_ipa_kernel_name }} ipa-inspection-callback-url={{ ironic_inspector_callback_url }} systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd={{ ironic_inspector_ipa_initrd_name }} || goto retry_boot -initrd --timeout 30000 {{ ironic_http_url }}/{{ ironic_inspector_ipa_initrd_name }} || goto retry_boot +kernel --timeout 30000 {{ ironic_http_url }}/{{ ironic_deploy_image_kernel_name }} ipa-inspection-callback-url={{ ironic_inspector_callback_url }} systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd={{ ironic_deploy_image_initramfs_name }} || goto retry_boot +initrd --timeout 30000 {{ ironic_http_url }}/{{ ironic_deploy_image_initramfs_name }} || goto retry_boot boot diff --git a/templates/pxelinux-default.j2 b/templates/pxelinux-default.j2 index 51786799..0f3a43ca 100644 --- a/templates/pxelinux-default.j2 +++ b/templates/pxelinux-default.j2 @@ -1,8 +1,8 @@ default inspect label inspect -kernel {{ ironic_inspector_ipa_kernel_name }} -append initrd={{ ironic_inspector_ipa_initrd_name }} ipa-inspection-callback-url={{ ironic_inspector_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}/v1/continue nomodeset vga=normal console=tty0 console=ttyS0,115200n8 {{ ironic_inspector_pxe_append_params | default('') }} +kernel {{ ironic_deploy_image_kernel_name }} +append initrd={{ ironic_deploy_image_initramfs_name }} ipa-inspection-callback-url={{ ironic_inspector_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}/v1/continue nomodeset vga=normal console=tty0 console=ttyS0,115200n8 {{ ironic_inspector_pxe_append_params | default('') }} ipappend 3