Refactor ironic deploy image handling.

The deploy image is required in two places in an ironic deployment,
first as images uploaded to glance for the ironic service, and second
as files on a web server for the ironic-inspector service.

Previously this role only placed the deploy images on the ironic
inspector web server, but this patch provides the functionality to
also upload the images to glance.

The variables for ironic deploy image source locations are
consolidated so that only one set are required to run the tasks
for both ironic and ironic-inspector, and several overrides are
available allowing the source to be overidden to a local mirror
easily.

Finally - the name of the files placed on the inspector web server
and into glance represent the upstream name of the image files rather
than generic names which lose versioning and release information.

Change-Id: I1aed9d97a4ddbfb70d2375f5204c55374d1067c9
This commit is contained in:
Jonathan Rosser 2022-11-03 18:08:01 +00:00 committed by Dmitriy Rabotyagov
parent d79071dddf
commit b974a6c0e0
8 changed files with 116 additions and 34 deletions

View File

@ -374,6 +374,34 @@ ironic_inspector_swift_role_names:
- _member_
- swiftoperator
#Ironic deploy images need to be uploaded to glance.
ironic_deploy_image_glance_upload: True
# Set the directory where the downloaded image will be stored
# on the ironic_service_setup_host host. If the host is localhost,
# then the user running the playbook must have access to it.
ironic_deploy_image_path: "/root/openstack-ansible/ironic"
ironic_deploy_image_path_owner: "root"
#The default download URL is like https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs
#Allow various parts of this to be overidden to local mirrors, or replaced completely with custom settings
ironic_deploy_image_server: "https://tarballs.opendev.org/"
ironic_deploy_image_server_path: "openstack/ironic-python-agent/dib/files/"
ironic_deploy_image_base_name: "ipa-centos8-stable-yoga"
ironic_deploy_image_kernel_name: "{{ ironic_deploy_image_base_name + '.kernel' }}"
ironic_deploy_image_initramfs_name: "{{ ironic_deploy_image_base_name + '.initramfs' }}"
ironic_deploy_image_list:
- url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_kernel_name }}"
sha_url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_kernel_name ~ '.sha256' }}"
container_format: 'aki'
disk_format: 'aki'
name: "{{ ironic_deploy_image_kernel_name }}"
- url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_initramfs_name }}"
sha_url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_initramfs_name ~ '.sha256' }}"
container_format: 'ari'
disk_format: 'ari'
name: "{{ ironic_deploy_image_initramfs_name }}"
# Ironic inspector
ironic_inspector_enable_discovery: True
ironic_inspector_openstack_db_connection_string: "mysql+pymysql://{{ ironic_inspector_galera_user }}:{{ ironic_inspector_container_mysql_password }}@{{ ironic_inspector_galera_address }}:{{ ironic_inspector_galera_port }}/{{ ironic_inspector_galera_database }}?charset=utf8{% if ironic_inspector_galera_use_ssl | bool %}&ssl_verify_cert=true{% if ironic_inspector_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ ironic_inspector_galera_ssl_ca_cert }}{% endif %}{% endif %}"
@ -434,15 +462,3 @@ ironic_inspector_oslomsg_notify_ssl_ca_file: "{{ oslomsg_notify_ssl_ca_file | de
ironic_inspector_optional_oslomsg_amqp1_pip_packages:
- oslo.messaging[amqp1]
ironic_inspector_oslomsg_amqp1_enabled: True
ironic_inspector_ipa_initrd_name: ironic-deploy.initrd
ironic_inspector_ipa_kernel_name: ironic-deploy.kernel
# The URLs defined here provide the location to the kernel and ramdisk used
# for booting via ironic-inspector. The integrated Ironic Python Agent may
# not be backwards compatible, so the version listed should match the
# deployed cloud.
ironic_deploy_ramdisk_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs
ironic_deploy_ramdisk_sha_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs.sha256
ironic_deploy_kernel_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.kernel
ironic_deploy_kernel_sha_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.kernel.sha256

View File

@ -29,10 +29,6 @@ Required Overrides
~~~~~~~~~~~~~~~~~~
.. code-block::
# names of your ironic-python-agent initrd/kernel images
ironic_inspector_ipa_initrd_name: ironic-deploy.initramfs
ironic_inspector_ipa_kernel_name: ironic-deploy.vmlinuz
# dnsmasq/dhcp information for inspector
ironic_inspector_dhcp_pool_range: <START> <END> (subset of ironic IPs)
ironic_inspector_dhcp_subnet: <IRONIC SUBNET CIDR>

View File

@ -0,0 +1,14 @@
---
features:
- |
The os_ironic ansible role can now upload the ironic deploy image
to glance. Several new variables are defined as ironic_deploy_image_*
which control this. It is possible to disable the upload to glance and
also to specify custom locations to stage the images from if required.
upgrade:
- |
The variables ironic_inspector_ipa_initrd_name and ironic_inspector_ipa_initrd_name
are removed from the os_ironic role and more flexible functionality
is now provided with the ironic_deplo_image_* variables. Review any
overrides you have for the ironic service and adjust these new variables
if necessary.

View File

@ -0,0 +1,53 @@
---
# Copyright 2022, BBC R&D
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# We set the python interpreter to the ansible runtime venv if
# the delegation is to localhost so that we get access to the
# appropriate python libraries in that venv. If the delegation
# is to another host, we assume that it is accessible by the
# system python instead.
- name: Setup the deploy image
delegate_to: "{{ ironic_service_setup_host }}"
vars:
ansible_python_interpreter: "{{ ironic_service_setup_host_python_interpreter }}"
block:
- name: Create image download directory
file:
path: "{{ ironic_deploy_image_path }}"
state: directory
mode: "0750"
owner: "{{ ironic_deploy_image_path_owner }}"
- name: Download image from artefact server
get_url:
url: "{{ item['url'] }}"
dest: "{{ ironic_deploy_image_path }}"
checksum: "sha256:{{ item['sha_url'] }}"
retries: 10
delay: 10
register: ironic_download_results
with_items:
- "{{ ironic_deploy_image_list }}"
- name: Upload images
openstack.cloud.image:
cloud: default
endpoint_type: admin
name: "{{ item.item.name }}"
container_format: "{{ item.item.container_format }}"
disk_format: "{{ item.item.disk_format }}"
filename: "{{ item.dest }}"
with_items:
- "{{ ironic_download_results.results }}"

View File

@ -25,23 +25,15 @@
owner: "{{ ironic_system_user_name }}"
group: "{{ ironic_system_group_name }}"
- name: Download IPA Kernel Image
- name: Download IPA Images
get_url:
url: "{{ ironic_deploy_kernel_url }}"
dest: "/httpboot/{{ ironic_inspector_ipa_kernel_name }}"
checksum: "sha256:{{ ironic_deploy_kernel_sha_url }}"
owner: "{{ ironic_system_user_name }}"
group: "{{ ironic_system_group_name }}"
mode: '0644'
- name: Download IPA Ramdisk Image
get_url:
url: "{{ ironic_deploy_ramdisk_url }}"
dest: "/httpboot/{{ ironic_inspector_ipa_initrd_name }}"
checksum: "sha256:{{ ironic_deploy_ramdisk_sha_url }}"
url: "{{ item.url }}"
dest: "/httpboot/{{ item.name }}"
checksum: "sha256:{{ item.sha_url }}"
owner: "{{ ironic_system_user_name }}"
group: "{{ ironic_system_group_name }}"
mode: '0644'
with_items: "{{ ironic_deploy_image_list }}"
- name: Configure nginx when inspector boot mode is http
when: ironic_inspector_boot_mode == 'http'

View File

@ -196,3 +196,14 @@
when: inventory_hostname in groups['ironic_inspector']
tags:
- ironic-inspector
- include_tasks: ironic_deploy_image.yml
args:
apply:
tags:
- ironic-deploy-image
when:
- _ironic_api_is_first_play_host
- ironic_deploy_image_glance_upload
tags:
- always

View File

@ -5,6 +5,6 @@ dhcp || goto retry_dhcp
:retry_boot
imgfree
kernel --timeout 30000 {{ ironic_http_url }}/{{ ironic_inspector_ipa_kernel_name }} ipa-inspection-callback-url={{ ironic_inspector_callback_url }} systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd={{ ironic_inspector_ipa_initrd_name }} || goto retry_boot
initrd --timeout 30000 {{ ironic_http_url }}/{{ ironic_inspector_ipa_initrd_name }} || goto retry_boot
kernel --timeout 30000 {{ ironic_http_url }}/{{ ironic_deploy_image_kernel_name }} ipa-inspection-callback-url={{ ironic_inspector_callback_url }} systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd={{ ironic_deploy_image_initramfs_name }} || goto retry_boot
initrd --timeout 30000 {{ ironic_http_url }}/{{ ironic_deploy_image_initramfs_name }} || goto retry_boot
boot

View File

@ -1,8 +1,8 @@
default inspect
label inspect
kernel {{ ironic_inspector_ipa_kernel_name }}
append initrd={{ ironic_inspector_ipa_initrd_name }} ipa-inspection-callback-url={{ ironic_inspector_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}/v1/continue nomodeset vga=normal console=tty0 console=ttyS0,115200n8 {{ ironic_inspector_pxe_append_params | default('') }}
kernel {{ ironic_deploy_image_kernel_name }}
append initrd={{ ironic_deploy_image_initramfs_name }} ipa-inspection-callback-url={{ ironic_inspector_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}/v1/continue nomodeset vga=normal console=tty0 console=ttyS0,115200n8 {{ ironic_inspector_pxe_append_params | default('') }}
ipappend 3