Update Ironic Inspector for Metal Deployments
This patchset aims to correct some design limitations with the current ironic-inspector deploy process. - a new ironic-inspector-dnsmasq service has been created to split inspector-specific dnsmasq configuration out of the base dnsmasq config files - PXE/iPXE and UEFI support for ironic-inspector boot - (todo) documentation improvements and diagrams Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/823426 Change-Id: Ib5cbb28f97dd7421bfecb815def89305f3b1da33
This commit is contained in:
parent
52a014c56f
commit
f7e6cc04cf
@ -79,6 +79,18 @@ ironic_services:
|
||||
service_name: ironic-inspector
|
||||
init_config_overrides: "{{ ironic_inspector_init_config_overrides }}"
|
||||
execstarts: "{{ ironic_bin }}/ironic-inspector"
|
||||
ironic-inspector-dnsmasq:
|
||||
group: ironic_inspector
|
||||
service_name: ironic-inspector-dnsmasq
|
||||
service_type: forking
|
||||
systemd_user_name: root
|
||||
systemd_group_name: root
|
||||
init_config_overrides: "{{ ironic_inspector_dnsmasq_init_config_overrides }}"
|
||||
execstarts: "/usr/sbin/dnsmasq --conf-file=/etc/ironic-inspector/inspector-dnsmasq.conf"
|
||||
after_targets:
|
||||
- openvswitch.service
|
||||
- network.target
|
||||
state: stopped
|
||||
|
||||
ironic_service_name: ironic
|
||||
ironic_service_type: baremetal
|
||||
@ -356,13 +368,14 @@ ironic_inspector_pxe_boot_mode: "{{ ironic_inspector_boot_mode }}"
|
||||
ironic_inspector_httpboot_dir: /httpboot
|
||||
ironic_inspector_tftpboot_dir: "{{ ironic_tftpd_root }}"
|
||||
|
||||
ironic_inspector_dhcp_interface: br-ironic
|
||||
ironic_inspector_dhcp_interface: br-bmaas
|
||||
ironic_inspector_valid_interfaces: internal,public
|
||||
|
||||
### Config Overrides
|
||||
ironic_inspector_conf_overrides: {}
|
||||
ironic_inspector_rootwrap_conf_overrides: {}
|
||||
ironic_inspector_init_config_overrides: {}
|
||||
ironic_inspector_dnsmasq_init_config_overrides: {}
|
||||
# pxe boot
|
||||
ironic_inspector_pxe_append_params: "ipa-debug=1 systemd.journald.forward_to_console=yes" #ipa-inspection-collectors=default,logs,extra_hardware
|
||||
|
||||
@ -397,3 +410,12 @@ ironic_inspector_oslomsg_amqp1_enabled: True
|
||||
|
||||
ironic_inspector_ipa_initrd_name: ironic-deploy.initrd
|
||||
ironic_inspector_ipa_kernel_name: ironic-deploy.kernel
|
||||
|
||||
# The URLs defined here provide the location to the kernel and ramdisk used
|
||||
# for booting via ironic-inspector. The integrated Ironic Python Agent may
|
||||
# not be backwards compatible, so the version listed should match the
|
||||
# deployed cloud.
|
||||
ironic_deploy_ramdisk_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs
|
||||
ironic_deploy_ramdisk_sha_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs.sha256
|
||||
ironic_deploy_kernel_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.kernel
|
||||
ironic_deploy_kernel_sha_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.kernel.sha256
|
||||
|
@ -46,9 +46,9 @@
|
||||
state: restarted
|
||||
failed_when: false
|
||||
|
||||
- name: Restart dnsmasq
|
||||
- name: Restart ironic-inspector-dnsmasq
|
||||
service:
|
||||
name: "dnsmasq"
|
||||
name: "ironic-inspector-dnsmasq"
|
||||
state: restarted
|
||||
failed_when: false
|
||||
|
||||
|
@ -13,51 +13,32 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Copy in dhcp config file
|
||||
template:
|
||||
src: "dhcpd.conf.j2"
|
||||
dest: "/etc/dhcp/dhcpd.conf"
|
||||
notify:
|
||||
- Restart isc-dhcp-server
|
||||
|
||||
- name: Ensure except lo dnsmasq setting
|
||||
lineinfile:
|
||||
path: /etc/default/dnsmasq
|
||||
state: present
|
||||
line: 'DNSMASQ_EXCEPT=lo'
|
||||
when: ansible_facts['os_family'] == 'Debian'
|
||||
notify:
|
||||
- Restart dnsmasq
|
||||
|
||||
- name: Uncomment IGNORE_RESOLVCONF line
|
||||
lineinfile:
|
||||
path: /etc/default/dnsmasq
|
||||
state: present
|
||||
regexp: '^#IGNORE_RESOLVCONF=.*'
|
||||
line: 'IGNORE_RESOLVCONF=yes'
|
||||
backrefs: yes
|
||||
when: ansible_facts['os_family'] == 'Debian'
|
||||
notify:
|
||||
- Restart dnsmasq
|
||||
|
||||
- name: Copy in dnsmqsq config file
|
||||
template:
|
||||
src: "dnsmasq.conf.j2"
|
||||
dest: "/etc/dnsmasq.d/inspector-dnsmasq.conf"
|
||||
notify:
|
||||
- Restart dnsmasq
|
||||
|
||||
- name: Default pxelinux.0 config
|
||||
template:
|
||||
src: pxelinux-default.j2
|
||||
dest: "{{ ironic_inspector_tftpboot_dir }}/pxelinux.cfg/default"
|
||||
|
||||
- name: Create directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
- name: Copy Inspector iPXE Configuration
|
||||
template:
|
||||
src: inspector.ipxe.j2
|
||||
dest: "{{ ironic_http_root }}/inspector.ipxe"
|
||||
owner: "{{ ironic_system_user_name }}"
|
||||
group: "{{ ironic_system_group_name }}"
|
||||
mode: "0755"
|
||||
with_items:
|
||||
- /etc/dnsmasq.d/dhcp-hostsdir
|
||||
|
||||
- name: Download IPA Kernel Image
|
||||
get_url:
|
||||
url: "{{ ironic_deploy_kernel_url }}"
|
||||
dest: "/httpboot/{{ ironic_inspector_ipa_kernel_name }}"
|
||||
checksum: "sha256:{{ ironic_deploy_kernel_sha_url }}"
|
||||
owner: "{{ ironic_system_user_name }}"
|
||||
group: "{{ ironic_system_group_name }}"
|
||||
mode: '0644'
|
||||
|
||||
- name: Download IPA Ramdisk Image
|
||||
get_url:
|
||||
url: "{{ ironic_deploy_ramdisk_url }}"
|
||||
dest: "/httpboot/{{ ironic_inspector_ipa_initrd_name }}"
|
||||
checksum: "sha256:{{ ironic_deploy_ramdisk_sha_url }}"
|
||||
owner: "{{ ironic_system_user_name }}"
|
||||
group: "{{ ironic_system_group_name }}"
|
||||
mode: '0644'
|
||||
|
42
tasks/ironic_inspector_pre_install.yml
Normal file
42
tasks/ironic_inspector_pre_install.yml
Normal file
@ -0,0 +1,42 @@
|
||||
---
|
||||
# Copyright 2021, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Copy in dhcp config file
|
||||
template:
|
||||
src: "dhcpd.conf.j2"
|
||||
dest: "/etc/dhcp/dhcpd.conf"
|
||||
notify:
|
||||
- Restart isc-dhcp-server
|
||||
|
||||
- name: Copy in dnsmasq config file
|
||||
template:
|
||||
src: "dnsmasq.conf.j2"
|
||||
dest: "/etc/ironic-inspector/inspector-dnsmasq.conf"
|
||||
owner: "{{ ironic_system_user_name }}"
|
||||
group: "{{ ironic_system_group_name }}"
|
||||
mode: "0640"
|
||||
notify:
|
||||
- Restart ironic-inspector-dnsmasq
|
||||
|
||||
- name: Create directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ ironic_system_user_name }}"
|
||||
group: "{{ ironic_system_group_name }}"
|
||||
mode: "0755"
|
||||
with_items:
|
||||
- /etc/ironic-inspector/dhcp-hostsdir
|
||||
- /var/lib/ironic-inspector/
|
@ -121,6 +121,11 @@
|
||||
tags:
|
||||
- ironic-config
|
||||
|
||||
- import_tasks: ironic_inspector_pre_install.yml
|
||||
when: inventory_hostname in groups['ironic_inspector']
|
||||
tags:
|
||||
- ironic-inspector
|
||||
|
||||
- name: Run the systemd service role
|
||||
import_role:
|
||||
name: systemd_service
|
||||
@ -155,6 +160,6 @@
|
||||
- ironic-config
|
||||
|
||||
- import_tasks: ironic_inspector_post_install.yml
|
||||
when: "{{ inventory_hostname in groups['ironic_inspector'] }}"
|
||||
when: inventory_hostname in groups['ironic_inspector']
|
||||
tags:
|
||||
- ironic-inspector
|
||||
|
@ -1,15 +1,24 @@
|
||||
port=15553
|
||||
bind-interfaces
|
||||
interface={{ ironic_inspector_dhcp_interface }}
|
||||
listen-address={{ ironic_inspector_dhcp_address }}
|
||||
dhcp-range={{ ironic_inspector_dhcp_pool_range | regex_replace(' ', ',') }}
|
||||
tftp-root={{ ironic_inspector_tftpboot_dir }}
|
||||
dhcp-option=3,{{ ironic_inspector_dhcp_gateway }}
|
||||
dhcp-option=6,{{ ironic_inspector_dhcp_nameservers }}
|
||||
dhcp-match=ipxe,175
|
||||
dhcp-match=set:efi,option:client-arch,7
|
||||
listen-address={{ ironic_inspector_dhcp_address }}
|
||||
dhcp-match=set:efi,option:client-arch,9
|
||||
dhcp-match=set:efi,option:client-arch,11
|
||||
# OLD, but keep
|
||||
#dhcp-boot=pxelinux.0,localhost.localdomain,{{ ironic_tftp_server_address }}
|
||||
# Client is already running iPXE; move to next stage of chainloading
|
||||
dhcp-boot=tag:ipxe,{{ ironic_http_url }}/inspector.ipxe
|
||||
# Client is PXE booting over EFI without iPXE ROM,
|
||||
# send EFI version of iPXE chainloader
|
||||
dhcp-boot=tag:efi,tag:!ipxe,ipxe.efi
|
||||
dhcp-boot=pxelinux.0,localhost.localdomain,{{ ironic_tftp_server_address }}
|
||||
conf-dir=/etc/dnsmasq.d/,*.conf
|
||||
dhcp-hostsdir=/etc/dnsmasq.d/dhcp-hostsdir
|
||||
# Client is running PXE over BIOS; send BIOS version of iPXE chainloader
|
||||
dhcp-boot=undionly.kpxe,localhost.localdomain,{{ ironic_tftp_server_address }}
|
||||
dhcp-hostsdir=/etc/ironic-inspector/dhcp-hostsdir
|
||||
dhcp-leasefile=/var/lib/ironic-inspector/inspector-dnsmasq.leases
|
||||
dhcp-sequential-ip
|
||||
|
@ -28,16 +28,16 @@ enroll_node_driver = ipmi
|
||||
|
||||
[dnsmasq_pxe_filter]
|
||||
{% if ironic_inspector_pxe_filter == "dnsmasq" %}
|
||||
dhcp_hostsdir = /etc/dnsmasq.d/dhcp-hostsdir
|
||||
dnsmasq_start_command = systemctl start dnsmasq
|
||||
dnsmasq_stop_command = systemctl stop dnsmasq
|
||||
dhcp_hostsdir = /etc/ironic-inspector/dhcp-hostsdir
|
||||
dnsmasq_start_command = systemctl start ironic-inspector-dnsmasq
|
||||
dnsmasq_stop_command = systemctl stop ironic-inspector-dnsmasq
|
||||
{% endif %}
|
||||
|
||||
[iptables]
|
||||
{% if ironic_inspector_pxe_filter == "iptables" %}
|
||||
manage_firewall = True
|
||||
{% endif %}
|
||||
dnsmasq_interface = br-ironic
|
||||
dnsmasq_interface = {{ ironic_inspector_dhcp_interface }}
|
||||
|
||||
[ironic]
|
||||
username = ironic
|
||||
|
10
templates/inspector.ipxe.j2
Normal file
10
templates/inspector.ipxe.j2
Normal file
@ -0,0 +1,10 @@
|
||||
#!ipxe
|
||||
|
||||
:retry_dhcp
|
||||
dhcp || goto retry_dhcp
|
||||
|
||||
:retry_boot
|
||||
imgfree
|
||||
kernel --timeout 30000 {{ ironic_http_url }}/{{ ironic_inspector_ipa_kernel_name }} ipa-inspection-callback-url={{ ironic_inspector_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}/v1/continue systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd={{ ironic_inspector_ipa_initrd_name }} || goto retry_boot
|
||||
initrd --timeout 30000 {{ ironic_http_url }}/{{ ironic_inspector_ipa_initrd_name }} || goto retry_boot
|
||||
boot
|
@ -2,7 +2,7 @@ default inspect
|
||||
|
||||
label inspect
|
||||
kernel {{ ironic_inspector_ipa_kernel_name }}
|
||||
append initrd={{ ironic_inspector_ipa_initrd_name }} ipa-inspection-callback-url=http://{{ internal_lb_vip_address }}:5050/v1/continue nomodeset vga=normal console=tty0 console=ttyS0,115200n8 {{ ironic_inspector_pxe_append_params | default('') }}
|
||||
append initrd={{ ironic_inspector_ipa_initrd_name }} ipa-inspection-callback-url={{ ironic_inspector_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}/v1/continue nomodeset vga=normal console=tty0 console=ttyS0,115200n8 {{ ironic_inspector_pxe_append_params | default('') }}
|
||||
ipappend 3
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user