Update Ironic Inspector for Metal Deployments
This patchset aims to correct some design limitations with the current ironic-inspector deploy process. - a new ironic-inspector-dnsmasq service has been created to split inspector-specific dnsmasq configuration out of the base dnsmasq config files - PXE/iPXE and UEFI support for ironic-inspector boot - (todo) documentation improvements and diagrams Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/823426 Change-Id: Ib5cbb28f97dd7421bfecb815def89305f3b1da33
This commit is contained in:
parent
52a014c56f
commit
f7e6cc04cf
@ -79,6 +79,18 @@ ironic_services:
|
|||||||
service_name: ironic-inspector
|
service_name: ironic-inspector
|
||||||
init_config_overrides: "{{ ironic_inspector_init_config_overrides }}"
|
init_config_overrides: "{{ ironic_inspector_init_config_overrides }}"
|
||||||
execstarts: "{{ ironic_bin }}/ironic-inspector"
|
execstarts: "{{ ironic_bin }}/ironic-inspector"
|
||||||
|
ironic-inspector-dnsmasq:
|
||||||
|
group: ironic_inspector
|
||||||
|
service_name: ironic-inspector-dnsmasq
|
||||||
|
service_type: forking
|
||||||
|
systemd_user_name: root
|
||||||
|
systemd_group_name: root
|
||||||
|
init_config_overrides: "{{ ironic_inspector_dnsmasq_init_config_overrides }}"
|
||||||
|
execstarts: "/usr/sbin/dnsmasq --conf-file=/etc/ironic-inspector/inspector-dnsmasq.conf"
|
||||||
|
after_targets:
|
||||||
|
- openvswitch.service
|
||||||
|
- network.target
|
||||||
|
state: stopped
|
||||||
|
|
||||||
ironic_service_name: ironic
|
ironic_service_name: ironic
|
||||||
ironic_service_type: baremetal
|
ironic_service_type: baremetal
|
||||||
@ -356,13 +368,14 @@ ironic_inspector_pxe_boot_mode: "{{ ironic_inspector_boot_mode }}"
|
|||||||
ironic_inspector_httpboot_dir: /httpboot
|
ironic_inspector_httpboot_dir: /httpboot
|
||||||
ironic_inspector_tftpboot_dir: "{{ ironic_tftpd_root }}"
|
ironic_inspector_tftpboot_dir: "{{ ironic_tftpd_root }}"
|
||||||
|
|
||||||
ironic_inspector_dhcp_interface: br-ironic
|
ironic_inspector_dhcp_interface: br-bmaas
|
||||||
ironic_inspector_valid_interfaces: internal,public
|
ironic_inspector_valid_interfaces: internal,public
|
||||||
|
|
||||||
### Config Overrides
|
### Config Overrides
|
||||||
ironic_inspector_conf_overrides: {}
|
ironic_inspector_conf_overrides: {}
|
||||||
ironic_inspector_rootwrap_conf_overrides: {}
|
ironic_inspector_rootwrap_conf_overrides: {}
|
||||||
ironic_inspector_init_config_overrides: {}
|
ironic_inspector_init_config_overrides: {}
|
||||||
|
ironic_inspector_dnsmasq_init_config_overrides: {}
|
||||||
# pxe boot
|
# pxe boot
|
||||||
ironic_inspector_pxe_append_params: "ipa-debug=1 systemd.journald.forward_to_console=yes" #ipa-inspection-collectors=default,logs,extra_hardware
|
ironic_inspector_pxe_append_params: "ipa-debug=1 systemd.journald.forward_to_console=yes" #ipa-inspection-collectors=default,logs,extra_hardware
|
||||||
|
|
||||||
@ -397,3 +410,12 @@ ironic_inspector_oslomsg_amqp1_enabled: True
|
|||||||
|
|
||||||
ironic_inspector_ipa_initrd_name: ironic-deploy.initrd
|
ironic_inspector_ipa_initrd_name: ironic-deploy.initrd
|
||||||
ironic_inspector_ipa_kernel_name: ironic-deploy.kernel
|
ironic_inspector_ipa_kernel_name: ironic-deploy.kernel
|
||||||
|
|
||||||
|
# The URLs defined here provide the location to the kernel and ramdisk used
|
||||||
|
# for booting via ironic-inspector. The integrated Ironic Python Agent may
|
||||||
|
# not be backwards compatible, so the version listed should match the
|
||||||
|
# deployed cloud.
|
||||||
|
ironic_deploy_ramdisk_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs
|
||||||
|
ironic_deploy_ramdisk_sha_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs.sha256
|
||||||
|
ironic_deploy_kernel_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.kernel
|
||||||
|
ironic_deploy_kernel_sha_url: https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.kernel.sha256
|
||||||
|
@ -46,9 +46,9 @@
|
|||||||
state: restarted
|
state: restarted
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
|
||||||
- name: Restart dnsmasq
|
- name: Restart ironic-inspector-dnsmasq
|
||||||
service:
|
service:
|
||||||
name: "dnsmasq"
|
name: "ironic-inspector-dnsmasq"
|
||||||
state: restarted
|
state: restarted
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
|
||||||
|
@ -13,51 +13,32 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
- name: Copy in dhcp config file
|
|
||||||
template:
|
|
||||||
src: "dhcpd.conf.j2"
|
|
||||||
dest: "/etc/dhcp/dhcpd.conf"
|
|
||||||
notify:
|
|
||||||
- Restart isc-dhcp-server
|
|
||||||
|
|
||||||
- name: Ensure except lo dnsmasq setting
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/default/dnsmasq
|
|
||||||
state: present
|
|
||||||
line: 'DNSMASQ_EXCEPT=lo'
|
|
||||||
when: ansible_facts['os_family'] == 'Debian'
|
|
||||||
notify:
|
|
||||||
- Restart dnsmasq
|
|
||||||
|
|
||||||
- name: Uncomment IGNORE_RESOLVCONF line
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/default/dnsmasq
|
|
||||||
state: present
|
|
||||||
regexp: '^#IGNORE_RESOLVCONF=.*'
|
|
||||||
line: 'IGNORE_RESOLVCONF=yes'
|
|
||||||
backrefs: yes
|
|
||||||
when: ansible_facts['os_family'] == 'Debian'
|
|
||||||
notify:
|
|
||||||
- Restart dnsmasq
|
|
||||||
|
|
||||||
- name: Copy in dnsmqsq config file
|
|
||||||
template:
|
|
||||||
src: "dnsmasq.conf.j2"
|
|
||||||
dest: "/etc/dnsmasq.d/inspector-dnsmasq.conf"
|
|
||||||
notify:
|
|
||||||
- Restart dnsmasq
|
|
||||||
|
|
||||||
- name: Default pxelinux.0 config
|
- name: Default pxelinux.0 config
|
||||||
template:
|
template:
|
||||||
src: pxelinux-default.j2
|
src: pxelinux-default.j2
|
||||||
dest: "{{ ironic_inspector_tftpboot_dir }}/pxelinux.cfg/default"
|
dest: "{{ ironic_inspector_tftpboot_dir }}/pxelinux.cfg/default"
|
||||||
|
|
||||||
- name: Create directories
|
- name: Copy Inspector iPXE Configuration
|
||||||
file:
|
template:
|
||||||
path: "{{ item }}"
|
src: inspector.ipxe.j2
|
||||||
state: directory
|
dest: "{{ ironic_http_root }}/inspector.ipxe"
|
||||||
owner: "{{ ironic_system_user_name }}"
|
owner: "{{ ironic_system_user_name }}"
|
||||||
group: "{{ ironic_system_group_name }}"
|
group: "{{ ironic_system_group_name }}"
|
||||||
mode: "0755"
|
|
||||||
with_items:
|
- name: Download IPA Kernel Image
|
||||||
- /etc/dnsmasq.d/dhcp-hostsdir
|
get_url:
|
||||||
|
url: "{{ ironic_deploy_kernel_url }}"
|
||||||
|
dest: "/httpboot/{{ ironic_inspector_ipa_kernel_name }}"
|
||||||
|
checksum: "sha256:{{ ironic_deploy_kernel_sha_url }}"
|
||||||
|
owner: "{{ ironic_system_user_name }}"
|
||||||
|
group: "{{ ironic_system_group_name }}"
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
|
- name: Download IPA Ramdisk Image
|
||||||
|
get_url:
|
||||||
|
url: "{{ ironic_deploy_ramdisk_url }}"
|
||||||
|
dest: "/httpboot/{{ ironic_inspector_ipa_initrd_name }}"
|
||||||
|
checksum: "sha256:{{ ironic_deploy_ramdisk_sha_url }}"
|
||||||
|
owner: "{{ ironic_system_user_name }}"
|
||||||
|
group: "{{ ironic_system_group_name }}"
|
||||||
|
mode: '0644'
|
||||||
|
42
tasks/ironic_inspector_pre_install.yml
Normal file
42
tasks/ironic_inspector_pre_install.yml
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2021, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: Copy in dhcp config file
|
||||||
|
template:
|
||||||
|
src: "dhcpd.conf.j2"
|
||||||
|
dest: "/etc/dhcp/dhcpd.conf"
|
||||||
|
notify:
|
||||||
|
- Restart isc-dhcp-server
|
||||||
|
|
||||||
|
- name: Copy in dnsmasq config file
|
||||||
|
template:
|
||||||
|
src: "dnsmasq.conf.j2"
|
||||||
|
dest: "/etc/ironic-inspector/inspector-dnsmasq.conf"
|
||||||
|
owner: "{{ ironic_system_user_name }}"
|
||||||
|
group: "{{ ironic_system_group_name }}"
|
||||||
|
mode: "0640"
|
||||||
|
notify:
|
||||||
|
- Restart ironic-inspector-dnsmasq
|
||||||
|
|
||||||
|
- name: Create directories
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ ironic_system_user_name }}"
|
||||||
|
group: "{{ ironic_system_group_name }}"
|
||||||
|
mode: "0755"
|
||||||
|
with_items:
|
||||||
|
- /etc/ironic-inspector/dhcp-hostsdir
|
||||||
|
- /var/lib/ironic-inspector/
|
@ -121,6 +121,11 @@
|
|||||||
tags:
|
tags:
|
||||||
- ironic-config
|
- ironic-config
|
||||||
|
|
||||||
|
- import_tasks: ironic_inspector_pre_install.yml
|
||||||
|
when: inventory_hostname in groups['ironic_inspector']
|
||||||
|
tags:
|
||||||
|
- ironic-inspector
|
||||||
|
|
||||||
- name: Run the systemd service role
|
- name: Run the systemd service role
|
||||||
import_role:
|
import_role:
|
||||||
name: systemd_service
|
name: systemd_service
|
||||||
@ -155,6 +160,6 @@
|
|||||||
- ironic-config
|
- ironic-config
|
||||||
|
|
||||||
- import_tasks: ironic_inspector_post_install.yml
|
- import_tasks: ironic_inspector_post_install.yml
|
||||||
when: "{{ inventory_hostname in groups['ironic_inspector'] }}"
|
when: inventory_hostname in groups['ironic_inspector']
|
||||||
tags:
|
tags:
|
||||||
- ironic-inspector
|
- ironic-inspector
|
||||||
|
@ -1,15 +1,24 @@
|
|||||||
port=15553
|
port=15553
|
||||||
|
bind-interfaces
|
||||||
interface={{ ironic_inspector_dhcp_interface }}
|
interface={{ ironic_inspector_dhcp_interface }}
|
||||||
|
listen-address={{ ironic_inspector_dhcp_address }}
|
||||||
dhcp-range={{ ironic_inspector_dhcp_pool_range | regex_replace(' ', ',') }}
|
dhcp-range={{ ironic_inspector_dhcp_pool_range | regex_replace(' ', ',') }}
|
||||||
tftp-root={{ ironic_inspector_tftpboot_dir }}
|
tftp-root={{ ironic_inspector_tftpboot_dir }}
|
||||||
dhcp-option=3,{{ ironic_inspector_dhcp_gateway }}
|
dhcp-option=3,{{ ironic_inspector_dhcp_gateway }}
|
||||||
dhcp-option=6,{{ ironic_inspector_dhcp_nameservers }}
|
dhcp-option=6,{{ ironic_inspector_dhcp_nameservers }}
|
||||||
dhcp-match=ipxe,175
|
dhcp-match=ipxe,175
|
||||||
dhcp-match=set:efi,option:client-arch,7
|
dhcp-match=set:efi,option:client-arch,7
|
||||||
listen-address={{ ironic_inspector_dhcp_address }}
|
|
||||||
dhcp-match=set:efi,option:client-arch,9
|
dhcp-match=set:efi,option:client-arch,9
|
||||||
dhcp-match=set:efi,option:client-arch,11
|
dhcp-match=set:efi,option:client-arch,11
|
||||||
|
# OLD, but keep
|
||||||
|
#dhcp-boot=pxelinux.0,localhost.localdomain,{{ ironic_tftp_server_address }}
|
||||||
|
# Client is already running iPXE; move to next stage of chainloading
|
||||||
|
dhcp-boot=tag:ipxe,{{ ironic_http_url }}/inspector.ipxe
|
||||||
|
# Client is PXE booting over EFI without iPXE ROM,
|
||||||
|
# send EFI version of iPXE chainloader
|
||||||
dhcp-boot=tag:efi,tag:!ipxe,ipxe.efi
|
dhcp-boot=tag:efi,tag:!ipxe,ipxe.efi
|
||||||
dhcp-boot=pxelinux.0,localhost.localdomain,{{ ironic_tftp_server_address }}
|
# Client is running PXE over BIOS; send BIOS version of iPXE chainloader
|
||||||
conf-dir=/etc/dnsmasq.d/,*.conf
|
dhcp-boot=undionly.kpxe,localhost.localdomain,{{ ironic_tftp_server_address }}
|
||||||
dhcp-hostsdir=/etc/dnsmasq.d/dhcp-hostsdir
|
dhcp-hostsdir=/etc/ironic-inspector/dhcp-hostsdir
|
||||||
|
dhcp-leasefile=/var/lib/ironic-inspector/inspector-dnsmasq.leases
|
||||||
|
dhcp-sequential-ip
|
||||||
|
@ -28,16 +28,16 @@ enroll_node_driver = ipmi
|
|||||||
|
|
||||||
[dnsmasq_pxe_filter]
|
[dnsmasq_pxe_filter]
|
||||||
{% if ironic_inspector_pxe_filter == "dnsmasq" %}
|
{% if ironic_inspector_pxe_filter == "dnsmasq" %}
|
||||||
dhcp_hostsdir = /etc/dnsmasq.d/dhcp-hostsdir
|
dhcp_hostsdir = /etc/ironic-inspector/dhcp-hostsdir
|
||||||
dnsmasq_start_command = systemctl start dnsmasq
|
dnsmasq_start_command = systemctl start ironic-inspector-dnsmasq
|
||||||
dnsmasq_stop_command = systemctl stop dnsmasq
|
dnsmasq_stop_command = systemctl stop ironic-inspector-dnsmasq
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
[iptables]
|
[iptables]
|
||||||
{% if ironic_inspector_pxe_filter == "iptables" %}
|
{% if ironic_inspector_pxe_filter == "iptables" %}
|
||||||
manage_firewall = True
|
manage_firewall = True
|
||||||
{% endif %}
|
{% endif %}
|
||||||
dnsmasq_interface = br-ironic
|
dnsmasq_interface = {{ ironic_inspector_dhcp_interface }}
|
||||||
|
|
||||||
[ironic]
|
[ironic]
|
||||||
username = ironic
|
username = ironic
|
||||||
|
10
templates/inspector.ipxe.j2
Normal file
10
templates/inspector.ipxe.j2
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
#!ipxe
|
||||||
|
|
||||||
|
:retry_dhcp
|
||||||
|
dhcp || goto retry_dhcp
|
||||||
|
|
||||||
|
:retry_boot
|
||||||
|
imgfree
|
||||||
|
kernel --timeout 30000 {{ ironic_http_url }}/{{ ironic_inspector_ipa_kernel_name }} ipa-inspection-callback-url={{ ironic_inspector_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}/v1/continue systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd={{ ironic_inspector_ipa_initrd_name }} || goto retry_boot
|
||||||
|
initrd --timeout 30000 {{ ironic_http_url }}/{{ ironic_inspector_ipa_initrd_name }} || goto retry_boot
|
||||||
|
boot
|
@ -2,7 +2,7 @@ default inspect
|
|||||||
|
|
||||||
label inspect
|
label inspect
|
||||||
kernel {{ ironic_inspector_ipa_kernel_name }}
|
kernel {{ ironic_inspector_ipa_kernel_name }}
|
||||||
append initrd={{ ironic_inspector_ipa_initrd_name }} ipa-inspection-callback-url=http://{{ internal_lb_vip_address }}:5050/v1/continue nomodeset vga=normal console=tty0 console=ttyS0,115200n8 {{ ironic_inspector_pxe_append_params | default('') }}
|
append initrd={{ ironic_inspector_ipa_initrd_name }} ipa-inspection-callback-url={{ ironic_inspector_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}/v1/continue nomodeset vga=normal console=tty0 console=ttyS0,115200n8 {{ ironic_inspector_pxe_append_params | default('') }}
|
||||||
ipappend 3
|
ipappend 3
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user