openstack
/
bifrost
Code Issues Proposed changes
bifrost/playbooks/roles/bifrost-ironic-install/README.md

374 lines
15 KiB
Markdown
Raw Blame History

bifrost-ironic-install
======================
This role installs a standalone ironic deployment with all required substrate
in order for it to be utilized, including MySQL, dnsmasq, and nginx.
Requirements
------------
This role requires:
- Ansible 2.9
Internet access was originally a requirement but no longer is. See
doc/source/offline-install.rst for details on installing without it.
Role Variables
--------------
Testing mode is intended to help facilitate testing of the bifrost roles and
ironic by utilizing virtual machines on the localhost and the ipmi hardware
type. This variable should be set globally for playbooks utilizing the
bifrost-ironic-install role.
testing: false
Enables no-authentication mode where no authentication is used for accessing
API services. The default setting of ``true`` makes ironic and ironic-inspector
either use keystone (if ``enable_keystone`` is true) or HTTP basic auth
(use ``admin_username``/``admin_password`` and
``default_username``/``default_password`` to configure).
noauth_mode: false
Node cleaning, which was a feature added to ironic during the Kilo cycle,
removes the previous contents of a node once it has been moved from an
active to available state, such as setting the provision state to deleted.
Bifrost disables this by default in order to allow initial users to not be
impacted by node cleaning operations upfront when they are testing and
evaluating bifrost. Only metadata cleaning is enabled by default, but any
production environment should have full cleaning enabled.
cleaning: true
cleaning_disk_erase: false
The ironic python client and openstacksdk libraries can be installed directly
from Git. The default is to utilize pip to install the current versions in pypi,
however testing may require master branch or custom patches.
openstacksdk_source_install: false
Bifrost requires access to the network where nodes are located, in order to
provision the nodes. By default, this setting is set to a value for local
VM based testing, however if and when you're ready to deploy to a physical
environment, you will need to set the network_interface variable to the
attached network.
network_interface: "virbr0"
By default this role installs dnsmasq to act as a DHCP server for provisioning
hosts. In the event this is not required, set the following configuration:
internal_ip: "<IPv4 address of network_interface>"
internal_interface: {"address": .. "network": .. "netmask": .. "broadcast": ..}
The IP address and network interface information which will be used by bare
metal machines to connect to the conductor and the internal HTTP server,
and for cross-service interactions.
dhcp_provider: "dnsmasq"
Which ironc DHCP provider to enable. When set to "none" a static dnsmasq
configuration is used, and host specific DHCP configuration can be set by
writing files to dhcp-hostsdir ``dnsmasq_dhcp_hostsdir`` and dhcp-optsdir
``dnsmasq_dhcp_optsdir``.
When set to "dnsmasq" Ironic will manage dhcp-option and dhcp-boot entries on a
per-node basis by writing files to ``dnsmasq_dhcp_hostsdir`` and
``dnsmasq_dhcp_optsdir``.
dnsmasq_dhcp_hostsdir: "/etc/dnsmasq.d/bifrost.dhcp-hosts.d"
Directory with static and ironic managed DHCP hosts configuration.
dnsmasq_dhcp_optsdir: "/etc/dnsmasq.d/bifrost.dhcp-opts.d"
Directory with ironic managed DHCP options configuration.
dnsmasq_leases_file: "/var/lib/dnsmasq/dnsmasq.leases"
File which represents dnsmasq leases, used when dhcp_provider == "dnsmasq"
enable_dhcp: false
If you chose to utilize the dhcp server, You may wish to set default ranges:
dhcp_pool_start: 192.168.1.200
dhcp_pool_end: 192.168.1.250
If you want to use bifrost as a dhcp relay target, please set ``dhcp_pool_mask``:
dhcp_pool_mask: 255.255.255.0
And also set the default dhcp address lease time:
dhcp_lease_time: 12h
Alternatively, a user can choose to perform static DHCP assignments to nodes.
This can be enabled by setting the ``inventory_dhcp`` setting to ``true``.
This will result in the ``dhcp_pool_start`` and ``dhcp_pool_end`` settings
only being used to define the range of valid ips to be accepted, and the
``ipv4_address`` setting being bound to the first listed MAC address for
the node.
If you choose to use the static DHCP assignments, you may need to set
the ``dhcp_static_mask`` setting according to your needs. It defaults to
a /24 range.
In the case of static inventory, please also consider to set the
``dhcp_lease_time`` setting to infinite, to avoid unnecessary refreshes
of ips.
If you want to force all hostnames to resolve to ``ipv4_address`` set on
the inventory, please set the ``inventory_dns`` setting to ``true``.
In case your HW needs a kernel option to boot, set the following variable:
extra_kernel_options: Default undefined.
Hardware types can be enabled using the "enabled_hardware_types" variable,
which defaults to "ipmi, ilo".
Enabled interfaces can be set via the "enabled_bios_interfaces",
"enabled_boot_interfaces", "enabled_deploy_interfaces",
"enabled_management_interfaces", and "enabled_power_interfaces" variables.
By default they are derived from "enabled_hardware_types".
In the event of an external DHCP server being used, the user will need to
configure their DHCP server such that PXE, and iPXE chain loading occurs.
For additional information for setting up DHCP in this scenario refer to
the bifrost documentation file doc/source/deploy/dhcp.rst.
Additional default variables exist in defaults/main.yml, however these are
mainly limited to settings which are unlikely to be modified, unless a user
has a custom Ironic Python Agent image, or needs to modify where the httpboot
folder is set to.
This role has several variables that can vary between OS families,
distributions, and their specific versions. These are specified in the
required_defaults_* files. They are imported in a particular
order. For example, for Ubuntu 15.04, the role will attempt to import
the following files:
- required_defaults_Debian.yml
- required_defaults_Ubuntu.yml
- required_defaults_Ubuntu_15.04.yml
Not all of the possible files for a given distribution/version combination
need to exist. The recommended approach for adding a new variable is:
- Put the variable in the most generic set of defaults to which it applies:
for example, if a given variable is applicable to all Debian-family
operating systems, put it in required_defaults_Debian.yml
- Variables specified in the more specific files will be used to override
values in the more generic defaults files.
- If a given default applies to multiple versions of a distribution, that
variable needs to be specified for each version which it affects.
If you wish to enable Cross-Origin Resource Sharing (CORS), such as to
connect a javascript based web client, options have been added to allow
a user to enable the integrated support.
By default, this support is disabled, but the configuration options are below:
enable_cors: Boolean value, default false, to enable CORS support.
cors_allowed_origin: A URL string that represents the origin sent by the
client web browser. If CORS is enabled, and this is
not set, it will default to http://localhost:8000/.
enable_cors_credential_support: Boolean value, default false. This variable
toggles the CORS configuration to expect user
authentication. Since bifrost makes use of
noauth mode, this realistically should not
be modified.
domain: String value, default to false. If set, domain setting is configured
in dnsmasq.
remote_syslog_server: String value, default undefined. If set, rsyslog is
configured to send logs to this server.
remote_syslog_port: String value, default is 514. If set, custom port is
configured for remote syslog server.
ironic_log_dir: String value, default undefined. If set, it specifies a
a non-default log directory for ironic.
inspector_log_dir: String value, default undefined. If set, it specifies a
non-default log directory for inspector.
nginx_log_dir: String value, default /var/log/nginx. It specifies a log
directory for nginx.
fast_track: Boolean setting to enable ironic to leverage an already running
agent on the host being deployed such that deployment can begin
immediately as opposed to waiting for a complete system reboot.
power_off_after_inspection: Boolean setting governing the behavior
of ironic-inspector's processing.
The default is to not power-off machines
effectively enabling the Inspection to
Deployment without the need to reboot
the physical machine.
enable_credential_less_deploy: Boolean setting that enables the experimental
feature of deploying nodes without BMC
credentials. Discovery (if enabled) will be
configured to use the default hardware type
"manual-management" and the "agent" power
interface will be enabled.
### Hardware Inspection Support
Bifrost also supports the installation of ironic-inspector in standalone
mode, which enables the user to allow for identification of the system
properties via a workflow.
enable_inspector: Boolean value, default true. Set this value to false to
prevent installing ironic-inspector.
inspector_debug: Boolean value, default true. Enables debug level logging
for inspector. Note that this default may change in
future.
inspector_manage_firewall: Boolean value, default false. Controls whether
ironic-inspector should manage the firewall
rules of the host. Bifrost's installation playbook
adds the rule to permit the callback traffic,
so you shouldn't need to enable this.
inspector_port_addition: Defines which MAC addresses to add as ports during
introspection. Possible values are `all`, `active`,
and `pxe`. The default value is `pxe`.
inspector_keep_ports: Defines which ports on a node to keep after
introspection. Possible values are `all`, `present`,
and `added`. The default value is `present`.
inspector_store_ramdisk_logs: Boolean value, default true. Controls if the
inspector agent will retain logs from the
ramdisk that called the inspector service.
enable_inspector_discovery: Boolean value, default false. This instructs
inspector to add new nodes that are discovered
via PXE booting on the same network to ironic.
inspector_default_node_driver: The default driver to utilize when adding
discovered nodes to ironic.
The default value set by bifrost is
`ipmi`. Users should change this
setting for their install environment if
an alternative default driver is required.
inspector_extra_kernel_options: String value, default undefined. Extra
kernel parameters for the inspector default
PXE configuration.
inspector_processing_hooks: String value containing a comma-separated list,
default undefined. Use this to specify a
non-default list of comma-separated processing
hooks for inspector.
### Virtual Environment Install
Bifrost installs ironic and other services into a python virtual environment
using the following configuration options:
bifrost_venv_dir: The full path of the virtual environment directory. The
default value is /opt/stack/bifrost. When VENV is set in
the user's environment, its contents will be used to set
bifrost_venv_dir.
bifrost_venv_env: An environment dictionary that includes the environment
variables used to run commands which require the virtual
environment. The default values are derived from the
standard 'activate' script which virtualenv installs.
It is best not to reset this value unless you know you
need to.
ssh_private_key_path: Defines the path to the SSH private key file to be
placed as default ssh key for ironic user. Can be useful
when ironic requires ssh access to another server.
ssh_private_key: If a user wishes to define an SSH private key as a string,
this variable can be utilized which overrides the
ssh_private_key_path setting.
### Ironic Python Agent
ipa_download_headers: HTTP headers to use when downloading IPA.
### Changing Database Configuration
Bifrost utilizes a nested data stucture for the configuration of database.
Simply put:
- Values cannot be overrriden via set_fact.
- Values cannot be overrriden via the command line with ``-e``.
- The entire data structure must be defined if is modified.
Please see defaults/main.yml file for the structure named ``ironic``.
Please note, if the hostname is set to something besides``localhost``,
then the playbook will not attempt to create databases, database users,
and grant privileges.
Similarly, if hardware introspection support is installed, the
nearly identical data structure for inspector can be found in the
same file named ``ironic_inspector``.
Notes
-----
This role, by default, deploys an alternative boot.ipxe file to the one
that ironic deploys, and configures ironic to use this alternative file.
This is because not every boot case can be covered. If you encounter a
case where you find that you need to modify the file, please notify us
by filing a bug in Storyboard.
Bifrost's storyboard project is located at:
https://storyboard.openstack.org/#!/project/941
Dependencies
------------
None at this time.
Example Playbook
----------------
- hosts: localhost
connection: local
name: "Install ironic locally"
become: yes
gather_facts: yes
roles:
- role: bifrost-ironic-install
testing: true
network_interface: "virbr0"
License
-------
Copyright (c) 2015 Hewlett-Packard Development Company, L.P.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Author Information
------------------
Ironic Developers
View Git Blame Copy Permalink