From a46be77560f9663f700069cf310dc474abb7e361 Mon Sep 17 00:00:00 2001 From: Gabriel Adrian Samfira Date: Mon, 14 Sep 2020 10:02:10 +0000 Subject: [PATCH] Add ironic charms specification Change-Id: Ie5694538fc1b81e7e7b80db6bb76f003c1e90b6a --- specs/victoria/approved/charm-ironic.rst | 226 +++++++++++++++++++++++ 1 file changed, 226 insertions(+) create mode 100644 specs/victoria/approved/charm-ironic.rst diff --git a/specs/victoria/approved/charm-ironic.rst b/specs/victoria/approved/charm-ironic.rst new file mode 100644 index 0000000..ad769e7 --- /dev/null +++ b/specs/victoria/approved/charm-ironic.rst @@ -0,0 +1,226 @@ +.. + Copyright 2020, Canonical Ltd. + + This work is licensed under a Creative Commons Attribution 3.0 + Unported License. + http://creativecommons.org/licenses/by/3.0/legalcode + +.. + This template should be in ReSTructured text. Please do not delete + any of the sections in this template. If you have nothing to say + for a whole section, just write: "None". For help with syntax, see + http://sphinx-doc.org/rest.html To test out your formatting, see + http://www.tele3.cz/jbar/rest/rest.html + +====== +Ironic +====== + +Ironic is the OpenStack bare metal provisioning project, which aims to +provision bare metal servers instead of virtual machines. It integrates +well with existing OpenStack deployments and can function along side +existing Nova deployments, enabling both virtual and physical deployments +in the same tenancy. + + +Problem Description +=================== + +There is currently no charm that lets you easily deploy Ironic as part of +Charmed OpenStack. + +Proposed Change +=============== + +Implement a set of reactive charms that enables the deployment of all required +Ironic components. Changes will also be made to existing charms to integrate +with the new Ironic charms. + +Baseline supported OpenStack version will be Train. + +Alternatives +------------ + +None + +Implementation +============== + +The implementation consists of the following new charms: + +- ironic-api + + - Provides the Ironic API. OpenStack administrators and nova-compute will + call into this API to add, provision, clean and rescue bare metal nodes. + + - Requires relations to AMQP, database and keystone. + +- ironic-conductor + + - Manages the lifecycle of bare metal nodes. Implements the various power + drivers for the bare metal nodes. + + - Provides TFTP server for legacy PXE deployments. + + - Provides a HTTP server for iPXE deployments. + + - Can deploy bare metal nodes using iSCSI deploy (requires conductor to be + deployed on bare metal) or local deploy (requires Glance with Swift storage + backend, and temporary URL support). + + - Requires relations to AMQP, database and keystone. + +- neutron-api-plugin-ironic + + - Enables tight integration between Ironic and Neutron. + + - Enables the bare metal mechanism driver in neutron-server. + + - Starts a neutron ironic agent. + + - This will be a subordinate charm, attached to the neutron-api charm, + which will enable the above mentioned features. + +The implementation also requires changes to the following charms: + + +- ceph-radosgw + + - The ``object-store`` interface needs to be added to ``ceph-radosgw`` in + order to allow ``glance`` to consume object storage as a backend for + images. + +- glance + + - Multi backend support needs to be added to glance. Ironic requires access + to OS images, stored inside an object storage system that allows the + creation of `temporary URLs `_ + + - Creating a relation to ``ceph-radosgw`` or ``swift`` will enable ``glance`` + to store images in object storage. Local storage will also be enabled. + + - Order of preference for default backend to store images will be: + + - RBD + + - Object storage + + - Local + + - If a relation to RBD exists, this will be set as a default. If a relation + to ``object-store`` exists, but not ``RBD``, then swift will be used. + If no relation exists to either ``RBD`` or ``object-store``, local storage + will be used. + + - Operators will still be able to explicitly upload to one of the enabled + storage backends by passing the ``--store`` flag when creating an image. + +- nova-compute + + - When not deploying Ironic as a stand-alone service, Nova acts as a + front-end, and scheduler. A key piece of this enablement is the + ``ironic virt driver``, which is acts as a client that calls into + ``ironic-api`` when an operator requests a new bare metal instance. + + - ``nova-compute`` charm will be extended to allow setting the ``ironic`` + virt type. This will enable the proper virt driver in ``nova-compute.conf`` + and add any needed config sections to nova. + + - A relation to ``ironic-api`` will be mandatory when the ironic virt driver + will be in use. This will block the ``nova-compute`` charm, until the + ``ironic-api`` will be ready. The nova-compute service will otherwise fail, + and will need manual intervention to restart it once ``ironic-api`` is + available. + + +Assignee(s) +----------- + +Primary assignee: + gabriel-samfira + +Gerrit Topic +------------ + +Use Gerrit topic "ironic-charm" for all patches related to this spec. + +.. code-block:: bash + + git-review -t ironic-charm + +Work Items +---------- + +In addition to the items in the Implementation_ section, an ``ironic-api`` +interface will also be created. + +Repositories +------------ + +- charm-ironic-api + +- charm-ironic-conductor + +- charm-neutron-api-plugin-ironic + +- charm-interface-ironic-api + +Documentation +------------- + +Each charm will contain a README with instructions on deploying the charm. + +In addition, an appendix will be added to the deployment guide which will +outline various deployment scenarios, hardware and networking requirements +and config options. + +Security +-------- + +- ``ironic-api`` + + - Requires keystone, database and rabbitmq credentials which will be + stored in ``ironic.conf`` + + - IPMI/BMC credentials for each bare metal node will be stored in the + database. + + - The API endpoints for Ironic will optionally be accessible via TLS, + either by creating a relation to Vault / easy-rsa, or by manually + supplying the TLS key/cert via config + +- ``ironic-conductor`` + + - Requires keystone, database and rabbitmq credentials which will be + stored in ``ironic.conf`` + +Testing +------- + +Code written or changed will be covered by unit tests; functional testing will +be implemented using the ``Zaza`` framework. + +Dependencies +============ + +- A new nova-compute-ironic package will need to be added. Alternatively a + different virtual driver package can be used, and the appropriate config + can be create from a template. + + - The nova-compute-ironic will provide an appropriate ``nova-compute.conf`` + with the ironic virtual driver enabled. The package will need to have + python3-ironicclient as a dependency, in addition to the dependencies + that come from python3-nova. + +- The networking-baremetal packages will need to be made available for all + supported OpenStack versions starting with OpenStack Train, in their + appropriate cloud archives, or PPAs. + +- Power drivers in Ironic, require dependencies to be satisfied. Power driver + dependencies are listed in `driver-requirements.txt `_ + + - Library versions for power drivers must be made available either in the + cloud archive for the OpenStack version that is being installed, or in a + separate PPA.