[Ironic] Add ironic conductor and compute

This change introduces new node role for Ironic.

On nodes with ironic role should works following services:
* ironic-conductor
* nova-compute with ironic compute_driver
* tftp server

Partially Implements: blueprint fuel-integrate-ironic
Change-Id: I448bbf5d77723003894373bdd917ea99d58b87fd

deployment/puppet/deployment_groups/tasks.yaml

@@ -130,3 +130,12 @@
   parameters:
     strategy:
       type: parallel
+
+- id: ironic
+  type: group
+  role: [ironic]
+  requires: [controller]
+  required_for: [deploy_end]
+  parameters:
+    strategy:
+      type: parallel

deployment/puppet/osnailyfacter/modular/firewall/tasks.yaml

@@ -1,6 +1,6 @@
 - id: firewall
   type: puppet
-  groups: [primary-controller, controller, cinder, cinder-vmware, compute, ceph-osd, primary-mongo, mongo]
+  groups: [primary-controller, controller, cinder, cinder-vmware, compute, ceph-osd, primary-mongo, mongo, ironic]
   required_for: [deploy_end]
   requires: [netconfig]
   parameters:

deployment/puppet/osnailyfacter/modular/fuel_pkgs/tasks.yaml

@@ -1,6 +1,6 @@
 - id: fuel_pkgs
   type: puppet
-  groups: [primary-controller, controller, cinder, cinder-vmware, compute, ceph-osd, primary-mongo, mongo]
+  groups: [primary-controller, controller, cinder, cinder-vmware, compute, ceph-osd, primary-mongo, mongo, ironic]
   requires: [deploy_start]
   required_for: [hiera]
   parameters:

deployment/puppet/osnailyfacter/modular/globals/tasks.yaml

@@ -2,7 +2,7 @@
   type: puppet
   groups: [primary-controller, controller,
            cinder, cinder-vmware, compute, ceph-osd,
-           primary-mongo, mongo, virt]
+           primary-mongo, mongo, virt, ironic]
   required_for: [deploy_end]
   requires: [hiera]
   parameters:

deployment/puppet/osnailyfacter/modular/hiera/tasks.yaml

@@ -1,6 +1,6 @@
 - id: hiera
   type: puppet
-  groups: [primary-controller, controller, cinder, cinder-vmware, compute, ceph-osd, primary-mongo, mongo, virt]
+  groups: [primary-controller, controller, cinder, cinder-vmware, compute, ceph-osd, primary-mongo, mongo, virt, ironic]
   requires: [deploy_start]
   required_for: [deploy_end]
   parameters:

deployment/puppet/osnailyfacter/modular/hosts/tasks.yaml

@@ -1,6 +1,6 @@
 - id: hosts
   type: puppet
-  groups: [primary-controller, controller, cinder,cinder-vmware, compute, ceph-osd, primary-mongo, mongo]
+  groups: [primary-controller, controller, cinder,cinder-vmware, compute, ceph-osd, primary-mongo, mongo, ironic]
   required_for: [deploy_end]
   requires: [netconfig]
   parameters:

deployment/puppet/osnailyfacter/modular/logging/tasks.yaml

@@ -1,6 +1,6 @@
 - id: logging
   type: puppet
-  groups: [primary-controller, controller, cinder, cinder-vmware, compute, ceph-osd, primary-mongo, mongo, virt]
+  groups: [primary-controller, controller, cinder, cinder-vmware, compute, ceph-osd, primary-mongo, mongo, virt, ironic]
   required_for: [deploy_end]
   requires: [globals]
   parameters:

deployment/puppet/osnailyfacter/modular/netconfig/tasks.yaml

@@ -1,6 +1,6 @@
 - id: netconfig
   type: puppet
-  groups: [primary-controller, controller, cinder, cinder-vmware, compute, ceph-osd, primary-mongo, mongo, virt]
+  groups: [primary-controller, controller, cinder, cinder-vmware, compute, ceph-osd, primary-mongo, mongo, virt, ironic]
   required_for: [deploy_end]
   requires: [tools]
   parameters:
@@ -14,7 +14,7 @@
 
 - id: connectivity_tests
   type: puppet
-  groups: [primary-controller, controller, cinder, cinder-vmware, compute, ceph-osd, primary-mongo, mongo, virt]
+  groups: [primary-controller, controller, cinder, cinder-vmware, compute, ceph-osd, primary-mongo, mongo, virt, ironic]
   required_for: [firewall, hosts]
   requires: [netconfig]
   parameters:

deployment/puppet/osnailyfacter/modular/roles/ironic-compute.pp

@@ -0,0 +1,98 @@
+#####################################################################################
+###  ironic-compute is additional compute role with compute_driver=ironic.        ###
+###  It can't be assigned with nova-compute to the same node. It doesn't include  ###
+###  openstack::compute class it is configured separately.                        ###
+#####################################################################################
+
+notice('MODULAR: ironic/ironic-compute.pp')
+
+$ironic_hash                    = hiera_hash('ironic', {})
+$nova_hash                      = hiera_hash('nova', {})
+$management_vip                 = hiera('management_vip')
+$database_vip                   = hiera('database_vip')
+$service_endpoint               = hiera('service_endpoint')
+$neutron_endpoint               = hiera('neutron_endpoint', $management_vip)
+$ironic_endpoint                = hiera('ironic_endpoint', $management_vip)
+$glance_api_servers             = hiera('glance_api_servers', "${management_vip}:9292")
+$debug                          = hiera('debug', false)
+$verbose                        = hiera('verbose', true)
+$use_syslog                     = hiera('use_syslog', true)
+$syslog_log_facility_ironic     = hiera('syslog_log_facility_ironic', 'LOG_LOCAL0')
+$syslog_log_facility_nova       = hiera('syslog_log_facility_nova', 'LOG_LOCAL6')
+$amqp_hosts                     = hiera('amqp_hosts')
+$rabbit_hash                    = hiera_hash('rabbit_hash')
+$nova_report_interval           = hiera('nova_report_interval')
+$nova_service_down_time         = hiera('nova_service_down_time')
+$neutron_config                 = hiera_hash('quantum_settings')
+
+$ironic_tenant                  = pick($ironic_hash['tenant'],'services')
+$ironic_user                    = pick($ironic_hash['auth_name'],'ironic')
+$ironic_user_password           = pick($ironic_hash['user_password'],'ironic')
+
+$db_host                        = pick($nova_hash['db_host'], $database_vip)
+$db_user                        = pick($nova_hash['db_user'], 'nova')
+$db_name                        = pick($nova_hash['db_name'], 'nova')
+$db_password                    = pick($nova_hash['db_password'], 'nova')
+$database_connection            = "mysql://${db_name}:${db_password}@${db_host}/${db_name}?read_timeout=60"
+
+$memcache_nodes                 = get_nodes_hash_by_roles(hiera('network_metadata'), hiera('memcache_roles'))
+$cache_server_ip                = ipsort(values(get_node_to_ipaddr_map_by_network_role($memcache_nodes,'mgmt/memcache')))
+$memcached_addresses            = suffix($cache_server_ip, inline_template(":<%= @cache_server_port %>"))
+$notify_on_state_change         = 'vm_and_task_state'
+
+
+class { '::nova':
+    install_utilities      => false,
+    ensure_package         => installed,
+    database_connection    => $database_connection,
+    rpc_backend            => 'nova.openstack.common.rpc.impl_kombu',
+    #FIXME(bogdando) we have to split amqp_hosts until all modules synced
+    rabbit_hosts           => split($amqp_hosts, ','),
+    rabbit_userid          => $rabbit_hash['user'],
+    rabbit_password        => $rabbit_hash['password'],
+    image_service          => 'nova.image.glance.GlanceImageService',
+    glance_api_servers     => $glance_api_servers,
+    verbose                => $verbose,
+    debug                  => $debug,
+    use_syslog             => $use_syslog,
+    log_facility           => $syslog_log_facility_nova,
+    state_path             => $nova_hash['state_path'],
+    report_interval        => $nova_report_interval,
+    service_down_time      => $nova_service_down_time,
+    notify_on_state_change => $notify_on_state_change,
+    memcached_servers      => $memcached_addresses,
+}
+
+
+class { '::nova::compute':
+  ensure_package            => installed,
+  enabled                   => true,
+  vnc_enabled               => false,
+  force_config_drive        => $nova_hash['force_config_drive'],
+  #NOTE(bogdando) default became true in 4.0.0 puppet-nova (was false)
+  neutron_enabled           => true,
+  default_availability_zone => $nova_hash['default_availability_zone'],
+  default_schedule_zone     => $nova_hash['default_schedule_zone'],
+  reserved_host_memory      => '0',
+}
+
+
+class { 'nova::compute::ironic':
+  admin_url         => "http://${service_endpoint}:35357/v2.0",
+  admin_user        => $ironic_user,
+  admin_tenant_name => $ironic_tenant,
+  admin_passwd      => $ironic_user_password,
+  api_endpoint      => "http://${ironic_endpoint}:6385/v1",
+}
+
+class { 'nova::network::neutron':
+  neutron_admin_password => $neutron_config['keystone']['admin_password'],
+  neutron_url            => "http://${neutron_endpoint}:9696",
+  neutron_admin_auth_url => "http://${service_endpoint}:35357/v2.0",
+}
+
+file { '/etc/nova/nova-compute.conf':
+  ensure  => absent,
+  require => Package['nova-compute'],
+} ~> Service['nova-compute']
+

deployment/puppet/osnailyfacter/modular/roles/ironic-conductor.pp

@@ -0,0 +1,121 @@
+notice('MODULAR: ironic/ironic-conductor.pp')
+
+$network_scheme             = hiera('network_scheme', {})
+prepare_network_config($network_scheme)
+$baremetal_address          = get_network_role_property('ironic/baremetal', 'ipaddr')
+$ironic_hash                = hiera_hash('ironic', {})
+$management_vip             = hiera('management_vip')
+
+$network_metadata           = hiera_hash('network_metadata', {})
+$baremetal_vip              = $network_metadata['vips']['baremetal']['ipaddr']
+
+$database_vip               = hiera('database_vip')
+$service_endpoint           = hiera('service_endpoint')
+$neutron_endpoint           = hiera('neutron_endpoint', $management_vip)
+$glance_api_servers         = hiera('glance_api_servers', "${management_vip}:9292")
+$amqp_hosts                 = hiera('amqp_hosts')
+$rabbit_hosts               = split($amqp_hosts, ',')
+$debug                      = hiera('debug', false)
+$verbose                    = hiera('verbose', true)
+$use_syslog                 = hiera('use_syslog', true)
+$syslog_log_facility_ironic = hiera('syslog_log_facility_ironic', 'LOG_USER')
+$rabbit_hash                = hiera_hash('rabbit_hash')
+$rabbit_ha_queues           = hiera('rabbit_ha_queues')
+
+$ironic_tenant              = pick($ironic_hash['tenant'],'services')
+$ironic_user                = pick($ironic_hash['auth_name'],'ironic')
+$ironic_user_password       = pick($ironic_hash['user_password'],'ironic')
+$ironic_swift_tempurl_key   = pick($ironic_hash['swift_tempurl_key'],'ironic')
+
+$db_host                    = pick($ironic_hash['db_host'], $database_vip)
+$db_user                    = pick($ironic_hash['db_user'], 'ironic')
+$db_name                    = pick($ironic_hash['db_name'], 'ironic')
+$db_password                = pick($ironic_hash['db_password'], 'ironic')
+$database_connection        = "mysql://${db_name}:${db_password}@${db_host}/${db_name}?charset=utf8&read_timeout=60"
+
+$tftp_root                  = '/var/lib/ironic/tftpboot'
+
+package { 'ironic-fa-deploy':
+  ensure => 'present',
+}
+
+class { '::ironic':
+  verbose             => $verbose,
+  debug               => $debug,
+  enabled_drivers     => ['fuel_ssh', 'fuel_ipmitool', 'fake'],
+  rabbit_hosts        => $rabbit_hosts,
+  rabbit_userid       => $rabbit_hash['user'],
+  rabbit_password     => $rabbit_hash['password'],
+  amqp_durable_queues => $rabbit_ha_queues,
+  use_syslog          => $use_syslog,
+  log_facility        => $syslog_log_facility_ironic,
+  database_connection => $database_connection,
+  glance_api_servers  => $glance_api_servers,
+}
+
+class { '::ironic::client': }
+
+class { '::ironic::conductor': }
+
+class { '::ironic::drivers::pxe':
+  tftp_server      => $baremetal_address,
+  tftp_root        => $tftp_root,
+  tftp_master_path => "${tftp_root}/master_images",
+}
+
+ironic_config {
+  'neutron/url':                          value => "http://${neutron_endpoint}:9696";
+  'keystone_authtoken/auth_uri':          value => "http://${service_endpoint}:5000/";
+  'keystone_authtoken/auth_host':         value => $service_endpoint;
+  'keystone_authtoken/admin_tenant_name': value => $ironic_tenant;
+  'keystone_authtoken/admin_user':        value => $ironic_user;
+  'keystone_authtoken/admin_password':    value => $ironic_user_password, secret => true;
+  'glance/swift_temp_url_key':            value => $ironic_swift_tempurl_key;
+  'glance/swift_endpoint_url':            value => "http://${baremetal_vip}:8080";
+  'conductor/api_url':                    value => "http://${baremetal_vip}:6385";
+}
+
+file { $tftp_root:
+  ensure  => directory,
+  owner   => 'ironic',
+  group   => 'ironic',
+  mode    => '0755',
+  require => Class['ironic'],
+}
+
+file { "${tftp_root}/pxelinux.0":
+  ensure  => present,
+  source  => '/usr/lib/syslinux/pxelinux.0',
+  require => Package['syslinux'],
+}
+
+file { "${tftp_root}/map-file":
+  content => "r ^([^/]) ${tftp_root}/\\1",
+}
+
+class { '::tftp':
+  username  => 'ironic',
+  directory => $tftp_root,
+  options   => "--map-file ${tftp_root}/map-file",
+  inetd     => false,
+  require   => File["${tftp_root}/map-file"],
+}
+
+package { 'syslinux':
+  ensure => 'present',
+}
+
+package { 'ipmitool':
+  ensure => 'present',
+  before => Class['::ironic::conductor'],
+}
+
+file { "/etc/ironic/fuel_key":
+  ensure  => present,
+  source  => '/var/lib/astute/ironic/ironic',
+  owner   => 'ironic',
+  group   => 'ironic',
+  mode    => '0600',
+  require => Class['ironic'],
+}
+

deployment/puppet/osnailyfacter/modular/roles/tasks.yaml

@@ -46,3 +46,23 @@
     puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/roles/mongo.pp
     puppet_modules: /etc/puppet/modules
     timeout: 3600
+
+- id: ironic-conductor
+  type: puppet
+  groups: [ironic]
+  required_for: [deploy_end]
+  requires: [hosts, firewall]
+  parameters:
+    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/roles/ironic-conductor.pp
+    puppet_modules: /etc/puppet/modules
+    timeout: 3600
+
+- id: ironic-compute
+  type: puppet
+  groups: [ironic]
+  required_for: [deploy_end]
+  requires: [hosts, firewall]
+  parameters:
+    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/roles/ironic-compute.pp
+    puppet_modules: /etc/puppet/modules
+    timeout: 3600

deployment/puppet/osnailyfacter/modular/tools/tasks.yaml

@@ -1,6 +1,6 @@
 - id: tools
   type: puppet
-  groups: [primary-controller, controller, cinder, cinder-vmware, compute, ceph-osd, primary-mongo, mongo, virt]
+  groups: [primary-controller, controller, cinder, cinder-vmware, compute, ceph-osd, primary-mongo, mongo, virt, ironic]
   required_for: [deploy_end]
   requires: [logging]
   parameters:

tests/noop/spec/hosts/roles/ironic-compute_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+require 'shared-examples'
+manifest = 'roles/ironic-compute.pp'
+
+describe manifest do
+  shared_examples 'catalog' do
+    ironic_user_password = Noop.hiera_structure 'ironic/user_password'
+    ironic_enabled = Noop.hiera_structure 'ironic/enabled'
+
+    if ironic_enabled
+      it 'nova config should have correct nova_user_password' do
+        should contain_nova_config('ironic/admin_password').with(:value => ironic_user_password)
+        should contain_nova_config('DEFAULT/compute_driver').with(:value => 'ironic.IronicDriver')
+      end
+
+      it 'nova config should have reserved_host_memory_mb set to 0' do
+        should contain_nova_config('DEFAULT/reserved_host_memory_mb').with(:value => '0')
+      end
+    end
+  end
+
+  test_ubuntu_and_centos manifest
+end

tests/noop/spec/hosts/roles/ironic-conductor_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+require 'shared-examples'
+manifest = 'roles/ironic-conductor.pp'
+
+describe manifest do
+  shared_examples 'catalog' do
+    rabbit_user = Noop.hiera_structure 'rabbit/user', 'nova'
+    rabbit_password = Noop.hiera_structure 'rabbit/password'
+    ironic_enabled = Noop.hiera_structure 'ironic/enabled'
+
+    if ironic_enabled
+      it 'should ensure that ironic-fa-deploy is installed' do
+          should contain_package('ironic-fa-deploy').with('ensure' => 'present')
+      end
+
+      it 'should declare ironic class correctly' do
+        should contain_class('ironic').with(
+          'rabbit_userid'   => rabbit_user,
+          'rabbit_password' => rabbit_password,
+          'enabled_drivers' => ['fuel_ssh', 'fuel_ipmitool', 'fake'],
+        )
+      end
+
+      management_vip = Noop.hiera 'management_vip'
+      service_endpoint = Noop.hiera 'service_endpoint', management_vip
+      neutron_endpoint = Noop.hiera 'neutron_endpoint', service_endpoint
+      neutron_url = "http://#{neutron_endpoint}:9696"
+      ironic_user = Noop.hiera_structure 'ironic/user', 'ironic'
+      it 'ironic config should have propper config options' do
+        should contain_ironic_config('pxe/tftp_root').with('value' => '/var/lib/ironic/tftpboot')
+        should contain_ironic_config('neutron/url').with('value' => neutron_url)
+        should contain_ironic_config('keystone_authtoken/admin_user').with('value' => ironic_user)
+      end
+
+      tftp_root = '/var/lib/ironic/tftpboot'
+
+      it "should create #{tftp_root}/pxelinux.0" do
+        should contain_file("#{tftp_root}/pxelinux.0").with(
+          'ensure' => 'present',
+          'source' => '/usr/lib/syslinux/pxelinux.0'
+        ).that_requires('Package[syslinux]')
+      end
+
+    end #end of ironic_enabled
+  end #end of catalog
+
+  test_ubuntu_and_centos manifest
+end