From ee596db56ed0ac99a8edfce9155a0552d57d757f Mon Sep 17 00:00:00 2001
From: Vasyl Saienko <vsaienko@mirantis.com>
Date: Mon, 13 Mar 2017 15:41:09 +0200
Subject: [PATCH] Add Ironic multitenancy support

This patch removes hardcoded type for 'baremetal' Neutron network.
Update ironic conductor config with new config option:
  * enabled_network_interfaces - list of enabled network interfaces on
    Ironic conductor
  * cleaning_network_name - name of Neutron network to be used
    during node cleaning
  * provisioning_network_name - name of Neutron network to be used
    during node provisioning

Add openrc generation task for nodes with ironic role, needed as it is
required for translation from name to uuid.

Change-Id: I63da8332cade0e76bdd687f0522bbc4c3006a68f
Related-Bug: #1588380
---
 .../openstack_tasks/examples/keystone/tasks.yaml    |  2 +-
 .../openstack_tasks/examples/roles/tasks.yaml       |  6 ++++--
 .../manifests/openstack_network/networks.pp         | 10 +++++++++-
 .../manifests/roles/ironic_conductor.pp             | 13 ++++++++++---
 .../puppet/osnailyfacter/modular/ssl/tasks.yaml     |  6 +++---
 .../spec/hosts/openstack-network/networks_spec.rb   | 11 +++++++++--
 .../noop/spec/hosts/roles/ironic-conductor_spec.rb  | 12 ++++++++++--
 7 files changed, 46 insertions(+), 14 deletions(-)

diff --git a/deployment/puppet/openstack_tasks/examples/keystone/tasks.yaml b/deployment/puppet/openstack_tasks/examples/keystone/tasks.yaml
index c45535edf4..9a8bedcaaf 100644
--- a/deployment/puppet/openstack_tasks/examples/keystone/tasks.yaml
+++ b/deployment/puppet/openstack_tasks/examples/keystone/tasks.yaml
@@ -37,7 +37,7 @@
 - id: keystone-openrc-generate
   type: puppet
   version: 2.2.0
-  tags: [primary-controller, controller, primary-neutron, neutron]
+  tags: [primary-controller, controller, primary-neutron, neutron, ironic]
   requires: [openrc-delete, primary-keystone, keystone]
   cross-depends:
     - name: openrc-delete
diff --git a/deployment/puppet/openstack_tasks/examples/roles/tasks.yaml b/deployment/puppet/openstack_tasks/examples/roles/tasks.yaml
index 4d80f09924..71729f02eb 100644
--- a/deployment/puppet/openstack_tasks/examples/roles/tasks.yaml
+++ b/deployment/puppet/openstack_tasks/examples/roles/tasks.yaml
@@ -148,10 +148,10 @@
 
 - id: ironic-conductor
   type: puppet
-  version: 2.1.0
+  version: 2.2.0
   groups: [ironic]
   required_for: [deploy_end]
-  requires: [hosts, firewall]
+  requires: [hosts, firewall, keystone-openrc-generate]
   condition:
     yaql_exp: >
       $.ironic.enabled and changedAny($.network_scheme, $.ironic,
@@ -167,6 +167,8 @@
     - name: ironic-api
     - name: ironic-db
     - name: /^(primary-)?rabbitmq$/
+    - name: openstack-network-networks
+      role: ["/^(primary-)?neutron$/"]
   parameters:
     puppet_manifest: /etc/puppet/modules/openstack_tasks/examples/roles/ironic-conductor.pp
     puppet_modules: /etc/puppet/modules
diff --git a/deployment/puppet/openstack_tasks/manifests/openstack_network/networks.pp b/deployment/puppet/openstack_tasks/manifests/openstack_network/networks.pp
index d0d3467790..54f6b466ee 100644
--- a/deployment/puppet/openstack_tasks/manifests/openstack_network/networks.pp
+++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/networks.pp
@@ -88,10 +88,18 @@ class openstack_tasks::openstack_network::networks {
     $baremetal_router_external = dig44($nets, ['baremetal', 'L2', 'router_ext'])
     $baremetal_shared          = dig44($nets, ['baremetal', 'shared'], false)
 
+    $ironic_settings_hash      = hiera_hash('ironic_settings', {})
+    $ironic_provision_network  = dig44($ironic_settings_hash, ['ironic_provision_network'], false)
+    if $ironic_provision_network {
+        $baremetal_provider_network_type = 'vlan'
+    } else {
+        $baremetal_provider_network_type = 'flat'
+    }
+
     neutron_network { 'baremetal' :
       ensure                    => 'present',
       provider_physical_network => $baremetal_physnet,
-      provider_network_type     => 'flat',
+      provider_network_type     => $baremetal_provider_network_type,
       provider_segmentation_id  => $baremetal_segment_id,
       router_external           => $baremetal_router_external,
       tenant_name               => $tenant_name,
diff --git a/deployment/puppet/openstack_tasks/manifests/roles/ironic_conductor.pp b/deployment/puppet/openstack_tasks/manifests/roles/ironic_conductor.pp
index 348d763d31..81c724023c 100644
--- a/deployment/puppet/openstack_tasks/manifests/roles/ironic_conductor.pp
+++ b/deployment/puppet/openstack_tasks/manifests/roles/ironic_conductor.pp
@@ -107,9 +107,16 @@ class openstack_tasks::roles::ironic_conductor {
   class { '::ironic::client': }
 
   class { '::ironic::conductor':
-    api_url            => "http://${baremetal_vip}:6385",
-    enabled_drivers    => ['fuel_ssh', 'fuel_ipmitool', 'fake', 'fuel_libvirt'],
-    swift_temp_url_key => $ironic_swift_tempurl_key,
+    api_url                   => "http://${baremetal_vip}:6385",
+    enabled_drivers           => ['fuel_ssh', 'fuel_ipmitool', 'fake', 'fuel_libvirt'],
+    swift_temp_url_key        => $ironic_swift_tempurl_key,
+    cleaning_network_name     => 'baremetal',
+    provisioning_network_name => 'baremetal',
+
+  }
+
+  class { '::ironic::drivers::interfaces':
+    enabled_network_interfaces => ['noop', 'flat', 'neutron']
   }
 
   class { '::ironic::drivers::pxe':
diff --git a/deployment/puppet/osnailyfacter/modular/ssl/tasks.yaml b/deployment/puppet/osnailyfacter/modular/ssl/tasks.yaml
index 3970cb8b21..601181d850 100644
--- a/deployment/puppet/osnailyfacter/modular/ssl/tasks.yaml
+++ b/deployment/puppet/osnailyfacter/modular/ssl/tasks.yaml
@@ -2,7 +2,7 @@
   type: puppet
   version: 2.2.0
   tags: [primary-controller, controller, compute, cinder, primary-mongo, mongo, ceph-osd, virt,
-         primary-keystone, keystone]
+         primary-keystone, keystone, ironic]
   requires: [firewall]
   condition:
     yaql_exp: >
@@ -22,7 +22,7 @@
   type: puppet
   version: 2.2.0
   tags: [primary-controller, controller, compute, cinder, primary-mongo, mongo, ceph-osd, virt,
-         primary-keystone, keystone]
+         primary-keystone, keystone, ironic]
   requires: [firewall, ssl-keys-saving]
   condition:
     yaql_exp: &public_ssl_enabled >
@@ -42,7 +42,7 @@
   version: 2.1.0
   groups: [primary-controller, controller, compute, cinder, primary-mongo, mongo, ceph-osd, virt,
            primary-rabbitmq, rabbitmq, primary-database, database,
-           primary-keystone, keystone, primary-neutron, neutron]
+           primary-keystone, keystone, primary-neutron, neutron, ironic]
   requires: [firewall, ssl-add-trust-chain]
   condition:
     yaql_exp: *public_ssl_enabled
diff --git a/tests/noop/spec/hosts/openstack-network/networks_spec.rb b/tests/noop/spec/hosts/openstack-network/networks_spec.rb
index eee6bb3918..1384882893 100644
--- a/tests/noop/spec/hosts/openstack-network/networks_spec.rb
+++ b/tests/noop/spec/hosts/openstack-network/networks_spec.rb
@@ -91,11 +91,18 @@ describe manifest do
         end
 
         context 'Ironic baremetal network', :if => nets.has_key?('baremetal') do
+          let(:baremetal_provider_network_type) do
+              if Noop.hiera_structure('ironic_settings/ironic_provision_network', false)
+                  'vlan'
+              else
+                  'flat'
+              end
+          end
           it 'should create baremetal network' do
-            should contain_neutron_network('baremetal').with(
+          should contain_neutron_network('baremetal').with(
               'ensure'                    => 'present',
               'provider_physical_network' => nets['baremetal']['L2']['physnet'],
-              'provider_network_type'     => 'flat',
+              'provider_network_type'     => baremetal_provider_network_type,
               'provider_segmentation_id'  => nets['baremetal']['L2']['segment_id'],
               'router_external'           => nets['baremetal']['L2']['router_ext'],
               'shared'                    => nets['baremetal']['shared'],
diff --git a/tests/noop/spec/hosts/roles/ironic-conductor_spec.rb b/tests/noop/spec/hosts/roles/ironic-conductor_spec.rb
index 76ff8a66ae..97af34a25c 100644
--- a/tests/noop/spec/hosts/roles/ironic-conductor_spec.rb
+++ b/tests/noop/spec/hosts/roles/ironic-conductor_spec.rb
@@ -38,11 +38,19 @@ describe manifest do
 
       it 'should declare ironic::conductor class correctly' do
         should contain_class('ironic::conductor').with(
-          'api_url'         => "http://#{baremetal_vip}:6385",
-          'enabled_drivers' => ['fuel_ssh', 'fuel_ipmitool', 'fake', 'fuel_libvirt'],
+          'api_url'                   => "http://#{baremetal_vip}:6385",
+          'enabled_drivers'           => ['fuel_ssh', 'fuel_ipmitool', 'fake', 'fuel_libvirt'],
+          'cleaning_network_name'     => "baremetal",
+          'provisioning_network_name' => "baremetal",
         )
       end
 
+      it 'should declare ironic::drivers:interfaces correctly' do
+          should contain_class('ironic::drivers::interfaces').with(
+              'enabled_network_interfaces' => ['noop', 'flat', 'neutron']
+          )
+      end
+
       it 'should configure the database connection string' do
         if facts[:os_package_type] == 'debian'
           extra_params = '?charset=utf8&read_timeout=60'