Blueprint: fuel-integrate-ironic
Co-Authored-By: Vasyl Saienko <vsaienko@mirantis.com> Change-Id: I334f3c6a4fcac744d28783b9a01d830f3fb8fe3d
This commit is contained in:
parent
f9d6d5f31d
commit
47b59ca699
308
specs/7.0/fuel-integrate-ironic.rst
Normal file
308
specs/7.0/fuel-integrate-ironic.rst
Normal file
@ -0,0 +1,308 @@
|
||||
..
|
||||
This work is licensed under a Creative Commons Attribution 3.0 Unported
|
||||
License.
|
||||
|
||||
http://creativecommons.org/licenses/by/3.0/legalcode
|
||||
|
||||
================================
|
||||
Fuel integrate ironic
|
||||
================================
|
||||
|
||||
https://blueprints.launchpad.net/fuel/+spec/fuel-integrate-ironic
|
||||
|
||||
|
||||
Problem description
|
||||
===================
|
||||
|
||||
Ironic is an OpenStack project which provisions bare metal (as opposed to
|
||||
virtual) machines by leveraging common technologies such as PXE boot and
|
||||
IPMI to cover a wide range of hardware, while supporting pluggable drivers
|
||||
to allow vendor-specific functionality to be added.
|
||||
A common use case is to deploy user images on baremetal hosts (skipping the
|
||||
virtualization layer) with the help of Ironic driver in Nova, leveraging
|
||||
better performance of such instances (e.g. member of a Hadoop cluster or
|
||||
Docker host with multiple containers running).
|
||||
|
||||
Proposed change
|
||||
===============
|
||||
|
||||
New 'Ironic' role will be added to Fuel which configure 'ironic-conductor',
|
||||
tftp services on node. It can be assigned to controllers or non-controller
|
||||
nodes. Once 'ironic' role is checked, it should add 'ironic-api' on all
|
||||
controller nodes behind HA proxy. Having analyzed the Ironic use-cases, we
|
||||
plan to support only Neutron VLAN with additional shared Flat Network for
|
||||
baremetal nodes in MOS 7.0. This does not require all the environment to be
|
||||
in a single VLAN, only baremetal nodes. At the cluster creation wizard page
|
||||
new role 'ironic' - assigned to separate nodes where 'ironic-conductor' and
|
||||
nova-compute with baremetal driver are deployed. We also need to add
|
||||
additional block at cluster settings tab to configure baremetal subnet and
|
||||
interface/vlan to which baremetal subnet is be mapped.
|
||||
|
||||
Ironic deployment is optional and must be implemented using granular
|
||||
deployment mechanisms available in Fuel to be a separate task
|
||||
not interfering with other deployment tasks.
|
||||
Ironic API deployment should use separate custom role to facilitate later
|
||||
decoupling of API services from controllers
|
||||
(blueprint detach-components-from-controllers).
|
||||
|
||||
|
||||
Alternatives
|
||||
------------
|
||||
|
||||
None
|
||||
|
||||
Data model impact
|
||||
-----------------
|
||||
|
||||
We have to store following data in settings:
|
||||
|
||||
- 'ironic' node role
|
||||
- 'baremetal' subnet with its interface/vlan.
|
||||
|
||||
REST API impact
|
||||
---------------
|
||||
|
||||
No REST API modifications needed.
|
||||
|
||||
Upgrade impact
|
||||
--------------
|
||||
|
||||
It is new components, upgrade from previous versions will be transparent.
|
||||
|
||||
Security impact
|
||||
---------------
|
||||
|
||||
- Since only Neutron shared Flat Network is supported there is no way to
|
||||
filter Layer 2 traffic between baremetal nodes among tenants. It is
|
||||
possible to perform Layer 2 attacks like MAC spoofing, traffic interception
|
||||
etc among tenants. A user is still able to filter Layer 2 traffic on
|
||||
baremetal node itself.
|
||||
- Neutron FWAAS plugin can be used for Layer 3 and upper filtering.
|
||||
- Additional filtering is needed to strict access from 'Baremetal'
|
||||
network to other OpenStack networks such as 'admin', 'management' etc.
|
||||
- Baremetal servers should have access to:
|
||||
|
||||
- Neutron dhcp/metadata
|
||||
- Nova metadata service (for guest OS to be boot-time configurable)
|
||||
- TFTP server (which is listening on 'ironic' node on baremetal network)
|
||||
- TempURLs exposed by Swift (for downloading target user OS image)
|
||||
- Ironic API (for 'I am ready' callback).
|
||||
|
||||
- Nodes with "ironic" role (conductors) should have access to baremetal
|
||||
network.
|
||||
|
||||
HA impact
|
||||
---------
|
||||
|
||||
Ironic API services must be put under HAProxy similar to other
|
||||
OpenStack API services.
|
||||
|
||||
Ironic Conductor services implement their own HA setup based on DB timestamps.
|
||||
Workloads assigned to a particular ironic-conductor service instance that
|
||||
has failed are automatically re-assigned to other working ironic-conductor
|
||||
service instances on the basis of consistent hash-ring algorithm.
|
||||
Thus failover stability is dependent on overall HA implementation of DB layer.
|
||||
Notifications on failed ironic-conductor service must be realized as part
|
||||
of existing cluster monitoring solution (e.g. as Zabbix plugin).
|
||||
Thus if deploying ironic role on separate nodes, overall at least 6 nodes
|
||||
are needed for deployment in HA mode (3 controllers + 3 ironic nodes).
|
||||
|
||||
HW support impact
|
||||
-----------------
|
||||
|
||||
Given blueprint fuel-bootstrap-on-ubuntu, its functionality
|
||||
will be used to build a custom image to be used as bootstrap image for
|
||||
baremetal deployment with Ironic during environment deployment with Fuel.
|
||||
This image will basically be the same Fuel bootstrap image,
|
||||
with the same kernel, sans packages/components that are not needed
|
||||
for Fuel Agent (like nailgun agent etc).
|
||||
It will be build as usual kernel/ramdisk image.
|
||||
A more unified with new Fuel bootstrap approach with rootfs
|
||||
downloadable over HTTP might be implemented in next MOS release.
|
||||
|
||||
Usage of such Fuel-bootstrap based image will ensure that the hardware
|
||||
supported by Ironic baremetal deployment is the same as supported by
|
||||
Fuel deployment.
|
||||
|
||||
Notifications impact
|
||||
--------------------
|
||||
|
||||
Some modifications of the Cluster Creation Wizard needed. Add new 'ironic'
|
||||
role. Need an additional setting block inside cluster setting tab for filling
|
||||
up 'baremetal' network and its interface/vlan.
|
||||
|
||||
Other end user impact
|
||||
---------------------
|
||||
|
||||
Deployer will be able to assign 'ironic' role to controller or non-controller
|
||||
nodes. If 'ironic' role is assigned, Deployer must fill up more detail
|
||||
information in cluster setting tab or keep default settings.
|
||||
|
||||
Performance Impact
|
||||
------------------
|
||||
|
||||
None.
|
||||
|
||||
Other deployer impact
|
||||
---------------------
|
||||
|
||||
None.
|
||||
|
||||
Developer impact
|
||||
----------------
|
||||
|
||||
Ironic is community supported official project, so there is no additional
|
||||
impact for Developers.
|
||||
|
||||
Implementation
|
||||
==============
|
||||
|
||||
Assignee(s)
|
||||
-----------
|
||||
|
||||
Primary assignee:
|
||||
ashestakov
|
||||
|
||||
Other contributors:
|
||||
vsaienko
|
||||
|
||||
QA engineers:
|
||||
kromanenko
|
||||
|
||||
Design reviewers:
|
||||
pshchelokovskyy
|
||||
yzveryanskyy
|
||||
|
||||
Mandatory design review:
|
||||
tnapierala
|
||||
vkuklin
|
||||
|
||||
Work Items
|
||||
----------
|
||||
|
||||
* Modify Cluster Creation Wizard page. Add 'ironic' role and test it.
|
||||
* Modify Cluster setting tab. Add 'Baremetal' settings information forms
|
||||
and test it.
|
||||
* Integrate new role to puppet manifests.
|
||||
* Update core puppet manifests from upstream projects.
|
||||
* Describe a test environment and additional System tests.
|
||||
* Set up a test environment and provide System tests.
|
||||
* Set up additional Jenkins jobs for System tests.
|
||||
|
||||
High-level list of changes to deployed components
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
* DB
|
||||
|
||||
* add Ironic required tables
|
||||
|
||||
* controllers
|
||||
|
||||
* Ironic
|
||||
|
||||
* install python-ironicclient
|
||||
* install ironic-api
|
||||
|
||||
* plug ironic-api in HAProxy
|
||||
|
||||
|
||||
* Nova
|
||||
|
||||
* configure to use IronicHostManager
|
||||
* configure to use baremetal scheduler filters
|
||||
|
||||
* Ironic role
|
||||
|
||||
* Ironic
|
||||
|
||||
* install ironic-conductor
|
||||
* install ironic-fuelagent-driver
|
||||
* install TFTP server
|
||||
|
||||
* Nova
|
||||
|
||||
* install python-ironicclient
|
||||
* install nova-compute
|
||||
|
||||
* configure to use ironic-virt-driver
|
||||
* configure to use Ironic's ClusteredComputeManager
|
||||
|
||||
|
||||
* Fuel master
|
||||
|
||||
* build Ironic bootstrap image
|
||||
* upload Ironic bootstrap image to Glance
|
||||
|
||||
* Zabbix
|
||||
|
||||
* add plugin for ironic-api
|
||||
* add plugin for ironic-conductors
|
||||
|
||||
|
||||
Dependencies
|
||||
============
|
||||
|
||||
https://blueprints.launchpad.net/fuel/+spec/granular-network-functions
|
||||
|
||||
https://blueprints.launchpad.net/fuel/+spec/baremetal-deploy-ironic
|
||||
|
||||
Testing
|
||||
=======
|
||||
|
||||
* Manual testing and acceptance criteria:
|
||||
|
||||
- Fuel can assign 'ironic' roles to discovered nodes.
|
||||
- Admin plug servers to 'baremetal' network, make sure that IPMI
|
||||
interfaces are accessible from controller.
|
||||
- Admin user of deployed OpenStack environment can register baremetal
|
||||
nodes via ironic-client.
|
||||
- The ordinary user is able to deploy a nova instance to a baremetal
|
||||
node via the Ironic baremetal driver.
|
||||
- The user should be able to concurrently deploy several baremetal
|
||||
nodes.
|
||||
|
||||
* Automated testing, OSTF:
|
||||
|
||||
- As the test run depends on what exactly are actual parameters of
|
||||
the baremetal nodes (HW MAC address and other host capabilities,
|
||||
IPMI credentials), it seems really hard to implement an automatic
|
||||
testing framework that will test the real Ironic drivers. The
|
||||
automated testing instead would use virtual Ironic environments
|
||||
to test the Ironic inner workings only.
|
||||
|
||||
* Testing at Scale:
|
||||
|
||||
* For load testing an environment with several/many available extra
|
||||
baremetal nodes is required to test concurrent provisioning workload
|
||||
to several baremetal nodes. In our Scale lab it might be possible to
|
||||
test Ironic automatically if a tool/script could be created to
|
||||
collect data on some nodes and register those with Ironic service of
|
||||
the deployed OpenStack environment. Then it would be possible to
|
||||
test Ironic scalability and performance at our Scale lab following
|
||||
next simplified scenario:
|
||||
|
||||
- Create an environment with e.g. 100 nodes, 3 of them controllers,
|
||||
2 with “ironic” role.
|
||||
- Run the above mentioned tool to register 95 nodes in Ironic.
|
||||
- Upload an image suitable for baremetal deployment to Glance.
|
||||
- Boot 95 baremetal servers via Nova.
|
||||
|
||||
* A Rally scenario must also be created to automate such testing.
|
||||
|
||||
Documentation Impact
|
||||
====================
|
||||
|
||||
* The documentation should describe how to set up Ironic via Fuel. Add
|
||||
baremetal nodes to ironic database, prepare images and do provisioning.
|
||||
|
||||
* The documentation should warn about possible security issues with shared
|
||||
Flat network setup.
|
||||
|
||||
|
||||
References
|
||||
==========
|
||||
|
||||
http://docs.openstack.org/developer/ironic/deploy/user-guide.html
|
||||
|
||||
https://wiki.openstack.org/wiki/Ironic
|
||||
|
Loading…
Reference in New Issue
Block a user