47b59ca699
Co-Authored-By: Vasyl Saienko <vsaienko@mirantis.com> Change-Id: I334f3c6a4fcac744d28783b9a01d830f3fb8fe3d
309 lines
9.4 KiB
ReStructuredText
309 lines
9.4 KiB
ReStructuredText
..
|
|
This work is licensed under a Creative Commons Attribution 3.0 Unported
|
|
License.
|
|
|
|
http://creativecommons.org/licenses/by/3.0/legalcode
|
|
|
|
================================
|
|
Fuel integrate ironic
|
|
================================
|
|
|
|
https://blueprints.launchpad.net/fuel/+spec/fuel-integrate-ironic
|
|
|
|
|
|
Problem description
|
|
===================
|
|
|
|
Ironic is an OpenStack project which provisions bare metal (as opposed to
|
|
virtual) machines by leveraging common technologies such as PXE boot and
|
|
IPMI to cover a wide range of hardware, while supporting pluggable drivers
|
|
to allow vendor-specific functionality to be added.
|
|
A common use case is to deploy user images on baremetal hosts (skipping the
|
|
virtualization layer) with the help of Ironic driver in Nova, leveraging
|
|
better performance of such instances (e.g. member of a Hadoop cluster or
|
|
Docker host with multiple containers running).
|
|
|
|
Proposed change
|
|
===============
|
|
|
|
New 'Ironic' role will be added to Fuel which configure 'ironic-conductor',
|
|
tftp services on node. It can be assigned to controllers or non-controller
|
|
nodes. Once 'ironic' role is checked, it should add 'ironic-api' on all
|
|
controller nodes behind HA proxy. Having analyzed the Ironic use-cases, we
|
|
plan to support only Neutron VLAN with additional shared Flat Network for
|
|
baremetal nodes in MOS 7.0. This does not require all the environment to be
|
|
in a single VLAN, only baremetal nodes. At the cluster creation wizard page
|
|
new role 'ironic' - assigned to separate nodes where 'ironic-conductor' and
|
|
nova-compute with baremetal driver are deployed. We also need to add
|
|
additional block at cluster settings tab to configure baremetal subnet and
|
|
interface/vlan to which baremetal subnet is be mapped.
|
|
|
|
Ironic deployment is optional and must be implemented using granular
|
|
deployment mechanisms available in Fuel to be a separate task
|
|
not interfering with other deployment tasks.
|
|
Ironic API deployment should use separate custom role to facilitate later
|
|
decoupling of API services from controllers
|
|
(blueprint detach-components-from-controllers).
|
|
|
|
|
|
Alternatives
|
|
------------
|
|
|
|
None
|
|
|
|
Data model impact
|
|
-----------------
|
|
|
|
We have to store following data in settings:
|
|
|
|
- 'ironic' node role
|
|
- 'baremetal' subnet with its interface/vlan.
|
|
|
|
REST API impact
|
|
---------------
|
|
|
|
No REST API modifications needed.
|
|
|
|
Upgrade impact
|
|
--------------
|
|
|
|
It is new components, upgrade from previous versions will be transparent.
|
|
|
|
Security impact
|
|
---------------
|
|
|
|
- Since only Neutron shared Flat Network is supported there is no way to
|
|
filter Layer 2 traffic between baremetal nodes among tenants. It is
|
|
possible to perform Layer 2 attacks like MAC spoofing, traffic interception
|
|
etc among tenants. A user is still able to filter Layer 2 traffic on
|
|
baremetal node itself.
|
|
- Neutron FWAAS plugin can be used for Layer 3 and upper filtering.
|
|
- Additional filtering is needed to strict access from 'Baremetal'
|
|
network to other OpenStack networks such as 'admin', 'management' etc.
|
|
- Baremetal servers should have access to:
|
|
|
|
- Neutron dhcp/metadata
|
|
- Nova metadata service (for guest OS to be boot-time configurable)
|
|
- TFTP server (which is listening on 'ironic' node on baremetal network)
|
|
- TempURLs exposed by Swift (for downloading target user OS image)
|
|
- Ironic API (for 'I am ready' callback).
|
|
|
|
- Nodes with "ironic" role (conductors) should have access to baremetal
|
|
network.
|
|
|
|
HA impact
|
|
---------
|
|
|
|
Ironic API services must be put under HAProxy similar to other
|
|
OpenStack API services.
|
|
|
|
Ironic Conductor services implement their own HA setup based on DB timestamps.
|
|
Workloads assigned to a particular ironic-conductor service instance that
|
|
has failed are automatically re-assigned to other working ironic-conductor
|
|
service instances on the basis of consistent hash-ring algorithm.
|
|
Thus failover stability is dependent on overall HA implementation of DB layer.
|
|
Notifications on failed ironic-conductor service must be realized as part
|
|
of existing cluster monitoring solution (e.g. as Zabbix plugin).
|
|
Thus if deploying ironic role on separate nodes, overall at least 6 nodes
|
|
are needed for deployment in HA mode (3 controllers + 3 ironic nodes).
|
|
|
|
HW support impact
|
|
-----------------
|
|
|
|
Given blueprint fuel-bootstrap-on-ubuntu, its functionality
|
|
will be used to build a custom image to be used as bootstrap image for
|
|
baremetal deployment with Ironic during environment deployment with Fuel.
|
|
This image will basically be the same Fuel bootstrap image,
|
|
with the same kernel, sans packages/components that are not needed
|
|
for Fuel Agent (like nailgun agent etc).
|
|
It will be build as usual kernel/ramdisk image.
|
|
A more unified with new Fuel bootstrap approach with rootfs
|
|
downloadable over HTTP might be implemented in next MOS release.
|
|
|
|
Usage of such Fuel-bootstrap based image will ensure that the hardware
|
|
supported by Ironic baremetal deployment is the same as supported by
|
|
Fuel deployment.
|
|
|
|
Notifications impact
|
|
--------------------
|
|
|
|
Some modifications of the Cluster Creation Wizard needed. Add new 'ironic'
|
|
role. Need an additional setting block inside cluster setting tab for filling
|
|
up 'baremetal' network and its interface/vlan.
|
|
|
|
Other end user impact
|
|
---------------------
|
|
|
|
Deployer will be able to assign 'ironic' role to controller or non-controller
|
|
nodes. If 'ironic' role is assigned, Deployer must fill up more detail
|
|
information in cluster setting tab or keep default settings.
|
|
|
|
Performance Impact
|
|
------------------
|
|
|
|
None.
|
|
|
|
Other deployer impact
|
|
---------------------
|
|
|
|
None.
|
|
|
|
Developer impact
|
|
----------------
|
|
|
|
Ironic is community supported official project, so there is no additional
|
|
impact for Developers.
|
|
|
|
Implementation
|
|
==============
|
|
|
|
Assignee(s)
|
|
-----------
|
|
|
|
Primary assignee:
|
|
ashestakov
|
|
|
|
Other contributors:
|
|
vsaienko
|
|
|
|
QA engineers:
|
|
kromanenko
|
|
|
|
Design reviewers:
|
|
pshchelokovskyy
|
|
yzveryanskyy
|
|
|
|
Mandatory design review:
|
|
tnapierala
|
|
vkuklin
|
|
|
|
Work Items
|
|
----------
|
|
|
|
* Modify Cluster Creation Wizard page. Add 'ironic' role and test it.
|
|
* Modify Cluster setting tab. Add 'Baremetal' settings information forms
|
|
and test it.
|
|
* Integrate new role to puppet manifests.
|
|
* Update core puppet manifests from upstream projects.
|
|
* Describe a test environment and additional System tests.
|
|
* Set up a test environment and provide System tests.
|
|
* Set up additional Jenkins jobs for System tests.
|
|
|
|
High-level list of changes to deployed components
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
* DB
|
|
|
|
* add Ironic required tables
|
|
|
|
* controllers
|
|
|
|
* Ironic
|
|
|
|
* install python-ironicclient
|
|
* install ironic-api
|
|
|
|
* plug ironic-api in HAProxy
|
|
|
|
|
|
* Nova
|
|
|
|
* configure to use IronicHostManager
|
|
* configure to use baremetal scheduler filters
|
|
|
|
* Ironic role
|
|
|
|
* Ironic
|
|
|
|
* install ironic-conductor
|
|
* install ironic-fuelagent-driver
|
|
* install TFTP server
|
|
|
|
* Nova
|
|
|
|
* install python-ironicclient
|
|
* install nova-compute
|
|
|
|
* configure to use ironic-virt-driver
|
|
* configure to use Ironic's ClusteredComputeManager
|
|
|
|
|
|
* Fuel master
|
|
|
|
* build Ironic bootstrap image
|
|
* upload Ironic bootstrap image to Glance
|
|
|
|
* Zabbix
|
|
|
|
* add plugin for ironic-api
|
|
* add plugin for ironic-conductors
|
|
|
|
|
|
Dependencies
|
|
============
|
|
|
|
https://blueprints.launchpad.net/fuel/+spec/granular-network-functions
|
|
|
|
https://blueprints.launchpad.net/fuel/+spec/baremetal-deploy-ironic
|
|
|
|
Testing
|
|
=======
|
|
|
|
* Manual testing and acceptance criteria:
|
|
|
|
- Fuel can assign 'ironic' roles to discovered nodes.
|
|
- Admin plug servers to 'baremetal' network, make sure that IPMI
|
|
interfaces are accessible from controller.
|
|
- Admin user of deployed OpenStack environment can register baremetal
|
|
nodes via ironic-client.
|
|
- The ordinary user is able to deploy a nova instance to a baremetal
|
|
node via the Ironic baremetal driver.
|
|
- The user should be able to concurrently deploy several baremetal
|
|
nodes.
|
|
|
|
* Automated testing, OSTF:
|
|
|
|
- As the test run depends on what exactly are actual parameters of
|
|
the baremetal nodes (HW MAC address and other host capabilities,
|
|
IPMI credentials), it seems really hard to implement an automatic
|
|
testing framework that will test the real Ironic drivers. The
|
|
automated testing instead would use virtual Ironic environments
|
|
to test the Ironic inner workings only.
|
|
|
|
* Testing at Scale:
|
|
|
|
* For load testing an environment with several/many available extra
|
|
baremetal nodes is required to test concurrent provisioning workload
|
|
to several baremetal nodes. In our Scale lab it might be possible to
|
|
test Ironic automatically if a tool/script could be created to
|
|
collect data on some nodes and register those with Ironic service of
|
|
the deployed OpenStack environment. Then it would be possible to
|
|
test Ironic scalability and performance at our Scale lab following
|
|
next simplified scenario:
|
|
|
|
- Create an environment with e.g. 100 nodes, 3 of them controllers,
|
|
2 with “ironic” role.
|
|
- Run the above mentioned tool to register 95 nodes in Ironic.
|
|
- Upload an image suitable for baremetal deployment to Glance.
|
|
- Boot 95 baremetal servers via Nova.
|
|
|
|
* A Rally scenario must also be created to automate such testing.
|
|
|
|
Documentation Impact
|
|
====================
|
|
|
|
* The documentation should describe how to set up Ironic via Fuel. Add
|
|
baremetal nodes to ironic database, prepare images and do provisioning.
|
|
|
|
* The documentation should warn about possible security issues with shared
|
|
Flat network setup.
|
|
|
|
|
|
References
|
|
==========
|
|
|
|
http://docs.openstack.org/developer/ironic/deploy/user-guide.html
|
|
|
|
https://wiki.openstack.org/wiki/Ironic
|
|
|