Add support for multiple inspection subnets

Configure Inspector with the required tags and per-subnet dhcp router options to enable inspection of nodes reaching the undercloud via DHCP-relay on remote networks. Change-Id: Iba1cadf1d6eef6ba6c028f4ba1689da95047ccea Implements: blueprint tripleo-routed-networks-ironic-inspector
2018-01-13 16:48:14 +01:00 · 2018-01-13 16:48:14 +01:00 · a1d5484a18
parent be7cd8be8c
commit a1d5484a18
3 changed files with 49 additions and 5 deletions
--- a/elements/puppet-stack-config/puppet-stack-config.yaml.template
+++ b/elements/puppet-stack-config/puppet-stack-config.yaml.template
@ -573,8 +573,8 @@ ironic::inspector::swift_project_domain_name: 'Default'
 ironic::inspector::swift_user_domain_name: 'Default'
 ironic::inspector::swift_auth_url: "%{hiera('keystone_auth_uri')}"
 ironic::inspector::dnsmasq_local_ip: {{LOCAL_IP}}
-ironic::inspector::dnsmasq_ip_range: {{INSPECTION_IPRANGE}}
 ironic::inspector::dnsmasq_interface: {{INSPECTION_INTERFACE}}
+ironic::inspector::dnsmasq_ip_subnets: {{{INSPECTION_SUBNETS}}}
 ironic::inspector::ramdisk_collectors: {{INSPECTION_COLLECTORS}}
 ironic::inspector::additional_processing_hooks: 'extra_hardware,lldp_basic,local_link_connection'
 ironic::inspector::ramdisk_kernel_args: {{INSPECTION_KERNEL_ARGS}}
--- a/instack_undercloud/tests/test_undercloud.py
+++ b/instack_undercloud/tests/test_undercloud.py
@ -51,6 +51,8 @@ class BaseTestCase(base.BaseTestCase):
                     cfg.StrOpt('inspection_iprange'),
                     cfg.StrOpt('gateway')]
        self.conf.register_opts(self.opts, group=self.grp0)
+        self.grp1 = cfg.OptGroup(name='subnet1', title='subnet1')
+        self.gtp2 = cfg.OptGroup(name='subnet2', title='subnet2')
        self.conf.config(cidr='192.168.24.0/24',
                         dhcp_start='192.168.24.5', dhcp_end='192.168.24.24',
                         inspection_iprange='192.168.24.100,192.168.24.120',
@ -656,6 +658,37 @@ class TestGenerateEnvironment(BaseTestCase):
        env = undercloud._generate_environment('.')
        self.assertNotIn(env, 'DIB_YUM_REPO_CONF')

+    def test_inspection_ip_single_subnet(self):
+        env = undercloud._generate_environment('.')
+        reference = [{"tag": "ctlplane-subnet", "gateway": "192.168.24.1",
+                      "ip_range": "192.168.24.100,192.168.24.120",
+                      "netmask": "255.255.255.0"}]
+        actual = json.loads(env['INSPECTION_SUBNETS'])
+        self.assertEqual(reference, actual)
+
+    def test_inspection_ip_multiple_subnets(self):
+        self.conf.config(subnets=['subnet1', 'subnet2'])
+        self.conf.config(local_subnet='subnet1')
+        self.conf.register_opts(self.opts, group=self.grp1)
+        self.conf.register_opts(self.opts, group=self.gtp2)
+        self.conf.config(cidr='192.168.10.0/24', dhcp_start='192.168.10.10',
+                         dhcp_end='192.168.10.99',
+                         inspection_iprange='192.168.10.100,192.168.10.189',
+                         gateway='192.168.10.254', group='subnet1')
+        self.conf.config(cidr='192.168.20.0/24', dhcp_start='192.168.20.10',
+                         dhcp_end='192.168.20.99',
+                         inspection_iprange='192.168.20.100,192.168.20.189',
+                         gateway='192.168.20.254', group='subnet2')
+        env = undercloud._generate_environment('.')
+        reference = [{"tag": "subnet1", "gateway": "192.168.10.254",
+                      "ip_range": "192.168.10.100,192.168.10.189",
+                      "netmask": "255.255.255.0"},
+                     {"tag": "subnet2", "gateway": "192.168.20.254",
+                      "ip_range": "192.168.20.100,192.168.20.189",
+                      "netmask": "255.255.255.0"}]
+        actual = json.loads(env['INSPECTION_SUBNETS'])
+        self.assertEqual(reference, actual)
+

 class TestWritePasswordFile(BaseTestCase):
    def test_normal(self):
--- a/instack_undercloud/undercloud.py
+++ b/instack_undercloud/undercloud.py
@ -1157,7 +1157,7 @@ class InstackEnvironment(dict):
                    'ENABLED_RAID_INTERFACES', 'ENABLED_VENDOR_INTERFACES',
                    'ENABLED_MANAGEMENT_INTERFACES', 'SYSCTL_SETTINGS',
                    'LOCAL_IP_WRAPPED', 'ENABLE_ARCHITECTURE_PPC64LE',
-                    'INSPECTION_IPRANGE',
+                    'INSPECTION_SUBNETS',
                    }
    """The variables we calculate in _generate_environment call."""

@ -1261,6 +1261,19 @@ def _process_drivers_and_hardware_types(instack_env):
    instack_env['ENABLED_POWER_INTERFACES'] = _make_list(mgmt_interfaces)


+def _generate_inspection_subnets():
+    env_list = []
+    for subnet in CONF.subnets:
+        env_dict = {}
+        s = CONF.get(subnet)
+        env_dict['tag'] = subnet
+        env_dict['ip_range'] = s.inspection_iprange
+        env_dict['netmask'] = str(netaddr.IPNetwork(s.cidr).netmask)
+        env_dict['gateway'] = s.gateway
+        env_list.append(env_dict)
+    return json.dumps(env_list)
+
+
 def _generate_environment(instack_root):
    """Generate an environment dict for instack

@ -1347,11 +1360,9 @@ def _generate_environment(instack_root):
        inspection_kernel_args.append('ipa-collect-lldp=1')

    instack_env['INSPECTION_KERNEL_ARGS'] = ' '.join(inspection_kernel_args)
-    # TODO(hjensas): Remove this when switching to INSPECTION_SUBNETS
-    instack_env['INSPECTION_IPRANGE'] = CONF.get(
-        CONF.local_subnet).inspection_iprange

    _process_drivers_and_hardware_types(instack_env)
+    instack_env['INSPECTION_SUBNETS'] = _generate_inspection_subnets()

    instack_env['SYSCTL_SETTINGS'] = _generate_sysctl_settings()