diff --git a/ansible/group_vars/all/bifrost b/ansible/group_vars/all/bifrost index 8f50d6fcf..720dc7e5f 100644 --- a/ansible/group_vars/all/bifrost +++ b/ansible/group_vars/all/bifrost @@ -55,21 +55,17 @@ kolla_bifrost_inspector_port_addition: "{{ inspector_port_addition }}" kolla_bifrost_inspector_extra_kernel_options: "{{ inspector_extra_kernel_options }}" # List of introspection rules for Bifrost's Ironic Inspector service. -kolla_bifrost_inspector_rules: - - "{{ inspector_rule_ipmi_credentials }}" - - "{{ inspector_rule_deploy_kernel }}" - - "{{ inspector_rule_deploy_ramdisk }}" - - "{{ inspector_rule_local_boot }}" - - "{{ inspector_rule_root_hint_init }}" - - "{{ inspector_rule_root_hint_serial }}" - - "{{ inspector_rule_set_pxe_interface_mac }}" - - "{{ inspector_rule_eno3_lldp_switch_port_desc_to_name }}" +kolla_bifrost_inspector_rules: "{{ inspector_rules }}" # Ironic inspector IPMI username to set. -kolla_bifrost_inspector_ipmi_username: +kolla_bifrost_inspector_ipmi_username: "{{ inspector_ipmi_username }}" # Ironic inspector IPMI password to set. -kolla_bifrost_inspector_ipmi_password: +kolla_bifrost_inspector_ipmi_password: "{{ inspector_ipmi_password }}" + +# Ironic inspector network interface name on which to check for an LLDP switch +# port description to use as the node's name. +kolla_bifrost_inspector_lldp_switch_port_interface: "{{ inspector_lldp_switch_port_interface }}" # Ironic inspector deployment kernel location. kolla_bifrost_inspector_deploy_kernel: "http://{{ provision_oc_net_name | net_ip }}:8080/ipa.vmlinuz" diff --git a/ansible/group_vars/all/inspector b/ansible/group_vars/all/inspector index 95e1e3117..bf51e2289 100644 --- a/ansible/group_vars/all/inspector +++ b/ansible/group_vars/all/inspector @@ -48,21 +48,13 @@ inspector_ipmi_username: # Ironic inspector IPMI password to set. inspector_ipmi_password: -# Ironic inspector deployment kernel location. -inspector_deploy_kernel: - -# Ironic inspector deployment ramdisk location. -inspector_deploy_ramdisk: +# Ironic inspector network interface name on which to check for an LLDP switch +# port description to use as the node's name. +inspector_lldp_switch_port_interface: ############################################################################### # Ironic inspector introspection rules configuration. -# Inspector rules use python string formatting. To escape a curly bracket we -# repeat it, but this also happens to be the Jinja2 variable start sequence. -# These variables make escaping rules slightly less hairy. -inspector_rule_escaped_left_curly: "{{ '{{' | replace('{{', '{{ \"{{\" }}') }}" -inspector_rule_escaped_right_curly: "{{ '}}' | replace('}}', '{{ \"}}\" }}') }}" - # Ironic inspector rule to set IPMI credentials. inspector_rule_ipmi_credentials: description: "Set IPMI driver_info if no credentials" @@ -74,10 +66,10 @@ inspector_rule_ipmi_credentials: actions: - action: "set-attribute" path: "driver_info/ipmi_username" - value: "{{ inspector_ipmi_username }}" + value: "{{ inspector_rule_var_ipmi_username }}" - action: "set-attribute" path: "driver_info/ipmi_password" - value: "{{ inspector_ipmi_password }}" + value: "{{ inspector_rule_var_ipmi_password }}" # Ironic inspector rule to set deployment kernel. inspector_rule_deploy_kernel: @@ -88,7 +80,7 @@ inspector_rule_deploy_kernel: actions: - action: "set-attribute" path: "driver_info/deploy_kernel" - value: "{{ inspector_deploy_kernel }}" + value: "{{ inspector_rule_var_deploy_kernel }}" # Ironic inspector rule to set deployment ramdisk. inspector_rule_deploy_ramdisk: @@ -99,7 +91,7 @@ inspector_rule_deploy_ramdisk: actions: - action: "set-attribute" path: "driver_info/deploy_ramdisk" - value: "{{ inspector_deploy_ramdisk }}" + value: "{{ inspector_rule_var_deploy_ramdisk }}" # Ironic inspector rule to set local boot capability inspector_rule_local_boot: @@ -149,18 +141,18 @@ inspector_rule_set_pxe_interface_mac: path: "extra/pxe_interface_mac" value: "{data[boot_interface]}" -# Ironic inspector rule to set the node's name from eno3's LLDP switch port -# description. -inspector_rule_eno3_lldp_switch_port_desc_to_name: - description: "Set node name from LLDP switch port description" +# Ironic inspector rule to set the node's name from an interface's LLDP switch +# port description. +inspector_rule_lldp_switch_port_desc_to_name: + description: "Set node name from {{ inspector_rule_var_lldp_switch_port_interface }} LLDP switch port description" conditions: - - field: "data://all_interfaces.eno3.lldp_processed.switch_port_description" + - field: "data://all_interfaces.{{ inspector_rule_var_lldp_switch_port_interface }}.lldp_processed.switch_port_description" op: "is-empty" invert: True actions: - action: "set-attribute" path: "name" - value: "{data[all_interfaces][eno3][lldp_processed][switch_port_description]}" + value: "{data[all_interfaces][{{ inspector_rule_var_lldp_switch_port_interface }}][lldp_processed][switch_port_description]}" # Ironic inspector rule to save introspection data to the node. inspector_rule_save_data: @@ -170,3 +162,20 @@ inspector_rule_save_data: - action: "set-attribute" path: "extra/introspection_data" value: "{data}" + +# List of default ironic inspector rules. +inspector_rules_default: + - "{{ inspector_rule_ipmi_credentials }}" + - "{{ inspector_rule_deploy_kernel }}" + - "{{ inspector_rule_deploy_ramdisk }}" + - "{{ inspector_rule_local_boot }}" + - "{{ inspector_rule_root_hint_init }}" + - "{{ inspector_rule_root_hint_serial }}" + - "{{ inspector_rule_set_pxe_interface_mac }}" + - "{{ inspector_rule_lldp_switch_port_desc_to_name }}" + +# List of additional ironic inspector rules. +inspector_rules_extra: [] + +# List of all ironic inspector rules. +inspector_rules: "{{ inspector_rules_default + inspector_rules_extra }}" diff --git a/ansible/overcloud-introspection-rules.yml b/ansible/overcloud-introspection-rules.yml new file mode 100644 index 000000000..5cc1f1231 --- /dev/null +++ b/ansible/overcloud-introspection-rules.yml @@ -0,0 +1,44 @@ +--- +- name: Ensure openstackclient is installed + # Only required to run on a single host. + hosts: controllers[0] + vars: + venv: "{{ ansible_env.PWD }}/shade-venv" + roles: + - role: openstackclient + openstackclient_venv: "{{ venv }}" + +- name: Ensure introspection rules are registered in Ironic Inspector + # Only required to run on a single host. + hosts: controllers[0] + vars: + venv: "{{ ansible_env.PWD }}/shade-venv" + pre_tasks: + - name: Retrieve the IPA kernel Glance image UUID + shell: > + source {{ venv }}/bin/activate && + openstack image show '{{ ipa_images_kernel_name }}' -f value -c id + changed_when: False + register: ipa_kernel_id + environment: "{{ openstack_auth_env }}" + + - name: Retrieve the IPA ramdisk Glance image UUID + shell: > + source {{ venv }}/bin/activate && + openstack image show '{{ ipa_images_ramdisk_name }}' -f value -c id + changed_when: False + register: ipa_ramdisk_id + environment: "{{ openstack_auth_env }}" + + roles: + - role: ironic-inspector-rules + ironic_inspector_venv: "{{ venv }}" + ironic_inspector_auth_type: "{{ openstack_auth_type }}" + ironic_inspector_auth: "{{ openstack_auth }}" + ironic_inspector_rules: "{{ inspector_rules }}" + # These variables may be referenced in the introspection rules. + inspector_rule_var_ipmi_username: "{{ inspector_ipmi_username }}" + inspector_rule_var_ipmi_password: "{{ inspector_ipmi_password }}" + inspector_rule_var_lldp_switch_port_interface: "{{ inspector_lldp_switch_port_interface }}" + inspector_rule_var_deploy_kernel: "{{ ipa_kernel_id.stdout }}" + inspector_rule_var_deploy_ramdisk: "{{ ipa_ramdisk_id.stdout }}" diff --git a/ansible/roles/openstackclient/defaults/main.yml b/ansible/roles/openstackclient/defaults/main.yml new file mode 100644 index 000000000..0918fa36a --- /dev/null +++ b/ansible/roles/openstackclient/defaults/main.yml @@ -0,0 +1,3 @@ +--- +# Path to a directory in which to create a virtualenv. +openstackclient_venv: diff --git a/ansible/roles/openstackclient/tasks/main.yml b/ansible/roles/openstackclient/tasks/main.yml new file mode 100644 index 000000000..17f969d61 --- /dev/null +++ b/ansible/roles/openstackclient/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: Ensure required packages are installed + yum: + name: "{{ item }}" + state: installed + become: True + with_items: + - gcc + - libffi-devel + - openssl-devel + - python-devel + - python-pip + - python-virtualenv + +- name: Ensure the latest version of pip is installed + pip: + name: "{{ item.name }}" + state: latest + virtualenv: "{{ openstackclient_venv }}" + with_items: + - { name: pip } + +- name: Ensure required Python packages are installed + pip: + name: "{{ item.name }}" + version: "{{ item.version | default(omit) }}" + state: present + virtualenv: "{{ openstackclient_venv }}" + with_items: + - name: python-openstackclient diff --git a/ansible/seed-introspection-rules.yml b/ansible/seed-introspection-rules.yml index 4d46b074d..bb5bf7d22 100644 --- a/ansible/seed-introspection-rules.yml +++ b/ansible/seed-introspection-rules.yml @@ -1,16 +1,19 @@ --- - name: Ensure introspection rules are registered in Bifrost hosts: seed + vars: + venv: "{{ ansible_env.PWD }}/shade-venv" roles: - role: ironic-inspector-rules - ironic_inspector_venv: "{{ ansible_env.PWD }}/shade-venv" + ironic_inspector_venv: "{{ venv }}" # No auth required for Bifrost. ironic_inspector_auth_type: None ironic_inspector_auth: {} ironic_inspector_url: "http://localhost:5050" ironic_inspector_rules: "{{ kolla_bifrost_inspector_rules }}" # These variables may be referenced in the introspection rules. - inspector_ipmi_username: "{{ kolla_bifrost_inspector_ipmi_username }}" - inspector_ipmi_password: "{{ kolla_bifrost_inspector_ipmi_password }}" - inspector_deploy_kernel: "{{ kolla_bifrost_inspector_deploy_kernel }}" - inspector_deploy_ramdisk: "{{ kolla_bifrost_inspector_deploy_ramdisk }}" + inspector_rule_var_ipmi_username: "{{ kolla_bifrost_inspector_ipmi_username }}" + inspector_rule_var_ipmi_password: "{{ kolla_bifrost_inspector_ipmi_password }}" + inspector_rule_var_lldp_switch_port_interface: "{{ kolla_bifrost_inspector_lldp_switch_port_interface }}" + inspector_rule_var_deploy_kernel: "{{ kolla_bifrost_inspector_deploy_kernel }}" + inspector_rule_var_deploy_ramdisk: "{{ kolla_bifrost_inspector_deploy_ramdisk }}" diff --git a/etc/kayobe/bifrost.yml b/etc/kayobe/bifrost.yml index c7ac96526..9c590bcd3 100644 --- a/etc/kayobe/bifrost.yml +++ b/etc/kayobe/bifrost.yml @@ -59,6 +59,10 @@ # Ironic inspector IPMI password to set. #kolla_bifrost_inspector_ipmi_password: +# Ironic inspector network interface name on which to check for an LLDP switch +# port description to use as the node's name. +#kolla_bifrost_inspector_lldp_switch_port_interface: + # Ironic inspector deployment kernel location. #kolla_bifrost_inspector_deploy_kernel: diff --git a/etc/kayobe/inspector.yml b/etc/kayobe/inspector.yml new file mode 100644 index 000000000..6a93d8600 --- /dev/null +++ b/etc/kayobe/inspector.yml @@ -0,0 +1,88 @@ +--- +############################################################################### +# Ironic inspector PXE configuration. + +# List of extra kernel parameters for the inspector default PXE configuration. +#inspector_extra_kernel_options: + +# URL of Ironic Python Agent (IPA) kernel image. +#inspector_ipa_kernel_upstream_url: + +# URL of Ironic Python Agent (IPA) ramdisk image. +#inspector_ipa_ramdisk_upstream_url: + +############################################################################### +# Ironic inspector processing configuration. + +# Whether inspector should manage the firewall. +#inspector_manage_firewall: + +# List of of inspector processing plugins. +#inspector_processing_hooks: + +# Which MAC addresses to add as ports during introspection. One of 'all', +# 'active' or 'pxe'. +#inspector_port_addition: + +# Whether to enable discovery of nodes not managed by Ironic. +#inspector_enable_discovery: + +# The Ironic driver with which to register newly discovered nodes. +#inspector_discovery_enroll_node_driver: + +############################################################################### +# Ironic inspector configuration. + +# Ironic inspector IPMI username to set. +#inspector_ipmi_username: + +# Ironic inspector IPMI password to set. +#inspector_ipmi_password: + +# Ironic inspector network interface name on which to check for an LLDP switch +# port description to use as the node's name. +#inspector_lldp_switch_port_interface: + +############################################################################### +# Ironic inspector introspection rules configuration. + +# Ironic inspector rule to set IPMI credentials. +#inspector_rule_ipmi_credentials: + +# Ironic inspector rule to set deployment kernel. +#inspector_rule_deploy_kernel: + +# Ironic inspector rule to set deployment ramdisk. +#inspector_rule_deploy_ramdisk: + +# Ironic inspector rule to set local boot capability +#inspector_rule_local_boot: + +# Ironic inspector rule to initialise root device hints. +#inspector_rule_root_hint_init: + +# Ironic inspector rule to set serial root device hint. +#inspector_rule_root_hint_serial: + +# Ironic inspector rule to set the interface on which the node PXE booted. +#inspector_rule_set_pxe_interface_mac: + +# Ironic inspector rule to set the node's name from an interface's LLDP switch +# port description. +#inspector_rule_lldp_switch_port_desc_to_name: + +# Ironic inspector rule to save introspection data to the node. +#inspector_rule_save_data: + +# List of default ironic insepctor rules. +#inspector_rules_default: + +# List of additional ironic inspector rules. +#inspector_rules_extra: + +# List of all ironic inspector rules. +#inspector_rules: + +############################################################################### +# Dummy variable to allow Ansible to accept this file. +workaround_ansible_issue_8743: yes