Add introspection rules for overcloud

2017-03-15 14:39:52 +00:00 · 2017-03-15 14:39:52 +00:00 · 4e6effba99
commit 4e6effba99
parent 70e3ab4ab2
8 changed files with 214 additions and 37 deletions
--- a/ansible/group_vars/all/bifrost
+++ b/ansible/group_vars/all/bifrost
@ -55,21 +55,17 @@ kolla_bifrost_inspector_port_addition: "{{ inspector_port_addition }}"
 kolla_bifrost_inspector_extra_kernel_options: "{{ inspector_extra_kernel_options }}"

 # List of introspection rules for Bifrost's Ironic Inspector service.
-kolla_bifrost_inspector_rules:
-  - "{{ inspector_rule_ipmi_credentials }}"
-  - "{{ inspector_rule_deploy_kernel }}"
-  - "{{ inspector_rule_deploy_ramdisk }}"
-  - "{{ inspector_rule_local_boot }}"
-  - "{{ inspector_rule_root_hint_init }}"
-  - "{{ inspector_rule_root_hint_serial }}"
-  - "{{ inspector_rule_set_pxe_interface_mac }}"
-  - "{{ inspector_rule_eno3_lldp_switch_port_desc_to_name }}"
+kolla_bifrost_inspector_rules: "{{ inspector_rules }}"

 # Ironic inspector IPMI username to set.
-kolla_bifrost_inspector_ipmi_username:
+kolla_bifrost_inspector_ipmi_username: "{{ inspector_ipmi_username }}"

 # Ironic inspector IPMI password to set.
-kolla_bifrost_inspector_ipmi_password:
+kolla_bifrost_inspector_ipmi_password: "{{ inspector_ipmi_password }}"
+
+# Ironic inspector network interface name on which to check for an LLDP switch
+# port description to use as the node's name.
+kolla_bifrost_inspector_lldp_switch_port_interface: "{{ inspector_lldp_switch_port_interface }}"

 # Ironic inspector deployment kernel location.
 kolla_bifrost_inspector_deploy_kernel: "http://{{ provision_oc_net_name | net_ip }}:8080/ipa.vmlinuz"
--- a/ansible/group_vars/all/inspector
+++ b/ansible/group_vars/all/inspector
@ -48,21 +48,13 @@ inspector_ipmi_username:
 # Ironic inspector IPMI password to set.
 inspector_ipmi_password:

-# Ironic inspector deployment kernel location.
-inspector_deploy_kernel:
-
-# Ironic inspector deployment ramdisk location.
-inspector_deploy_ramdisk:
+# Ironic inspector network interface name on which to check for an LLDP switch
+# port description to use as the node's name.
+inspector_lldp_switch_port_interface:

 ###############################################################################
 # Ironic inspector introspection rules configuration.

-# Inspector rules use python string formatting. To escape a curly bracket we
-# repeat it, but this also happens to be the Jinja2 variable start sequence.
-# These variables make escaping rules slightly less hairy.
-inspector_rule_escaped_left_curly: "{{ '{{' | replace('{{', '{{ \"{{\" }}') }}"
-inspector_rule_escaped_right_curly: "{{ '}}' | replace('}}', '{{ \"}}\" }}') }}"
-
 # Ironic inspector rule to set IPMI credentials.
 inspector_rule_ipmi_credentials:
  description: "Set IPMI driver_info if no credentials"
@ -74,10 +66,10 @@ inspector_rule_ipmi_credentials:
  actions:
    - action: "set-attribute"
      path: "driver_info/ipmi_username"
-      value: "{{ inspector_ipmi_username }}"
+      value: "{{ inspector_rule_var_ipmi_username }}"
    - action: "set-attribute"
      path: "driver_info/ipmi_password"
-      value: "{{ inspector_ipmi_password }}"
+      value: "{{ inspector_rule_var_ipmi_password }}"

 # Ironic inspector rule to set deployment kernel.
 inspector_rule_deploy_kernel:
@ -88,7 +80,7 @@ inspector_rule_deploy_kernel:
  actions:
    - action: "set-attribute"
      path: "driver_info/deploy_kernel"
-      value: "{{ inspector_deploy_kernel }}"
+      value: "{{ inspector_rule_var_deploy_kernel }}"

 # Ironic inspector rule to set deployment ramdisk.
 inspector_rule_deploy_ramdisk:
@ -99,7 +91,7 @@ inspector_rule_deploy_ramdisk:
  actions:
    - action: "set-attribute"
      path: "driver_info/deploy_ramdisk"
-      value: "{{ inspector_deploy_ramdisk }}"
+      value: "{{ inspector_rule_var_deploy_ramdisk }}"

 # Ironic inspector rule to set local boot capability
 inspector_rule_local_boot:
@ -149,18 +141,18 @@ inspector_rule_set_pxe_interface_mac:
      path: "extra/pxe_interface_mac"
      value: "{data[boot_interface]}"

-# Ironic inspector rule to set the node's name from eno3's LLDP switch port
-# description.
-inspector_rule_eno3_lldp_switch_port_desc_to_name:
-  description: "Set node name from LLDP switch port description"
+# Ironic inspector rule to set the node's name from an interface's LLDP switch
+# port description.
+inspector_rule_lldp_switch_port_desc_to_name:
+  description: "Set node name from {{ inspector_rule_var_lldp_switch_port_interface }} LLDP switch port description"
  conditions:
-    - field: "data://all_interfaces.eno3.lldp_processed.switch_port_description"
+    - field: "data://all_interfaces.{{ inspector_rule_var_lldp_switch_port_interface }}.lldp_processed.switch_port_description"
      op: "is-empty"
      invert: True
  actions:
    - action: "set-attribute"
      path: "name"
-      value: "{data[all_interfaces][eno3][lldp_processed][switch_port_description]}"
+      value: "{data[all_interfaces][{{ inspector_rule_var_lldp_switch_port_interface }}][lldp_processed][switch_port_description]}"

 # Ironic inspector rule to save introspection data to the node.
 inspector_rule_save_data:
@ -170,3 +162,20 @@ inspector_rule_save_data:
    - action: "set-attribute"
      path: "extra/introspection_data"
      value: "{data}"
+
+# List of default ironic inspector rules.
+inspector_rules_default:
+  - "{{ inspector_rule_ipmi_credentials }}"
+  - "{{ inspector_rule_deploy_kernel }}"
+  - "{{ inspector_rule_deploy_ramdisk }}"
+  - "{{ inspector_rule_local_boot }}"
+  - "{{ inspector_rule_root_hint_init }}"
+  - "{{ inspector_rule_root_hint_serial }}"
+  - "{{ inspector_rule_set_pxe_interface_mac }}"
+  - "{{ inspector_rule_lldp_switch_port_desc_to_name }}"
+
+# List of additional ironic inspector rules.
+inspector_rules_extra: []
+
+# List of all ironic inspector rules.
+inspector_rules: "{{ inspector_rules_default + inspector_rules_extra }}"
--- a/ansible/overcloud-introspection-rules.yml
+++ b/ansible/overcloud-introspection-rules.yml
@ -0,0 +1,44 @@
+---
+- name: Ensure openstackclient is installed
+  # Only required to run on a single host.
+  hosts: controllers[0]
+  vars:
+    venv: "{{ ansible_env.PWD }}/shade-venv"
+  roles:
+    - role: openstackclient
+      openstackclient_venv: "{{ venv }}"
+
+- name: Ensure introspection rules are registered in Ironic Inspector
+  # Only required to run on a single host.
+  hosts: controllers[0]
+  vars:
+    venv: "{{ ansible_env.PWD }}/shade-venv"
+  pre_tasks:
+    - name: Retrieve the IPA kernel Glance image UUID
+      shell: >
+        source {{ venv }}/bin/activate &&
+        openstack image show '{{ ipa_images_kernel_name }}' -f value -c id
+      changed_when: False
+      register: ipa_kernel_id
+      environment: "{{ openstack_auth_env }}"
+
+    - name: Retrieve the IPA ramdisk Glance image UUID
+      shell: >
+        source {{ venv }}/bin/activate &&
+        openstack image show '{{ ipa_images_ramdisk_name }}' -f value -c id
+      changed_when: False
+      register: ipa_ramdisk_id
+      environment: "{{ openstack_auth_env }}"
+
+  roles:
+    - role: ironic-inspector-rules
+      ironic_inspector_venv: "{{ venv }}"
+      ironic_inspector_auth_type: "{{ openstack_auth_type }}"
+      ironic_inspector_auth: "{{ openstack_auth }}"
+      ironic_inspector_rules: "{{ inspector_rules }}"
+      # These variables may be referenced in the introspection rules.
+      inspector_rule_var_ipmi_username: "{{ inspector_ipmi_username }}"
+      inspector_rule_var_ipmi_password: "{{ inspector_ipmi_password }}"
+      inspector_rule_var_lldp_switch_port_interface: "{{ inspector_lldp_switch_port_interface }}"
+      inspector_rule_var_deploy_kernel: "{{ ipa_kernel_id.stdout }}"
+      inspector_rule_var_deploy_ramdisk: "{{ ipa_ramdisk_id.stdout }}"
--- a/ansible/roles/openstackclient/defaults/main.yml
+++ b/ansible/roles/openstackclient/defaults/main.yml
@ -0,0 +1,3 @@
+---
+# Path to a directory in which to create a virtualenv.
+openstackclient_venv:
--- a/ansible/roles/openstackclient/tasks/main.yml
+++ b/ansible/roles/openstackclient/tasks/main.yml
@ -0,0 +1,30 @@
+---
+- name: Ensure required packages are installed
+  yum:
+    name: "{{ item }}"
+    state: installed
+  become: True
+  with_items:
+    - gcc
+    - libffi-devel
+    - openssl-devel
+    - python-devel
+    - python-pip
+    - python-virtualenv
+
+- name: Ensure the latest version of pip is installed
+  pip:
+    name: "{{ item.name }}"
+    state: latest
+    virtualenv: "{{ openstackclient_venv }}"
+  with_items:
+    - { name: pip }
+
+- name: Ensure required Python packages are installed
+  pip:
+    name: "{{ item.name }}"
+    version: "{{ item.version | default(omit) }}"
+    state: present
+    virtualenv: "{{ openstackclient_venv }}"
+  with_items:
+    - name: python-openstackclient
--- a/ansible/seed-introspection-rules.yml
+++ b/ansible/seed-introspection-rules.yml
@ -1,16 +1,19 @@
 ---
 - name: Ensure introspection rules are registered in Bifrost
  hosts: seed
+  vars:
+    venv: "{{ ansible_env.PWD }}/shade-venv"
  roles:
    - role: ironic-inspector-rules
-      ironic_inspector_venv: "{{ ansible_env.PWD }}/shade-venv"
+      ironic_inspector_venv: "{{ venv }}"
      # No auth required for Bifrost.
      ironic_inspector_auth_type: None
      ironic_inspector_auth: {}
      ironic_inspector_url: "http://localhost:5050"
      ironic_inspector_rules: "{{ kolla_bifrost_inspector_rules }}"
      # These variables may be referenced in the introspection rules.
-      inspector_ipmi_username: "{{ kolla_bifrost_inspector_ipmi_username }}"
-      inspector_ipmi_password: "{{ kolla_bifrost_inspector_ipmi_password }}"
-      inspector_deploy_kernel: "{{ kolla_bifrost_inspector_deploy_kernel }}"
-      inspector_deploy_ramdisk: "{{ kolla_bifrost_inspector_deploy_ramdisk }}"
+      inspector_rule_var_ipmi_username: "{{ kolla_bifrost_inspector_ipmi_username }}"
+      inspector_rule_var_ipmi_password: "{{ kolla_bifrost_inspector_ipmi_password }}"
+      inspector_rule_var_lldp_switch_port_interface: "{{ kolla_bifrost_inspector_lldp_switch_port_interface }}"
+      inspector_rule_var_deploy_kernel: "{{ kolla_bifrost_inspector_deploy_kernel }}"
+      inspector_rule_var_deploy_ramdisk: "{{ kolla_bifrost_inspector_deploy_ramdisk }}"
--- a/etc/kayobe/bifrost.yml
+++ b/etc/kayobe/bifrost.yml
@ -59,6 +59,10 @@
 # Ironic inspector IPMI password to set.
 #kolla_bifrost_inspector_ipmi_password:

+# Ironic inspector network interface name on which to check for an LLDP switch
+# port description to use as the node's name.
+#kolla_bifrost_inspector_lldp_switch_port_interface:
+
 # Ironic inspector deployment kernel location.
 #kolla_bifrost_inspector_deploy_kernel:

--- a/etc/kayobe/inspector.yml
+++ b/etc/kayobe/inspector.yml
@ -0,0 +1,88 @@
+---
+###############################################################################
+# Ironic inspector PXE configuration.
+
+# List of extra kernel parameters for the inspector default PXE configuration.
+#inspector_extra_kernel_options:
+
+# URL of Ironic Python Agent (IPA) kernel image.
+#inspector_ipa_kernel_upstream_url:
+
+# URL of Ironic Python Agent (IPA) ramdisk image.
+#inspector_ipa_ramdisk_upstream_url:
+
+###############################################################################
+# Ironic inspector processing configuration.
+
+# Whether inspector should manage the firewall.
+#inspector_manage_firewall:
+
+# List of of inspector processing plugins.
+#inspector_processing_hooks:
+
+# Which MAC addresses to add as ports during introspection. One of 'all',
+# 'active' or 'pxe'.
+#inspector_port_addition:
+
+# Whether to enable discovery of nodes not managed by Ironic.
+#inspector_enable_discovery:
+
+# The Ironic driver with which to register newly discovered nodes.
+#inspector_discovery_enroll_node_driver:
+
+###############################################################################
+# Ironic inspector configuration.
+
+# Ironic inspector IPMI username to set.
+#inspector_ipmi_username:
+
+# Ironic inspector IPMI password to set.
+#inspector_ipmi_password:
+
+# Ironic inspector network interface name on which to check for an LLDP switch
+# port description to use as the node's name.
+#inspector_lldp_switch_port_interface:
+
+###############################################################################
+# Ironic inspector introspection rules configuration.
+
+# Ironic inspector rule to set IPMI credentials.
+#inspector_rule_ipmi_credentials:
+
+# Ironic inspector rule to set deployment kernel.
+#inspector_rule_deploy_kernel:
+
+# Ironic inspector rule to set deployment ramdisk.
+#inspector_rule_deploy_ramdisk:
+
+# Ironic inspector rule to set local boot capability
+#inspector_rule_local_boot:
+
+# Ironic inspector rule to initialise root device hints.
+#inspector_rule_root_hint_init:
+
+# Ironic inspector rule to set serial root device hint.
+#inspector_rule_root_hint_serial:
+
+# Ironic inspector rule to set the interface on which the node PXE booted.
+#inspector_rule_set_pxe_interface_mac:
+
+# Ironic inspector rule to set the node's name from an interface's LLDP switch
+# port description.
+#inspector_rule_lldp_switch_port_desc_to_name:
+
+# Ironic inspector rule to save introspection data to the node.
+#inspector_rule_save_data:
+
+# List of default ironic insepctor rules.
+#inspector_rules_default:
+
+# List of additional ironic inspector rules.
+#inspector_rules_extra:
+
+# List of all ironic inspector rules.
+#inspector_rules:
+
+###############################################################################
+# Dummy variable to allow Ansible to accept this file.
+workaround_ansible_issue_8743: yes