4275c90eb5
The by_path attribute from plugin data was being used with the
root_device/name property, which failed to match. Revert to using
serial, which was the original intent anyway. Check if root disk serial
is not empty to avoid setting root_device to {'serial': 'None'} which
would cause deploy failures.
Fix syntax for accessing node data inside dictionaries: interpolation of
"{node.driver_info.ipmi_username}" does not work, we need to use
"{node.driver_info[ipmi_username]}" instead.
Fix syntax for accessing inventory data: inventory is a ShallowMaskDict
object, so we need to use "{inventory[system_vendor]}" instead of
"{inventory.system_vendor}".
Update all regular expressions to match and remove unneeded escaping of
curly braces.
Fix syntax for setting properties: the path needs to be
"/driver_info/ipmi_username" instead of "driver_info/ipmi_username".
Change-Id: I552f21c73a69340132244ea15089f01a2f9d20d0
Signed-off-by: Pierre Riteau <pierre@stackhpc.com>
428 lines
15 KiB
Plaintext
428 lines
15 KiB
Plaintext
---
|
|
###############################################################################
|
|
# General configuration of inspection.
|
|
|
|
# Timeout of hardware inspection on baremetal compute nodes, in seconds.
|
|
# Default is 1200.
|
|
inspector_inspection_timeout: 1200
|
|
|
|
###############################################################################
|
|
# Ironic inspector PXE configuration.
|
|
|
|
# List of extra kernel parameters for the inspector default PXE configuration.
|
|
inspector_extra_kernel_options: "{{ ipa_kernel_options }}"
|
|
|
|
# URL of Ironic Python Agent (IPA) kernel image.
|
|
inspector_ipa_kernel_upstream_url: "{{ ipa_kernel_upstream_url }}"
|
|
|
|
# URL of checksum of Ironic Python Agent (IPA) kernel image.
|
|
inspector_ipa_kernel_checksum_url: "{{ ipa_kernel_checksum_url }}"
|
|
|
|
# Algorithm of checksum of Ironic Python Agent (IPA) kernel image.
|
|
inspector_ipa_kernel_checksum_algorithm: "{{ ipa_kernel_checksum_algorithm }}"
|
|
|
|
# URL of Ironic Python Agent (IPA) ramdisk image.
|
|
inspector_ipa_ramdisk_upstream_url: "{{ ipa_ramdisk_upstream_url }}"
|
|
|
|
# URL of checksum of Ironic Python Agent (IPA) ramdisk image.
|
|
inspector_ipa_ramdisk_checksum_url: "{{ ipa_ramdisk_checksum_url }}"
|
|
|
|
# Algorithm of checksum of Ironic Python Agent (IPA) ramdisk image.
|
|
inspector_ipa_ramdisk_checksum_algorithm: "{{ ipa_ramdisk_checksum_algorithm }}"
|
|
|
|
###############################################################################
|
|
# Ironic inspector processing configuration for the inspector implementation
|
|
# built-in to Ironic.
|
|
|
|
# List of hooks to enable for inspection. Default is [$default_hooks, memory,
|
|
# boot-mode, cpu-capabilities, pci-devices, parse-lldp].
|
|
inspector_hooks_default:
|
|
- $default_hooks
|
|
- memory
|
|
- boot-mode
|
|
- cpu-capabilities
|
|
- pci-devices
|
|
- parse-lldp
|
|
|
|
# List of extra inspection hooks to enable. Default is an empty list.
|
|
inspector_hooks_extra: []
|
|
|
|
# List of of additional inspector hooks to enable. Default is
|
|
# {{ inspector_hooks_default + inspector_hooks_extra }}.
|
|
inspector_hooks: >
|
|
{{ inspector_hooks_default + inspector_hooks_extra }}
|
|
|
|
###############################################################################
|
|
# Common Ironic Inspector processing configuration.
|
|
|
|
# Which MAC addresses to add as ports during introspection. One of 'all',
|
|
# 'active' or 'pxe'. Default is 'pxe'.
|
|
inspector_add_ports: "pxe"
|
|
|
|
# Which ports to keep after introspection. One of 'all', 'present', or 'added'.
|
|
# Default is 'added'.
|
|
inspector_keep_ports: "added"
|
|
|
|
# Whether to enable discovery of nodes not managed by Ironic. Default is true.
|
|
inspector_enable_discovery: True
|
|
|
|
# The Ironic driver with which to register newly discovered nodes. Default is
|
|
# 'ipmi'.
|
|
inspector_discovery_enroll_node_driver: "ipmi"
|
|
|
|
###############################################################################
|
|
# Ironic inspector introspection rules configuration.
|
|
|
|
# Ironic inspector IPMI username to set.
|
|
inspector_ipmi_username: "{{ ipmi_username }}"
|
|
|
|
# Ironic inspector IPMI password to set.
|
|
inspector_ipmi_password: "{{ ipmi_password }}"
|
|
|
|
# Ironic inspector Redfish username to set.
|
|
inspector_redfish_username: "{{ ipmi_username }}"
|
|
|
|
# Ironic inspector Redfish password to set.
|
|
inspector_redfish_password: "{{ ipmi_password }}"
|
|
|
|
# Ironic inspector default network interface name on which to check for an LLDP
|
|
# switch port description to use as the node's name.
|
|
inspector_lldp_switch_port_interface_default: eth0
|
|
|
|
# Ironic inspector map from hostname to network interface name on which to
|
|
# check for an LLDP switch port description to use as the node's name.
|
|
inspector_lldp_switch_port_interface_map: {}
|
|
|
|
# Enable IPMI rules:
|
|
inspector_rules_ipmi_enabled: True
|
|
|
|
# IPMI username referenced by inspector rule.
|
|
inspector_rule_var_ipmi_username:
|
|
|
|
# IPMI password referenced by inspector rule.
|
|
inspector_rule_var_ipmi_password:
|
|
|
|
# Enable Redfish rules
|
|
inspector_rules_redfish_enabled: False
|
|
|
|
# Redfish username referenced by inspector rule.
|
|
inspector_rule_var_redfish_username:
|
|
|
|
# Redfish password referenced by inspector rule.
|
|
inspector_rule_var_redfish_password:
|
|
|
|
# Redfish CA setting.
|
|
inspector_rule_var_redfish_verify_ca: True
|
|
|
|
# Ironic inspector rule to set IPMI credentials.
|
|
inspector_rule_ipmi_credentials:
|
|
description: "Set IPMI driver_info if no credentials"
|
|
conditions:
|
|
- args:
|
|
# If value matches itself as a regex, this is becaused interpolation
|
|
# failed which means the ipmi_username key was not set.
|
|
value: "{node.driver_info[ipmi_username]}"
|
|
regex: "{node\\.driver_info\\[ipmi_username\\]}"
|
|
op: "matches"
|
|
- args:
|
|
value: "{node.driver_info[ipmi_password]}"
|
|
regex: "{node\\.driver_info\\[ipmi_password\\]}"
|
|
op: "matches"
|
|
sensitive: "true"
|
|
actions:
|
|
- op: "set-attribute"
|
|
args:
|
|
path: "/driver_info/ipmi_username"
|
|
value: "{{ inspector_rule_var_ipmi_username }}"
|
|
- op: "set-attribute"
|
|
args:
|
|
path: "/driver_info/ipmi_password"
|
|
value: "{{ inspector_rule_var_ipmi_password }}"
|
|
|
|
# Deployment kernel referenced by inspector rule.
|
|
inspector_rule_var_deploy_kernel:
|
|
|
|
# Ironic inspector rule to set deployment kernel.
|
|
inspector_rule_deploy_kernel:
|
|
description: "Set deploy kernel"
|
|
conditions:
|
|
- args:
|
|
value: "{node.driver_info[deploy_kernel]}"
|
|
regex: "{node\\.driver_info\\[deploy_kernel\\]}"
|
|
op: "matches"
|
|
actions:
|
|
- op: "set-attribute"
|
|
args:
|
|
path: "/driver_info/deploy_kernel"
|
|
value: "{{ inspector_rule_var_deploy_kernel }}"
|
|
|
|
# Deployment ramdisk referenced by inspector rule.
|
|
inspector_rule_var_deploy_ramdisk:
|
|
|
|
# Ironic inspector rule to set deployment ramdisk.
|
|
inspector_rule_deploy_ramdisk:
|
|
description: "Set deploy ramdisk"
|
|
conditions:
|
|
- args:
|
|
value: "{node.driver_info[deploy_ramdisk]}"
|
|
regex: "{node\\.driver_info\\[deploy_ramdisk\\]}"
|
|
op: "matches"
|
|
actions:
|
|
- op: "set-attribute"
|
|
args:
|
|
path: "/driver_info/deploy_ramdisk"
|
|
value: "{{ inspector_rule_var_deploy_ramdisk }}"
|
|
|
|
# Ironic inspector rule to set serial root device hint.
|
|
inspector_rule_root_hint_serial:
|
|
description: "Set serial root device hint"
|
|
conditions:
|
|
- args:
|
|
value: "{node.properties[root_device]}"
|
|
regex: "{node\\.properties\\[root_device\\]}"
|
|
op: "matches"
|
|
- args:
|
|
value: "{plugin_data[root_disk][serial]}"
|
|
op: "!is-empty"
|
|
actions:
|
|
- op: "set-attribute"
|
|
args:
|
|
path: "/properties/root_device/serial"
|
|
value: "{plugin_data[root_disk][serial]}"
|
|
|
|
# Ironic inspector rule to set the interface on which the node PXE booted.
|
|
inspector_rule_set_pxe_interface_mac:
|
|
description: "Set node PXE interface MAC address"
|
|
conditions:
|
|
- args:
|
|
value: "{plugin_data[boot_interface]}"
|
|
regex: "{plugin_data\\[boot_interface\\]}"
|
|
op: "!matches"
|
|
actions:
|
|
- op: "set-attribute"
|
|
args:
|
|
path: "/extra/pxe_interface_mac"
|
|
value: "{plugin_data[boot_interface]}"
|
|
|
|
# Name of network interface to use for LLDP referenced by switch port
|
|
# description rule.
|
|
inspector_rule_var_lldp_switch_port_interface:
|
|
|
|
# Internal variables. Not meant for use externally.
|
|
_inspector_rule_interface_path: "{all_interfaces.{{ inspector_rule_var_lldp_switch_port_interface }}}"
|
|
_inspector_rule_lldp_processed_path: "{all_interfaces.{{ inspector_rule_var_lldp_switch_port_interface }}.lldp_processed}"
|
|
_inspector_rule_switch_port_description_path: "{all_interfaces.{{inspector_rule_var_lldp_switch_port_interface}}.lldp_processed.switch_port_description}"
|
|
|
|
# Ironic inspector rule to set the node's name from an interface's LLDP switch
|
|
# port description.
|
|
inspector_rule_lldp_switch_port_desc_to_name:
|
|
description: "Set node name from {{ inspector_rule_var_lldp_switch_port_interface }} LLDP switch port description"
|
|
conditions:
|
|
# Check for the existence of the switch_port_description field.
|
|
- args:
|
|
value: "{{ _inspector_rule_interface_path }}"
|
|
regex: "{{ _inspector_rule_interface_path | regex_escape }}"
|
|
op: "!matches"
|
|
- args:
|
|
value: "{{ _inspector_rule_lldp_processed_path }}"
|
|
regex: "{{ _inspector_rule_lldp_processed_path | regex_escape }}"
|
|
op: "!matches"
|
|
- args:
|
|
value: "{{ _inspector_rule_switch_port_description_path }}"
|
|
regex: "{{ _inspector_rule_switch_port_description_path | regex_escape }}"
|
|
op: "!matches"
|
|
# Filter out switch port descriptions using the switch's interface names.
|
|
# On some switches (including Dell Network OS 9.10(0.1) and some Ruckus
|
|
# switches), the port description TLV is sent but contains the interface
|
|
# name rather than the interface's description. Dell switches use a space
|
|
# character between port type and port number, while Ruckus switches don't.
|
|
- op: "!matches"
|
|
args:
|
|
value: "{{ _inspector_rule_switch_port_description_path }}"
|
|
regex: "^GigabitEthernet ?([0-9/]*)$"
|
|
- op: "!matches"
|
|
args:
|
|
value: "{{ _inspector_rule_switch_port_description_path }}"
|
|
regex: "^TenGigabitEthernet ?([0-9/]*)$"
|
|
- op: "!matches"
|
|
args:
|
|
value: "{{ _inspector_rule_switch_port_description_path }}"
|
|
regex: "^twentyFiveGigE ?([0-9/]*)$"
|
|
- op: "!matches"
|
|
args:
|
|
value: "{{ _inspector_rule_switch_port_description_path }}"
|
|
regex: "^fortyGigE ?([0-9/]*)$"
|
|
- op: "!matches"
|
|
args:
|
|
value: "{{ _inspector_rule_switch_port_description_path }}"
|
|
regex: "^Port-channel ?([0-9/]*)$"
|
|
actions:
|
|
- op: "set-attribute"
|
|
args:
|
|
path: "/name"
|
|
value: "{{ _inspector_rule_switch_port_description_path }}"
|
|
|
|
# Ironic inspector rule to save system vendor manufacturer data in the node's
|
|
# metadata.
|
|
inspector_rule_save_system_vendor_manufacturer:
|
|
description: "Save system vendor manufacturer data in Ironic node metadata"
|
|
conditions:
|
|
- args:
|
|
value: "{inventory[system_vendor]}"
|
|
regex: "{inventory\\[system_vendor\\]}"
|
|
op: "!matches"
|
|
- args:
|
|
value: "{inventory[system_vendor][manufacturer]}"
|
|
regex: "{inventory\\[system_vendor\\]\\[manufacturer\\]}"
|
|
op: "!matches"
|
|
actions:
|
|
- op: "set-attribute"
|
|
args:
|
|
path: "/extra/system_vendor/manufacturer"
|
|
value: "{inventory[system_vendor][manufacturer]}"
|
|
|
|
# Ironic inspector rule to save system vendor serial number in the node's
|
|
# metadata.
|
|
inspector_rule_save_system_vendor_serial_number:
|
|
description: "Save system vendor serial number in Ironic node metadata"
|
|
conditions:
|
|
- args:
|
|
value: "{inventory[system_vendor]}"
|
|
regex: "{inventory\\[system_vendor\\]}"
|
|
op: "!matches"
|
|
- args:
|
|
value: "{inventory[system_vendor][serial_number]}"
|
|
regex: "{inventory\\[system_vendor\\]\\[serial_number\\]}"
|
|
op: "!matches"
|
|
actions:
|
|
- op: "set-attribute"
|
|
args:
|
|
path: "/extra/system_vendor/serial_number"
|
|
value: "{inventory[system_vendor][serial_number]}"
|
|
|
|
# Ironic inspector rule to save system vendor product name in the node's
|
|
# metadata.
|
|
inspector_rule_save_system_vendor_product_name:
|
|
description: "Save system vendor product name in Ironic node metadata"
|
|
conditions:
|
|
- args:
|
|
value: "{inventory[system_vendor]}"
|
|
regex: "{inventory\\[system_vendor\\]}"
|
|
op: "!matches"
|
|
- args:
|
|
value: "{inventory[system_vendor][product_name]}"
|
|
regex: "{inventory\\[system_vendor\\]\\[product_name\\]}"
|
|
op: "!matches"
|
|
actions:
|
|
- op: "set-attribute"
|
|
args:
|
|
path: "/extra/system_vendor/product_name"
|
|
value: "{inventory[system_vendor][product_name]}"
|
|
|
|
# Ironic inspector rule to save introspection data to the node.
|
|
inspector_rule_save_data:
|
|
description: "Save introspection data to Ironic node"
|
|
conditions: []
|
|
actions:
|
|
- op: "set-attribute"
|
|
args:
|
|
path: "/extra/introspection_data/inventory"
|
|
value: "{inventory}"
|
|
- op: "set-attribute"
|
|
args:
|
|
path: "/extra/introspection_data/plugin_data"
|
|
value: "{plugin_data}"
|
|
|
|
# Redfish rules
|
|
# Ironic inspector rule to set Redfish credentials.
|
|
inspector_rule_redfish_credentials:
|
|
description: "Set Redfish driver_info if no credentials"
|
|
conditions:
|
|
- args:
|
|
value: "{node.driver_info[redfish_username]}"
|
|
regex: "{node\\.driver_info\\[redfish_username\\]}"
|
|
op: "matches"
|
|
- args:
|
|
value: "{node.driver_info[redfish_password]}"
|
|
regex: "{node\\.driver_info\\[redfish_password\\]}"
|
|
op: "matches"
|
|
sensitive: true
|
|
actions:
|
|
- op: "set-attribute"
|
|
args:
|
|
path: "/driver_info/redfish_username"
|
|
value: "{{ inspector_rule_var_redfish_username }}"
|
|
- op: "set-attribute"
|
|
args:
|
|
path: "/driver_info/redfish_password"
|
|
value: "{{ inspector_rule_var_redfish_password }}"
|
|
|
|
# Ironic inspector rule to set Redfish address.
|
|
inspector_rule_redfish_address:
|
|
description: "Set Redfish address"
|
|
conditions:
|
|
- args:
|
|
value: "{node.driver_info[redfish_address]}"
|
|
regex: "{node\\.driver_info\\[redfish_address\\]}"
|
|
op: "matches"
|
|
actions:
|
|
- op: "set-attribute"
|
|
args:
|
|
path: "/driver_info/redfish_address"
|
|
value: "{inventory[bmc_address]}"
|
|
|
|
# Ironic inspector rule to set Redfish certificate authority.
|
|
inspector_rule_redfish_verify_ca:
|
|
description: "Set Redfish Verify CA"
|
|
conditions:
|
|
- args:
|
|
value: "{node.driver_info[redfish_verify_ca]}"
|
|
regex: "{node\\.driver_info\\[redfish_verify_ca\\]}"
|
|
op: "matches"
|
|
actions:
|
|
- op: "set-attribute"
|
|
args:
|
|
path: "/driver_info/redfish_verify_ca"
|
|
value: "{{ inspector_rule_var_redfish_verify_ca }}"
|
|
|
|
# List of default ironic inspector rules.
|
|
inspector_rules_default:
|
|
- "{{ inspector_rule_deploy_kernel }}"
|
|
- "{{ inspector_rule_deploy_ramdisk }}"
|
|
- "{{ inspector_rule_root_hint_serial }}"
|
|
- "{{ inspector_rule_set_pxe_interface_mac }}"
|
|
- "{{ inspector_rule_lldp_switch_port_desc_to_name }}"
|
|
- "{{ inspector_rule_save_system_vendor_manufacturer }}"
|
|
- "{{ inspector_rule_save_system_vendor_serial_number }}"
|
|
- "{{ inspector_rule_save_system_vendor_product_name }}"
|
|
|
|
inspector_rules_ipmi:
|
|
- "{{ inspector_rule_ipmi_credentials }}"
|
|
|
|
inspector_rules_redfish:
|
|
- "{{ inspector_rule_redfish_credentials }}"
|
|
- "{{ inspector_rule_redfish_address }}"
|
|
- "{{ inspector_rule_redfish_verify_ca }}"
|
|
|
|
# List of additional ironic inspector rules.
|
|
inspector_rules_extra: []
|
|
|
|
# List of all ironic inspector rules.
|
|
inspector_rules: "{{ inspector_rules_default + inspector_rules_extra + (inspector_rules_ipmi if inspector_rules_ipmi_enabled | bool else []) + (inspector_rules_redfish if inspector_rules_redfish_enabled | bool else []) }}"
|
|
|
|
###############################################################################
|
|
# Dell switch LLDP workaround configuration.
|
|
|
|
# Some Dell switch OSs (including Dell Network OS 9.10(0.1)) do not support
|
|
# sending interface port description TLVs correctly. Instead of sending the
|
|
# interface description, they send the interface name (e.g. TenGigabitEthernet
|
|
# 1/1/1). This breaks the discovery process which relies on Ironic node
|
|
# introspection data containing the node's name in the interface port
|
|
# description. We work around this here by creating an introspection rule for
|
|
# each ironic node that matches against the switch system and the relevant
|
|
# interface name, then sets the node's name appropriately.
|
|
|
|
# Ansible group containing switch hosts to which the workaround should be
|
|
# applied.
|
|
inspector_dell_switch_lldp_workaround_group:
|