e83c57f233
When using Ansible OpenStack modules, if OS_CACERT is defined, then this will be passed as the cacert module argument. This ensures that non-standard CA certificate paths can be used. Change-Id: I2a2575b1fb0f149cc13c44526fc0167e68e07aab Story: 2004911 Task: 29261
131 lines
5.9 KiB
YAML
131 lines
5.9 KiB
YAML
---
|
|
# Some Dell switch OSs (including Dell Network OS 9.10(0.1)) do not support
|
|
# sending interface port description TLVs correctly. Instead of sending the
|
|
# interface description, they send the interface name (e.g. TenGigabitEthernet
|
|
# 1/1/1). This breaks the discovery process which relies on Ironic node
|
|
# introspection data containing the node's name in the interface port
|
|
# description. We work around this here by creating an introspection rule for
|
|
# each ironic node that matches against the switch system and the relevant
|
|
# interface name, then sets the node's name appropriately.
|
|
#
|
|
# Note that some Dell switches running Dell Networking OS version 9.11(2.0P1)
|
|
# and newer do *not* need this workaround. The interface description can be
|
|
# sent using the following configuration:
|
|
#
|
|
# (conf-if-interface)#protocol lldp
|
|
# (conf-if-interface-lldp)#advertise interface-port-desc description
|
|
|
|
- name: Check whether Ironic is enabled
|
|
hosts: controllers
|
|
tags:
|
|
- introspection-rules
|
|
- introspection-rules-dell-lldp-workaround
|
|
tasks:
|
|
- name: Create controllers group with ironic enabled
|
|
group_by:
|
|
key: "controllers_for_introspection_rules_dell_lldp_workaround_{{ kolla_enable_ironic | bool }}"
|
|
|
|
- name: Group controller hosts in systems requiring the workaround
|
|
hosts: controllers_for_introspection_rules_dell_lldp_workaround_True
|
|
gather_facts: False
|
|
tags:
|
|
- introspection-rules
|
|
- introspection-rules-dell-lldp-workaround
|
|
tasks:
|
|
- name: Group controller hosts in systems requiring the Dell switch LLDP workaround
|
|
group_by:
|
|
key: "controllers_require_workaround_{{ groups[inspector_dell_switch_lldp_workaround_group] | default([]) | length > 0 }}"
|
|
|
|
- name: Ensure introspection rules for Dell switch LLDP workarounds are registered in Ironic Inspector
|
|
# Only required to run on a single host.
|
|
hosts: controllers_require_workaround_True[0]
|
|
gather_facts: False
|
|
tags:
|
|
- introspection-rules
|
|
- introspection-rules-dell-lldp-workaround
|
|
vars:
|
|
all_switch_interfaces: []
|
|
ironic_inspector_rules: []
|
|
# This rule template is used in a with_subelements loop.
|
|
inspector_interface_mapping_rule:
|
|
description: "Set {{ item.1.1.description }} node name from {{ inspector_rule_var_lldp_switch_port_interface }} LLDP switch port description"
|
|
conditions:
|
|
- field: "data://all_interfaces.{{ inspector_rule_var_lldp_switch_port_interface }}"
|
|
op: "is-empty"
|
|
invert: True
|
|
- field: "data://all_interfaces.{{ inspector_rule_var_lldp_switch_port_interface }}.lldp_processed"
|
|
op: "is-empty"
|
|
invert: True
|
|
- field: "data://all_interfaces.{{ inspector_rule_var_lldp_switch_port_interface }}.lldp_processed.switch_port_description"
|
|
op: "is-empty"
|
|
invert: True
|
|
- field: "data://all_interfaces.{{ inspector_rule_var_lldp_switch_port_interface }}.lldp_processed.switch_system_name"
|
|
op: "is-empty"
|
|
invert: True
|
|
# Match against the interface name.
|
|
- field: "data://all_interfaces.{{ inspector_rule_var_lldp_switch_port_interface }}.lldp_processed.switch_port_description"
|
|
op: "eq"
|
|
# Our interface names may be of a shortened form e.g. Te1/1/1, but
|
|
# the port description will contain the full interface name. Use a
|
|
# regex to expand to the full form.
|
|
value: "{{ item.1.0 | regex_replace('^Te([a-zA-z ]*)([0-9/]+)$', 'TenGigabitEthernet \\2') }}"
|
|
# Match against the switch system name.
|
|
- field: "data://all_interfaces.{{ inspector_rule_var_lldp_switch_port_interface }}.lldp_processed.switch_system_name"
|
|
op: "eq"
|
|
value: "{{ item.0.host }}"
|
|
actions:
|
|
- action: "set-attribute"
|
|
path: "name"
|
|
value: "{{ item.1.1.description }}"
|
|
inspector_rule_var_lldp_switch_port_interface: "{{ inspector_lldp_switch_port_interface_map.get(item.1.1.description, inspector_lldp_switch_port_interface_default) }}"
|
|
|
|
pre_tasks:
|
|
- name: Validate OpenStack password authentication parameters
|
|
fail:
|
|
msg: >
|
|
Required OpenStack authentication parameter {{ item }} is
|
|
{% if item in openstack_auth %}empty{% else %}not present{% endif %}
|
|
in openstack_auth. Have you sourced the environment file?
|
|
when:
|
|
- openstack_auth_type == 'password'
|
|
- item not in openstack_auth or not openstack_auth[item]
|
|
with_items: "{{ openstack_auth_password_required_params }}"
|
|
tags:
|
|
- config-validation
|
|
|
|
# We build up the rules using a 2-step process. First we build a list of
|
|
# relevant switch hosts and their interface configuration (in list form).
|
|
# This allows us to use with_subelements in the next task to iterate over
|
|
# the interfaces for each switch.
|
|
- name: Update a fact containing switch interface configuration
|
|
set_fact:
|
|
all_switch_interfaces: >
|
|
{{ all_switch_interfaces +
|
|
[{'host': item.key,
|
|
'interface_config': item.value.switch_interface_config.items()}] }}
|
|
with_dict: "{{ hostvars }}"
|
|
when: item.key in groups[inspector_dell_switch_lldp_workaround_group]
|
|
|
|
- name: Update a fact containing Ironic Inspector rules
|
|
set_fact:
|
|
ironic_inspector_rules: >
|
|
{{ ironic_inspector_rules +
|
|
[inspector_interface_mapping_rule] }}
|
|
with_subelements:
|
|
- "{{ all_switch_interfaces }}"
|
|
- interface_config
|
|
when:
|
|
- item.1.1.description is defined
|
|
# Ignore VLAN interfaces.
|
|
- "'vlan' not in item.1.0"
|
|
# Ignore trunk links.
|
|
- "'-trunk' not in item.1.1.description"
|
|
|
|
roles:
|
|
- role: ironic-inspector-rules
|
|
os_shade_install_epel: "{{ yum_install_epel }}"
|
|
ironic_inspector_venv: "{{ virtualenv_path }}/shade"
|
|
ironic_inspector_auth_type: "{{ openstack_auth_type }}"
|
|
ironic_inspector_auth: "{{ openstack_auth }}"
|
|
ironic_inspector_cacert: "{{ openstack_cacert }}"
|