openstack
/
kayobe
Code Issues Proposed changes
kayobe/ansible/roles/ironic-inspector-rules
History
Mark Goddard 2a00b4cc67 Fix ironic inspector rule creation idempotency 
Ironic inspector rules are registered both with the seed and (if using)
overcloud ironic inspector services. These tasks often show up as
changed even when no configuration changes have been made that would
affect the rules.

This is caused by inspector returning default values for fields that may
be omitted in the requested rule. This change fixes the issue by
including those defaults in the comparison.

Change-Id: Ia24e328d4531201d76a65b6385e4463bb1f3c5c6
Story: 2007399
Task: 38997
 		2020-04-28 13:51:35 +00:00
..
defaults Use internal API endpoints in overcloud API interaction 2019-11-28 16:56:38 +00:00
library Fix ironic inspector rule creation idempotency 2020-04-28 13:51:35 +00:00
meta Switch from shade to openstacksdk 2020-02-20 15:28:56 +00:00
tasks Remove activate-virtualenv and deactivate-virtualenv roles 2020-02-20 15:28:56 +00:00
README.md Switch from shade to openstacksdk 2020-02-20 15:28:56 +00:00

README.md

Ironic Inspector Rules

This role provides a module, os_ironic_inspector_rule, which may be used to configure an introspection rule in OpenStack ironic inspector. The role installs required python dependencies in a virtualenv, and uses the os_ironic_inspector_rule module to configure a set of rules.

Requirements

The OpenStack ironic inspector API should be accessible from the target host.

Role Variables

ironic_inspector_venv is a path to a directory in which to create a virtualenv.

ironic_inspector_auth_type is an authentication type compatible with the auth_type argument of os_* Ansible modules.

ironic_inspector_auth is a dict containing authentication information compatible with the auth argument of os_* Ansible modules.

ironic_inspector_cacert is an optional path to a CA certificate.

ironic_inspector_url is the URL of Ironic Inspector API endpoint, required if no authentication is used.

ironic_inspector_rules is a list of introspection rules which should exist. See the Inspector rules API for details of parameters available for rules.

Dependencies

This role depends on the Kayobe openstacksdk role.

Example Playbook

The following playbook configures an introspection rule to set the IPMI username and password fields in a node's driver info if they are currently empty.

---
- name: Ensure ironic inspector introspection rules are configured
  hosts: ironic-inspector
  roles:
    - role: ironic-inspector-rules
      ironic_inspector_venv: "~/ironic-inspector-rules-venv"
      ironic_inspector_auth_type: "password"
      ironic_inspector_auth:
        project_name: <keystone project>
        username: <keystone user>
        password: <keystone password>
        auth_url: <keystone auth URL>
      ironic_inspector_rules:
        - description: "Set IPMI driver_info if no credentials"
          conditions:
            - field: "node://driver_info.ipmi_username"
              op: "is-empty"
            - field: "node://driver_info.ipmi_password"
              op: "is-empty"
          actions:
            - action: "set-attribute"
              path: "driver_info/ipmi_username"
              value: "<IPMI username>"
            - action: "set-attribute"
              path: "driver_info/ipmi_password"
              value: "<IPMI password>"

Author Information