Browse Source

Improve standalone ironic support

Adds a new flag, 'enable_openstack_core', which defaults to 'yes'.
Setting this flag to 'no' will disable the core OpenStack services,
including Glance, Heat, Horizon, Keystone, Neutron, and Nova.

Improves the default configuration of OpenStack Ironic when used in
standalone mode. In particular, configures a noauth mode when Keystone
is disabled, and allows the iPXE server to be used for provisioning as
well as inspection if Neutron is disabled.

Documentation for standalone ironic will be updated separately.

This patch was developed and tested using Bikolla [1].

[1] https://github.com/markgoddard/bikolla

Change-Id: Ic47f5ad81b8126a51e52a445097f7950dba233cd
Implements: blueprint standalone-ironic
tags/8.0.0.0rc1
Mark Goddard 3 months ago
parent
commit
54965c878b

+ 11
- 7
ansible/group_vars/all.yml View File

@@ -430,16 +430,20 @@ nova_console: "novnc"
430 430
 # Valid options are [ public, internal, admin ]
431 431
 openstack_interface: "admin"
432 432
 
433
+# Enable core OpenStack services. This includes:
434
+# glance, keystone, neutron, nova, heat, and horizon.
435
+enable_openstack_core: "yes"
436
+
433 437
 # These roles are required for Kolla to be operation, however a savvy deployer
434 438
 # could disable some of these required roles and run their own services.
435
-enable_glance: "yes"
439
+enable_glance: "{{ enable_openstack_core | bool }}"
436 440
 enable_haproxy: "yes"
437 441
 enable_keepalived: "{{ enable_haproxy | bool }}"
438
-enable_keystone: "yes"
442
+enable_keystone: "{{ enable_openstack_core | bool }}"
439 443
 enable_mariadb: "yes"
440 444
 enable_memcached: "yes"
441
-enable_neutron: "yes"
442
-enable_nova: "yes"
445
+enable_neutron: "{{ enable_openstack_core | bool }}"
446
+enable_nova: "{{ enable_openstack_core | bool }}"
443 447
 enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}"
444 448
 enable_outward_rabbitmq: "{{ enable_murano | bool }}"
445 449
 
@@ -479,8 +483,8 @@ enable_fluentd: "yes"
479 483
 enable_freezer: "no"
480 484
 enable_gnocchi: "no"
481 485
 enable_grafana: "no"
482
-enable_heat: "yes"
483
-enable_horizon: "yes"
486
+enable_heat: "{{ enable_openstack_core | bool }}"
487
+enable_horizon: "{{ enable_openstack_core | bool }}"
484 488
 enable_horizon_blazar: "{{ enable_blazar | bool }}"
485 489
 enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}"
486 490
 enable_horizon_congress: "{{ enable_congress | bool }}"
@@ -545,7 +549,7 @@ enable_nova_ssh: "yes"
545 549
 enable_octavia: "no"
546 550
 enable_onos: "no"
547 551
 enable_opendaylight: "no"
548
-enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' }}"
552
+enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}"
549 553
 enable_ovs_dpdk: "no"
550 554
 enable_osprofiler: "no"
551 555
 enable_panko: "no"

+ 1
- 1
ansible/roles/ironic/defaults/main.yml View File

@@ -182,7 +182,7 @@ ironic_console_serial_speed: "115200n8"
182 182
 ironic_ipxe_url: http://{{ api_interface_address }}:{{ ironic_ipxe_port }}
183 183
 ironic_enable_rolling_upgrade: "yes"
184 184
 ironic_inspector_kernel_cmdline_extras: []
185
-ironic_inspector_pxe_filter: iptables
185
+ironic_inspector_pxe_filter: "{% if enable_neutron | bool %}iptables{% else %}none{% endif %}"
186 186
 
187 187
 ####################
188 188
 ## Kolla

+ 8
- 0
ansible/roles/ironic/templates/inspector.ipxe.j2 View File

@@ -3,6 +3,14 @@
3 3
 :retry_dhcp
4 4
 dhcp || goto retry_dhcp
5 5
 
6
+{# Standalone ironic: use ironic-configured PXE configs #}
7
+{% if not enable_neutron | bool %}
8
+# load the MAC-specific file or fail if it's not found
9
+:boot_system
10
+chain pxelinux.cfg/${mac:hexhyp} || goto inspector_ipa
11
+{% endif %}
12
+
13
+:inspector_ipa
6 14
 :retry_boot
7 15
 imgfree
8 16
 kernel --timeout 30000 {{ ironic_ipxe_url }}/ironic-agent.kernel ipa-inspection-callback-url=http://{{ kolla_internal_vip_address }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd=agent.ramdisk {{ ironic_inspector_kernel_cmdline_extras | join(' ') }} || goto retry_boot

+ 10
- 0
ansible/roles/ironic/templates/ironic-inspector.conf.j2 View File

@@ -2,6 +2,9 @@
2 2
 debug = {{ ironic_logging_debug }}
3 3
 log_dir = /var/log/kolla/ironic-inspector
4 4
 
5
+{% if not enable_keystone | bool %}
6
+auth_strategy = noauth
7
+{% endif %}
5 8
 listen_address = {{ api_interface_address }}
6 9
 listen_port = {{ ironic_inspector_port }}
7 10
 transport_url = {{ rpc_transport_url }}
@@ -10,6 +13,7 @@ transport_url = {{ rpc_transport_url }}
10 13
 transport_url = {{ notify_transport_url }}
11 14
 
12 15
 [ironic]
16
+{% if enable_keystone | bool %}
13 17
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
14 18
 auth_type = password
15 19
 project_domain_id = {{ default_project_domain_id }}
@@ -18,7 +22,12 @@ project_name = service
18 22
 username = {{ ironic_inspector_keystone_user }}
19 23
 password = {{ ironic_inspector_keystone_password }}
20 24
 os_endpoint_type = internalURL
25
+{% else %}
26
+auth_type = none
27
+endpoint_override = {{ ironic_internal_endpoint }}
28
+{% endif %}
21 29
 
30
+{% if enable_keystone | bool %}
22 31
 [keystone_authtoken]
23 32
 www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
24 33
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -32,6 +41,7 @@ password = {{ ironic_inspector_keystone_password }}
32 41
 memcache_security_strategy = ENCRYPT
33 42
 memcache_secret_key = {{ memcache_secret_key }}
34 43
 memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
44
+{% endif %}
35 45
 
36 46
 {% if ironic_policy_file is defined %}
37 47
 [oslo_policy]

+ 15
- 3
ansible/roles/ironic/templates/ironic.conf.j2 View File

@@ -59,7 +59,6 @@ memcache_secret_key = {{ memcache_secret_key }}
59 59
 memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
60 60
 {% endif %}
61 61
 
62
-
63 62
 {% if enable_cinder | bool %}
64 63
 [cinder]
65 64
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -69,8 +68,9 @@ user_domain_id = default
69 68
 project_name = service
70 69
 username = {{ ironic_keystone_user }}
71 70
 password = {{ ironic_keystone_password }}
72
-
73 71
 {% endif %}
72
+
73
+{% if enable_glance | bool %}
74 74
 [glance]
75 75
 glance_api_servers = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }}
76 76
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -80,7 +80,9 @@ user_domain_id = default
80 80
 project_name = service
81 81
 username = {{ ironic_keystone_user }}
82 82
 password = {{ ironic_keystone_password }}
83
+{% endif %}
83 84
 
85
+{% if enable_neutron | bool %}
84 86
 [neutron]
85 87
 url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}
86 88
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@@ -91,9 +93,11 @@ project_name = service
91 93
 username = {{ ironic_keystone_user }}
92 94
 password = {{ ironic_keystone_password }}
93 95
 cleaning_network = {{ ironic_cleaning_network }}
96
+{% endif %}
94 97
 
95 98
 [inspector]
96 99
 enabled = true
100
+{% if enable_keystone | bool %}
97 101
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
98 102
 auth_type = password
99 103
 project_domain_id = default
@@ -101,7 +105,10 @@ user_domain_id = default
101 105
 project_name = service
102 106
 username = {{ ironic_keystone_user }}
103 107
 password = {{ ironic_keystone_password }}
104
-service_url = {{ ironic_inspector_internal_endpoint }}
108
+{% else %}
109
+auth_type=none
110
+{% endif %}
111
+endpoint_override = {{ ironic_inspector_internal_endpoint }}
105 112
 
106 113
 [agent]
107 114
 deploy_logs_local_path = /var/log/kolla/ironic
@@ -128,3 +135,8 @@ http_url = {{ ironic_ipxe_url }}
128 135
 
129 136
 [oslo_middleware]
130 137
 enable_proxy_headers_parsing = True
138
+
139
+{% if not enable_neutron | bool %}
140
+[dhcp]
141
+dhcp_provider = none
142
+{% endif %}

+ 17
- 4
etc/kolla/globals.yml View File

@@ -171,6 +171,19 @@ kolla_internal_vip_address: "10.10.10.254"
171 171
 # Valid options are [ none, novnc, spice, rdp ]
172 172
 #nova_console: "novnc"
173 173
 
174
+# These roles are required for Kolla to be operation, however a savvy deployer
175
+# could disable some of these required roles and run their own services.
176
+#enable_glance: "{{ enable_openstack_core | bool }}"
177
+#enable_haproxy: "yes"
178
+#enable_keepalived: "{{ enable_haproxy | bool }}"
179
+#enable_keystone: "{{ enable_openstack_core | bool }}"
180
+#enable_mariadb: "yes"
181
+#enable_memcached: "yes"
182
+#enable_neutron: "{{ enable_openstack_core | bool }}"
183
+#enable_nova: "{{ enable_openstack_core | bool }}"
184
+#enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}"
185
+#enable_outward_rabbitmq: "{{ enable_murano | bool }}"
186
+
174 187
 # OpenStack services can be enabled or disabled with these options
175 188
 #enable_aodh: "no"
176 189
 #enable_barbican: "no"
@@ -202,9 +215,8 @@ kolla_internal_vip_address: "10.10.10.254"
202 215
 #enable_freezer: "no"
203 216
 #enable_gnocchi: "no"
204 217
 #enable_grafana: "no"
205
-#enable_haproxy: "yes"
206
-#enable_heat: "yes"
207
-#enable_horizon: "yes"
218
+#enable_heat: "{{ enable_openstack_core | bool }}"
219
+#enable_horizon: "{{ enable_openstack_core | bool }}"
208 220
 #enable_horizon_blazar: "{{ enable_blazar | bool }}"
209 221
 #enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}"
210 222
 #enable_horizon_congress: "{{ enable_congress | bool }}"
@@ -264,7 +276,8 @@ kolla_internal_vip_address: "10.10.10.254"
264 276
 #enable_octavia: "no"
265 277
 #enable_onos: "no"
266 278
 #enable_opendaylight: "no"
267
-#enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' }}"
279
+#enable_openstack_core: "yes"
280
+#enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}"
268 281
 #enable_ovs_dpdk: "no"
269 282
 #enable_osprofiler: "no"
270 283
 #enable_panko: "no"

+ 9
- 0
releasenotes/notes/ironic-standalone-66dbb02a190c8b5d.yaml View File

@@ -0,0 +1,9 @@
1
+---
2
+features:
3
+  - |
4
+    Adds a new flag, ``enable_openstack_core``, which defaults to ``yes``.
5
+    Setting this flag to ``no`` will disable the core OpenStack services,
6
+    including Glance, Heat, Horizon, Keystone, Neutron, and Nova.
7
+  - |
8
+    Improves the default configuration of OpenStack Ironic when used in
9
+    standalone mode.

Loading…
Cancel
Save