Improve standalone ironic support

Adds a new flag, 'enable_openstack_core', which defaults to 'yes'.
Setting this flag to 'no' will disable the core OpenStack services,
including Glance, Heat, Horizon, Keystone, Neutron, and Nova.

Improves the default configuration of OpenStack Ironic when used in
standalone mode. In particular, configures a noauth mode when Keystone
is disabled, and allows the iPXE server to be used for provisioning as
well as inspection if Neutron is disabled.

Documentation for standalone ironic will be updated separately.

This patch was developed and tested using Bikolla [1].

[1] https://github.com/markgoddard/bikolla

Change-Id: Ic47f5ad81b8126a51e52a445097f7950dba233cd
Implements: blueprint standalone-ironic
This commit is contained in:
Mark Goddard 2019-01-28 13:20:52 +00:00
parent fe8ccc65e3
commit 54965c878b
7 changed files with 71 additions and 15 deletions

View File

@ -430,16 +430,20 @@ nova_console: "novnc"
# Valid options are [ public, internal, admin ] # Valid options are [ public, internal, admin ]
openstack_interface: "admin" openstack_interface: "admin"
# Enable core OpenStack services. This includes:
# glance, keystone, neutron, nova, heat, and horizon.
enable_openstack_core: "yes"
# These roles are required for Kolla to be operation, however a savvy deployer # These roles are required for Kolla to be operation, however a savvy deployer
# could disable some of these required roles and run their own services. # could disable some of these required roles and run their own services.
enable_glance: "yes" enable_glance: "{{ enable_openstack_core | bool }}"
enable_haproxy: "yes" enable_haproxy: "yes"
enable_keepalived: "{{ enable_haproxy | bool }}" enable_keepalived: "{{ enable_haproxy | bool }}"
enable_keystone: "yes" enable_keystone: "{{ enable_openstack_core | bool }}"
enable_mariadb: "yes" enable_mariadb: "yes"
enable_memcached: "yes" enable_memcached: "yes"
enable_neutron: "yes" enable_neutron: "{{ enable_openstack_core | bool }}"
enable_nova: "yes" enable_nova: "{{ enable_openstack_core | bool }}"
enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}" enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}"
enable_outward_rabbitmq: "{{ enable_murano | bool }}" enable_outward_rabbitmq: "{{ enable_murano | bool }}"
@ -479,8 +483,8 @@ enable_fluentd: "yes"
enable_freezer: "no" enable_freezer: "no"
enable_gnocchi: "no" enable_gnocchi: "no"
enable_grafana: "no" enable_grafana: "no"
enable_heat: "yes" enable_heat: "{{ enable_openstack_core | bool }}"
enable_horizon: "yes" enable_horizon: "{{ enable_openstack_core | bool }}"
enable_horizon_blazar: "{{ enable_blazar | bool }}" enable_horizon_blazar: "{{ enable_blazar | bool }}"
enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}" enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}"
enable_horizon_congress: "{{ enable_congress | bool }}" enable_horizon_congress: "{{ enable_congress | bool }}"
@ -545,7 +549,7 @@ enable_nova_ssh: "yes"
enable_octavia: "no" enable_octavia: "no"
enable_onos: "no" enable_onos: "no"
enable_opendaylight: "no" enable_opendaylight: "no"
enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' }}" enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}"
enable_ovs_dpdk: "no" enable_ovs_dpdk: "no"
enable_osprofiler: "no" enable_osprofiler: "no"
enable_panko: "no" enable_panko: "no"

View File

@ -182,7 +182,7 @@ ironic_console_serial_speed: "115200n8"
ironic_ipxe_url: http://{{ api_interface_address }}:{{ ironic_ipxe_port }} ironic_ipxe_url: http://{{ api_interface_address }}:{{ ironic_ipxe_port }}
ironic_enable_rolling_upgrade: "yes" ironic_enable_rolling_upgrade: "yes"
ironic_inspector_kernel_cmdline_extras: [] ironic_inspector_kernel_cmdline_extras: []
ironic_inspector_pxe_filter: iptables ironic_inspector_pxe_filter: "{% if enable_neutron | bool %}iptables{% else %}none{% endif %}"
#################### ####################
## Kolla ## Kolla

View File

@ -3,6 +3,14 @@
:retry_dhcp :retry_dhcp
dhcp || goto retry_dhcp dhcp || goto retry_dhcp
{# Standalone ironic: use ironic-configured PXE configs #}
{% if not enable_neutron | bool %}
# load the MAC-specific file or fail if it's not found
:boot_system
chain pxelinux.cfg/${mac:hexhyp} || goto inspector_ipa
{% endif %}
:inspector_ipa
:retry_boot :retry_boot
imgfree imgfree
kernel --timeout 30000 {{ ironic_ipxe_url }}/ironic-agent.kernel ipa-inspection-callback-url=http://{{ kolla_internal_vip_address }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd=agent.ramdisk {{ ironic_inspector_kernel_cmdline_extras | join(' ') }} || goto retry_boot kernel --timeout 30000 {{ ironic_ipxe_url }}/ironic-agent.kernel ipa-inspection-callback-url=http://{{ kolla_internal_vip_address }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd=agent.ramdisk {{ ironic_inspector_kernel_cmdline_extras | join(' ') }} || goto retry_boot

View File

@ -2,6 +2,9 @@
debug = {{ ironic_logging_debug }} debug = {{ ironic_logging_debug }}
log_dir = /var/log/kolla/ironic-inspector log_dir = /var/log/kolla/ironic-inspector
{% if not enable_keystone | bool %}
auth_strategy = noauth
{% endif %}
listen_address = {{ api_interface_address }} listen_address = {{ api_interface_address }}
listen_port = {{ ironic_inspector_port }} listen_port = {{ ironic_inspector_port }}
transport_url = {{ rpc_transport_url }} transport_url = {{ rpc_transport_url }}
@ -10,6 +13,7 @@ transport_url = {{ rpc_transport_url }}
transport_url = {{ notify_transport_url }} transport_url = {{ notify_transport_url }}
[ironic] [ironic]
{% if enable_keystone | bool %}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password auth_type = password
project_domain_id = {{ default_project_domain_id }} project_domain_id = {{ default_project_domain_id }}
@ -18,7 +22,12 @@ project_name = service
username = {{ ironic_inspector_keystone_user }} username = {{ ironic_inspector_keystone_user }}
password = {{ ironic_inspector_keystone_password }} password = {{ ironic_inspector_keystone_password }}
os_endpoint_type = internalURL os_endpoint_type = internalURL
{% else %}
auth_type = none
endpoint_override = {{ ironic_internal_endpoint }}
{% endif %}
{% if enable_keystone | bool %}
[keystone_authtoken] [keystone_authtoken]
www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@ -32,6 +41,7 @@ password = {{ ironic_inspector_keystone_password }}
memcache_security_strategy = ENCRYPT memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }} memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
{% endif %}
{% if ironic_policy_file is defined %} {% if ironic_policy_file is defined %}
[oslo_policy] [oslo_policy]

View File

@ -59,7 +59,6 @@ memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
{% endif %} {% endif %}
{% if enable_cinder | bool %} {% if enable_cinder | bool %}
[cinder] [cinder]
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@ -69,8 +68,9 @@ user_domain_id = default
project_name = service project_name = service
username = {{ ironic_keystone_user }} username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }} password = {{ ironic_keystone_password }}
{% endif %} {% endif %}
{% if enable_glance | bool %}
[glance] [glance]
glance_api_servers = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }} glance_api_servers = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@ -80,7 +80,9 @@ user_domain_id = default
project_name = service project_name = service
username = {{ ironic_keystone_user }} username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }} password = {{ ironic_keystone_password }}
{% endif %}
{% if enable_neutron | bool %}
[neutron] [neutron]
url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }} url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
@ -91,9 +93,11 @@ project_name = service
username = {{ ironic_keystone_user }} username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }} password = {{ ironic_keystone_password }}
cleaning_network = {{ ironic_cleaning_network }} cleaning_network = {{ ironic_cleaning_network }}
{% endif %}
[inspector] [inspector]
enabled = true enabled = true
{% if enable_keystone | bool %}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password auth_type = password
project_domain_id = default project_domain_id = default
@ -101,7 +105,10 @@ user_domain_id = default
project_name = service project_name = service
username = {{ ironic_keystone_user }} username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }} password = {{ ironic_keystone_password }}
service_url = {{ ironic_inspector_internal_endpoint }} {% else %}
auth_type=none
{% endif %}
endpoint_override = {{ ironic_inspector_internal_endpoint }}
[agent] [agent]
deploy_logs_local_path = /var/log/kolla/ironic deploy_logs_local_path = /var/log/kolla/ironic
@ -128,3 +135,8 @@ http_url = {{ ironic_ipxe_url }}
[oslo_middleware] [oslo_middleware]
enable_proxy_headers_parsing = True enable_proxy_headers_parsing = True
{% if not enable_neutron | bool %}
[dhcp]
dhcp_provider = none
{% endif %}

View File

@ -171,6 +171,19 @@ kolla_internal_vip_address: "10.10.10.254"
# Valid options are [ none, novnc, spice, rdp ] # Valid options are [ none, novnc, spice, rdp ]
#nova_console: "novnc" #nova_console: "novnc"
# These roles are required for Kolla to be operation, however a savvy deployer
# could disable some of these required roles and run their own services.
#enable_glance: "{{ enable_openstack_core | bool }}"
#enable_haproxy: "yes"
#enable_keepalived: "{{ enable_haproxy | bool }}"
#enable_keystone: "{{ enable_openstack_core | bool }}"
#enable_mariadb: "yes"
#enable_memcached: "yes"
#enable_neutron: "{{ enable_openstack_core | bool }}"
#enable_nova: "{{ enable_openstack_core | bool }}"
#enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}"
#enable_outward_rabbitmq: "{{ enable_murano | bool }}"
# OpenStack services can be enabled or disabled with these options # OpenStack services can be enabled or disabled with these options
#enable_aodh: "no" #enable_aodh: "no"
#enable_barbican: "no" #enable_barbican: "no"
@ -202,9 +215,8 @@ kolla_internal_vip_address: "10.10.10.254"
#enable_freezer: "no" #enable_freezer: "no"
#enable_gnocchi: "no" #enable_gnocchi: "no"
#enable_grafana: "no" #enable_grafana: "no"
#enable_haproxy: "yes" #enable_heat: "{{ enable_openstack_core | bool }}"
#enable_heat: "yes" #enable_horizon: "{{ enable_openstack_core | bool }}"
#enable_horizon: "yes"
#enable_horizon_blazar: "{{ enable_blazar | bool }}" #enable_horizon_blazar: "{{ enable_blazar | bool }}"
#enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}" #enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}"
#enable_horizon_congress: "{{ enable_congress | bool }}" #enable_horizon_congress: "{{ enable_congress | bool }}"
@ -264,7 +276,8 @@ kolla_internal_vip_address: "10.10.10.254"
#enable_octavia: "no" #enable_octavia: "no"
#enable_onos: "no" #enable_onos: "no"
#enable_opendaylight: "no" #enable_opendaylight: "no"
#enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' }}" #enable_openstack_core: "yes"
#enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}"
#enable_ovs_dpdk: "no" #enable_ovs_dpdk: "no"
#enable_osprofiler: "no" #enable_osprofiler: "no"
#enable_panko: "no" #enable_panko: "no"

View File

@ -0,0 +1,9 @@
---
features:
- |
Adds a new flag, ``enable_openstack_core``, which defaults to ``yes``.
Setting this flag to ``no`` will disable the core OpenStack services,
including Glance, Heat, Horizon, Keystone, Neutron, and Nova.
- |
Improves the default configuration of OpenStack Ironic when used in
standalone mode.