From 7900aeb223b81ef867535c462dbaa20eead77b31 Mon Sep 17 00:00:00 2001
From: James Denton <james.denton@outlook.com>
Date: Fri, 30 Oct 2020 15:10:24 -0500
Subject: [PATCH] Update Inspector listener address and network

This patch allows ironic-inspector to listen on host IP
rather than 0.0.0.0, as well as allows an existing Neutron-managed
inspection network to be used for inspection traffic.

Change-Id: I645857ad62954f08b160e5889f93dc1f6423def2
---
 defaults/main.yml           | 7 +++++--
 templates/inspector.conf.j2 | 3 +++
 templates/ironic.conf.j2    | 1 +
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index fe8c4092..cb3ef816 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -156,12 +156,14 @@ ironic_keystone_auth_plugin: password
 
 # Neutron network - Set these in a playbook/task - can be set manually.
 # Only "name" or "uuid" is needed, uuid will take preference if both are specified.
-# The cleaning network is not required to be set - it will default to the same as
-# the provisioning network if not specified.
+# The cleaning and inspection network is not required to be set; they will default
+# to the provisioning network if not specified.
 # ironic_neutron_provisioning_network_uuid: "UUID for provisioning network in neutron"
 # ironic_neutron_cleaning_network_uuid: "UUID for cleaning network in neutron"
+# ironic_neutron_inspection_network_uuid: "UUID for inspection network in neutron"
 # ironic_neutron_provisioning_network_name: "Name of provisioning network in neutron"
 # ironic_neutron_cleaning_network_name: "Name of cleaning network in neutron"
+# ironic_neutron_inspection_network_name: "Name of inspection network in neutron"
 
 # Integrated Openstack configuration
 ironic_enabled_network_interfaces_list: "flat,noop{{ (ironic_neutron_provisioning_network_uuid is defined) | ternary(',neutron','') }}"
@@ -293,6 +295,7 @@ ironic_inspector_service_description: "Ironic Baremetal Introspection Service"
 ironic_inspector_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(ironic_service_proto) }}"
 ironic_inspector_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(ironic_service_proto) }}"
 ironic_inspector_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(ironic_service_proto) }}"
+ironic_inspector_service_address: "{{ openstack_service_bind_address }}"
 ironic_inspector_service_port: 5050
 ironic_inspector_service_publicuri: "{{ ironic_inspector_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ ironic_inspector_service_port }}"
 ironic_inspector_service_publicurl: "{{ ironic_inspector_service_publicuri }}"
diff --git a/templates/inspector.conf.j2 b/templates/inspector.conf.j2
index cd6e08c5..38d23de5 100644
--- a/templates/inspector.conf.j2
+++ b/templates/inspector.conf.j2
@@ -1,6 +1,9 @@
 # {{ ansible_managed }}
 
 [DEFAULT]
+listen_address = {{ ironic_inspector_service_address }}
+listen_port = {{ ironic_inspector_service_port }}
+
 rootwrap_config = /etc/ironic-inspector/rootwrap.conf
 auth_strategy = keystone
 debug = {{ debug }}
diff --git a/templates/ironic.conf.j2 b/templates/ironic.conf.j2
index 16032b61..b087bc8e 100644
--- a/templates/ironic.conf.j2
+++ b/templates/ironic.conf.j2
@@ -171,6 +171,7 @@ insecure = {{ keystone_service_adminuri_insecure | bool }}
 {% if ironic_neutron_provisioning_network_name is defined %}
 provisioning_network = {{ ironic_neutron_provisioning_network_uuid | default(ironic_neutron_provisioning_network_name) | default('') }}
 cleaning_network = {{ ironic_neutron_cleaning_network_uuid | default(ironic_neutron_cleaning_network_name) | default(ironic_neutron_provisioning_network_uuid) | default(ironic_neutron_provisioning_network_name) | default('') }}
+inspection_network = {{ ironic_neutron_inspection_network_uuid | default(ironic_neutron_inspection_network_name) | default(ironic_neutron_provisioning_network_uuid) | default(ironic_neutron_provisioning_network_name) | default('') }}
 {% endif %}
 
 [oslo_concurrency]