From b7f0988c0c019d1ab09bb3d0c9343b96574069fb Mon Sep 17 00:00:00 2001
From: Dmitry Tantsur <dtantsur@protonmail.com>
Date: Tue, 5 Nov 2019 13:17:13 +0100
Subject: [PATCH] Configure parameters for managed in-band inspection

Change-Id: I4ddbba19f48d7f6643dab71097d2018b4a9757d3
Depends-On: https://review.opendev.org/688720
Story: #1528920
---
 manifests/conductor.pp                        | 28 ++++++++++
 manifests/drivers/inspector.pp                | 52 +++++++++++++------
 ...pection-managed-boot-d6ee9d6271b758d0.yaml |  8 +++
 spec/classes/ironic_conductor_spec.rb         |  5 ++
 spec/classes/ironic_drivers_inspector_spec.rb | 22 +++++---
 5 files changed, 90 insertions(+), 25 deletions(-)
 create mode 100644 releasenotes/notes/inspection-managed-boot-d6ee9d6271b758d0.yaml

diff --git a/manifests/conductor.pp b/manifests/conductor.pp
index c69bb6be..46233cd9 100644
--- a/manifests/conductor.pp
+++ b/manifests/conductor.pp
@@ -92,6 +92,12 @@
 #   for rescue. Can not be specified together with rescuing_network_name.
 #   Defaults to $::os_service_default
 #
+# [*inspection_network*]
+#   (optional) Neutron network UUID or name for the ramdisk to be booted into
+#   for in-band inspection. Can not be specified together with
+#   inspection_network_name.
+#   Defaults to $::os_service_default
+#
 # [*configdrive_use_swift*]
 #   (optional) Whether to use Swift for storing config drives instead of
 #   the database. Recommended for bigger config drives.
@@ -136,6 +142,12 @@
 #   Can not be specified together with rescuing_network.
 #   Defaults to undef, which leaves the configuration intact
 #
+# [*inspection_network_name*]
+#   (optional) If provided the name will be converted to UUID and set
+#   as value of neutron/inspection_network option in ironic.conf
+#   Can not be specified together with inspection_network.
+#   Defaults to undef, which leaves the configuration intact
+#
 # [*port_setup_delay*]
 #   (optional) Delay value to wait for Neutron agents to setup
 #   sufficient DHCP configuration for port.
@@ -206,6 +218,7 @@ class ironic::conductor (
   $api_url                             = $::os_service_default,
   $provisioning_network                = $::os_service_default,
   $rescuing_network                    = $::os_service_default,
+  $inspection_network                  = $::os_service_default,
   $configdrive_use_swift               = $::os_service_default,
   $configdrive_swift_container         = $::os_service_default,
   $inspect_timeout                     = $::os_service_default,
@@ -215,6 +228,7 @@ class ironic::conductor (
   $cleaning_network_name               = undef,
   $provisioning_network_name           = undef,
   $rescuing_network_name               = undef,
+  $inspection_network_name             = undef,
   $power_state_change_timeout          = $::os_service_default,
   $sync_power_state_interval           = $::os_service_default,
   $power_state_sync_max_retries        = $::os_service_default,
@@ -245,6 +259,10 @@ class ironic::conductor (
     fail('rescuing_network_name and rescuing_network can not be specified in the same time.')
   }
 
+  if ($inspection_network_name and !is_service_default($inspection_network)) {
+    fail('inspection_network_name and inspection_network can not be specified in the same time.')
+  }
+
   validate_legacy(Array, 'validate_array', $enabled_hardware_types)
 
   # NOTE(dtantsur): all in-tree drivers are IPA-based, so it won't hurt
@@ -347,6 +365,16 @@ class ironic::conductor (
     }
   }
 
+  if $inspection_network_name {
+    ironic_config {
+      'neutron/inspection_network': value => $inspection_network_name, transform_to => 'net_uuid';
+    }
+  } else {
+    ironic_config {
+      'neutron/inspection_network': value => $inspection_network;
+    }
+  }
+
   # Install package
   if $::ironic::params::conductor_package {
     package { 'ironic-conductor':
diff --git a/manifests/drivers/inspector.pp b/manifests/drivers/inspector.pp
index 8b05fe48..882fb5f8 100644
--- a/manifests/drivers/inspector.pp
+++ b/manifests/drivers/inspector.pp
@@ -46,6 +46,18 @@
 #   The endpoint URL for requests for this client
 #   Defaults to $::os_service_default
 #
+# [*callback_endpoint_override*]
+#   The endpoint URL to use for ramdisk callback in case of managed boot.
+#   Defaults to $::os_service_default
+#
+# [*power_off*]
+#   Whether to power off a node after inspection in case of managed boot.
+#   Defaults to $::os_service_default
+#
+# [*extra_kernel_params*]
+#   Extra kernel parameters to pass in case of managed boot.
+#   Defaults to $::os_service_default
+#
 # DEPRECATED PARAMETERS
 #
 # [*service_url*]
@@ -53,16 +65,19 @@
 #   Defaults to undef
 #
 class ironic::drivers::inspector (
-  $auth_type           = 'password',
-  $auth_url            = $::os_service_default,
-  $project_name        = 'services',
-  $username            = 'ironic',
-  $password            = $::os_service_default,
-  $user_domain_name    = 'Default',
-  $project_domain_name = 'Default',
-  $endpoint_override   = $::os_service_default,
+  $auth_type                  = 'password',
+  $auth_url                   = $::os_service_default,
+  $project_name               = 'services',
+  $username                   = 'ironic',
+  $password                   = $::os_service_default,
+  $user_domain_name           = 'Default',
+  $project_domain_name        = 'Default',
+  $endpoint_override          = $::os_service_default,
+  $callback_endpoint_override = $::os_service_default,
+  $power_off                  = $::os_service_default,
+  $extra_kernel_params        = $::os_service_default,
   # DEPRECATED PARAMETERS
-  $service_url         = undef,
+  $service_url                = undef,
 ) {
 
   include ::ironic::deps
@@ -73,13 +88,16 @@ has no effect. Please use ironic::drivers::inspector::endpoint_override instead.
   }
 
   ironic_config {
-    'inspector/auth_type':           value => $auth_type;
-    'inspector/username':            value => $username;
-    'inspector/password':            value => $password, secret => true;
-    'inspector/auth_url':            value => $auth_url;
-    'inspector/project_name':        value => $project_name;
-    'inspector/user_domain_name':    value => $user_domain_name;
-    'inspector/project_domain_name': value => $project_domain_name;
-    'inspector/endpoint_override':   value => $endpoint_override;
+    'inspector/auth_type':                  value => $auth_type;
+    'inspector/username':                   value => $username;
+    'inspector/password':                   value => $password, secret => true;
+    'inspector/auth_url':                   value => $auth_url;
+    'inspector/project_name':               value => $project_name;
+    'inspector/user_domain_name':           value => $user_domain_name;
+    'inspector/project_domain_name':        value => $project_domain_name;
+    'inspector/endpoint_override':          value => $endpoint_override;
+    'inspector/callback_endpoint_override': value => $callback_endpoint_override;
+    'inspector/power_off':                  value => $power_off;
+    'inspector/extra_kernel_params':        value => $extra_kernel_params;
   }
 }
diff --git a/releasenotes/notes/inspection-managed-boot-d6ee9d6271b758d0.yaml b/releasenotes/notes/inspection-managed-boot-d6ee9d6271b758d0.yaml
new file mode 100644
index 00000000..9ce486b0
--- /dev/null
+++ b/releasenotes/notes/inspection-managed-boot-d6ee9d6271b758d0.yaml
@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Allows configuring ``callback_endpoint_override``, ``power_off`` and
+    ``extra_kernel_params`` in ``ironic::drivers::inspector``.
+  - |
+    Allows setting ``inspection_network`` (or ``inspection_network_name``)
+    in ``ironic::conductor``.
diff --git a/spec/classes/ironic_conductor_spec.rb b/spec/classes/ironic_conductor_spec.rb
index db9a5aba..3648bc57 100644
--- a/spec/classes/ironic_conductor_spec.rb
+++ b/spec/classes/ironic_conductor_spec.rb
@@ -70,6 +70,7 @@ describe 'ironic::conductor' do
       is_expected.to contain_ironic_config('neutron/cleaning_network').with(:value => '<SERVICE DEFAULT>')
       is_expected.to contain_ironic_config('neutron/provisioning_network').with(:value => '<SERVICE DEFAULT>')
       is_expected.to contain_ironic_config('neutron/rescuing_network').with(:value => '<SERVICE DEFAULT>')
+      is_expected.to contain_ironic_config('neutron/inspection_network').with(:value => '<SERVICE DEFAULT>')
       is_expected.to contain_ironic_config('deploy/continue_if_disk_secure_erase_fails').with(:value => '<SERVICE DEFAULT>')
       is_expected.to contain_ironic_config('deploy/http_url').with(:value => '<SERVICE DEFAULT>')
       is_expected.to contain_ironic_config('deploy/http_root').with(:value => '<SERVICE DEFAULT>')
@@ -98,6 +99,7 @@ describe 'ironic::conductor' do
           :api_url                           => 'https://127.0.0.1:6385',
           :provisioning_network              => '00000000-0000-0000-0000-000000000000',
           :rescuing_network                  => '00000000-0000-0000-0000-000000000000',
+          :inspection_network                => '00000000-0000-0000-0000-000000000000',
           :cleaning_disk_erase               => 'metadata',
           :http_url                          => 'http://host:port',
           :http_root                         => '/src/www',
@@ -129,6 +131,7 @@ describe 'ironic::conductor' do
         is_expected.to contain_ironic_config('neutron/cleaning_network').with_value('00000000-0000-0000-0000-000000000000')
         is_expected.to contain_ironic_config('neutron/provisioning_network').with_value('00000000-0000-0000-0000-000000000000')
         is_expected.to contain_ironic_config('neutron/rescuing_network').with_value('00000000-0000-0000-0000-000000000000')
+        is_expected.to contain_ironic_config('neutron/inspection_network').with_value('00000000-0000-0000-0000-000000000000')
         is_expected.to contain_ironic_config('deploy/erase_devices_priority').with_value(0)
         is_expected.to contain_ironic_config('deploy/erase_devices_metadata_priority').with_value(10)
         is_expected.to contain_ironic_config('deploy/http_url').with_value(p[:http_url])
@@ -159,12 +162,14 @@ describe 'ironic::conductor' do
           :provisioning_network_name => 'abc',
           :cleaning_network_name => 'abc',
           :rescuing_network_name => 'abc',
+          :inspection_network_name => 'abc',
         )
       end
       it 'should set provisioning/cleaning/rescuing with new value' do
           is_expected.to contain_ironic_config('neutron/cleaning_network').with_value('abc').with_transform_to('net_uuid')
           is_expected.to contain_ironic_config('neutron/provisioning_network').with_value('abc').with_transform_to('net_uuid')
           is_expected.to contain_ironic_config('neutron/rescuing_network').with_value('abc').with_transform_to('net_uuid')
+          is_expected.to contain_ironic_config('neutron/inspection_network').with_value('abc').with_transform_to('net_uuid')
       end
     end
 
diff --git a/spec/classes/ironic_drivers_inspector_spec.rb b/spec/classes/ironic_drivers_inspector_spec.rb
index 1fd710d4..8adf3489 100644
--- a/spec/classes/ironic_drivers_inspector_spec.rb
+++ b/spec/classes/ironic_drivers_inspector_spec.rb
@@ -47,14 +47,17 @@ describe 'ironic::drivers::inspector' do
     context 'when overriding parameters' do
       before :each do
         params.merge!(
-            :auth_type           => 'noauth',
-            :auth_url            => 'http://example.com',
-            :project_name        => 'project1',
-            :username            => 'admin',
-            :password            => 'pa$$w0rd',
-            :user_domain_name    => 'NonDefault',
-            :project_domain_name => 'NonDefault',
-            :endpoint_override   => 'http://example2.com',
+            :auth_type                  => 'noauth',
+            :auth_url                   => 'http://example.com',
+            :project_name               => 'project1',
+            :username                   => 'admin',
+            :password                   => 'pa$$w0rd',
+            :user_domain_name           => 'NonDefault',
+            :project_domain_name        => 'NonDefault',
+            :endpoint_override          => 'http://example2.com',
+            :callback_endpoint_override => 'http://10.0.0.1/v1/continue',
+            :power_off                  => false,
+            :extra_kernel_params        => 'ipa-inspection-collectors=a,b,c',
         )
       end
 
@@ -67,6 +70,9 @@ describe 'ironic::drivers::inspector' do
         is_expected.to contain_ironic_config('inspector/user_domain_name').with_value(p[:user_domain_name])
         is_expected.to contain_ironic_config('inspector/project_domain_name').with_value(p[:project_domain_name])
         is_expected.to contain_ironic_config('inspector/endpoint_override').with_value(p[:endpoint_override])
+        is_expected.to contain_ironic_config('inspector/callback_endpoint_override').with_value(p[:callback_endpoint_override])
+        is_expected.to contain_ironic_config('inspector/power_off').with_value(p[:power_off])
+        is_expected.to contain_ironic_config('inspector/extra_kernel_params').with_value(p[:extra_kernel_params])
       end
     end