Commit Graph

34 Commits

Author SHA1 Message Date
Harald Jensås
3044c0984d Wrap ipv6 addresses in inspector-ipxe template
Closes-Bug: #1845566
Change-Id: Ic5cf47b03a13fccc16ad9410cb4939848e254bd1
2019-09-27 23:08:17 +02:00
Harald Jensås
03550bc8c8 Add support to set option:mtu in inspector dnsmasq
It should be possible to configure the DHCP server to
provide the mtu option for inspection subnets.

This uses the dhcp-option-force so that the option is
provided also when the client does not ask for it.
According to dnsmasq manual page this is sometimes
required when sending options to PXELINUX.

Closes-Bug: #1845487
Change-Id: Ic95dbf1867fb5397f1b6d8f23466910a97051cb6
2019-09-26 13:49:56 +02:00
Harald Jensås
7b6b097d8a Convert ipv6 netmask to prefix in dnsmasq.conf
dnsmasq.conf require a prefix lenght as netmask for IPv6.
Convert a IPv6 address netmask to prefix.

Closes-Bug: #1828837
Change-Id: Idf84ba30eb4eb6d202faa470209f10c9da40e80b
2019-05-16 14:46:30 +02:00
Tobias Urdin
39115e63c2 Remove ironic::inspector::debug
Removes the deprecated parameter that is superseeded
by the dhcp_debug parameter.

Change-Id: I81dece5bcaf36c0f67d17398f2dd957b06dd2e1b
2019-05-10 16:32:34 +02:00
Harald Jensås
c192ee40ac Add support for classless-static-routes in inspector dnsmasq
Advanced users may need to push advanced routing to the client.
Add the possbility to configure the classless-static-route
(dhcp option: 121) in ironic inspectors dnsmasq.

Change-Id: I2229d386bff8ae63e4efe8406770b2b378a1991f
Related-Bug: #1819464
2019-03-12 18:27:39 +01:00
Tobias Urdin
19036bf75c Remove deprecated logging
Change-Id: I2c0bc7906a165f26b21a3283636409f75cfdb30a
2018-12-06 13:58:55 +01:00
Bob Fournier
44ad813ee6 Remove ironic inspector dnsmasq bind-interfaces setting
In order to allow the ironic inspector dnsmasq service to
receive packets after the network service is restarted, the
bind-interfaces option should not be set.  Since the
ironic inspector is bound to the br-ctlplane interface,
its not necessary to set this field as this dnsmasq instance
will only service this interface.

From the dnsmasq man page (http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html).
-z, --bind-interfaces
On systems which support it, dnsmasq binds the wildcard address,
even when it is listening on only some interfaces. It then
discards requests that it shouldn't reply to. This has the
advantage of working even when interfaces come and go and
change address. This option forces dnsmasq to really bind only
the interfaces it is listening on. About the only time when
this is useful is when running another nameserver (or another
instance of dnsmasq) on the same machine. Setting this option
also enables multiple instances of dnsmasq which provide DHCP
service to run in the same machine.

We do run another dnsmasq instance for neutron but that is bound to
the tap interface in the namespace.

Change-Id: I88a0b67a61944565e59f245f02f7e4620f92ec82
2018-09-07 10:10:20 +02:00
Tony Breeds
75477a9754 Add support for configuring ppc64le nodes
The aim of this change to the enable puppet-ironic as used by tripleo to
configure ironic and the tftp services in a way that "just works" with
tripleo.

It adds the ability to tweak ironic's command retry and spacing values
as well as creating architecture specific config and bootfile mappings

Blueprint: multiarch-support
Change-Id: Ia64dd21b55474d402315ba7c05e28604fff3aea8
2018-07-07 17:51:19 +10:00
Tobias Urdin
2ad9190159 Remove deprecated parameters
Removes deprecated parameters that has been
deprecated for one cycle or more.

Change-Id: I0c29a346e0df44bce5e4c661b4b8a77f9e126fc7
2018-06-13 13:45:27 +02:00
Dmitry Tantsur
76e4a89922 inspector: configure "dnsmasq" DHCP filter
Co-Authored-By: Harald Jensås <hjensas@redhat.com>
Related-Bug: #1756075
Change-Id: I056cdadc025f35d8b6fd22f510a7c0a8e259a1f0
2018-03-15 14:52:09 +01:00
Zuul
45da0fa6a7 Merge "Adding support for UEFI client arch type 11 (EFI aarch64)" 2017-10-20 01:51:24 +00:00
Dan Radez
21290f24b8 Adding support for UEFI client arch type 11 (EFI aarch64)
Change-Id: I41805919e265cf9209b527dbe9fb8c7acb74df17
2017-10-17 11:31:13 -04:00
Dmitry Tantsur
c9951abf87 Turn on DHCP logging in ironic-inspector when debug is true
Thanks to Dan Radez for pointing out this cool feature to me.

Change-Id: Ica31ab87b646e3bad21d55ba939437094f42cf9c
2017-10-17 12:35:30 +02:00
Bob Fournier
c00a1b88ba Increase Ironic inspector dnsmasq lease time
As described in bug, its possible that addresses provided to IPA via
DHCP may expire and not be added to the introspection report.  This
increases the dhcp lease time from 2 to 10 minutes.  There should be
no downside to increasing this lease time since these addresses
are only used during introspection.

Change-Id: Iae15e9db0acc2ecd5b087a9ca430be948bc3e649
Closes-Bug: 1721051
2017-10-04 14:14:30 -04:00
Bob Fournier
9d7d8e7042 Fixes for Ironic-inspector introspection when client using UEFI
This fixes an issue during introspection when the client loops
over ipxe.efi when using UEFI.  In addition it adds support to handle
clients which report UEFI client architecture type 9 (EFI x86-64).

Change-Id: I236a58aab4000395154e5f463bad07f65b8d8b64
Closes-Bug: 1714320
2017-08-31 16:50:26 -04:00
Derek Higgins
71ee4e42be Explicitly set inspector dhcp timeout to 2 minutes
The dnsmasq minimum is 2 minutes, so setting to 29 seconds doesn't
work. Setting it to 2 minutes better reflects reality.
Also using the minutes identifier (m) ensures that dnsmasq doesn't
attempt to parse the timeout as a prefix length if a IPv6 range is
provided.

Change-Id: I9e8585a7e4e5b6a21b05f3c5578c869a2c357b02
2017-08-17 10:41:59 +01:00
Xingchao Yu
6071888f14 Make kernel and ramdisk filename configurable
This patch add two params in inspector_pxelinux_cfg template,
to make kernel and ramdisk filename configurable.

Change-Id: I5a421cd6135d001763e4d83da778ab33e5b1baca
2017-05-05 09:31:26 +08:00
Dmitry Tantsur
65186a41dd Clean up deprecated items supposed to be removed in Ocata and Pike
* Support for disabling UEFI in inspector
* Authtoken signing_dir argument
* ironic::drivers::deploy manifest
* ironic::db::inspector_sync manifest
* enabled_drivers and rabbit_user from init manifest

This change leaves out the following deprecation
* Implicit including of ironic::pxe in inspector (due to unclear CI problems)
* Other rabbit_* parameters (THT still uses them, sigh)

Change-Id: Ibf1c64bb5a6538610dfd9529526f203374b4e7da
2017-04-03 14:00:59 +02:00
Harald Jensas
90f862ce25 Deprecate 'dnsmasq_ip_range' replaced by 'dnsmasq_ip_subnets'
With support for multiple subnets in Ironic Inspector dnsmasq
a new parameter 'dnsmasq_ip_subnets' was added. With this new
parameter the 'dnsmasq_ip_range' is redundant and should be
deprecated.

Change-Id: I07cbdd5e5573df23d6bdbfff4588cd870be933d9
2017-03-13 16:22:35 +01:00
Harald Jensas
9041a3af23 Multiple DHCP Subnets for Ironic Inspector
Add parameter 'dnsmasq_ip_subnets' and enable template to
configure dhcp-range and dhcp-option 'option:router' for
additional subnets in Ironic Inspector dnsmasq.

Implements: blueprint tripleo-routed-networks-ironic-inspector
Closes-Bug: #1637503
Change-Id: Ie49b07ffe948576f5d9330cf11ee014aef4b282d
2017-02-22 13:21:08 +01:00
Dmitry Tantsur
806d5a1569 Remove "dhcp" command from the iPXE script
At this point we already have DHCP on the right NIC to be able to download
this iPXE script. The "dhcp" may actually break the boot, as it runs DHCP
on the first available interface, not the PXE booting one.

Change-Id: I9ec62b6b662c9ea70f7cc12bd0567b5e4119faf7
Closes-Bug: #1635191
2016-10-20 18:05:51 +02:00
Lukas Bezdicka
0376a5f55d Introduce ironic::pxe class
We should provide option to setup PXE in order to remove PXE setup
from tripleo elements. Class ironic::pxe will setup tftpboot and
httpboot and class ironic::pxe::common will take care of common
dependancies between ironic, ironic inspector and pxe driver.

Change-Id: I8b83eff694316755e4dd2dbcde7b569472893bc5
2016-08-30 16:42:15 +02:00
Dmitry Tantsur
270b0cb7c7 [inspection] allow to configure HTTP port
We currently allow changing the HTTP port for Ironic iPXE support,
but we don't allow the same for ironic-inspector. This patch fixes it.

Change-Id: I62effb9d0196474a3768ef7e80528f730df8a543
Closes-Bug: #1602976
2016-07-14 14:19:35 +02:00
Gonéri Le Bouder
9d56010c8c iPXE: retry on failure during introspection
Ensure iPXE retry to boot from the network in case of failure.
--timeout is required to avoid an unlimited freeze, the goto loop is
here to force iPXE to retry the download. imgfree ensure the image get
clean.

References:
 I0fbb40c711a707ae9fae186e9afbe62b79168e28
 I472dfb73044df50849c9cf72de90e59151698376
 Issue: #1326656

Change-Id: I6782f6499a8a8a9706415b3c9b22d41a9abb2e30
2016-04-29 19:39:54 -04:00
Miles Gould
a7e66a34a4 Allow chainloading of Inspector ramdisk over UEFI
To send the Inspector ramdisk over HTTP rather than TFTP, we must first
send an iPXE boot image that knows how to speak HTTP, and then instruct
it to "chainload" the inspector ramdisk. Previously, we could only do
this if the machine being introspected had BIOS firmware. However, most
modern servers now use UEFI firmware, which requires a different iPXE
boot image (as described at http://ipxe.org/howto/chainloading).

We must specify the initrd in the iPXE `kernel` line to avoid the
problem described at http://forum.ipxe.org/showthread.php?tid=7589.

Change-Id: I9cb102178bee8039a8cfc157154ecbd315aba871
2016-04-08 17:25:37 +01:00
Miles Gould
b94bbf24af Revert "Allow chainloading of Inspector ramdisk over UEFI"
That commit included binary blobs, which were not acceptable to
downstream packagers.

This reverts commit 5279179040.

Change-Id: I3a97400af4bb44d5b41b846ffb1f766c1712b61a
2016-04-06 17:40:14 +01:00
Miles Gould
5279179040 Allow chainloading of Inspector ramdisk over UEFI
To send the Inspector ramdisk over HTTP rather than TFTP, we must first
send an iPXE boot image that knows how to speak HTTP, and then instruct
it to "chainload" the inspector ramdisk. Previously, we could only do
this if the machine being introspected had BIOS firmware. However, most
modern servers now use UEFI firmware, which requires a different iPXE
boot image (as described at http://ipxe.org/howto/chainloading).

We must specify the initrd in the iPXE `kernel` line to avoid the
problem described at http://forum.ipxe.org/showthread.php?tid=7589.

We include the iPXE binary images directly in the files/ subdirectory
and serve them from the puppet master. This is because

 - while there is a Debian package that contains both images, there is
   currently no package for Red Hat systems that contains the UEFI
   image;
 - downloading the images from ipxe.org would make our users vulnerable
   to any attack affecting that site.

Change-Id: I1f08578d4005c33feed84d4783a7a7693d13920c
Depends-On: I7dc191a38132db5fc2c68846c036d5b45061b398
2016-03-23 12:02:44 +00:00
Dmitry Tantsur
dfff2af147 [inspector] use dnsmasq dhcp-sequential-ip flag in dnsmasq.conf
Introspection naturally happens in large bulks, after which it's inactive.
Small pool for DHCP addresses means that we'll have conflicts due to how
dnsmasq distributes them by default - using hashing. This change tells dnsmasq
to allocate IP addresses sequentially instead to avoid these conflicts.

The drawback of this option is that long-running clients may switch IP
addresses if their lease expires. This is not a concern for short introspection
process.

Change-Id: I0f08609a9f72799ef9f62216041f2b2b9795afd5
2016-03-01 15:11:50 +01:00
Dmitry Tantsur
5704275b69 [inspector] allow sending random kernel arguments to the IPA
IPA accepts plenty of kernel arguments, adding all them explicitly
may be not practical. New option ramdisk_kernel_args allows to set
a string to append to the kernel command line when booting IPA.

The first use case that comes to my mind is ipa-inspection-benchmarks
option, enabling benchmarking during inspection.

Change-Id: Id6bb8f38beb299e72fb5ab0e4d9a89ac00a47df2
2016-02-16 15:07:17 +01:00
Dmitry Tantsur
271da81d45 Enable changing list of inspection collectors
Inspection collectors are IPA plugins that collect additional information
for inspection. This patch allow changing their list, with default remaining
the same (for now).

Change-Id: I1e5ea1cd5ee24872375cd53d3eebf14b1082d874
2016-01-06 12:54:19 +01:00
Dmitry Tantsur
8d9730a593 Add BOOTIF=${mac} to the inspector iPXE template
It is required to determine the booting NIC.

Change-Id: I8547d1f62047e678d0ba825451a07aea2dd1cb2b
Closes-Bug: #1517941
2015-11-19 15:58:09 +01:00
John Trowbridge
0358830fa7 Add ironic-inspector support
Add the ability to configure the ironic-inspector service
for doing introspection of bare metal nodes.

Closes-Bug: 1486197
Change-Id: I9b2917a2c3f6afe75dc295c81d09f7a12856007f
2015-10-06 09:17:41 -04:00
Ricardo Carrillo Cruz
5baf8d135c Put configuration files under configurable folder
Instead of putting baremetal.json and groupvars/all on the
git repo folder for Bifrost, just create a folder (which defaults
to /etc/bifrost) and put those files in there.
This will avoid having a dirty bifrost git repo and having issues
whenever the Bifrost git repo is updated.
Note, you will need to run
'ansible-playbook -e @/etc/bifrost/bifrost_global_vars ...' in order
to load the configuration file variables at execution time.
Check http://docs.ansible.com/ansible/playbooks_variables.html for
more info.

Change-Id: Id0f5711f6f4e18cf67586e2445d8bd09c5db7ca9
2015-08-24 18:48:47 +00:00
Ricardo Carrillo Cruz
95eeb73c4c Add bifrost manifest
Bifrost is a set of Ansible playbooks to install Ironic in
standalone mode and enrolling and deploying baremetal servers

Change-Id: I1f31c8a59d82112d998fb3555c9f55d5c850093d
2015-08-04 17:12:43 +02:00