It should be possible to configure the DHCP server to
provide the mtu option for inspection subnets.
This uses the dhcp-option-force so that the option is
provided also when the client does not ask for it.
According to dnsmasq manual page this is sometimes
required when sending options to PXELINUX.
Closes-Bug: #1845487
Change-Id: Ic95dbf1867fb5397f1b6d8f23466910a97051cb6
dnsmasq.conf require a prefix lenght as netmask for IPv6.
Convert a IPv6 address netmask to prefix.
Closes-Bug: #1828837
Change-Id: Idf84ba30eb4eb6d202faa470209f10c9da40e80b
Advanced users may need to push advanced routing to the client.
Add the possbility to configure the classless-static-route
(dhcp option: 121) in ironic inspectors dnsmasq.
Change-Id: I2229d386bff8ae63e4efe8406770b2b378a1991f
Related-Bug: #1819464
In order to allow the ironic inspector dnsmasq service to
receive packets after the network service is restarted, the
bind-interfaces option should not be set. Since the
ironic inspector is bound to the br-ctlplane interface,
its not necessary to set this field as this dnsmasq instance
will only service this interface.
From the dnsmasq man page (http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html).
-z, --bind-interfaces
On systems which support it, dnsmasq binds the wildcard address,
even when it is listening on only some interfaces. It then
discards requests that it shouldn't reply to. This has the
advantage of working even when interfaces come and go and
change address. This option forces dnsmasq to really bind only
the interfaces it is listening on. About the only time when
this is useful is when running another nameserver (or another
instance of dnsmasq) on the same machine. Setting this option
also enables multiple instances of dnsmasq which provide DHCP
service to run in the same machine.
We do run another dnsmasq instance for neutron but that is bound to
the tap interface in the namespace.
Change-Id: I88a0b67a61944565e59f245f02f7e4620f92ec82
The aim of this change to the enable puppet-ironic as used by tripleo to
configure ironic and the tftp services in a way that "just works" with
tripleo.
It adds the ability to tweak ironic's command retry and spacing values
as well as creating architecture specific config and bootfile mappings
Blueprint: multiarch-support
Change-Id: Ia64dd21b55474d402315ba7c05e28604fff3aea8
As described in bug, its possible that addresses provided to IPA via
DHCP may expire and not be added to the introspection report. This
increases the dhcp lease time from 2 to 10 minutes. There should be
no downside to increasing this lease time since these addresses
are only used during introspection.
Change-Id: Iae15e9db0acc2ecd5b087a9ca430be948bc3e649
Closes-Bug: 1721051
This fixes an issue during introspection when the client loops
over ipxe.efi when using UEFI. In addition it adds support to handle
clients which report UEFI client architecture type 9 (EFI x86-64).
Change-Id: I236a58aab4000395154e5f463bad07f65b8d8b64
Closes-Bug: 1714320
The dnsmasq minimum is 2 minutes, so setting to 29 seconds doesn't
work. Setting it to 2 minutes better reflects reality.
Also using the minutes identifier (m) ensures that dnsmasq doesn't
attempt to parse the timeout as a prefix length if a IPv6 range is
provided.
Change-Id: I9e8585a7e4e5b6a21b05f3c5578c869a2c357b02
This patch add two params in inspector_pxelinux_cfg template,
to make kernel and ramdisk filename configurable.
Change-Id: I5a421cd6135d001763e4d83da778ab33e5b1baca
* Support for disabling UEFI in inspector
* Authtoken signing_dir argument
* ironic::drivers::deploy manifest
* ironic::db::inspector_sync manifest
* enabled_drivers and rabbit_user from init manifest
This change leaves out the following deprecation
* Implicit including of ironic::pxe in inspector (due to unclear CI problems)
* Other rabbit_* parameters (THT still uses them, sigh)
Change-Id: Ibf1c64bb5a6538610dfd9529526f203374b4e7da
With support for multiple subnets in Ironic Inspector dnsmasq
a new parameter 'dnsmasq_ip_subnets' was added. With this new
parameter the 'dnsmasq_ip_range' is redundant and should be
deprecated.
Change-Id: I07cbdd5e5573df23d6bdbfff4588cd870be933d9
At this point we already have DHCP on the right NIC to be able to download
this iPXE script. The "dhcp" may actually break the boot, as it runs DHCP
on the first available interface, not the PXE booting one.
Change-Id: I9ec62b6b662c9ea70f7cc12bd0567b5e4119faf7
Closes-Bug: #1635191
We should provide option to setup PXE in order to remove PXE setup
from tripleo elements. Class ironic::pxe will setup tftpboot and
httpboot and class ironic::pxe::common will take care of common
dependancies between ironic, ironic inspector and pxe driver.
Change-Id: I8b83eff694316755e4dd2dbcde7b569472893bc5
We currently allow changing the HTTP port for Ironic iPXE support,
but we don't allow the same for ironic-inspector. This patch fixes it.
Change-Id: I62effb9d0196474a3768ef7e80528f730df8a543
Closes-Bug: #1602976
Ensure iPXE retry to boot from the network in case of failure.
--timeout is required to avoid an unlimited freeze, the goto loop is
here to force iPXE to retry the download. imgfree ensure the image get
clean.
References:
I0fbb40c711a707ae9fae186e9afbe62b79168e28
I472dfb73044df50849c9cf72de90e59151698376
Issue: #1326656
Change-Id: I6782f6499a8a8a9706415b3c9b22d41a9abb2e30
To send the Inspector ramdisk over HTTP rather than TFTP, we must first
send an iPXE boot image that knows how to speak HTTP, and then instruct
it to "chainload" the inspector ramdisk. Previously, we could only do
this if the machine being introspected had BIOS firmware. However, most
modern servers now use UEFI firmware, which requires a different iPXE
boot image (as described at http://ipxe.org/howto/chainloading).
We must specify the initrd in the iPXE `kernel` line to avoid the
problem described at http://forum.ipxe.org/showthread.php?tid=7589.
Change-Id: I9cb102178bee8039a8cfc157154ecbd315aba871
That commit included binary blobs, which were not acceptable to
downstream packagers.
This reverts commit 5279179040.
Change-Id: I3a97400af4bb44d5b41b846ffb1f766c1712b61a
To send the Inspector ramdisk over HTTP rather than TFTP, we must first
send an iPXE boot image that knows how to speak HTTP, and then instruct
it to "chainload" the inspector ramdisk. Previously, we could only do
this if the machine being introspected had BIOS firmware. However, most
modern servers now use UEFI firmware, which requires a different iPXE
boot image (as described at http://ipxe.org/howto/chainloading).
We must specify the initrd in the iPXE `kernel` line to avoid the
problem described at http://forum.ipxe.org/showthread.php?tid=7589.
We include the iPXE binary images directly in the files/ subdirectory
and serve them from the puppet master. This is because
- while there is a Debian package that contains both images, there is
currently no package for Red Hat systems that contains the UEFI
image;
- downloading the images from ipxe.org would make our users vulnerable
to any attack affecting that site.
Change-Id: I1f08578d4005c33feed84d4783a7a7693d13920c
Depends-On: I7dc191a38132db5fc2c68846c036d5b45061b398
Introspection naturally happens in large bulks, after which it's inactive.
Small pool for DHCP addresses means that we'll have conflicts due to how
dnsmasq distributes them by default - using hashing. This change tells dnsmasq
to allocate IP addresses sequentially instead to avoid these conflicts.
The drawback of this option is that long-running clients may switch IP
addresses if their lease expires. This is not a concern for short introspection
process.
Change-Id: I0f08609a9f72799ef9f62216041f2b2b9795afd5
IPA accepts plenty of kernel arguments, adding all them explicitly
may be not practical. New option ramdisk_kernel_args allows to set
a string to append to the kernel command line when booting IPA.
The first use case that comes to my mind is ipa-inspection-benchmarks
option, enabling benchmarking during inspection.
Change-Id: Id6bb8f38beb299e72fb5ab0e4d9a89ac00a47df2
Inspection collectors are IPA plugins that collect additional information
for inspection. This patch allow changing their list, with default remaining
the same (for now).
Change-Id: I1e5ea1cd5ee24872375cd53d3eebf14b1082d874
Add the ability to configure the ironic-inspector service
for doing introspection of bare metal nodes.
Closes-Bug: 1486197
Change-Id: I9b2917a2c3f6afe75dc295c81d09f7a12856007f
Instead of putting baremetal.json and groupvars/all on the
git repo folder for Bifrost, just create a folder (which defaults
to /etc/bifrost) and put those files in there.
This will avoid having a dirty bifrost git repo and having issues
whenever the Bifrost git repo is updated.
Note, you will need to run
'ansible-playbook -e @/etc/bifrost/bifrost_global_vars ...' in order
to load the configuration file variables at execution time.
Check http://docs.ansible.com/ansible/playbooks_variables.html for
more info.
Change-Id: Id0f5711f6f4e18cf67586e2445d8bd09c5db7ca9
Bifrost is a set of Ansible playbooks to install Ironic in
standalone mode and enrolling and deploying baremetal servers
Change-Id: I1f31c8a59d82112d998fb3555c9f55d5c850093d