OpenStack Ironic Puppet Module
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

455 lines
17KB

  1. #
  2. # Copyright (C) 2015 Red Hat, Inc.
  3. #
  4. # Licensed under the Apache License, Version 2.0 (the "License"); you may
  5. # not use this file except in compliance with the License. You may obtain
  6. # a copy of the License at
  7. #
  8. # http://www.apache.org/licenses/LICENSE-2.0
  9. #
  10. # Unless required by applicable law or agreed to in writing, software
  11. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  12. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  13. # License for the specific language governing permissions and limitations
  14. # under the License.
  15. # Configure the ironic-inspector auxiliary service to Ironic
  16. #
  17. # === Parameters
  18. #
  19. # [*package_ensure*]
  20. # (optional) Control the ensure parameter for the package resource
  21. # Defaults to 'present'
  22. #
  23. # [*enabled*]
  24. # (optional) Define if the service must be enabled or not
  25. # Defaults to true
  26. #
  27. # [*listen_address*]
  28. # (optional) The listen IP for the Ironic-inspector API server.
  29. # Should be an valid IP address
  30. # Defaults to $::os_service_default.
  31. #
  32. # [*pxe_transfer_protocol*]
  33. # (optional) Protocol to be used for transferring the ramdisk
  34. # Defaults to 'tftp'. Valid values are 'tftp' or 'http'.
  35. #
  36. # [*dhcp_debug*]
  37. # (optional) Boolean to enable dnsmasq debug logging.
  38. # Defaults to false
  39. #
  40. # [*auth_strategy*]
  41. # (optional) API authentication strategy: keystone or noauth
  42. # Defaults to 'keystone'
  43. #
  44. # [*timeout*]
  45. # (optional) Timeout after which introspection is considered failed,
  46. # set to 0 to disable.
  47. # Defaults to $::os_service_default
  48. #
  49. # [*dnsmasq_interface*]
  50. # (optional) The interface for the ironic-inspector dnsmasq process
  51. # to listen on
  52. # Defaults to 'br-ctlplane'
  53. #
  54. # [*db_connection*]
  55. # (optional) Location of the ironic-inspector node cache database
  56. # Defaults to undef
  57. #
  58. # [*ramdisk_logs_dir*]
  59. # (optional) Location to store logs retrieved from the ramdisk
  60. # Defaults to '/var/log/ironic-inspector/ramdisk/'
  61. #
  62. # [*always_store_ramdisk_logs*]
  63. # (optional) Whether to store ramdisk logs even for successful introspection.
  64. # Defaults to $::os_service_default
  65. #
  66. # [*add_ports*]
  67. # (optional) Which MAC addresses to add as ports during introspection.
  68. # Allowed values: all, active, pxe.
  69. # Defaults to $::os_service_default
  70. #
  71. # [*keep_ports*]
  72. # (optional) Which ports to keep after introspection
  73. # Defaults to 'all'
  74. #
  75. # [*store_data*]
  76. # (optional) Method for storing introspection data
  77. # Defaults to 'none'
  78. #
  79. # [*ironic_auth_type*]
  80. # (optional) Authentication plugin for accessing Ironic
  81. # Defaults to 'password'
  82. #
  83. # [*ironic_username*]
  84. # (optional) User name for accessing Ironic API
  85. # Defaults to 'ironic'
  86. #
  87. # [*ironic_password*]
  88. # (optional) Password for accessing Ironic API
  89. # Defaults to undef. Set a value unless using noauth.
  90. #
  91. # [*ironic_tenant_name*]
  92. # (optional) Tenant name for accessing Ironic API
  93. # Defaults to 'services'
  94. #
  95. # [*ironic_project_domain_name*]
  96. # (Optional) Name of domain for $ironic_tenant_name
  97. # Defaults to 'Default'
  98. #
  99. # [*ironic_user_domain_name*]
  100. # (Optional) Name of domain for $ironic_username
  101. # Defaults to 'Default'
  102. #
  103. # [*ironic_auth_url*]
  104. # (optional) Keystone authentication URL for Ironic
  105. # Defautls to 'http://127.0.0.1:5000/v3'
  106. #
  107. # [*ironic_max_retries*]
  108. # (optional) Maximum number of retries in case of conflict error
  109. # Defaults to 30
  110. #
  111. # [*ironic_retry_interval*]
  112. # (optional) Interval between retries in case of conflict error
  113. # Defaults to 2
  114. #
  115. # [*swift_auth_type*]
  116. # (optional) Authentication plugin for accessing Swift
  117. # Defaults to 'password'
  118. #
  119. # [*swift_username*]
  120. # (optional) User name for accessing Swift API
  121. # Defaults to 'ironic'
  122. #
  123. # [*swift_password*]
  124. # (optional) Password for accessing Swift API
  125. # Defaults to undef. Set a value if using Swift.
  126. #
  127. # [*swift_tenant_name*]
  128. # (optional) Tenant name for accessing Swift API
  129. # Defaults to 'services'
  130. #
  131. # [*swift_project_domain_name*]
  132. # (Optional) Name of domain for $swift_tenant_name
  133. # Defaults to 'Default'
  134. #
  135. # [*swift_user_domain_name*]
  136. # (Optional) Name of domain for $swift_username
  137. # Defaults to 'Default'
  138. #
  139. # [*swift_auth_url*]
  140. # (optional) Keystone authentication URL for Swift
  141. # Defautls to 'http://127.0.0.1:5000/v3'
  142. #
  143. # [*dnsmasq_ip_subnets*]
  144. # (optional) List of hashes with keys: 'tag', 'ip_range', 'netmask',
  145. # 'gateway' and 'classless_static_routes'. 'ip_range' is the only required
  146. # key. Assigning multiple tagged subnets allow dnsmasq to serve dhcp request
  147. # that came in via dhcp relay/helper.
  148. # Example:
  149. # [{'ip_range' => '192.168.0.100,192.168.0.120', 'mtu' => '1500'},
  150. # {'tag' => 'subnet1',
  151. # 'ip_range' => '192.168.1.100,192.168.1.200',
  152. # 'netmask' => '255.255.255.0',
  153. # 'gateway' => '192.168.1.254'},
  154. # {'tag' => 'subnet2',
  155. # 'ip_range' => '192.168.2.100,192.168.2.200',
  156. # 'netmask' => '255.255.255.0',
  157. # 'gateway' => '192.168.2.254',
  158. # 'classless_static_routes' => [{'destination' => '1.2.3.0/24',
  159. # 'nexthop' => '192.168.2.1'},
  160. # {'destination' => '4.5.6.0/24',
  161. # 'nexthop' => '192.168.2.1'}]}]
  162. # Defaults to []
  163. #
  164. # [*dnsmasq_local_ip*]
  165. # (optional) IP interface for the dnsmasq process
  166. # Defaults to '192.168.0.1'
  167. #
  168. # [*dnsmasq_dhcp_hostsdir*]
  169. # (optional) directory with DHCP hosts, only used with the "dnsmasq" PXE
  170. # filter.
  171. # Defaults to undef
  172. #
  173. # [*sync_db*]
  174. # Enable dbsync
  175. # Defaults to true
  176. #
  177. # [*ramdisk_collectors*]
  178. # Comma-separated list of IPA inspection collectors
  179. # Defaults to 'default'
  180. #
  181. # [*additional_processing_hooks*]
  182. # Comma-separated list of processing hooks to append to the default list.
  183. # Defaults to undef
  184. #
  185. # [*ramdisk_kernel_args*]
  186. # String with kernel arguments to send to the ramdisk on boot.
  187. # Defaults to undef
  188. #
  189. # [*ramdisk_filename*]
  190. # The filename of ramdisk which is used in pxelinux_cfg/ipxelinux_cfg templates
  191. # Defaults to 'agent.ramdisk'
  192. #
  193. # [*kernel_filename*]
  194. # The filename of kernel which is used in pxelinux_cfg/ipxelinux_cfg templates
  195. # Defaults to 'agent.kernel'
  196. #
  197. # [*ipxe_timeout*]
  198. # (optional) ipxe timeout in second. Should be an integer.
  199. # Defaults to $::os_service_default
  200. #
  201. # [*http_port*]
  202. # (optional) port used by the HTTP service serving introspection images.
  203. # Defaults to 8088.
  204. #
  205. # [*tftp_root*]
  206. # (optional) Folder location to deploy PXE boot files
  207. # Defaults to '/tftpboot'
  208. #
  209. # [*http_root*]
  210. # (optional) Folder location to deploy HTTP PXE boot
  211. # Defaults to '/httpboot'
  212. #
  213. # [*detect_boot_mode*]
  214. # (optional) Whether to store the boot mode (BIOS or UEFI).
  215. # Defaults to $::os_service_default
  216. #
  217. # [*node_not_found_hook*]
  218. # (optional) Plugin to run when a node is not found during lookup.
  219. # For example, "enroll" hook can be used for node auto-discovery.
  220. # Defaults to $::os_service_default
  221. #
  222. # [*discovery_default_driver*]
  223. # (optional) The default driver to use for auto-discovered nodes.
  224. # Requires node_not_found_hook set to "enroll".
  225. # Defaults to $::os_service_default
  226. #
  227. # [*enable_ppc64le*]
  228. # (optional) Boolean value to dtermine if ppc64le support should be enabled
  229. # Defaults to false (no ppc64le support)
  230. #
  231. # [*default_transport_url*]
  232. # (optional) A URL representing the messaging driver to use and its full
  233. # configuration. Transport URLs take the form:F
  234. # transport://user:pass@host1:port[,hostN:portN]/virtual_host
  235. # Defaults to 'fake://'
  236. #
  237. # [*ironic_url*]
  238. # (optional) Ironic API URL, used to set Ironic API URL when auth_strategy
  239. # option is noauth or auth_type is "none" to work with standalone Ironic
  240. # without keystone. String value
  241. # Defaults to 'undef'
  242. #
  243. # [*swift_container*]
  244. # (optional) Default Swift container name to use when creating objects.
  245. # String value
  246. # Defaults to $::os_service_default
  247. class ironic::inspector (
  248. $package_ensure = 'present',
  249. $enabled = true,
  250. $listen_address = $::os_service_default,
  251. $pxe_transfer_protocol = 'tftp',
  252. $dhcp_debug = false,
  253. $auth_strategy = 'keystone',
  254. $timeout = $::os_service_default,
  255. $dnsmasq_interface = 'br-ctlplane',
  256. $db_connection = undef,
  257. $ramdisk_logs_dir = '/var/log/ironic-inspector/ramdisk/',
  258. $always_store_ramdisk_logs = $::os_service_default,
  259. $add_ports = $::os_service_default,
  260. $keep_ports = 'all',
  261. $store_data = 'none',
  262. $ironic_auth_type = 'password',
  263. $ironic_username = 'ironic',
  264. $ironic_password = undef,
  265. $ironic_tenant_name = 'services',
  266. $ironic_project_domain_name = 'Default',
  267. $ironic_user_domain_name = 'Default',
  268. $ironic_auth_url = 'http://127.0.0.1:5000/v3',
  269. $ironic_url = undef,
  270. $ironic_max_retries = 30,
  271. $ironic_retry_interval = 2,
  272. $swift_auth_type = 'password',
  273. $swift_username = 'ironic',
  274. $swift_password = undef,
  275. $swift_tenant_name = 'services',
  276. $swift_project_domain_name = 'Default',
  277. $swift_user_domain_name = 'Default',
  278. $swift_auth_url = 'http://127.0.0.1:5000/v3',
  279. $swift_container = $::os_service_default,
  280. $dnsmasq_ip_subnets = [],
  281. $dnsmasq_local_ip = '192.168.0.1',
  282. $dnsmasq_dhcp_hostsdir = undef,
  283. $sync_db = true,
  284. $ramdisk_collectors = 'default',
  285. $ramdisk_filename = 'agent.ramdisk',
  286. $kernel_filename = 'agent.kernel',
  287. $additional_processing_hooks = undef,
  288. $ramdisk_kernel_args = undef,
  289. $ipxe_timeout = $::os_service_default,
  290. $http_port = '8088',
  291. $detect_boot_mode = $::os_service_default,
  292. $tftp_root = '/tftpboot',
  293. $http_root = '/httpboot',
  294. $node_not_found_hook = $::os_service_default,
  295. $discovery_default_driver = $::os_service_default,
  296. $enable_ppc64le = false,
  297. $default_transport_url = 'fake://',
  298. ) {
  299. include ::ironic::deps
  300. include ::ironic::params
  301. include ::ironic::pxe::common
  302. include ::ironic::inspector::db
  303. if $auth_strategy == 'keystone' {
  304. include ::ironic::inspector::authtoken
  305. }
  306. if !is_array($dnsmasq_ip_subnets) {
  307. fail('Invalid data type, parameter dnsmasq_ip_subnets must be Array type')
  308. }
  309. $tftp_root_real = pick($::ironic::pxe::common::tftp_root, $tftp_root)
  310. $http_root_real = pick($::ironic::pxe::common::http_root, $http_root)
  311. $http_port_real = pick($::ironic::pxe::common::http_port, $http_port)
  312. $ipxe_timeout_real = pick($::ironic::pxe::common::ipxe_timeout, $ipxe_timeout)
  313. file { '/etc/ironic-inspector/inspector.conf':
  314. ensure => 'present',
  315. owner => 'ironic-inspector',
  316. group => 'ironic-inspector',
  317. require => Anchor['ironic-inspector::config::begin'],
  318. }
  319. $dnsmasq_local_ip_real = normalize_ip_for_uri($dnsmasq_local_ip)
  320. $dnsmasq_ip_subnets_real = ipv6_normalize_dnsmasq_ip_subnets($dnsmasq_ip_subnets)
  321. if $pxe_transfer_protocol == 'tftp' {
  322. file { '/etc/ironic-inspector/dnsmasq.conf':
  323. ensure => 'present',
  324. content => template('ironic/inspector_dnsmasq_tftp.erb'),
  325. require => Anchor['ironic-inspector::config::begin'],
  326. }
  327. file { "${tftp_root_real}/pxelinux.cfg/default":
  328. ensure => 'present',
  329. seltype => 'tftpdir_t',
  330. owner => 'ironic-inspector',
  331. group => 'ironic-inspector',
  332. content => template('ironic/inspector_pxelinux_cfg.erb'),
  333. require => Anchor['ironic-inspector::config::begin'],
  334. }
  335. if $enable_ppc64le {
  336. file { "${tftp_root_real}/ppc64le/default":
  337. ensure => 'present',
  338. seltype => 'tftpdir_t',
  339. owner => 'ironic-inspector',
  340. group => 'ironic-inspector',
  341. content => template('ironic/inspector_pxelinux_cfg.erb'),
  342. require => Anchor['ironic-inspector::config::begin'],
  343. }
  344. }
  345. }
  346. if $pxe_transfer_protocol == 'http' {
  347. file { '/etc/ironic-inspector/dnsmasq.conf':
  348. ensure => 'present',
  349. content => template('ironic/inspector_dnsmasq_http.erb'),
  350. require => Anchor['ironic-inspector::config::begin'],
  351. }
  352. file { "${http_root_real}/inspector.ipxe":
  353. ensure => 'present',
  354. seltype => 'httpd_sys_content_t',
  355. owner => 'ironic-inspector',
  356. group => 'ironic-inspector',
  357. content => template('ironic/inspector_ipxe.erb'),
  358. require => Anchor['ironic-inspector::config::begin'],
  359. }
  360. }
  361. # Configure inspector.conf
  362. #Processing hooks string
  363. #Moved here in favor of removing the
  364. #140 chars exeeded error in puppet-lint
  365. $p_hooks = join(delete_undef_values(['$default_processing_hooks', $additional_processing_hooks]), ',')
  366. ironic_inspector_config {
  367. 'DEFAULT/listen_address': value => $listen_address;
  368. 'DEFAULT/auth_strategy': value => $auth_strategy;
  369. 'DEFAULT/timeout': value => $timeout;
  370. 'DEFAULT/transport_url': value => $default_transport_url;
  371. 'capabilities/boot_mode': value => $detect_boot_mode;
  372. 'iptables/dnsmasq_interface': value => $dnsmasq_interface;
  373. 'processing/ramdisk_logs_dir': value => $ramdisk_logs_dir;
  374. 'processing/always_store_ramdisk_logs': value => $always_store_ramdisk_logs;
  375. 'processing/add_ports': value => $add_ports;
  376. 'processing/keep_ports': value => $keep_ports;
  377. 'processing/store_data': value => $store_data;
  378. 'ironic/auth_type': value => $ironic_auth_type;
  379. 'ironic/username': value => $ironic_username;
  380. 'ironic/password': value => $ironic_password, secret => true;
  381. 'ironic/project_name': value => $ironic_tenant_name;
  382. 'ironic/project_domain_name': value => $ironic_project_domain_name;
  383. 'ironic/user_domain_name': value => $ironic_user_domain_name;
  384. 'ironic/auth_url': value => $ironic_auth_url;
  385. 'ironic/ironic_url': value => $ironic_url;
  386. 'ironic/max_retries': value => $ironic_max_retries;
  387. 'ironic/retry_interval': value => $ironic_retry_interval;
  388. 'swift/auth_type': value => $swift_auth_type;
  389. 'swift/username': value => $swift_username;
  390. 'swift/password': value => $swift_password, secret => true;
  391. 'swift/project_name': value => $swift_tenant_name;
  392. 'swift/project_domain_name': value => $swift_project_domain_name;
  393. 'swift/user_domain_name': value => $swift_user_domain_name;
  394. 'swift/auth_url': value => $swift_auth_url;
  395. 'swift/container': value => $swift_container;
  396. # Here we use oslo.config interpolation with another option default_processing_hooks,
  397. # which we don't change as it might break introspection completely.
  398. 'processing/processing_hooks': value => $p_hooks;
  399. 'processing/node_not_found_hook': value => $node_not_found_hook;
  400. 'discovery/enroll_node_driver': value => $discovery_default_driver;
  401. }
  402. # Install package
  403. if $::ironic::params::inspector_package {
  404. package { 'ironic-inspector':
  405. ensure => $package_ensure,
  406. name => $::ironic::params::inspector_package,
  407. tag => ['openstack', 'ironic-inspector-package'],
  408. }
  409. }
  410. if $sync_db {
  411. include ::ironic::inspector::db::sync
  412. }
  413. if $enabled {
  414. $ensure = 'running'
  415. } else {
  416. $ensure = 'stopped'
  417. }
  418. # Manage services
  419. service { 'ironic-inspector':
  420. ensure => $ensure,
  421. name => $::ironic::params::inspector_service,
  422. enable => $enabled,
  423. hasstatus => true,
  424. tag => 'ironic-inspector-service',
  425. }
  426. Keystone_endpoint<||> -> Service['ironic-inspector']
  427. service { 'ironic-inspector-dnsmasq':
  428. ensure => $ensure,
  429. name => $::ironic::params::inspector_dnsmasq_service,
  430. enable => $enabled,
  431. hasstatus => true,
  432. tag => 'ironic-inspector-dnsmasq-service',
  433. subscribe => File['/etc/ironic-inspector/dnsmasq.conf'],
  434. }
  435. }