Deploy standalone ironic and neutron in undercloud

This makes the following changes:

- Create cloud.yaml for undercloud with standalone services
- Remove keystone and memcached from the undercloud

Change-Id: I741123dcbf4544845b40e253d8b42d868317cc03

deployment/ironic/ironic-conductor-container-puppet.yaml

@@ -504,8 +504,6 @@ outputs:
             ironic::swift::user_domain_name: 'Default'
             ironic::swift::project_domain_name: 'Default'
             ironic::swift::region_name: {get_param: KeystoneRegion}
-            # ironic-inspector support is not implemented, but let's configure
-            # the credentials for consistency.
             ironic::drivers::inspector::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             ironic::drivers::inspector::username: 'ironic'
             ironic::drivers::inspector::password: {get_param: IronicPassword}
@@ -537,6 +535,12 @@ outputs:
                     - auth_strategy_noauth
                     - 'none'
                     - {get_param: IronicAuthStrategy}
+                ironic::drivers::inspector::auth_type:
+                  if:
+                    - auth_strategy_noauth
+                    - none
+                    - {get_param: IronicAuthStrategy}
+                ironic::drivers::inspector::endpoint_override: {get_param: [EndpointMap, IronicInspectorInternal, uri_no_suffix]}
                 ironic::service_catalog::endpoint_override: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
       service_config_settings: {}
       # BEGIN DOCKER SETTINGS

deployment/ironic/ironic-inspector-container-puppet.yaml

@@ -569,6 +569,7 @@ outputs:
                 template: |
                   admin:{{'$ADMIN_PASSWORD' | password_hash('bcrypt')}}
                   ironic-inspector:{{'$IRONIC_PASSWORD' | password_hash('bcrypt')}}
+                  ironic:{{'$IRONIC_PASSWORD' | password_hash('bcrypt')}}
                 params:
                   $ADMIN_PASSWORD: {get_param: AdminPassword}
                   $IRONIC_PASSWORD: {get_param: IronicPassword}

deployment/neutron/neutron-api-container-puppet.yaml

@@ -205,6 +205,10 @@ parameters:
     description: |
       Seconds to regard the agent as down; should be at least twice
       NeutronGlobalReportInterval, to be sure the agent is down for good.
+  IronicPassword:
+    description: The password for the Ironic service and db account, used by the Ironic services
+    type: string
+    hidden: true
 
 parameter_groups:
 - label: deprecated
@@ -574,9 +578,11 @@ outputs:
                     template: |
                       admin:{{'$ADMIN_PASSWORD' | password_hash('bcrypt')}}
                       neutron:{{'$NEUTRON_PASSWORD' | password_hash('bcrypt')}}
+                      ironic:{{'$IRONIC_PASSWORD' | password_hash('bcrypt')}}
                     params:
                       $ADMIN_PASSWORD: {get_param: AdminPassword}
                       $NEUTRON_PASSWORD: {get_param: NeutronPassword}
+                      $IRONIC_PASSWORD: {get_param: IronicPassword}
               when: is_http_basic | bool
       metadata_settings:
         list_concat:

environments/undercloud.yaml

@@ -15,9 +15,11 @@ resource_registry:
   OS::TripleO::Services::NeutronMl2PluginBase: ../deployment/neutron/neutron-plugin-ml2.yaml
 
   OS::TripleO::Services::OpenStackClients: ../deployment/clients/openstack-clients-baremetal-ansible.yaml
-
   OS::TripleO::Services::HeatEphemeral: ../deployment/heat/heat-ephemeral-container-ansible.yaml
 
+  # Disable keystone by default
+  OS::TripleO::Services::Keystone: OS::Heat::None
+  OS::TripleO::Services::Memcached: OS::Heat::None
   # services we disable by default on the undercloud
   OS::TripleO::Services::AodhApi: OS::Heat::None
   OS::TripleO::Services::AodhEvaluator: OS::Heat::None
@@ -74,11 +76,6 @@ parameter_defaults:
   # ensure we enable ip_forward before docker gets run
   KernelIpForward: 1
   KernelIpNonLocalBind: 1
-  KeystoneCorsAllowedOrigin: '*'
-  KeystoneEnableMember: true
-  # Increase the Token expiration time until we fix the actual session bug:
-  # https://bugs.launchpad.net/tripleo/+bug/1761050
-  TokenExpiration: 14400
   EnablePackageInstall: true
   StackAction: CREATE
   NetworkDeploymentActions: ['CREATE','UPDATE']
@@ -182,3 +179,5 @@ parameter_defaults:
   SshFirewallAllowAll: true
   NetworkSafeDefaults: false
   IronicRpcTransport: 'json-rpc'
+  IronicAuthStrategy: http_basic
+  NeutronAuthStrategy: http_basic

extraconfig/post_deploy/undercloud_post.py

@@ -14,7 +14,10 @@
 import json
 import openstack
 import os
+from pathlib import Path
+import shutil
 import subprocess
+import yaml
 
 CONF = json.loads(os.environ['config'])
 
@@ -77,6 +80,52 @@ def _configure_nova(sdk):
     print('INFO: Undercloud Post - Nova configuration completed successfully.')
 
 
+def create_update_clouds_yaml():
+    """Disable nova quotas"""
+    clouds_yaml_dir = '/etc/openstack'
+    clouds_yaml = os.path.join(clouds_yaml_dir, 'clouds.yaml')
+    cloud_name = CONF.get('cloud_name', 'undercloud')
+    Path(clouds_yaml_dir).mkdir(parents=True, exist_ok=True)
+
+    usr_clouds_yaml_dir = os.path.join(CONF['home_dir'], '.config/openstack')
+    usr_clouds_yaml = os.path.join(usr_clouds_yaml_dir, 'clouds.yaml')
+    Path(usr_clouds_yaml_dir).mkdir(parents=True, exist_ok=True)
+
+    data = {}
+    if os.path.exists(clouds_yaml):
+        with open(clouds_yaml, 'r') as fs:
+            data = yaml.safe_load(fs)
+
+    if 'clouds' not in data:
+        data['clouds'] = {}
+
+    data['clouds'][cloud_name] = {}
+    config = {}
+    config['auth_type'] = 'http_basic'
+    config['auth'] = {}
+    config['auth']['username'] = 'admin'
+    config['auth']['password'] = CONF.get('admin_password', 'admin')
+    config['baremetal_endpoint_override'] = CONF.get(
+        'endpoints', {}).get('baremetal', 'https://192.168.24.2:13385/')
+    config['network_endpoint_override'] = CONF.get(
+            'endpoints', {}).get('network', 'https://192.168.24.2:13696/')
+    config['baremetal_introspection_endpoint_override'] = CONF.get(
+            'endpoints', {}).get(
+                'baremetal_introspection', 'https://192.168.24.2:13696/')
+    config['baremetal_api_version'] = '1'
+    config['network_api_version'] = '2'
+
+    data['clouds'][cloud_name] = config
+    with open(clouds_yaml, 'w') as fs:
+        fs.write(yaml.dump(data, default_flow_style=False))
+
+    shutil.copyfile(clouds_yaml, usr_clouds_yaml)
+
+    stat_info = os.stat(CONF['home_dir'])
+    os.chown(usr_clouds_yaml_dir, stat_info.st_uid, stat_info.st_gid)
+    os.chown(usr_clouds_yaml, stat_info.st_uid, stat_info.st_gid)
+
+
 def _create_default_keypair(sdk):
     """Set up a default keypair."""
     ssh_dir = os.path.join(CONF['home_dir'], '.ssh')
@@ -88,6 +137,11 @@ def _create_default_keypair(sdk):
                                        public_key=pub_key_file.read())
 
 
+keystone_enabled = 'true' in _run_command(
+    ['hiera', 'keystone_enabled']).lower()
+if not keystone_enabled:
+    create_update_clouds_yaml()
+
 nova_api_enabled = 'true' in _run_command(
     ['hiera', 'nova_api_enabled']).lower()
 

extraconfig/post_deploy/undercloud_post.sh

@@ -3,6 +3,7 @@ set -eux
 
 HOMEDIR="$homedir"
 CLOUD_NAME="$cloud_name"
+
 USERNAME=`ls -ld $HOMEDIR | awk {'print $3'}`
 GROUPNAME=`ls -ld $HOMEDIR | awk {'print $4'}`
 

extraconfig/post_deploy/undercloud_post.yaml

@@ -159,6 +159,11 @@ resources:
               JSON:
                 cloud_name: {get_param: UndercloudCloudName}
                 home_dir: {get_param: UndercloudHomeDir}
+                admin_password: {get_param: AdminPassword}
+                endpoints:
+                  baremetal: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
+                  network: {get_param: [EndpointMap, NeutronPublic, uri_no_suffix]}
+                  baremetal_introspection: {get_param: [EndpointMap, IronicInspectorPublic, uri_no_suffix]}
 
   UndercloudCtlplaneNetworkConfig:
     type: OS::Heat::SoftwareConfig
@@ -170,7 +175,7 @@ resources:
 
   UndercloudCtlplaneNetworkDeployment:
     type: OS::Heat::SoftwareDeploymentGroup
-    depends_on: UndercloudPostDeployment
+    depends_on: UndercloudPostPyDeployment
     properties:
       name: UndercloudCtlplaneNetworkDeployment
       servers: {get_param: servers}