Flatten Ironic services configuration

This change combines the previous puppet and docker files into a single file
that performs the docker service installation and configuration.

With this patch the baremetal version of Ironic services have been removed.

Change-Id: Icb33158a129356d939940433c82dae25a6334baf
Related-Blueprint: services-yaml-flattening
This commit is contained in:
Cédric Jeanneret 2018-12-13 13:22:56 +01:00
parent c4b816e8c5
commit ced9f888e9
17 changed files with 616 additions and 879 deletions

View File

@ -2,9 +2,9 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Services::NovaIronic: ../docker/services/nova-ironic.yaml OS::TripleO::Services::NovaIronic: ../docker/services/nova-ironic.yaml
OS::TripleO::Services::IronicApi: ../docker/services/ironic-api.yaml OS::TripleO::Services::IronicApi: ../deployment/ironic/ironic-api-container-puppet.yaml
OS::TripleO::Services::IronicConductor: ../docker/services/ironic-conductor.yaml OS::TripleO::Services::IronicConductor: ../deployment/ironic/ironic-conductor-container-puppet.yaml
OS::TripleO::Services::IronicPxe: ../docker/services/ironic-pxe.yaml OS::TripleO::Services::IronicPxe: ../deployment/ironic/ironic-pxe-container-puppet.yaml
parameter_defaults: parameter_defaults:
ControllerServices: ControllerServices:

View File

@ -2,9 +2,9 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml
OS::TripleO::Services::IronicApi: ../../docker/services/ironic-api.yaml OS::TripleO::Services::IronicApi: ../../deployment/ironic/ironic-api-container-puppet.yaml
OS::TripleO::Services::IronicConductor: ../../docker/services/ironic-conductor.yaml OS::TripleO::Services::IronicConductor: ../../deployment/ironic/ironic-conductor-container-puppet.yaml
OS::TripleO::Services::IronicPxe: ../../docker/services/ironic-pxe.yaml OS::TripleO::Services::IronicPxe: ../../deployment/ironic/ironic-pxe-container-puppet.yaml
# These enable Pacemaker # These enable Pacemaker
OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml OS::TripleO::Services::OsloMessagingRpc: ../../docker/services/pacemaker/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml OS::TripleO::Services::OsloMessagingNotify: ../../docker/services/messaging/notify-rabbitmq-shared.yaml

View File

@ -40,22 +40,61 @@ parameters:
default: false default: false
description: Remove package if the service is being disabled during upgrade description: Remove package if the service is being disabled during upgrade
type: boolean type: boolean
IronicPassword:
description: The password for the Ironic service and db account, used by the Ironic services
type: string
hidden: true
MonitoringSubscriptionIronicApi:
default: 'overcloud-ironic-api'
type: string
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
IronicApiPolicies:
description: |
A hash of policies to configure for Ironic API.
e.g. { ironic-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
IronicCorsAllowedOrigin:
type: string
default: ''
description: Indicate whether this resource may be shared with the domain received in the request
"origin" header.
EnableInternalTLS:
type: boolean
default: false
conditions:
cors_allowed_origin_unset: {equals : [{get_param: IronicCorsAllowedOrigin}, '']}
resources: resources:
ApacheServiceBase:
type: ../../puppet/services/apache.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
ContainersCommon: ContainersCommon:
type: ./containers-common.yaml type: ../../docker/services/containers-common.yaml
MySQLClient: MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml type: ../../puppet/services/database/mysql-client.yaml
IronicApiBase: IronicBase:
type: ../../puppet/services/ironic-api.yaml type: ./ironic-base-puppet.yaml
properties: properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData} ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap} ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords} DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName} RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters} RoleParameters: {get_param: RoleParameters}
@ -63,12 +102,82 @@ outputs:
role_data: role_data:
description: Role data for the Ironic API role. description: Role data for the Ironic API role.
value: value:
service_name: {get_attr: [IronicApiBase, role_data, service_name]} service_name: ironic_api
config_settings: config_settings:
map_merge: map_merge:
- get_attr: [IronicApiBase, role_data, config_settings] - get_attr: [IronicBase, role_data, config_settings]
- get_attr: [ApacheServiceBase, role_data, config_settings]
-
if:
- cors_allowed_origin_unset
- {}
- ironic::cors::allowed_origin: {get_param: IronicCorsAllowedOrigin}
- ironic::api::authtoken::password: {get_param: IronicPassword}
ironic::api::authtoken::project_name: 'service'
ironic::api::authtoken::user_domain_name: 'Default'
ironic::api::authtoken::project_domain_name: 'Default'
ironic::api::authtoken::username: 'ironic'
ironic::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
ironic::api::host_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
# This is used to build links in responses
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
ironic::api::service_name: 'httpd'
ironic::policy::policies: {get_param: IronicApiPolicies}
ironic::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]}
ironic::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::wsgi::apache::ssl: {get_param: EnableInternalTLS}
ironic::cors::max_age: 3600
ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
tripleo::ironic_api::firewall_rules:
'133 ironic api':
dport:
- 6385
- 13385
- apache::default_vhost: false - apache::default_vhost: false
service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]} service_config_settings:
keystone:
ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
ironic::keystone::auth::auth_name: 'ironic'
ironic::keystone::auth::password: {get_param: IronicPassword }
ironic::keystone::auth::tenant: 'service'
ironic::keystone::auth::region: {get_param: KeystoneRegion}
mysql:
ironic::db::mysql::password: {get_param: IronicPassword}
ironic::db::mysql::user: ironic
ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
ironic::db::mysql::dbname: ironic
ironic::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
# BEGIN DOCKER SETTINGS # BEGIN DOCKER SETTINGS
puppet_config: puppet_config:
config_volume: ironic_api config_volume: ironic_api
@ -76,7 +185,7 @@ outputs:
step_config: step_config:
list_join: list_join:
- "\n" - "\n"
- - {get_attr: [IronicApiBase, role_data, step_config]} - - include ::tripleo::profile::base::ironic::api
- {get_attr: [MySQLClient, role_data, step_config]} - {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerIronicApiConfigImage} config_image: {get_param: DockerIronicApiConfigImage}
kolla_config: kolla_config:

View File

@ -1,9 +1,20 @@
heat_template_version: rocky heat_template_version: rocky
description: > description: >
OpenStack Ironic conductor configured with Puppet OpenStack containerized Ironic Conductor service
parameters: parameters:
DockerIronicConductorImage:
description: image
type: string
DockerIronicConfigImage:
description: The container image to use for the ironic config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData: ServiceData:
default: {} default: {}
description: Dictionary packing service data description: Dictionary packing service data
@ -29,11 +40,11 @@ parameters:
default: {} default: {}
description: Parameters specific to the role description: Parameters specific to the role
type: json type: json
EndpointMap: IronicConfigureSwiftTempUrlKey:
default: {} default: true
description: Mapping of service endpoint -> protocol. Typically set description: Whether to configure Swift temporary URLs for use with
via parameter_defaults in the resource registry. the "direct" and "ansible" deploy interfaces.
type: json type: boolean
IronicAutomatedClean: IronicAutomatedClean:
default: true default: true
description: Enables or disables automated cleaning which may result in description: Enables or disables automated cleaning which may result in
@ -215,19 +226,10 @@ parameters:
default: [] default: []
description: List of additional architectures to enable. description: List of additional architectures to enable.
type: comma_delimited_list type: comma_delimited_list
UpgradeRemoveUnusedPackages:
resources: default: false
IronicBase: description: Remove package if the service is being disabled during upgrade
type: ./ironic-base.yaml type: boolean
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
Debug: {get_param: Debug}
IronicDebug: {get_param: IronicDebug}
conditions: conditions:
default_deploy_interface_unset: {equals : [{get_param: IronicDefaultDeployInterface}, '']} default_deploy_interface_unset: {equals : [{get_param: IronicDefaultDeployInterface}, '']}
@ -239,10 +241,31 @@ conditions:
- equals: [{get_param: IronicDebug}, 'TRUE'] - equals: [{get_param: IronicDebug}, 'TRUE']
- equals: [{get_param: Debug}, true] - equals: [{get_param: Debug}, true]
enable_architecture_ppc64le: {contains: ['ppc64le', {get_param: AdditionalArchitectures}]} enable_architecture_ppc64le: {contains: ['ppc64le', {get_param: AdditionalArchitectures}]}
configure_swift_temp_url: {equals: [{get_param: IronicConfigureSwiftTempUrlKey}, true]}
resources:
ContainersCommon:
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
IronicBase:
type: ./ironic-base-puppet.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
Debug: {get_param: Debug}
IronicDebug: {get_param: IronicDebug}
outputs: outputs:
role_data: role_data:
description: Role data for the Ironic conductor role. description: Role data for the Ironic Conductor role.
value: value:
service_name: ironic_conductor service_name: ironic_conductor
monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor} monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor}
@ -394,9 +417,213 @@ outputs:
ironic::drivers::inspector::user_domain_name: 'Default' ironic::drivers::inspector::user_domain_name: 'Default'
ironic::drivers::inspector::project_domain_name: 'Default' ironic::drivers::inspector::project_domain_name: 'Default'
tripleo::profile::base::ironic::conductor::enable_staging: {get_param: IronicEnableStagingDrivers} tripleo::profile::base::ironic::conductor::enable_staging: {get_param: IronicEnableStagingDrivers}
step_config: | # to avoid hard linking errors we store these on the same
include ::tripleo::profile::base::ironic::conductor # volume/device as the ironic master_path
# https://github.com/docker/docker/issues/7457
- ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot
- ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images
- ironic::pxe::tftp_root: /var/lib/ironic/tftpboot
- ironic::pxe::http_root: /var/lib/ironic/httpboot
- ironic::conductor::http_root: /var/lib/ironic/httpboot
service_config_settings: {}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: ironic
puppet_tags: ironic_config
step_config:
list_join:
- "\n"
- - include ::tripleo::profile::base::ironic::conductor
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerIronicConfigImage}
volumes:
- /var/lib/ironic:/var/lib/ironic:z
kolla_config:
/var/lib/kolla/config_files/ironic_conductor.json:
command: /usr/bin/ironic-conductor
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/lib/ironic
owner: ironic:ironic
recurse: true
- path: /var/log/ironic
owner: ironic:ironic
recurse: true
docker_config_scripts:
create_swift_temp_url_key.sh:
mode: "0700"
content: |
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_domain_name)
export OS_USER_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift user_domain_name)
export OS_PROJECT_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_name)
export OS_USERNAME=$(crudini --get /etc/ironic/ironic.conf swift username)
export OS_PASSWORD=$(crudini --get /etc/ironic/ironic.conf swift password)
export OS_AUTH_URL=$(crudini --get /etc/ironic/ironic.conf swift auth_url)
export OS_AUTH_TYPE=password
export OS_IDENTITY_API_VERSION=3
echo "Check if a temporary URL key already exists"
RETVAL=-1
RETRIES=5
while [ ${RETVAL} -ne 0 ] && [ ${RETRIES} -gt 0 ]; do
RETRIES=$[$RETRIES-1]
CMD_OUT=$(openstack object store account show -f value)
RETVAL=$?
if [ ${RETVAL} -ne 0 ]; then
echo Retrying...
sleep 5
continue
fi
if [[ ! ${CMD_OUT} =~ "Temp-Url-Key" ]] ; then
echo "Creating a new temporary URL for project $OS_PROJECT_NAME"
SWIFT_TEMP_URL_KEY=$(uuidgen | sha1sum | awk '{print $1}')
openstack object store account set --property "Temp-URL-Key=$SWIFT_TEMP_URL_KEY"
RETVAL=$?
fi
done
docker_config:
step_4:
map_merge:
- if:
- configure_swift_temp_url
- create_swift_temp_url_key:
start_order: 70
image: &ironic_conductor_image {get_param: DockerIronicConductorImage}
net: host
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/puppet-generated/ironic/etc/ironic:/etc/ironic:ro
- /var/lib/docker-config-scripts/create_swift_temp_url_key.sh:/create_swift_temp_url_key.sh:ro
user: root
command: "/usr/bin/bootstrap_host_exec ironic_conductor /create_swift_temp_url_key.sh"
- {}
- ironic_conductor:
start_order: 80
image: *ironic_conductor_image
net: host
privileged: true
restart: always
healthcheck:
test:
list_join:
- ' '
- - '/openstack/healthcheck'
- yaql:
expression: str($.data.port)
data:
port: {get_attr: [IronicBase, role_data, config_settings, 'ironic::rabbit_port']}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /sys:/sys
- /dev:/dev
- /run:/run #shared?
- /var/lib/ironic:/var/lib/ironic:z
- /var/log/containers/ironic:/var/log/ironic:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: load iscsi_tcp module
import_role:
name: tripleo-module-load
vars:
modules:
- name: iscsi_tcp
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t }
- name: ironic logs readme
copy:
dest: /var/log/ironic/readme.txt
content: |
Log files from ironic containers can be found under
/var/log/containers/ironic and /var/log/containers/httpd/ironic-*.
ignore_errors: true
- name: stat /httpboot
stat: path=/httpboot
register: stat_httpboot
- name: stat /tftpboot
stat: path=/tftpboot
register: stat_tftpboot
- name: stat /var/lib/ironic/httpboot
stat: path=/var/lib/ironic/httpboot
register: stat_ironic_httpboot
- name: stat /var/lib/ironic/tftpboot
stat: path=/var/lib/ironic/tftpboot
register: stat_ironic_tftpboot
# cannot use 'copy' module as with 'remote_src' it doesn't support recursion
- name: migrate /httpboot to containerized (if applicable)
command: /bin/cp -R /httpboot /var/lib/ironic/httpboot
when: stat_httpboot.stat.exists and not stat_ironic_httpboot.stat.exists
- name: migrate /tftpboot to containerized (if applicable)
command: /bin/cp -R /tftpboot /var/lib/ironic/tftpboot
when: stat_tftpboot.stat.exists and not stat_ironic_tftpboot.stat.exists
# Even if there was nothing to copy from original locations,
# we need to create the dirs before starting the containers
- name: ensure ironic pxe directories exist
file:
path: /var/lib/ironic/{{ item }}
state: directory
with_items:
- httpboot
- tftpboot
upgrade_tasks: upgrade_tasks:
- name: Stop ironic_conductor service - when: step|int == 3
when: step|int == 1 block:
service: name=openstack-ironic-conductor state=stopped - name: Set fact for removal of openstack-ironic-conductor package
set_fact:
remove_ironic_conductor_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-ironic-conductor package if operator requests it
package: name=openstack-ironic-conductor state=removed
ignore_errors: True
when: remove_ironic_conductor_package|bool
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- ironic_conductor
fast_forward_upgrade_tasks:
- when:
- step|int == 0
- release == 'ocata'
block:
- name: Check if ironic_conductor is deployed
command: systemctl is-enabled --quiet openstack-ironic-conductor
ignore_errors: True
register: ironic_conductor_enabled_result
- name: Set fact ironic_conductor_enabled
set_fact:
ironic_conductor_enabled: "{{ ironic_conductor_enabled_result.rc == 0 }}"
- name: Stop openstack-ironic-conductor
service: name=openstack-ironic-conductor state=stopped enabled=no
when:
- step|int == 1
- release == 'ocata'
- ironic_conductor_enabled|bool
- name: Ironic packages update
package:
name: 'openstack-ironic*'
state: latest
when:
- step|int == 6
- is_bootstrap_node|bool

View File

@ -1,12 +1,19 @@
heat_template_version: rocky heat_template_version: rocky
description: > description: >
OpenStack Ironic Inspector configured with Puppet (EXPERIMENTAL) OpenStack containerized Ironic Inspector service (EXPERIMENTAL)
parameters: parameters:
ServiceData: DockerIronicInspectorImage:
description: image
type: string
DockerIronicInspectorConfigImage:
description: The container image to use for the ironic_inspector config_volume
type: string
EndpointMap:
default: {} default: {}
description: Dictionary packing service data description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json type: json
ServiceNetMap: ServiceNetMap:
default: {} default: {}
@ -14,6 +21,10 @@ parameters:
via parameter_defaults in the resource registry. This via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults. mapping overrides those in ServiceNetMapDefaults.
type: json type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
DefaultPasswords: DefaultPasswords:
default: {} default: {}
type: json type: json
@ -25,11 +36,14 @@ parameters:
default: {} default: {}
description: Parameters specific to the role description: Parameters specific to the role
type: json type: json
EndpointMap: IPAImageURLs:
default: {} default: []
description: Mapping of service endpoint -> protocol. Typically set description: IPA image URLs, the format should be ["http://path/to/kernel", "http://path/to/ramdisk"]
via parameter_defaults in the resource registry.
type: json type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
MonitoringSubscriptionIronicInspector: MonitoringSubscriptionIronicInspector:
default: 'overcloud-ironic-inspector' default: 'overcloud-ironic-inspector'
type: string type: string
@ -150,13 +164,21 @@ conditions:
enable_node_discovery: {equals : [{get_param: IronicInspectorEnableNodeDiscovery}, true]} enable_node_discovery: {equals : [{get_param: IronicInspectorEnableNodeDiscovery}, true]}
ironic_inspection_subnets_not_set: {equals : [{get_param: IronicInspectorSubnets}, {}]} ironic_inspection_subnets_not_set: {equals : [{get_param: IronicInspectorSubnets}, {}]}
enable_architecture_ppc64le: {contains: ['ppc64le', {get_param: AdditionalArchitectures}]} enable_architecture_ppc64le: {contains: ['ppc64le', {get_param: AdditionalArchitectures}]}
ipa_images: {not: {equals: [{get_param: IPAImageURLs}, []]}}
resources:
ContainersCommon:
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
outputs: outputs:
role_data: role_data:
description: Role data for the Ironic Inspector role. description: Role data for the Ironic Inspector role.
value: value:
service_name: ironic_inspector service_name: ironic_inspector
monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
config_settings: config_settings:
map_merge: map_merge:
- ironic::inspector::listen_address: - ironic::inspector::listen_address:
@ -257,8 +279,9 @@ outputs:
- ironic::inspector::node_not_found_hook: 'enroll' - ironic::inspector::node_not_found_hook: 'enroll'
ironic::inspector::discovery_default_driver: {get_param: IronicInspectorDiscoveryDefaultDriver} ironic::inspector::discovery_default_driver: {get_param: IronicInspectorDiscoveryDefaultDriver}
- {} - {}
step_config: | # Match what we do for Ironic containers
include ::tripleo::profile::base::ironic_inspector - ironic::inspector::tftp_root: /var/lib/ironic/tftpboot
- ironic::inspector::http_root: /var/lib/ironic/httpboot
service_config_settings: service_config_settings:
keystone: keystone:
ironic::keystone::auth_inspector::tenant: 'service' ironic::keystone::auth_inspector::tenant: 'service'
@ -275,25 +298,180 @@ outputs:
ironic::inspector::db::mysql::allowed_hosts: ironic::inspector::db::mysql::allowed_hosts:
- '%' - '%'
- "%{hiera('mysql_bind_host')}" - "%{hiera('mysql_bind_host')}"
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: ironic_inspector
puppet_tags: ironic_inspector_config
step_config:
list_join:
- "\n"
- - include ::tripleo::profile::base::ironic_inspector
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerIronicInspectorConfigImage}
volumes:
- /var/lib/ironic:/var/lib/ironic:z
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:z
kolla_config:
/var/lib/kolla/config_files/ironic_inspector.json:
command: /usr/bin/ironic-inspector --config-file /etc/ironic-inspector/inspector-dist.conf --config-file /etc/ironic-inspector/inspector.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/ironic-inspector
owner: ironic-inspector:ironic-inspector
recurse: true
- path: /var/lib/ironic
owner: ironic:ironic
recurse: true
- path: /var/lib/ironic-inspector/dhcp-hostsdir
owner: ironic-inspector:ironic-inspector
recurse: true
/var/lib/kolla/config_files/ironic_inspector_dnsmasq.json:
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/lib/ironic-inspector/dhcp-hostsdir
owner: ironic-inspector:ironic-inspector
recurse: true
command: /sbin/dnsmasq --conf-file=/etc/ironic-inspector/dnsmasq.conf -k --log-facility=/var/log/ironic-inspector/dnsmasq.log
docker_config:
step_3:
ironic_inspector_init_log:
start_order: 0
image: &ironic_inspector_image
get_param: DockerIronicInspectorImage
user: root
volumes:
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/log/ironic-inspector']
ironic_inspector_init_dnsmasq_dhcp_hostsdir:
start_order: 1
image: *ironic_inspector_image
user: root
volumes:
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/lib/ironic-inspector/dhcp-hostsdir']
ironic_inspector_db_sync:
start_order: 2
image: *ironic_inspector_image
net: host
user: root
privileged: false
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ironic_inspector/etc/ironic-inspector:/etc/ironic-inspector:ro
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
command: "/usr/bin/bootstrap_host_exec ironic_inspector su ironic-inspector -s /bin/bash -c 'ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade'"
ironic_inspector_get_ipa:
start_order: 2
image: *ironic_inspector_image
net: host
user: root
privileged: false
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/ironic:/var/lib/ironic:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
command:
if:
- ipa_images
- list_join:
- " "
- - "curl -g -o /var/lib/ironic/httpboot/agent.kernel"
- {get_param: [IPAImageURLs, 0]}
- "-o /var/lib/ironic/httpboot/agent.ramdisk"
- {get_param: [IPAImageURLs, 1]}
- 'true'
step_4:
ironic_inspector:
start_order: 92
image: *ironic_inspector_image
privileged: true
net: host
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro
- /var/lib/ironic:/var/lib/ironic:shared,z
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ironic_inspector_dnsmasq:
start_order: 93
image: *ironic_inspector_image
privileged: true
net: host
restart: always
user: root
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector_dnsmasq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent ironic-inspector logs directory
file:
path: /var/log/containers/ironic-inspector
state: directory
setype: svirt_sandbox_file_t
- name: ironic-inspector logs readme
copy:
dest: /var/log/ironic-inspector/readme.txt
content: |
Log files from ironic-inspector container can be found under
/var/log/containers/ironic-inspector.
ignore_errors: true
- name: create persistent ironic-inspector dnsmasq dhcp hostsdir
file:
path: /var/lib/ironic-inspector/dhcp-hostsdir
state: directory
setype: svirt_sandbox_file_t
upgrade_tasks: upgrade_tasks:
- name: Stop and disable ironic_inspector service - when: step|int == 3
when: step|int == 2 block:
service: name=openstack-ironic-inspector state=stopped enabled=no - name: Set fact for removal of openstack-ironic-inspector package
- name: Stop and disable ironic_inspector dnsmasq service set_fact:
when: step|int == 2 remove_ironic_inspector_package: {get_param: UpgradeRemoveUnusedPackages}
service: name=openstack-ironic-inspector-dnsmasq state=stopped enabled=no - name: Remove openstack-ironic-inspector package if operator requests it
- name: purge iptables port 67 jump rule package: name=openstack-ironic-inspector state=removed
when: step|int == 2 ignore_errors: True
iptables: when: remove_ironic_inspector_package|bool
chain: INPUT post_upgrade_tasks:
interface: {get_param: IronicInspectorInterface} - when: step|int == 1
protocol: udp import_role:
destination_port: 67 name: tripleo-docker-rm
jump: ironic-inspector vars:
state: absent containers_to_rm:
- name: purge iptables ironic-inspector chain - ironic_inspector
when: step|int == 2 - ironic_inspector_dnsmasq
iptables:
chain: ironic-inspector
flush: true
state: absent

View File

@ -36,19 +36,28 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry. via parameter_defaults in the resource registry.
type: json type: json
IronicPassword:
description: The password for the Ironic service and db account, used by the Ironic services
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
resources: resources:
ContainersCommon: ContainersCommon:
type: ./containers-common.yaml type: ../../docker/services/containers-common.yaml
IronicNeutronAgentBase: # TODO() Point to the right neutron-base once neutron is flat
type: ../../puppet/services/ironic-neutron-agent.yaml NeutronBase:
type: ../../puppet/services/neutron-base.yaml
properties: properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData} ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap} ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords} DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName} RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters} RoleParameters: {get_param: RoleParameters}
@ -61,16 +70,23 @@ outputs:
role_data: role_data:
description: Role data for ironic-neutron-agent service description: Role data for ironic-neutron-agent service
value: value:
service_name: {get_attr: [IronicNeutronAgentBase, role_data, service_name]} service_name: ironic_neutron_agent
config_settings: config_settings:
map_merge: map_merge:
- get_attr: [IronicNeutronAgentBase, role_data, config_settings] - get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::ml2::networking_baremetal::user: 'ironic'
- neutron::agents::ml2::networking_baremetal::password: {get_param: IronicPassword}
- neutron::agents::ml2::networking_baremetal::auth_url: { get_param: [ EndpointMap, KeystoneInternal, uri_no_suffix ] }
- neutron::agents::ml2::networking_baremetal::project_name: 'service'
- neutron::agents::ml2::networking_baremetal::user_domain_name: 'Default'
- neutron::agents::ml2::networking_baremetal::project_domain_name: 'Default'
- neutron::agents::ml2::networking_baremetal::region_name: {get_param: KeystoneRegion}
- get_attr: [NeutronLogging, config_settings] - get_attr: [NeutronLogging, config_settings]
puppet_config: puppet_config:
config_volume: neutron config_volume: neutron
puppet_tags: neutron_config,ironic_neutron_agent_config puppet_tags: neutron_config,ironic_neutron_agent_config
step_config: step_config:
get_attr: [IronicNeutronAgentBase, role_data, step_config] include tripleo::profile::base::neutron::agents::networking_baremetal
config_image: {get_param: DockerNeutronConfigImage} config_image: {get_param: DockerNeutronConfigImage}
kolla_config: kolla_config:
/var/lib/kolla/config_files/ironic_neutron_agent.json: /var/lib/kolla/config_files/ironic_neutron_agent.json:

View File

@ -44,7 +44,7 @@ parameters:
resources: resources:
ContainersCommon: ContainersCommon:
type: ./containers-common.yaml type: ../../docker/services/containers-common.yaml
outputs: outputs:
role_data: role_data:

View File

@ -1,287 +0,0 @@
heat_template_version: rocky
description: >
OpenStack containerized Ironic Conductor service
parameters:
DockerIronicConductorImage:
description: image
type: string
DockerIronicConfigImage:
description: The container image to use for the ironic config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
IronicConfigureSwiftTempUrlKey:
default: true
description: Whether to configure Swift temporary URLs for use with
the "direct" and "ansible" deploy interfaces.
type: boolean
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
conditions:
configure_swift_temp_url: {equals: [{get_param: IronicConfigureSwiftTempUrlKey}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
IronicConductorBase:
type: ../../puppet/services/ironic-conductor.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ironic Conductor role.
value:
service_name: {get_attr: [IronicConductorBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [IronicConductorBase, role_data, config_settings]
# to avoid hard linking errors we store these on the same
# volume/device as the ironic master_path
# https://github.com/docker/docker/issues/7457
- ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot
- ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images
- ironic::pxe::tftp_root: /var/lib/ironic/tftpboot
- ironic::pxe::http_root: /var/lib/ironic/httpboot
- ironic::conductor::http_root: /var/lib/ironic/httpboot
service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: ironic
puppet_tags: ironic_config
step_config:
list_join:
- "\n"
- - {get_attr: [IronicConductorBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerIronicConfigImage}
volumes:
- /var/lib/ironic:/var/lib/ironic:z
kolla_config:
/var/lib/kolla/config_files/ironic_conductor.json:
command: /usr/bin/ironic-conductor
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/lib/ironic
owner: ironic:ironic
recurse: true
- path: /var/log/ironic
owner: ironic:ironic
recurse: true
docker_config_scripts:
create_swift_temp_url_key.sh:
mode: "0700"
content: |
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_domain_name)
export OS_USER_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift user_domain_name)
export OS_PROJECT_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_name)
export OS_USERNAME=$(crudini --get /etc/ironic/ironic.conf swift username)
export OS_PASSWORD=$(crudini --get /etc/ironic/ironic.conf swift password)
export OS_AUTH_URL=$(crudini --get /etc/ironic/ironic.conf swift auth_url)
export OS_AUTH_TYPE=password
export OS_IDENTITY_API_VERSION=3
echo "Check if a temporary URL key already exists"
RETVAL=-1
RETRIES=5
while [ ${RETVAL} -ne 0 ] && [ ${RETRIES} -gt 0 ]; do
RETRIES=$[$RETRIES-1]
CMD_OUT=$(openstack object store account show -f value)
RETVAL=$?
if [ ${RETVAL} -ne 0 ]; then
echo Retrying...
sleep 5
continue
fi
if [[ ! ${CMD_OUT} =~ "Temp-Url-Key" ]] ; then
echo "Creating a new temporary URL for project $OS_PROJECT_NAME"
SWIFT_TEMP_URL_KEY=$(uuidgen | sha1sum | awk '{print $1}')
openstack object store account set --property "Temp-URL-Key=$SWIFT_TEMP_URL_KEY"
RETVAL=$?
fi
done
docker_config:
step_4:
map_merge:
- if:
- configure_swift_temp_url
- create_swift_temp_url_key:
start_order: 70
image: &ironic_conductor_image {get_param: DockerIronicConductorImage}
net: host
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/puppet-generated/ironic/etc/ironic:/etc/ironic:ro
- /var/lib/docker-config-scripts/create_swift_temp_url_key.sh:/create_swift_temp_url_key.sh:ro
user: root
command: "/usr/bin/bootstrap_host_exec ironic_conductor /create_swift_temp_url_key.sh"
- {}
- ironic_conductor:
start_order: 80
image: *ironic_conductor_image
net: host
privileged: true
restart: always
healthcheck:
test:
list_join:
- ' '
- - '/openstack/healthcheck'
- yaql:
expression: str($.data.port)
data:
port: {get_attr: [IronicConductorBase, role_data, config_settings, 'ironic::rabbit_port']}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /sys:/sys
- /dev:/dev
- /run:/run #shared?
- /var/lib/ironic:/var/lib/ironic:z
- /var/log/containers/ironic:/var/log/ironic:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: load iscsi_tcp module
import_role:
name: tripleo-module-load
vars:
modules:
- name: iscsi_tcp
- name: create persistent directories
file:
path: "{{ item.path }}"
state: directory
setype: "{{ item.setype }}"
with_items:
- { 'path': /var/log/containers/ironic, 'setype': svirt_sandbox_file_t }
- { 'path': /var/lib/ironic, 'setype': svirt_sandbox_file_t }
- name: ironic logs readme
copy:
dest: /var/log/ironic/readme.txt
content: |
Log files from ironic containers can be found under
/var/log/containers/ironic and /var/log/containers/httpd/ironic-*.
ignore_errors: true
- name: stat /httpboot
stat: path=/httpboot
register: stat_httpboot
- name: stat /tftpboot
stat: path=/tftpboot
register: stat_tftpboot
- name: stat /var/lib/ironic/httpboot
stat: path=/var/lib/ironic/httpboot
register: stat_ironic_httpboot
- name: stat /var/lib/ironic/tftpboot
stat: path=/var/lib/ironic/tftpboot
register: stat_ironic_tftpboot
# cannot use 'copy' module as with 'remote_src' it doesn't support recursion
- name: migrate /httpboot to containerized (if applicable)
command: /bin/cp -R /httpboot /var/lib/ironic/httpboot
when: stat_httpboot.stat.exists and not stat_ironic_httpboot.stat.exists
- name: migrate /tftpboot to containerized (if applicable)
command: /bin/cp -R /tftpboot /var/lib/ironic/tftpboot
when: stat_tftpboot.stat.exists and not stat_ironic_tftpboot.stat.exists
# Even if there was nothing to copy from original locations,
# we need to create the dirs before starting the containers
- name: ensure ironic pxe directories exist
file:
path: /var/lib/ironic/{{ item }}
state: directory
with_items:
- httpboot
- tftpboot
upgrade_tasks:
- when: step|int == 3
block:
- name: Set fact for removal of openstack-ironic-conductor package
set_fact:
remove_ironic_conductor_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-ironic-conductor package if operator requests it
package: name=openstack-ironic-conductor state=removed
ignore_errors: True
when: remove_ironic_conductor_package|bool
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- ironic_conductor
fast_forward_upgrade_tasks:
- when:
- step|int == 0
- release == 'ocata'
block:
- name: Check if ironic_conductor is deployed
command: systemctl is-enabled --quiet openstack-ironic-conductor
ignore_errors: True
register: ironic_conductor_enabled_result
- name: Set fact ironic_conductor_enabled
set_fact:
ironic_conductor_enabled: "{{ ironic_conductor_enabled_result.rc == 0 }}"
- name: Stop openstack-ironic-conductor
service: name=openstack-ironic-conductor state=stopped enabled=no
when:
- step|int == 1
- release == 'ocata'
- ironic_conductor_enabled|bool
- name: Ironic packages update
package:
name: 'openstack-ironic*'
state: latest
when:
- step|int == 6
- is_bootstrap_node|bool

View File

@ -1,257 +0,0 @@
heat_template_version: rocky
description: >
OpenStack containerized Ironic Inspector service (EXPERIMENTAL)
parameters:
DockerIronicInspectorImage:
description: image
type: string
DockerIronicInspectorConfigImage:
description: The container image to use for the ironic_inspector config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
IPAImageURLs:
default: []
description: IPA image URLs, the format should be ["http://path/to/kernel", "http://path/to/ramdisk"]
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
IronicInspectorBase:
type: ../../puppet/services/ironic-inspector.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
ServiceData: {get_param: ServiceData}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
conditions:
ipa_images: {not: {equals: [{get_param: IPAImageURLs}, []]}}
outputs:
role_data:
description: Role data for the Ironic Inspector role.
value:
service_name: ironic_inspector
config_settings:
map_merge:
- get_attr: [IronicInspectorBase, role_data, config_settings]
# Match what we do for Ironic containers
- ironic::inspector::tftp_root: /var/lib/ironic/tftpboot
- ironic::inspector::http_root: /var/lib/ironic/httpboot
service_config_settings: {get_attr: [IronicInspectorBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: ironic_inspector
puppet_tags: ironic_inspector_config
step_config:
list_join:
- "\n"
- - {get_attr: [IronicInspectorBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerIronicInspectorConfigImage}
volumes:
- /var/lib/ironic:/var/lib/ironic:z
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:z
kolla_config:
/var/lib/kolla/config_files/ironic_inspector.json:
command: /usr/bin/ironic-inspector --config-file /etc/ironic-inspector/inspector-dist.conf --config-file /etc/ironic-inspector/inspector.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/ironic-inspector
owner: ironic-inspector:ironic-inspector
recurse: true
- path: /var/lib/ironic
owner: ironic:ironic
recurse: true
- path: /var/lib/ironic-inspector/dhcp-hostsdir
owner: ironic-inspector:ironic-inspector
recurse: true
/var/lib/kolla/config_files/ironic_inspector_dnsmasq.json:
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/lib/ironic-inspector/dhcp-hostsdir
owner: ironic-inspector:ironic-inspector
recurse: true
command: /sbin/dnsmasq --conf-file=/etc/ironic-inspector/dnsmasq.conf -k --log-facility=/var/log/ironic-inspector/dnsmasq.log
docker_config:
step_3:
ironic_inspector_init_log:
start_order: 0
image: &ironic_inspector_image
get_param: DockerIronicInspectorImage
user: root
volumes:
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/log/ironic-inspector']
ironic_inspector_init_dnsmasq_dhcp_hostsdir:
start_order: 1
image: *ironic_inspector_image
user: root
volumes:
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/lib/ironic-inspector/dhcp-hostsdir']
ironic_inspector_db_sync:
start_order: 2
image: *ironic_inspector_image
net: host
user: root
privileged: false
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ironic_inspector/etc/ironic-inspector:/etc/ironic-inspector:ro
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
command: "/usr/bin/bootstrap_host_exec ironic_inspector su ironic-inspector -s /bin/bash -c 'ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade'"
ironic_inspector_get_ipa:
start_order: 2
image: *ironic_inspector_image
net: host
user: root
privileged: false
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/ironic:/var/lib/ironic:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
command:
if:
- ipa_images
- list_join:
- " "
- - "curl -g -o /var/lib/ironic/httpboot/agent.kernel"
- {get_param: [IPAImageURLs, 0]}
- "-o /var/lib/ironic/httpboot/agent.ramdisk"
- {get_param: [IPAImageURLs, 1]}
- 'true'
step_4:
ironic_inspector:
start_order: 92
image: *ironic_inspector_image
privileged: true
net: host
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro
- /var/lib/ironic:/var/lib/ironic:shared,z
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ironic_inspector_dnsmasq:
start_order: 93
image: *ironic_inspector_image
privileged: true
net: host
restart: always
user: root
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector_dnsmasq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector:z
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent ironic-inspector logs directory
file:
path: /var/log/containers/ironic-inspector
state: directory
setype: svirt_sandbox_file_t
- name: ironic-inspector logs readme
copy:
dest: /var/log/ironic-inspector/readme.txt
content: |
Log files from ironic-inspector container can be found under
/var/log/containers/ironic-inspector.
ignore_errors: true
- name: create persistent ironic-inspector dnsmasq dhcp hostsdir
file:
path: /var/lib/ironic-inspector/dhcp-hostsdir
state: directory
setype: svirt_sandbox_file_t
upgrade_tasks:
- when: step|int == 3
block:
- name: Set fact for removal of openstack-ironic-inspector package
set_fact:
remove_ironic_inspector_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-ironic-inspector package if operator requests it
package: name=openstack-ironic-inspector state=removed
ignore_errors: True
when: remove_ironic_inspector_package|bool
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- ironic_inspector
- ironic_inspector_dnsmasq

View File

@ -1,2 +0,0 @@
resource_registry:
OS::TripleO::Services::IronicInspector: ../../puppet/services/ironic-inspector.yaml

View File

@ -1,7 +0,0 @@
resource_registry:
OS::TripleO::Services::IronicApi: ../../puppet/services/ironic-api.yaml
OS::TripleO::Services::IronicConductor: ../../puppet/services/ironic-conductor.yaml
OS::TripleO::Services::NovaIronic: ../../puppet/services/nova-ironic.yaml
OS::TripleO::Services::IronicNeutronAgent: ../../puppet/services/ironic-neutron-agent.yaml
parameter_defaults:
NovaSchedulerDiscoverHostsInCellsInterval: 15

View File

@ -1,5 +1,5 @@
resource_registry: resource_registry:
OS::TripleO::Services::IronicInspector: ../../docker/services/ironic-inspector.yaml OS::TripleO::Services::IronicInspector: ../../deployment/ironic/ironic-inspector-container-puppet.yaml
parameter_defaults: parameter_defaults:
IronicDefaultInspectInterface: inspector IronicDefaultInspectInterface: inspector

View File

@ -1,6 +1,6 @@
resource_registry: resource_registry:
OS::TripleO::Services::IronicApi: ../../docker/services/ironic-api.yaml OS::TripleO::Services::IronicApi: ../../deployment/ironic/ironic-api-container-puppet.yaml
OS::TripleO::Services::IronicConductor: ../../docker/services/ironic-conductor.yaml OS::TripleO::Services::IronicConductor: ../../deployment/ironic/ironic-conductor-container-puppet.yaml
OS::TripleO::Services::IronicPxe: ../../docker/services/ironic-pxe.yaml OS::TripleO::Services::IronicPxe: ../../deployment/ironic/ironic-pxe-container-puppet.yaml
OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml
OS::TripleO::Services::IronicNeutronAgent: ../../docker/services/ironic-neutron-agent.yaml OS::TripleO::Services::IronicNeutronAgent: ../../deployment/ironic/ironic-neutron-agent-container-puppet.yaml

View File

@ -1,172 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Ironic API configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
IronicPassword:
description: The password for the Ironic service and db account, used by the Ironic services
type: string
hidden: true
MonitoringSubscriptionIronicApi:
default: 'overcloud-ironic-api'
type: string
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
IronicApiPolicies:
description: |
A hash of policies to configure for Ironic API.
e.g. { ironic-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
IronicCorsAllowedOrigin:
type: string
default: ''
description: Indicate whether this resource may be shared with the domain received in the request
"origin" header.
EnableInternalTLS:
type: boolean
default: false
conditions:
cors_allowed_origin_unset: {equals : [{get_param: IronicCorsAllowedOrigin}, '']}
resources:
ApacheServiceBase:
type: ./apache.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
IronicBase:
type: ./ironic-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ironic API role.
value:
service_name: ironic_api
monitoring_subscription: {get_param: MonitoringSubscriptionIronicApi}
config_settings:
map_merge:
- get_attr: [IronicBase, role_data, config_settings]
- get_attr: [ApacheServiceBase, role_data, config_settings]
-
if:
- cors_allowed_origin_unset
- {}
- ironic::cors::allowed_origin: {get_param: IronicCorsAllowedOrigin}
- ironic::api::authtoken::password: {get_param: IronicPassword}
ironic::api::authtoken::project_name: 'service'
ironic::api::authtoken::user_domain_name: 'Default'
ironic::api::authtoken::project_domain_name: 'Default'
ironic::api::authtoken::username: 'ironic'
ironic::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
ironic::api::host_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
# This is used to build links in responses
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
ironic::api::service_name: 'httpd'
ironic::policy::policies: {get_param: IronicApiPolicies}
ironic::wsgi::apache::bind_host:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]}
ironic::wsgi::apache::servername:
str_replace:
template:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::wsgi::apache::ssl: {get_param: EnableInternalTLS}
ironic::cors::max_age: 3600
ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
tripleo::ironic_api::firewall_rules:
'133 ironic api':
dport:
- 6385
- 13385
step_config: |
include ::tripleo::profile::base::ironic::api
service_config_settings:
keystone:
ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
ironic::keystone::auth::auth_name: 'ironic'
ironic::keystone::auth::password: {get_param: IronicPassword }
ironic::keystone::auth::tenant: 'service'
ironic::keystone::auth::region: {get_param: KeystoneRegion}
mysql:
ironic::db::mysql::password: {get_param: IronicPassword}
ironic::db::mysql::user: ironic
ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
ironic::db::mysql::dbname: ironic
ironic::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
upgrade_tasks:
- name: Stop ironic_api service (before httpd support)
when: step|int == 1
service: name=openstack-ironic-api state=stopped enabled=no
- name: Stop ironic_api service (running under httpd)
when: step|int == 1
service: name=httpd state=stopped

View File

@ -1,71 +0,0 @@
heat_template_version: rocky
description: >
OpenStack ironic-neutron-agent configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
IronicPassword:
description: The password for the Ironic service and db account, used by the Ironic services
type: string
hidden: true
KeystoneRegion:
type: string
default: 'regionOne'
description: Keystone region for endpoint
resources:
NeutronBase:
type: ./neutron-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the ironic-neutron-agent service.
value:
service_name: ironic_neutron_agent
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::ml2::networking_baremetal::user: 'ironic'
- neutron::agents::ml2::networking_baremetal::password: {get_param: IronicPassword}
- neutron::agents::ml2::networking_baremetal::auth_url: { get_param: [ EndpointMap, KeystoneInternal, uri_no_suffix ] }
- neutron::agents::ml2::networking_baremetal::project_name: 'service'
- neutron::agents::ml2::networking_baremetal::user_domain_name: 'Default'
- neutron::agents::ml2::networking_baremetal::project_domain_name: 'Default'
- neutron::agents::ml2::networking_baremetal::region_name: {get_param: KeystoneRegion}
step_config: |
include tripleo::profile::base::neutron::agents::networking_baremetal
upgrade_tasks: []

View File

@ -0,0 +1,3 @@
---
upgrade:
- Installing Ironic on baremetal is no longer supported