95563da90f
Set OS_INTERFACE=internal in the container config script creating temporary URL's. Closes-Bug: #1882545 Change-Id: Idb068b7ba2ca77babc3a019d5f60ca0cf7ebb2d6
664 lines
30 KiB
YAML
664 lines
30 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack containerized Ironic Conductor service
|
|
|
|
parameters:
|
|
ContainerIronicConductorImage:
|
|
description: image
|
|
type: string
|
|
ContainerIronicConfigImage:
|
|
description: The container image to use for the ironic config_volume
|
|
type: string
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
Debug:
|
|
default: false
|
|
description: Set to True to enable debugging on all services.
|
|
type: boolean
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
IronicConfigureSwiftTempUrlKey:
|
|
default: true
|
|
description: Whether to configure Swift temporary URLs for use with
|
|
the "direct" and "ansible" deploy interfaces.
|
|
type: boolean
|
|
IronicAutomatedClean:
|
|
default: true
|
|
description: Enables or disables automated cleaning which may result in
|
|
security problems and deployment failures on rebuilds.
|
|
Do not set to False, unless you really know what you are doing.
|
|
type: boolean
|
|
IronicCleaningDiskErase:
|
|
default: 'full'
|
|
description: Type of disk cleaning before and between deployments,
|
|
"full" for full cleaning, "metadata" to clean only disk
|
|
metadata (partition table).
|
|
type: string
|
|
IronicCleaningNetwork:
|
|
default: 'provisioning'
|
|
description: Name or UUID of the *overcloud* network used for cleaning
|
|
bare metal nodes. The default value of "provisioning" can be
|
|
left during the initial deployment (when no networks are
|
|
created yet) and should be changed to an actual UUID in
|
|
a post-deployment stack update.
|
|
type: string
|
|
IronicDebug:
|
|
default: ''
|
|
description: Set to True to enable debugging Ironic services.
|
|
type: string
|
|
constraints:
|
|
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
|
|
IronicDefaultBootOption:
|
|
default: 'local'
|
|
description: How to boot the bare metal instances. Set to 'local' (the
|
|
default) to use local bootloader (requires grub2 for partition
|
|
images). Set to 'netboot' to make the instances boot from
|
|
controllers using PXE/iPXE.
|
|
type: string
|
|
IronicDefaultDeployInterface:
|
|
default: ''
|
|
description: Deploy interface implementation to use by default. Leave empty to
|
|
use the hardware type default.
|
|
type: string
|
|
IronicDefaultInspectInterface:
|
|
default: ''
|
|
description: Inspect interface implementation to use by default. Leave empty to
|
|
use the hardware type default.
|
|
type: string
|
|
IronicDefaultNetworkInterface:
|
|
default: 'flat'
|
|
description: Network interface implementation to use by default.
|
|
Set to "flat" (the default) to use one flat provider network.
|
|
Set to "neutron" to make Ironic interact with the Neutron
|
|
ML2 driver to enable other network types and certain
|
|
advances networking features. Requires
|
|
IronicProvisioningNetwork to be correctly set.
|
|
type: string
|
|
IronicDefaultRescueInterface:
|
|
default: 'agent'
|
|
description: Default rescue implementation to use. The "agent" rescue
|
|
requires a compatible ramdisk to be used.
|
|
type: string
|
|
IronicDeployLogsStorageBackend:
|
|
default: 'local'
|
|
description: Backend to use to store ramdisk logs, either "local"
|
|
or "swift".
|
|
type: string
|
|
IronicEnabledHardwareTypes:
|
|
default: ['ipmi', 'redfish']
|
|
description: Enabled Ironic hardware types
|
|
type: comma_delimited_list
|
|
IronicEnabledBiosInterfaces:
|
|
default: ['no-bios']
|
|
description: Enabled bios interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledBootInterfaces:
|
|
default: ['ipxe', 'pxe']
|
|
description: Enabled boot interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledConsoleInterfaces:
|
|
default: ['ipmitool-socat', 'no-console']
|
|
description: Enabled console interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledDeployInterfaces:
|
|
default: ['iscsi', 'direct']
|
|
description: Enabled deploy interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledInspectInterfaces:
|
|
default: ['no-inspect']
|
|
description: Enabled inspect interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledManagementInterfaces:
|
|
default: ['ipmitool', 'noop', 'redfish']
|
|
description: Enabled management interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledNetworkInterfaces:
|
|
default: ['flat', 'neutron']
|
|
description: Enabled network interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledPowerInterfaces:
|
|
default: ['ipmitool', 'redfish']
|
|
description: Enabled power interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledRaidInterfaces:
|
|
default: ['no-raid', 'agent']
|
|
description: Enabled RAID interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledRescueInterfaces:
|
|
default: ['no-rescue', 'agent']
|
|
description: Enabled rescue interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledStorageInterfaces:
|
|
default: ['cinder', 'noop']
|
|
description: Enabled storage interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledVendorInterfaces:
|
|
default: ['ipmitool', 'no-vendor']
|
|
description: Enabled vendor interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnableStagingDrivers:
|
|
default: false
|
|
description: Whether to enable use of staging drivers.
|
|
type: boolean
|
|
IronicImageDownloadSource:
|
|
default: swift
|
|
description: Image delivery method for the "direct" deploy interface.
|
|
Use "swift" for the Object Storage temporary URLs,
|
|
use "http" for the local HTTP server (the same as for iPXE).
|
|
type: string
|
|
IronicIPXEEnabled:
|
|
default: true
|
|
description: Whether to use iPXE instead of PXE for deployment.
|
|
type: boolean
|
|
IronicIPXEPort:
|
|
default: 8088
|
|
description: Port to use for serving images when iPXE is used.
|
|
type: string
|
|
IronicIPXETimeout:
|
|
default: 60
|
|
description: iPXE timeout in second. Set to 0 for infinite timeout.
|
|
type: string
|
|
IronicPassword:
|
|
description: The password for the Ironic service and db account, used by the Ironic services
|
|
type: string
|
|
hidden: true
|
|
IronicProvisioningNetwork:
|
|
default: 'provisioning'
|
|
description: Name or UUID of the *overcloud* network used for provisioning
|
|
of bare metal nodes, if IronicDefaultNetworkInterface is
|
|
set to "neutron". The default value of "provisioning" can be
|
|
left during the initial deployment (when no networks are
|
|
created yet) and should be changed to an actual UUID in
|
|
a post-deployment stack update.
|
|
type: string
|
|
IronicRescuingNetwork:
|
|
default: 'provisioning'
|
|
description: Name or UUID of the *overcloud* network used for resucing
|
|
of bare metal nodes, if IronicDefaultRescueInterface is not
|
|
set to "no-rescue". The default value of "provisioning" can be
|
|
left during the initial deployment (when no networks are
|
|
created yet) and should be changed to an actual UUID in
|
|
a post-deployment stack update.
|
|
type: string
|
|
IronicForcePowerStateDuringSync:
|
|
default: true
|
|
description: Whether to force power state during sync.
|
|
type: boolean
|
|
IronicConductorGroup:
|
|
description: The name of an Ironic Conductor Group.
|
|
default: ''
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
constraints:
|
|
- allowed_pattern: '^[a-zA-Z0-9_\-\.]*$'
|
|
MonitoringSubscriptionIronicConductor:
|
|
default: 'overcloud-ironic-conductor'
|
|
type: string
|
|
AdditionalArchitectures:
|
|
default: []
|
|
description: List of additional architectures to enable.
|
|
type: comma_delimited_list
|
|
IronicIpVersion:
|
|
default: 4
|
|
description: The IP version that will be used for PXE booting.
|
|
type: string
|
|
IronicDhcpv6StatefulAddressCount:
|
|
default: 4
|
|
description: Number of IPv6 addresses to allocate for ports created for
|
|
provisioning, cleaning, rescue or inspection on DHCPv6-stateful
|
|
networks. Different stages of the chain-loading process will
|
|
request addresses with different CLID/IAID. Due to non-
|
|
identical identifiers multiple addresses must be reserved for
|
|
the host to ensure each step of the boot process can
|
|
successfully lease addresses.
|
|
type: string
|
|
|
|
conditions:
|
|
default_deploy_interface_unset: {equals : [{get_param: IronicDefaultDeployInterface}, '']}
|
|
default_inspect_interface_unset: {equals : [{get_param: IronicDefaultInspectInterface}, '']}
|
|
service_debug:
|
|
or:
|
|
- equals: [{get_param: IronicDebug}, 'true']
|
|
- equals: [{get_param: IronicDebug}, 'True']
|
|
- equals: [{get_param: IronicDebug}, 'TRUE']
|
|
- equals: [{get_param: Debug}, true]
|
|
enable_architecture_ppc64le: {contains: ['ppc64le', {get_param: AdditionalArchitectures}]}
|
|
configure_swift_temp_url: {equals: [{get_param: IronicConfigureSwiftTempUrlKey}, true]}
|
|
ironic_conductor_group:
|
|
or:
|
|
- not: {equals: [{get_param: IronicConductorGroup}, '']}
|
|
- not: {equals: [{get_param: [RoleParameters, IronicConductorGroup]}, '']}
|
|
|
|
resources:
|
|
RoleParametersValue:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_replace:
|
|
- map_replace:
|
|
- if:
|
|
- ironic_conductor_group
|
|
- ironic::conductor::conductor_group: IronicConductorGroup
|
|
- {}
|
|
- values: {get_param: [RoleParameters]}
|
|
- values:
|
|
IronicConductorGroup: {get_param: IronicConductorGroup}
|
|
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../database/mysql-client.yaml
|
|
|
|
IronicBase:
|
|
type: ./ironic-base-puppet.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
Debug: {get_param: Debug}
|
|
IronicDebug: {get_param: IronicDebug}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Ironic Conductor role.
|
|
value:
|
|
service_name: ironic_conductor
|
|
firewall_rules:
|
|
'134 ironic conductor TFTP':
|
|
dport: 69
|
|
proto: udp
|
|
'135 ironic conductor HTTP':
|
|
dport: {get_param: IronicIPXEPort}
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [IronicBase, role_data, config_settings]
|
|
- get_attr: [RoleParametersValue, value]
|
|
-
|
|
if:
|
|
- default_deploy_interface_unset
|
|
- {}
|
|
- ironic::drivers::interfaces::default_deploy_interface: {get_param: IronicDefaultDeployInterface}
|
|
-
|
|
if:
|
|
- default_inspect_interface_unset
|
|
- {}
|
|
- ironic::drivers::interfaces::default_inspect_interface: {get_param: IronicDefaultInspectInterface}
|
|
-
|
|
if:
|
|
- enable_architecture_ppc64le
|
|
- ironic::pxe::enable_ppc64le: true
|
|
ironic::conductor::power_state_change_timeout: 60
|
|
ironic::drivers::ipmi::command_retry_timeout: 120
|
|
ironic::drivers::ipmi::min_command_interval: 15
|
|
- {}
|
|
- ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
|
|
ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork}
|
|
ironic::conductor::provisioning_network: {get_param: IronicProvisioningNetwork}
|
|
ironic::conductor::rescuing_network: {get_param: IronicRescuingNetwork}
|
|
ironic::conductor::default_boot_option: {get_param: IronicDefaultBootOption}
|
|
ironic::conductor::automated_clean: {get_param: IronicAutomatedClean}
|
|
ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes}
|
|
ironic::conductor::force_power_state_during_sync: {get_param: IronicForcePowerStateDuringSync}
|
|
ironic::conductor::allow_provisioning_in_maintenance: false
|
|
# We need an endpoint containing a real IP, not a VIP here
|
|
ironic_conductor_http_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK_uri')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
|
ironic::conductor::http_url:
|
|
list_join:
|
|
- ''
|
|
- - 'http://'
|
|
- "%{hiera('ironic_conductor_http_host')}:"
|
|
- {get_param: IronicIPXEPort}
|
|
ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
|
|
ironic::drivers::pxe::ipxe_timeout: {get_param: IronicIPXETimeout}
|
|
ironic::drivers::pxe::ip_version: {get_param: IronicIpVersion}
|
|
# NOTE: bind IP is found in hiera replacing the network name with the
|
|
# local node IP for the given network; replacement examples
|
|
# (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
ironic::drivers::pxe::tftp_server:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
|
ironic::pxe::tftp_bind_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK_uri')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
|
# NOTE(dtantsur): UEFI only works with iPXE currently for us
|
|
ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
|
|
ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
|
|
ironic::drivers::agent::deploy_logs_storage_backend: {get_param: IronicDeployLogsStorageBackend}
|
|
ironic::drivers::agent::deploy_logs_local_path: '/var/log/ironic/deploy/'
|
|
ironic::drivers::agent::deploy_logs_collect:
|
|
if:
|
|
- service_debug
|
|
- 'always'
|
|
- 'on_failure'
|
|
ironic::drivers::agent::image_download_source: {get_param: IronicImageDownloadSource}
|
|
# NOTE(emilien): ILO defaulting to UEFI does not match other drivers so bios is used.
|
|
ironic::drivers::ilo::default_boot_mode: 'bios'
|
|
ironic::drivers::interfaces::enabled_bios_interfaces: {get_param: IronicEnabledBiosInterfaces}
|
|
ironic::drivers::interfaces::enabled_boot_interfaces: {get_param: IronicEnabledBootInterfaces}
|
|
ironic::drivers::interfaces::enabled_console_interfaces: {get_param: IronicEnabledConsoleInterfaces}
|
|
ironic::drivers::interfaces::enabled_deploy_interfaces: {get_param: IronicEnabledDeployInterfaces}
|
|
ironic::drivers::interfaces::enabled_inspect_interfaces: {get_param: IronicEnabledInspectInterfaces}
|
|
ironic::drivers::interfaces::enabled_management_interfaces: {get_param: IronicEnabledManagementInterfaces}
|
|
ironic::drivers::interfaces::enabled_network_interfaces: {get_param: IronicEnabledNetworkInterfaces}
|
|
ironic::drivers::interfaces::enabled_power_interfaces: {get_param: IronicEnabledPowerInterfaces}
|
|
ironic::drivers::interfaces::enabled_raid_interfaces: {get_param: IronicEnabledRaidInterfaces}
|
|
ironic::drivers::interfaces::enabled_rescue_interfaces: {get_param: IronicEnabledRescueInterfaces}
|
|
ironic::drivers::interfaces::enabled_storage_interfaces: {get_param: IronicEnabledStorageInterfaces}
|
|
ironic::drivers::interfaces::enabled_vendor_interfaces: {get_param: IronicEnabledVendorInterfaces}
|
|
ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface}
|
|
ironic::drivers::interfaces::default_rescue_interface: {get_param: IronicDefaultRescueInterface}
|
|
# NOTE(dtantsur): the my_ip parameter is heavily overloaded in
|
|
# ironic. It's used as a default value for e.g. TFTP server IP,
|
|
# glance and neutron endpoints, virtual console IP. We override
|
|
# the TFTP server IP in ironic-conductor.yaml as it should not be
|
|
# the VIP, but rather a real IP of the host.
|
|
ironic::my_ip:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
|
ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
|
|
# Credentials to access other services
|
|
ironic::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::cinder::username: 'ironic'
|
|
ironic::cinder::password: {get_param: IronicPassword}
|
|
ironic::cinder::project_name: 'service'
|
|
ironic::cinder::user_domain_name: 'Default'
|
|
ironic::cinder::project_domain_name: 'Default'
|
|
ironic::cinder::region_name: {get_param: KeystoneRegion}
|
|
ironic::glance::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::glance::username: 'ironic'
|
|
ironic::glance::password: {get_param: IronicPassword}
|
|
ironic::glance::project_name: 'service'
|
|
ironic::glance::user_domain_name: 'Default'
|
|
ironic::glance::project_domain_name: 'Default'
|
|
ironic::glance::region_name: {get_param: KeystoneRegion}
|
|
ironic::neutron::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::neutron::username: 'ironic'
|
|
ironic::neutron::password: {get_param: IronicPassword}
|
|
ironic::neutron::project_name: 'service'
|
|
ironic::neutron::user_domain_name: 'Default'
|
|
ironic::neutron::project_domain_name: 'Default'
|
|
ironic::neutron::region_name: {get_param: KeystoneRegion}
|
|
ironic::neutron::dhcpv6_stateful_address_count: {get_param: IronicDhcpv6StatefulAddressCount}
|
|
ironic::service_catalog::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::service_catalog::username: 'ironic'
|
|
ironic::service_catalog::password: {get_param: IronicPassword}
|
|
ironic::service_catalog::project_name: 'service'
|
|
ironic::service_catalog::user_domain_name: 'Default'
|
|
ironic::service_catalog::project_domain_name: 'Default'
|
|
ironic::service_catalog::region_name: {get_param: KeystoneRegion}
|
|
ironic::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::swift::username: 'ironic'
|
|
ironic::swift::password: {get_param: IronicPassword}
|
|
ironic::swift::project_name: 'service'
|
|
ironic::swift::user_domain_name: 'Default'
|
|
ironic::swift::project_domain_name: 'Default'
|
|
ironic::swift::region_name: {get_param: KeystoneRegion}
|
|
# ironic-inspector support is not implemented, but let's configure
|
|
# the credentials for consistency.
|
|
ironic::drivers::inspector::enabled: false
|
|
ironic::drivers::inspector::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::drivers::inspector::username: 'ironic'
|
|
ironic::drivers::inspector::password: {get_param: IronicPassword}
|
|
ironic::drivers::inspector::project_name: 'service'
|
|
ironic::drivers::inspector::user_domain_name: 'Default'
|
|
ironic::drivers::inspector::project_domain_name: 'Default'
|
|
ironic::drivers::inspector::region_name: {get_param: KeystoneRegion}
|
|
tripleo::profile::base::ironic::conductor::enable_staging: {get_param: IronicEnableStagingDrivers}
|
|
# to avoid hard linking errors we store these on the same
|
|
# volume/device as the ironic master_path
|
|
# https://github.com/docker/docker/issues/7457
|
|
- ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot
|
|
- ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images
|
|
- ironic::pxe::tftp_root: /var/lib/ironic/tftpboot
|
|
- ironic::pxe::http_root: /var/lib/ironic/httpboot
|
|
- ironic::conductor::http_root: /var/lib/ironic/httpboot
|
|
service_config_settings: {}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: ironic
|
|
puppet_tags: ironic_config
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - include tripleo::profile::base::ironic::conductor
|
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
|
config_image: {get_param: ContainerIronicConfigImage}
|
|
volumes:
|
|
- /var/lib/ironic:/var/lib/ironic:z
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/ironic_conductor.json:
|
|
command: /usr/bin/ironic-conductor
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/lib/ironic
|
|
owner: ironic:ironic
|
|
recurse: true
|
|
- path: /var/log/ironic
|
|
owner: ironic:ironic
|
|
recurse: true
|
|
container_config_scripts:
|
|
create_swift_temp_url_key.sh:
|
|
mode: "0700"
|
|
content: |
|
|
#!/bin/bash
|
|
export OS_PROJECT_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_domain_name)
|
|
export OS_USER_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift user_domain_name)
|
|
export OS_PROJECT_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_name)
|
|
export OS_USERNAME=$(crudini --get /etc/ironic/ironic.conf swift username)
|
|
export OS_PASSWORD=$(crudini --get /etc/ironic/ironic.conf swift password)
|
|
export OS_AUTH_URL=$(crudini --get /etc/ironic/ironic.conf swift auth_url)
|
|
export OS_INTERFACE=internal
|
|
export OS_AUTH_TYPE=password
|
|
export OS_IDENTITY_API_VERSION=3
|
|
|
|
echo "Check if a temporary URL key already exists"
|
|
RETVAL=-1
|
|
RETRIES=5
|
|
while [ ${RETVAL} -ne 0 ] && [ ${RETRIES} -gt 0 ]; do
|
|
RETRIES=$[$RETRIES-1]
|
|
CMD_OUT=$(openstack object store account show -f value)
|
|
RETVAL=$?
|
|
if [ ${RETVAL} -ne 0 ]; then
|
|
echo Retrying...
|
|
sleep 5
|
|
continue
|
|
fi
|
|
if [[ ! ${CMD_OUT} =~ "Temp-Url-Key" ]] ; then
|
|
echo "Creating a new temporary URL for project $OS_PROJECT_NAME"
|
|
SWIFT_TEMP_URL_KEY=$(uuidgen | sha1sum | awk '{print $1}')
|
|
openstack object store account set --property "Temp-URL-Key=$SWIFT_TEMP_URL_KEY"
|
|
RETVAL=$?
|
|
fi
|
|
done
|
|
|
|
docker_config:
|
|
step_4:
|
|
map_merge:
|
|
- if:
|
|
- configure_swift_temp_url
|
|
- create_swift_temp_url_key:
|
|
start_order: 70
|
|
image: &ironic_conductor_image {get_param: ContainerIronicConductorImage}
|
|
net: host
|
|
detach: false
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/config-data/puppet-generated/ironic/etc/ironic:/etc/ironic:ro
|
|
- /var/lib/container-config-scripts/create_swift_temp_url_key.sh:/create_swift_temp_url_key.sh:ro
|
|
user: root
|
|
command: "/usr/bin/bootstrap_host_exec ironic_conductor /create_swift_temp_url_key.sh"
|
|
- {}
|
|
- ironic_conductor:
|
|
start_order: 80
|
|
image: *ironic_conductor_image
|
|
net: host
|
|
privileged: true
|
|
restart: always
|
|
healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]}
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/ironic:/var/lib/kolla/config_files/src:ro
|
|
- /lib/modules:/lib/modules:ro
|
|
- /sys:/sys
|
|
- /dev:/dev
|
|
- /run:/run #shared?
|
|
- /var/lib/ironic:/var/lib/ironic:z
|
|
- /var/log/containers/ironic:/var/log/ironic:z
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
host_prep_tasks:
|
|
- name: load iscsi_tcp module
|
|
import_role:
|
|
name: tripleo_module_load
|
|
vars:
|
|
modules:
|
|
- name: iscsi_tcp
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
setype: "{{ item.setype }}"
|
|
mode: "{{ item.mode|default(omit) }}"
|
|
with_items:
|
|
- { 'path': /var/log/containers/ironic, 'setype': container_file_t, 'mode': '0750' }
|
|
- { 'path': /var/lib/ironic, 'setype': container_file_t }
|
|
- name: stat /httpboot
|
|
stat: path=/httpboot
|
|
register: stat_httpboot
|
|
- name: stat /tftpboot
|
|
stat: path=/tftpboot
|
|
register: stat_tftpboot
|
|
- name: stat /var/lib/ironic/httpboot
|
|
stat: path=/var/lib/ironic/httpboot
|
|
register: stat_ironic_httpboot
|
|
- name: stat /var/lib/ironic/tftpboot
|
|
stat: path=/var/lib/ironic/tftpboot
|
|
register: stat_ironic_tftpboot
|
|
# cannot use 'copy' module as with 'remote_src' it doesn't support recursion
|
|
- name: migrate /httpboot to containerized (if applicable)
|
|
command: /bin/cp -R /httpboot /var/lib/ironic/httpboot
|
|
when: stat_httpboot.stat.exists and not stat_ironic_httpboot.stat.exists
|
|
- name: migrate /tftpboot to containerized (if applicable)
|
|
command: /bin/cp -R /tftpboot /var/lib/ironic/tftpboot
|
|
when: stat_tftpboot.stat.exists and not stat_ironic_tftpboot.stat.exists
|
|
# Even if there was nothing to copy from original locations,
|
|
# we need to create the dirs before starting the containers
|
|
- name: ensure ironic pxe directories exist
|
|
file:
|
|
path: /var/lib/ironic/{{ item }}
|
|
state: directory
|
|
with_items:
|
|
- httpboot
|
|
- tftpboot
|
|
# TODO(emilien): remove the cleanup tasks after Ussuri
|
|
# https://bugs.launchpad.net/tripleo/+bug/1868934
|
|
- name: Cleanup unnecessary container config-data
|
|
block: &ironic_config_data_cleanup
|
|
- name: Remove /var/lib/config-data/puppet-generated/ironic/var
|
|
file:
|
|
path: /var/lib/config-data/puppet-generated/ironic/var
|
|
state: absent
|
|
upgrade_tasks:
|
|
- name: Cleanup unnecessary container config-data
|
|
when:
|
|
- step|int == 0
|
|
tags: common
|
|
block: *ironic_config_data_cleanup
|
|
fast_forward_upgrade_tasks:
|
|
- when:
|
|
- step|int == 0
|
|
- release == 'rocky'
|
|
block:
|
|
- name: Check if ironic_conductor is deployed
|
|
command: systemctl is-enabled --quiet openstack-ironic-conductor
|
|
failed_when: false
|
|
register: ironic_conductor_enabled_result
|
|
- name: Set fact ironic_conductor_enabled
|
|
set_fact:
|
|
ironic_conductor_enabled: "{{ ironic_conductor_enabled_result.rc == 0 }}"
|
|
- name: Stop openstack-ironic-conductor
|
|
service: name=openstack-ironic-conductor state=stopped enabled=no
|
|
when:
|
|
- step|int == 1
|
|
- release == 'rocky'
|
|
- ironic_conductor_enabled|bool
|
|
- name: Ironic packages update
|
|
package:
|
|
name: 'openstack-ironic*'
|
|
state: latest
|
|
when:
|
|
- step|int == 6
|
|
- is_bootstrap_node|bool
|