Ironic and inspector are extensible via the stevedore framework.
In order to add extra plugins to the ironic and inspector venvs
extra variables are needed to supply user defined lists of python
packages to install.
Change-Id: I656abb90827486bbb69bf0ccd7e990fd680f2c51
The directory for the tftp server defined consistently between ironic
and inspector, but not for the http directory.
This patch makes the definition of the http directory work the same
way as the tftp one.
Change-Id: I8d893faa31e5858c4923cb12ef453ec9397db5df
It might be needed to supply a list of extra deploy images as
well as the defaults, possibly to cover architectures in
addition to x86.
Change-Id: I2ecf21c44bac75b0e2cbf3bd786821ff0b7bf31a
1) The variable to allow processing hooks to be configured is used
in the ironic-inspector template but not documented in the role defaults.
Add the default and an example of usage.
2) When using LLDP to discover switchport connections during
inspection it is necessary to pass an additional kernel parameter
to the deploy image but there is no variable to allow this to
happen. This patch adds a variable that the deployer can use
to pass arbitrary kernel parameters to the deploy image.
Change-Id: I2f67dfcf4164e009bf53e9324bd430aec4c97dcb
The deploy image is required in two places in an ironic deployment,
first as images uploaded to glance for the ironic service, and second
as files on a web server for the ironic-inspector service.
Previously this role only placed the deploy images on the ironic
inspector web server, but this patch provides the functionality to
also upload the images to glance.
The variables for ironic deploy image source locations are
consolidated so that only one set are required to run the tasks
for both ironic and ironic-inspector, and several overrides are
available allowing the source to be overidden to a local mirror
easily.
Finally - the name of the files placed on the inspector web server
and into glance represent the upstream name of the image files rather
than generic names which lose versioning and release information.
Change-Id: I1aed9d97a4ddbfb70d2375f5204c55374d1067c9
For a simple unrouted network these do not exist, but the role
currently forces bogus values to be given for the dhcpd template.
Allow the values to be unset to reduce confusion.
Change-Id: I609a05c50d1de5668f2b092e3a3ef1015e944fe6
Define the callback URL in the role defaults so it can be specifically
overridden rather than needing to use config_template to override
the entire kernel parameters line in the inspector ipxe config.
Change-Id: Ib8d53b394937405c821687b1c46b2b19112267dd
Ironic has replaced deprecated pxe_append_params config option
with kernel_pxe_params. The ironic.conf template has been changed
accordingly, but support remains for config override
ironic_pxe_append_params.
Change-Id: Icedd2b8f0e81607caba93afd34557bd4c3a88b4d
Currently the ironic role uses ansible_host as the IP to bind these
services to, which means that in an LXC deployment it is not
possible to provision ironic hosts on the bmaas network as
the services are instead bound to the mgmt network.
The code worked previously as it is most likley developed on metal
and the CI job does not actually enrol/provision a node so the
test coverage is very small.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/852174
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/854231
Change-Id: Id544d395f42f4c36a17e9c20a35aeb56a5e3bf03
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I1d70c2c46fef6ffc0fcebe4b56a0ecdedc1d3298
This patchset aims to correct some design limitations with the current
ironic-inspector deploy process.
- a new ironic-inspector-dnsmasq service has been created to split
inspector-specific dnsmasq configuration out of the base dnsmasq
config files
- PXE/iPXE and UEFI support for ironic-inspector boot
- (todo) documentation improvements and diagrams
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/823426
Change-Id: Ib5cbb28f97dd7421bfecb815def89305f3b1da33
The [glance]glance_api_servers configuration option has been deprecated
since Pike and removed in 2019 per Ironic commit
dcfb4f10f31c11afa350ef6418a0e12e6be6e5b2. Removing from ironic.conf
template.
Change-Id: I3b09514635ee0c8665c425bd1fe42fb594361a0e
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I1c90ce68ce218d538cd89b111dc1ee4142f14eef
With PKI role in place in most cases you don't need to explicitly
provide path to the CA file because PKI role ensures that CA is trusted
by the system overall. In the meanwhile in PyMySQL [1] you must either
provide CA file or cert/key or enable verify.
Since current behaviour is to provide path to the custom CA we expect
certificate being trusted overall. Thus we enable cert verification when
galera_use_ssl is True.
[1] 78f0cf99e5/pymysql/connections.py (L267)
Change-Id: I79e43119830da22f09d7666b25054c6c14c28ffb
Instead of overriding each service separatelly it might make
sense for deployers to define some higher level variable that
will be used first or fallback to default variable.
Change-Id: Ib2928efaa35bd82f6e6f65fecf32cf8da2eb9f5d
This is necessary to use the new pip resolver
Depends-On: I6003a1004b6042a804ea142684b42b17f16d6da8
Change-Id: I06958da8881c93abde25c114d06943d777ea2b0a
This patch allows ironic-inspector to listen on host IP
rather than 0.0.0.0, as well as allows an existing Neutron-managed
inspection network to be used for inspection traffic.
Change-Id: I645857ad62954f08b160e5889f93dc1f6423def2
Even the most modest 4C/8T system would run with the maximum 16 processes
due to the calculation being VCPU*2.
We devide amount of CPUs to number of threads for hyperthreaded CPUs
Change-Id: I67c151181cc358b1adb2ee4dc7aab8fbff2c25ba
This patchset adds support for iPXE, which can speed up baremetal
provisioning considerably due to the use of HTTP versus TFTP.
Change-Id: I8b49ae37a0380cd7a2191f050a52c85cc373026b
Move it to the service setup host (defaults to utility[0]) instead
of the galera[0] host, and use galera_address (defaults to internal VIP)
as the endpoint instead of a local connection on the db host.
Change-Id: I87d61c619920a945c7a0b0887e3902f39f2b1b3c
We missed adding ironic-inspector to constraints which resulted
in installing always the latest avaialbe version in the pypi.
Depends-On: https://review.opendev.org/746931
Change-Id: I9a6e7273f752b6bdc1639be299e00933889b6cc9
This patch aims to add a prefix for memcached_server
on each role to give the ability for deployers to
override the location of memcached cluster. I.e users
wants to create a single memcached cluster with k8s
for each service.
We also add pymemcache based on [1]
[1] https://review.opendev.org/711429
Change-Id: I7e3b2835f1cee2525b02960e2b7e4ee238373bcc
1. There was an issue with pip packages not being installed when
inspector_hosts is not defined.
2. The db_setup task failed when inspector_hosts not defined because of
the condition.
Change-Id: I0ccd782ffd54322896559e5a6218ff532f3cae03
This commit enables and configures the Ironic Inspector. This feature
allows for baremetal nodes to be introspected. This provides useful
information about an Ironic host. Such information includes harware
and mac addresses.
Depends-On: https://review.opendev.org/680553
Change-Id: I2ee09d9cc20f9b8e4430c55129cd8bac9435299d
UcsSdk and ImcSdk are not compatible with Py3. This patch
removes them.
Depends-On: I9bbd3195a7b02a55e38207aa4bba182a6e58346c
Change-Id: I196d10c71a0b0966428a5dfbd6173f0ac4acce7b
Move service to use uWSGI role instead of iternal task for uwsgi
deployment. This aims to ease the maintenance of uWSGI and speedup
metal deployments as the same uwsgi environment will be used
across all services.
Change-Id: Ie79a7ba7d62504e9e81edbb386f8e52ce0a03074
This patch aims to migrate service from usage of regular syslog files
to journald. We also disable uwsgi logging, since it dublicates
requests that are logged by service itself.
Change-Id: Iaddb2c158a52d90025899d9bfa5576358bef92dd
This removes the systemd service templates and tasks from this role and
leverages a common systemd service role instead. This change removes a
lot of code duplication across all roles all without sacrificing
features or functionality. The intention of this change is to ensure
uniformity and reduce the maintenance burden on the community when
sweeping changes are needed. The exterior role is built to be OSA
compatible and may be pulled into tree should we deem it necessary.
Change-Id: I404639ae7ebd349d4a11fc5ce1ef3d2805833217
Removed the reference to netorigin as it will be taken out from openstack-ansible-plugins
Now using ansible 2.4's urlsplit filter as a replacement.
Change-Id: I4d8134e04d751e7506e21cd14424898c28200cb3
Related-Bug: #1820830
