Add IPv6 ci Job

Runs the BaremetalSingleTenant tempest test, which provisions
two nodes, with slaac addressing, all provisioning traffic e.g.
iPXE, ironic api traffic and iscsi happens over IPv6 on the
provisioning network. Nodes are then deployed onto a IPv6
tenant network, where tempest verifies connections between them
with ssh (again over IPv6).

Co-authored-by: Derek Higgins <derekh@redhat.com>
Depends-On: https://review.opendev.org/722663
Change-Id: Id928df1cbd1131427ab6a911856f48f18e67f7cf
This commit is contained in:
Julia Kreger 2020-04-28 17:19:26 +01:00 committed by Derek Higgins
parent 6f81f0303e
commit 17decbcb9b
4 changed files with 267 additions and 27 deletions

View File

@ -325,6 +325,9 @@ IRONIC_BIN_DIR=$(get_python_exec_prefix)
IRONIC_UWSGI_CONF=$IRONIC_CONF_DIR/ironic-uwsgi.ini IRONIC_UWSGI_CONF=$IRONIC_CONF_DIR/ironic-uwsgi.ini
IRONIC_UWSGI=$IRONIC_BIN_DIR/ironic-api-wsgi IRONIC_UWSGI=$IRONIC_BIN_DIR/ironic-api-wsgi
# Lets support IPv6 testing!
IRONIC_IP_VERSION=${IRONIC_IP_VERSION:-${IP_VERSION:-4}}
# Ironic connection info. Note the port must be specified. # Ironic connection info. Note the port must be specified.
if is_service_enabled tls-proxy; then if is_service_enabled tls-proxy; then
IRONIC_SERVICE_PROTOCOL=https IRONIC_SERVICE_PROTOCOL=https
@ -416,11 +419,44 @@ IRONIC_PROVISION_PROVIDER_NETWORK_TYPE=${IRONIC_PROVISION_PROVIDER_NETWORK_TYPE:
# This is only used if IRONIC_PROVISION_NETWORK_NAME has been set. # This is only used if IRONIC_PROVISION_NETWORK_NAME has been set.
IRONIC_PROVISION_SEGMENTATION_ID=${IRONIC_PROVISION_SEGMENTATION_ID:-} IRONIC_PROVISION_SEGMENTATION_ID=${IRONIC_PROVISION_SEGMENTATION_ID:-}
if [[ "$IRONIC_IP_VERSION" != '6' ]]; then
# NOTE(TheJulia): Lets not try and support mixed mode since the conductor
# can't support mixed mode operation. We are either IPv4 OR IPv6.
IRONIC_IP_VERSION='4'
# Allocation network pool for provision network # Allocation network pool for provision network
# Example: IRONIC_PROVISION_ALLOCATION_POOL=start=10.0.5.10,end=10.0.5.100 # Example: IRONIC_PROVISION_ALLOCATION_POOL=start=10.0.5.10,end=10.0.5.100
# This is only used if IRONIC_PROVISION_NETWORK_NAME has been set. # This is only used if IRONIC_PROVISION_NETWORK_NAME has been set.
IRONIC_PROVISION_ALLOCATION_POOL=${IRONIC_PROVISION_ALLOCATION_POOL:-'start=10.0.5.10,end=10.0.5.100'} IRONIC_PROVISION_ALLOCATION_POOL=${IRONIC_PROVISION_ALLOCATION_POOL:-'start=10.0.5.10,end=10.0.5.100'}
# With multinode case all ironic-conductors should have IP from provisioning network.
# IRONIC_PROVISION_SUBNET_GATEWAY - is configured on primary node.
# Ironic provision subnet gateway.
IRONIC_PROVISION_SUBNET_GATEWAY=${IRONIC_PROVISION_SUBNET_GATEWAY:-'10.0.5.1'}
IRONIC_PROVISION_SUBNET_SUBNODE_IP=${IRONIC_PROVISION_SUBNET_SUBNODE_IP:-'10.0.5.2'}
# Ironic provision subnet prefix
# Example: IRONIC_PROVISION_SUBNET_PREFIX=10.0.5.0/24
IRONIC_PROVISION_SUBNET_PREFIX=${IRONIC_PROVISION_SUBNET_PREFIX:-'10.0.5.0/24'}
else
IRONIC_IP_VERSION='6'
# NOTE(TheJulia): The IPv6 address devstack has identified is the
# local loopback. This does not really serve our purposes very
# well, so we need to setup something that will work.
if [[ "$HOST_IPV6" == '::1' ]] || [[ ! $HOST_IPV6 =~ "::" ]]; then
# We setup an address elsewhere because the service address of
# loopback cannot be used for v6 testing.
IRONIC_HOST_IPV6='fc00::1'
else
IRONIC_HOST_IPV6=$SERVICE_HOST
fi
IRONIC_PROVISION_SUBNET_GATEWAY=${IRONIC_PROVISION_SUBNET_GATEWAY:-'fc01::1'}
IRONIC_PROVISION_SUBNET_SUBNODE_IP=${IRONIC_PROVISION_SUBNET_SUBNODE_IP:-'fc01::2'}
IRONIC_PROVISION_SUBNET_PREFIX=${IRONIC_PROVISION_SUBNET_PREFIX:-'fc01::/64'}
IRONIC_TFTPSERVER_IP=$IRONIC_HOST_IPV6
fi
IRONIC_ROUTER_NAME=${Q_ROUTER_NAME:-router1}
# Ironic provision subnet name. # Ironic provision subnet name.
# This is only used if IRONIC_PROVISION_NETWORK_NAME has been set. # This is only used if IRONIC_PROVISION_NETWORK_NAME has been set.
IRONIC_PROVISION_PROVIDER_SUBNET_NAME=${IRONIC_PROVISION_PROVIDER_SUBNET_NAME:-${IRONIC_PROVISION_NETWORK_NAME}-subnet} IRONIC_PROVISION_PROVIDER_SUBNET_NAME=${IRONIC_PROVISION_PROVIDER_SUBNET_NAME:-${IRONIC_PROVISION_NETWORK_NAME}-subnet}
@ -446,6 +482,8 @@ IRONIC_PROVISION_SUBNET_SUBNODE_IP=${IRONIC_PROVISION_SUBNET_SUBNODE_IP:-'10.0.5
IRONIC_PROVISION_SUBNET_PREFIX=${IRONIC_PROVISION_SUBNET_PREFIX:-'10.0.5.0/24'} IRONIC_PROVISION_SUBNET_PREFIX=${IRONIC_PROVISION_SUBNET_PREFIX:-'10.0.5.0/24'}
if [[ "$HOST_TOPOLOGY_ROLE" == "primary" ]]; then if [[ "$HOST_TOPOLOGY_ROLE" == "primary" ]]; then
# Some CI jobs get triggered without a HOST_TOPOLOGY_ROLE
# If so, none of this logic is, or needs to be executed.
IRONIC_TFTPSERVER_IP=$IRONIC_PROVISION_SUBNET_GATEWAY IRONIC_TFTPSERVER_IP=$IRONIC_PROVISION_SUBNET_GATEWAY
IRONIC_HTTP_SERVER=$IRONIC_PROVISION_SUBNET_GATEWAY IRONIC_HTTP_SERVER=$IRONIC_PROVISION_SUBNET_GATEWAY
fi fi
@ -454,6 +492,8 @@ if [[ "$HOST_TOPOLOGY_ROLE" == "subnode" ]]; then
IRONIC_HTTP_SERVER=$IRONIC_PROVISION_SUBNET_SUBNODE_IP IRONIC_HTTP_SERVER=$IRONIC_PROVISION_SUBNET_SUBNODE_IP
fi fi
# NOTE(TheJulia): Last catch for this being set or not.
# should only work for v4.
IRONIC_HTTP_SERVER=${IRONIC_HTTP_SERVER:-$IRONIC_TFTPSERVER_IP} IRONIC_HTTP_SERVER=${IRONIC_HTTP_SERVER:-$IRONIC_TFTPSERVER_IP}
# Port that must be permitted for iSCSI connections to be # Port that must be permitted for iSCSI connections to be
@ -488,10 +528,19 @@ TEMPEST_BAREMETAL_MIN_MICROVERSION=${TEMPEST_BAREMETAL_MIN_MICROVERSION:-}
# Define baremetal max_microversion in tempest config. No default value means that it is picked from tempest. # Define baremetal max_microversion in tempest config. No default value means that it is picked from tempest.
TEMPEST_BAREMETAL_MAX_MICROVERSION=${TEMPEST_BAREMETAL_MAX_MICROVERSION:-} TEMPEST_BAREMETAL_MAX_MICROVERSION=${TEMPEST_BAREMETAL_MAX_MICROVERSION:-}
# TODO(TheJulia): This PHYSICAL_NETWORK needs to be refactored in
# our devstack plugin. It is used by the neutron-legacy integration,
# however they want to name the new variable for the current neutron
# plugin NEUTRON_PHYSICAL_NETWORK. For now we'll do some magic and
# change it later once we migrate our jobs.
PHYSICAL_NETWORK=${NEUTRON_PHYSICAL_NETWORK:-${PHYSICAL_NETWORK:-}}
# get_pxe_boot_file() - Get the PXE/iPXE boot file path # get_pxe_boot_file() - Get the PXE/iPXE boot file path
function get_pxe_boot_file { function get_pxe_boot_file {
local pxe_boot_file local pxe_boot_file
if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
# TODO(TheJulia): This is not UEFI safe.
if is_ubuntu; then if is_ubuntu; then
pxe_boot_file=/usr/lib/ipxe/undionly.kpxe pxe_boot_file=/usr/lib/ipxe/undionly.kpxe
elif is_fedora || is_suse; then elif is_fedora || is_suse; then
@ -1200,6 +1249,33 @@ function configure_ironic_rescue_network {
} }
function configure_ironic_provision_network { function configure_ironic_provision_network {
if [[ "$IP_VERSION" == "6" ]]; then
# NOTE(TheJulia): Ideally we should let this happen
# with our global address, but iPXE seems to have in
# consistant behavior in this configuration with devstack.
# so we will setup a dummy interface and use that.
sudo ip link add magicv6 type dummy
sudo ip link set dev magicv6 up
sudo ip -6 addr add $IRONIC_HOST_IPV6/64 dev magicv6
fi
if is_service_enabled neutron-api; then
if [[ "$IRONIC_IP_VERSION" == "6" ]]; then
sudo sysctl -w net.ipv6.conf.all.proxy_ndp=1
configure_neutron_l3_lower_v6_ra
fi
# Neutron agent needs to be pre-configured before proceeding down the
# path of configuring the provision network. This was done for us in
# the legacy neutron code.
neutron_plugin_configure_plugin_agent
# This prior step updates configuration related to physnet mappings,
# and we must restart neutron as a result
stop_neutron
sleep 15
# By default, upon start, neutron tries to create the networks...
NEUTRON_CREATE_INITIAL_NETWORKS=False
start_neutron_api
start_neutron
fi
# This is only called if IRONIC_PROVISION_NETWORK_NAME has been set and # This is only called if IRONIC_PROVISION_NETWORK_NAME has been set and
# means we are using multi-tenant networking. # means we are using multi-tenant networking.
local net_id local net_id
@ -1225,12 +1301,28 @@ function configure_ironic_provision_network {
fi fi
local subnet_id local subnet_id
if [[ "$IRONIC_IP_VERSION" == '4' ]]; then
subnet_id="$(openstack subnet create --ip-version 4 \ subnet_id="$(openstack subnet create --ip-version 4 \
${IRONIC_PROVISION_ALLOCATION_POOL:+--allocation-pool $IRONIC_PROVISION_ALLOCATION_POOL} \ ${IRONIC_PROVISION_ALLOCATION_POOL:+--allocation-pool $IRONIC_PROVISION_ALLOCATION_POOL} \
${net_segment_id:+--network-segment $net_segment_id} \ ${net_segment_id:+--network-segment $net_segment_id} \
$IRONIC_PROVISION_PROVIDER_SUBNET_NAME \ $IRONIC_PROVISION_PROVIDER_SUBNET_NAME \
--gateway $IRONIC_PROVISION_SUBNET_GATEWAY --network $net_id \ --gateway $IRONIC_PROVISION_SUBNET_GATEWAY --network $net_id \
--subnet-range $IRONIC_PROVISION_SUBNET_PREFIX -f value -c id)" --subnet-range $IRONIC_PROVISION_SUBNET_PREFIX -f value -c id)"
else
subnet_id="$(openstack subnet create --ip-version 6 \
--ipv6-address-mode dhcpv6-stateful \
--ipv6-ra-mode dhcpv6-stateful \
--dns-nameserver 2001:4860:4860::8888 \
${net_segment_id:+--network-segment $net_segment_id} \
$IRONIC_PROVISION_PROVIDER_SUBNET_NAME \
--gateway $IRONIC_PROVISION_SUBNET_GATEWAY --network $net_id \
--subnet-range $IRONIC_PROVISION_SUBNET_PREFIX -f value -c id)"
# NOTE(TheJulia): router must be attached to the subnet for RAs.
openstack router add subnet $IRONIC_ROUTER_NAME $subnet_id
# We're going to be using this router of public access to tenant networks
PUBLIC_ROUTER_ID=$(openstack router show -c id -f value $IRONIC_ROUTER_NAME)
fi
die_if_not_set $LINENO subnet_id "Failure creating SUBNET_ID for $IRONIC_PROVISION_NETWORK_NAME" die_if_not_set $LINENO subnet_id "Failure creating SUBNET_ID for $IRONIC_PROVISION_NETWORK_NAME"
@ -1246,14 +1338,22 @@ function configure_ironic_provision_network {
# Set provision network GW on physical interface # Set provision network GW on physical interface
# Add vlan on br interface in case of IRONIC_PROVISION_PROVIDER_NETWORK_TYPE==vlan # Add vlan on br interface in case of IRONIC_PROVISION_PROVIDER_NETWORK_TYPE==vlan
# othervise assign ip to br interface directly. # othervise assign ip to br interface directly.
sudo ip link set dev $OVS_PHYSICAL_BRIDGE up
if [[ "$IRONIC_IP_VERSION" == "4" ]]; then
if [[ "$IRONIC_PROVISION_PROVIDER_NETWORK_TYPE" == "vlan" ]]; then if [[ "$IRONIC_PROVISION_PROVIDER_NETWORK_TYPE" == "vlan" ]]; then
sudo ip link add link $OVS_PHYSICAL_BRIDGE name $OVS_PHYSICAL_BRIDGE.$IRONIC_PROVISION_SEGMENTATION_ID type vlan id $IRONIC_PROVISION_SEGMENTATION_ID sudo ip link add link $OVS_PHYSICAL_BRIDGE name $OVS_PHYSICAL_BRIDGE.$IRONIC_PROVISION_SEGMENTATION_ID type vlan id $IRONIC_PROVISION_SEGMENTATION_ID
sudo ip link set dev $OVS_PHYSICAL_BRIDGE up
sudo ip link set dev $OVS_PHYSICAL_BRIDGE.$IRONIC_PROVISION_SEGMENTATION_ID up sudo ip link set dev $OVS_PHYSICAL_BRIDGE.$IRONIC_PROVISION_SEGMENTATION_ID up
sudo ip addr add dev $OVS_PHYSICAL_BRIDGE.$IRONIC_PROVISION_SEGMENTATION_ID $ironic_provision_network_ip/$provision_net_prefix sudo ip -$IRONIC_IP_VERSION addr add dev $OVS_PHYSICAL_BRIDGE.$IRONIC_PROVISION_SEGMENTATION_ID $ironic_provision_network_ip/$provision_net_prefix
else else
sudo ip link set dev $OVS_PHYSICAL_BRIDGE up sudo ip -$IRONIC_IP_VERSION addr add dev $OVS_PHYSICAL_BRIDGE $ironic_provision_network_ip/$provision_net_prefix
sudo ip addr add dev $OVS_PHYSICAL_BRIDGE $ironic_provision_network_ip/$provision_net_prefix fi
else
# Turn on the external/integration bridges, for IPV6.
sudo ip link set dev br-ex up
sudo ip link set dev br-int up
sudo ip6tables -I FORWARD -i brbm -j LOG || true
sudo ip6tables -I FORWARD -i br-ex -j LOG || true
fi fi
iniset $IRONIC_CONF_FILE neutron provisioning_network $IRONIC_PROVISION_NETWORK_NAME iniset $IRONIC_CONF_FILE neutron provisioning_network $IRONIC_PROVISION_NETWORK_NAME
@ -1269,6 +1369,10 @@ function cleanup_ironic_provision_network {
done done
} }
function configure_neutron_l3_lower_v6_ra {
iniset $Q_L3_CONF_FILE DEFAULT min_rtr_adv_interval 5
}
# configure_ironic() - Set config files, create data dirs, etc # configure_ironic() - Set config files, create data dirs, etc
function configure_ironic { function configure_ironic {
configure_ironic_dirs configure_ironic_dirs
@ -1303,6 +1407,9 @@ function configure_ironic {
iniset_rpc_backend ironic $IRONIC_CONF_FILE iniset_rpc_backend ironic $IRONIC_CONF_FILE
fi fi
# Set IP version
iniset $IRONIC_CONF_FILE pxe ip_version $IRONIC_IP_VERSION
# Configure Ironic conductor, if it was enabled. # Configure Ironic conductor, if it was enabled.
if is_service_enabled ir-cond; then if is_service_enabled ir-cond; then
configure_ironic_conductor configure_ironic_conductor
@ -1512,11 +1619,15 @@ function configure_ironic_conductor {
fi fi
iniset $IRONIC_CONF_FILE DEFAULT rootwrap_config $IRONIC_ROOTWRAP_CONF iniset $IRONIC_CONF_FILE DEFAULT rootwrap_config $IRONIC_ROOTWRAP_CONF
iniset $IRONIC_CONF_FILE conductor api_url $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT iniset $IRONIC_CONF_FILE service_catalog endpoint_override "$IRONIC_SERVICE_PROTOCOL://$([[ $IRONIC_HTTP_SERVER =~ : ]] && echo "[$IRONIC_HTTP_SERVER]" || echo $IRONIC_HTTP_SERVER)/baremetal"
if [[ -n "$IRONIC_CALLBACK_TIMEOUT" ]]; then if [[ -n "$IRONIC_CALLBACK_TIMEOUT" ]]; then
iniset $IRONIC_CONF_FILE conductor deploy_callback_timeout $IRONIC_CALLBACK_TIMEOUT iniset $IRONIC_CONF_FILE conductor deploy_callback_timeout $IRONIC_CALLBACK_TIMEOUT
fi fi
if [[ "$IRONIC_IP_VERSION" == "6" ]]; then
iniset $IRONIC_CONF_FILE pxe tftp_server $IRONIC_HOST_IPV6
else
iniset $IRONIC_CONF_FILE pxe tftp_server $IRONIC_TFTPSERVER_IP iniset $IRONIC_CONF_FILE pxe tftp_server $IRONIC_TFTPSERVER_IP
fi
iniset $IRONIC_CONF_FILE pxe tftp_root $IRONIC_TFTPBOOT_DIR iniset $IRONIC_CONF_FILE pxe tftp_root $IRONIC_TFTPBOOT_DIR
iniset $IRONIC_CONF_FILE pxe tftp_master_path $IRONIC_TFTPBOOT_DIR/master_images iniset $IRONIC_CONF_FILE pxe tftp_master_path $IRONIC_TFTPBOOT_DIR/master_images
if [[ -n "$IRONIC_PXE_BOOT_RETRY_TIMEOUT" ]]; then if [[ -n "$IRONIC_PXE_BOOT_RETRY_TIMEOUT" ]]; then
@ -1592,7 +1703,7 @@ function configure_ironic_conductor {
iniset $IRONIC_CONF_FILE pxe uefi_pxe_config_template '$pybasedir/drivers/modules/ipxe_config.template' iniset $IRONIC_CONF_FILE pxe uefi_pxe_config_template '$pybasedir/drivers/modules/ipxe_config.template'
iniset $IRONIC_CONF_FILE pxe uefi_pxe_bootfile_name $uefipxebin iniset $IRONIC_CONF_FILE pxe uefi_pxe_bootfile_name $uefipxebin
iniset $IRONIC_CONF_FILE deploy http_root $IRONIC_HTTP_DIR iniset $IRONIC_CONF_FILE deploy http_root $IRONIC_HTTP_DIR
iniset $IRONIC_CONF_FILE deploy http_url "http://$IRONIC_HTTP_SERVER:$IRONIC_HTTP_PORT" iniset $IRONIC_CONF_FILE deploy http_url "http://$([[ $IRONIC_HTTP_SERVER =~ : ]] && echo "[$IRONIC_HTTP_SERVER]" || echo $IRONIC_HTTP_SERVER):$IRONIC_HTTP_PORT"
if [[ "$IRONIC_IPXE_USE_SWIFT" == "True" ]]; then if [[ "$IRONIC_IPXE_USE_SWIFT" == "True" ]]; then
iniset $IRONIC_CONF_FILE pxe ipxe_use_swift True iniset $IRONIC_CONF_FILE pxe ipxe_use_swift True
fi fi
@ -1933,18 +2044,40 @@ SUBSHELL
# Add route here to have connection to VMs during provisioning. # Add route here to have connection to VMs during provisioning.
local pub_router_id local pub_router_id
local r_net_gateway local r_net_gateway
pub_router_id=$(openstack router show $Q_ROUTER_NAME -f value -c id) local dns_server
r_net_gateway=$(sudo ip netns exec qrouter-$pub_router_id ip -4 route get 8.8.8.8 |grep dev | awk '{print $7}') local replace_range
local replace_range=${SUBNETPOOL_PREFIX_V4} if [[ "$IRONIC_IP_VERSION" == '4' ]]; then
dns_server="8.8.8.8"
if [[ -z "${SUBNETPOOL_V4_ID}" ]]; then if [[ -z "${SUBNETPOOL_V4_ID}" ]]; then
replace_range=${FIXED_RANGE} replace_range=${FIXED_RANGE}
else
replace_range=${SUBNETPOOL_PREFIX_V4}
fi fi
else
dns_server="2001:4860:4860::8888"
if [[ -z "${SUBNETPOOL_V6_ID}" ]]; then
replace_range=${FIXED_RANGE_V6}
else
replace_range=${SUBNETPOOL_PREFIX_V6}
fi
fi
pub_router_id=$(openstack router show $Q_ROUTER_NAME -f value -c id)
# Select the text starting at "src ", and grabbing the following field.
r_net_gateway=$(sudo ip netns exec qrouter-$pub_router_id ip -$IRONIC_IP_VERSION route get $dns_server |grep dev | sed s/^.*src\ // |awk '{ print $1 }')
sudo ip route replace $replace_range via $r_net_gateway sudo ip route replace $replace_range via $r_net_gateway
fi fi
# Here is a good place to restart tcpdump to begin capturing packets. # Here is a good place to restart tcpdump to begin capturing packets.
# See: https://docs.openstack.org/devstack/latest/debugging.html # See: https://docs.openstack.org/devstack/latest/debugging.html
# stop_tcpdump # stop_tcpdump
# start_tcpdump # start_tcpdump
if [[ "$IRONIC_IP_VERSION" == "6" ]]; then
# route us back through the neutron router!
sudo ip -6 route add $IRONIC_PROVISION_SUBNET_PREFIX via $IPV6_ROUTER_GW_IP
sudo ip link set dev br-ex up || true
# Route back to our test subnet. Static should be safe for a while.
sudo ip -6 route add fd00::/8 via $IPV6_ROUTER_GW_IP
fi
} }
function wait_for_nova_resources { function wait_for_nova_resources {
@ -2389,13 +2522,22 @@ function configure_iptables {
die_if_module_not_loaded nf_conntrack_tftp die_if_module_not_loaded nf_conntrack_tftp
die_if_module_not_loaded nf_nat_tftp die_if_module_not_loaded nf_nat_tftp
fi fi
################ NETWORK DHCP
# explicitly allow DHCP - packets are occasionally being dropped here # explicitly allow DHCP - packets are occasionally being dropped here
sudo iptables -I INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT || true sudo iptables -I INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT || true
# nodes boot from TFTP and callback to the API server listening on $HOST_IP # nodes boot from TFTP and callback to the API server listening on $HOST_IP
sudo iptables -I INPUT -d $IRONIC_TFTPSERVER_IP -p udp --dport 69 -j ACCEPT || true sudo iptables -I INPUT -d $IRONIC_TFTPSERVER_IP -p udp --dport 69 -j ACCEPT || true
# dhcpv6 which is the only way to transmit boot options
sudo ip6tables -I INPUT -d $IRONIC_HOST_IPV6 -p udp --dport 546:547 --sport 546:547 -j ACCEPT || true
sudo ip6tables -I INPUT -d $IRONIC_HOST_IPV6 -p udp --dport 69 -j ACCEPT || true
################ Webserver/API
# To use named /baremetal endpoint we should open default apache port # To use named /baremetal endpoint we should open default apache port
if [[ "$IRONIC_USE_WSGI" == "False" ]]; then if [[ "$IRONIC_USE_WSGI" == "False" ]]; then
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
sudo ip6tables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
# open ironic API on baremetal network # open ironic API on baremetal network
sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
# allow IPA to connect to ironic API on subnode # allow IPA to connect to ironic API on subnode
@ -2405,7 +2547,9 @@ function configure_iptables {
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 443 -j ACCEPT || true sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 443 -j ACCEPT || true
# open ironic API on baremetal network # open ironic API on baremetal network
sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport 80 -j ACCEPT || true sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport 80 -j ACCEPT || true
sudo ip6tables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport 80 -j ACCEPT || true
sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport 443 -j ACCEPT || true sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport 443 -j ACCEPT || true
sudo ip6tables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport 443 -j ACCEPT || true
fi fi
if is_deployed_by_agent; then if is_deployed_by_agent; then
# agent ramdisk gets instance image from swift # agent ramdisk gets instance image from swift
@ -2415,6 +2559,7 @@ function configure_iptables {
if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport $IRONIC_HTTP_PORT -j ACCEPT || true sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport $IRONIC_HTTP_PORT -j ACCEPT || true
sudo ip6tables -I INPUT -d $IRONIC_HOST_IPV6 -p tcp --dport $IRONIC_HTTP_PORT -j ACCEPT || true
fi fi
if [[ "${IRONIC_STORAGE_INTERFACE}" == "cinder" ]]; then if [[ "${IRONIC_STORAGE_INTERFACE}" == "cinder" ]]; then
@ -2426,6 +2571,7 @@ function configure_iptables {
qrouter=$(sudo ip netns list | grep qrouter | awk '{print $1;}') qrouter=$(sudo ip netns list | grep qrouter | awk '{print $1;}')
if [[ ! -z "$qrouter" ]]; then if [[ ! -z "$qrouter" ]]; then
sudo ip netns exec $qrouter /sbin/iptables -A PREROUTING -t raw -p udp --dport 69 -j CT --helper tftp sudo ip netns exec $qrouter /sbin/iptables -A PREROUTING -t raw -p udp --dport 69 -j CT --helper tftp
sudo ip netns exec $qrouter /sbin/ip6tables -A PREROUTING -t raw -p udp --dport 69 -j CT --helper tftp || true
fi fi
} }
@ -2436,7 +2582,9 @@ function configure_tftpd {
sudo cp $IRONIC_TEMPLATES_DIR/tftpd-xinetd.template /etc/xinetd.d/tftp sudo cp $IRONIC_TEMPLATES_DIR/tftpd-xinetd.template /etc/xinetd.d/tftp
sudo sed -e "s|%TFTPBOOT_DIR%|$IRONIC_TFTPBOOT_DIR|g" -i /etc/xinetd.d/tftp sudo sed -e "s|%TFTPBOOT_DIR%|$IRONIC_TFTPBOOT_DIR|g" -i /etc/xinetd.d/tftp
sudo sed -e "s|%MAX_BLOCKSIZE%|$IRONIC_TFTP_BLOCKSIZE|g" -i /etc/xinetd.d/tftp sudo sed -e "s|%MAX_BLOCKSIZE%|$IRONIC_TFTP_BLOCKSIZE|g" -i /etc/xinetd.d/tftp
if [[ "$IRONIC_IP_VERSION" == '6' ]]; then
sudo sed -e "s|IPv4|IPv6|g" -i /etc/xinetd.d/tftp
fi
# setup tftp file mapping to satisfy requests at the root (booting) and # setup tftp file mapping to satisfy requests at the root (booting) and
# /tftpboot/ sub-dir (as per deploy-ironic elements) # /tftpboot/ sub-dir (as per deploy-ironic elements)
# this section is only for ubuntu and fedora # this section is only for ubuntu and fedora
@ -2814,6 +2962,23 @@ function ironic_configure_tempest {
if [[ -n "$IRONIC_PING_TIMEOUT" ]]; then if [[ -n "$IRONIC_PING_TIMEOUT" ]]; then
iniset $TEMPEST_CONFIG validation ping_timeout $IRONIC_PING_TIMEOUT iniset $TEMPEST_CONFIG validation ping_timeout $IRONIC_PING_TIMEOUT
fi fi
if [[ -n "$IRONIC_IP_VERSION" ]]; then
iniset $TEMPEST_CONFIG validation ip_version_for_ssh $IRONIC_IP_VERSION
fi
if [[ "$IRONIC_IP_VERSION" == "6" ]]; then
# No FIPs in V6 and we dynamically create networks...
# network_for_ssh is defaulted to public
iniset $TEMPEST_CONFIG validation network_for_ssh
iniset $TEMPEST_CONFIG validation connect_method fixed
iniset $TEMPEST_CONFIG network ipv6-private-subnet
if [ -n "${PUBLIC_ROUTER_ID:-}" ] ; then
# For IPv6 tempest is going to use a precreated router for
# access to the tenant networks (as we have set up routes to it)
# it needs to know the ID of the router and be admin to attach to it
iniset $TEMPEST_CONFIG network public_router_id $PUBLIC_ROUTER_ID
iniset $TEMPEST_CONFIG auth tempest_roles "admin"
fi
fi
if is_service_enabled nova; then if is_service_enabled nova; then
local bm_flavor_id local bm_flavor_id
@ -2856,7 +3021,11 @@ function ironic_configure_tempest {
iniset $TEMPEST_CONFIG baremetal partition_image_ref $image_uuid iniset $TEMPEST_CONFIG baremetal partition_image_ref $image_uuid
fi fi
if [[ "$IRONIC_IP_VERSION" == "6" ]]; then
iniset $TEMPEST_CONFIG baremetal whole_disk_image_url "http://$IRONIC_HOST_IPV6:$IRONIC_HTTP_PORT/${IRONIC_WHOLEDISK_IMAGE_NAME}.img"
else
iniset $TEMPEST_CONFIG baremetal whole_disk_image_url "http://$IRONIC_HTTP_SERVER:$IRONIC_HTTP_PORT/${IRONIC_WHOLEDISK_IMAGE_NAME}.img" iniset $TEMPEST_CONFIG baremetal whole_disk_image_url "http://$IRONIC_HTTP_SERVER:$IRONIC_HTTP_PORT/${IRONIC_WHOLEDISK_IMAGE_NAME}.img"
fi
iniset $TEMPEST_CONFIG baremetal whole_disk_image_checksum $(md5sum $FILES/${IRONIC_WHOLEDISK_IMAGE_NAME}.img) iniset $TEMPEST_CONFIG baremetal whole_disk_image_checksum $(md5sum $FILES/${IRONIC_WHOLEDISK_IMAGE_NAME}.img)
# NOTE(dtantsur): keep this option here until the defaults change in # NOTE(dtantsur): keep this option here until the defaults change in

View File

@ -36,6 +36,7 @@ if is_service_enabled ir-api ir-cond; then
if [[ "$IRONIC_BAREMETAL_BASIC_OPS" == "True" && "$IRONIC_IS_HARDWARE" == "False" ]]; then if [[ "$IRONIC_BAREMETAL_BASIC_OPS" == "True" && "$IRONIC_IS_HARDWARE" == "False" ]]; then
echo_summary "Precreating bridge: $IRONIC_VM_NETWORK_BRIDGE" echo_summary "Precreating bridge: $IRONIC_VM_NETWORK_BRIDGE"
install_package openvswitch-switch
sudo ovs-vsctl -- --may-exist add-br $IRONIC_VM_NETWORK_BRIDGE sudo ovs-vsctl -- --may-exist add-br $IRONIC_VM_NETWORK_BRIDGE
fi fi

View File

@ -682,6 +682,74 @@
SWIFT_ENABLE_TEMPURLS: True SWIFT_ENABLE_TEMPURLS: True
SWIFT_TEMPURL_KEY: secretkey SWIFT_TEMPURL_KEY: secretkey
- job:
name: ironic-tempest-ipxe-ipv6
description: ironic-tempest-ipxe-ipv6
parent: ironic-base
required-projects:
- openstack/networking-generic-switch
vars:
tempest_test_timeout: 2400
devstack_services:
# NOTE(TheJulia): It seems our devstack plugin does not play well
# with multitenancy and the newer neutron service names.
neutron: True
neutron-api: True
neutron-agent: True
neutron-dhcp: True
neutron-l3: True
neutron-metadata-agent: False
neutron-metering: False
q-agt: False
q-dhcp: False
q-l3: False
q-meta: False
q-metering: False
q-svc: False
swift: True
devstack_plugins:
ironic: git://git.openstack.org/openstack/ironic
networking-generic-switch: git://git.openstack.org/openstack/networking-generic-switch
# NOTE(TheJulia): Nova default behavior is to rely upon stack defaults, v6 needs to
# be explicit. This is the best place to wire it in.
tempest_test_regex: BaremetalSingleTenant
devstack_localrc:
IRONIC_AGENT_IMAGE_DOWNLOAD_SOURCE: http
IPV6_ENABLED: True
IP_VERSION: 6
SERVICE_IP_VERSION: 6
IRONIC_AUTOMATED_CLEAN_ENABLED: False
IRONIC_ENABLED_BOOT_INTERFACES: ipxe,pxe
IRONIC_DEFAULT_BOOT_INTERFACE: ipxe
IRONIC_IPXE_ENABLED: True
IRONIC_PROVISION_NETWORK_NAME: ironic-provision
OVS_PHYSICAL_BRIDGE: brbm
NEUTRON_PHYSICAL_NETWORK: mynetwork
NEUTRON_TENANT_VLAN_RANGE: 100:150
IRONIC_ENABLED_NETWORK_INTERFACES: flat,neutron
IRONIC_NETWORK_INTERFACE: neutron
IRONIC_DEFAILT_DEPLOY_INTERFACE: direct
IRONIC_DEFAILT_RESCUE_INTERFACE: no-rescue
IRONIC_USE_LINK_LOCAL: True
IRONIC_TEMPEST_WHOLE_DISK_IMAGE: True
IRONIC_VM_EPHEMERAL_DISK: 0
# This will swap and needs to get to tinycore soon.
IRONIC_VM_COUNT: 2
IRONIC_VM_SPECS_RAM: 2048
IRONIC_VM_SPECS_CPU: 2
Q_PLUGIN: ml2
ENABLE_TENANT_VLANS: True
Q_ML2_TENANT_NETWORK_TYPE: vlan
NEUTRON_TENANT_NETWORK_TYPE: vlan
OVS_BRIDGE_MAPPINGS: "public:br-ex,mynetwork:brbm"
USE_PROVIDER_NETWORKING: True
PUBLIC_PHYSICAL_NETWORK: public
PUBLIC_PROVIDERNET_TYPE: flat
Q_USE_PROVIDERNET_FOR_PUBLIC: True
BUILD_TIMEOUT: 1440
IRONIC_TEMPEST_BUILD_TIMEOUT: 1440
IRONIC_PING_TIMEOUT: 1440
# NOTE(rpittau): OLD TINYIPA JOBS # NOTE(rpittau): OLD TINYIPA JOBS
# Those jobs are used by other projects, we leave them here until # Those jobs are used by other projects, we leave them here until
# we can convert them to dib. # we can convert them to dib.

View File

@ -45,6 +45,8 @@
voting: false voting: false
- ironic-tempest-pxe_ipmitool-postgres: - ironic-tempest-pxe_ipmitool-postgres:
voting: false voting: false
- ironic-tempest-ipxe-ipv6:
voting: false
gate: gate:
queue: ironic queue: ironic
jobs: jobs: