Setup ansible interface in devstack
- enable ansible deploy interface - install Ansible version from driver-requirements.txt - generate private SSH key to use by Ansible (if absent) - add the public ssh key to the tinyipa image during (re)build By default nodes are not enrolled with it, as they will be assigned this driver/interface in standalone tests. For local development, nodes can be enrolled by setting IRONIC_DEFAULT_DEPLOY_INTERFACE=ansible in local.conf and enabling 'ansible' deploy interface in the IRONIC_ENABLED_DEPLOY_INTERFACES variable. Change-Id: I12c1727c3ded13c381852334cb54e5e976154e98
This commit is contained in:
parent
bf8cb05aa4
commit
fbcc4df961
@ -488,6 +488,29 @@ IRONIC_CLEANING_TIMEOUT=${IRONIC_CLEANING_TIMEOUT:-900}
|
||||
IRONIC_CLEANING_DELAY=10
|
||||
IRONIC_CLEANING_ATTEMPTS=$(( $IRONIC_CLEANING_TIMEOUT / $IRONIC_CLEANING_DELAY ))
|
||||
|
||||
# Username to use by Ansible to access ramdisk,
|
||||
# to be set as '[ansible]/default_username' option.
|
||||
# If not set here (default), will be set to 'tc' for TinyIPA ramdisk,
|
||||
# for other ramdisks it must be either provided here,
|
||||
# or set manually per-node via ironic API
|
||||
IRONIC_ANSIBLE_SSH_USER=${IRONIC_ANSIBLE_SSH_USER:-}
|
||||
# Path to the private SSH key to use by ansible deploy interface
|
||||
# that will be set as '[ansible]/default_key_file' option in config.
|
||||
# The public key path is assumed to be ${IRONIC_ANSIBLE_SSH_KEY}.pub
|
||||
# and will be used when rebuilding the image to include this public key
|
||||
# in ~/.ssh/authorized_keys of a $IRONIC_ANSIBLE_SSH_USER in the ramdisk.
|
||||
# Only the TinyIPA ramdisks are currently supported for such rebuild.
|
||||
# For TinyIPA ramdisks, if the specified file doesn't exist, it will
|
||||
# be created and will contain a new RSA passwordless key. We assume
|
||||
# that the directories in the path to this file exist and are
|
||||
# writable.
|
||||
# For other ramdisk types, make sure the corresponding public key is baked into
|
||||
# the ramdisk to be used by DevStack and provide the path to the private key here,
|
||||
# or set it manually per node via ironic API.
|
||||
# FIXME(pas-ha) auto-generated keys currently won't work for multi-node
|
||||
# DevStack deployment, as we do not distribute this generated key to subnodes yet.
|
||||
IRONIC_ANSIBLE_SSH_KEY=${IRONIC_ANSIBLE_SSH_KEY:-$IRONIC_DATA_DIR/ansible_ssh_key}
|
||||
|
||||
# Functions
|
||||
# ---------
|
||||
|
||||
@ -534,7 +557,7 @@ function is_ironic_enabled {
|
||||
}
|
||||
|
||||
function is_deployed_by_agent {
|
||||
[[ -z "${IRONIC_DEPLOY_DRIVER%%agent*}" ]] && return 0
|
||||
[[ -z "${IRONIC_DEPLOY_DRIVER%%agent*}" || "$IRONIC_DEFAULT_DEPLOY_INTERFACE" == 'direct' ]] && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
@ -582,8 +605,20 @@ function is_drac_enabled {
|
||||
return 1
|
||||
}
|
||||
|
||||
function is_ansible_deploy_enabled {
|
||||
[[ -z "${IRONIC_ENABLED_DEPLOY_INTERFACES%%*ansible*}" ]] && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
function is_ansible_with_tinyipa {
|
||||
# NOTE(pas-ha) we support rebuilding the ramdisk to include (generated) SSH keys
|
||||
# as needed for ansible deploy interface only for TinyIPA ramdisks for now
|
||||
is_ansible_deploy_enabled && [[ "$IRONIC_RAMDISK_TYPE" == "tinyipa" ]] && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
function is_glance_configuration_required {
|
||||
is_deployed_by_agent || [[ "$IRONIC_CONFIGURE_GLANCE_WITH_SWIFT" == "True" ]] && return 0
|
||||
is_deployed_by_agent || is_ansible_deploy_enabled || [[ "$IRONIC_CONFIGURE_GLANCE_WITH_SWIFT" == "True" ]] && return 0
|
||||
return 1
|
||||
}
|
||||
|
||||
@ -601,6 +636,15 @@ if is_deployed_by_redfish && [[ "$IRONIC_ENABLED_HARDWARE_TYPES" != *"redfish"*
|
||||
"for DevStack"
|
||||
fi
|
||||
|
||||
# Assert that for non-TynyIPA ramdisks and Ansible, the private SSH key file to use exists.
|
||||
if is_ansible_deploy_enabled && [[ "$IRONIC_RAMDISK_TYPE" != "tinyipa" ]]; then
|
||||
if [[ ! -f $IRONIC_ANSIBLE_SSH_KEY ]]; then
|
||||
die $LINENO "Using non-TinyIPA ramdisks with ansible deploy interface" \
|
||||
"requires setting IRONIC_ANSIBLE_SSH_KEY to existing"\
|
||||
"private SSH key file to be used by Ansible."
|
||||
fi
|
||||
fi
|
||||
|
||||
# Syslinux >= 5.00 pxelinux.0 binary is not "stand-alone" anymore,
|
||||
# it depends on some c32 modules to work correctly.
|
||||
# More info: http://www.syslinux.org/wiki/index.php/Library_modules
|
||||
@ -784,6 +828,10 @@ function install_ironic {
|
||||
if is_drac_enabled; then
|
||||
pip_install python-dracclient
|
||||
fi
|
||||
|
||||
if is_ansible_deploy_enabled; then
|
||||
pip_install "$(grep '^ansible' $IRONIC_DIR/driver-requirements.txt | awk '{print $1}')"
|
||||
fi
|
||||
}
|
||||
|
||||
# install_ironicclient() - Collect sources and prepare
|
||||
@ -1142,6 +1190,32 @@ function configure_ironic_conductor {
|
||||
iniset $IRONIC_CONF_FILE DEFAULT enabled_management_interfaces "redfish"
|
||||
fi
|
||||
|
||||
if is_ansible_deploy_enabled; then
|
||||
if is_ansible_with_tinyipa; then
|
||||
if [[ ! -f $IRONIC_ANSIBLE_SSH_KEY ]]; then
|
||||
# generate ssh key if absent as we will rebuild the ramdisk
|
||||
# TODO(pas-ha) make it work for multi-node DevStack:
|
||||
# - generate outside of this script
|
||||
# - pass path in as $IRONIC_ANSIBLE_SSH_KEY
|
||||
# - distribute private key to subnodes under the same path
|
||||
# Similar to what we do for n-g-s, may be even re-use its key.
|
||||
ssh-keygen -t rsa -N '' -f $IRONIC_ANSIBLE_SSH_KEY
|
||||
chmod 600 $IRONIC_ANSIBLE_SSH_KEY
|
||||
fi
|
||||
if [[ -z $IRONIC_ANSIBLE_SSH_USER ]]; then
|
||||
# we definitely know the default username to use for TinyIPA image
|
||||
IRONIC_ANSIBLE_SSH_USER='tc'
|
||||
fi
|
||||
fi
|
||||
iniset $IRONIC_CONF_FILE ansible default_key_file $IRONIC_ANSIBLE_SSH_KEY
|
||||
if [[ -n $IRONIC_ANSIBLE_SSH_USER ]]; then
|
||||
iniset $IRONIC_CONF_FILE ansible default_username $IRONIC_ANSIBLE_SSH_USER
|
||||
fi
|
||||
# TODO(pas-ha) find a way to include the CA bundle into the image during rebuild,
|
||||
# at least for the tinyipa ramdisk
|
||||
iniset $IRONIC_CONF_FILE ansible image_store_insecure "True"
|
||||
fi
|
||||
|
||||
iniset $IRONIC_CONF_FILE DEFAULT rootwrap_config $IRONIC_ROOTWRAP_CONF
|
||||
iniset $IRONIC_CONF_FILE conductor api_url $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT
|
||||
if [[ -n "$IRONIC_CALLBACK_TIMEOUT" ]]; then
|
||||
@ -1997,6 +2071,10 @@ function build_tinyipa_ramdisk {
|
||||
git_clone $IRONIC_PYTHON_AGENT_REPO $IRONIC_PYTHON_AGENT_DIR $IRONIC_PYTHON_AGENT_BRANCH
|
||||
cd $IRONIC_PYTHON_AGENT_DIR/imagebuild/tinyipa
|
||||
export BUILD_AND_INSTALL_TINYIPA=true
|
||||
if is_ansible_deploy_enabled; then
|
||||
export AUTHORIZE_SSH=true
|
||||
export SSH_PUBLIC_KEY=$IRONIC_ANSIBLE_SSH_KEY.pub
|
||||
fi
|
||||
make
|
||||
cp tinyipa.gz $ramdisk_path
|
||||
cp tinyipa.vmlinuz $kernel_path
|
||||
@ -2008,6 +2086,19 @@ function build_tinyipa_ramdisk {
|
||||
cd -
|
||||
}
|
||||
|
||||
function rebuild_tinyipa_for_ansible {
|
||||
local ansible_tinyipa_ramdisk_name
|
||||
pushd $IRONIC_PYTHON_AGENT_DIR/imagebuild/tinyipa
|
||||
export TINYIPA_RAMDISK_FILE=$IRONIC_DEPLOY_RAMDISK
|
||||
export SSH_PUBLIC_KEY=$IRONIC_ANSIBLE_SSH_KEY.pub
|
||||
make addssh
|
||||
ansible_tinyipa_ramdisk_name="ansible-$(basename $IRONIC_DEPLOY_RAMDISK)"
|
||||
mv $ansible_tinyipa_ramdisk_name $TOP_DIR/files
|
||||
make clean
|
||||
popd
|
||||
IRONIC_DEPLOY_RAMDISK=$TOP_DIR/files/$ansible_tinyipa_ramdisk_name
|
||||
}
|
||||
|
||||
# install_diskimage_builder() - Collect source and prepare or install from pip
|
||||
function install_diskimage_builder {
|
||||
if use_library_from_git "diskimage-builder"; then
|
||||
@ -2073,6 +2164,11 @@ function upload_baremetal_ironic_deploy {
|
||||
# download the agent image tarball
|
||||
wget "$IRONIC_AGENT_KERNEL_URL" -O $IRONIC_DEPLOY_KERNEL
|
||||
wget "$IRONIC_AGENT_RAMDISK_URL" -O $IRONIC_DEPLOY_RAMDISK
|
||||
if is_ansible_with_tinyipa; then
|
||||
# NOTE(pas-ha) if using ansible-deploy and tinyipa,
|
||||
# this will rebuild ramdisk and override $IRONIC_DEPLOY_RAMDISK
|
||||
rebuild_tinyipa_for_ansible
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -2104,6 +2200,9 @@ function upload_baremetal_ironic_deploy {
|
||||
die_if_not_set $LINENO IRONIC_DEPLOY_ISO_ID "Failed to load deploy iso into glance"
|
||||
fi
|
||||
else
|
||||
if is_ansible_with_tinyipa; then
|
||||
ironic_deploy_ramdisk_name="ansible-$ironic_deploy_ramdisk_name"
|
||||
fi
|
||||
IRONIC_DEPLOY_KERNEL_ID=$(openstack image show $ironic_deploy_kernel_name -f value -c id)
|
||||
IRONIC_DEPLOY_RAMDISK_ID=$(openstack image show $ironic_deploy_ramdisk_name -f value -c id)
|
||||
fi
|
||||
@ -2219,6 +2318,7 @@ function ironic_configure_tempest {
|
||||
|
||||
iniset $TEMPEST_CONFIG baremetal enabled_drivers $IRONIC_ENABLED_DRIVERS
|
||||
iniset $TEMPEST_CONFIG baremetal enabled_hardware_types $IRONIC_ENABLED_HARDWARE_TYPES
|
||||
iniset $TEMPEST_CONFIG baremetal enabled_deploy_interfaces $IRONIC_ENABLED_DEPLOY_INTERFACES
|
||||
|
||||
local adjusted_root_disk_size_gb
|
||||
if [[ "$IRONIC_IS_HARDWARE" == "False" ]]; then
|
||||
|
@ -74,6 +74,14 @@
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_AUTOMATED_CLEAN_ENABLED=False"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_USE_MOD_WSGI=True"
|
||||
|
||||
# NOTE(pas-ha) ansible deploy is new in Queens,
|
||||
# and this job does not exist in Newton/Ocata.
|
||||
# Do not enable ansible deploy for Pike so that stable/pike job on
|
||||
# branch-less ironic-tempest-plugin passes using branch_override.
|
||||
if [[ "$ZUUL_BRANCH" != "stable/pike" && "$BRANCH_OVERRIDE" != "stable/pike" ]]; then
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_ENABLED_DEPLOY_INTERFACES=iscsi,direct,ansible"
|
||||
fi
|
||||
|
||||
# Ensure the ironic-vars-EARLY file exists
|
||||
touch ironic-vars-early
|
||||
# Pull in the EARLY variables injected by the optional builders
|
||||
|
Loading…
Reference in New Issue
Block a user