diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 2fd4414234..bc40c355f7 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -481,13 +481,6 @@ ironic_public_endpoint: "{{ ironic_external_fqdn | kolla_url(public_protocol, ir
ironic_api_port: "6385"
ironic_api_listen_port: "{{ ironic_api_port }}"
ironic_api_public_port: "{{ haproxy_single_external_frontend_public_port if haproxy_single_external_frontend | bool else ironic_api_port }}"
-ironic_inspector_internal_fqdn: "{{ kolla_internal_fqdn }}"
-ironic_inspector_external_fqdn: "{{ kolla_external_fqdn }}"
-ironic_inspector_internal_endpoint: "{{ ironic_inspector_internal_fqdn | kolla_url(internal_protocol, ironic_inspector_port) }}"
-ironic_inspector_public_endpoint: "{{ ironic_inspector_external_fqdn | kolla_url(public_protocol, ironic_inspector_public_port) }}"
-ironic_inspector_port: "5050"
-ironic_inspector_public_port: "{{ haproxy_single_external_frontend_public_port if haproxy_single_external_frontend | bool else ironic_inspector_port }}"
-ironic_inspector_listen_port: "{{ ironic_inspector_port }}"
ironic_http_port: "8089"
ironic_prometheus_exporter_port: "9608"
@@ -877,7 +870,6 @@ enable_horizon_zun: "{{ enable_zun | bool }}"
enable_influxdb: "{{ enable_cloudkitty | bool and cloudkitty_storage_backend == 'influxdb' }}"
enable_ironic: "no"
enable_ironic_dnsmasq: "{{ enable_ironic | bool }}"
-enable_ironic_inspector: "no"
enable_ironic_neutron_agent: "no"
enable_ironic_prometheus_exporter: "{{ enable_ironic | bool and enable_prometheus | bool }}"
enable_iscsid: "{{ enable_cinder | bool and enable_cinder_backend_iscsi | bool }}"
diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one
index 1dd7914da1..1d47ec7982 100644
--- a/ansible/inventory/all-in-one
+++ b/ansible/inventory/all-in-one
@@ -351,7 +351,7 @@ ironic
[ironic-conductor:children]
ironic
-[ironic-inspector:children]
+[ironic-dnsmasq:children]
ironic
[ironic-tftp:children]
diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode
index 178890b1c4..9c35be0475 100644
--- a/ansible/inventory/multinode
+++ b/ansible/inventory/multinode
@@ -359,7 +359,7 @@ ironic
[ironic-conductor:children]
ironic
-[ironic-inspector:children]
+[ironic-dnsmasq:children]
ironic
[ironic-tftp:children]
diff --git a/ansible/roles/bifrost/defaults/main.yml b/ansible/roles/bifrost/defaults/main.yml
index 814bcc9dea..b597e784ac 100644
--- a/ansible/roles/bifrost/defaults/main.yml
+++ b/ansible/roles/bifrost/defaults/main.yml
@@ -11,10 +11,3 @@ bifrost_deploy_image_full: "{{ bifrost_deploy_image }}:{{ bifrost_deploy_tag }}"
bifrost_deploy_container_proxy: "{{ container_proxy }}"
bifrost_deploy_verbosity: "-vvvv"
-
-# Whether to enable the legacy ironic-inspector service
-# NOTE(wszumski): Bifrost plans to remove this option once the native in-band
-# inspection reaches feature parity. Please see:
-# https://bugs.launchpad.net/kolla/+bug/2054685 which contains links for
-# tracking the progress.
-bifrost_enable_ironic_inspector: true
diff --git a/ansible/roles/bifrost/tasks/bootstrap.yml b/ansible/roles/bifrost/tasks/bootstrap.yml
index c6533d87d2..622d5f9e78 100644
--- a/ansible/roles/bifrost/tasks/bootstrap.yml
+++ b/ansible/roles/bifrost/tasks/bootstrap.yml
@@ -8,8 +8,6 @@
{{ kolla_container_engine }} exec bifrost_deploy
bash -c 'mkdir -p /var/log/kolla/ironic &&
chown ironic:ironic /var/log/kolla/ironic &&
- mkdir -p /var/log/kolla/ironic-inspector &&
- chown ironic:ironic /var/log/kolla/ironic-inspector &&
mkdir -p /var/log/kolla/nginx &&
chown {{ nginx_user }}:{{ nginx_user }} /var/log/kolla/nginx'
diff --git a/ansible/roles/bifrost/tasks/stop.yml b/ansible/roles/bifrost/tasks/stop.yml
index 9d9a3a1776..ac71b934b2 100644
--- a/ansible/roles/bifrost/tasks/stop.yml
+++ b/ansible/roles/bifrost/tasks/stop.yml
@@ -17,7 +17,6 @@
command: "{{ kolla_container_engine }} exec bifrost_deploy systemctl stop {{ item }}.service"
with_items:
- ironic
- - ironic-inspector
- mariadb
- nginx
diff --git a/ansible/roles/bifrost/templates/bifrost.yml.j2 b/ansible/roles/bifrost/templates/bifrost.yml.j2
index e7014a64f5..49e62455e3 100644
--- a/ansible/roles/bifrost/templates/bifrost.yml.j2
+++ b/ansible/roles/bifrost/templates/bifrost.yml.j2
@@ -2,9 +2,6 @@
# Ironic log directory.
ironic_log_dir: "/var/log/kolla/ironic"
-# Ironic inspector log directory.
-inspector_log_dir: "/var/log/kolla/ironic-inspector"
-
# Ironic Python Agent deploy logs directory
ironic_agent_deploy_logs_local_path: "/var/log/kolla/ironic/deploy"
@@ -34,8 +31,5 @@ generate_tls: true
# the default /etc/bifrost is not.
tls_root: "/etc/bifrost-certs"
-# Whether to enable the legacy ironic-inspector service.
-enable_inspector: "{{ bifrost_enable_ironic_inspector }}"
-
# Disable firewalld
use_firewalld: false
diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml
index e6e88d6213..2562c31e5c 100644
--- a/ansible/roles/common/tasks/config.yml
+++ b/ansible/roles/common/tasks/config.yml
@@ -80,7 +80,6 @@
- { name: "horizon", enabled: "{{ enable_horizon | bool }}" }
- { name: "influxdb", enabled: "{{ enable_influxdb | bool }}" }
- { name: "ironic", enabled: "{{ enable_ironic | bool }}" }
- - { name: "ironic-inspector", enabled: "{{ enable_ironic | bool }}" }
- { name: "keystone", enabled: "{{ enable_keystone | bool }}" }
- { name: "kuryr", enabled: "{{ enable_kuryr | bool }}" }
- { name: "magnum", enabled: "{{ enable_magnum | bool }}" }
diff --git a/ansible/roles/common/templates/cron-logrotate-ironic-inspector.conf.j2 b/ansible/roles/common/templates/cron-logrotate-ironic-inspector.conf.j2
deleted file mode 100644
index a3fe9a18a5..0000000000
--- a/ansible/roles/common/templates/cron-logrotate-ironic-inspector.conf.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-"/var/log/kolla/ironic-inspector/*.log"
-{
-}
diff --git a/ansible/roles/fluentd/defaults/main.yml b/ansible/roles/fluentd/defaults/main.yml
index fd18d5fe44..f749a5bea5 100644
--- a/ansible/roles/fluentd/defaults/main.yml
+++ b/ansible/roles/fluentd/defaults/main.yml
@@ -109,8 +109,6 @@ fluentd_input_openstack_services:
enabled: "{{ enable_horizon | bool }}"
- name: ironic
enabled: "{{ enable_ironic | bool }}"
- - name: ironic-inspector
- enabled: "{{ enable_ironic | bool }}"
- name: keystone
enabled: "{{ enable_keystone | bool }}"
- name: kuryr
diff --git a/ansible/roles/fluentd/templates/conf/filter/01-rewrite.conf.j2 b/ansible/roles/fluentd/templates/conf/filter/01-rewrite.conf.j2
index ee761a34f0..c8e35c8598 100644
--- a/ansible/roles/fluentd/templates/conf/filter/01-rewrite.conf.j2
+++ b/ansible/roles/fluentd/templates/conf/filter/01-rewrite.conf.j2
@@ -118,7 +118,7 @@
key programname
- pattern ^(ironic-api|ironic-conductor|ironic-inspector)$
+ pattern ^(ironic-api|ironic-conductor)$
tag openstack_python
diff --git a/ansible/roles/ironic/defaults/main.yml b/ansible/roles/ironic/defaults/main.yml
index 2c30e954e2..fb485375a2 100644
--- a/ansible/roles/ironic/defaults/main.yml
+++ b/ansible/roles/ironic/defaults/main.yml
@@ -38,33 +38,6 @@ ironic_services:
volumes: "{{ ironic_conductor_default_volumes + ironic_conductor_extra_volumes + lookup('vars', 'run_default_volumes_' + kolla_container_engine) }}"
dimensions: "{{ ironic_conductor_dimensions }}"
healthcheck: "{{ ironic_conductor_healthcheck }}"
- ironic-inspector:
- container_name: ironic_inspector
- group: ironic-inspector
- enabled: "{{ enable_ironic_inspector }}"
- image: "{{ ironic_inspector_image_full }}"
- privileged: True
- volumes: "{{ ironic_inspector_default_volumes + ironic_inspector_extra_volumes }}"
- dimensions: "{{ ironic_inspector_dimensions }}"
- healthcheck: "{{ ironic_inspector_healthcheck }}"
- haproxy:
- ironic_inspector:
- enabled: "{{ enable_ironic }}"
- mode: "http"
- external: false
- port: "{{ ironic_inspector_port }}"
- listen_port: "{{ ironic_inspector_listen_port }}"
- backend_http_extra:
- - "option httpchk"
- ironic_inspector_external:
- enabled: "{{ enable_ironic }}"
- mode: "http"
- external: true
- external_fqdn: "{{ ironic_inspector_external_fqdn }}"
- port: "{{ ironic_inspector_public_port }}"
- listen_port: "{{ ironic_inspector_listen_port }}"
- backend_http_extra:
- - "option httpchk"
ironic-tftp:
container_name: ironic_tftp
group: ironic-tftp
@@ -87,7 +60,7 @@ ironic_services:
healthcheck: "{{ ironic_http_healthcheck }}"
ironic-dnsmasq:
container_name: ironic_dnsmasq
- group: ironic-inspector
+ group: ironic-dnsmasq
enabled: "{{ enable_ironic_dnsmasq }}"
cap_add:
- NET_ADMIN
@@ -117,34 +90,21 @@ ironic_database_name: "ironic"
ironic_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic{% endif %}"
ironic_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
-ironic_inspector_database_name: "ironic_inspector"
-ironic_inspector_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic_inspector{% endif %}"
-ironic_inspector_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
-
####################
# Database sharding
####################
ironic_database_shard_root_user: "{% if enable_proxysql | bool %}root_shard_{{ ironic_database_shard_id }}{% else %}{{ database_user }}{% endif %}"
ironic_database_shard_id: "{{ mariadb_default_database_shard_id | int }}"
-ironic_inspector_database_shard_id: "{{ ironic_database_shard_id | int }}"
ironic_database_shard:
users:
- user: "{{ ironic_database_user }}"
password: "{{ ironic_database_password }}"
shard_id: "{{ ironic_database_shard_id }}"
- - user: "{{ ironic_inspector_database_user }}"
- password: "{{ ironic_inspector_database_password }}"
- shard_id: "{{ ironic_inspector_database_shard_id }}"
rules:
- schema: "{{ ironic_database_name }}"
shard_id: "{{ ironic_database_shard_id }}"
- user: "{{ ironic_database_user }}"
shard_id: "{{ ironic_database_shard_id }}"
- - schema: "{{ ironic_inspector_database_name }}"
- shard_id: "{{ ironic_inspector_database_shard_id }}"
- - user: "{{ ironic_inspector_database_user }}"
- shard_id: "{{ ironic_inspector_database_shard_id }}"
-
####################
# Docker
@@ -163,10 +123,6 @@ ironic_pxe_image: "{{ docker_image_url }}ironic-pxe"
ironic_pxe_tag: "{{ ironic_tag }}"
ironic_pxe_image_full: "{{ ironic_pxe_image }}:{{ ironic_pxe_tag }}"
-ironic_inspector_image: "{{ docker_image_url }}ironic-inspector"
-ironic_inspector_tag: "{{ ironic_tag }}"
-ironic_inspector_image_full: "{{ ironic_inspector_image }}:{{ ironic_inspector_tag }}"
-
ironic_dnsmasq_image: "{{ docker_image_url }}dnsmasq"
ironic_dnsmasq_tag: "{{ ironic_tag }}"
ironic_dnsmasq_image_full: "{{ ironic_dnsmasq_image }}:{{ ironic_dnsmasq_tag }}"
@@ -179,7 +135,6 @@ ironic_api_dimensions: "{{ default_container_dimensions }}"
ironic_conductor_dimensions: "{{ default_container_dimensions }}"
ironic_tftp_dimensions: "{{ default_container_dimensions }}"
ironic_http_dimensions: "{{ default_container_dimensions }}"
-ironic_inspector_dimensions: "{{ default_container_dimensions }}"
ironic_dnsmasq_dimensions: "{{ default_container_dimensions }}"
ironic_prometheus_exporter_dimensions: "{{ default_container_dimensions }}"
@@ -209,19 +164,6 @@ ironic_conductor_healthcheck:
test: "{% if ironic_conductor_enable_healthchecks | bool %}{{ ironic_conductor_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ ironic_conductor_healthcheck_timeout }}"
-ironic_inspector_enable_healthchecks: "{{ enable_container_healthchecks }}"
-ironic_inspector_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
-ironic_inspector_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
-ironic_inspector_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
-ironic_inspector_healthcheck_test: ["CMD-SHELL", "healthcheck_port ironic-inspector {{ om_rpc_port }}"]
-ironic_inspector_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
-ironic_inspector_healthcheck:
- interval: "{{ ironic_inspector_healthcheck_interval }}"
- retries: "{{ ironic_inspector_healthcheck_retries }}"
- start_period: "{{ ironic_inspector_healthcheck_start_period }}"
- test: "{% if ironic_inspector_enable_healthchecks | bool %}{{ ironic_inspector_healthcheck_test }}{% else %}NONE{% endif %}"
- timeout: "{{ ironic_inspector_healthcheck_timeout }}"
-
ironic_http_enable_healthchecks: "{{ enable_container_healthchecks }}"
ironic_http_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
ironic_http_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
@@ -266,19 +208,12 @@ ironic_http_default_volumes:
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "ironic:/var/lib/ironic"
- "kolla_logs:/var/log/kolla"
-ironic_inspector_default_volumes:
- - "{{ node_config_directory }}/ironic-inspector/:{{ container_config_directory }}/:ro"
- - "/etc/localtime:/etc/localtime:ro"
- - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- - "kolla_logs:/var/log/kolla"
- - "ironic_inspector_dhcp_hosts:/var/lib/ironic-inspector/dhcp-hostsdir"
- - "{{ kolla_dev_repos_directory ~ '/ironic-inspector:/dev-mode/ironic-inspector' if ironic_inspector_dev_mode | bool else '' }}"
ironic_dnsmasq_default_volumes:
- "{{ node_config_directory }}/ironic-dnsmasq/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla"
- - "ironic_inspector_dhcp_hosts:/etc/dnsmasq/dhcp-hostsdir:ro"
+ - "ironic_dhcp_hosts:/etc/dnsmasq/dhcp-hostsdir:ro"
ironic_prometheus_exporter_default_volumes:
- "{{ node_config_directory }}/ironic-prometheus-exporter/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
@@ -291,7 +226,6 @@ ironic_api_extra_volumes: "{{ ironic_extra_volumes }}"
ironic_conductor_extra_volumes: "{{ ironic_extra_volumes }}"
ironic_tftp_extra_volumes: "{{ ironic_extra_volumes }}"
ironic_http_extra_volumes: "{{ ironic_extra_volumes }}"
-ironic_inspector_extra_volumes: "{{ ironic_extra_volumes }}"
ironic_dnsmasq_extra_volumes: "{{ ironic_extra_volumes }}"
ironic_prometheus_exporter_extra_volumes: "{{ ironic_extra_volumes }}"
@@ -299,13 +233,10 @@ ironic_prometheus_exporter_extra_volumes: "{{ ironic_extra_volumes }}"
# OpenStack
####################
ironic_inspector_keystone_user: "ironic-inspector"
-
ironic_logging_debug: "{{ openstack_logging_debug }}"
openstack_ironic_auth: "{{ openstack_auth }}"
-openstack_ironic_inspector_auth: "{{ openstack_auth }}"
-
ironic_api_workers: "{{ openstack_service_workers }}"
#########
@@ -323,8 +254,8 @@ ironic_http_url: "http://{{ ironic_http_interface_address | put_address_in_conte
ironic_tftp_listen_address: "{{ ironic_tftp_interface_address }}"
ironic_enable_rolling_upgrade: "yes"
ironic_upgrade_skip_wait_check: false
-ironic_inspector_kernel_cmdline_extras: []
-ironic_inspector_pxe_filter: "{% if enable_neutron | bool %}dnsmasq{% else %}noop{% endif %}"
+ironic_kernel_cmdline_extras: []
+ironic_pxe_filter: "{% if enable_neutron | bool %}dnsmasq{% else %}noop{% endif %}"
ironic_prometheus_exporter_data_dir: "/var/lib/ironic-prometheus-exporter/data"
ironic_prometheus_exporter_sensor_data_interval: 30
ironic_prometheus_exporter_sensor_data_undeployed_nodes: "true"
@@ -333,13 +264,10 @@ ironic_prometheus_exporter_sensor_data_undeployed_nodes: "true"
####################
## Kolla
#####################
-ironic_inspector_git_repository: "{{ kolla_dev_repos_git }}/ironic-inspector"
ironic_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
ironic_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
ironic_dev_mode: "{{ kolla_dev_mode }}"
-ironic_inspector_dev_mode: "{{ ironic_dev_mode }}"
ironic_source_version: "{{ kolla_source_version }}"
-ironic_inspector_source_version: "{{ ironic_source_version }}"
ironic_agent_files_directory: "{{ node_custom_config }}"
@@ -363,34 +291,28 @@ ironic_ks_services:
endpoints:
- {'interface': 'internal', 'url': '{{ ironic_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ ironic_public_endpoint }}'}
+# TODO(mnasiadka): Remove in Gazpacho/2026.1
- name: "ironic-inspector"
type: "baremetal-introspection"
description: "Ironic Inspector baremetal introspection service"
- endpoints:
- - {'interface': 'internal', 'url': '{{ ironic_inspector_internal_endpoint }}'}
- - {'interface': 'public', 'url': '{{ ironic_inspector_public_endpoint }}'}
+ state: absent
+ endpoints: []
ironic_ks_users:
- project: "service"
user: "{{ ironic_keystone_user }}"
password: "{{ ironic_keystone_password }}"
role: "admin"
+# TODO(mnasiadka): Remove in Gazpacho/2026.1
- project: "service"
- user: "{{ ironic_inspector_keystone_user }}"
- password: "{{ ironic_inspector_keystone_password }}"
+ user: "{{ ironic_inspector_keystone_user | default('ironic-inspector') }}"
role: "admin"
+ state: absent
ironic_ks_user_roles:
- project: "service"
user: "{{ ironic_keystone_user }}"
role: "service"
- - project: "service"
- user: "{{ ironic_inspector_keystone_user }}"
- role: "service"
- state: "absent"
- - system: "all"
- user: "{{ ironic_inspector_keystone_user }}"
- role: "service"
####################
# TLS
diff --git a/ansible/roles/ironic/handlers/main.yml b/ansible/roles/ironic/handlers/main.yml
index 8fd1a5394d..d7989a5736 100644
--- a/ansible/roles/ironic/handlers/main.yml
+++ b/ansible/roles/ironic/handlers/main.yml
@@ -28,21 +28,6 @@
dimensions: "{{ service.dimensions }}"
healthcheck: "{{ service.healthcheck | default(omit) }}"
-- name: Restart ironic-inspector container
- vars:
- service_name: "ironic-inspector"
- service: "{{ ironic_services[service_name] }}"
- become: true
- kolla_container:
- action: "recreate_or_restart_container"
- common_options: "{{ docker_common_options }}"
- name: "{{ service.container_name }}"
- image: "{{ service.image }}"
- privileged: "{{ service.privileged | default(False) }}"
- volumes: "{{ service.volumes | reject('equalto', '') | list }}"
- dimensions: "{{ service.dimensions }}"
- healthcheck: "{{ service.healthcheck | default(omit) }}"
-
- name: Restart ironic-tftp container
vars:
service_name: "ironic-tftp"
diff --git a/ansible/roles/ironic/tasks/bootstrap.yml b/ansible/roles/ironic/tasks/bootstrap.yml
index 2843f97c72..b6dc71a078 100644
--- a/ansible/roles/ironic/tasks/bootstrap.yml
+++ b/ansible/roles/ironic/tasks/bootstrap.yml
@@ -16,8 +16,6 @@
with_items:
- database_name: "{{ ironic_database_name }}"
group: "ironic-api"
- - database_name: "{{ ironic_inspector_database_name }}"
- group: "ironic-inspector"
when:
- not use_preconfigured_databases | bool
- inventory_hostname in groups[item.group]
@@ -45,10 +43,6 @@
database_user: "{{ ironic_database_user }}"
database_password: "{{ ironic_database_password }}"
group: "ironic-api"
- - database_name: "{{ ironic_inspector_database_name }}"
- database_user: "{{ ironic_inspector_database_user }}"
- database_password: "{{ ironic_inspector_database_password }}"
- group: "ironic-inspector"
loop_control:
label: "{{ item.database_name }}"
when:
diff --git a/ansible/roles/ironic/tasks/bootstrap_service.yml b/ansible/roles/ironic/tasks/bootstrap_service.yml
index b1ade0333d..2374bae120 100644
--- a/ansible/roles/ironic/tasks/bootstrap_service.yml
+++ b/ansible/roles/ironic/tasks/bootstrap_service.yml
@@ -24,29 +24,6 @@
delegate_to: "{{ groups[ironic_api.group][0] }}"
when: inventory_hostname in groups[ironic_api.group]
-- name: Running Ironic Inspector bootstrap container
- vars:
- ironic_inspector: "{{ ironic_services['ironic-inspector'] }}"
- become: true
- kolla_container:
- action: "start_container"
- common_options: "{{ docker_common_options }}"
- detach: False
- environment:
- KOLLA_BOOTSTRAP:
- KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
- image: "{{ ironic_inspector.image }}"
- labels:
- BOOTSTRAP:
- name: "bootstrap_ironic_inspector"
- restart_policy: oneshot
- volumes: "{{ ironic_inspector.volumes | reject('equalto', '') | list }}"
- run_once: True
- delegate_to: "{{ groups[ironic_inspector.group][0] }}"
- when:
- - inventory_hostname in groups[ironic_inspector.group]
- - enable_ironic_inspector | bool
-
- name: Running ironic-tftp bootstrap container
vars:
service: "{{ ironic_services['ironic-tftp'] }}"
diff --git a/ansible/roles/ironic/tasks/clone.yml b/ansible/roles/ironic/tasks/clone.yml
index 51ca6a221b..3b9cd387fb 100644
--- a/ansible/roles/ironic/tasks/clone.yml
+++ b/ansible/roles/ironic/tasks/clone.yml
@@ -6,12 +6,3 @@
dest: "{{ kolla_dev_repos_directory }}/{{ project_name }}"
update: "{{ ironic_dev_repos_pull }}"
version: "{{ ironic_source_version }}"
-
-- name: Cloning ironic-inspector source repository for development
- become: true
- git:
- repo: "{{ ironic_inspector_git_repository }}"
- dest: "{{ kolla_dev_repos_directory }}/ironic-inspector"
- update: "{{ ironic_dev_repos_pull }}"
- version: "{{ ironic_inspector_source_version }}"
- when: ironic_inspector_dev_mode | bool
diff --git a/ansible/roles/ironic/tasks/config.yml b/ansible/roles/ironic/tasks/config.yml
index bcd08a510f..98a3e66e2e 100644
--- a/ansible/roles/ironic/tasks/config.yml
+++ b/ansible/roles/ironic/tasks/config.yml
@@ -21,18 +21,6 @@
- "{{ node_custom_config }}/ironic/"
skip: true
-- name: Check if Ironic Inspector policies shall be overwritten
- stat:
- path: "{{ item }}"
- delegate_to: localhost
- run_once: True
- register: ironic_inspector_policy
- with_first_found:
- - files: "{{ supported_policy_format_list }}"
- paths:
- - "{{ node_custom_config }}/ironic/inspector/"
- skip: true
-
- name: Set ironic policy file
set_fact:
ironic_policy_file: "{{ ironic_policy.results.0.stat.path | basename }}"
@@ -40,38 +28,6 @@
when:
- ironic_policy.results
-- name: Set ironic-inspector policy file
- set_fact:
- ironic_inspector_policy_file: "{{ ironic_inspector_policy.results.0.stat.path | basename }}"
- ironic_inspector_policy_file_path: "{{ ironic_inspector_policy.results.0.stat.path }}"
- when:
- - ironic_inspector_policy.results
-
-- name: Check if Ironic Inspector known_devices.yaml shall be overwritten
- stat:
- path: "{{ node_custom_config }}/ironic-inspector/known_devices.yaml"
- delegate_to: localhost
- run_once: True
- register: ironic_inspector_known_devices
-
-- name: Set known_devices file path
- set_fact:
- ironic_inspector_known_devices_file_path: "{{ ironic_inspector_known_devices.stat.path }}"
- when:
- - ironic_inspector_known_devices.stat.exists
-
-- name: Copying over known_devices.yaml
- vars:
- service: "{{ ironic_services['ironic-inspector'] }}"
- template:
- src: "{{ ironic_inspector_known_devices_file_path }}"
- dest: "{{ node_config_directory }}/ironic-inspector/known_devices.yaml"
- mode: "0660"
- become: true
- when:
- - ironic_inspector_known_devices_file_path is defined
- - service | service_enabled_and_mapped_to_host
-
- include_tasks: copy-certs.yml
when:
- ironic_copy_certs | bool
@@ -101,21 +57,6 @@
- item.key in [ "ironic-api", "ironic-conductor", "ironic-prometheus-exporter" ]
with_dict: "{{ ironic_services | select_services_enabled_and_mapped_to_host }}"
-- name: Copying over inspector.conf
- vars:
- service: "{{ ironic_services['ironic-inspector'] }}"
- merge_configs:
- sources:
- - "{{ role_path }}/templates/ironic-inspector.conf.j2"
- - "{{ node_custom_config }}/global.conf"
- - "{{ node_custom_config }}/ironic-inspector.conf"
- - "{{ node_custom_config }}/ironic-inspector/inspector.conf"
- - "{{ node_custom_config }}/ironic-inspector/{{ inventory_hostname }}/inspector.conf"
- dest: "{{ node_config_directory }}/ironic-inspector/inspector.conf"
- mode: "0660"
- become: true
- when: service | service_enabled_and_mapped_to_host
-
- name: Copying over dnsmasq.conf
vars:
service: "{{ ironic_services['ironic-dnsmasq'] }}"
@@ -143,8 +84,8 @@
- "{{ node_custom_config }}/ironic/{{ inventory_hostname }}/pxelinux.default"
- "pxelinux.default.j2"
when:
- # Only required when Ironic inspector is in use.
- - groups['ironic-inspector'] | length > 0
+ # Only required when Ironic dnsmasq is in use.
+ - groups['ironic-dnsmasq'] | length > 0
- service | service_enabled_and_mapped_to_host
- not ironic_dnsmasq_serve_ipxe | bool
@@ -160,8 +101,8 @@
- "ironic-agent.kernel"
- "ironic-agent.initramfs"
when:
- # Only required when Ironic inspector is in use.
- - groups['ironic-inspector'] | length > 0
+ # Only required when Ironic dnsmasq is in use.
+ - groups['ironic-dnsmasq'] | length > 0
- service | service_enabled_and_mapped_to_host
- not ironic_dnsmasq_serve_ipxe | bool
@@ -177,25 +118,25 @@
- "ironic-agent.kernel"
- "ironic-agent.initramfs"
when:
- # Only required when Ironic inspector is in use.
- - groups['ironic-inspector'] | length > 0
+ # Only required when Ironic dnsmasq is in use.
+ - groups['ironic-dnsmasq'] | length > 0
- service | service_enabled_and_mapped_to_host
-- name: Copying inspector.ipxe
+- name: Copying ipa.ipxe
vars:
service: "{{ ironic_services['ironic-http'] }}"
template:
src: "{{ item }}"
- dest: "{{ node_config_directory }}/ironic-http/inspector.ipxe"
+ dest: "{{ node_config_directory }}/ironic-http/ipa.ipxe"
mode: "0660"
become: true
with_first_found:
- - "{{ node_custom_config }}/ironic/{{ inventory_hostname }}/inspector.ipxe"
- - "{{ node_custom_config }}/ironic/inspector.ipxe"
- - "inspector.ipxe.j2"
+ - "{{ node_custom_config }}/ironic/{{ inventory_hostname }}/ipa.ipxe"
+ - "{{ node_custom_config }}/ironic/ipa.ipxe"
+ - "ipa.ipxe.j2"
when:
- # Only required when Ironic inspector is in use.
- - groups['ironic-inspector'] | length > 0
+ # Only required when Ironic dnsmasq is in use.
+ - groups['ironic-dnsmasq'] | length > 0
- service | service_enabled_and_mapped_to_host
- name: Copying ironic-http-httpd.conf
@@ -240,20 +181,6 @@
- item.key in services_require_policy_json
with_dict: "{{ ironic_services | select_services_enabled_and_mapped_to_host }}"
-- name: Copying over existing Ironic Inspector policy file
- vars:
- services_require_inspector_policy_json:
- - ironic-inspector
- template:
- src: "{{ ironic_inspector_policy_file_path }}"
- dest: "{{ node_config_directory }}/{{ item.key }}/{{ ironic_inspector_policy_file }}"
- mode: "0660"
- become: true
- when:
- - ironic_inspector_policy_file is defined
- - item.key in services_require_inspector_policy_json
- with_dict: "{{ ironic_services | select_services_enabled_and_mapped_to_host }}"
-
- name: Copying over ironic-api-wsgi.conf
vars:
service: "{{ ironic_services['ironic-api'] }}"
diff --git a/ansible/roles/ironic/tasks/deploy.yml b/ansible/roles/ironic/tasks/deploy.yml
index f135ada713..9519d8e70f 100644
--- a/ansible/roles/ironic/tasks/deploy.yml
+++ b/ansible/roles/ironic/tasks/deploy.yml
@@ -15,20 +15,3 @@
- name: Flush handlers
meta: flush_handlers
-
-# NOTE(mgoddard): If inspector was previously configured to use the iptables
-# PXE filter, it may leave rules in place that block inspection. Clean them up.
-# The iptables Ansible module is not idempotent - it fails if the chain does
-# not exist, so use a command instead.
-- name: Flush and delete ironic-inspector iptables chain
- become: true
- command: iptables --{{ item }} ironic-inspector
- register: ironic_inspector_chain
- with_items:
- - flush
- - delete-chain
- when: ironic_inspector_pxe_filter != 'iptables'
- changed_when: ironic_inspector_chain.rc == 0
- failed_when:
- - ironic_inspector_chain.rc != 0
- - "'No chain/target/match by that name' not in ironic_inspector_chain.stderr"
diff --git a/ansible/roles/ironic/tasks/precheck.yml b/ansible/roles/ironic/tasks/precheck.yml
index 99394cf6ab..cb5a21839f 100644
--- a/ansible/roles/ironic/tasks/precheck.yml
+++ b/ansible/roles/ironic/tasks/precheck.yml
@@ -12,7 +12,6 @@
container_engine: "{{ kolla_container_engine }}"
name:
- ironic_api
- - ironic_inspector
- ironic_http
- ironic_prometheus_exporter
check_mode: false
@@ -29,17 +28,6 @@
- container_facts.containers['ironic_api'] is not defined
- inventory_hostname in groups['ironic-api']
-- name: Checking free port for Ironic Inspector
- wait_for:
- host: "{{ api_interface_address }}"
- port: "{{ ironic_inspector_listen_port }}"
- connect_timeout: 1
- timeout: 1
- state: stopped
- when:
- - container_facts.containers['ironic_inspector'] is not defined
- - inventory_hostname in groups['ironic-inspector']
-
- name: Checking free port for Ironic HTTP server
wait_for:
host: "{{ api_interface_address }}"
@@ -63,7 +51,7 @@
- container_facts.containers['ironic_prometheus_exporter'] is not defined
- inventory_hostname in groups['ironic-conductor']
-- name: Checking ironic-agent files exist for Ironic Inspector
+- name: Checking ironic-agent files exist for Ironic
stat:
path: "{{ ironic_agent_files_directory }}/ironic/{{ item }}"
delegate_to: localhost
@@ -71,8 +59,8 @@
register: result
failed_when: not result.stat.exists
when:
- # Only required when Ironic inspector is in use.
- - groups['ironic-inspector'] | length > 0
+ # Only required when Ironic dnsmasq is in use.
+ - groups['ironic-dnsmasq'] | length > 0
- (not ironic_dnsmasq_serve_ipxe | bool and inventory_hostname in groups['ironic-tftp']) or
(ironic_dnsmasq_serve_ipxe | bool and inventory_hostname in groups['ironic-http'])
with_items:
diff --git a/ansible/roles/ironic/tasks/upgrade.yml b/ansible/roles/ironic/tasks/upgrade.yml
index 0e020b9df0..4e5ef576e1 100644
--- a/ansible/roles/ironic/tasks/upgrade.yml
+++ b/ansible/roles/ironic/tasks/upgrade.yml
@@ -1,6 +1,55 @@
---
+# TODO(mnasiadka): Remove this task in Gazpacho/2026.1 release
+- name: Remove ironic-inspector
+ become: true
+ kolla_container:
+ action: "stop_and_remove_container"
+ common_options: "{{ docker_common_options }}"
+ name: "ironic_inspector"
+ ignore_missing: true
+
+# TODO(mnasiadka): Remove this block in Gazpacho/2026.1 release
+- name: Handle volume migration for ironic_dnsmasq
+ when: enable_ironic_dnsmasq | bool
+ block:
+ - name: Stop ironic_dnsmasq container
+ become: true
+ kolla_container:
+ action: "stop_container"
+ common_options: "{{ docker_common_options }}"
+ name: "ironic_dnsmasq"
+ ignore_missing: true
+
+ - name: Create ironic_dhcp_hosts volume
+ become: true
+ command: "{{ kolla_container_engine }} volume create ironic_dhcp_hosts"
+
+ - name: Migrate data from ironic_inspector_dhcp_hosts volume
+ become: true
+ vars:
+ volumes_dir: >-
+ {{ '/var/lib/docker/volumes' if kolla_container_engine == 'docker'
+ else '/var/lib/containers/storage/volumes' }}
+ command: >-
+ mv {{ volumes_dir }}/ironic_inspector_dhcp_hosts/_data/
+ {{ volumes_dir }}/ironic_dhcp_hosts/_data
+
+- name: Get Ironic API container facts
+ become: true
+ vars:
+ container_name: "{{ ironic_services['ironic-api'].container_name }}"
+ kolla_container_facts:
+ action: get_containers
+ container_engine: "{{ kolla_container_engine }}"
+ name:
+ - "{{ container_name }}"
+ check_mode: false
+ register: container_facts
+
- name: Wait for Ironic nodes not to wait
become: true
+ vars:
+ container_name: "{{ ironic_services['ironic-api'].container_name }}"
command: >
{{ kolla_container_engine }} exec kolla_toolbox openstack
--os-interface {{ openstack_interface }}
@@ -25,10 +74,18 @@
select('search', '\\bwait\\b') |
length) == 0
run_once: true
- when: not ironic_upgrade_skip_wait_check | bool
+ when:
+ - not ironic_upgrade_skip_wait_check | bool
+ - container_facts.containers[container_name] is defined
- include_tasks: rolling_upgrade.yml
when: ironic_enable_rolling_upgrade | bool
- include_tasks: legacy_upgrade.yml
when: not ironic_enable_rolling_upgrade | bool
+
+# TODO(mnasiadka): Remove this task in Gazpacho/2026.1 release
+- name: Remove ironic_inspector_dhcp_hosts volume
+ become: true
+ command: "{{ kolla_container_engine }} volume rm ironic_inspector_dhcp_hosts"
+ when: enable_ironic_dnsmasq | bool
diff --git a/ansible/roles/ironic/templates/inspector.ipxe.j2 b/ansible/roles/ironic/templates/ipa.ipxe.j2
similarity index 55%
rename from ansible/roles/ironic/templates/inspector.ipxe.j2
rename to ansible/roles/ironic/templates/ipa.ipxe.j2
index 3bf2c8825e..676f885c45 100644
--- a/ansible/roles/ironic/templates/inspector.ipxe.j2
+++ b/ansible/roles/ironic/templates/ipa.ipxe.j2
@@ -7,12 +7,12 @@ dhcp || goto retry_dhcp
{% if not enable_neutron | bool %}
# load the MAC-specific file or fail if it's not found
:boot_system
-chain pxelinux.cfg/${mac:hexhyp} || goto inspector_ipa
+chain pxelinux.cfg/${mac:hexhyp} || goto ipa
{% endif %}
-:inspector_ipa
+:ipa
:retry_boot
imgfree
-kernel --timeout 30000 {{ ironic_http_url }}/ironic-agent.kernel ipa-inspection-callback-url={{ ironic_inspector_internal_endpoint }}/v1/continue systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd=ironic-agent.initramfs {{ ironic_inspector_kernel_cmdline_extras | join(' ') }} || goto retry_boot
+kernel --timeout 30000 {{ ironic_http_url }}/ironic-agent.kernel ipa-inspection-callback-url={{ ironic_internal_endpoint }}/v1/continue systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd=ironic-agent.initramfs {{ ironic_kernel_cmdline_extras | join(' ') }} || goto retry_boot
initrd --timeout 30000 {{ ironic_http_url }}/ironic-agent.initramfs || goto retry_boot
boot
diff --git a/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2 b/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2
index f438fd906b..87c9cc196e 100644
--- a/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2
+++ b/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2
@@ -25,7 +25,7 @@ dhcp-match=ipxe,175
dhcp-match=set:efi,option:client-arch,7
dhcp-match=set:efi,option:client-arch,9
# Client is already running iPXE; move to next stage of chainloading
-dhcp-option=tag:ipxe,option:bootfile-name,{{ ironic_http_url }}/inspector.ipxe
+dhcp-option=tag:ipxe,option:bootfile-name,{{ ironic_http_url }}/ipa.ipxe
# Client is PXE booting over EFI without iPXE ROM,
# send EFI version of iPXE chainloader
dhcp-option=tag:efi,tag:!ipxe,option:bootfile-name,{{ ironic_dnsmasq_uefi_ipxe_boot_file }}
@@ -39,6 +39,6 @@ log-facility=/var/log/kolla/ironic/dnsmasq.log
log-dhcp
{% endif %}
-{% if ironic_inspector_pxe_filter == 'dnsmasq' %}
+{% if ironic_pxe_filter == 'dnsmasq' %}
dhcp-hostsdir=/etc/dnsmasq/dhcp-hostsdir
{% endif %}
diff --git a/ansible/roles/ironic/templates/ironic-http.json.j2 b/ansible/roles/ironic/templates/ironic-http.json.j2
index 8fd42396f0..d726cd2012 100644
--- a/ansible/roles/ironic/templates/ironic-http.json.j2
+++ b/ansible/roles/ironic/templates/ironic-http.json.j2
@@ -3,7 +3,7 @@
{
"command": "{{ apache_cmd }} -DFOREGROUND",
"config_files": [
-{% if groups['ironic-inspector'] | length > 0 %}
+{% if groups['ironic-dnsmasq'] | length > 0 %}
{
"source": "{{ container_config_directory }}/ironic-agent.kernel",
"dest": "/var/lib/ironic/httpboot/ironic-agent.kernel",
@@ -17,8 +17,8 @@
"perm": "0644"
},
{
- "source": "{{ container_config_directory }}/inspector.ipxe",
- "dest": "/var/lib/ironic/httpboot/inspector.ipxe",
+ "source": "{{ container_config_directory }}/ipa.ipxe",
+ "dest": "/var/lib/ironic/httpboot/ipa.ipxe",
"owner": "root",
"perm": "0644"
},
diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
deleted file mode 100644
index 56a63e2b36..0000000000
--- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2
+++ /dev/null
@@ -1,103 +0,0 @@
-[DEFAULT]
-debug = {{ ironic_logging_debug }}
-log_dir = /var/log/kolla/ironic-inspector
-
-{% if not ironic_enable_keystone_integration | bool %}
-auth_strategy = noauth
-{% endif %}
-listen_address = {{ api_interface_address }}
-listen_port = {{ ironic_inspector_listen_port }}
-transport_url = {{ rpc_transport_url }}
-
-[oslo_messaging_notifications]
-transport_url = {{ notify_transport_url }}
-
-[oslo_messaging_rabbit]
-use_queue_manager = true
-heartbeat_in_pthread = false
-{% if om_enable_rabbitmq_tls | bool %}
-ssl = true
-ssl_ca_file = {{ om_rabbitmq_cacert }}
-{% endif %}
-rabbit_quorum_queue = true
-{% if om_enable_rabbitmq_stream_fanout | bool %}
-rabbit_stream_fanout = true
-rabbit_qos_prefetch_count = {{ om_rabbitmq_qos_prefetch_count }}
-{% endif %}
-rabbit_transient_quorum_queue = true
-
-[ironic]
-{% if ironic_enable_keystone_integration | bool %}
-auth_url = {{ keystone_internal_url }}
-auth_type = password
-user_domain_id = {{ default_user_domain_id }}
-username = {{ ironic_inspector_keystone_user }}
-password = {{ ironic_inspector_keystone_password }}
-valid_interfaces = internal
-cafile = {{ openstack_cacert }}
-region_name = {{ openstack_region_name }}
-system_scope = all
-{% else %}
-auth_type = none
-endpoint_override = {{ ironic_internal_endpoint }}
-{% endif %}
-
-{% if ironic_enable_keystone_integration | bool %}
-[keystone_authtoken]
-service_type = baremetal-introspection
-www_authenticate_uri = {{ keystone_public_url }}
-auth_url = {{ keystone_internal_url }}
-auth_type = password
-project_domain_id = {{ default_project_domain_id }}
-user_domain_id = {{ default_user_domain_id }}
-project_name = service
-username = {{ ironic_inspector_keystone_user }}
-password = {{ ironic_inspector_keystone_password }}
-cafile = {{ openstack_cacert }}
-region_name = {{ openstack_region_name }}
-
-memcache_security_strategy = {{ memcache_security_strategy }}
-memcache_secret_key = {{ memcache_secret_key }}
-memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
-{% endif %}
-
-{% if ironic_policy_file is defined %}
-[oslo_policy]
-policy_file = {{ ironic_policy_file }}
-{% endif %}
-
-[database]
-connection = mysql+pymysql://{{ ironic_inspector_database_user }}:{{ ironic_inspector_database_password }}@{{ ironic_inspector_database_address }}/{{ ironic_inspector_database_name }}{{ '?ssl_ca=' ~ openstack_cacert if ironic_database_enable_tls_internal | bool }}
-connection_recycle_time = {{ database_connection_recycle_time }}
-max_pool_size = {{ database_max_pool_size }}
-
-[processing]
-ramdisk_logs_dir = /var/log/kolla/ironic-inspector
-
-[pxe_filter]
-driver = {{ ironic_inspector_pxe_filter }}
-
-{% if ironic_inspector_pxe_filter == 'iptables' %}
-[iptables]
-dnsmasq_interface = {{ ironic_dnsmasq_interface }}
-{% endif %}
-
-[coordination]
-{% if ironic_coordination_backend == 'redis' %}
-backend_url = {{ redis_connection_string }}
-{% elif ironic_coordination_backend == 'etcd' %}
-# NOTE(yoctozepto): we must use etcd3gw (aka etcd3+http) due to issues with alternative (etcd3) and eventlet (as used by cinder)
-# see https://bugs.launchpad.net/kolla-ansible/+bug/1854932
-# and https://review.opendev.org/466098 for details
-# NOTE(jan.gutter): etcd v3.4 removed the default `v3alpha` api_version. Until
-# tooz defaults to a newer version, we should explicitly specify `v3`
-backend_url = etcd3+{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ etcd_client_port }}?api_version=v3{% if openstack_cacert %}?ca_cert={{ openstack_cacert }}{% endif %}
-{% endif %}
-
-{% if ironic_inspector_known_devices_file_path is defined %}
-[accelerators]
-known_devices = /etc/ironic-inspector/known_devices.yaml
-{% endif %}
-
-[oslo_concurrency]
-lock_path = /var/lib/ironic-inspector/tmp
diff --git a/ansible/roles/ironic/templates/ironic-inspector.json.j2 b/ansible/roles/ironic/templates/ironic-inspector.json.j2
deleted file mode 100644
index 22d6c4c53b..0000000000
--- a/ansible/roles/ironic/templates/ironic-inspector.json.j2
+++ /dev/null
@@ -1,28 +0,0 @@
-{
- "command": "ironic-inspector --config-file /etc/ironic-inspector/inspector.conf",
- "config_files": [
- {
- "source": "{{ container_config_directory }}/inspector.conf",
- "dest": "/etc/ironic-inspector/inspector.conf",
- "owner": "ironic-inspector",
- "perm": "0600"
- }{% if ironic_inspector_policy_file is defined %},
- {
- "source": "{{ container_config_directory }}/{{ ironic_inspector_policy_file }}",
- "dest": "/etc/ironic-inspector/{{ ironic_inspector_policy_file }}",
- "owner": "ironic-inspector",
- "perm": "0600"
- }{% endif %}{% if ironic_inspector_known_devices_file_path is defined %},
- {
- "source": "{{ container_config_directory }}/known_devices.yaml",
- "dest": "/etc/ironic-inspector/known_devices.yaml",
- "owner": "ironic-inspector",
- }{% endif %}{% if kolla_copy_ca_into_containers | bool %},
- {
- "source": "{{ container_config_directory }}/ca-certificates",
- "dest": "/var/lib/kolla/share/ca-certificates",
- "owner": "root",
- "perm": "0600"
- }{% endif %}
- ]
-}
diff --git a/ansible/roles/ironic/templates/ironic-tftp.json.j2 b/ansible/roles/ironic/templates/ironic-tftp.json.j2
index 8526aea56b..69fdbabdec 100644
--- a/ansible/roles/ironic/templates/ironic-tftp.json.j2
+++ b/ansible/roles/ironic/templates/ironic-tftp.json.j2
@@ -4,7 +4,7 @@
{
"command": "/usr/sbin/in.tftpd --verbose --foreground --user nobody --address {{ ironic_tftp_listen_address }}:69 --map-file /map-file /var/lib/ironic/tftpboot",
"config_files": [
-{% if not ironic_dnsmasq_serve_ipxe | bool and groups['ironic-inspector'] | length > 0 %}
+{% if not ironic_dnsmasq_serve_ipxe | bool and groups['ironic-dnsmasq'] | length > 0 %}
{
"source": "{{ container_config_directory }}/ironic-agent.kernel",
"dest": "/var/lib/ironic/tftpboot/ironic-agent.kernel",
diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2
index d849ede8b7..fcf130bf76 100644
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@@ -155,23 +155,6 @@ valid_interfaces = internal
cafile = {{ openstack_cacert }}
{% endif %}
-[inspector]
-{% if ironic_enable_keystone_integration | bool %}
-auth_url = {{ keystone_internal_url }}
-auth_type = password
-project_domain_id = {{ default_project_domain_id }}
-user_domain_id = default
-project_name = service
-username = {{ ironic_keystone_user }}
-password = {{ ironic_keystone_password }}
-region_name = {{ openstack_region_name }}
-valid_interfaces = internal
-cafile = {{ openstack_cacert }}
-{% else %}
-auth_type = none
-endpoint_override = {{ ironic_inspector_internal_endpoint }}
-{% endif %}
-
[service_catalog]
{% if ironic_enable_keystone_integration | bool %}
auth_url = {{ keystone_internal_url }}
diff --git a/ansible/roles/ironic/templates/pxelinux.default.j2 b/ansible/roles/ironic/templates/pxelinux.default.j2
index 3b5b6ce75b..d4b410f0ae 100644
--- a/ansible/roles/ironic/templates/pxelinux.default.j2
+++ b/ansible/roles/ironic/templates/pxelinux.default.j2
@@ -3,6 +3,6 @@ default introspect
label introspect
kernel ironic-agent.kernel
-append initrd=ironic-agent.initramfs ipa-inspection-callback-url={{ ironic_inspector_internal_endpoint }}/v1/continue systemd.journald.forward_to_console=yes {{ ironic_inspector_kernel_cmdline_extras | join(' ') }}
+append initrd=ironic-agent.initramfs ipa-inspection-callback-url={{ ironic_internal_endpoint }}/v1/continue systemd.journald.forward_to_console=yes {{ ironic_kernel_cmdline_extras | join(' ') }}
ipappend 3
diff --git a/ansible/roles/loadbalancer/tasks/precheck.yml b/ansible/roles/loadbalancer/tasks/precheck.yml
index ef13df2b21..7d4fc4bbf7 100644
--- a/ansible/roles/loadbalancer/tasks/precheck.yml
+++ b/ansible/roles/loadbalancer/tasks/precheck.yml
@@ -435,19 +435,6 @@
- haproxy_stat.find('ironic_api') == -1
- haproxy_vip_prechecks
-- name: Checking free port for Ironic Inspector HAProxy
- wait_for:
- host: "{{ kolla_internal_vip_address }}"
- port: "{{ ironic_inspector_port }}"
- connect_timeout: 1
- timeout: 1
- state: stopped
- when:
- - enable_ironic | bool
- - inventory_hostname in groups['loadbalancer']
- - haproxy_stat.find('ironic_inspector') == -1
- - haproxy_vip_prechecks
-
- name: Checking free port for Keystone Internal HAProxy
wait_for:
host: "{{ kolla_internal_vip_address }}"
diff --git a/ansible/roles/loadbalancer/tasks/upgrade.yml b/ansible/roles/loadbalancer/tasks/upgrade.yml
index 50fdd02aa6..88e10327eb 100644
--- a/ansible/roles/loadbalancer/tasks/upgrade.yml
+++ b/ansible/roles/loadbalancer/tasks/upgrade.yml
@@ -27,4 +27,13 @@
when:
- inventory_hostname in groups['loadbalancer']
+# TODO(mnasiadka): Remove this task in Gazpacho/2026.1 release
+- name: Removing config for ironic-inspector
+ file:
+ path: "{{ node_config_directory }}/haproxy/services.d/ironic-inspector.cfg"
+ state: "absent"
+ become: true
+ when:
+ - inventory_hostname in groups['loadbalancer']
+
- import_tasks: deploy.yml
diff --git a/ansible/roles/prometheus/defaults/main.yml b/ansible/roles/prometheus/defaults/main.yml
index 12420d636f..f36fc0efbf 100644
--- a/ansible/roles/prometheus/defaults/main.yml
+++ b/ansible/roles/prometheus/defaults/main.yml
@@ -250,8 +250,6 @@ prometheus_blackbox_exporter_endpoints_default:
- endpoints:
- "ironic:os_endpoint:{{ ironic_public_endpoint }}"
- "{{ ('ironic_internal:os_endpoint:' + ironic_internal_endpoint) if not kolla_same_external_internal_vip | bool }}"
- - "ironic_inspector:os_endpoint:{{ ironic_inspector_public_endpoint }}"
- - "{{ ('ironic_inspector_internal:os_endpoint:' + ironic_inspector_internal_endpoint) if not kolla_same_external_internal_vip | bool }}"
enabled: "{{ enable_ironic | bool }}"
- endpoints:
- "keystone:os_endpoint:{{ keystone_public_url }}"
diff --git a/ansible/roles/service-ks-register/tasks/main.yml b/ansible/roles/service-ks-register/tasks/main.yml
index d35525d6cc..58a3081254 100644
--- a/ansible/roles/service-ks-register/tasks/main.yml
+++ b/ansible/roles/service-ks-register/tasks/main.yml
@@ -64,15 +64,19 @@
retries: "{{ service_ks_register_retries }}"
delay: "{{ service_ks_register_delay }}"
- - name: "{{ project_name }} | Creating users"
+ - name: "{{ project_name }} | Creating/deleting users"
kolla_toolbox:
container_engine: "{{ kolla_container_engine }}"
module_name: openstack.cloud.identity_user
module_args:
default_project: "{{ item.project }}"
name: "{{ item.user }}"
- password: "{{ item.password }}"
- update_password: "{{ 'always' if update_keystone_service_user_passwords | bool else 'on_create' }}"
+ password: "{{ item.password | default(omit) }}"
+ update_password: >-
+ {{ 'always' if
+ update_keystone_service_user_passwords | bool and
+ item.password is defined
+ else 'on_create' }}
domain: "{{ service_ks_register_domain }}"
region_name: "{{ service_ks_register_region_name }}"
auth: "{{ service_ks_register_auth }}"
diff --git a/ansible/site.yml b/ansible/site.yml
index 6c8755e808..8dbaa39bc3 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -552,7 +552,6 @@
hosts:
- ironic-api
- ironic-conductor
- - ironic-inspector
- ironic-tftp
- ironic-http
- '&enable_ironic_True'
diff --git a/doc/source/reference/bare-metal/ironic-guide.rst b/doc/source/reference/bare-metal/ironic-guide.rst
index 62fc93673d..d7a5ee90b7 100644
--- a/doc/source/reference/bare-metal/ironic-guide.rst
+++ b/doc/source/reference/bare-metal/ironic-guide.rst
@@ -26,7 +26,7 @@ define a network to be used for the Ironic cleaning network:
ironic_dnsmasq_interface: "eth1"
ironic_cleaning_network: "public1"
-Finally, define at least one DHCP range for Ironic inspector:
+Finally, define at least one DHCP range for Ironic inspection:
.. code-block:: yaml
@@ -76,7 +76,7 @@ The default lease time for each range can be configured globally via
``ironic_dnsmasq_dhcp_default_lease_time`` variable or per range via
``lease_time`` parameter.
-In the same file, specify the PXE bootloader file for Ironic Inspector. The
+In the same file, specify the PXE bootloader file for Ironic inspection. The
file is relative to the ``/var/lib/ironic/tftpboot`` directory. The default is
``pxelinux.0``, and should be correct for x86 systems. Other platforms may
require a different value, for example aarch64 on Debian requires
@@ -86,7 +86,7 @@ require a different value, for example aarch64 on Debian requires
ironic_dnsmasq_boot_file: pxelinux.0
-Ironic inspector also requires a deploy kernel and ramdisk to be placed in
+Ironic inspection also requires a deploy kernel and ramdisk to be placed in
``/etc/kolla/config/ironic/``. The following example uses coreos which is
commonly used in Ironic deployments, though any compatible kernel/ramdisk may
be used:
@@ -103,7 +103,7 @@ You may optionally pass extra kernel parameters to the inspection kernel using:
.. code-block:: yaml
- ironic_inspector_kernel_cmdline_extras: ['ipa-lldp-timeout=90.0', 'ipa-collect-lldp=1']
+ ironic_kernel_cmdline_extras: ['ipa-lldp-timeout=90.0', 'ipa-collect-lldp=1']
in ``/etc/kolla/globals.yml``.
@@ -120,7 +120,7 @@ Revert to plain PXE (not recommended)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Starting with Yoga, Ironic has changed the default PXE from plain PXE to iPXE.
Kolla Ansible follows this upstream decision by choosing iPXE as the default
-for Ironic Inspector but allows users to revert to the previous default of
+for Ironic inspection but allows users to revert to the previous default of
plain PXE by setting the following in
``/etc/kolla/globals.yml``:
@@ -215,7 +215,7 @@ Post-deployment configuration
The :ironic-doc:`Ironic documentation `
describes how to create the deploy kernel and ramdisk and register them with
Glance. In this example we're reusing the same images that were fetched for the
-Inspector:
+inspection:
.. code-block:: console
diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
index 8a092c238a..cb0e651d59 100644
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@@ -639,14 +639,14 @@ workaround_ansible_issue_8743: yes
#############################
# Ironic options
#############################
-# dnsmasq bind interface for Ironic Inspector, by default is network_interface
+# dnsmasq bind interface for Ironic inspection, by default is network_interface
#ironic_dnsmasq_interface: "{{ network_interface }}"
# The following value must be set when enabling ironic, the value format is a
# list of ranges - at least one must be configured, for example:
# - range: 192.168.0.10,192.168.0.100
# See Kolla Ansible docs on Ironic for details.
#ironic_dnsmasq_dhcp_ranges:
-# PXE bootloader file for Ironic Inspector, relative to /var/lib/ironic/tftpboot.
+# PXE bootloader file for Ironic inspection, relative to /var/lib/ironic/tftpboot.
#ironic_dnsmasq_boot_file: "pxelinux.0"
# Configure ironic upgrade option, due to currently kolla support
@@ -657,7 +657,7 @@ workaround_ansible_issue_8743: yes
#ironic_enable_rolling_upgrade: "yes"
# List of extra kernel parameters passed to the kernel used during inspection
-#ironic_inspector_kernel_cmdline_extras: []
+#ironic_kernel_cmdline_extras: []
# Valid options are [ '', redis, etcd ]
#ironic_coordination_backend: "{{ 'redis' if enable_redis|bool else 'etcd' if enable_etcd|bool else '' }}"
diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml
index 70ab8b5671..8647dd9d29 100644
--- a/etc/kolla/passwords.yml
+++ b/etc/kolla/passwords.yml
@@ -96,9 +96,6 @@ heat_domain_admin_password:
ironic_database_password:
ironic_keystone_password:
-ironic_inspector_database_password:
-ironic_inspector_keystone_password:
-
magnum_database_password:
magnum_keystone_password:
diff --git a/releasenotes/notes/drop-ironic-inspector-38fc91c64517ffc1.yaml b/releasenotes/notes/drop-ironic-inspector-38fc91c64517ffc1.yaml
new file mode 100644
index 0000000000..a912433e94
--- /dev/null
+++ b/releasenotes/notes/drop-ironic-inspector-38fc91c64517ffc1.yaml
@@ -0,0 +1,12 @@
+---
+upgrade:
+ - |
+ The ``ironic-inspector`` deployment support has been dropped following
+ retirement of that service in ``Ironic`` project.
+ ``ironic_inspector_kernel_cmdline_extras`` has been renamed to
+ ``ironic_kernel_cmdline_extras`` and ``ironic_inspector_pxe_filter``
+ has been renamed to ``ironic_pxe_filter``.
+ Also the ``inspector.ipxe`` file has been renamed to ``ipa.ipxe``.
+ - |
+ ``bifrost`` support for deploying legacy ironic inspector has been
+ dropped together with ``bifrost_enable_ironic_inspector`` variable.
diff --git a/roles/openstack-clients/defaults/main.yml b/roles/openstack-clients/defaults/main.yml
index 52a5c88851..d335a3ef1d 100644
--- a/roles/openstack-clients/defaults/main.yml
+++ b/roles/openstack-clients/defaults/main.yml
@@ -8,8 +8,6 @@ openstack_clients_pip_packages:
enabled: true
- package: python-ironicclient
enabled: "{{ scenario == 'ironic' }}"
- - package: python-ironic-inspector-client
- enabled: "{{ scenario == 'ironic' }}"
- package: python-magnumclient
enabled: "{{ scenario == 'magnum' }}"
- package: python-masakariclient
diff --git a/tests/get_logs.sh b/tests/get_logs.sh
index 55dbca03fb..8633ec1c36 100644
--- a/tests/get_logs.sh
+++ b/tests/get_logs.sh
@@ -123,7 +123,7 @@ copy_logs() {
# bifrost related logs
if [[ $(${CONTAINER_ENGINE} ps --filter name=bifrost_deploy --format "{{.Names}}") ]]; then
- for service in dnsmasq ironic ironic-api ironic-conductor ironic-inspector mariadb nginx; do
+ for service in dnsmasq ironic ironic-api ironic-conductor mariadb nginx; do
mkdir -p ${LOG_DIR}/kolla/$service
${CONTAINER_ENGINE} exec bifrost_deploy systemctl status $service > ${LOG_DIR}/kolla/$service/systemd-status-$service.txt
done
@@ -136,12 +136,6 @@ copy_logs() {
${CONTAINER_ENGINE} exec haproxy bash -c 'echo show stat | socat stdio /var/lib/kolla/haproxy/haproxy.sock' > ${LOG_DIR}/kolla/haproxy/stats.txt
fi
- # FIXME: remove
- if [[ $(${CONTAINER_ENGINE} ps -a --filter name=ironic_inspector --format "{{.Names}}") ]]; then
- mkdir -p ${LOG_DIR}/kolla/ironic-inspector
- ls -lR ${VOLUMES_DIR}/ironic_inspector_dhcp_hosts > ${LOG_DIR}/kolla/ironic-inspector/var-lib-ls.txt
- fi
-
for container in $(${CONTAINER_ENGINE} ps -a --format "{{.Names}}"); do
${CONTAINER_ENGINE} logs --timestamps --tail=${LOGS_TAIL_PARAMETER} ${container} &> ${LOG_DIR}/container_logs/${container}.txt
done
diff --git a/tests/templates/inventory.j2 b/tests/templates/inventory.j2
index 9a5c879f89..ca98719a89 100644
--- a/tests/templates/inventory.j2
+++ b/tests/templates/inventory.j2
@@ -410,9 +410,15 @@ ironic
[ironic-conductor:children]
ironic
+{# NOTE(mnasiadka): Remove in Gazpacho/2026.1 release #}
+{% if is_upgrade | bool %}
[ironic-inspector:children]
ironic
+{% endif %}
+[ironic-dnsmasq:children]
+ironic
+
[ironic-tftp:children]
ironic
diff --git a/tests/templates/ironic-overrides.j2 b/tests/templates/ironic-overrides.j2
index 19aa737aa6..be944b3072 100644
--- a/tests/templates/ironic-overrides.j2
+++ b/tests/templates/ironic-overrides.j2
@@ -1,5 +1,10 @@
+[DEFAULT]
+enabled_inspect_interfaces = no-inspect, agent
+default_inspect_interface = agent
+
[neutron]
cleaning_network = public1
+inspection_network = public1
provisioning_network = public1
# This IPMI configuration has been taken from the metal3.io ironic-image
diff --git a/tests/test-ironic.sh b/tests/test-ironic.sh
index b182dcc52d..fc3d3c7d6d 100755
--- a/tests/test-ironic.sh
+++ b/tests/test-ironic.sh
@@ -19,7 +19,7 @@ function test_ironic_logged {
# Smoke test ironic API.
openstack --os-cloud kolla-admin-system-internal baremetal driver list
- openstack baremetal node list
+ openstack --os-cloud kolla-admin-system-internal baremetal node list
openstack baremetal port list
openstack baremetal node show tk0
@@ -27,14 +27,43 @@ function test_ironic_logged {
openstack baremetal node show tk0
openstack baremetal node manage tk0
openstack baremetal node show tk0
- openstack baremetal node provide tk0
- openstack baremetal node show tk0
openstack baremetal node validate tk0
- echo "TESTING: Server creation"
- openstack server create --image cirros --flavor test-rc --key-name mykey --network public1 kolla_bm_boot_test
+ echo "TESTING: Server inspection"
+ openstack baremetal node inspect tk0
local attempt
attempt=1
+ while [[ $(openstack baremetal node show tk0 -f value -c provision_state) != "manageable" ]]; do
+ echo "Server not yet manageable, check $attempt - retrying"
+ attempt=$((attempt+1))
+ if [[ $attempt -eq 16 ]]; then
+ echo "FAILED: Server did not finish inspection after $attempt checks"
+ openstack baremetal node show tk0
+ return 1
+ fi
+ sleep 60
+ done
+ openstack baremetal node inventory save tk0
+ echo ""
+ echo "SUCCESS: Server inspection"
+
+ echo "TESTING: Server creation"
+ openstack baremetal node provide tk0
+ attempt=1
+ while [[ $(openstack baremetal node show tk0 -f value -c provision_state) != "available" ]]; do
+ echo "Server not yet available, check $attempt - retrying"
+ attempt=$((attempt+1))
+ if [[ $attempt -eq 16 ]]; then
+ echo "FAILED: Server did not get to available state after $attempt checks"
+ openstack baremetal node show tk0
+ return 1
+ fi
+ sleep 60
+ done
+ # NOTE(mnasiadka): Wait for nova-compute-ironic to pick up the new node
+ sleep 60
+ openstack server create --image cirros --flavor test-rc --key-name mykey --network public1 kolla_bm_boot_test
+ attempt=1
while [[ $(openstack server show kolla_bm_boot_test -f value -c status) != "ACTIVE" ]]; do
echo "Server not yet active, check $attempt - retrying"
attempt=$((attempt+1))
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index bc59cde853..e416ce8452 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -359,6 +359,30 @@
vars:
base_distro: ubuntu
+- job:
+ name: kolla-ansible-rocky9-ironic-upgrade
+ parent: kolla-ansible-ironic-base
+ nodeset: kolla-ansible-rocky9
+ vars:
+ base_distro: rocky
+ is_upgrade: true
+
+- job:
+ name: kolla-ansible-debian-ironic-upgrade
+ parent: kolla-ansible-ironic-base
+ nodeset: kolla-ansible-debian-bookworm-16GB
+ vars:
+ base_distro: debian
+ is_upgrade: true
+
+- job:
+ name: kolla-ansible-ubuntu-ironic-upgrade
+ parent: kolla-ansible-ironic-base
+ nodeset: kolla-ansible-ubuntu-noble-8GB
+ vars:
+ base_distro: ubuntu
+ is_upgrade: true
+
- job:
name: kolla-ansible-rocky9-magnum
parent: kolla-ansible-magnum-base
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index 609201a2c3..0f7a18e536 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -25,6 +25,8 @@
- kolla-ansible-ubuntu-masakari
- kolla-ansible-debian-ironic
- kolla-ansible-ubuntu-ironic
+ - kolla-ansible-debian-ironic-upgrade
+ - kolla-ansible-ubuntu-ironic-upgrade
- kolla-ansible-debian-upgrade
- kolla-ansible-ubuntu-upgrade
- kolla-ansible-ubuntu-cells