This patch fixes Jinja2 syntax error in ironic.conf.j2.
All kolla-kubernetes configurations was recently removed by [1], but the
commit overlooked to remove a '{% endif %}' statement in ironic.conf.j2.
[1] cacf08f0a6d009301f28c6723f399fb8c1daf267
Change-Id: I115fedfd026f14409b62f9552ff401956909f8a8
Closes-Bug: #1706230
The Ironic templates and roles assume Keystone is enabled and they don't
make use of the `enable_keystone var. This patch changes the behavior so
that `noauth` is used as auth method for Ironic if keystone is not
enabled, the Ironic endpoint is not registered if keystone is not
enabled and the keystone section is not created in the config file.
Change-Id: I813de42d10ac264eec81076cb107b58af09ff686
Ironic inspector should honour the Ansible inventory group
ironic-inspector. Ironic inspector may not be required at all. If
Ironic inspector is required then it should only run on a single
node, and this should be reflected by the inventory.
This change makes a number of Ironic inspector-related tasks dependent
upon the host's membership of the ironic-inspector group. Also, we
couple the ironic-dnsmasq container with the ironic-inspector group
rather than ironic-conductor, as the service is for inspector rather
than Ironic.
Change-Id: Ifd90753b0fe1a55c11b7723c28e1d14ab3d32737
Closes-Bug: #1665257
This reverts commit 898155dfd294371f361f0563a2c4ee1325487507.
The default value of the ironic configuration option default_boot_option
will eventually change from netboot to local. The netboot option is
incompatible with multitenancy in ironic, as it requires a PXE
environment in the tenant network, so it was no longer deemed a suitable
default value.
Ironic added a warning message when this option is not explicitly set,
presumably to alert operators to the change. The commit being reverted
set the option to 'netboot'. This will cause operators to continue to
use the netboot option even after the default value changes, which was
presumably not the intention of the ironic team in changing the default
value. It also hides the warning message from the operator that could
alert them to the fact that this default is changing.
Change-Id: I0ebb1d5ffbead50b034488337e6c93a2f48aaf69
Related-Bug: #1696636
kolla-kubernetes is using its own configuration generation[0], so it is
time for kolla-ansible to remove the related code to simplify the
logical.
[0] https://github.com/openstack/kolla-kubernetes/tree/master/ansible
Change-Id: I7bb0b7fe3b8eea906613e936d5e9d19f4f2e80bb
Implements: blueprint clean-k8s-config
In order to speed up deployment time some "local" actions should be run
only once using 'run_once: True'.
This will decrease deployment time in case of multihost configuration.
Change-Id: I6015d772d35c15e96c52f577013b6e41197cb41a
As of [1], the ironic configuration for neutron, glance, swift,
inspector and service_catalog requires explicit configuration of
authentication parameters for communication with these services.
This change adds the required parameters to [neutron], [glance] and
[inspector] sections of ironic.conf. Kolla-ansible does not configure
the [swift] or [service_discovery] sections currently.
We also replace option [glance] glance_hosts with [glance]
glance_api_servers as the former is deprecated.
Since we no longer need to support generating configuration for
kolla-kubernetes[2], some related options have been cleaned.
[1]
4f9035c24f
[2]
https://blueprints.launchpad.net/kolla-ansible/+spec/clean-k8s-config
Change-Id: Ifc239af5f3e44a508fedc9dea08cb06160c4f7f3
Closes-Bug: #1701713
The TFTP server used by ironic and ironic inspector (in.tftpd) requires
files to be world readable in order for them to be accessible via
TFTP[1].
The permissions of these files were recently changed to 0600 along with
a number of other files[2].
This change reverts the permissions to 0644 for the ironic inspector PXE
configuration files.
[1] https://linux.die.net/man/8/in.tftpd (security section)
[2]
274291463e
Change-Id: Ibc281949ebf5bab1e1d2e450ec943728aa00943b
Closes-Bug: #1701695
This patch add configuration options for tenant network types and type
drivers. Both lists are checked so that tenant types are listed in
drivers. For ironic 'flat' driver is mandatory and is added explicitly
into ironic prechecks.
Change-Id: Ie5775001165412910a258cbed2d2ebbb8ebbd879
Closes-Bug: #1694725
Ansible task support vars directive, no need implement another one in
merge_config. This patch remove the vars directive in merge_config
action plugin.
Change-Id: I33648a2b6e39b4d49ce76eb66fbf2522721f8c68
The default value of default_boot_option configuration will
change eventually from "netboot" to "local".
It is recommended to set an explicit value for it during the
transition period
Change-Id: Ic42b84e82d4ad27e371536ad9915b5a32118012d
Closes-Bug: #1696636
In case Kolla's users want to deploy with both of
binary and source image, we should have a variable
install type that define install type for each project.
We also add specific image tag for each Openstack project.
This commit is implemented for Ironic, Kabor,
Keystone project and iscsi as well.
Change-Id: I134d840b1c0e24171a32dec0c7daa6dc2e9ecd87
Implements: blueprint mixing-binary-and-source-image
XenServer drivers can be used to deploy hosts with Ironic by
using XenServer VMs to simulate bare metal nodes.
Ironic provides support via the pxe_ssh and agent_ssh drivers
for using a XenServer VM as a bare metal target and do provisioning on it.
Change-Id: Icd39f9f4573cf7c8c654591256f0228ef21d6117
Many of the templates use 600, remove unnecessary permission
on these templates to bring them in line with the others.
Change-Id: I30fe1b3822b9c7bb6ab98729fc519dc1d603db27
wait_for module waits 300 seconds for the port started or stopped. This
is meaningless and useless in precheck. This patch change timeout to 1
seconds.
Change-Id: I9b251ec4ba17ce446655917e8ef5e152ef947298
Closes-Bug: #1688152
The pxelinux.cfg directory gets created but isn't owned by the correct
user. This patch ensures that the permissions are correctly updated.
Change-Id: Ifcb80018b72d40c5d4eccf059d1c3442b71be6f8
This change updates the ironic_inspector container deployment tasks
to use the new kolla ironic-inspector image (see kolla change
Ibdc5ba35db61f4974d4282aff34bcb5ccd952d45). The new image uses the
ironic-inspector user rather than the ironic user to execute the
ironic inspector service as this more closely aligns with what is
typically done by downstream packagers (specifically, Ubuntu and
RDO).
This change sets the owner and group to ironic-inspector when
copying configuration files into place, and uses the log directory
/var/log/kolla/ironic-inspector.
Change-Id: I8579d5c2d741636406ff60bececc74b50743b83e
Depends-On: Ibdc5ba35db61f4974d4282aff34bcb5ccd952d45
Closes-Bug: #1624457
* Ironic do not support multi glance ips.
* Write the nova-compute-ironic binary log to nova-compute-ironic.log
file
Change-Id: I87359c47a5845c4d7a6ab9daaefcc94a51c92eb0
Closes-Bug: #1671989
Add a new subcommand 'check' to kolla-ansible, used to run the
smoke/sanity checks.
Add stub files to all services that don't currently have checks.
Change-Id: I9f661c5fc51fd5b9b266f23f6c524884613dee48
Partially-implements: blueprint sanity-check-container
- remove the unnecessary blank
- add "ironic_inspector" into its own prechecks and haproxy prechecks
Change-Id: Id542971057a9116eef679f1eb0827266eb18ba30
Closes-bug: #1668178
There is not prechecks for Ironic kernel and initramfs files, this
patch add it.
Change-Id: I7e576eeff02310170d51a4585cbda6c465a29e0d
Closes-bug: #1667544
Most bootstrap actions use the run_once flag to run on a single host
as they typically involve service-global operations such as database
syncs. The ironic_pxe container bootstrap is different, as it copies
pxelinux files into the ironic_pxe Docker volume. This should be done
on all hosts but currently is only done on one host.
This change performs the ironic_pxe bootstrap on all hosts in the
ironic-pxe group.
Change-Id: Iffd34e6ff26a0ba5140e5d477418cc8aebcdac62
Closes-Bug: #1667153
The ironic_dnsmasq container is currently tied to the ironic-conductor
Ansible group. It is required only for Ironic inspector and should
really either be tied to the ironic-inspector group or have a new
ironic-dnsmasq group defined for it. This problem means that if all
hosts are removed from the ironic-inspector group I will still have an
ironic_dnsmasq container deployed.
This change uses the ironic-inspector group to determine where to place
the ironic_dnsmasq container.
Change-Id: I6af3f402795107b8b9d7a1619722f12cbf496257
Closes-Bug: #1666982
Currently the ironic_dnsmasq container does not support
reconfiguration. This change adds support for reconfiguration of
ironic_dnsmasq.
Change-Id: I7f121dca7d32e0b28c7531378dd0eef03ae4f1ce
Closes-Bug: #1667090
