The TFTP server used by ironic and ironic inspector (in.tftpd) requires
files to be world readable in order for them to be accessible via
TFTP[1].
The permissions of these files were recently changed to 0600 along with
a number of other files[2].
This change reverts the permissions to 0644 for the ironic inspector PXE
configuration files.
[1] https://linux.die.net/man/8/in.tftpd (security section)
[2]
274291463e
Change-Id: Ibc281949ebf5bab1e1d2e450ec943728aa00943b
Closes-Bug: #1701695
This patch add configuration options for tenant network types and type
drivers. Both lists are checked so that tenant types are listed in
drivers. For ironic 'flat' driver is mandatory and is added explicitly
into ironic prechecks.
Change-Id: Ie5775001165412910a258cbed2d2ebbb8ebbd879
Closes-Bug: #1694725
Ansible task support vars directive, no need implement another one in
merge_config. This patch remove the vars directive in merge_config
action plugin.
Change-Id: I33648a2b6e39b4d49ce76eb66fbf2522721f8c68
The default value of default_boot_option configuration will
change eventually from "netboot" to "local".
It is recommended to set an explicit value for it during the
transition period
Change-Id: Ic42b84e82d4ad27e371536ad9915b5a32118012d
Closes-Bug: #1696636
In case Kolla's users want to deploy with both of
binary and source image, we should have a variable
install type that define install type for each project.
We also add specific image tag for each Openstack project.
This commit is implemented for Ironic, Kabor,
Keystone project and iscsi as well.
Change-Id: I134d840b1c0e24171a32dec0c7daa6dc2e9ecd87
Implements: blueprint mixing-binary-and-source-image
XenServer drivers can be used to deploy hosts with Ironic by
using XenServer VMs to simulate bare metal nodes.
Ironic provides support via the pxe_ssh and agent_ssh drivers
for using a XenServer VM as a bare metal target and do provisioning on it.
Change-Id: Icd39f9f4573cf7c8c654591256f0228ef21d6117
Many of the templates use 600, remove unnecessary permission
on these templates to bring them in line with the others.
Change-Id: I30fe1b3822b9c7bb6ab98729fc519dc1d603db27
wait_for module waits 300 seconds for the port started or stopped. This
is meaningless and useless in precheck. This patch change timeout to 1
seconds.
Change-Id: I9b251ec4ba17ce446655917e8ef5e152ef947298
Closes-Bug: #1688152
The pxelinux.cfg directory gets created but isn't owned by the correct
user. This patch ensures that the permissions are correctly updated.
Change-Id: Ifcb80018b72d40c5d4eccf059d1c3442b71be6f8
This change updates the ironic_inspector container deployment tasks
to use the new kolla ironic-inspector image (see kolla change
Ibdc5ba35db61f4974d4282aff34bcb5ccd952d45). The new image uses the
ironic-inspector user rather than the ironic user to execute the
ironic inspector service as this more closely aligns with what is
typically done by downstream packagers (specifically, Ubuntu and
RDO).
This change sets the owner and group to ironic-inspector when
copying configuration files into place, and uses the log directory
/var/log/kolla/ironic-inspector.
Change-Id: I8579d5c2d741636406ff60bececc74b50743b83e
Depends-On: Ibdc5ba35db61f4974d4282aff34bcb5ccd952d45
Closes-Bug: #1624457
* Ironic do not support multi glance ips.
* Write the nova-compute-ironic binary log to nova-compute-ironic.log
file
Change-Id: I87359c47a5845c4d7a6ab9daaefcc94a51c92eb0
Closes-Bug: #1671989
Add a new subcommand 'check' to kolla-ansible, used to run the
smoke/sanity checks.
Add stub files to all services that don't currently have checks.
Change-Id: I9f661c5fc51fd5b9b266f23f6c524884613dee48
Partially-implements: blueprint sanity-check-container
- remove the unnecessary blank
- add "ironic_inspector" into its own prechecks and haproxy prechecks
Change-Id: Id542971057a9116eef679f1eb0827266eb18ba30
Closes-bug: #1668178
There is not prechecks for Ironic kernel and initramfs files, this
patch add it.
Change-Id: I7e576eeff02310170d51a4585cbda6c465a29e0d
Closes-bug: #1667544
Most bootstrap actions use the run_once flag to run on a single host
as they typically involve service-global operations such as database
syncs. The ironic_pxe container bootstrap is different, as it copies
pxelinux files into the ironic_pxe Docker volume. This should be done
on all hosts but currently is only done on one host.
This change performs the ironic_pxe bootstrap on all hosts in the
ironic-pxe group.
Change-Id: Iffd34e6ff26a0ba5140e5d477418cc8aebcdac62
Closes-Bug: #1667153
The ironic_dnsmasq container is currently tied to the ironic-conductor
Ansible group. It is required only for Ironic inspector and should
really either be tied to the ironic-inspector group or have a new
ironic-dnsmasq group defined for it. This problem means that if all
hosts are removed from the ironic-inspector group I will still have an
ironic_dnsmasq container deployed.
This change uses the ironic-inspector group to determine where to place
the ironic_dnsmasq container.
Change-Id: I6af3f402795107b8b9d7a1619722f12cbf496257
Closes-Bug: #1666982
Currently the ironic_dnsmasq container does not support
reconfiguration. This change adds support for reconfiguration of
ironic_dnsmasq.
Change-Id: I7f121dca7d32e0b28c7531378dd0eef03ae4f1ce
Closes-Bug: #1667090
Ironic supports collecting log from IPA for debugging,
But it's not defined in kolla.
This is default settings about collecting log from IPA.
Closes-Bug: #1661468
Change-Id: Iccb47a70b12effb5a704435f334faee29538f9d2
Signed-off-by: jangpro2 <jangseon.ryu@gmail.com>
Currently it's not working in ironic-api, in spite of
setting openstack_service_workers config in globals.yml.
Because it's not implement about workers in ironic.
Closes-Bug: #1661173
Change-Id: I89de95fe03813ae44bcdbf9aac22b7337ffe4968
Signed-off-by: jangpro2 <jangseon.ryu@gmail.com>
Currently, policy.json is put in
"{{ node_config_directory }}/{{ service_name }}"
in target nodes.
Relocation policy.json to "{{ node_config_directory }}/{{ item }}"
with item is corresponding service compoment config directory.
Currently, the policy.json is copied to all services, but it
should be reviewed and left only in neccesary service
(at many cases, only API service needs that).
Redundant files will be removed in follow up patchset.
Change-Id: I0e997dccf4ec438c9c0436db71ec2fd06650f50d
Closes-Bug: #1639686
Allow operators to use their custom policy files.
Avoid maintain policy files in kolla repos, only copying
the files when an operator add their custom config.
Implements: blueprint custom-policies
Change-Id: Icf3c961b87cbc7a1f1dd2ffbfffcf271d151d862
