By now, ironic-dnsmasq has default bootfile pxelinux.0,
which is correct only for x86.
Adding ironic_dnsmasq_boot_file parameter to globals.yml
to make it configuable.
For example: /etc/kolla/globals.yml
ironic_dnsmasq_boot_file: "debian-installer/arm64/bootnetaa64.efi"
Change-Id: I6eb57702d4dad549ef8c999c1c82e577f316d8d6
In change I78cb60168aaa40bb6439198283546b7faf33917c, action was changed
to kolla_action, and serial to kolla_serial, to avoid Ansible warnings
due to use of reserved keywords. In that change, some keywords were
missed, and some changes that were merged since then have not switched
to the new variables. This change fixes all current instances of those
issues.
Change-Id: I357dffdfcb2b405e280a962d366ee65eebf0a8d1
Implements: blueprint migrate-to-ansible-2-2-0
- rename action and serial to kolla_ansible and kolla_serial
- use become instead of "sudo <command>" in shell
- Remove quota for failed_when and changed_when in rabbitmq tasks
Change-Id: I78cb60168aaa40bb6439198283546b7faf33917c
Implements: blueprint migrate-to-ansible-2-2-0
When attempting to inspect a node with ironic, it seems at times
ironic_dnsmasq fails to process dhcp bootp requests, giving the
following error repeating:
dnsmasq-dhcp: DHCPDISCOVER(eth0) 52:54:00:ff:15:55
dnsmasq-dhcp: DHCPOFFER(eth0) 192.169.5.100 52:54:00:ff:15:55
dnsmasq-dhcp: ARP-cache injection failed: Operation not permitted
Adding NET_ADMIN fixes this.
Co-Authored-By: Mark Goddard <mark@stackhpc.com>
Closes-Bug: #1762805
Change-Id: I39acb81801710f849336380d3fde01c70cd8d8ce
The ironic_dnsmasq config for ironic inspector uses the internal VIP for
the TFTP server address DHCP option. This is not going to work,
since HAProxy is not configured to forward TFTP, and does not support
UDP forwarding anyway. The config should use the api_interface IP for
the host running ironic_dnsmasq.
Change-Id: I56a0d46e9b528041cacea7196a525891ed5922f0
Closes-Bug: #1761815
If SSL is enabled, api of multiple services returns
wrong external URL without https prefix.
Removal of condition for deletion of http header.
Change-Id: I4264e04d0d6b9a3e11ef7dd7add6c5e166cf9fb4
Closes-Bug: #1749155
Closes-Bug: #1717491
- remove uesless module_extra_vars, this is a historical issue. In the
past, we use 'docker exec kolla_toolbox ansible xxx' to run module on
target node, so complex data have to pass through extra_vars. Now we
are using kolla_toolbox module, no need to use extra_vars anymore.
- Remove some useless until.
Change-Id: I72ed28001202917f9a82a1c3ea33cd6319911ec8
When deploy ironic, the ironic_dnsmasq keep restaring if
ironic_dnsmasq_dhcp_range is missing, so it necessary to add a
prechecks to ensure it be set.
Change-Id: I0c1d91f62f4e5dad2d9a45a2a7bb51b5121dbfda
This change allows the following use cases:
1. Using an already-configured MariaDB / MySQL server / Cluster
2. Using already-created DB users, without requiring root DB access.
Update: added external mariadb precheck
Change-Id: I78b0d178306d7c5293b0bf53e445f19f18b4b824
Implements: blueprint external-mariadb-support.
Closes-Bug: #1603121
through the database_address has beed defined in groups_vars/all.yml, we should
better use it, this way, if we want to use external database, we just need to
redefined in all.yml
refer to https://github.com/openstack/kolla-ansible/blob/master/ansible/group_vars/all.yml#L83
Co-Authored-By: chenqiaomin <chen.qiaomin@99cloud.net>
Change-Id: Ie559301451954e16347ceaabf02f594c5c5cbe56
Fixes a bug where the Baremetal Introspection service's public endpoint
registered in the Identity service referenced the internal API endpoint.
Also updates keystone endpoints for the Baremetal and Baremetal
Introspection services during reconfigure and upgrade operations.
Previously this was only done during deploy.
Change-Id: I32d475f288bb4a3834c13cc86f0c53b5437c3d25
Closes-Bug: #1738418
Kolla-ansible typically configures services to access the internal API
endpoint of other services, rather than the default public endpoint.
This change ensures that this is the case for ironic inspector.
Change-Id: I998f12435fc1bd306444f9a68bd7f99f5b78f6f8
Closes-Bug: #1740591
Support pxe uefi mode following guide
https://docs.openstack.org/ironic/latest/install/configure-pxe.html
In the meantime, ironic-agent kernel and initramfs does not have to
be provided as precondition under /etc/kolla/config in such mode.
Add condition check as well.
Change-Id: Ieefcf5f9fe839eab63f3fe4a1c5cf845f4fd4eb5
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
This commit separates the messaging rpc and notify transports in order
to support separate and different oslo.messaging backends
This patch:
* add rpc and notify variables
* update service role conf templates
* add example to globals.yaml
* add release note
Implements: blueprint hybrid-messaging
Change-Id: I34691c2895c8563f1f322f0850ecff98d11b5185
flat network type is not mandatory. There are two cases,
1. ironic with flat network: we can use neutron vlan network to
provision baremetal nodes, as long as the interface of the baremetal
nodes are configured to use the same vlan.
2. ironic with neutron network: all provision and cleaning_network can
be vlan type and no flat is needed at all.
So we should remove the task.
Change-Id: I176ded6d2a8b14e350f665f63bc37eb488d32679
Closes-Bug: #1725170
The admin_password and admin_user in default section is discarded
in code, no longer be used anymore.
Change-Id: I1d31faf0781cb61d13aa6a76534e38783e4f920f
When deploying with tls enabled in public
endpoints, ansible modules fails due SSL certificates
are self-signed.
This change adds a new variable to allow customization
on which endpoints ansible should connect.
Defaults to admin because admin auth parameters defaults
to admin endpoint.
Change-Id: Ic3ed58cf9c9579cae08a11bbfe6fce983b5a9cbc
Closes-Bug: #1720995
Actually Openstack services configuration can be overriden using many
files:
- /etc/kolla/config/<< service name >>/<< config file >>
- /etc/kolla/config/<< service name >>/<<host>>/<< config file >>
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf
Only per-service configuration is actually documented here:
https://github.com/openstack/kolla-ansible/blob/master/doc/advanced-configuration.rst#L164
Allowing to globally modify service configuration can be perform too,
but it can be done in 3 different manners, all not documented:
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf
database.conf and messaging.conf seems redundant with global.conf.
In order to simplify codebase it seems logical to remove them.
Documentation has been added for overriding configuration globally and
release note has been added too.
Closes-Bug: #1682479
Change-Id: I5d922dfc0d938173bad34ac64e490b78db1b7e31
Before this change ironic prechecks failed with the error:
'tenant_network_types' is undefined
This problem appears to have been introduced in:
296ddbeb035c6f582b316f066fe2ddffece07aca
Closes-Bug: #1714946
Change-Id: I609ae20c4558370a0a8c4c316cd47cbd1d086331
This patch fixes Jinja2 syntax error in ironic.conf.j2.
All kolla-kubernetes configurations was recently removed by [1], but the
commit overlooked to remove a '{% endif %}' statement in ironic.conf.j2.
[1] cacf08f0a6d009301f28c6723f399fb8c1daf267
Change-Id: I115fedfd026f14409b62f9552ff401956909f8a8
Closes-Bug: #1706230
The Ironic templates and roles assume Keystone is enabled and they don't
make use of the `enable_keystone var. This patch changes the behavior so
that `noauth` is used as auth method for Ironic if keystone is not
enabled, the Ironic endpoint is not registered if keystone is not
enabled and the keystone section is not created in the config file.
Change-Id: I813de42d10ac264eec81076cb107b58af09ff686
Ironic inspector should honour the Ansible inventory group
ironic-inspector. Ironic inspector may not be required at all. If
Ironic inspector is required then it should only run on a single
node, and this should be reflected by the inventory.
This change makes a number of Ironic inspector-related tasks dependent
upon the host's membership of the ironic-inspector group. Also, we
couple the ironic-dnsmasq container with the ironic-inspector group
rather than ironic-conductor, as the service is for inspector rather
than Ironic.
Change-Id: Ifd90753b0fe1a55c11b7723c28e1d14ab3d32737
Closes-Bug: #1665257
This reverts commit 898155dfd294371f361f0563a2c4ee1325487507.
The default value of the ironic configuration option default_boot_option
will eventually change from netboot to local. The netboot option is
incompatible with multitenancy in ironic, as it requires a PXE
environment in the tenant network, so it was no longer deemed a suitable
default value.
Ironic added a warning message when this option is not explicitly set,
presumably to alert operators to the change. The commit being reverted
set the option to 'netboot'. This will cause operators to continue to
use the netboot option even after the default value changes, which was
presumably not the intention of the ironic team in changing the default
value. It also hides the warning message from the operator that could
alert them to the fact that this default is changing.
Change-Id: I0ebb1d5ffbead50b034488337e6c93a2f48aaf69
Related-Bug: #1696636
kolla-kubernetes is using its own configuration generation[0], so it is
time for kolla-ansible to remove the related code to simplify the
logical.
[0] https://github.com/openstack/kolla-kubernetes/tree/master/ansible
Change-Id: I7bb0b7fe3b8eea906613e936d5e9d19f4f2e80bb
Implements: blueprint clean-k8s-config
In order to speed up deployment time some "local" actions should be run
only once using 'run_once: True'.
This will decrease deployment time in case of multihost configuration.
Change-Id: I6015d772d35c15e96c52f577013b6e41197cb41a
As of [1], the ironic configuration for neutron, glance, swift,
inspector and service_catalog requires explicit configuration of
authentication parameters for communication with these services.
This change adds the required parameters to [neutron], [glance] and
[inspector] sections of ironic.conf. Kolla-ansible does not configure
the [swift] or [service_discovery] sections currently.
We also replace option [glance] glance_hosts with [glance]
glance_api_servers as the former is deprecated.
Since we no longer need to support generating configuration for
kolla-kubernetes[2], some related options have been cleaned.
[1]
4f9035c24f
[2]
https://blueprints.launchpad.net/kolla-ansible/+spec/clean-k8s-config
Change-Id: Ifc239af5f3e44a508fedc9dea08cb06160c4f7f3
Closes-Bug: #1701713
The TFTP server used by ironic and ironic inspector (in.tftpd) requires
files to be world readable in order for them to be accessible via
TFTP[1].
The permissions of these files were recently changed to 0600 along with
a number of other files[2].
This change reverts the permissions to 0644 for the ironic inspector PXE
configuration files.
[1] https://linux.die.net/man/8/in.tftpd (security section)
[2]
274291463e
Change-Id: Ibc281949ebf5bab1e1d2e450ec943728aa00943b
Closes-Bug: #1701695
This patch add configuration options for tenant network types and type
drivers. Both lists are checked so that tenant types are listed in
drivers. For ironic 'flat' driver is mandatory and is added explicitly
into ironic prechecks.
Change-Id: Ie5775001165412910a258cbed2d2ebbb8ebbd879
Closes-Bug: #1694725
