In absence of this section ironic conductor
fails to identify authentication mechanism
and fails to deploy node.
Change-Id: Ic0d58c694ebced64c0eb2f118980eade7ba7d1e2
Closes-Bug: #1793959
The template would previously split strings so you'd get things like
enabled_hardware_types = p,x,e
Now we use jmespath to do the search of the lists/dicts for us.
Change-Id: I3f2f4550ed47b78c20d603d77124609c1ec2a63d
Removed unused variables when able and updated to the new ironic driver
definitions found here.
https://docs.openstack.org/ironic/latest/admin/upgrade-to-hardware-types.html
The intention is to support the drivers via profiles, so the table from
the above link was converted to a dictionary. This dictionary was used
as a source when combining / concatenating the various drivers for each
profile into a usable list. The standalone logic was simplified.
Change-Id: I19553af41b5e669386b855209c61235bf37371f2
Closes-Bug: 1758351
This adds the necessary config for ironic to communicate with
glance for image storage and retrieval.
Change-Id: Iec5d83715d0dcd83e61bb369f42353efac97e6d0
The driver option is necessary as the transport_url query param
override requires the value. Default will be to use the oslomsg
rpc setting.
Change-Id: Ic9bc50824be37c544444c9e6f296151e1db427ea
This introduces oslo.messaging variables that define the RPC and
Notify transports for the OpenStack services. These parameters
replace the rabbitmq values and are used to generate the messaging
transport_url for the service. The association of the messaging
backend server to the oslo.messaging services will then be
transparent to the ironic service.
This patch:
* Add oslo.messaging variables for RPC and Notify to defaults
* Update transport_url generation (added notifications)
* Add oslo.messaging to inventory
* Add release note
Depends-On: If4326a6848d2d32af284fdbb94798eb0b03734d5
Depends-On: I2b09145b60116c029fc85477399c24f94974b61d
Change-Id: I363a888980dfd84b4b586df01fb022dd453dc3de
As part of cleaning inventory variables, we are
moving some of the variables to be created in
roles instead of in inventory. This moves the
ironic_glance_api_servers variable into role.
Change-Id: I983a20d923384bf54cb0af924ec0a0f8ef4db191
Option auth_uri from group keystone_authtoken is deprecated[1].
Use option www_authenticate_uri from group keystone_authtoken.
[1]https://review.openstack.org/#/c/508522/
Change-Id: I7bccd08bf45b3c9dddad9a0ada58fc3038fe9d79
Implements: blueprint deprecate-auth-uri-option
The health check requests from haproxy cause uwsgi to write a
lot of useless log lines. This can make it more difficult to find
a problem with a particular service.
This patch adds a route to look for the `osa-haproxy-healthcheck`
user agent string, which haproxy uses when performing health checks.
Any requests with that user agent are not logged.
Closes-Bug: 1742718
Change-Id: I2a1786e2197fbb0fa77e78b94e0c5ff7f4afc8fb
Ironic already had mod_wsgi setup, but this patch moves it to use uWSGI.
Additionally, this moves to use a filtered_services_list for Ironic
The ironic role should be standardized to meet the service setup of
other roles, using a filtered service list, and a dict of services with
settings moves us closer to this.
Change-Id: Ib432380dbc2ea11f9ac005713121a7b42ab97109
Option "rabbit_use_ssl" from group "oslo_messaging_rabbit" is deprecated.
Use option "ssl" from group "oslo_messaging_rabbit".
Change-Id: Ibf9e932250d43859df03ec0d4ea46540391adc8b
Implements: blueprint deprecate-rabbit-use-ssl
The systemd unit 'TimeoutSec' value which controls the time
between sending a SIGTERM signal and a SIGKILL signal when
stopping or restarting the service has been reduced from 300
seconds to 120 seconds. This provides 2 minutes for long-lived
sessions to drain while preventing new ones from starting
before a restart or a stop.
The 'RestartSec' value which controls the time between the
service stop and start when restarting has been reduced from
150 seconds to 2 seconds to make the restart happen faster.
These values can be adjusted by using the *_init_config_overrides
variables which use the config_template task to change template
defaults.
Change-Id: Id721b89bd37df91192f48743ea3c32a305022a9f
Updated the template for ironic.conf to enable configuration of
the swift url endpoint type within ironic.conf
Change-Id: I67f64167914d6e3e9fddb57e5e38dc03757ae5c7
This creates a specific slice which all OpenStack services will operate
from. By creating an independent slice these components will be governed
away from the system slice allowing us to better optimise resource
consumption.
See the following for more information on slices:
* https://www.freedesktop.org/software/systemd/man/systemd.slice.html
See for following for more information on resource controls:
* https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html
Tools like ``systemd-cgtop`` and ``systemd-cgls`` will now give us
insight into specific processes, process groups, and resouce consumption
in ways that we've not had access to before. To enable some of this reporting
the accounting options have been added to the [Service] section of the unit
file.
Change-Id: Id82169f2f500045e0ff7dc348748400a4b116fe0
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The 'provisioning_network_uuid' and 'cleaning_network_uuid' options have
been deprecated for 'provisioning_network' and 'cleaning_network'
respectively.
These options now allow either a network UUID or name. The tasks to
determine a UUID from a given network name should no longer be
necessary, but if a deployer provides a UUID prioritize that over the
name within the ironic.conf template.
Change-Id: I85f197e56ced6a73dd470c0625b6d9b5958f5159
This change adds support for the oneview drivers (agent, iscsi).
Note that changes on the ironic installation will occur only when
the oneview drivers are being used (agent_pxe_oneview or
iscsi_pxe_oneview are in the ironic_openstack_driver_list). This
means that this patch should not change anything on the the default
ironic installation (using agent_ipmitool driver).
Change-Id: I969df888c6a8b68e7a1a0643b46eee4b546ec13c
The api_url value is wrong and causes gate failures now that the value
is tested by the ironic server when it starts up.
Change-Id: I7d63135a74b6472a284495f04d7c04dc553f53ad
This patch adds the ability to specify a cleaning and provisioning
network for Ironic. If none are specified then Ironic continues to
function as it does now.
Ironic role will calculate the UUID of the neutron network assuming a
network name is provided.
Additionally, this is added to testing by configuring a network to add
with the network-name.
Change-Id: I9be6f351c0da292ac8b861d2168e73d1861e1603
This fix tmpfile when multiple services runs in the same host with systemd.
Add ironic_lock_path vars to configure lock path
Change-Id: I7c4b6a356b321c65718af3cc5b3818b7f9a61e58
There's no real cost to having IPA debug output on, and it helps
operators work out from a KVM what went wrong when things get
exciting. So let's just turn it on by default.
Co-Authored-By: Michael Carden <mike.carden@gmail.com>
Change-Id: I2ac525570088ea4494968666213d6f583bd5ede9
OSLO logging currently defaults the 'use_stderr' option to True
which results duplicate logs in service daemon logs for both
upstart and systemd. To correct this issue the use_stderr
option has been set to false.
Change-Id: I601c764bcb731baeedba784787b721cccfa487e4
Closes-Bug: 1588051
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
If multiple regions exist, keystone_authtoken should contain region_name.
This prevents the service from authenticating across regions.
Change-Id: I3e08385d91f5f913209dc944875c843828da3c2b
All rabbitmq connection vars are now namespaced. Namespace support
was previously inconsistent which limited deployer override options.
Change-Id: Iccc4839f497ae4868d1234e8fd36220870ad7f04
Implements: blueprint multi-rabbitmq-clusters
Remove all tasks and variables related to toggling between installation
of ironic inside or outside of a Python virtual environment.
Installing within a venv is now the only supported deployment.
Additionally, a few changes have been made to make the creation of the
venv more resistant to interruptions during a run of the role.
* unarchiving a pre-built venv will now also occur when the venv
directory is created, not only after being downloaded
* virtualenv-tools is run against both pre-built and non pre-built venvs
to account for interruptions during or prior to unarchiving
Change-Id: I9df953f69eb86606ce8a6fe9f77e60c710549b8e
Implements: blueprint only-install-venvs
This change addresses two issues:
1 - the tftpd-hpa package has to be installed on all conductors
regardless of standalone more or not.
2 - the tftpd-hpa has an issue where is till not function over
ipv4 unless expressly set. To resolve this issue the default
configuration file has been changed to lockdown the listen
address and set the port. This is the related launchpad issue
for tftp-hpa [0]
[0] - https://bugs.launchpad.net/ubuntu/+source/tftp-hpa/+bug/1448500
Change-Id: I9861de0a0384661a27f0971f77ab340f4c1d59e3
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This change makes is intended to simplify the the ironic.conf file
so that we only carry what is needed. In the file we're setting the
swift configuration section when not in stand alone mode and the
keystone_auth section has been updated for the options that ironic
requires.
URI testing for ironic's rest API has been updated to run the tests
using a header for the authentication token. This is required now that
the keystone_auth section is filled in.
Co-Authored-By: Michael Davies <michael@the-davies.net>
Change-Id: Ic6bd466e6fa03c2382424666588c306bad473e99
Partially-implements: blueprint role-ironic
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
In testing ironic it w/ mod-wsgi I've found that ironic does
not pool connections to the messaging backend. This causes
connection and intermitent issues within the ironic service.
To mitigate these issues I've changed the ironic_wsgi_threads
variable from using vcpus*2 to using vcpus//4 which will
instruct the ironic process to only use 25% of the available
vcpus rounded to the nearest whole number. A ternary operation
was added to the default value to ensure the computed value is
greater than or equal to 1.
Error Example:
XXX_ironic_conductor_container-XXX ironic-conductor:
2016-04-07 14:32:32.016 555 ERROR oslo.messaging._drivers.impl_rabbit
[-] AMQP server on 172.19.102.219:5671 is unreachable:
Basic.cancel: (0) 1. Trying again in 1 seconds.
With a reduced thread count this error was resolved. My hosts have
48vCPUs resulting in 96 threads being used in the process.
Change-Id: I0390f0d3f5d90f851f5373962c4b924d3ade72ff
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This patch implements an initial set of inventory and playbooks
which results in the successful convergence of a standalone
build of Ironic.
It also adds the rootwrap filters, implement config_template
for all the conf files appropriately and ensures that the sudoers
is implemented in the right order of execution.
All content is based from the head of stable/mitaka on
24 Mar 2016.
Change-Id: I9182951c394a8c52826480aba7bc7e4d437988c5
