* A concrete example for an LXC based deployment
* How to deploy multiple CPU architectures
* Debugging tips
Change-Id: Ic68cfc1116dd408c31948abbba92ac564f254b2b
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I5fac67444cd64fe79689d957e86cea871854d5ec
Some of these files are already statically defined in the role vars,
but cannot be extended. The new variable ironic_tftp_extra_content
allows either local files (path:) or files from a web server (url:)
to be copied into the tftp server root.
A feature like this is needed to copy EFI firmware to the tftp root
for ironic node CPU architectures that are different to the
ironic control plane nodes. The EFI firmware is sometimes not
available from the system package manager for architechtures
different to the host CPU.
Change-Id: Ie30c009d0704b87c2298088935a7f2ec0d55c6fb
Ironic and inspector are extensible via the stevedore framework.
In order to add extra plugins to the ironic and inspector venvs
extra variables are needed to supply user defined lists of python
packages to install.
Change-Id: I656abb90827486bbb69bf0ccd7e990fd680f2c51
This directory is used by ironic to write logs collected from
ironic-python-agent on nodes being deployed to the disk of the
controller. Without the directory errors occur and it is not possible
to read the log from the agent.
"Failed to store the logs from the node <uuid> deployment due a
file-system related error. Error: [Errno 13] Permission denied:
'/var/log/ironic'"
Change-Id: I25a03e35f29ad7a835dfd72447fa7d20c50fd85c
The directory for the tftp server defined consistently between ironic
and inspector, but not for the http directory.
This patch makes the definition of the http directory work the same
way as the tftp one.
Change-Id: I8d893faa31e5858c4923cb12ef453ec9397db5df
It might be needed to supply a list of extra deploy images as
well as the defaults, possibly to cover architectures in
addition to x86.
Change-Id: I2ecf21c44bac75b0e2cbf3bd786821ff0b7bf31a
1) The variable to allow processing hooks to be configured is used
in the ironic-inspector template but not documented in the role defaults.
Add the default and an example of usage.
2) When using LLDP to discover switchport connections during
inspection it is necessary to pass an additional kernel parameter
to the deploy image but there is no variable to allow this to
happen. This patch adds a variable that the deployer can use
to pass arbitrary kernel parameters to the deploy image.
Change-Id: I2f67dfcf4164e009bf53e9324bd430aec4c97dcb
The deploy image is required in two places in an ironic deployment,
first as images uploaded to glance for the ironic service, and second
as files on a web server for the ironic-inspector service.
Previously this role only placed the deploy images on the ironic
inspector web server, but this patch provides the functionality to
also upload the images to glance.
The variables for ironic deploy image source locations are
consolidated so that only one set are required to run the tasks
for both ironic and ironic-inspector, and several overrides are
available allowing the source to be overidden to a local mirror
easily.
Finally - the name of the files placed on the inspector web server
and into glance represent the upstream name of the image files rather
than generic names which lose versioning and release information.
Change-Id: I1aed9d97a4ddbfb70d2375f5204c55374d1067c9
In an LXC deployment, nginx runs in both the ironc-api and
ironic-inspector containers. The api container can use ipxe to
boot the deployment and user images when `ironic_ipxe_enabled'
is true. The inspector container can use ipxe to independantly
serve the deploy images during inspection.
On a metal deployment these nginx instances are co-located on the
same host and share the same config files and directory structure
so no additional config is needed for inspectors nginx instance.
In an LXC depoyment the api and inspector containers need their
own individual nginx configuration to be written. This patch adds
that configuration for inspector.
A future patch could refactor the code so that only one set of
tasks is needed to deploy the nginx config to both inspector
and api.
Change-Id: Ida20e6835c6ca1c941fa76eadecf3d49e8b1239f
This config block must be set on the ironic-api service so that it
can authenticate with the ironic-inspector service. With no config
in this block on the ironic-api service there is just an auth
failure when trying to inspect a baremetal node.
Change-Id: I7a43b7a1a393591ec85c1c91d37171f8c090878b
For a simple unrouted network these do not exist, but the role
currently forces bogus values to be given for the dhcpd template.
Allow the values to be unset to reduce confusion.
Change-Id: I609a05c50d1de5668f2b092e3a3ef1015e944fe6
Swift requires CA path to be set either with OS_CACERT env var or with
simmilar flag passed to command.
Change-Id: I40e4a0ae0e702fdc9bfbb18dcc6ef1ea3f84926f
Define the callback URL in the role defaults so it can be specifically
overridden rather than needing to use config_template to override
the entire kernel parameters line in the inspector ipxe config.
Change-Id: Ib8d53b394937405c821687b1c46b2b19112267dd
With ansible-core 2.13 it tries to substitude package resolution in apt
module.
However git-core is used in Debian as transitional name, but ansible
tries to select it and provide version, which is not correct behaviour.
But since git-core is not really valid anyway, we just replace it
to workaround ansible's imperfectness.
Change-Id: I37db2654b6bb5339373befc708b4318a8edb1db5
This line snuck in with I097989555a5bd3c84a8cbe992ee64f1a3dd956c9
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: Ib4a369bb27e5e0fce47ddb955dab951e6871319a
Ironic has replaced deprecated pxe_append_params config option
with kernel_pxe_params. The ironic.conf template has been changed
accordingly, but support remains for config override
ironic_pxe_append_params.
Change-Id: Icedd2b8f0e81607caba93afd34557bd4c3a88b4d
Currently the ironic role uses ansible_host as the IP to bind these
services to, which means that in an LXC deployment it is not
possible to provision ironic hosts on the bmaas network as
the services are instead bound to the mgmt network.
The code worked previously as it is most likley developed on metal
and the CI job does not actually enrol/provision a node so the
test coverage is very small.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/852174
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/854231
Change-Id: Id544d395f42f4c36a17e9c20a35aeb56a5e3bf03
There is a choice of dnsmasq or isc-dhcpd from the role defaults,
only install the config file for the one that is in use.
Change-Id: I2ab5709789582c5de4b703e78c8ddd9672fc5ca8
The [keystone] configuration block no longer exists in ironic.conf
and was deprecated in Queens. Use 'region_name' option in the
following sections - '[service_catalog]', '[neutron]', '[glance]',
'[cinder]', '[swift]' and '[inspector]' to configure region for those
services individually.
Change-Id: I40a073f9aa6e40f35dffab6223308a18fa98e7ac
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I1d70c2c46fef6ffc0fcebe4b56a0ecdedc1d3298
Some paths are hardcoded to 'centos', when these are actually 'rocky'
on Rocky Linux installations. Use an ansible fact to obtain the correct
path.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/846224
Change-Id: Id6694d61d874a8542971075cb2377fb7f38bca96
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: I7c9cb9da12c921fd8531f88e6d33852e0076e1b2
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I097989555a5bd3c84a8cbe992ee64f1a3dd956c9
This patchset aims to correct some design limitations with the current
ironic-inspector deploy process.
- a new ironic-inspector-dnsmasq service has been created to split
inspector-specific dnsmasq configuration out of the base dnsmasq
config files
- PXE/iPXE and UEFI support for ironic-inspector boot
- (todo) documentation improvements and diagrams
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/823426
Change-Id: Ib5cbb28f97dd7421bfecb815def89305f3b1da33
