diff --git a/docker/services/ironic-inspector.yaml b/docker/services/ironic-inspector.yaml index 3c10ea2982..8e3ca726cd 100644 --- a/docker/services/ironic-inspector.yaml +++ b/docker/services/ironic-inspector.yaml @@ -86,6 +86,7 @@ outputs: config_image: {get_param: DockerIronicInspectorConfigImage} volumes: - /var/lib/ironic:/var/lib/ironic + - /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir kolla_config: /var/lib/kolla/config_files/ironic_inspector.json: command: /usr/bin/ironic-inspector --config-file /etc/ironic-inspector/inspector-dist.conf --config-file /etc/ironic-inspector/inspector.conf @@ -100,6 +101,8 @@ outputs: recurse: true - path: /var/lib/ironic owner: ironic:ironic + - path: /var/lib/ironic-inspector/dhcp-hostsdir + owner: ironic-inspector:ironic-inspector recurse: true /var/lib/kolla/config_files/ironic_inspector_dnsmasq.json: config_files: @@ -118,9 +121,17 @@ outputs: volumes: - /var/log/containers/ironic-inspector:/var/log/ironic-inspector command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/log/ironic-inspector'] - ironic_inspector_db_sync: + + ironic_inspector_init_dnsmasq_dhcp_hostsdir: start_order: 1 image: *ironic_inspector_image + user: root + volumes: + - /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir + command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/lib/ironic-inspector/dhcp-hostsdir'] + ironic_inspector_db_sync: + start_order: 2 + image: *ironic_inspector_image net: host user: root privileged: false @@ -175,6 +186,7 @@ outputs: - /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro - /var/lib/ironic:/var/lib/ironic - /var/log/containers/ironic-inspector:/var/log/ironic-inspector + - /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS ironic_inspector_dnsmasq: @@ -191,6 +203,7 @@ outputs: - /var/lib/kolla/config_files/ironic_inspector_dnsmasq.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro - /var/log/containers/ironic-inspector:/var/log/ironic-inspector + - /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: @@ -205,6 +218,10 @@ outputs: Log files from ironic-inspector container can be found under /var/log/containers/ironic-inspector. ignore_errors: true + - name: create persistent ironic-inspector dnsmasq dhcp hostsdir + file: + path: /var/lib/ironic-inspector/dhcp-hostsdir + state: directory upgrade_tasks: - when: step|int == 2 block: diff --git a/puppet/services/ironic-inspector.yaml b/puppet/services/ironic-inspector.yaml index bec7b14834..b40a720799 100644 --- a/puppet/services/ironic-inspector.yaml +++ b/puppet/services/ironic-inspector.yaml @@ -153,6 +153,8 @@ outputs: - [{ip_range: {get_param: IronicInspectorIpRange}}] - get_param: IronicInspectorSubnets ironic::inspector::dnsmasq_interface: {get_param: IronicInspectorInterface} + ironic::inspector::dnsmasq_dhcp_hostsdir: /var/lib/ironic-inspector/dhcp-hostsdir + ironic::inspector::pxe_filter::driver: dnsmasq ironic::inspector::debug: {get_param: Debug} ironic::inspector::always_store_ramdisk_logs: {get_param: Debug} ironic::inspector::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } @@ -171,6 +173,15 @@ outputs: '137 ironic-inspector': dport: - 5050 + '137 ironic-inspector dhcp input': + iniface: {get_param: IronicInspectorInterface} + proto: 'udp' + chain: 'INPUT' + dport: 67 + '137 ironic-inspector dhcp output': + proto: 'udp' + chain: 'OUTPUT' + dport: 68 ironic::inspector::ironic_username: 'ironic' ironic::inspector::ironic_password: {get_param: IronicPassword} ironic::inspector::ironic_tenant_name: 'service' @@ -234,3 +245,25 @@ outputs: ironic::inspector::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + upgrade_tasks: + - name: Stop and disable ironic_inspector service + when: step|int == 2 + service: name=openstack-ironic-inspector state=stopped enabled=no + - name: Stop and disable ironic_inspector dnsmasq service + when: step|int == 2 + service: name=openstack-ironic-inspector-dnsmasq state=stopped enabled=no + - name: purge iptables port 67 jump rule + when: step|int == 2 + iptables: + chain: INPUT + interface: {get_param: IronicInspectorInterface} + protocol: udp + destination_port: 67 + jump: ironic-inspector + state: absent + - name: purge iptables ironic-inspector chain + when: step|int == 2 + iptables: + chain: ironic-inspector + flush: true + state: absent