After the switch to newer ansible collection, the enrollment workflow
started running automated cleaning (before that, it would use the old
API version resulting in immediate "available"). However, the static
DHCP configuration only happened in the inspect and deploy workflows,
which are run after enrollment.
This change extracts a new small role for the DHCP config and includes
it in all 3 workflows that use DHCP.
While here, make sure that dnsmasq_dhcp_hostsdir is respected.
Change-Id: Idf6f24dde11d600698d45a218812cba8134fb73f
It looks a little jarring at first so see keys ordered this way,
but once you get used to it, it reads so much better!
Also make indentation consistent, clean up epel install
and remove traces of Suse.
Change-Id: Id6279d681faf0c9a1893c00953b0b59d9319e08b
The ansible collection team wants to deprecate ironic_url in favour of
auth.endpoint. This has been supported for a long time, adjust
the no-auth code to use it.
This leave os_ironic_node_info, which should be replaced by the upstream
baremetal_node_info instead.
Change-Id: Icec366a4a5b66e77cc5ee9cf92248be68bd41807
A new simplified command is added for deploying nodes, optionally
specifying an image.
The underlying role is updated to allow specifying a full image URL,
a configdrive URL or contents and a full checksum.
Change-Id: I6c99b01dc827c0bd2ef98eff73de4dfbac433fe1
Adds a new role bifrost-cloud-config and moves all cloud configuration
handling there, fixing a few inconsistencies in the way modules are used.
Also handles bare metal endpoint overrides until we can fully switch
to cloud-based authentication handling.
Change-Id: I8bcbc5bc8f206a98d547953b5e902d86b817a302
The following changes were made:
- `os_client_config` is `openstack.cloud.config`
- `os_ironic` is `openstack.cloud.baremetal_node`
- `os_ironic_inspect` is `openstack.cloud.baremetal_inspect`
- `os_ironic_node` is `openstack.cloud.baremetal_node_action`
- `os_keystone_role` is `openstack.cloud.identity_role`
- `os_keystone_service` is `openstack.cloud.catalog_service`
- `os_user` is `openstack.cloud.identity_user`
- `os_user_role` is `openstack.cloud.role_assignment`
Change-Id: Id8e2f9c735c6c9d4b7ab2a7e902cd8f9d389d568
Add a new parameter that can be overridden rather than hardcoding
the IPv4 address of network_interface. This paves a way to using
IPv6 addresses in the future (needs more work on the PXE side).
Change-Id: Ib677d8270665d9ff5c5f63cebc88fa3f29ff0b3a
Dnsmasq does not re-read its config files on SIGHUP ([1]). Since
a config directive (host-record) is used, a service restart is
required in order for the record to be available.
[1]
"Notes
[...] SIGHUP does NOT re-read the configuration file."
- http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
Change-Id: I84ab94b6c1ae61fccc1b1aba5df52a000b1fa449
Become is used on the play that builds the image, so it's possible we might not
be able to access it without root privileges.
Change-Id: I62d45e937b69215890fc88f1cd59c97319558994
Implicit fact gathering performed at the beginning of a play uses the
DEFAULT_GATHER_TIMEOUT [1] config option. Invoking the setup module
directly does not use this option, instead takes a gather_timeout module
argument.
This change adds a fact_gather_timeout variable that is used when
invoking the setup module directly. The default value is given by the
DEFAULT_GATHER_TIMEOUT config option.
[1]
https://docs.ansible.com/ansible/2.4/config.html#default-gather-timeout
Change-Id: I50bcfc264b61686ffcb1341b737f4354067bd03c
Bifrost instructions suggest to use 'connection: local' when calling any
of the roles. However, there are scenarios which the roles can be
delegated to some other host. The explicit 'delegate_to' statements
prevent us from doing that and they are not necessary if we use
'connection: local' anyway. As such we drop the explicit statements to
make the roles a bit more flexible.
Change-Id: Ifc983992125d203899d74b8bf997f9f58f528978
When noauth_mode=true, the os_client_config Ansible module will still execute
and then fails due to a missing clouds.yaml file (which is only generated
when keystone is enabled and installed).
This change will skip over the os_client_config module when noauth_mode
is set to true.
Change-Id: Iff3f33fe5e1f7d952c982fa377af0ff415ec2831
Closes-Bug: #1693309
Signed-off-by: Leif Madsen <lmadsen@redhat.com>
The original os_ironic_node module, nor bifrost as a whole
lacks a concept of waiting for a node deployment to reach an
active state where the conductor no longer has to take any
additional action upon the node.
In order to allow users to utilize the Ansible serial option,
we need to support the ability to wait so the conductor is not
overloaded by the user in specific edge cases.
Change-Id: I1fe3353a56a54ecde25f9f237b85ca009813f541
Depends-On: I69eee2d254cde2fffcf0c1ac7679a623fa7f97a5
In order to support use of Keystone in the future, the playbooks
that invoke modules that connect to Ironic needed to be updated
in order to pass-through enough authentication data to enable
user authentication.
Change-Id: I0802b7933303778115a1adca63b64670e1cda4ae
Updated the version to be installed to stable-2.1 as well
as updated some of the playbooks that were incorrectly
passing string arguments instead of dictionary arguments
for authentication since Ansible 2.1 has checks that
detect this.
Additionally, updated the task labels used for unsetting
authentiction parameters to be more consistent with the
state of the code.
Change-Id: I8c50cd2a722f2c8fee91fb6ef0761969dd3da138
The role fails, due to 'auth' being converted afterwards from None
to 'None', but the openstack argument spec expects it as a dict.
Removing the line fixes it, as the 'auth' fact is passed in to the
os_ironic_node task with a default(omit) filter.
Closes-Bug: #1612589
Change-Id: If89fe4ad88d0a677dc50145bb766d3421d1bc6e3
Switch from "| bool" to "| bool == true" to maintain consistency
across playbooks. Also change "== true" to "bool | == true".
Also fix up some formatting of curly braces.
Change-Id: I1d848c4f1d19b0fdee2060f257981842b4e40235
The nginx_port variable is insufficiently generic enough in the event
a user really wanted to run Apache, or some other web server.
As such, this commit renames the setting to file_url_port to
prevent any confusion meanwhile supporting the ability to continue to
use an override setting should the variable nginx_port be defined in
an externally generated variable setting file.
Change-Id: Ida88cdec6ba162920df09dbdd335a9ad7868c842
As a follow-up to I71517146a197e39ed8ff2205e4234685d95331ad
this commit updates the conditional statements to explictly
indicate that the required state is true to improve
readability.
Additionally, revised lines related to DHCP templates to
multi-line format.
Change-Id: I919ef77a424266519a2590781284066c6f0f688b
Bifrost was built around utilizing noauth authenticaiton mode.
However the roles can easilly be re-utilized by users consuming
only part of bifrost, or that are wishing to utilize the roles as
examples to create their own playbooks.
To allow re-consumption of roles interacting with ironic, addition
of logic to allow for os-client-config to be utilized for module
authentication
Change-Id: I072791613cdf99723c567d24dbd3aee935e2e068
Implements: blueprint bifrost-role-auth-support
Since bifrost users may choose to modify their environments
in order to support HTTPS, we should enable the users to have
the ability to make that setting change for generated URLs.
Change-Id: I725bb365243baa00d41321db0c4bb1b0f8d99b2f
The directory is created with root ownership, but then the files
are added by bifrost user. This causes to fail with permission denied.
Adding become: yes to execute this task with sudo powers.
Change-Id: Ia792033eef3553e05ca2d5df4b25cb64c7a009cb
The default image created during the bifrost-ironic-install phase is a
qcow2 image, not a raw image. The instance_info for the default install
type should reflect that.
The consequence of providing "raw" as the image type when the image is
not a raw image, along with keeping the default value of the new
stream_raw_images parameter[1], is that the ironic-python-agent is
not able to correctly write the image, which leads to a failure to
write the configdrive[2].
[1] http://git.openstack.org/cgit/openstack/ironic/commit/ironic?id=ce3878176e20d14681d11b53f4fc5cf1cb63e956
[2] http://paste.openstack.org/show/480078/
Change-Id: I5e948672a8af967b7eeebda45ed6251286145ff1
According to the documentation[1], instance_info variable is used to
define the instance that will be deployed, and has nothing to do with
its networking configuration. It therefore is not sensible to only
allow static DHCP settings for nodes with instance_info defined since
"By default, this is NOT expected to be defined".
Moreover, when the new dhcp-hosts file is created in
bifrost.dhcp-hosts.d/, dnsmasq needs to re-read this directory
regardless of whether instance_info is defined, so it does not make
sense for the "Sending dnsmasq HUP" task to be dependent on
instance_info NOT being defined.
Sending HUP should be safe to do; according to the dnsmasq man page,
When it receives a SIGHUP, dnsmasq clears its cache and then
re-loads /etc/hosts and /etc/ethers and any file given by
--dhcp-hostsfile, --dhcp-hostsdir, --dhcp-optsfile, --dhcp-optsdir,
--addn-hosts or --hostsdir. The dhcp lease change script is called
for all existing DHCP leases. If --no-poll is set SIGHUP also
re-reads /etc/resolv.conf. SIGHUP does NOT re-read the configuration
file."
This does not imply any disruption of service. This assumption is
consistent with a reading of the dnsmasq signal handling code[2].
[1] http://git.openstack.org/cgit/openstack/bifrost/tree/playbooks/roles/bifrost-deploy-nodes-dynamic/README.md#n45
[2] http://bazaar.launchpad.net/~vcs-imports/dnsmasq/master/view/head:/src/dnsmasq.c#L1193
Change-Id: Iae0dae8ad4dd7c9f2263b97875702ed0970761cf
{{ hostname }} is not defined anywhere, and trying to use it results in
the following error:
fatal: [node.example.com -> localhost] => One or more undefined variables: 'hostname' is undefined
The variable inventory_hostname is defined and is a reasonable name for
this file, so use that instead.
Change-Id: I6aebf7fd25c9fc279b42fab9414ede81c5afacf6
The conditionals in the deployment role were incorrect if the
inventory data source was set to ironic where the interpretted
reply from the API could include an empty instance_info dictonary.
Changed the conditionals to handle the condition where the
dictonary may be empty.
Additionally changed the dnsmasq handling to directly HUP the
dnsmasq process as the service init file, if present, may not
support reloaded state as Ansible passes it directly through.
Change-Id: Id84b8869ef5fc9deb1eee8cc304ee00713a3016a
In some cases it is simpler to just configure the images being deployed
to use DHCP, rather than teach them how to put the IP address in the
configdrive in the right place. This will setup dnsmasq to send the
static address for the box. It will use that address for the deploy as
well.
Co-Authored-By: Clint Byrum <clint@fewbar.com>
Co-Authored-By: Gregory Haynes <greg@greghaynes.net>
Co-Authored-By: Julia Kreger <juliaashleykreger@gmail.com>
Change-Id: I524958be5e787d42c91278baf2c4a14beb965e7c
If the specified network_interface contains a hyphen ansible munches the
hostvar key to replace the '-' with a '_'. We fail to do this munging so
we are unable to find the correct key.
Change-Id: Ied2d859e6cb32fa760597e1b09ee0d757eafa6f7
This change invokes the call to the the fact collection method
as well as corrects a bug that that call exposed if instance_info
is supplied in advance.
Change-Id: I45c88e4860c06fb6f34511ccd679077ffd0ed89e
Closes-Bug: 1499057
Many minor cleanups, including:
- Consistent capitalization for ironic and bifrost
- Typos
- Prefer more active construction in task names
- Reflow comment text where appropriate for enhanced
readability
Change-Id: I05a1ecd6c49003e02961ab3c9cbbcb3b31cd4af6
A meaningful error message should be provided and users notified if
we are missing the deploy_image when a user attempts to deploy.
Change-Id: I9d3e7b2524b729db7c0e28e21dec88c018d7f6a5
Closes-Bug: 1478722
Dmitry Tantsur