Use the new dnsmasq PXE filter in ironic-inspector

With the introduction of rotued networks there can be
a situation where baremetal nodes on remote segments
are unintentionally introspected. Using the dnsmasq
based PXE filtering driver in ironic inspector fixes
the issue.

Co-Authored-By: Harald Jensås <hjensas@redhat.com>
Closes-Bug: #1756075
Change-Id: I53d6c5718c7f9112d578ec6f73830830d2c71737
Depends-On: I056cdadc025f35d8b6fd22f510a7c0a8e259a1f0

elements/puppet-stack-config/puppet-stack-config.pp

@@ -521,6 +521,8 @@ include ::ironic::drivers::staging
 include ::ironic::glance
 include ::ironic::inspector
 include ::ironic::inspector::cors
+include ::ironic::inspector::pxe_filter
+include ::ironic::inspector::pxe_filter::dnsmasq
 include ::ironic::neutron
 include ::ironic::pxe
 include ::ironic::service_catalog

elements/puppet-stack-config/puppet-stack-config.yaml.template

@@ -584,6 +584,8 @@ ironic::inspector::swift_auth_url: "%{hiera('keystone_auth_uri')}"
 ironic::inspector::dnsmasq_local_ip: {{LOCAL_IP}}
 ironic::inspector::dnsmasq_interface: {{INSPECTION_INTERFACE}}
 ironic::inspector::dnsmasq_ip_subnets: {{{INSPECTION_SUBNETS}}}
+ironic::inspector::pxe_filter::driver: dnsmasq
+ironic::inspector::dnsmasq_dhcp_hostsdir: '/var/lib/ironic-inspector/dhcp-hostsdir'
 ironic::inspector::ramdisk_collectors: {{INSPECTION_COLLECTORS}}
 ironic::inspector::additional_processing_hooks: 'extra_hardware,lldp_basic,local_link_connection'
 ironic::inspector::ramdisk_kernel_args: {{INSPECTION_KERNEL_ARGS}}

releasenotes/notes/ironic-inspector-use-pxe-filter-dnsmasq-611a69bc12011989.yaml

@@ -0,0 +1,3 @@
+---
+fixes:
+  - Using the ``dnsmasq`` PXE filter for inspection fixes bug #1756075.