summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-06-16 15:48:15 +0000
committerGerrit Code Review <review@openstack.org>2017-06-16 15:48:15 +0000
commit6faea7a26b75b8e4db348be737c2bdaa3ec6b125 (patch)
tree96e7d3df5b2abaf92445b01a5b51ce36a6d53c9c
parent0efcbe60437191696af4b2f1e794ef24d8eff7a2 (diff)
parent19ef017f319e883c612aac60a6149abd78a49834 (diff)
Merge "Add templates to configure Ironic inspector"
-rw-r--r--environments/undercloud.yaml2
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml1
-rw-r--r--puppet/services/ironic-inspector.yaml151
-rw-r--r--releasenotes/notes/ironic-inspector-43441782bdf0f84e.yaml5
-rw-r--r--roles_data_undercloud.yaml1
5 files changed, 160 insertions, 0 deletions
diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml
index 7a2716d..559d81d 100644
--- a/environments/undercloud.yaml
+++ b/environments/undercloud.yaml
@@ -18,3 +18,5 @@ parameter_defaults:
18 HeatConvergenceEngine: false 18 HeatConvergenceEngine: false
19 HeatMaxResourcesPerStack: -1 19 HeatMaxResourcesPerStack: -1
20 HeatMaxJsonBodySize: 2097152 20 HeatMaxJsonBodySize: 2097152
21 IronicInspectorInterface: br-ctlplane
22 IronicInspectorIpRange: '192.168.24.100,192.168.24.200'
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 0dc93f5..10a19f9 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -237,6 +237,7 @@ resource_registry:
237 OS::TripleO::Services::MistralExecutor: OS::Heat::None 237 OS::TripleO::Services::MistralExecutor: OS::Heat::None
238 OS::TripleO::Services::IronicApi: OS::Heat::None 238 OS::TripleO::Services::IronicApi: OS::Heat::None
239 OS::TripleO::Services::IronicConductor: OS::Heat::None 239 OS::TripleO::Services::IronicConductor: OS::Heat::None
240 OS::TripleO::Services::IronicInspector: OS::Heat::None
240 OS::TripleO::Services::NovaIronic: OS::Heat::None 241 OS::TripleO::Services::NovaIronic: OS::Heat::None
241 OS::TripleO::Services::TripleoPackages: puppet/services/tripleo-packages.yaml 242 OS::TripleO::Services::TripleoPackages: puppet/services/tripleo-packages.yaml
242 OS::TripleO::Services::TripleoFirewall: puppet/services/tripleo-firewall.yaml 243 OS::TripleO::Services::TripleoFirewall: puppet/services/tripleo-firewall.yaml
diff --git a/puppet/services/ironic-inspector.yaml b/puppet/services/ironic-inspector.yaml
new file mode 100644
index 0000000..e8537a2
--- /dev/null
+++ b/puppet/services/ironic-inspector.yaml
@@ -0,0 +1,151 @@
1heat_template_version: ocata
2
3description: >
4 OpenStack Ironic Inspector configured with Puppet (EXPERIMENTAL)
5
6parameters:
7 ServiceNetMap:
8 default: {}
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
12 type: json
13 DefaultPasswords:
14 default: {}
15 type: json
16 RoleName:
17 default: ''
18 description: Role name on which the service is applied
19 type: string
20 RoleParameters:
21 default: {}
22 description: Parameters specific to the role
23 type: json
24 EndpointMap:
25 default: {}
26 description: Mapping of service endpoint -> protocol. Typically set
27 via parameter_defaults in the resource registry.
28 type: json
29 MonitoringSubscriptionIronicInspector:
30 default: 'overcloud-ironic-inspector'
31 type: string
32 KeystoneRegion:
33 type: string
34 default: 'regionOne'
35 description: Keystone region for endpoint
36 Debug:
37 default: ''
38 description: Set to True to enable debugging on all services.
39 type: string
40 IronicInspectorInterface:
41 default: br-ex
42 description: |
43 Network interface on which inspection dnsmasq will listen. Should allow
44 access to untagged traffic from nodes booted for inspection. The default
45 value only makes sense if you don't modify any networking configuration.
46 type: string
47 IronicInspectorIPXEEnabled:
48 default: true
49 description: Whether to use iPXE for inspection.
50 type: boolean
51 IronicInspectorIpRange:
52 description: |
53 Temporary IP range that will be given to nodes during the inspection
54 process. This should not overlap with any range that Neutron's DHCP
55 gives away, but it has to be routeable back to ironic-inspector API.
56 This option has no meaningful defaults, and thus is required.
57 type: string
58 IronicInspectorUseSwift:
59 default: true
60 description: Whether to use Swift for storing introspection data.
61 type: boolean
62 IronicIPXEPort:
63 default: 8088
64 description: Port to use for serving images when iPXE is used.
65 type: string
66 IronicPassword:
67 description: The password for the Ironic service and db account, used by the Ironic services
68 type: string
69 hidden: true
70
71conditions:
72 enable_ipxe: {equals : [{get_param: IronicInspectorIPXEEnabled}, true]}
73 use_swift: {equals : [{get_param: IronicInspectorUseSwift}, true]}
74
75outputs:
76 role_data:
77 description: Role data for the Ironic Inspector role.
78 value:
79 service_name: ironic_inspector
80 monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
81 config_settings:
82 map_merge:
83 - ironic::inspector::listen_address: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
84 ironic::inspector::dnsmasq_local_ip: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
85 ironic::inspector::dnsmasq_ip_range: {get_param: IronicInspectorIpRange}
86 ironic::inspector::dnsmasq_interface: {get_param: IronicInspectorInterface}
87 ironic::inspector::debug: {get_param: Debug}
88 ironic::inspector::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
89 ironic::inspector::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
90 ironic::inspector::authtoken::username: 'ironic'
91 ironic::inspector::authtoken::password: {get_param: IronicPassword}
92 ironic::inspector::authtoken::project_name: 'service'
93 ironic::inspector::authtoken::user_domain_name: 'Default'
94 ironic::inspector::authtoken::project_domain_name: 'Default'
95 tripleo.ironic_inspector.firewall_rules:
96 '137 ironic-inspector':
97 dport:
98 - 5050
99 ironic::inspector::ironic_username: 'ironic'
100 ironic::inspector::ironic_password: {get_param: IronicPassword}
101 ironic::inspector::ironic_tenant_name: 'service'
102 ironic::inspector::ironic_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
103 ironic::inspector::ironic_max_retries: 6
104 ironic::inspector::ironic_retry_interval: 10
105 ironic::inspector::ironic_user_domain_name: 'Default'
106 ironic::inspector::ironic_project_domain_name: 'Default'
107 ironic::inspector::http_port: {get_param: IronicIPXEPort}
108 ironic::inspector::db::database_connection:
109 list_join:
110 - ''
111 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
112 - '://ironic-inspector:'
113 - {get_param: IronicPassword}
114 - '@'
115 - {get_param: [EndpointMap, MysqlInternal, host]}
116 - '/ironic-inspector'
117 - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
118 -
119 if:
120 - enable_ipxe
121 - ironic::inspector::pxe_transfer_protocol: 'http'
122 - {}
123 -
124 if:
125 - use_swift
126 - ironic::inspector::store_data: 'swift'
127 ironic::inspector::swift_username: 'ironic'
128 ironic::inspector::swift_password: {get_param: IronicPassword}
129 ironic::inspector::swift_tenant_name: 'service'
130 ironic::inspector::swift_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
131 ironic::inspector::swift_user_domain_name: 'Default'
132 ironic::inspector::swift_project_domain_name: 'Default'
133 - {}
134 step_config: |
135 include ::tripleo::profile::base::ironic_inspector
136 service_config_settings:
137 keystone:
138 ironic::keystone::auth_inspector::tenant: 'service'
139 ironic::keystone::auth_inspector::public_url: {get_param: [EndpointMap, IronicInspectorPublic, uri]}
140 ironic::keystone::auth_inspector::internal_url: {get_param: [EndpointMap, IronicInspectorInternal, uri]}
141 ironic::keystone::auth_inspector::admin_url: {get_param: [EndpointMap, IronicInspectorAdmin, uri]}
142 ironic::keystone::auth_inspector::password: {get_param: IronicPassword}
143 ironic::keystone::auth_inspector::region: {get_param: KeystoneRegion}
144 mysql:
145 ironic::inspector::db::mysql::password: {get_param: IronicPassword}
146 ironic::inspector::db::mysql::user: ironic-inspector
147 ironic::inspector::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
148 ironic::inspector::db::mysql::dbname: ironic-inspector
149 ironic::inspector::db::mysql::allowed_hosts:
150 - '%'
151 - "%{hiera('mysql_bind_host')}"
diff --git a/releasenotes/notes/ironic-inspector-43441782bdf0f84e.yaml b/releasenotes/notes/ironic-inspector-43441782bdf0f84e.yaml
new file mode 100644
index 0000000..1fbdd1f
--- /dev/null
+++ b/releasenotes/notes/ironic-inspector-43441782bdf0f84e.yaml
@@ -0,0 +1,5 @@
1---
2features:
3 - |
4 Add basic support for **ironic-inspector** in the overcloud. It is highly
5 experimental and is not yet recommended for production use.
diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml
index 50083ce..783df91 100644
--- a/roles_data_undercloud.yaml
+++ b/roles_data_undercloud.yaml
@@ -21,6 +21,7 @@
21 - OS::TripleO::Services::HeatEngine 21 - OS::TripleO::Services::HeatEngine
22 - OS::TripleO::Services::IronicApi 22 - OS::TripleO::Services::IronicApi
23 - OS::TripleO::Services::IronicConductor 23 - OS::TripleO::Services::IronicConductor
24 - OS::TripleO::Services::IronicInspector
24 - OS::TripleO::Services::IronicPxe 25 - OS::TripleO::Services::IronicPxe
25 - OS::TripleO::Services::Iscsid 26 - OS::TripleO::Services::Iscsid
26 - OS::TripleO::Services::Keystone 27 - OS::TripleO::Services::Keystone