diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index d96e7acab2..f22016c258 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -431,16 +431,20 @@ nova_console: "novnc" # Valid options are [ public, internal, admin ] openstack_interface: "admin" +# Enable core OpenStack services. This includes: +# glance, keystone, neutron, nova, heat, and horizon. +enable_openstack_core: "yes" + # These roles are required for Kolla to be operation, however a savvy deployer # could disable some of these required roles and run their own services. -enable_glance: "yes" +enable_glance: "{{ enable_openstack_core | bool }}" enable_haproxy: "yes" enable_keepalived: "{{ enable_haproxy | bool }}" -enable_keystone: "yes" +enable_keystone: "{{ enable_openstack_core | bool }}" enable_mariadb: "yes" enable_memcached: "yes" -enable_neutron: "yes" -enable_nova: "yes" +enable_neutron: "{{ enable_openstack_core | bool }}" +enable_nova: "{{ enable_openstack_core | bool }}" enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}" enable_outward_rabbitmq: "{{ enable_murano | bool }}" @@ -480,8 +484,8 @@ enable_fluentd: "yes" enable_freezer: "no" enable_gnocchi: "no" enable_grafana: "no" -enable_heat: "yes" -enable_horizon: "yes" +enable_heat: "{{ enable_openstack_core | bool }}" +enable_horizon: "{{ enable_openstack_core | bool }}" enable_horizon_blazar: "{{ enable_blazar | bool }}" enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}" enable_horizon_congress: "{{ enable_congress | bool }}" @@ -546,7 +550,7 @@ enable_nova_ssh: "yes" enable_octavia: "no" enable_onos: "no" enable_opendaylight: "no" -enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' }}" +enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}" enable_ovs_dpdk: "no" enable_osprofiler: "no" enable_panko: "no" diff --git a/ansible/roles/ironic/defaults/main.yml b/ansible/roles/ironic/defaults/main.yml index dd45736dea..5f9415594a 100644 --- a/ansible/roles/ironic/defaults/main.yml +++ b/ansible/roles/ironic/defaults/main.yml @@ -182,7 +182,7 @@ ironic_console_serial_speed: "115200n8" ironic_ipxe_url: http://{{ api_interface_address }}:{{ ironic_ipxe_port }} ironic_enable_rolling_upgrade: "yes" ironic_inspector_kernel_cmdline_extras: [] -ironic_inspector_pxe_filter: iptables +ironic_inspector_pxe_filter: "{% if enable_neutron | bool %}iptables{% else %}none{% endif %}" #################### ## Kolla diff --git a/ansible/roles/ironic/templates/inspector.ipxe.j2 b/ansible/roles/ironic/templates/inspector.ipxe.j2 index c38277e50c..4675a0588d 100644 --- a/ansible/roles/ironic/templates/inspector.ipxe.j2 +++ b/ansible/roles/ironic/templates/inspector.ipxe.j2 @@ -3,6 +3,14 @@ :retry_dhcp dhcp || goto retry_dhcp +{# Standalone ironic: use ironic-configured PXE configs #} +{% if not enable_neutron | bool %} +# load the MAC-specific file or fail if it's not found +:boot_system +chain pxelinux.cfg/${mac:hexhyp} || goto inspector_ipa +{% endif %} + +:inspector_ipa :retry_boot imgfree kernel --timeout 30000 {{ ironic_ipxe_url }}/ironic-agent.kernel ipa-inspection-callback-url=http://{{ kolla_internal_vip_address }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd=agent.ramdisk {{ ironic_inspector_kernel_cmdline_extras | join(' ') }} || goto retry_boot diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 index e7c93a4187..f423a33ee5 100644 --- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 +++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 @@ -2,6 +2,9 @@ debug = {{ ironic_logging_debug }} log_dir = /var/log/kolla/ironic-inspector +{% if not enable_keystone | bool %} +auth_strategy = noauth +{% endif %} listen_address = {{ api_interface_address }} listen_port = {{ ironic_inspector_port }} transport_url = {{ rpc_transport_url }} @@ -10,6 +13,7 @@ transport_url = {{ rpc_transport_url }} transport_url = {{ notify_transport_url }} [ironic] +{% if enable_keystone | bool %} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} auth_type = password project_domain_id = {{ default_project_domain_id }} @@ -18,7 +22,12 @@ project_name = service username = {{ ironic_inspector_keystone_user }} password = {{ ironic_inspector_keystone_password }} os_endpoint_type = internalURL +{% else %} +auth_type = none +endpoint_override = {{ ironic_internal_endpoint }} +{% endif %} +{% if enable_keystone | bool %} [keystone_authtoken] www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} @@ -32,6 +41,7 @@ password = {{ ironic_inspector_keystone_password }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} +{% endif %} {% if ironic_policy_file is defined %} [oslo_policy] diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2 index c21b8b1e21..718b2421d4 100644 --- a/ansible/roles/ironic/templates/ironic.conf.j2 +++ b/ansible/roles/ironic/templates/ironic.conf.j2 @@ -59,7 +59,6 @@ memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} {% endif %} - {% if enable_cinder | bool %} [cinder] auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} @@ -69,8 +68,9 @@ user_domain_id = default project_name = service username = {{ ironic_keystone_user }} password = {{ ironic_keystone_password }} - {% endif %} + +{% if enable_glance | bool %} [glance] glance_api_servers = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} @@ -80,7 +80,9 @@ user_domain_id = default project_name = service username = {{ ironic_keystone_user }} password = {{ ironic_keystone_password }} +{% endif %} +{% if enable_neutron | bool %} [neutron] url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} @@ -91,9 +93,11 @@ project_name = service username = {{ ironic_keystone_user }} password = {{ ironic_keystone_password }} cleaning_network = {{ ironic_cleaning_network }} +{% endif %} [inspector] enabled = true +{% if enable_keystone | bool %} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} auth_type = password project_domain_id = default @@ -101,7 +105,10 @@ user_domain_id = default project_name = service username = {{ ironic_keystone_user }} password = {{ ironic_keystone_password }} -service_url = {{ ironic_inspector_internal_endpoint }} +{% else %} +auth_type=none +{% endif %} +endpoint_override = {{ ironic_inspector_internal_endpoint }} [agent] deploy_logs_local_path = /var/log/kolla/ironic @@ -128,3 +135,8 @@ http_url = {{ ironic_ipxe_url }} [oslo_middleware] enable_proxy_headers_parsing = True + +{% if not enable_neutron | bool %} +[dhcp] +dhcp_provider = none +{% endif %} diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 5686aad338..0b95913d3c 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -171,6 +171,19 @@ kolla_internal_vip_address: "10.10.10.254" # Valid options are [ none, novnc, spice, rdp ] #nova_console: "novnc" +# These roles are required for Kolla to be operation, however a savvy deployer +# could disable some of these required roles and run their own services. +#enable_glance: "{{ enable_openstack_core | bool }}" +#enable_haproxy: "yes" +#enable_keepalived: "{{ enable_haproxy | bool }}" +#enable_keystone: "{{ enable_openstack_core | bool }}" +#enable_mariadb: "yes" +#enable_memcached: "yes" +#enable_neutron: "{{ enable_openstack_core | bool }}" +#enable_nova: "{{ enable_openstack_core | bool }}" +#enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}" +#enable_outward_rabbitmq: "{{ enable_murano | bool }}" + # OpenStack services can be enabled or disabled with these options #enable_aodh: "no" #enable_barbican: "no" @@ -202,9 +215,8 @@ kolla_internal_vip_address: "10.10.10.254" #enable_freezer: "no" #enable_gnocchi: "no" #enable_grafana: "no" -#enable_haproxy: "yes" -#enable_heat: "yes" -#enable_horizon: "yes" +#enable_heat: "{{ enable_openstack_core | bool }}" +#enable_horizon: "{{ enable_openstack_core | bool }}" #enable_horizon_blazar: "{{ enable_blazar | bool }}" #enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}" #enable_horizon_congress: "{{ enable_congress | bool }}" @@ -264,7 +276,8 @@ kolla_internal_vip_address: "10.10.10.254" #enable_octavia: "no" #enable_onos: "no" #enable_opendaylight: "no" -#enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' }}" +#enable_openstack_core: "yes" +#enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}" #enable_ovs_dpdk: "no" #enable_osprofiler: "no" #enable_panko: "no" diff --git a/releasenotes/notes/ironic-standalone-66dbb02a190c8b5d.yaml b/releasenotes/notes/ironic-standalone-66dbb02a190c8b5d.yaml new file mode 100644 index 0000000000..2fd4f13636 --- /dev/null +++ b/releasenotes/notes/ironic-standalone-66dbb02a190c8b5d.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + Adds a new flag, ``enable_openstack_core``, which defaults to ``yes``. + Setting this flag to ``no`` will disable the core OpenStack services, + including Glance, Heat, Horizon, Keystone, Neutron, and Nova. + - | + Improves the default configuration of OpenStack Ironic when used in + standalone mode.