From d3edce127d0835791b40309d384e08368566d0da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fl=C3=A1vio=20Ramalho?= Date: Mon, 21 Nov 2016 10:00:00 -0300 Subject: [PATCH] Adds support for the ironic-oneview drivers [+Docs]. This change adds support for the oneview drivers (agent, iscsi). Note that changes on the ironic installation will occur only when the oneview drivers are being used (agent_pxe_oneview or iscsi_pxe_oneview are in the ironic_openstack_driver_list). This means that this patch should not change anything on the the default ironic installation (using agent_ipmitool driver). Change-Id: I969df888c6a8b68e7a1a0643b46eee4b546ec13c --- defaults/main.yml | 54 +++++- doc/source/configure-ironic.rst | 181 ++++++++++++++++++ handlers/main.yml | 7 + ...view-drivers-support-6d9c6c5a7e7bfc36.yaml | 4 + tasks/ironic_oneview_setup.yml | 58 ++++++ tasks/ironic_post_install.yml | 4 +- tasks/main.yml | 5 + templates/ironic-oneviewd.conf.j2 | 27 +++ templates/ironic.conf.j2 | 9 + 9 files changed, 344 insertions(+), 5 deletions(-) create mode 100644 releasenotes/notes/ironic-oneview-drivers-support-6d9c6c5a7e7bfc36.yaml create mode 100644 tasks/ironic_oneview_setup.yml create mode 100644 templates/ironic-oneviewd.conf.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 3ef5df76..f6e1aecb 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -48,6 +48,7 @@ ironic_lock_path: /var/lock/ironic # Ironic Program and Service names ironic_api_program_name: apache2 ironic_conductor_program_name: ironic-conductor +ironic_oneviewd_program_name: ironic-oneviewd python_ironic_client_program_name: ironic ironic_service_names: - "{{ ironic_api_program_name }}" @@ -94,6 +95,44 @@ ironic_standalone: False # that are performed on the node to ensure it is in a baseline # state and ready to be deployed to. ironic_automated_clean: false +# Set to 0 to disable erase devices on cleaning +ironic_erase_devices_priority: 10 + +## ironic-oneview +ironic_oneview_enabled: "{% if 'agent_pxe_oneview' in ironic_openstack_driver_list or + 'agent_pxe_oneview' in ironic_standalone_driver_list or + 'iscsi_pxe_oneview' in ironic_openstack_driver_list or + 'iscsi_pxe_oneview' in ironic_standalone_driver_list %}True{% else %}False{% endif %}" +ironic_oneview_manager_url: "" +ironic_oneview_username: "" +ironic_oneview_password: "" +ironic_oneview_allow_insecure_connections: False +ironic_oneview_tls_cacert_file: "None" +ironic_oneview_max_polling_attempts: 12 + +# ironic-oneviewd +# Polling interval in seconds for daemon to manage the nodes +ironic_oneviewd_retry_interval: 15 +# Size the of the RPC thread pool +ironic_oneviewd_rpc_thread_pool_size: 20 +# (Optional) Whether to enable the periodic tasks for OneView +# driver be aware when OneView hardware resources are taken +# and released by Ironic or OneView users and proactively +# manage nodes in clean fail state according to Dynamic +# Allocation model of hardware resources allocation in +# OneView +ironic_oneviewd_enable_periodic_tasks: True +# Period (in seconds) for periodic tasks to be executed when +# enable_periodic_tasks is True +ironic_oneviewd_periodic_check_interval: "{{ ironic_oneviewd_retry_interval }}" +# (Optional) Enable auditing of OneView API requests +ironic_oneviewd_audit_enabled: False +# Path to map file for OneView audit cases. Used only when +# OneView API audit is enabled +ironic_oneviewd_audit_map_file: "None" +# Path to OneView audit log file. Created only when Oneview +# API audit is enabled. +ironic_oneviewd_audit_output_file: "None" # Database ironic_galera_user: ironic @@ -112,10 +151,12 @@ ironic_keystone_auth_plugin: password # ironic_neutron_cleaning_network_name: "Name of cleaning network in neutron" # Integrated Openstack configuration -ironic_openstack_driver_list: "pxe_ipmitool, agent_ipmitool" ironic_enabled_network_interfaces_list: "flat,noop{{ (ironic_neutron_provisioning_network_uuid is defined) | ternary(',neutron','') }}" ironic_default_network_interface: "{{ (ironic_neutron_provisioning_network_uuid is defined) | ternary('neutron','flat') }}" -ironic_openstack_driver_list: agent_ipmitool +ironic_openstack_driver_list: + - agent_ipmitool + - pxe_ipmitool +ironic_openstack_driver_loaded_list: "{% for driver in ironic_openstack_driver_list %}{{ driver }}{% if not loop.last %},{% endif %}{% endfor %}" ironic_openstack_auth_strategy: keystone ironic_openstack_api_url: '' # Not required when we have keystone ironic_openstack_dhcp_provider: neutron @@ -123,7 +164,9 @@ ironic_openstack_sync_power_state_interval: 60 ironic_openstack_db_connection_string: "mysql+pymysql://{{ ironic_galera_user }}:{{ ironic_container_mysql_password }}@{{ ironic_galera_address }}/ironic" # Standalone Ironic configuration -ironic_standalone_driver_list: agent_ipmitool +ironic_standalone_driver_list: + - agent_ipmitool +ironic_standalone_driver_loaded_list: "{% for driver in ironic_standalone_driver_list %}{{ driver }}{% if not loop.last %},{% endif %}{% endfor %}" ironic_standalone_auth_strategy: noauth ironic_standalone_api_url: "api_url={{ ironic_service_internaluri }}/" ironic_standalone_dhcp_provider: none @@ -153,6 +196,10 @@ ironic_requires_pip_packages: - python-keystoneclient # Keystoneclient needed for the OSA keystone lib - httplib2 # for Ansible's uri module +ironic_oneview_optional_pip_packages: + - ironic-oneview-cli + - ironic-oneviewd + ironic_pip_packages: - PyMySQL - ironic @@ -193,6 +240,7 @@ ironic_role_project_group: ironic_all ### Config Overrides ironic_ironic_conf_overrides: {} +ironic_ironic_oneviewd_conf_overrides: {} ironic_rootwrap_conf_overrides: {} ironic_policy_overrides: {} diff --git a/doc/source/configure-ironic.rst b/doc/source/configure-ironic.rst index d8c4da49..8cf4193f 100644 --- a/doc/source/configure-ironic.rst +++ b/doc/source/configure-ironic.rst @@ -218,3 +218,184 @@ Now boot a node: nova boot --flavor ${FLAVOR_NAME} --image ${IMAGE_NAME} --key-name admin ${NODE_NAME} +Setup OpenStack-Ansible with ironic-OneView drivers +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +HP OneView is a single integrated platform, packaged as an appliance that +implements a software-defined approach to managing physical infrastructure. +The appliance supports scenarios such as deploying bare metal servers with +ironic (Bare Metal service). In this context, the HP OneView driver enables +the users of OneView to use ironic as a bare metal provider to their managed +physical hardware. + +Currently there are two ironic-OneView drivers: + +#. ``iscsi_pxe_oneview`` +#. ``agent_pxe_oneview`` + +.. important:: + + When using the ``iscsi_pxe_oneview`` drivers, install ironic-conductor + on metal. Add ``is_metal: true`` to the properties of the + ``ironic_conductor_container`` section in ``/opt/openstack-ansible/ + playbooks/inventory/env.d/ironic.yml`` before running the + ironic installation playbook. + + +Considering that the ironic images and network are already in place. +Configuring OpenStack-Ansible to set up ironic with the OneView drivers +requires the following variables to be defined in +``/etc/openstack_deploy/user_variables``: + +.. code-block:: yaml + + ## Ironic + ironic_openstack_driver_list: + - pxe_ipmitool + - agent_ipmitool + - agent_pxe_oneview + - iscsi_pxe_oneview + ironic_automated_clean: True + + ## Nova + nova_reserved_host_disk_mb: 0 + nova_reserved_host_memory_mb: 0 + nova_scheduler_host_subset_size: 99999999 + + ## ironic-oneviewd + ironic_oneview_manager_url: "" + ironic_oneview_username: "" + ironic_oneview_password: "" + +Replace ```` with the respective OneView resources. + +Run the os-ironic-install.yml playbook: + +.. code-block:: bash + + cd /opt/openstack-ansible/playbooks + openstack-ansible os-ironic-install.yml + +Adding bare metal nodes +----------------------- + +Ironic-OneView CLI is a command line interface tool for the OneView Drivers +for ironic. It allows the user to easily create and configure ironic nodes, +compatible with OneView Server Hardware objects, and create nova flavors to +match available Ironic nodes that use OneView drivers. It also offers the +option to migrate Ironic nodes using pre-allocation model to the dynamic +allocation model. + +#. Install ``ironic-oneview-cli`` on the utility container: + + .. code-block:: bash + + pip install ironic-oneview-cli + +#. Add the following variables to the openrc file: + + .. code-block:: bash + + export OV_AUTH_URL= + export OV_USERNAME= + export OV_PASSWORD= + export OS_IRONIC_NODE_DRIVER= + export OS_IRONIC_DEPLOY_KERNEL_UUID= + export OS_IRONIC_DEPLOY_RAMDISK_UUID= + + Replace ``<*_id>`` with the ID of the respective resource. Also replace + ```` with the respective OneView resources and + ```` with the driver being used to manage the node. + + .. note:: + + Optionally we can use ``ironic-oneview-cli`` to generate a configuration + file by running the following command: + + .. code-block:: bash + + ironic-oneview genrc + +#. Create Ironic nodes, based on available HPE OneView Server Hardware objects, + by running the following command: + + .. code-block:: bash + + . openrc + ironic-oneview node-create + + The tool will ask you to choose a valid Server Profile Template from those retrieved + from HPE OneView appliance: + + .. code-block:: bash + + Retrieving Server Profile Templates from OneView... + +----+------------------------+----------------------+---------------------------+ + | Id | Name | Enclosure Group Name | Server Hardware Type Name | + +----+------------------------+----------------------+---------------------------+ + | 1 | template-dcs-virt-enc3 | virt-enclosure-group | BL460c Gen8 3 | + | 2 | template-dcs-virt-enc4 | virt-enclosure-group | BL660c Gen9 1 | + +----+------------------------+----------------------+---------------------------+ + + Once a valid Server Profile Template has been chosen, the tool lists the available Server + Hardware that match the chosen Server Profile Template. Choose a Server Hardware to be + used as base to the Ironic node: + + .. code-block:: bash + + Listing compatible Server Hardware objects... + +----+-----------------+------+-----------+----------+----------------------+---------------------------+ + | Id | Name | CPUs | Memory MB | Local GB | Enclosure Group Name | Server Hardware Type Name | + +----+-----------------+------+-----------+----------+----------------------+---------------------------+ + | 1 | VIRT-enl, bay 5 | 8 | 32768 | 120 | virt-enclosure-group | BL460c Gen8 3 | + | 2 | VIRT-enl, bay 8 | 8 | 32768 | 120 | virt-enclosure-group | BL460c Gen8 3 | + +----+-----------------+------+-----------+----------+----------------------+---------------------------+ + + .. note:: + + Multiple Ironic nodes can be created at once by typing multiple Server Hardware IDs + separated by blank spaces. + + The created Ironic nodes will be in the *enroll* provisioning state, going to the + *manageable* state then *cleaning*. After a susccesfull cleaning the node + should be on the *available* state. This means that the node is ready to be + provisioned. + +Creating flavors +---------------- + +Run the following command to create Nova flavors compatible with available +Ironic nodes: + +.. code-block:: bash + + . openrc + ironic-oneview flavor-create + +The tool will now prompt you to choose a valid flavor configuration, according +to available Ironic nodes: + +.. code-block:: bash + + +----+------+---------+-----------+-------------------------------------+----------------------+-------------------------+ + | Id | CPUs | Disk GB | Memory MB | Server Profile Template | Server Hardware Type | Enclosure Group Name | + +----+------+---------+-----------+-------------------------------------+----------------------+-------------------------+ + | 1 | 8 | 120 | 8192 | second-virt-server-profile-template | BL460c Gen8 3 | virt-enclosure-group | + +----+------+---------+-----------+-------------------------------------+----------------------+-------------------------+ + +After choosing a valid configuration ID, you will be prompted to name the new +flavor. Leaving the field blank, a default name will be used. + +Deploying a bare metal node +--------------------------- + +Boot the node with the previously created flavor: + +.. code-block:: bash + + nova boot --flavor --image --key-name + +Replace ```` with the name of the flavor created using +ironic-oneview, also replace ```` with the name of the +image to be used to provision the node (user image) and ```` +with the key. diff --git a/handlers/main.yml b/handlers/main.yml index eb474651..93b18ab8 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -20,6 +20,13 @@ with_items: "{{ ironic_service_names }}" failed_when: false +- name: Restart ironic-oneviewd + service: + name: "ironic-oneviewd" + state: restarted + pattern: "ironic-oneviewd" + failed_when: false + - name: Restart tftpd-hpa service: name: "tftpd-hpa" diff --git a/releasenotes/notes/ironic-oneview-drivers-support-6d9c6c5a7e7bfc36.yaml b/releasenotes/notes/ironic-oneview-drivers-support-6d9c6c5a7e7bfc36.yaml new file mode 100644 index 00000000..bc76662f --- /dev/null +++ b/releasenotes/notes/ironic-oneview-drivers-support-6d9c6c5a7e7bfc36.yaml @@ -0,0 +1,4 @@ +features: + - Added support for ironic-OneView drivers. + Check the documentation on how to enable + them. diff --git a/tasks/ironic_oneview_setup.yml b/tasks/ironic_oneview_setup.yml new file mode 100644 index 00000000..c174ead9 --- /dev/null +++ b/tasks/ironic_oneview_setup.yml @@ -0,0 +1,58 @@ +--- +# Copyright 2016 Hewlett Packard Enterprise Development LP. +# Copyright 2016 Universidade Federal de Campina Grande +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +- name: Create ironic-oneviewd dir + file: + path: "/etc/ironic-oneviewd" + state: directory + owner: "{{ ironic_system_user_name }}" + group: "{{ ironic_system_group_name }}" + mode: "0755" + +- name: Install ironic-oneview pip packages (venv) + pip: + name: "{{ ironic_oneview_optional_pip_packages }}" + state: "{{ ironic_pip_package_state }}" + virtualenv: "{{ ironic_bin | dirname }}" + virtualenv_site_packages: "no" + extra_args: >- + {{ ironic_developer_mode | ternary('--constraint /opt/developer-pip-constraints.txt', '') }} + {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }} + {{ pip_install_options | default('') }} + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + +- include: ironic_init_common.yml + vars: + program_name: "{{ ironic_oneviewd_program_name }}" + service_name: "{{ ironic_service_name }}" + system_user: "{{ ironic_system_user_name }}" + system_group: "{{ ironic_system_group_name }}" + service_home: "{{ ironic_system_home_folder }}" + +- name: Generate ironic-oneviewd config + config_template: + src: "ironic-oneviewd.conf.j2" + dest: "/etc/ironic-oneviewd/ironic-oneviewd.conf" + owner: "{{ ironic_system_user_name }}" + group: "{{ ironic_system_group_name }}" + mode: "0644" + config_overrides: "{{ ironic_ironic_oneviewd_conf_overrides }}" + config_type: "ini" + notify: Restart ironic-oneviewd diff --git a/tasks/ironic_post_install.yml b/tasks/ironic_post_install.yml index 5338155b..7f5e3cbb 100644 --- a/tasks/ironic_post_install.yml +++ b/tasks/ironic_post_install.yml @@ -15,7 +15,7 @@ - name: Setup ironic for standalone usage set_fact: - ironic_driver_list: "{{ ironic_standalone_driver_list }}" + ironic_driver_list: "{{ ironic_standalone_driver_loaded_list }}" ironic_auth_strategy: "{{ ironic_standalone_auth_strategy }}" ironic_api_url: "{{ ironic_standalone_api_url }}" ironic_dhcp_provider: "{{ ironic_standalone_dhcp_provider }}" @@ -27,7 +27,7 @@ - name: Setup ironic for integrated Openstack usage set_fact: - ironic_driver_list: "{{ ironic_openstack_driver_list }}" + ironic_driver_list: "{{ ironic_openstack_driver_loaded_list }}" ironic_auth_strategy: "{{ ironic_openstack_auth_strategy }}" ironic_api_url: "{{ ironic_openstack_api_url }}" ironic_dhcp_provider: "{{ ironic_openstack_dhcp_provider }}" diff --git a/tasks/main.yml b/tasks/main.yml index ecf15767..0b5d758b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -42,6 +42,11 @@ tags: - ironic-install +- include: ironic_oneview_setup.yml + when: + - ironic_oneview_enabled | bool + - inventory_hostname in groups['ironic_conductor'] + - include: ironic_post_install.yml tags: - ironic-install diff --git a/templates/ironic-oneviewd.conf.j2 b/templates/ironic-oneviewd.conf.j2 new file mode 100644 index 00000000..b52fb250 --- /dev/null +++ b/templates/ironic-oneviewd.conf.j2 @@ -0,0 +1,27 @@ +[DEFAULT] +retry_interval = {{ ironic_oneviewd_retry_interval }} +rpc_thread_pool_size = {{ ironic_oneviewd_rpc_thread_pool_size }} + +[oneview] +manager_url = {{ ironic_oneview_manager_url }} +username = {{ ironic_oneview_username }} +password = {{ ironic_oneview_password }} +allow_insecure_connections = {{ ironic_oneview_allow_insecure_connections }} +tls_cacert_file = {{ ironic_oneview_tls_cacert_file }} +max_polling_attempts = {{ ironic_oneview_max_polling_attempts }} +enable_periodic_tasks = {{ ironic_oneviewd_enable_periodic_tasks }} +periodic_check_interval = {{ ironic_oneviewd_periodic_check_interval }} +audit_enabled = {{ ironic_oneviewd_audit_enabled }} +audit_map_file = {{ ironic_oneviewd_audit_map_file }} +audit_output_file = {{ ironic_oneviewd_audit_output_file }} + +[openstack] +auth_url = {{ keystone_service_adminuri }} +username = {{ ironic_service_user_name }} +password = {{ ironic_service_password }} +region_name = {{ keystone_service_region }} +insecure = {{ keystone_service_internaluri_insecure | bool }} +endpoint_type = internalURL +project_name = {{ ironic_service_project_name }} +user_domain_id = {{ ironic_service_user_domain_id }} +project_domain_id = {{ ironic_service_project_domain_id }} diff --git a/templates/ironic.conf.j2 b/templates/ironic.conf.j2 index 97a963fe..5a4f60cb 100644 --- a/templates/ironic.conf.j2 +++ b/templates/ironic.conf.j2 @@ -41,6 +41,7 @@ max_pool_size = {{ ironic_db_max_pool_size }} pool_timeout = {{ ironic_db_pool_timeout }} [deploy] +erase_devices_priority = {{ ironic_erase_devices_priority }} [dhcp] dhcp_provider = {{ ironic_dhcp_provider }} @@ -122,6 +123,14 @@ cleaning_network_uuid = {{ ironic_neutron_cleaning_network_uuid | default(ironic {% endif %} [oneview] +{% if ironic_oneview_enabled %} +manager_url = {{ ironic_oneview_manager_url }} +username = {{ ironic_oneview_username }} +password = {{ ironic_oneview_password }} +allow_insecure_connections = {{ ironic_oneview_allow_insecure_connections }} +tls_cacert_file = {{ ironic_oneview_tls_cacert_file }} +max_polling_attempts = {{ ironic_oneview_max_polling_attempts }} +{% endif %} [oslo_concurrency] lock_path = {{ ironic_lock_path }}