openstack
/
tripleo-docs
Code Issues Proposed changes

Document using Ironic Ansible deploy interface 

Implements: blueprint ansible-deploy
Change-Id: I3a3b0973e87368df3a8d44510078f55545f5c37e
This commit is contained in:
Dmitry Tantsur 2017-12-07 12:40:12 +01:00
parent 68830e4a25
commit 91d1884574
2 changed files with 163 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
doc/source/install/advanced_deployment/ansible_deploy_interface.rst Normal file
View File

@ -0,0 +1,162 @@
Extending overcloud nodes provisioning
======================================
Starting with the Queens release, the new *ansible* deploy interface is
available in Ironic. Unlike the default `iSCSI deploy interface`_, it is
highly customizable through operator-provided Ansible playbooks. These
playbooks will run on the target image when Ironic boots the deploy ramdisk.
.. TODO(dtantsur): link to ansible interface docs when they merge
.. warning::
The ansible deploy interface support in TripleO is technical preview in
the Queens release. This guide may change substantially as the feature
is stabilizing.
.. note::
This feature is not related to the ongoing work of switching overcloud
configuration to Ansible.
Enabling Ansible deploy
-----------------------
The *ansible* deploy interface is enabled by default starting with Queens.
However, additional configuration is required when installing an undercloud.
Custom ansible playbooks
~~~~~~~~~~~~~~~~~~~~~~~~
To avoid modifying playbooks, provided by the distribution, you must copy
them to a new location that is accessible by Ironic. In this guide it is
``/var/lib/ironic``.
.. note::
Use of the ``/var/lib`` directory is not fully compliant to FHS. We do it
because for containerized undercloud this directory is shared between
the host and the ironic-conductor container.
#. Set up repositories and install the Ironic common package, if it is not
installed yet::
sudo yum install -y openstack-ironic-common
#. Copy the files to the new location (``/var/lib/ironic/playbooks``)::
sudo cp -R /usr/lib/python2.7/site-packages/ironic/drivers/modules/ansible/playbooks/ \
/var/lib/ironic
Installing undercloud
~~~~~~~~~~~~~~~~~~~~~
#. Generate an SSH key pair, for example::
ssh-keygen -t rsa -b 2048 -f ~/ipa-ssh -N ''
.. warning:: The private part should not be password-protected or Ironic
will not be able to use it.
#. Create a custom hieradata override. Pass the **public** SSH key for the
deploy ramdisk to the common PXE parameters, and set the new playbooks path.
For example, create a file called ``ansible-deploy.yaml`` with the
following content:
.. code-block:: yaml
ironic::drivers::ansible::default_username: 'root'
ironic::drivers::ansible::default_key_file: '/var/lib/ironic/ipa-ssh'
ironic::drivers::ansible::playbooks_path: '/var/lib/ironic/playbooks'
ironic::drivers::pxe::pxe_append_params: 'nofb nomodeset vga=normal selinux=0 sshkey="<INSERT PUBLIC KEY HERE>"'
#. Link to this file in your ``undercloud.conf``:
.. code-block:: ini
hieradata_override=/home/stack/ansible-deploy.yaml
#. Deploy or update your undercloud as usual.
#. Move the private key to ``/var/lib/ironic`` and ensure correct ACLs::
sudo mv ~/ipa-ssh /var/lib/ironic
sudo chown ironic:ironic /var/lib/ironic/ipa-ssh
sudo chmod 0600 /var/lib/ironic/ipa-ssh
Enabling temporary URLs
~~~~~~~~~~~~~~~~~~~~~~~
#. First, enable the ``admin`` user access to other Swift accounts::
$ openstack role add --user admin --project service ResellerAdmin
#. Check if the ``service`` account has a temporary URL key generated in the
Object Store service. Look for ``Temp-Url-Key`` properties in the output
of the following command::
$ openstack --os-project-name service object store account show
+------------+---------------------------------------+
| Field | Value |
+------------+---------------------------------------+
| Account | AUTH_97ae97383424400d8ee1a54c3a2c41a0 |
| Bytes | 2209530996 |
| Containers | 5 |
| Objects | 42 |
+------------+---------------------------------------+
#. If the property is not present, generate a value and add it::
$ openstack --os-project-name service object store account set \
--property Temp-URL-Key=$(uuidgen | sha1sum | awk '{print $1}')
Configuring nodes
-----------------
Nodes have to be explicitly configured to use the Ansible deploy. For example,
to configure all nodes, use::
for node in $(openstack baremetal node list -f value -c UUID); do
openstack baremetal node set $node --deploy-interface ansible
done
Editing playbooks
-----------------
.. TODO(dtantsur): link to ansible interface docs when they merge
Example: kernel arguments
~~~~~~~~~~~~~~~~~~~~~~~~~
Let's modify the playbooks to include additional kernel parameters for some
nodes.
#. Update ``/var/lib/ironic/playbooks/roles/configure/tasks/grub.yaml`` from
.. code-block:: yaml
- name: create grub config
become: yes
command: chroot {{ tmp_rootfs_mount }} /bin/sh -c '{{ grub_config_cmd }} -o {{ grub_config_file }}'
to
.. code-block:: yaml
- name: append kernel params
become: yes
lineinfile:
dest: "{{ tmp_rootfs_mount }}/etc/default/grub"
state: present
line: 'GRUB_CMDLINE_LINUX+=" {{ ironic_extra.kernel_params | default("") }}"'
- name: create grub config
become: yes
command: chroot {{ tmp_rootfs_mount }} /bin/sh -c '{{ grub_config_cmd }} -o {{ grub_config_file }}'
#. Set the newly introduced ``kernel_params`` extra variable to the desired
kernel parameters. For example, to update only compute nodes use::
for node in $(openstack baremetal node list -c Name -f value | grep compute); do
openstack baremetal node set $node \
--extra kernel_params='param1=value1 param2=value2'
done
.. _iSCSI deploy interface: https://docs.openstack.org/ironic/latest/admin/interfaces/deploy.html#iscsi-deploy

1
doc/source/install/advanced_deployment/baremetal_nodes.rst
View File

@ -15,3 +15,4 @@ Documentation on how to do advanced configuration of baremetal nodes in
introspection_data
whole_disk_images
uefi_boot
ansible_deploy_interface