Add local radosgw and API to ironic-conductor pod.
Currenty ironic depends on external dns, ingress, ssl, and network routing. To download image to baremetal node in provisioning network, traffic going from ceph to radosgw to ingress proxy and then to node. It utilizes all networks (storage, public, provisioning) and loads radosgw and ingress on controller nodes. This change introduces local radosgw and ironic API inside of ironic-conductor pod. For provision baremetal node, traffic will go from ceph to radosgw on ironic-conductor node and then to baremetal node. Also ironic provisioning will not depends on external network access, ingress, valid ssl, external dns. Change-Id: Ib2e2027ae80ad222e64c7e85cf7ddb1da95ca5ed
This commit is contained in:
parent
d66711c52d
commit
6c2daf043f
|
@ -9,4 +9,3 @@ RUN apt-get install -y --no-install-recommends \
|
|||
|
||||
RUN chmod 777 /run
|
||||
|
||||
USER ironic
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
[client.radosgw.gateway]
|
||||
key = {{ radosgw.key }}
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
[global]
|
||||
fsid = {{ ceph.fsid }}
|
||||
mon_host = {{ ceph.mon_host }}
|
||||
auth_cluster_required = cephx
|
||||
auth_service_required = cephx
|
||||
auth_client_required = cephx
|
||||
debug_rgw = 20
|
||||
|
||||
[client.radosgw.gateway]
|
||||
keyring = /var/lib/ceph/radosgw/ceph-rgw/keyring
|
||||
rgw socket path = /tmp/radosgw.sock
|
||||
log file = /var/log/ceph/ceph-rgw-{{ namespace }}.log
|
||||
rgw data = /var/lib/ceph/radosgw/ceph-rgw
|
||||
rgw frontends = civetweb port={{ radosgw.port.cont }} num_threads=50
|
||||
|
||||
rgw keystone api version = 3
|
||||
rgw keystone admin domain = Default
|
||||
rgw keystone admin project = {{ openstack.project_name }}
|
||||
rgw keystone url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
|
||||
rgw keystone accepted roles = Member, _member_, admin
|
||||
rgw keystone revocation interval = 900
|
||||
rgw s3 auth use keystone = true
|
||||
rgw keystone verify ssl = {{ keystone.tls.enabled }}
|
||||
rgw keystone admin user = {{ openstack.user_name }}
|
||||
rgw keystone admin password = {{ openstack.user_password }}
|
||||
|
|
@ -11,7 +11,7 @@ enabled_network_interfaces = noop,flat
|
|||
default_network_interface = flat
|
||||
|
||||
[api]
|
||||
public_endpoint = http://{{ address('ironic', ironic.api_port, external=True, with_scheme=False) }}
|
||||
public_endpoint = http://{{ network_topology["private"]["address"] }}:{{ ironic.api_port.cont }}
|
||||
host_ip = {{ network_topology["private"]["address"] }}
|
||||
port = {{ ironic.api_port.cont }}
|
||||
|
||||
|
@ -20,6 +20,7 @@ connection = mysql+pymysql://{{ ironic.db.username }}:{{ ironic.db.password }}@{
|
|||
max_retries = -1
|
||||
|
||||
{{ keystone_authtoken.keystone_authtoken(ironic.username, ironic.password) }}
|
||||
auth_version = 3
|
||||
|
||||
[service_catalog]
|
||||
auth_type = password
|
||||
|
@ -31,7 +32,7 @@ username = {{ ironic.username }}
|
|||
password = {{ ironic.password }}
|
||||
|
||||
[conductor]
|
||||
api_url = http://{{ address('ironic', ironic.api_port, external=True, with_scheme=False) }}
|
||||
api_url = http://{{ network_topology["private"]["address"] }}:{{ ironic.api_port.cont }}
|
||||
automated_clean = {{ ironic.automated_clean }}
|
||||
|
||||
[neutron]
|
||||
|
@ -56,7 +57,7 @@ password = {{ ironic.password }}
|
|||
|
||||
glance_api_servers = {{ address('glance-api', glance.api_port, with_scheme=True) }}
|
||||
|
||||
swift_endpoint_url = http://{{ address('radosgw', radosgw.port, external=True, with_scheme=False) }}
|
||||
swift_endpoint_url = http://{{ network_topology["private"]["address"] }}:{{ radosgw.port.cont }}/swift
|
||||
swift_temp_url_key = {{ ironic.swift.temp_url_key }}
|
||||
temp_url_endpoint_type = radosgw
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@ service:
|
|||
hostNetwork: true
|
||||
kind: DaemonSet
|
||||
containers:
|
||||
- name: ironic-conductor
|
||||
- name: conductor
|
||||
image: ironic-conductor
|
||||
probes:
|
||||
readiness: "true"
|
||||
|
@ -34,7 +34,7 @@ service:
|
|||
dependencies:
|
||||
- ironic-db-sync
|
||||
- ironic-post-swift-tempurl-key
|
||||
- name: ironic-pxe
|
||||
- name: pxe
|
||||
image: ironic-pxe
|
||||
probes:
|
||||
readiness: "true"
|
||||
|
@ -54,7 +54,7 @@ service:
|
|||
/var/lib/ironic/tftpboot
|
||||
files:
|
||||
- pxe-bootstrap.sh
|
||||
- name: ironic-ipxe
|
||||
- name: ipxe
|
||||
image: ironic-ipxe
|
||||
probes:
|
||||
readiness: "true"
|
||||
|
@ -69,6 +69,23 @@ service:
|
|||
command: nginx -g 'daemon off; error_log stderr;'
|
||||
files:
|
||||
- nginx-ipxe.conf
|
||||
- name: radosgw
|
||||
image: radosgw
|
||||
daemon:
|
||||
command: radosgw -c /etc/ceph/ceph.conf -n client.radosgw.gateway -d
|
||||
files:
|
||||
- ceph-conf
|
||||
- radosgw-ceph-key
|
||||
- radosgw-keyring
|
||||
- name: api
|
||||
image: ironic-api
|
||||
daemon:
|
||||
command: ironic-api --config-file /etc/ironic/ironic.conf
|
||||
files:
|
||||
- ironic.conf
|
||||
dependencies:
|
||||
- rpc
|
||||
- ironic-db-sync
|
||||
files:
|
||||
ironic.conf:
|
||||
path: /etc/ironic/ironic.conf
|
||||
|
@ -86,3 +103,12 @@ files:
|
|||
path: /home/ironic/.ssh/id_rsa
|
||||
content: ssh_key.j2
|
||||
perm: "0400"
|
||||
ceph-conf:
|
||||
path: /etc/ceph/ceph.conf
|
||||
content: ceph.conf.j2
|
||||
radosgw-ceph-key:
|
||||
path: /etc/ceph/ceph.client.radosgw.keyring
|
||||
content: ceph.client.radosgw.keyring.j2
|
||||
radosgw-keyring:
|
||||
path: /var/lib/ceph/radosgw/ceph-rgw/keyring
|
||||
content: ceph.client.radosgw.keyring.j2
|
||||
|
|
Loading…
Reference in New Issue