Ironic standalone with KEA

Change-Id: I9951293c8a39ca01619279db27b12108cb76ad21
2016-11-23 16:13:27 +02:00 · 2016-11-23 16:13:27 +02:00 · ba83f8c47a
parent f76f8c8fa3
commit ba83f8c47a
9 changed files with 192 additions and 5 deletions
--- a/docker/ironic-dhcp/Dockerfile.j2
+++ b/docker/ironic-dhcp/Dockerfile.j2
@ -0,0 +1,12 @@
+FROM {{ image_spec("base-tools") }}
+MAINTAINER {{ maintainer }}
+
+COPY sid.list /etc/apt/sources.list.d/sid.list
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        mysql-client \
+        kea-dhcp4-server \
+        kea-admin \
+    && apt-get clean
+
+USER root
--- a/docker/ironic-dhcp/sid.list
+++ b/docker/ironic-dhcp/sid.list
@ -0,0 +1 @@
+deb http://httpredir.debian.org/debian sid main
--- a/service/files/defaults.yaml
+++ b/service/files/defaults.yaml
@ -23,6 +23,21 @@ configs:
      external_port: 6388
      use_swift: false

+    standalone:
+      enable: false
+      dhcp:
+        db:
+          username: kea
+          password: password
+          name: kea
+        interface: ens9
+        subnet:
+          cidr: 10.200.2.0/24
+          start: 10.200.2.100
+          end: 10.200.2.200
+          gateway: 10.200.2.2
+          nameservers: 10.11.0.174
+
 sources:
  openstack/ironic:
    git_url: https://git.openstack.org/openstack/ironic.git
--- a/service/files/ironic.conf.j2
+++ b/service/files/ironic.conf.j2
@ -12,8 +12,12 @@ enabled_drivers = {{ ironic.enabled_drivers }}
 enabled_network_interfaces = noop,flat
 default_network_interface = flat

+{% if ironic.standalone.enable %}
+auth_strategy=noauth
+{% endif %}
+
 [api]
-public_endpoint = {{ address('ironic', ironic.api_port, external=True, with_scheme=True) }}
+public_endpoint = http://ironic.ccp.external:80
 host_ip = {{ network_topology["private"]["address"] }}
 port = {{ ironic.api_port.cont }}

@ -21,6 +25,11 @@ port = {{ ironic.api_port.cont }}
 connection = mysql+pymysql://{{ ironic.db.username }}:{{ ironic.db.password }}@{{ address('mariadb', mariadb.port) }}/{{ ironic.db.name }}
 max_retries = -1

+[conductor]
+api_url = http://ironic.ccp.external:80
+automated_clean = {{ ironic.automated_clean }}
+
+{% if not ironic.standalone.enable %}
 [keystone_authtoken]
 auth_uri = {{ address('keystone', keystone.public_port, with_scheme=True) }}
 auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
@ -41,10 +50,6 @@ project_name = service
 username = {{ ironic.username }}
 password = {{ ironic.password }}

-[conductor]
-api_url = {{ address('ironic', ironic.api_port, external=True, with_scheme=True) }}
-automated_clean = {{ ironic.automated_clean }}
-
 [neutron]
 auth_type = password
 auth_url = {{ address('keystone', keystone.public_port, with_scheme=True) }}
@ -70,6 +75,10 @@ glance_api_servers = {{ address('glance-api', glance.api_port, with_scheme=True)
 swift_endpoint_url = {{ address('radosgw', radosgw.port, external=True, with_scheme=True) }}
 swift_temp_url_key = {{ ironic.swift_temp_url_key }}
 temp_url_endpoint_type = radosgw
+{% else %}
+[dhcp]
+dhcp_provider=none
+{% endif %}

 [pxe]
 pxe_append_params = nofb nomodeset vga=normal console=ttyS0 systemd.journald.forward_to_console=yes ipa-debug=1
@ -79,6 +88,7 @@ tftp_master_path = /var/lib/ironic/tftpboot/master_images
 {% if ironic.ipxe.enable %}
 ipxe_enabled = True
 ipxe_use_swift = {{ ironic.ipxe.use_swift }}
+ipxe_server_enabled = True
 pxe_bootfile_name=undionly.kpxe
 pxe_config_template=$pybasedir/drivers/modules/ipxe_config.template

--- a/service/files/kea-dhcp4.conf.j2
+++ b/service/files/kea-dhcp4.conf.j2
@ -0,0 +1,101 @@
+{
+"Dhcp4":
+{
+
+  "interfaces-config": {
+    "interfaces": [ "{{ ironic.standalone.dhcp.interface }}" ]
+  },
+
+  "client-classes":
+  [
+    {
+      "name": "baremetal",
+#      "test": "substring(option[77].hex,0,4) == 'iPXE'",
+      "test": "'1' == '1'",
+      "option-data":
+      [
+        {
+          "name": "boot-file-name",
+          "code": 67,
+          "space": "dhcp4",
+          "data": "http://ironic.ccp.external:80/v1/ipxe"
+        },
+       {
+         "name": "routers",
+         "data": "{{ ironic.standalone.dhcp.subnet.gateway }}"
+       },
+       {
+         "name": "domain-name-servers",
+         "data": "{{ ironic.standalone.dhcp.subnet.nameservers }}"
+       }
+      ]
+    }
+  ],
+
+  "lease-database": {
+    "type": "mysql",
+    "name": "{{ ironic.standalone.dhcp.db.name }}",
+    "host": "{{ address('mariadb') }}",
+    "port": "{{ mariadb.port.cont }}",
+    "user": "{{ ironic.standalone.dhcp.db.username }}",
+    "password": "{{ ironic.standalone.dhcp.db.password }}"
+  },
+
+  "hosts-database": {
+    "type": "mysql",
+    "name": "{{ ironic.standalone.dhcp.db.name }}",
+    "host": "{{ address('mariadb') }}",
+    "port": "{{ mariadb.port.cont }}",
+    "user": "{{ ironic.standalone.dhcp.db.username }}",
+    "password": "{{ ironic.standalone.dhcp.db.password }}"
+  },
+
+# Setup reclamation of the expired leases and leases affinity.
+# Expired leases will be reclaimed every 10 seconds. Every 25
+# seconds reclaimed leases, which have expired more than 3600
+# seconds ago, will be removed. The limits for leases reclamation
+# are 100 leases or 250 ms for a single cycle. A warning message
+# will be logged if there are still expired leases in the
+# database after 5 consecutive reclamation cycles.
+  "expired-leases-processing": {
+    "reclaim-timer-wait-time": 10,
+    "flush-reclaimed-timer-wait-time": 25,
+    "hold-reclaimed-time": 3600,
+    "max-reclaim-leases": 100,
+    "max-reclaim-time": 250,
+    "unwarned-reclaim-cycles": 5
+  },
+
+# Global (inherited by all subnets) lease lifetime is mandatory parameter.
+  "valid-lifetime": 4000,
+
+  "subnet4": [
+    {
+      "subnet": "{{ ironic.standalone.dhcp.subnet.cidr }}",
+      "pools": [ { "pool": "{{ ironic.standalone.dhcp.subnet.start }} - {{ ironic.standalone.dhcp.subnet.end }}" } ],
+      "client-class": "baremetal"
+    }
+  ]
+},
+
+"Logging":
+{
+  "loggers": [
+    {
+      "name": "kea-dhcp4",
+      "output_options": [
+          {
+            "output": "stdout"
+          }
+      ],
+{% if ironic.logging_debug %}
+      "severity": "DEBUG",
+{% else %}
+      "severity": "INFO",
+{% endif %}
+      "debuglevel": 0
+    },
+  ]
+}
+
+}
--- a/service/files/nginx-ipxe.conf.j2
+++ b/service/files/nginx-ipxe.conf.j2
@ -0,0 +1,4 @@
+server {
+  listen {{ network_topology["private"]["address"] }}:{{ ironic.ipxe.external_port }};
+  root /var/lib/ironic/httpboot;
+}
--- a/service/ironic-api.yaml
+++ b/service/ironic-api.yaml
@ -26,6 +26,7 @@ service:
            - ironic-db-create
          files:
            - ironic.conf
+        # {% if not ironic.standalone.enable %}
        - name: ironic-user-create
          type: single
          command: openstack user create --project service --password {{ ironic.password }} {{ ironic.username }}
@ -59,6 +60,7 @@ service:
          type: single
          command: openstack endpoint create --region RegionOne baremetal admin
                   {{ address('ironic-api', ironic.api_port, with_scheme=True) }}
+        # {% endif %}
      daemon:
        command: ironic-api --config-file /etc/ironic/ironic.conf
        files:
--- a/service/ironic-conductor.yaml
+++ b/service/ironic-conductor.yaml
@ -13,6 +13,7 @@ service:
        - name: ironic
          type: host
          path: /var/lib/ironic
+      # {% if not ironic.standalone.enable %}
      pre:
        - name: ironic-post-swift-tempurl-key
          dependencies:
@ -23,13 +24,17 @@ service:
                   --os-project-name service --os-project-domain-name default --os-user-domain-name default
                   --os-username {{ ironic.username }} --os-password {{ ironic.password }}
                   post -m "Temp-URL-Key:{{ ironic.swift_temp_url_key }}"
+      # {% endif %}
      daemon:
        command: ironic-conductor --config-file /etc/ironic/ironic.conf
        files:
          - ironic.conf
        dependencies:
          - ironic-db-sync
+          # {% if not ironic.standalone.enable %}
          - ironic-post-swift-tempurl-key
+          # {% endif %}
+    # {% if not ironic.standalone.enable %}
    - name: ironic-pxe
      image: ironic-pxe
      probes:
@ -50,6 +55,7 @@ service:
                 /var/lib/ironic/tftpboot
        files:
          - pxe-bootstrap.sh
+    # {% endif %}
    # {% if ironic.ipxe.enable %}
    - name: ironic-ipxe
      image: ironic-ipxe
--- a/service/ironic-dhcp.yaml
+++ b/service/ironic-dhcp.yaml
@ -0,0 +1,36 @@
+service:
+  name: ironic-dhcp
+  hostNetwork: true
+  containers:
+    - name: ironic-dhcp
+      image: ironic-dhcp
+      probes:
+        readiness: "true"
+        liveness:
+          command: "true"
+          type: "exec"
+      pre:
+        - name: ironic-dhcp-db-create
+          type: single
+          command: mysql -v -u root -p{{ db.root_password }} -h {{ address('mariadb') }} -P {{ mariadb.port.cont }} -e
+                   'create database `{{ ironic.standalone.dhcp.db.name }}`; grant all privileges on `{{ ironic.standalone.dhcp.db.name }}`.* to
+                   "{{ ironic.standalone.dhcp.db.username }}"@"%" identified by "{{ ironic.standalone.dhcp.db.password }}"'
+          dependencies:
+            - mariadb
+        - name: ironic-dhcp-db-sync
+          type: single
+          command: mysql -v -u root -p{{ db.root_password }} -h {{ address('mariadb') }} -P {{ mariadb.port.cont }}
+                   {{ ironic.standalone.dhcp.db.name }} < /usr/share/kea-admin/scripts/mysql/dhcpdb_create.mysql
+          dependencies:
+            - ironic-dhcp-db-create
+        - name: test
+          command: cat /etc/kea/kea-dhcp4.conf
+      daemon:
+        command: /usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
+        files:
+          - kea-dhcp4.conf
+files:
+  kea-dhcp4.conf:
+    path: /etc/kea/kea-dhcp4.conf
+    content: kea-dhcp4.conf.j2
+    perm: "0600"
				`@ -0,0 +1 @@`
				`deb http://httpredir.debian.org/debian sid main`