This is supported in kolla-ansible via the ironic_inspector_pxe_filter
variable, which can be added to globals.yml. The default value for that
variable changed in the Stein release from 'iptables' to 'dnsmasq',
since the iptables filter does not work with Docker CE [1].
This change removes the inspector_manage_firewall variable.
This change also adds an iptables rule in CI tests to allow DHCP packets
to be forwarded, to ensure bare metal servers can be deployed.
[1] https://bugs.launchpad.net/kolla-ansible/+bug/1823044
Depends-On: https://review.openstack.org/649673
Change-Id: Idac6777b4d97fbd17698fc2086ceb068d7b2e326
Related-Bug: #1823044
The IPA ramdisk and kernel images may be built or downloaded via a URL.
If the latter option is used, any images previously downloaded to
$KOLLA_CONFIG_PATH/config/ironic/ironic-agent.* would previously not be
updated if the image contents change.
This change introduces variables for setting a URL to a file containing
checksums for the images. The algorithm used to compute the checksum is
also configurable (default sha256). This allows us to ensure we are
using the correct version of the image, while avoiding an expensive few
hundred megabyte image download just to check.
If a checksum is not specified, the image will be downloaded every time
to ensure that it is up to date.
Change-Id: I8120518ed98d61f3652f5205ce7ec9f798ab2aa1
Story: 2001660
Task: 6693
In environments without Swift we are currently unable to store hardware
introspection data. The inspection_store container runs an nginx server
that supports a restricted Swift-like HTTP API using WebDAV that supports
upload and retrieval of introspection data.
The current implementation only works if all compute nodes in the system
have the same interface name for their provisioning network. This change
adds a default value and a map for exceptions
Some Dell switch OSs (including Dell Network OS 9.10(0.1)) do not support
sending interface port description TLVs correctly. Instead of sending the
interface description, they send the interface name (e.g. TenGigabitEthernet
1/1/1). This breaks the discovery process which relies on Ironic node
introspection data containing the node's name in the interface port
description. We work around this here by creating an introspection rule for
each ironic node that matches against the switch system and the relevant
interface name, then sets the node's name appropriately.