Commit Graph

593 Commits

Author SHA1 Message Date
James Denton d9cfc61d02 Fixed typo for stackhpc-inspector-plugins package
Quick fix to address a typo in the URL for stackhpc-inspector-plugins.

Change-Id: Ie418974bc01d77f262d6593b3b9e3fb072a7be89
2024-02-15 08:53:56 -06:00
Zuul 7425ad4313 Merge "Fix a typo in pxe_redfish definition" 2024-02-13 15:49:59 +00:00
Dmitriy Rabotyagov ca0a92ee2a Fix a typo in pxe_redfish definition
This typo leads for drivers misconfiguration and being unable to register
redfish as a proper driver.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/907180
Closes-Bug: #2050835
Change-Id: I0a2c3f3019f20c18dcfbc82847c432e656eda051
2024-01-30 08:47:42 +00:00
Dmitriy Rabotyagov 218724412b Allow to extend default ironic_driver_types
This patch implements extra variable that allows to define extra types
for ironic without need to fully override the existing ones.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/907180
Change-Id: Ic35dbeae949ba4425a0e352e51de64122b7c13d5
2024-01-30 08:47:29 +00:00
Zuul 8a3b336ca3 Merge "Stop generating ssh keypair for ironic user" 2023-12-13 05:28:44 +00:00
Andrew Bonney ed85e8d2b1 Use common value for inspector callback URL
It appears this was missed in patch
Ib8d53b394937405c821687b1c46b2b19112267dd

This patch conforms the other pxe config to use the same
inspector callback URL

Change-Id: I5eee7d054bb4eda70acbaab9885c3985efb04002
2023-11-02 10:47:06 +00:00
Dmitriy Rabotyagov fcde81e4a7 Add quorum queues support for service
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.

In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: I0f6ae74be36c0cb7a2270cfa1085c44e6dd4dc77
2023-10-20 12:19:49 +00:00
Dmitriy Rabotyagov fb50e99438 Stop generating ssh keypair for ironic user
There is no obvious need to have an SSH keypairs for ironic user
I was not able to find any proof in the project installation guide that
such keypairs were ever needed. Thus, such functionality is removed.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: I493d5f5aa0a915e7bc9fb7dbcd2673749c0b95d3
2023-10-14 08:50:18 +00:00
Zuul 0f2e50ba41 Merge "Fix lack of constraints for ironic-inspector" 2023-08-17 13:04:51 +00:00
Dmitriy Rabotyagov f5180b7ba1 Stop reffering _member_ role
Keystone has stopped providing or reffering `_member_` role for a while,
thus role should not be refferenced anymore.

Moreover, with 2023.1 service policies have dropped `_member_`
which resulted in the role to be insufficient for basic operations.

Change-Id: I3ee97d4b7a3070211dbba3824f9d605da3b8bd01
Related-Bug: #2029486
2023-08-15 13:02:56 +02:00
Andrew Bonney a665f45a69 Fix lack of constraints for ironic-inspector
OSA playbooks only call this role once for all Ironic containers
(API and inspector). As a result, the wheel builds only happen
once. If the first host (which is responsible for wheel builds)
is an API container, these vars would prevent Ironic inspector
requirements being accounted for, and as such no matching
constraints will be generated.

When the venv is deployed to the Ironic inspector container,
the lack of constraints can cause dependencies which are too new
to be installed, causing the service to fail.

Alternatively this role could be called twice by the playbook
for differing container/host roles, but as inspector is expected
to be merged into ironic at some point this feels equally valid.

Change-Id: I3952a4e5514824381410d87ed6d535f13ec40498
2023-08-02 14:44:56 +01:00
Dmitriy Rabotyagov 7226653ad9 Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I1ab9664505068c20924370790322caa67cc6e022
2023-07-14 18:07:30 +02:00
Damian Dabrowski 36468adfac Define ipa-insecure=1 in LXC example
In LXC example, the BMAAS network is not routable to any other networks
nor to the internal VIP.
It means that Ironic Python Agent(IPA) is not able to communicate with
ironic API and ironic inspector over haproxy.
To solve that issue, `ironic_inspector_callback_url` and
`ironic_ironic_conf_overrides.service_catalog.endpoint_override` values
were overriden to instruct IPA to communicate with ironic api/inspector
backends directly on BMAAS network(instead of going via HAProxy on
management network).
It may cause a problem with certificate verification if these backends
are listening on https because most likely they are using self-signed
certificate.
As a workaround, `ipa-insecure=1` kernel parameter[1] is added to IPA
for both inspection and deployment.

[1] https://docs.openstack.org/ironic-python-agent/latest/install/index.html#ipa-and-tls

Change-Id: Idfb5a4e9bf4f39441fc99b5aa78500d6195e6da0
2023-05-23 18:57:22 +02:00
Zuul e1aea9e9fd Merge "Add driver type for redfish" 2023-05-04 23:13:50 +00:00
Zuul a8cd6a7658 Merge "Add TLS support to ironic backends" 2023-05-03 11:41:33 +00:00
Damian Dabrowski 61fd6b6e14 Add TLS support to ironic backends
By overriding the variable `ironic_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the ironic backend api.

The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: If97a857c36e9e3e7ad8a18926bb9cbf04189c7cb
2023-04-29 18:37:37 +02:00
Jonathan Rosser b10a951953 Add driver type for redfish
Change-Id: I4a3d455cdddea3c0273c8350e0ddbbf0a0114cac
2023-04-25 08:19:16 +01:00
Jonathan Rosser 72cbb5c5e0 Add example networking-generic-switch user role for Arista switch
Change-Id: Ibb15f08fbeaf03e8a4f453066614a511ce7f250c
2023-04-19 08:36:31 +01:00
Dmitriy Rabotyagov e9fab281bd Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.

We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now  we ensure that role handlers will also listen for systemd
unit changes.

Change-Id: Ia9d1164e1e38201244a062be95f936b314c5c56b
2023-04-10 14:08:08 +00:00
Zuul e7099c1e47 Merge "Add a no_driver ironic driver type" 2023-04-04 19:29:17 +00:00
Zuul 0d90a08756 Merge "Enable raid interface implementations for ironic hardware drivers" 2023-04-04 19:29:16 +00:00
Zuul 1740d36112 Merge "Rename idrac interfaces to idrac-wsman" 2023-04-04 19:29:14 +00:00
Zuul ee60da284a Merge "Install socat and configure ipmtool-socat console interface" 2023-04-04 19:29:13 +00:00
Zuul e4a068ce45 Merge "Remove deprecated support for cisco ucs and cims ironic drivers." 2023-04-04 19:25:07 +00:00
Jonathan Rosser 6eb9142fc6 Update IPA version for 2023.1 release of Ironic
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/877534
Change-Id: Ia3964416f0ccba49d2986aa2d8fc91c16a7a53da
2023-03-21 19:01:13 +00:00
Jonathan Rosser 0a5de94bf3 Add a no_driver ironic driver type
Enabling this driver type ensures that the no-console, no-raid
and no-inspect interfaces are enabled so that they can be later
configured on a per-node basis if required.

These interfaces are useful to have enabled at the same time as
driver specific interfaces such as idrac or ilo in order so that
managment of specific functions can be disabled if required.

Change-Id: I2904ba005e3fa18faf8ccf04661e206501fa4aa3
2023-03-21 19:00:45 +00:00
Jonathan Rosser b6550a4c3f Enable raid interface implementations for ironic hardware drivers
This patch enables the native raid driver implementation for each
of the hardware types defined in `ironic_driver_types`. If necessary
this can be overridden in ironic.conf using config overrides.

Change-Id: I28b39b391d307e0a4aa71e13337f646d872925ec
2023-03-21 19:00:41 +00:00
Jonathan Rosser 5e420cca3c Rename idrac interfaces to idrac-wsman
idrac is the legacy name of the WSMAN interface. It has
been deprecated in favor of idrac-wsman and may be removed
in a future release of the idrac hardware type driver.

Change-Id: I2bf70374ac761c6ddeb8fc0b838470c036b70541
2023-03-21 19:00:36 +00:00
Jonathan Rosser 11b162cfa3 Install socat and configure ipmtool-socat console interface
This patch adds the `console` field to the ironic_driver_types
variable and then enables a set of console drivers in the ironic
config through the `enabled_console_interfaces` option.

If `ipmitool-socat` is one of the enabled drivers, then the socat
distro package is installed to support that.

Defaults are added for socat bind address and port range to
use.

[1] https://opendev.org/openstack/ironic/src/branch/master/doc/source/admin/upgrade-to-hardware-types.rst

Change-Id: I36dd1a0ec69e5702143a1a26bd5901fc88706e84
2023-03-21 19:00:31 +00:00
Jonathan Rosser 50bb9dc8da Remove deprecated support for cisco ucs and cims ironic drivers.
These were deprecated some time ago [1] and so are removed from the
os_ironic role.

[1] https://lists.openstack.org/pipermail/openstack-discuss/2019-February/002460.html

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/877534
Change-Id: Ie857528cad187f6c65c84fef40565d7f81c130df
2023-03-21 19:00:26 +00:00
Zuul f1b46e608c Merge "Update ironic documentation" 2023-03-14 17:49:25 +00:00
Jonathan Rosser 4049c1ee5b Update ironic documentation
* A concrete example for an LXC based deployment
* How to deploy multiple CPU architectures
* Debugging tips

Change-Id: Ic68cfc1116dd408c31948abbba92ac564f254b2b
2023-03-08 18:13:39 +00:00
Jonathan Rosser a2d0b5a192 Update IPA image for the Zed release
Change-Id: I0d32eb17594800d3df2b7197b002e9aac617185f
2023-01-09 14:48:41 +00:00
OpenStack Release Bot 9dc138d3c1 Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.

Sem-Ver: feature
Change-Id: I5fac67444cd64fe79689d957e86cea871854d5ec
2022-12-13 13:15:30 +00:00
Jonathan Rosser c305af301b Allow user defined extra files to be added to ironic tftp directory
Some of these files are already statically defined in the role vars,
but cannot be extended. The new variable ironic_tftp_extra_content
allows either local files (path:) or files from a web server (url:)
to be copied into the tftp server root.

A feature like this is needed to copy EFI firmware to the tftp root
for ironic node CPU architectures that are different to the
ironic control plane nodes. The EFI firmware is sometimes not
available from the system package manager for architechtures
different to the host CPU.

Change-Id: Ie30c009d0704b87c2298088935a7f2ec0d55c6fb
2022-12-12 12:36:40 +00:00
Zuul 591399a999 Merge "Tidy definition of http dir for inspector" 2022-12-09 12:44:51 +00:00
Zuul b4da13095e Merge "Create /var/log/ironic directory" 2022-12-08 22:17:39 +00:00
Zuul ff48276ae5 Merge "Update variables for switchport introspection during inspection" 2022-12-08 21:45:15 +00:00
Zuul 1d20ba1a84 Merge "Add variable for user defined list of deploy images" 2022-12-08 21:41:52 +00:00
Zuul 9fb6b3df3c Merge "Allow extra plugin installation ironic/inspector venvs" 2022-12-08 21:41:51 +00:00
Zuul 0737ce3338 Merge "Refactor ironic deploy image handling." 2022-12-08 19:07:16 +00:00
Jonathan Rosser 71d201fcba Allow extra plugin installation ironic/inspector venvs
Ironic and inspector are extensible via the stevedore framework.
In order to add extra plugins to the ironic and inspector venvs
extra variables are needed to supply user defined lists of python
packages to install.

Change-Id: I656abb90827486bbb69bf0ccd7e990fd680f2c51
2022-12-08 18:00:08 +00:00
Jonathan Rosser 7521ced334 Create /var/log/ironic directory
This directory is used by ironic to write logs collected from
ironic-python-agent on nodes being deployed to the disk of the
controller. Without the directory errors occur and it is not possible
to read the log from the agent.

"Failed to store the logs from the node <uuid> deployment due a
file-system related error. Error: [Errno 13] Permission denied:
'/var/log/ironic'"

Change-Id: I25a03e35f29ad7a835dfd72447fa7d20c50fd85c
2022-12-08 14:54:22 +00:00
Zuul 7fa685167c Merge "Enable /healtcheck for Ironic APIs" 2022-12-07 16:22:02 +00:00
Jonathan Rosser ba1d9e9d4b Tidy definition of http dir for inspector
The directory for the tftp server defined consistently between ironic
and inspector, but not for the http directory.

This patch makes the definition of the http directory work the same
way as the tftp one.

Change-Id: I8d893faa31e5858c4923cb12ef453ec9397db5df
2022-12-07 14:04:19 +00:00
Jonathan Rosser db106d8b88 Add variable for user defined list of deploy images
It might be needed to supply a list of extra deploy images as
well as the defaults, possibly to cover architectures in
addition to x86.

Change-Id: I2ecf21c44bac75b0e2cbf3bd786821ff0b7bf31a
2022-12-07 14:04:11 +00:00
Jonathan Rosser 5d29fb4e17 Update variables for switchport introspection during inspection
1) The variable to allow processing hooks to be configured is used
in the ironic-inspector template but not documented in the role defaults.
Add the default and an example of usage.

2) When using LLDP to discover switchport connections during
inspection it is necessary to pass an additional kernel parameter
to the deploy image but there is no variable to allow this to
happen. This patch adds a variable that the deployer can use
to pass arbitrary kernel parameters to the deploy image.

Change-Id: I2f67dfcf4164e009bf53e9324bd430aec4c97dcb
2022-12-07 14:04:02 +00:00
Jonathan Rosser b974a6c0e0 Refactor ironic deploy image handling.
The deploy image is required in two places in an ironic deployment,
first as images uploaded to glance for the ironic service, and second
as files on a web server for the ironic-inspector service.

Previously this role only placed the deploy images on the ironic
inspector web server, but this patch provides the functionality to
also upload the images to glance.

The variables for ironic deploy image source locations are
consolidated so that only one set are required to run the tasks
for both ironic and ironic-inspector, and several overrides are
available allowing the source to be overidden to a local mirror
easily.

Finally - the name of the files placed on the inspector web server
and into glance represent the upstream name of the image files rather
than generic names which lose versioning and release information.

Change-Id: I1aed9d97a4ddbfb70d2375f5204c55374d1067c9
2022-12-07 15:03:32 +01:00
Zuul d79071dddf Merge "Remove duplicate creation of nginx config directory" 2022-12-06 21:53:19 +00:00
Zuul 3ec52b3414 Merge "Allow ironic bmaas network gateway and dns servers to be undefined" 2022-12-06 19:32:07 +00:00