* Update openstack-ansible-os_ironic from branch 'master'
to d9cfc61d02439e5be7abf2daa8155deae0bb48c0
- Fixed typo for stackhpc-inspector-plugins package
Quick fix to address a typo in the URL for stackhpc-inspector-plugins.
Change-Id: Ie418974bc01d77f262d6593b3b9e3fb072a7be89
* Update openstack-ansible-os_ironic from branch 'master'
to 7425ad43139b8ddbcfd5c2c5fa9ada53dc8e72c8
- Merge "Fix a typo in pxe_redfish definition"
- Fix a typo in pxe_redfish definition
This typo leads for drivers misconfiguration and being unable to register
redfish as a proper driver.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/907180
Closes-Bug: #2050835
Change-Id: I0a2c3f3019f20c18dcfbc82847c432e656eda051
* Update openstack-ansible-os_ironic from branch 'master'
to 218724412be2da103fcdb96ba46fc9d0147bfb4a
- Allow to extend default ironic_driver_types
This patch implements extra variable that allows to define extra types
for ironic without need to fully override the existing ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/907180
Change-Id: Ic35dbeae949ba4425a0e352e51de64122b7c13d5
* Update openstack-ansible-os_ironic from branch 'master'
to 8a3b336ca31974d907c1978dcd4362abdac4de86
- Merge "Stop generating ssh keypair for ironic user"
- Stop generating ssh keypair for ironic user
There is no obvious need to have an SSH keypairs for ironic user
I was not able to find any proof in the project installation guide that
such keypairs were ever needed. Thus, such functionality is removed.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: I493d5f5aa0a915e7bc9fb7dbcd2673749c0b95d3
* Update openstack-ansible-os_ironic from branch 'master'
to ed85e8d2b1e925463ef9c4a142b70e49dabd27ea
- Use common value for inspector callback URL
It appears this was missed in patch
Ib8d53b394937405c821687b1c46b2b19112267dd
This patch conforms the other pxe config to use the same
inspector callback URL
Change-Id: I5eee7d054bb4eda70acbaab9885c3985efb04002
* Update openstack-ansible-os_ironic from branch 'master'
to fcde81e4a75a22a09cc24448800b2d2780009bab
- Add quorum queues support for service
This change implements and enables by default quorum support
for rabbitmq as well as providing default variables to globally tune
it's behaviour.
In order to ensure upgrade path and ability to switch back to HA queues
we change vhost names with removing leading `/`, as enabling quorum
requires to remove exchange which is tricky thing to do with running
services.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/896017
Change-Id: I0f6ae74be36c0cb7a2270cfa1085c44e6dd4dc77
* Update openstack-ansible-os_ironic from branch 'master'
to 0f2e50ba418011aac4d9d0cb8fa27e0813f4b645
- Merge "Fix lack of constraints for ironic-inspector"
- Fix lack of constraints for ironic-inspector
OSA playbooks only call this role once for all Ironic containers
(API and inspector). As a result, the wheel builds only happen
once. If the first host (which is responsible for wheel builds)
is an API container, these vars would prevent Ironic inspector
requirements being accounted for, and as such no matching
constraints will be generated.
When the venv is deployed to the Ironic inspector container,
the lack of constraints can cause dependencies which are too new
to be installed, causing the service to fail.
Alternatively this role could be called twice by the playbook
for differing container/host roles, but as inspector is expected
to be merged into ironic at some point this feels equally valid.
Change-Id: I3952a4e5514824381410d87ed6d535f13ec40498
* Update openstack-ansible-os_ironic from branch 'master'
to f5180b7ba111c8ea3d6e0a4ab6b8d66363bf18d6
- Stop reffering _member_ role
Keystone has stopped providing or reffering `_member_` role for a while,
thus role should not be refferenced anymore.
Moreover, with 2023.1 service policies have dropped `_member_`
which resulted in the role to be insufficient for basic operations.
Change-Id: I3ee97d4b7a3070211dbba3824f9d605da3b8bd01
Related-Bug: #2029486
* Update openstack-ansible-os_ironic from branch 'master'
to 7226653ad9b1aa6d2ae3da1947e1f62271ca4b15
- Fix linters and metadata
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: I1ab9664505068c20924370790322caa67cc6e022
* Update openstack-ansible-os_ironic from branch 'master'
to 36468adfac42fd57a9217f99950eb269568f2148
- Define ipa-insecure=1 in LXC example
In LXC example, the BMAAS network is not routable to any other networks
nor to the internal VIP.
It means that Ironic Python Agent(IPA) is not able to communicate with
ironic API and ironic inspector over haproxy.
To solve that issue, `ironic_inspector_callback_url` and
`ironic_ironic_conf_overrides.service_catalog.endpoint_override` values
were overriden to instruct IPA to communicate with ironic api/inspector
backends directly on BMAAS network(instead of going via HAProxy on
management network).
It may cause a problem with certificate verification if these backends
are listening on https because most likely they are using self-signed
certificate.
As a workaround, `ipa-insecure=1` kernel parameter[1] is added to IPA
for both inspection and deployment.
[1] https://docs.openstack.org/ironic-python-agent/latest/install/index.html#ipa-and-tls
Change-Id: Idfb5a4e9bf4f39441fc99b5aa78500d6195e6da0
* Update openstack-ansible-os_ironic from branch 'master'
to e1aea9e9fd7e81e902012806f8ccf3264a5b61c1
- Merge "Add driver type for redfish"
- Add driver type for redfish
Change-Id: I4a3d455cdddea3c0273c8350e0ddbbf0a0114cac
* Update openstack-ansible-os_ironic from branch 'master'
to a8cd6a765823f5357694ce62cb2453b58cf578d3
- Merge "Add TLS support to ironic backends"
- Add TLS support to ironic backends
By overriding the variable `ironic_backend_ssl: True` HTTPS will
be enabled, disabling HTTP support on the ironic backend api.
The ansible-role-pki is used to generate the required TLS
certificates if this functionality is enabled.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/879085
Change-Id: If97a857c36e9e3e7ad8a18926bb9cbf04189c7cb
* Update openstack-ansible-os_ironic from branch 'master'
to 72cbb5c5e0f35db05d245f87551c925f37cbb623
- Add example networking-generic-switch user role for Arista switch
Change-Id: Ibb15f08fbeaf03e8a4f453066614a511ce7f250c
* Update openstack-ansible-os_ironic from branch 'master'
to e9fab281bd738cc2271f7719389474fd9c9157d4
- Ensure service is restarted on unit file changes
At the moment we don't restart services if systemd unit file is changed.
We knowingly prevent systemd_service role handlers to execute
by providing `state: started` as otherwise service will be restarted twice.
With that now we ensure that role handlers will also listen for systemd
unit changes.
Change-Id: Ia9d1164e1e38201244a062be95f936b314c5c56b
* Update openstack-ansible-os_ironic from branch 'master'
to e7099c1e473f53d07e1d62f2e05b956755da3740
- Merge "Add a no_driver ironic driver type"
- Add a no_driver ironic driver type
Enabling this driver type ensures that the no-console, no-raid
and no-inspect interfaces are enabled so that they can be later
configured on a per-node basis if required.
These interfaces are useful to have enabled at the same time as
driver specific interfaces such as idrac or ilo in order so that
managment of specific functions can be disabled if required.
Change-Id: I2904ba005e3fa18faf8ccf04661e206501fa4aa3
* Update openstack-ansible-os_ironic from branch 'master'
to 0d90a0875601167eb1ca9d490bb514aa876c10f0
- Merge "Enable raid interface implementations for ironic hardware drivers"
- Enable raid interface implementations for ironic hardware drivers
This patch enables the native raid driver implementation for each
of the hardware types defined in `ironic_driver_types`. If necessary
this can be overridden in ironic.conf using config overrides.
Change-Id: I28b39b391d307e0a4aa71e13337f646d872925ec
* Update openstack-ansible-os_ironic from branch 'master'
to 1740d361126dea61491f1b727abb89ca3da80fef
- Merge "Rename idrac interfaces to idrac-wsman"
- Rename idrac interfaces to idrac-wsman
idrac is the legacy name of the WSMAN interface. It has
been deprecated in favor of idrac-wsman and may be removed
in a future release of the idrac hardware type driver.
Change-Id: I2bf70374ac761c6ddeb8fc0b838470c036b70541
* Update openstack-ansible-os_ironic from branch 'master'
to ee60da284a79b9651646cf27ad78ae8470acd435
- Merge "Install socat and configure ipmtool-socat console interface"
- Install socat and configure ipmtool-socat console interface
This patch adds the `console` field to the ironic_driver_types
variable and then enables a set of console drivers in the ironic
config through the `enabled_console_interfaces` option.
If `ipmitool-socat` is one of the enabled drivers, then the socat
distro package is installed to support that.
Defaults are added for socat bind address and port range to
use.
[1] https://opendev.org/openstack/ironic/src/branch/master/doc/source/admin/upgrade-to-hardware-types.rst
Change-Id: I36dd1a0ec69e5702143a1a26bd5901fc88706e84
* Update openstack-ansible-os_ironic from branch 'master'
to f1b46e608c8541f59d44eb197a525068be28c36a
- Merge "Update ironic documentation"
- Update ironic documentation
* A concrete example for an LXC based deployment
* How to deploy multiple CPU architectures
* Debugging tips
Change-Id: Ic68cfc1116dd408c31948abbba92ac564f254b2b
* Update openstack-ansible-os_ironic from branch 'master'
to a2d0b5a1925e6b8959a867f55802ed6aba06011e
- Update IPA image for the Zed release
Change-Id: I0d32eb17594800d3df2b7197b002e9aac617185f
* Update openstack-ansible-os_ironic from branch 'master'
to 9dc138d3c1d1e50982b369e91e4966c31bf56dd2
- Update master for stable/zed
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I5fac67444cd64fe79689d957e86cea871854d5ec
* Update openstack-ansible-os_ironic from branch 'master'
to c305af301bda33d24a7c12633fd572456ef5f017
- Allow user defined extra files to be added to ironic tftp directory
Some of these files are already statically defined in the role vars,
but cannot be extended. The new variable ironic_tftp_extra_content
allows either local files (path:) or files from a web server (url:)
to be copied into the tftp server root.
A feature like this is needed to copy EFI firmware to the tftp root
for ironic node CPU architectures that are different to the
ironic control plane nodes. The EFI firmware is sometimes not
available from the system package manager for architechtures
different to the host CPU.
Change-Id: Ie30c009d0704b87c2298088935a7f2ec0d55c6fb
* Update openstack-ansible-os_ironic from branch 'master'
to 591399a999256845ddc0914410e13aa4c00073df
- Merge "Tidy definition of http dir for inspector"
- Tidy definition of http dir for inspector
The directory for the tftp server defined consistently between ironic
and inspector, but not for the http directory.
This patch makes the definition of the http directory work the same
way as the tftp one.
Change-Id: I8d893faa31e5858c4923cb12ef453ec9397db5df
* Update openstack-ansible-os_ironic from branch 'master'
to b4da13095e5ff23afaffcb3c087d1740c907e9ac
- Merge "Create /var/log/ironic directory"
- Create /var/log/ironic directory
This directory is used by ironic to write logs collected from
ironic-python-agent on nodes being deployed to the disk of the
controller. Without the directory errors occur and it is not possible
to read the log from the agent.
"Failed to store the logs from the node <uuid> deployment due a
file-system related error. Error: [Errno 13] Permission denied:
'/var/log/ironic'"
Change-Id: I25a03e35f29ad7a835dfd72447fa7d20c50fd85c
* Update openstack-ansible-os_ironic from branch 'master'
to ff48276ae520cb6372d54dd13f6f0b8bfdd6d31d
- Merge "Update variables for switchport introspection during inspection"
- Update variables for switchport introspection during inspection
1) The variable to allow processing hooks to be configured is used
in the ironic-inspector template but not documented in the role defaults.
Add the default and an example of usage.
2) When using LLDP to discover switchport connections during
inspection it is necessary to pass an additional kernel parameter
to the deploy image but there is no variable to allow this to
happen. This patch adds a variable that the deployer can use
to pass arbitrary kernel parameters to the deploy image.
Change-Id: I2f67dfcf4164e009bf53e9324bd430aec4c97dcb
* Update openstack-ansible-os_ironic from branch 'master'
to 1d20ba1a84ef74ba21d980a956bf869e0c25254b
- Merge "Add variable for user defined list of deploy images"
- Add variable for user defined list of deploy images
It might be needed to supply a list of extra deploy images as
well as the defaults, possibly to cover architectures in
addition to x86.
Change-Id: I2ecf21c44bac75b0e2cbf3bd786821ff0b7bf31a
* Update openstack-ansible-os_ironic from branch 'master'
to 9fb6b3df3ca6f9e9208fec256dc4e9532cdc9cb4
- Merge "Allow extra plugin installation ironic/inspector venvs"
- Allow extra plugin installation ironic/inspector venvs
Ironic and inspector are extensible via the stevedore framework.
In order to add extra plugins to the ironic and inspector venvs
extra variables are needed to supply user defined lists of python
packages to install.
Change-Id: I656abb90827486bbb69bf0ccd7e990fd680f2c51
* Update openstack-ansible-os_ironic from branch 'master'
to 0737ce3338b9fe87afe4c77a656fd004b2b561e3
- Merge "Refactor ironic deploy image handling."
- Refactor ironic deploy image handling.
The deploy image is required in two places in an ironic deployment,
first as images uploaded to glance for the ironic service, and second
as files on a web server for the ironic-inspector service.
Previously this role only placed the deploy images on the ironic
inspector web server, but this patch provides the functionality to
also upload the images to glance.
The variables for ironic deploy image source locations are
consolidated so that only one set are required to run the tasks
for both ironic and ironic-inspector, and several overrides are
available allowing the source to be overidden to a local mirror
easily.
Finally - the name of the files placed on the inspector web server
and into glance represent the upstream name of the image files rather
than generic names which lose versioning and release information.
Change-Id: I1aed9d97a4ddbfb70d2375f5204c55374d1067c9
* Update openstack-ansible-os_ironic from branch 'master'
to d79071dddf5cac4e8d488919705b79c9f5c90b9c
- Merge "Remove duplicate creation of nginx config directory"
- Remove duplicate creation of nginx config directory
ironic_nginx_conf_path already defaults to 'conf.d' so there
is no need to make it again.
Change-Id: I2fb8921099706f50243d013a97bd5b54dddaaabd
* Update openstack-ansible-os_ironic from branch 'master'
to 3ec52b3414918c1bafefae234e58765c2412e015
- Merge "Allow ironic bmaas network gateway and dns servers to be undefined"
- Allow ironic bmaas network gateway and dns servers to be undefined
For a simple unrouted network these do not exist, but the role
currently forces bogus values to be given for the dhcpd template.
Allow the values to be unset to reduce confusion.
Change-Id: I609a05c50d1de5668f2b092e3a3ef1015e944fe6
* Update openstack-ansible-os_ironic from branch 'master'
to a74e0fb31ccd6ec670ad9bf48b72ed77272f8fe7
- Merge "Fix inspector auth config for ironic-api"
- Fix inspector auth config for ironic-api
This config block must be set on the ironic-api service so that it
can authenticate with the ironic-inspector service. With no config
in this block on the ironic-api service there is just an auth
failure when trying to inspect a baremetal node.
Change-Id: I7a43b7a1a393591ec85c1c91d37171f8c090878b
* Update openstack-ansible-os_ironic from branch 'master'
to 7794cbd60b1ca8d0e88782433119c7a90b9257e5
- Ensure nginx config is present for ironic inspector
In an LXC deployment, nginx runs in both the ironc-api and
ironic-inspector containers. The api container can use ipxe to
boot the deployment and user images when `ironic_ipxe_enabled'
is true. The inspector container can use ipxe to independantly
serve the deploy images during inspection.
On a metal deployment these nginx instances are co-located on the
same host and share the same config files and directory structure
so no additional config is needed for inspectors nginx instance.
In an LXC depoyment the api and inspector containers need their
own individual nginx configuration to be written. This patch adds
that configuration for inspector.
A future patch could refactor the code so that only one set of
tasks is needed to deploy the nginx config to both inspector
and api.
Change-Id: Ida20e6835c6ca1c941fa76eadecf3d49e8b1239f
* Update openstack-ansible-os_ironic from branch 'master'
to b09526d494609a01d1afc00015c37bb63103a9b5
- Pass CA pass to Swift CLI
Swift requires CA path to be set either with OS_CACERT env var or with
simmilar flag passed to command.
Change-Id: I40e4a0ae0e702fdc9bfbb18dcc6ef1ea3f84926f
* Update openstack-ansible-os_ironic from branch 'master'
to ab6999da9dae04f23e52ea5a103fd954af85e274
- Merge "Allow ironic inspector callback URL to be overridden"
- Allow ironic inspector callback URL to be overridden
Define the callback URL in the role defaults so it can be specifically
overridden rather than needing to use config_template to override
the entire kernel parameters line in the inspector ipxe config.
Change-Id: Ib8d53b394937405c821687b1c46b2b19112267dd
* Update openstack-ansible-os_ironic from branch 'master'
to f1f3efb9746894714ebe59d93d477b6109c50116
- Replace git-core with git for debian
With ansible-core 2.13 it tries to substitude package resolution in apt
module.
However git-core is used in Debian as transitional name, but ansible
tries to select it and provide version, which is not correct behaviour.
But since git-core is not really valid anyway, we just replace it
to workaround ansible's imperfectness.
Change-Id: I37db2654b6bb5339373befc708b4318a8edb1db5
* Update openstack-ansible-os_ironic from branch 'master'
to c78e5c19f99b880ca87a408e5998ed83394eb174
- Merge "Replace pxe_append_params with kernel_pxe_params in ironic.conf"
- Replace pxe_append_params with kernel_pxe_params in ironic.conf
Ironic has replaced deprecated pxe_append_params config option
with kernel_pxe_params. The ironic.conf template has been changed
accordingly, but support remains for config override
ironic_pxe_append_params.
Change-Id: Icedd2b8f0e81607caba93afd34557bd4c3a88b4d
* Update openstack-ansible-os_ironic from branch 'master'
to b7b167aea087deadbcff7abfd1e733dc75e795cc
- Remove redundant vars line
This line snuck in with I097989555a5bd3c84a8cbe992ee64f1a3dd956c9
probably to bring it in line with other OSA roles, but should already
be covered by the distribution_major_version line above.
Change-Id: Ib4a369bb27e5e0fce47ddb955dab951e6871319a
* Update openstack-ansible-os_ironic from branch 'master'
to b4161545b35997c7e660400d881c32bbf44c2f0e
- Bind http and tftp services to the bmaas network
Currently the ironic role uses ansible_host as the IP to bind these
services to, which means that in an LXC deployment it is not
possible to provision ironic hosts on the bmaas network as
the services are instead bound to the mgmt network.
The code worked previously as it is most likley developed on metal
and the CI job does not actually enrol/provision a node so the
test coverage is very small.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/852174
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/854231
Change-Id: Id544d395f42f4c36a17e9c20a35aeb56a5e3bf03
* Update openstack-ansible-os_ironic from branch 'master'
to da1056d416b63fd8738170a496e1aa7f6fd0ab9f
- Merge "Install only the required dhcp config files for inspector"
- Install only the required dhcp config files for inspector
There is a choice of dnsmasq or isc-dhcpd from the role defaults,
only install the config file for the one that is in use.
Change-Id: I2ab5709789582c5de4b703e78c8ddd9672fc5ca8
* Update openstack-ansible-os_ironic from branch 'master'
to 908f96d5f4f9d7991e1319225daf3c69059af3dd
- Remove ironic_server from inventory
Nothing references this group, and it is empty in a deployment
running the ironic service.
Change-Id: Icede4166fa64b92572602103c0e9b8a455597bae
* Update openstack-ansible-os_ironic from branch 'master'
to e02da148549cc77dd5c80caa0b35fb990fd6c4aa
- Remove [keystone] configuration block
The [keystone] configuration block no longer exists in ironic.conf
and was deprecated in Queens. Use 'region_name' option in the
following sections - '[service_catalog]', '[neutron]', '[glance]',
'[cinder]', '[swift]' and '[inspector]' to configure region for those
services individually.
Change-Id: I40a073f9aa6e40f35dffab6223308a18fa98e7ac
* Update openstack-ansible-os_ironic from branch 'master'
to 20a533dd535bec90ba69f3b25008351dd47e6d7d
- Support service tokens
Implement support for service_tokens. For that we convert
role_name to be a list along with renaming corresponding variable.
Additionally service_type is defined now for keystone_authtoken which
enables to validate tokens with restricted access rules
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690
Change-Id: I1d70c2c46fef6ffc0fcebe4b56a0ecdedc1d3298
* Update openstack-ansible-os_ironic from branch 'master'
to d88b2f50c0c3115affc4ae868b3e1fb681821a11
- Allow redhat vars file to cover different RHEL derivatives
Some paths are hardcoded to 'centos', when these are actually 'rocky'
on Rocky Linux installations. Use an ansible fact to obtain the correct
path.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/846224
Change-Id: Id6694d61d874a8542971075cb2377fb7f38bca96
* Update openstack-ansible-os_ironic from branch 'master'
to 3c71d45c0d88a6c7c3a7089d426ebf57f7667693
- Switch sphinx language to en
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: I7c9cb9da12c921fd8531f88e6d33852e0076e1b2
* Update openstack-ansible-os_ironic from branch 'master'
to 28795b1050251f5dd5c1eb4d2d85e1e74d562f7a
- Merge "Update Ironic Inspector for Metal Deployments"
- Update Ironic Inspector for Metal Deployments
This patchset aims to correct some design limitations with the current
ironic-inspector deploy process.
- a new ironic-inspector-dnsmasq service has been created to split
inspector-specific dnsmasq configuration out of the base dnsmasq
config files
- PXE/iPXE and UEFI support for ironic-inspector boot
- (todo) documentation improvements and diagrams
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/823426
Change-Id: Ib5cbb28f97dd7421bfecb815def89305f3b1da33