openstack/ironic
Code Issues Proposed changes

Merge "Add IPv6 ci Job"

Browse Source
This commit is contained in:
Zuul 2020-05-29 03:48:26 +00:00 committed by Gerrit Code Review
commit a06d5850c5
4 changed files with 267 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

223
devstack/lib/ironic
View File

@ -325,6 +325,9 @@ IRONIC_BIN_DIR=$(get_python_exec_prefix)
IRONIC_UWSGI_CONF=$IRONIC_CONF_DIR/ironic-uwsgi.ini IRONIC_UWSGI_CONF=$IRONIC_CONF_DIR/ironic-uwsgi.ini
IRONIC_UWSGI=$IRONIC_BIN_DIR/ironic-api-wsgi IRONIC_UWSGI=$IRONIC_BIN_DIR/ironic-api-wsgi
# Lets support IPv6 testing!
IRONIC_IP_VERSION=${IRONIC_IP_VERSION:-${IP_VERSION:-4}}
# Ironic connection info. Note the port must be specified. # Ironic connection info. Note the port must be specified.
if is_service_enabled tls-proxy; then if is_service_enabled tls-proxy; then
IRONIC_SERVICE_PROTOCOL=https IRONIC_SERVICE_PROTOCOL=https
@ -416,10 +419,43 @@ IRONIC_PROVISION_PROVIDER_NETWORK_TYPE=${IRONIC_PROVISION_PROVIDER_NETWORK_TYPE:
# This is only used if IRONIC_PROVISION_NETWORK_NAME has been set. # This is only used if IRONIC_PROVISION_NETWORK_NAME has been set.
IRONIC_PROVISION_SEGMENTATION_ID=${IRONIC_PROVISION_SEGMENTATION_ID:-} IRONIC_PROVISION_SEGMENTATION_ID=${IRONIC_PROVISION_SEGMENTATION_ID:-}
# Allocation network pool for provision network if [[ "$IRONIC_IP_VERSION" != '6' ]]; then
# Example: IRONIC_PROVISION_ALLOCATION_POOL=start=10.0.5.10,end=10.0.5.100 # NOTE(TheJulia): Lets not try and support mixed mode since the conductor
# This is only used if IRONIC_PROVISION_NETWORK_NAME has been set. # can't support mixed mode operation. We are either IPv4 OR IPv6.
IRONIC_PROVISION_ALLOCATION_POOL=${IRONIC_PROVISION_ALLOCATION_POOL:-'start=10.0.5.10,end=10.0.5.100'} IRONIC_IP_VERSION='4'
# Allocation network pool for provision network
# Example: IRONIC_PROVISION_ALLOCATION_POOL=start=10.0.5.10,end=10.0.5.100
# This is only used if IRONIC_PROVISION_NETWORK_NAME has been set.
IRONIC_PROVISION_ALLOCATION_POOL=${IRONIC_PROVISION_ALLOCATION_POOL:-'start=10.0.5.10,end=10.0.5.100'}
# With multinode case all ironic-conductors should have IP from provisioning network.
# IRONIC_PROVISION_SUBNET_GATEWAY - is configured on primary node.
# Ironic provision subnet gateway.
IRONIC_PROVISION_SUBNET_GATEWAY=${IRONIC_PROVISION_SUBNET_GATEWAY:-'10.0.5.1'}
IRONIC_PROVISION_SUBNET_SUBNODE_IP=${IRONIC_PROVISION_SUBNET_SUBNODE_IP:-'10.0.5.2'}
# Ironic provision subnet prefix
# Example: IRONIC_PROVISION_SUBNET_PREFIX=10.0.5.0/24
IRONIC_PROVISION_SUBNET_PREFIX=${IRONIC_PROVISION_SUBNET_PREFIX:-'10.0.5.0/24'}
else
IRONIC_IP_VERSION='6'
# NOTE(TheJulia): The IPv6 address devstack has identified is the
# local loopback. This does not really serve our purposes very
# well, so we need to setup something that will work.
if [[ "$HOST_IPV6" == '::1' ]] || [[ ! $HOST_IPV6 =~ "::" ]]; then
# We setup an address elsewhere because the service address of
# loopback cannot be used for v6 testing.
IRONIC_HOST_IPV6='fc00::1'
else
IRONIC_HOST_IPV6=$SERVICE_HOST
fi
IRONIC_PROVISION_SUBNET_GATEWAY=${IRONIC_PROVISION_SUBNET_GATEWAY:-'fc01::1'}
IRONIC_PROVISION_SUBNET_SUBNODE_IP=${IRONIC_PROVISION_SUBNET_SUBNODE_IP:-'fc01::2'}
IRONIC_PROVISION_SUBNET_PREFIX=${IRONIC_PROVISION_SUBNET_PREFIX:-'fc01::/64'}
IRONIC_TFTPSERVER_IP=$IRONIC_HOST_IPV6
fi
IRONIC_ROUTER_NAME=${Q_ROUTER_NAME:-router1}
# Ironic provision subnet name. # Ironic provision subnet name.
# This is only used if IRONIC_PROVISION_NETWORK_NAME has been set. # This is only used if IRONIC_PROVISION_NETWORK_NAME has been set.
@ -446,6 +482,8 @@ IRONIC_PROVISION_SUBNET_SUBNODE_IP=${IRONIC_PROVISION_SUBNET_SUBNODE_IP:-'10.0.5
IRONIC_PROVISION_SUBNET_PREFIX=${IRONIC_PROVISION_SUBNET_PREFIX:-'10.0.5.0/24'} IRONIC_PROVISION_SUBNET_PREFIX=${IRONIC_PROVISION_SUBNET_PREFIX:-'10.0.5.0/24'}
if [[ "$HOST_TOPOLOGY_ROLE" == "primary" ]]; then if [[ "$HOST_TOPOLOGY_ROLE" == "primary" ]]; then
# Some CI jobs get triggered without a HOST_TOPOLOGY_ROLE
# If so, none of this logic is, or needs to be executed.
IRONIC_TFTPSERVER_IP=$IRONIC_PROVISION_SUBNET_GATEWAY IRONIC_TFTPSERVER_IP=$IRONIC_PROVISION_SUBNET_GATEWAY
IRONIC_HTTP_SERVER=$IRONIC_PROVISION_SUBNET_GATEWAY IRONIC_HTTP_SERVER=$IRONIC_PROVISION_SUBNET_GATEWAY
fi fi
@ -454,6 +492,8 @@ if [[ "$HOST_TOPOLOGY_ROLE" == "subnode" ]]; then
IRONIC_HTTP_SERVER=$IRONIC_PROVISION_SUBNET_SUBNODE_IP IRONIC_HTTP_SERVER=$IRONIC_PROVISION_SUBNET_SUBNODE_IP
fi fi
# NOTE(TheJulia): Last catch for this being set or not.
# should only work for v4.
IRONIC_HTTP_SERVER=${IRONIC_HTTP_SERVER:-$IRONIC_TFTPSERVER_IP} IRONIC_HTTP_SERVER=${IRONIC_HTTP_SERVER:-$IRONIC_TFTPSERVER_IP}
# Port that must be permitted for iSCSI connections to be # Port that must be permitted for iSCSI connections to be
@ -488,10 +528,19 @@ TEMPEST_BAREMETAL_MIN_MICROVERSION=${TEMPEST_BAREMETAL_MIN_MICROVERSION:-}
# Define baremetal max_microversion in tempest config. No default value means that it is picked from tempest. # Define baremetal max_microversion in tempest config. No default value means that it is picked from tempest.
TEMPEST_BAREMETAL_MAX_MICROVERSION=${TEMPEST_BAREMETAL_MAX_MICROVERSION:-} TEMPEST_BAREMETAL_MAX_MICROVERSION=${TEMPEST_BAREMETAL_MAX_MICROVERSION:-}
# TODO(TheJulia): This PHYSICAL_NETWORK needs to be refactored in
# our devstack plugin. It is used by the neutron-legacy integration,
# however they want to name the new variable for the current neutron
# plugin NEUTRON_PHYSICAL_NETWORK. For now we'll do some magic and
# change it later once we migrate our jobs.
PHYSICAL_NETWORK=${NEUTRON_PHYSICAL_NETWORK:-${PHYSICAL_NETWORK:-}}
# get_pxe_boot_file() - Get the PXE/iPXE boot file path # get_pxe_boot_file() - Get the PXE/iPXE boot file path
function get_pxe_boot_file { function get_pxe_boot_file {
local pxe_boot_file local pxe_boot_file
if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
# TODO(TheJulia): This is not UEFI safe.
if is_ubuntu; then if is_ubuntu; then
pxe_boot_file=/usr/lib/ipxe/undionly.kpxe pxe_boot_file=/usr/lib/ipxe/undionly.kpxe
elif is_fedora || is_suse; then elif is_fedora || is_suse; then
@ -1200,6 +1249,33 @@ function configure_ironic_rescue_network {
} }
function configure_ironic_provision_network { function configure_ironic_provision_network {
if [[ "$IP_VERSION" == "6" ]]; then
# NOTE(TheJulia): Ideally we should let this happen
# with our global address, but iPXE seems to have in
# consistant behavior in this configuration with devstack.
# so we will setup a dummy interface and use that.
sudo ip link add magicv6 type dummy
sudo ip link set dev magicv6 up
sudo ip -6 addr add $IRONIC_HOST_IPV6/64 dev magicv6
fi
if is_service_enabled neutron-api; then
if [[ "$IRONIC_IP_VERSION" == "6" ]]; then
sudo sysctl -w net.ipv6.conf.all.proxy_ndp=1
configure_neutron_l3_lower_v6_ra
fi
# Neutron agent needs to be pre-configured before proceeding down the
# path of configuring the provision network. This was done for us in
# the legacy neutron code.
neutron_plugin_configure_plugin_agent
# This prior step updates configuration related to physnet mappings,
# and we must restart neutron as a result
stop_neutron
sleep 15
# By default, upon start, neutron tries to create the networks...
NEUTRON_CREATE_INITIAL_NETWORKS=False
start_neutron_api
start_neutron
fi
# This is only called if IRONIC_PROVISION_NETWORK_NAME has been set and # This is only called if IRONIC_PROVISION_NETWORK_NAME has been set and
# means we are using multi-tenant networking. # means we are using multi-tenant networking.
local net_id local net_id
@ -1225,12 +1301,28 @@ function configure_ironic_provision_network {
fi fi
local subnet_id local subnet_id
subnet_id="$(openstack subnet create --ip-version 4 \ if [[ "$IRONIC_IP_VERSION" == '4' ]]; then
${IRONIC_PROVISION_ALLOCATION_POOL:+--allocation-pool $IRONIC_PROVISION_ALLOCATION_POOL} \ subnet_id="$(openstack subnet create --ip-version 4 \
${net_segment_id:+--network-segment $net_segment_id} \ ${IRONIC_PROVISION_ALLOCATION_POOL:+--allocation-pool $IRONIC_PROVISION_ALLOCATION_POOL} \
$IRONIC_PROVISION_PROVIDER_SUBNET_NAME \ ${net_segment_id:+--network-segment $net_segment_id} \
--gateway $IRONIC_PROVISION_SUBNET_GATEWAY --network $net_id \ $IRONIC_PROVISION_PROVIDER_SUBNET_NAME \
--subnet-range $IRONIC_PROVISION_SUBNET_PREFIX -f value -c id)" --gateway $IRONIC_PROVISION_SUBNET_GATEWAY --network $net_id \
--subnet-range $IRONIC_PROVISION_SUBNET_PREFIX -f value -c id)"
else
subnet_id="$(openstack subnet create --ip-version 6 \
--ipv6-address-mode dhcpv6-stateful \
--ipv6-ra-mode dhcpv6-stateful \
--dns-nameserver 2001:4860:4860::8888 \
${net_segment_id:+--network-segment $net_segment_id} \
$IRONIC_PROVISION_PROVIDER_SUBNET_NAME \
--gateway $IRONIC_PROVISION_SUBNET_GATEWAY --network $net_id \
--subnet-range $IRONIC_PROVISION_SUBNET_PREFIX -f value -c id)"
# NOTE(TheJulia): router must be attached to the subnet for RAs.
openstack router add subnet $IRONIC_ROUTER_NAME $subnet_id
# We're going to be using this router of public access to tenant networks
PUBLIC_ROUTER_ID=$(openstack router show -c id -f value $IRONIC_ROUTER_NAME)
fi
die_if_not_set $LINENO subnet_id "Failure creating SUBNET_ID for $IRONIC_PROVISION_NETWORK_NAME" die_if_not_set $LINENO subnet_id "Failure creating SUBNET_ID for $IRONIC_PROVISION_NETWORK_NAME"
@ -1246,14 +1338,22 @@ function configure_ironic_provision_network {
# Set provision network GW on physical interface # Set provision network GW on physical interface
# Add vlan on br interface in case of IRONIC_PROVISION_PROVIDER_NETWORK_TYPE==vlan # Add vlan on br interface in case of IRONIC_PROVISION_PROVIDER_NETWORK_TYPE==vlan
# othervise assign ip to br interface directly. # othervise assign ip to br interface directly.
if [[ "$IRONIC_PROVISION_PROVIDER_NETWORK_TYPE" == "vlan" ]]; then sudo ip link set dev $OVS_PHYSICAL_BRIDGE up
sudo ip link add link $OVS_PHYSICAL_BRIDGE name $OVS_PHYSICAL_BRIDGE.$IRONIC_PROVISION_SEGMENTATION_ID type vlan id $IRONIC_PROVISION_SEGMENTATION_ID if [[ "$IRONIC_IP_VERSION" == "4" ]]; then
sudo ip link set dev $OVS_PHYSICAL_BRIDGE up if [[ "$IRONIC_PROVISION_PROVIDER_NETWORK_TYPE" == "vlan" ]]; then
sudo ip link set dev $OVS_PHYSICAL_BRIDGE.$IRONIC_PROVISION_SEGMENTATION_ID up sudo ip link add link $OVS_PHYSICAL_BRIDGE name $OVS_PHYSICAL_BRIDGE.$IRONIC_PROVISION_SEGMENTATION_ID type vlan id $IRONIC_PROVISION_SEGMENTATION_ID
sudo ip addr add dev $OVS_PHYSICAL_BRIDGE.$IRONIC_PROVISION_SEGMENTATION_ID $ironic_provision_network_ip/$provision_net_prefix sudo ip link set dev $OVS_PHYSICAL_BRIDGE.$IRONIC_PROVISION_SEGMENTATION_ID up
sudo ip -$IRONIC_IP_VERSION addr add dev $OVS_PHYSICAL_BRIDGE.$IRONIC_PROVISION_SEGMENTATION_ID $ironic_provision_network_ip/$provision_net_prefix
else
sudo ip -$IRONIC_IP_VERSION addr add dev $OVS_PHYSICAL_BRIDGE $ironic_provision_network_ip/$provision_net_prefix
fi
else else
sudo ip link set dev $OVS_PHYSICAL_BRIDGE up # Turn on the external/integration bridges, for IPV6.
sudo ip addr add dev $OVS_PHYSICAL_BRIDGE $ironic_provision_network_ip/$provision_net_prefix sudo ip link set dev br-ex up
sudo ip link set dev br-int up
sudo ip6tables -I FORWARD -i brbm -j LOG || true
sudo ip6tables -I FORWARD -i br-ex -j LOG || true
fi fi
iniset $IRONIC_CONF_FILE neutron provisioning_network $IRONIC_PROVISION_NETWORK_NAME iniset $IRONIC_CONF_FILE neutron provisioning_network $IRONIC_PROVISION_NETWORK_NAME
@ -1269,6 +1369,10 @@ function cleanup_ironic_provision_network {
done done
} }
function configure_neutron_l3_lower_v6_ra {
iniset $Q_L3_CONF_FILE DEFAULT min_rtr_adv_interval 5
}
# configure_ironic() - Set config files, create data dirs, etc # configure_ironic() - Set config files, create data dirs, etc
function configure_ironic { function configure_ironic {
configure_ironic_dirs configure_ironic_dirs
@ -1303,6 +1407,9 @@ function configure_ironic {
iniset_rpc_backend ironic $IRONIC_CONF_FILE iniset_rpc_backend ironic $IRONIC_CONF_FILE
fi fi
# Set IP version
iniset $IRONIC_CONF_FILE pxe ip_version $IRONIC_IP_VERSION
# Configure Ironic conductor, if it was enabled. # Configure Ironic conductor, if it was enabled.
if is_service_enabled ir-cond; then if is_service_enabled ir-cond; then
configure_ironic_conductor configure_ironic_conductor
@ -1512,11 +1619,15 @@ function configure_ironic_conductor {
fi fi
iniset $IRONIC_CONF_FILE DEFAULT rootwrap_config $IRONIC_ROOTWRAP_CONF iniset $IRONIC_CONF_FILE DEFAULT rootwrap_config $IRONIC_ROOTWRAP_CONF
iniset $IRONIC_CONF_FILE conductor api_url $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT iniset $IRONIC_CONF_FILE service_catalog endpoint_override "$IRONIC_SERVICE_PROTOCOL://$([[ $IRONIC_HTTP_SERVER =~ : ]] && echo "[$IRONIC_HTTP_SERVER]" || echo $IRONIC_HTTP_SERVER)/baremetal"
if [[ -n "$IRONIC_CALLBACK_TIMEOUT" ]]; then if [[ -n "$IRONIC_CALLBACK_TIMEOUT" ]]; then
iniset $IRONIC_CONF_FILE conductor deploy_callback_timeout $IRONIC_CALLBACK_TIMEOUT iniset $IRONIC_CONF_FILE conductor deploy_callback_timeout $IRONIC_CALLBACK_TIMEOUT
fi fi
iniset $IRONIC_CONF_FILE pxe tftp_server $IRONIC_TFTPSERVER_IP if [[ "$IRONIC_IP_VERSION" == "6" ]]; then
iniset $IRONIC_CONF_FILE pxe tftp_server $IRONIC_HOST_IPV6
else
iniset $IRONIC_CONF_FILE pxe tftp_server $IRONIC_TFTPSERVER_IP
fi
iniset $IRONIC_CONF_FILE pxe tftp_root $IRONIC_TFTPBOOT_DIR iniset $IRONIC_CONF_FILE pxe tftp_root $IRONIC_TFTPBOOT_DIR
iniset $IRONIC_CONF_FILE pxe tftp_master_path $IRONIC_TFTPBOOT_DIR/master_images iniset $IRONIC_CONF_FILE pxe tftp_master_path $IRONIC_TFTPBOOT_DIR/master_images
if [[ -n "$IRONIC_PXE_BOOT_RETRY_TIMEOUT" ]]; then if [[ -n "$IRONIC_PXE_BOOT_RETRY_TIMEOUT" ]]; then
@ -1592,7 +1703,7 @@ function configure_ironic_conductor {
iniset $IRONIC_CONF_FILE pxe uefi_pxe_config_template '$pybasedir/drivers/modules/ipxe_config.template' iniset $IRONIC_CONF_FILE pxe uefi_pxe_config_template '$pybasedir/drivers/modules/ipxe_config.template'
iniset $IRONIC_CONF_FILE pxe uefi_pxe_bootfile_name $uefipxebin iniset $IRONIC_CONF_FILE pxe uefi_pxe_bootfile_name $uefipxebin
iniset $IRONIC_CONF_FILE deploy http_root $IRONIC_HTTP_DIR iniset $IRONIC_CONF_FILE deploy http_root $IRONIC_HTTP_DIR
iniset $IRONIC_CONF_FILE deploy http_url "http://$IRONIC_HTTP_SERVER:$IRONIC_HTTP_PORT" iniset $IRONIC_CONF_FILE deploy http_url "http://$([[ $IRONIC_HTTP_SERVER =~ : ]] && echo "[$IRONIC_HTTP_SERVER]" || echo $IRONIC_HTTP_SERVER):$IRONIC_HTTP_PORT"
if [[ "$IRONIC_IPXE_USE_SWIFT" == "True" ]]; then if [[ "$IRONIC_IPXE_USE_SWIFT" == "True" ]]; then
iniset $IRONIC_CONF_FILE pxe ipxe_use_swift True iniset $IRONIC_CONF_FILE pxe ipxe_use_swift True
fi fi
@ -1933,18 +2044,40 @@ SUBSHELL
# Add route here to have connection to VMs during provisioning. # Add route here to have connection to VMs during provisioning.
local pub_router_id local pub_router_id
local r_net_gateway local r_net_gateway
pub_router_id=$(openstack router show $Q_ROUTER_NAME -f value -c id) local dns_server
r_net_gateway=$(sudo ip netns exec qrouter-$pub_router_id ip -4 route get 8.8.8.8 |grep dev | awk '{print $7}') local replace_range
local replace_range=${SUBNETPOOL_PREFIX_V4} if [[ "$IRONIC_IP_VERSION" == '4' ]]; then
if [[ -z "${SUBNETPOOL_V4_ID}" ]]; then dns_server="8.8.8.8"
replace_range=${FIXED_RANGE} if [[ -z "${SUBNETPOOL_V4_ID}" ]]; then
replace_range=${FIXED_RANGE}
else
replace_range=${SUBNETPOOL_PREFIX_V4}
fi
else
dns_server="2001:4860:4860::8888"
if [[ -z "${SUBNETPOOL_V6_ID}" ]]; then
replace_range=${FIXED_RANGE_V6}
else
replace_range=${SUBNETPOOL_PREFIX_V6}
fi
fi fi
pub_router_id=$(openstack router show $Q_ROUTER_NAME -f value -c id)
# Select the text starting at "src ", and grabbing the following field.
r_net_gateway=$(sudo ip netns exec qrouter-$pub_router_id ip -$IRONIC_IP_VERSION route get $dns_server |grep dev | sed s/^.*src\ // |awk '{ print $1 }')
sudo ip route replace $replace_range via $r_net_gateway sudo ip route replace $replace_range via $r_net_gateway
fi fi
# Here is a good place to restart tcpdump to begin capturing packets. # Here is a good place to restart tcpdump to begin capturing packets.
# See: https://docs.openstack.org/devstack/latest/debugging.html # See: https://docs.openstack.org/devstack/latest/debugging.html
# stop_tcpdump # stop_tcpdump
# start_tcpdump # start_tcpdump
if [[ "$IRONIC_IP_VERSION" == "6" ]]; then
# route us back through the neutron router!
sudo ip -6 route add $IRONIC_PROVISION_SUBNET_PREFIX via $IPV6_ROUTER_GW_IP
sudo ip link set dev br-ex up || true
# Route back to our test subnet. Static should be safe for a while.
sudo ip -6 route add fd00::/8 via $IPV6_ROUTER_GW_IP
fi
} }
function wait_for_nova_resources { function wait_for_nova_resources {
@ -2389,13 +2522,22 @@ function configure_iptables {
die_if_module_not_loaded nf_conntrack_tftp die_if_module_not_loaded nf_conntrack_tftp
die_if_module_not_loaded nf_nat_tftp die_if_module_not_loaded nf_nat_tftp
fi fi
################ NETWORK DHCP
# explicitly allow DHCP - packets are occasionally being dropped here # explicitly allow DHCP - packets are occasionally being dropped here
sudo iptables -I INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT || true sudo iptables -I INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT || true
# nodes boot from TFTP and callback to the API server listening on $HOST_IP # nodes boot from TFTP and callback to the API server listening on $HOST_IP
sudo iptables -I INPUT -d $IRONIC_TFTPSERVER_IP -p udp --dport 69 -j ACCEPT || true sudo iptables -I INPUT -d $IRONIC_TFTPSERVER_IP -p udp --dport 69 -j ACCEPT || true
# dhcpv6 which is the only way to transmit boot options
sudo ip6tables -I INPUT -d $IRONIC_HOST_IPV6 -p udp --dport 546:547 --sport 546:547 -j ACCEPT || true
sudo ip6tables -I INPUT -d $IRONIC_HOST_IPV6 -p udp --dport 69 -j ACCEPT || true
################ Webserver/API
# To use named /baremetal endpoint we should open default apache port # To use named /baremetal endpoint we should open default apache port
if [[ "$IRONIC_USE_WSGI" == "False" ]]; then if [[ "$IRONIC_USE_WSGI" == "False" ]]; then
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
sudo ip6tables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
# open ironic API on baremetal network # open ironic API on baremetal network
sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
# allow IPA to connect to ironic API on subnode # allow IPA to connect to ironic API on subnode
@ -2405,7 +2547,9 @@ function configure_iptables {
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 443 -j ACCEPT || true sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 443 -j ACCEPT || true
# open ironic API on baremetal network # open ironic API on baremetal network
sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport 80 -j ACCEPT || true sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport 80 -j ACCEPT || true
sudo ip6tables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport 80 -j ACCEPT || true
sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport 443 -j ACCEPT || true sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport 443 -j ACCEPT || true
sudo ip6tables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport 443 -j ACCEPT || true
fi fi
if is_deployed_by_agent; then if is_deployed_by_agent; then
# agent ramdisk gets instance image from swift # agent ramdisk gets instance image from swift
@ -2415,6 +2559,7 @@ function configure_iptables {
if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then
sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport $IRONIC_HTTP_PORT -j ACCEPT || true sudo iptables -I INPUT -d $IRONIC_HTTP_SERVER -p tcp --dport $IRONIC_HTTP_PORT -j ACCEPT || true
sudo ip6tables -I INPUT -d $IRONIC_HOST_IPV6 -p tcp --dport $IRONIC_HTTP_PORT -j ACCEPT || true
fi fi
if [[ "${IRONIC_STORAGE_INTERFACE}" == "cinder" ]]; then if [[ "${IRONIC_STORAGE_INTERFACE}" == "cinder" ]]; then
@ -2426,6 +2571,7 @@ function configure_iptables {
qrouter=$(sudo ip netns list | grep qrouter | awk '{print $1;}') qrouter=$(sudo ip netns list | grep qrouter | awk '{print $1;}')
if [[ ! -z "$qrouter" ]]; then if [[ ! -z "$qrouter" ]]; then
sudo ip netns exec $qrouter /sbin/iptables -A PREROUTING -t raw -p udp --dport 69 -j CT --helper tftp sudo ip netns exec $qrouter /sbin/iptables -A PREROUTING -t raw -p udp --dport 69 -j CT --helper tftp
sudo ip netns exec $qrouter /sbin/ip6tables -A PREROUTING -t raw -p udp --dport 69 -j CT --helper tftp || true
fi fi
} }
@ -2436,7 +2582,9 @@ function configure_tftpd {
sudo cp $IRONIC_TEMPLATES_DIR/tftpd-xinetd.template /etc/xinetd.d/tftp sudo cp $IRONIC_TEMPLATES_DIR/tftpd-xinetd.template /etc/xinetd.d/tftp
sudo sed -e "s|%TFTPBOOT_DIR%|$IRONIC_TFTPBOOT_DIR|g" -i /etc/xinetd.d/tftp sudo sed -e "s|%TFTPBOOT_DIR%|$IRONIC_TFTPBOOT_DIR|g" -i /etc/xinetd.d/tftp
sudo sed -e "s|%MAX_BLOCKSIZE%|$IRONIC_TFTP_BLOCKSIZE|g" -i /etc/xinetd.d/tftp sudo sed -e "s|%MAX_BLOCKSIZE%|$IRONIC_TFTP_BLOCKSIZE|g" -i /etc/xinetd.d/tftp
if [[ "$IRONIC_IP_VERSION" == '6' ]]; then
sudo sed -e "s|IPv4|IPv6|g" -i /etc/xinetd.d/tftp
fi
# setup tftp file mapping to satisfy requests at the root (booting) and # setup tftp file mapping to satisfy requests at the root (booting) and
# /tftpboot/ sub-dir (as per deploy-ironic elements) # /tftpboot/ sub-dir (as per deploy-ironic elements)
# this section is only for ubuntu and fedora # this section is only for ubuntu and fedora
@ -2814,6 +2962,23 @@ function ironic_configure_tempest {
if [[ -n "$IRONIC_PING_TIMEOUT" ]]; then if [[ -n "$IRONIC_PING_TIMEOUT" ]]; then
iniset $TEMPEST_CONFIG validation ping_timeout $IRONIC_PING_TIMEOUT iniset $TEMPEST_CONFIG validation ping_timeout $IRONIC_PING_TIMEOUT
fi fi
if [[ -n "$IRONIC_IP_VERSION" ]]; then
iniset $TEMPEST_CONFIG validation ip_version_for_ssh $IRONIC_IP_VERSION
fi
if [[ "$IRONIC_IP_VERSION" == "6" ]]; then
# No FIPs in V6 and we dynamically create networks...
# network_for_ssh is defaulted to public
iniset $TEMPEST_CONFIG validation network_for_ssh
iniset $TEMPEST_CONFIG validation connect_method fixed
iniset $TEMPEST_CONFIG network ipv6-private-subnet
if [ -n "${PUBLIC_ROUTER_ID:-}" ] ; then
# For IPv6 tempest is going to use a precreated router for
# access to the tenant networks (as we have set up routes to it)
# it needs to know the ID of the router and be admin to attach to it
iniset $TEMPEST_CONFIG network public_router_id $PUBLIC_ROUTER_ID
iniset $TEMPEST_CONFIG auth tempest_roles "admin"
fi
fi
if is_service_enabled nova; then if is_service_enabled nova; then
local bm_flavor_id local bm_flavor_id
@ -2856,7 +3021,11 @@ function ironic_configure_tempest {
iniset $TEMPEST_CONFIG baremetal partition_image_ref $image_uuid iniset $TEMPEST_CONFIG baremetal partition_image_ref $image_uuid
fi fi
iniset $TEMPEST_CONFIG baremetal whole_disk_image_url "http://$IRONIC_HTTP_SERVER:$IRONIC_HTTP_PORT/${IRONIC_WHOLEDISK_IMAGE_NAME}.img" if [[ "$IRONIC_IP_VERSION" == "6" ]]; then
iniset $TEMPEST_CONFIG baremetal whole_disk_image_url "http://$IRONIC_HOST_IPV6:$IRONIC_HTTP_PORT/${IRONIC_WHOLEDISK_IMAGE_NAME}.img"
else
iniset $TEMPEST_CONFIG baremetal whole_disk_image_url "http://$IRONIC_HTTP_SERVER:$IRONIC_HTTP_PORT/${IRONIC_WHOLEDISK_IMAGE_NAME}.img"
fi
iniset $TEMPEST_CONFIG baremetal whole_disk_image_checksum $(md5sum $FILES/${IRONIC_WHOLEDISK_IMAGE_NAME}.img) iniset $TEMPEST_CONFIG baremetal whole_disk_image_checksum $(md5sum $FILES/${IRONIC_WHOLEDISK_IMAGE_NAME}.img)
# NOTE(dtantsur): keep this option here until the defaults change in # NOTE(dtantsur): keep this option here until the defaults change in

1
devstack/plugin.sh
View File

@ -36,6 +36,7 @@ if is_service_enabled ir-api ir-cond; then
if [[ "$IRONIC_BAREMETAL_BASIC_OPS" == "True" && "$IRONIC_IS_HARDWARE" == "False" ]]; then if [[ "$IRONIC_BAREMETAL_BASIC_OPS" == "True" && "$IRONIC_IS_HARDWARE" == "False" ]]; then
echo_summary "Precreating bridge: $IRONIC_VM_NETWORK_BRIDGE" echo_summary "Precreating bridge: $IRONIC_VM_NETWORK_BRIDGE"
install_package openvswitch-switch
sudo ovs-vsctl -- --may-exist add-br $IRONIC_VM_NETWORK_BRIDGE sudo ovs-vsctl -- --may-exist add-br $IRONIC_VM_NETWORK_BRIDGE
fi fi

68
zuul.d/ironic-jobs.yaml
View File

@ -684,6 +684,74 @@
SWIFT_ENABLE_TEMPURLS: True SWIFT_ENABLE_TEMPURLS: True
SWIFT_TEMPURL_KEY: secretkey SWIFT_TEMPURL_KEY: secretkey
- job:
name: ironic-tempest-ipxe-ipv6
description: ironic-tempest-ipxe-ipv6
parent: ironic-base
required-projects:
- openstack/networking-generic-switch
vars:
tempest_test_timeout: 2400
devstack_services:
# NOTE(TheJulia): It seems our devstack plugin does not play well
# with multitenancy and the newer neutron service names.
neutron: True
neutron-api: True
neutron-agent: True
neutron-dhcp: True
neutron-l3: True
neutron-metadata-agent: False
neutron-metering: False
q-agt: False
q-dhcp: False
q-l3: False
q-meta: False
q-metering: False
q-svc: False
swift: True
devstack_plugins:
ironic: git://git.openstack.org/openstack/ironic
networking-generic-switch: git://git.openstack.org/openstack/networking-generic-switch
# NOTE(TheJulia): Nova default behavior is to rely upon stack defaults, v6 needs to
# be explicit. This is the best place to wire it in.
tempest_test_regex: BaremetalSingleTenant
devstack_localrc:
IRONIC_AGENT_IMAGE_DOWNLOAD_SOURCE: http
IPV6_ENABLED: True
IP_VERSION: 6
SERVICE_IP_VERSION: 6
IRONIC_AUTOMATED_CLEAN_ENABLED: False
IRONIC_ENABLED_BOOT_INTERFACES: ipxe,pxe
IRONIC_DEFAULT_BOOT_INTERFACE: ipxe
IRONIC_IPXE_ENABLED: True
IRONIC_PROVISION_NETWORK_NAME: ironic-provision
OVS_PHYSICAL_BRIDGE: brbm
NEUTRON_PHYSICAL_NETWORK: mynetwork
NEUTRON_TENANT_VLAN_RANGE: 100:150
IRONIC_ENABLED_NETWORK_INTERFACES: flat,neutron
IRONIC_NETWORK_INTERFACE: neutron
IRONIC_DEFAILT_DEPLOY_INTERFACE: direct
IRONIC_DEFAILT_RESCUE_INTERFACE: no-rescue
IRONIC_USE_LINK_LOCAL: True
IRONIC_TEMPEST_WHOLE_DISK_IMAGE: True
IRONIC_VM_EPHEMERAL_DISK: 0
# This will swap and needs to get to tinycore soon.
IRONIC_VM_COUNT: 2
IRONIC_VM_SPECS_RAM: 2048
IRONIC_VM_SPECS_CPU: 2
Q_PLUGIN: ml2
ENABLE_TENANT_VLANS: True
Q_ML2_TENANT_NETWORK_TYPE: vlan
NEUTRON_TENANT_NETWORK_TYPE: vlan
OVS_BRIDGE_MAPPINGS: "public:br-ex,mynetwork:brbm"
USE_PROVIDER_NETWORKING: True
PUBLIC_PHYSICAL_NETWORK: public
PUBLIC_PROVIDERNET_TYPE: flat
Q_USE_PROVIDERNET_FOR_PUBLIC: True
BUILD_TIMEOUT: 1440
IRONIC_TEMPEST_BUILD_TIMEOUT: 1440
IRONIC_PING_TIMEOUT: 1440
# NOTE(rpittau): OLD TINYIPA JOBS # NOTE(rpittau): OLD TINYIPA JOBS
# Those jobs are used by other projects, we leave them here until # Those jobs are used by other projects, we leave them here until
# we can convert them to dib. # we can convert them to dib.

2
zuul.d/project.yaml
View File

@ -45,6 +45,8 @@
voting: false voting: false
- ironic-tempest-pxe_ipmitool-postgres: - ironic-tempest-pxe_ipmitool-postgres:
voting: false voting: false
- ironic-tempest-ipxe-ipv6:
voting: false
gate: gate:
queue: ironic queue: ironic
jobs: jobs: