From 133511b466e0dc3ddbfccc02d45977202696bfbd Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Wed, 15 Mar 2017 09:39:04 +0000
Subject: [PATCH] Improve configuration of Ironic and Ironic inspector

Reuse much of the Bifrost inspector configuration for the main inspector
instance.
---
 ansible/group_vars/all/bifrost                | 20 ++-----
 ansible/group_vars/all/inspector              | 41 +++++++++++++++
 ansible/kolla-openstack.yml                   | 43 ++++++++++-----
 .../roles/kolla-openstack/defaults/main.yml   | 52 +++++++++++++++++--
 ansible/roles/kolla-openstack/tasks/main.yml  | 15 ++++++
 .../templates/ironic-dnsmasq.conf.j2          | 12 +++++
 .../templates/ironic-inspector.conf.j2        | 41 +++++++++++++++
 .../kolla-openstack/templates/ironic.conf.j2  |  3 ++
 .../templates/pxelinux.default.j2             |  7 +++
 9 files changed, 202 insertions(+), 32 deletions(-)
 create mode 100644 ansible/roles/kolla-openstack/templates/ironic-dnsmasq.conf.j2
 create mode 100644 ansible/roles/kolla-openstack/templates/ironic-inspector.conf.j2
 create mode 100644 ansible/roles/kolla-openstack/templates/pxelinux.default.j2

diff --git a/ansible/group_vars/all/bifrost b/ansible/group_vars/all/bifrost
index 3929c039a..8f50d6fcf 100644
--- a/ansible/group_vars/all/bifrost
+++ b/ansible/group_vars/all/bifrost
@@ -45,24 +45,14 @@ kolla_bifrost_enable_ipmitool_drivers: true
 # Ironic Inspector configuration.
 
 # List of of inspector processing plugins.
-kolla_bifrost_inspector_processing_hooks:
-  - root_disk_selection
-  - scheduler
-  - validate_interfaces
-  - ramdisk_error
-  - capabilities
-  - pci_devices
-  - raid_device
-  - local_link_connection
-  - lldp_basic
+kolla_bifrost_inspector_processing_hooks: "{{ inspector_processing_hooks }}"
 
 # Which MAC addresses to add as ports during introspection. One of 'all',
 # 'active' or 'pxe'.
-kolla_bifrost_inspector_port_addition: "all"
+kolla_bifrost_inspector_port_addition: "{{ inspector_port_addition }}"
 
 # List of extra kernel parameters for the inspector default PXE configuration.
-kolla_bifrost_inspector_extra_kernel_options:
-  - "ipa-collect-lldp=1"
+kolla_bifrost_inspector_extra_kernel_options: "{{ inspector_extra_kernel_options }}"
 
 # List of introspection rules for Bifrost's Ironic Inspector service.
 kolla_bifrost_inspector_rules:
@@ -91,10 +81,10 @@ kolla_bifrost_inspector_deploy_ramdisk: "http://{{ provision_oc_net_name | net_i
 # Ironic Python Agent (IPA) configuration.
 
 # URL of Ironic Python Agent (IPA) kernel image.
-kolla_bifrost_ipa_kernel_upstream_url: "https://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe-stable-ocata.vmlinuz"
+kolla_bifrost_ipa_kernel_upstream_url: "{{ inspector_ipa_kernel_upstream_url }}"
 
 # URL of Ironic Python Agent (IPA) ramdisk image.
-kolla_bifrost_ipa_ramdisk_upstream_url: "https://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe_image-oem-stable-ocata.cpio.gz"
+kolla_bifrost_ipa_ramdisk_upstream_url: "{{ inspector_ipa_ramdisk_upstream_url }}"
 
 ###############################################################################
 # Inventory configuration.
diff --git a/ansible/group_vars/all/inspector b/ansible/group_vars/all/inspector
index 837086f46..e5f72bbc5 100644
--- a/ansible/group_vars/all/inspector
+++ b/ansible/group_vars/all/inspector
@@ -1,4 +1,45 @@
 ---
+###############################################################################
+# Ironic inspector PXE configuration.
+
+# List of extra kernel parameters for the inspector default PXE configuration.
+inspector_extra_kernel_options:
+  - "ipa-collect-lldp=1"
+
+# URL of Ironic Python Agent (IPA) kernel image.
+inspector_ipa_kernel_upstream_url: "https://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe-stable-ocata.vmlinuz"
+
+# URL of Ironic Python Agent (IPA) ramdisk image.
+inspector_ipa_ramdisk_upstream_url: "https://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe_image-oem-stable-ocata.cpio.gz"
+
+###############################################################################
+# Ironic inspector processing configuration.
+
+# Whether inspector should manage the firewall.
+inspector_manage_firewall: False
+
+# List of of inspector processing plugins.
+inspector_processing_hooks:
+  - root_disk_selection
+  - scheduler
+  - validate_interfaces
+  - ramdisk_error
+  - capabilities
+  - pci_devices
+  - raid_device
+  - local_link_connection
+  - lldp_basic
+
+# Which MAC addresses to add as ports during introspection. One of 'all',
+# 'active' or 'pxe'.
+inspector_port_addition: "all"
+
+# Whether to enable discovery of nodes not managed by Ironic.
+inspector_enable_discovery: True
+
+# The Ironic driver with which to register newly discovered nodes.
+inspector_discovery_enroll_node_driver: "agent_ipmitool"
+
 ###############################################################################
 # Ironic inspector configuration.
 
diff --git a/ansible/kolla-openstack.yml b/ansible/kolla-openstack.yml
index 4976df89f..bafbc6062 100644
--- a/ansible/kolla-openstack.yml
+++ b/ansible/kolla-openstack.yml
@@ -2,25 +2,40 @@
 - name: Ensure Kolla OpenStack components are configured
   hosts: config-mgmt
   pre_tasks:
-    - name: Check whether Kolla extra Glance configuration file exists
+    - name: Check whether Kolla extra configuration files exist
       stat:
-        path: "{{ kayobe_config_path }}/kolla/config/glance.conf"
-      register: glance_stat
+        path: "{{ kayobe_config_path }}/kolla/config/{{ item.file }}"
+      register: stat_result
+      with_items:
+        - { name: glance, file: glance.conf }
+        - { name: inspector, file: ironic-inspector.conf }
+        - { name: ironic, file: ironic.conf }
 
-    - name: Read the Kolla extra Glance configuration file
+    - name: Initialise a fact containing extra configuration
       set_fact:
-        kolla_extra_glance: "{{ lookup('template', '{{ kayobe_config_path }}/kolla/config/glance.conf') }}"
-      when: glance_stat.stat.exists
+        kolla_extra_config: {}
 
-    - name: Check whether Kolla extra Ironic configuration file exists
-      stat:
-        path: "{{ kayobe_config_path }}/kolla/config/ironic.conf"
-      register: ironic_stat
-
-    - name: Read the Kolla extra Ironic configuration file
+    - name: Update a fact containing extra configuration
       set_fact:
-        kolla_extra_ironic: "{{ lookup('template', '{{ kayobe_config_path }}/kolla/config/ironic.conf') }}"
-      when: ironic_stat.stat.exists
+        kolla_extra_config: "{{ kolla_extra_config | combine({item.item.name: lookup('template', '{{ item.stat.path }}')}) }}"
+      with_items: "{{ stat_result.results }}"
+      when: "{{ item.stat.exists }}"
 
   roles:
     - role: kolla-openstack
+      # Ironic inspector configuration.
+      kolla_inspector_manage_firewall: "{{ inspector_manage_firewall }}"
+      kolla_inspector_processing_hooks: "{{ inspector_processing_hooks }}"
+      kolla_inspector_port_addition: "{{ inspector_port_addition }}"
+      kolla_inspector_enable_discovery: "{{ inspector_enable_discovery }}"
+      kolla_inspector_discovery_enroll_node_driver: "{{ inspector_discovery_enroll_node_driver }}"
+      kolla_inspector_extra_kernel_options: "{{ inspector_extra_kernel_options }}"
+      kolla_inspector_ipa_kernel_upstream_url: "{{ inspector_ipa_kernel_upstream_url }}"
+      kolla_inspector_ipa_ramdisk_upstream_url: "{{ inspector_ipa_ramdisk_upstream_url }}"
+      # Ironic inspector's dnsmasq configuration.
+      kolla_inspector_dhcp_pool_start: "{{ inspection_net_name | net_allocation_pool_start }}"
+      kolla_inspector_dhcp_pool_end: "{{ inspection_net_name | net_allocation_pool_end }}"
+      # Extra free-form user-provided configuration.
+      kolla_extra_glance: "{{ kolla_extra_config.glance | default }}"
+      kolla_extra_inspector: "{{ kolla_extra_config.inspector | default }}"
+      kolla_extra_ironic: "{{ kolla_extra_config.ironic | default }}"
diff --git a/ansible/roles/kolla-openstack/defaults/main.yml b/ansible/roles/kolla-openstack/defaults/main.yml
index b0820ae4f..971c42a79 100644
--- a/ansible/roles/kolla-openstack/defaults/main.yml
+++ b/ansible/roles/kolla-openstack/defaults/main.yml
@@ -2,6 +2,9 @@
 # Directory where Kolla custom configuration files will be installed.
 kolla_node_custom_config_path:
 
+###############################################################################
+# Ironic configuration.
+
 # List of enabled Ironic drivers.
 ironic_drivers:
   - agent_ssh
@@ -9,9 +12,52 @@ ironic_drivers:
   - pxe_ssh
   - pxe_ipmitool
 
+# Free form extra configuration to append to ironic.conf.
+kolla_extra_ironic:
+
+###############################################################################
+# Ironic inspector configuration.
+
+# Whether inspector should manage the firewall.
+kolla_inspector_manage_firewall:
+
+# Comma-separated list of inspector processing plugins.
+kolla_inspector_processing_hooks:
+
+# Which MAC addresses to add as ports during introspection. One of 'all',
+# 'active' or 'pxe'.
+kolla_inspector_port_addition:
+
+# Whether to enable discovery of nodes not managed by Ironic.
+kolla_inspector_enable_discovery:
+
+# The Ironic driver with which to register newly discovered nodes.
+kolla_inspector_discovery_enroll_node_driver:
+
+# List of extra kernel parameters for the inspector default PXE configuration.
+kolla_inspector_extra_kernel_options:
+
+# URL of Ironic Python Agent (IPA) kernel image for Ironic Inspector.
+kolla_inspector_ipa_kernel_upstream_url:
+
+# URL of Ironic Python Agent (IPA) ramdisk image for Ironic Inspector.
+kolla_inspector_ipa_ramdisk_upstream_url:
+
+# Free form extra configuration to append to ironic-inspector.conf.
+kolla_extra_inspector:
+
+###############################################################################
+# Ironic inspector dnsmasq configuration.
+
+# Start of range of IP addresses for dnsmasq to allocate from.
+kolla_inspector_dhcp_pool_start:
+
+# End of range of IP addresses for dnsmasq to allocate from.
+kolla_inspector_dhcp_pool_end:
+
+###############################################################################
+# Glance configuration.
+
 # Free form extra configuration to append to glance-api.conf and
 # glance-registry.conf.
 kolla_extra_glance:
-
-# Free form extra configuration to append to ironic.conf.
-kolla_extra_ironic:
diff --git a/ansible/roles/kolla-openstack/tasks/main.yml b/ansible/roles/kolla-openstack/tasks/main.yml
index e7d438cb7..0f2c7e46e 100644
--- a/ansible/roles/kolla-openstack/tasks/main.yml
+++ b/ansible/roles/kolla-openstack/tasks/main.yml
@@ -6,6 +6,7 @@
     mode: 0755
   become: True
   with_items:
+    - { name: ironic, enabled: "{{ kolla_enable_ironic }}" }
     - { name: swift, enabled: "{{ kolla_enable_swift }}" }
   when: "{{ item.enabled | bool }}"
 
@@ -18,3 +19,17 @@
   with_items:
     - { src: glance.conf.j2, dest: glance.conf, enabled: "{{ kolla_enable_glance }}" }
     - { src: ironic.conf.j2, dest: ironic.conf, enabled: "{{ kolla_enable_ironic }}" }
+    - { src: ironic-dnsmasq.conf.j2, dest: ironic/ironic-dnsmasq.conf, enabled: "{{ kolla_enable_ironic }}" }
+    - { src: ironic-inspector.conf.j2, dest: ironic-inspector.conf, enabled: "{{ kolla_enable_ironic }}" }
+    - { src: pxelinux.default.j2, dest: ironic/pxelinux.default, enabled: "{{ kolla_enable_ironic }}" }
+  when: "{{ item.enabled | bool }}"
+
+- name: Ensure the ironic inspector kernel and ramdisk exist
+  get_url:
+    url: "{{ item.url }}"
+    dest: "{{ kolla_node_custom_config_path }}/ironic/{{ item.dest }}"
+  become: True
+  with_items:
+    - { url: "{{ kolla_inspector_ipa_kernel_upstream_url }}", dest: "ironic-agent.kernel" }
+    - { url: "{{ kolla_inspector_ipa_ramdisk_upstream_url }}", dest: "ironic-agent.initramfs" }
+  when: "{{ kolla_enable_ironic | bool }}"
diff --git a/ansible/roles/kolla-openstack/templates/ironic-dnsmasq.conf.j2 b/ansible/roles/kolla-openstack/templates/ironic-dnsmasq.conf.j2
new file mode 100644
index 000000000..a463e426e
--- /dev/null
+++ b/ansible/roles/kolla-openstack/templates/ironic-dnsmasq.conf.j2
@@ -0,0 +1,12 @@
+port=0
+interface={% raw %}{{ ironic_dnsmasq_interface }}{% endraw %}
+
+bind-interfaces
+dhcp-range={{ kolla_inspector_dhcp_pool_start }},{{ kolla_inspector_dhcp_pool_end }},12h
+dhcp-sequential-ip
+dhcp-option=option:tftp-server,{% raw %}{{ kolla_internal_vip_address }}{% endraw %}
+
+dhcp-option=option:server-ip-address,{% raw %}{{ kolla_internal_vip_address }}{% endraw %}
+
+dhcp-option=option:bootfile-name,pxelinux.0
+dhcp-option=210,/tftpboot/
diff --git a/ansible/roles/kolla-openstack/templates/ironic-inspector.conf.j2 b/ansible/roles/kolla-openstack/templates/ironic-inspector.conf.j2
new file mode 100644
index 000000000..ae0e152e4
--- /dev/null
+++ b/ansible/roles/kolla-openstack/templates/ironic-inspector.conf.j2
@@ -0,0 +1,41 @@
+[DEFAULT]
+
+[firewall]
+# Whether inspector should manage the firewall.
+manage_firewall = {{ kolla_inspector_manage_firewall }}
+
+[processing]
+{% if kolla_inspector_processing_hooks %}
+# Comma-separated list of inspector processing plugins.
+processing_hooks = {{ kolla_inspector_processing_hooks | join(',') }}
+{% endif %}
+
+{% if kolla_inspector_port_addition %}
+# Which MAC addresses to add as ports during introspection. One of 'all',
+# 'active' or 'pxe'.
+add_ports = {{ kolla_inspector_port_addition }}
+{% endif %}
+
+# Keep only those ports that were found during inspection.
+keep_ports = present
+
+# Store logs returned by the inspection ramdisk.
+ramdisk_logs_dir = /var/log/kolla/ironic
+always_store_ramdisk_logs = True
+
+{% if kolla_inspector_enable_discovery %}
+# Enable discovery when nodes do not exist in Ironic.
+node_not_found_hook = enroll
+
+[discovery]
+# The driver with which to enroll newly discovered nodes in Ironic.
+enroll_node_driver = {{ kolla_inspector_discovery_enroll_node_driver }}
+{% endif %}
+
+{% if kolla_extra_inspector %}
+#######################
+# Extra configuration
+#######################
+
+{{ kolla_extra_inspector }}
+{% endif %}
diff --git a/ansible/roles/kolla-openstack/templates/ironic.conf.j2 b/ansible/roles/kolla-openstack/templates/ironic.conf.j2
index 8c59dd79f..9d01a7b3e 100644
--- a/ansible/roles/kolla-openstack/templates/ironic.conf.j2
+++ b/ansible/roles/kolla-openstack/templates/ironic.conf.j2
@@ -8,6 +8,9 @@ enabled_drivers = {{ ironic_drivers | join(',') }}
 api_url = {{ internal_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + provision_interface | replace('-', '_')]['ipv4']['address'] }}:{{ ironic_api_port }}
 {% endraw %}
 
+[agent]
+deploy_logs_local_path = /var/log/kolla/ironic/deploy
+
 [pxe]
 {% raw %}
 tftp_server = {{ hostvars[inventory_hostname]['ansible_' + provision_interface | replace('-', '_')]['ipv4']['address'] }}
diff --git a/ansible/roles/kolla-openstack/templates/pxelinux.default.j2 b/ansible/roles/kolla-openstack/templates/pxelinux.default.j2
new file mode 100644
index 000000000..1e4363972
--- /dev/null
+++ b/ansible/roles/kolla-openstack/templates/pxelinux.default.j2
@@ -0,0 +1,7 @@
+default introspect
+
+label introspect
+kernel ironic-agent.kernel
+append initrd=ironic-agent.initramfs ipa-inspection-callback-url={% raw %}http://{{ kolla_internal_vip_address }}:{{ ironic_inspector_port }}/v1/continue{% endraw %} systemd.journald.forward_to_console=yes {{ kolla_inspector_extra_kernel_options | join(' ') }}
+
+ipappend 3