Merge branch 'master' of github.com:juledwar/openstack-ansible-os_ironic

defaults/main.yml

@@ -48,6 +48,7 @@ ironic_lock_path: /var/lock/ironic
 # Ironic Program and Service names
 ironic_api_program_name: apache2
 ironic_conductor_program_name: ironic-conductor
+ironic_oneviewd_program_name: ironic-oneviewd
 python_ironic_client_program_name: ironic
 ironic_service_names:
     - "{{ ironic_api_program_name }}"
@@ -94,6 +95,44 @@ ironic_standalone: False
 # that are performed on the node to ensure it is in a baseline
 # state and ready to be deployed to.
 ironic_automated_clean: false
+# Set to 0 to disable erase devices on cleaning
+ironic_erase_devices_priority: 10
+
+## ironic-oneview
+ironic_oneview_enabled: "{% if 'agent_pxe_oneview' in ironic_openstack_driver_list or
+                               'agent_pxe_oneview' in ironic_standalone_driver_list or
+                               'iscsi_pxe_oneview' in ironic_openstack_driver_list or
+                               'iscsi_pxe_oneview' in ironic_standalone_driver_list %}True{% else %}False{% endif %}"
+ironic_oneview_manager_url: ""
+ironic_oneview_username: ""
+ironic_oneview_password: ""
+ironic_oneview_allow_insecure_connections: False
+ironic_oneview_tls_cacert_file: "None"
+ironic_oneview_max_polling_attempts: 12
+
+# ironic-oneviewd
+# Polling interval in seconds for daemon to manage the nodes
+ironic_oneviewd_retry_interval: 15
+# Size the of the RPC thread pool
+ironic_oneviewd_rpc_thread_pool_size: 20
+# (Optional) Whether to enable the periodic tasks for OneView
+# driver be aware when OneView hardware resources are taken
+# and released by Ironic or OneView users and proactively
+# manage nodes in clean fail state according to Dynamic
+# Allocation model of hardware resources allocation in
+# OneView
+ironic_oneviewd_enable_periodic_tasks: True
+# Period (in seconds) for periodic tasks to be executed when
+# enable_periodic_tasks is True
+ironic_oneviewd_periodic_check_interval: "{{ ironic_oneviewd_retry_interval }}"
+# (Optional) Enable auditing of OneView API requests
+ironic_oneviewd_audit_enabled: False
+# Path to map file for OneView audit cases. Used only when
+# OneView API audit is enabled
+ironic_oneviewd_audit_map_file: "None"
+# Path to OneView audit log file. Created only when Oneview
+# API audit is enabled.
+ironic_oneviewd_audit_output_file: "None"
 
 # Database
 ironic_galera_user: ironic
@@ -114,15 +153,20 @@ ironic_keystone_auth_plugin: password
 # Integrated Openstack configuration
 ironic_enabled_network_interfaces_list: "flat,noop{{ (ironic_neutron_provisioning_network_uuid is defined) | ternary(',neutron','') }}"
 ironic_default_network_interface: "{{ (ironic_neutron_provisioning_network_uuid is defined) | ternary('neutron','flat') }}"
-ironic_openstack_driver_list: agent_ipmitool
+ironic_openstack_driver_list:
+  - agent_ipmitool
+  - pxe_ipmitool
+ironic_openstack_driver_loaded_list: "{% for driver in ironic_openstack_driver_list %}{{ driver }}{% if not loop.last %},{% endif %}{% endfor %}"
 ironic_openstack_auth_strategy: keystone
 #ironic_openstack_api_url: ''  # Not required when we have keystone
 ironic_openstack_dhcp_provider: neutron
 ironic_openstack_sync_power_state_interval: 60
 ironic_openstack_db_connection_string: "mysql+pymysql://{{ ironic_galera_user }}:{{ ironic_container_mysql_password }}@{{ ironic_galera_address }}/ironic"
 
 # Standalone Ironic configuration
-ironic_standalone_driver_list: agent_ipmitool
+ironic_standalone_driver_list:
+  - agent_ipmitool
+ironic_standalone_driver_loaded_list: "{% for driver in ironic_standalone_driver_list %}{{ driver }}{% if not loop.last %},{% endif %}{% endfor %}"
 ironic_standalone_auth_strategy: noauth
 ironic_standalone_api_url: "{{ ironic_service_internaluri }}/"
 ironic_standalone_dhcp_provider: none
@@ -154,6 +198,11 @@ ironic_requires_pip_packages:
   - virtualenv-tools
   - python-keystoneclient # Keystoneclient needed for the OSA keystone lib
   - httplib2 # for Ansible's uri module
+ironic_requires_pip_packages: "virtualenv virtualenv-tools python-keystoneclient httplib2 keystoneauth1"
+
+ironic_oneview_optional_pip_packages:
+  - ironic-oneview-cli
+  - ironic-oneviewd
 
 ironic_pip_packages:
   - PyMySQL
@@ -162,6 +211,7 @@ ironic_pip_packages:
   - python-swiftclient
   - pycrypto
   - python-memcached
+ironic_pip_packages: "PyMySQL MySQL-python python-ironicclient python-swiftclient pycrypto python-memcached diskimage-builder"
 
 ## RabbitMQ info
 ironic_rabbitmq_userid: ironic
@@ -195,8 +245,17 @@ ironic_role_project_group: ironic_all
 
 ### Config Overrides
 ironic_ironic_conf_overrides: {}
+ironic_ironic_oneviewd_conf_overrides: {}
 ironic_rootwrap_conf_overrides: {}
 ironic_policy_overrides: {}
 
 # pxe boot
 ironic_pxe_append_params: "ipa-debug=1 systemd.journald.forward_to_console=yes"
+
+# keystone admin
+ironic_keystone_admin_token: "{{ keystone_admin_token }}"
+keystone_admin_user_name: "admin"
+keystone_auth_admin_password: "{{ secrets.keystone.users.admin_password }}"
+keystone_admin_tenant_name: "admin"
+keystone_service_adminurl: "{{ keystone_protocol }}://{{ keystone_hostname }}:{{ keystone_admin_port }}/v3"
+keystone_service_adminuri_insecure: true

doc/source/configure-ironic.rst

@@ -218,3 +218,184 @@ Now boot a node:
 
    nova boot --flavor ${FLAVOR_NAME} --image ${IMAGE_NAME} --key-name admin ${NODE_NAME}
 
+Setup OpenStack-Ansible with ironic-OneView drivers
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+HP OneView is a single integrated platform, packaged as an appliance that
+implements a software-defined approach to managing physical infrastructure.
+The appliance supports scenarios such as deploying bare metal servers with
+ironic (Bare Metal service). In this context, the HP OneView driver enables
+the users of OneView to use ironic as a bare metal provider to their managed
+physical hardware.
+
+Currently there are two ironic-OneView drivers:
+
+#. ``iscsi_pxe_oneview``
+#. ``agent_pxe_oneview``
+
+.. important::
+
+   When using the ``iscsi_pxe_oneview`` drivers, install ironic-conductor
+   on metal. Add ``is_metal: true`` to the properties of the
+   ``ironic_conductor_container`` section in ``/opt/openstack-ansible/
+   playbooks/inventory/env.d/ironic.yml`` before running the
+   ironic installation playbook.
+
+
+Considering that the ironic images and network are already in place.
+Configuring OpenStack-Ansible to set up ironic with the OneView drivers
+requires the following variables to be defined in
+``/etc/openstack_deploy/user_variables``:
+
+.. code-block:: yaml
+
+   ## Ironic
+   ironic_openstack_driver_list:
+      - pxe_ipmitool
+      - agent_ipmitool
+      - agent_pxe_oneview
+      - iscsi_pxe_oneview
+   ironic_automated_clean: True
+
+   ## Nova
+   nova_reserved_host_disk_mb: 0
+   nova_reserved_host_memory_mb: 0
+   nova_scheduler_host_subset_size: 99999999
+
+   ## ironic-oneviewd
+   ironic_oneview_manager_url: "<oneview_url>"
+   ironic_oneview_username: "<oneview_username>"
+   ironic_oneview_password: "<oneview_password>"
+
+Replace ``<oneview_*>`` with the respective OneView resources.
+
+Run the os-ironic-install.yml playbook:
+
+.. code-block:: bash
+
+   cd /opt/openstack-ansible/playbooks
+   openstack-ansible os-ironic-install.yml
+
+Adding bare metal nodes
+-----------------------
+
+Ironic-OneView CLI is a command line interface tool for the OneView Drivers
+for ironic. It allows the user to easily create and configure ironic nodes,
+compatible with OneView Server Hardware objects, and create nova flavors to
+match available Ironic nodes that use OneView drivers. It also offers the
+option to migrate Ironic nodes using pre-allocation model to the dynamic
+allocation model.
+
+#. Install ``ironic-oneview-cli`` on the utility container:
+
+   .. code-block:: bash
+
+      pip install ironic-oneview-cli
+
+#. Add the following variables to the openrc file:
+
+   .. code-block:: bash
+
+      export OV_AUTH_URL=<oneview_url>
+      export OV_USERNAME=<oneview_username>
+      export OV_PASSWORD=<oneview_password>
+      export OS_IRONIC_NODE_DRIVER=<ironic_driver>
+      export OS_IRONIC_DEPLOY_KERNEL_UUID=<kernel_deploy_image_id>
+      export OS_IRONIC_DEPLOY_RAMDISK_UUID=<ramdisk_deploy_image_id>
+
+   Replace ``<*_id>`` with the ID of the respective resource. Also replace
+   ``<oneview_*>`` with the respective OneView resources and
+   ``<ironic_driver>`` with the driver being used to manage the node.
+
+   .. note::
+
+      Optionally we can use ``ironic-oneview-cli`` to generate a configuration
+      file by running the following command:
+
+      .. code-block:: bash
+
+         ironic-oneview genrc
+
+#. Create Ironic nodes, based on available HPE OneView Server Hardware objects,
+   by running the following command:
+
+   .. code-block:: bash
+
+      . openrc
+      ironic-oneview node-create
+
+   The tool will ask you to choose a valid Server Profile Template from those retrieved
+   from HPE OneView appliance:
+
+   .. code-block:: bash
+
+      Retrieving Server Profile Templates from OneView...
+      +----+------------------------+----------------------+---------------------------+
+      | Id | Name                   | Enclosure Group Name | Server Hardware Type Name |
+      +----+------------------------+----------------------+---------------------------+
+      | 1  | template-dcs-virt-enc3 | virt-enclosure-group | BL460c Gen8 3             |
+      | 2  | template-dcs-virt-enc4 | virt-enclosure-group | BL660c Gen9 1             |
+      +----+------------------------+----------------------+---------------------------+
+
+   Once a valid Server Profile Template has been chosen, the tool lists the available Server
+   Hardware that match the chosen Server Profile Template. Choose a Server Hardware to be
+   used as base to the Ironic node:
+
+   .. code-block:: bash
+
+      Listing compatible Server Hardware objects...
+      +----+-----------------+------+-----------+----------+----------------------+---------------------------+
+      | Id | Name            | CPUs | Memory MB | Local GB | Enclosure Group Name | Server Hardware Type Name |
+      +----+-----------------+------+-----------+----------+----------------------+---------------------------+
+      | 1  | VIRT-enl, bay 5 | 8    | 32768     | 120      | virt-enclosure-group | BL460c Gen8 3             |
+      | 2  | VIRT-enl, bay 8 | 8    | 32768     | 120      | virt-enclosure-group | BL460c Gen8 3             |
+      +----+-----------------+------+-----------+----------+----------------------+---------------------------+
+
+   .. note::
+
+      Multiple Ironic nodes can be created at once by typing multiple Server Hardware IDs
+      separated by blank spaces.
+
+   The created Ironic nodes will be in the *enroll* provisioning state, going to the
+   *manageable* state then *cleaning*. After a susccesfull cleaning the node
+   should be on the *available* state. This means that the node is ready to be
+   provisioned.
+
+Creating flavors
+----------------
+
+Run the following command to create Nova flavors compatible with available
+Ironic nodes:
+
+.. code-block:: bash
+
+   . openrc
+   ironic-oneview flavor-create
+
+The tool will now prompt you to choose a valid flavor configuration, according
+to available Ironic nodes:
+
+.. code-block:: bash
+
+   +----+------+---------+-----------+-------------------------------------+----------------------+-------------------------+
+   | Id | CPUs | Disk GB | Memory MB | Server Profile Template             | Server Hardware Type | Enclosure Group Name    |
+   +----+------+---------+-----------+-------------------------------------+----------------------+-------------------------+
+   | 1  | 8    | 120     | 8192      | second-virt-server-profile-template | BL460c Gen8 3        | virt-enclosure-group    |
+   +----+------+---------+-----------+-------------------------------------+----------------------+-------------------------+
+
+After choosing a valid configuration ID, you will be prompted to name the new
+flavor. Leaving the field blank, a default name will be used.
+
+Deploying a bare metal node
+---------------------------
+
+Boot the node with the previously created flavor:
+
+.. code-block:: bash
+
+   nova boot --flavor <flavor_name> --image <image_name> --key-name <key>
+
+Replace ``<flavor_name>`` with the name of the flavor created using
+ironic-oneview, also replace ``<image_name>`` with the name of the
+image to be used to provision the node (user image) and ``<key_name>``
+with the key.

files/rootwrap.d/ironic-lib.filters

@@ -12,6 +12,7 @@
 blkid: CommandFilter, blkid, root
 blockdev: CommandFilter, blockdev, root
 hexdump: CommandFilter, hexdump, root
+lsblk: CommandFilter, lsblk, root
 qemu-img: CommandFilter, qemu-img, root
 wipefs: CommandFilter, wipefs, root
 sgdisk: CommandFilter, sgdisk, root

handlers/main.yml

@@ -20,6 +20,13 @@
   with_items: "{{ ironic_service_names }}"
   failed_when: false
 
+- name: Restart ironic-oneviewd
+  service:
+    name: "ironic-oneviewd"
+    state: restarted
+    pattern: "ironic-oneviewd"
+  failed_when: false
+
 - name: Restart tftpd-hpa
   service:
     name: "tftpd-hpa"

meta/main.yml

@@ -27,9 +27,9 @@ galaxy_info:
   - baremetal
   - system
 dependencies:
-  - pip_install
-  - role: apt_package_pinning
-    when:
-      - ansible_pkg_mgr == 'apt'
-  - galera_client
-  - openstack_openrc
+#  - pip_install
+#  - role: apt_package_pinning
+#    when:
+#      - ansible_pkg_mgr == 'apt'
+#  - galera_client
+#  - openstack_openrc

releasenotes/notes/ironic-oneview-drivers-support-6d9c6c5a7e7bfc36.yaml

@@ -0,0 +1,4 @@
+features:
+  - Added support for ironic-OneView drivers.
+    Check the documentation on how to enable
+    them.