diff --git a/defaults/main.yml b/defaults/main.yml index bf52f4ad..f8f7f833 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -48,6 +48,7 @@ ironic_lock_path: /var/lock/ironic # Ironic Program and Service names ironic_api_program_name: apache2 ironic_conductor_program_name: ironic-conductor +ironic_oneviewd_program_name: ironic-oneviewd python_ironic_client_program_name: ironic ironic_service_names: - "{{ ironic_api_program_name }}" @@ -94,6 +95,44 @@ ironic_standalone: False # that are performed on the node to ensure it is in a baseline # state and ready to be deployed to. ironic_automated_clean: false +# Set to 0 to disable erase devices on cleaning +ironic_erase_devices_priority: 10 + +## ironic-oneview +ironic_oneview_enabled: "{% if 'agent_pxe_oneview' in ironic_openstack_driver_list or + 'agent_pxe_oneview' in ironic_standalone_driver_list or + 'iscsi_pxe_oneview' in ironic_openstack_driver_list or + 'iscsi_pxe_oneview' in ironic_standalone_driver_list %}True{% else %}False{% endif %}" +ironic_oneview_manager_url: "" +ironic_oneview_username: "" +ironic_oneview_password: "" +ironic_oneview_allow_insecure_connections: False +ironic_oneview_tls_cacert_file: "None" +ironic_oneview_max_polling_attempts: 12 + +# ironic-oneviewd +# Polling interval in seconds for daemon to manage the nodes +ironic_oneviewd_retry_interval: 15 +# Size the of the RPC thread pool +ironic_oneviewd_rpc_thread_pool_size: 20 +# (Optional) Whether to enable the periodic tasks for OneView +# driver be aware when OneView hardware resources are taken +# and released by Ironic or OneView users and proactively +# manage nodes in clean fail state according to Dynamic +# Allocation model of hardware resources allocation in +# OneView +ironic_oneviewd_enable_periodic_tasks: True +# Period (in seconds) for periodic tasks to be executed when +# enable_periodic_tasks is True +ironic_oneviewd_periodic_check_interval: "{{ ironic_oneviewd_retry_interval }}" +# (Optional) Enable auditing of OneView API requests +ironic_oneviewd_audit_enabled: False +# Path to map file for OneView audit cases. Used only when +# OneView API audit is enabled +ironic_oneviewd_audit_map_file: "None" +# Path to OneView audit log file. Created only when Oneview +# API audit is enabled. +ironic_oneviewd_audit_output_file: "None" # Database ironic_galera_user: ironic @@ -114,7 +153,10 @@ ironic_keystone_auth_plugin: password # Integrated Openstack configuration ironic_enabled_network_interfaces_list: "flat,noop{{ (ironic_neutron_provisioning_network_uuid is defined) | ternary(',neutron','') }}" ironic_default_network_interface: "{{ (ironic_neutron_provisioning_network_uuid is defined) | ternary('neutron','flat') }}" -ironic_openstack_driver_list: agent_ipmitool +ironic_openstack_driver_list: + - agent_ipmitool + - pxe_ipmitool +ironic_openstack_driver_loaded_list: "{% for driver in ironic_openstack_driver_list %}{{ driver }}{% if not loop.last %},{% endif %}{% endfor %}" ironic_openstack_auth_strategy: keystone #ironic_openstack_api_url: '' # Not required when we have keystone ironic_openstack_dhcp_provider: neutron @@ -122,7 +164,9 @@ ironic_openstack_sync_power_state_interval: 60 ironic_openstack_db_connection_string: "mysql+pymysql://{{ ironic_galera_user }}:{{ ironic_container_mysql_password }}@{{ ironic_galera_address }}/ironic" # Standalone Ironic configuration -ironic_standalone_driver_list: agent_ipmitool +ironic_standalone_driver_list: + - agent_ipmitool +ironic_standalone_driver_loaded_list: "{% for driver in ironic_standalone_driver_list %}{{ driver }}{% if not loop.last %},{% endif %}{% endfor %}" ironic_standalone_auth_strategy: noauth ironic_standalone_api_url: "{{ ironic_service_internaluri }}/" ironic_standalone_dhcp_provider: none @@ -154,6 +198,11 @@ ironic_requires_pip_packages: - virtualenv-tools - python-keystoneclient # Keystoneclient needed for the OSA keystone lib - httplib2 # for Ansible's uri module +ironic_requires_pip_packages: "virtualenv virtualenv-tools python-keystoneclient httplib2 keystoneauth1" + +ironic_oneview_optional_pip_packages: + - ironic-oneview-cli + - ironic-oneviewd ironic_pip_packages: - PyMySQL @@ -162,6 +211,7 @@ ironic_pip_packages: - python-swiftclient - pycrypto - python-memcached +ironic_pip_packages: "PyMySQL MySQL-python python-ironicclient python-swiftclient pycrypto python-memcached diskimage-builder" ## RabbitMQ info ironic_rabbitmq_userid: ironic @@ -195,8 +245,17 @@ ironic_role_project_group: ironic_all ### Config Overrides ironic_ironic_conf_overrides: {} +ironic_ironic_oneviewd_conf_overrides: {} ironic_rootwrap_conf_overrides: {} ironic_policy_overrides: {} # pxe boot ironic_pxe_append_params: "ipa-debug=1 systemd.journald.forward_to_console=yes" + +# keystone admin +ironic_keystone_admin_token: "{{ keystone_admin_token }}" +keystone_admin_user_name: "admin" +keystone_auth_admin_password: "{{ secrets.keystone.users.admin_password }}" +keystone_admin_tenant_name: "admin" +keystone_service_adminurl: "{{ keystone_protocol }}://{{ keystone_hostname }}:{{ keystone_admin_port }}/v3" +keystone_service_adminuri_insecure: true diff --git a/doc/source/configure-ironic.rst b/doc/source/configure-ironic.rst index d8c4da49..8cf4193f 100644 --- a/doc/source/configure-ironic.rst +++ b/doc/source/configure-ironic.rst @@ -218,3 +218,184 @@ Now boot a node: nova boot --flavor ${FLAVOR_NAME} --image ${IMAGE_NAME} --key-name admin ${NODE_NAME} +Setup OpenStack-Ansible with ironic-OneView drivers +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +HP OneView is a single integrated platform, packaged as an appliance that +implements a software-defined approach to managing physical infrastructure. +The appliance supports scenarios such as deploying bare metal servers with +ironic (Bare Metal service). In this context, the HP OneView driver enables +the users of OneView to use ironic as a bare metal provider to their managed +physical hardware. + +Currently there are two ironic-OneView drivers: + +#. ``iscsi_pxe_oneview`` +#. ``agent_pxe_oneview`` + +.. important:: + + When using the ``iscsi_pxe_oneview`` drivers, install ironic-conductor + on metal. Add ``is_metal: true`` to the properties of the + ``ironic_conductor_container`` section in ``/opt/openstack-ansible/ + playbooks/inventory/env.d/ironic.yml`` before running the + ironic installation playbook. + + +Considering that the ironic images and network are already in place. +Configuring OpenStack-Ansible to set up ironic with the OneView drivers +requires the following variables to be defined in +``/etc/openstack_deploy/user_variables``: + +.. code-block:: yaml + + ## Ironic + ironic_openstack_driver_list: + - pxe_ipmitool + - agent_ipmitool + - agent_pxe_oneview + - iscsi_pxe_oneview + ironic_automated_clean: True + + ## Nova + nova_reserved_host_disk_mb: 0 + nova_reserved_host_memory_mb: 0 + nova_scheduler_host_subset_size: 99999999 + + ## ironic-oneviewd + ironic_oneview_manager_url: "" + ironic_oneview_username: "" + ironic_oneview_password: "" + +Replace ```` with the respective OneView resources. + +Run the os-ironic-install.yml playbook: + +.. code-block:: bash + + cd /opt/openstack-ansible/playbooks + openstack-ansible os-ironic-install.yml + +Adding bare metal nodes +----------------------- + +Ironic-OneView CLI is a command line interface tool for the OneView Drivers +for ironic. It allows the user to easily create and configure ironic nodes, +compatible with OneView Server Hardware objects, and create nova flavors to +match available Ironic nodes that use OneView drivers. It also offers the +option to migrate Ironic nodes using pre-allocation model to the dynamic +allocation model. + +#. Install ``ironic-oneview-cli`` on the utility container: + + .. code-block:: bash + + pip install ironic-oneview-cli + +#. Add the following variables to the openrc file: + + .. code-block:: bash + + export OV_AUTH_URL= + export OV_USERNAME= + export OV_PASSWORD= + export OS_IRONIC_NODE_DRIVER= + export OS_IRONIC_DEPLOY_KERNEL_UUID= + export OS_IRONIC_DEPLOY_RAMDISK_UUID= + + Replace ``<*_id>`` with the ID of the respective resource. Also replace + ```` with the respective OneView resources and + ```` with the driver being used to manage the node. + + .. note:: + + Optionally we can use ``ironic-oneview-cli`` to generate a configuration + file by running the following command: + + .. code-block:: bash + + ironic-oneview genrc + +#. Create Ironic nodes, based on available HPE OneView Server Hardware objects, + by running the following command: + + .. code-block:: bash + + . openrc + ironic-oneview node-create + + The tool will ask you to choose a valid Server Profile Template from those retrieved + from HPE OneView appliance: + + .. code-block:: bash + + Retrieving Server Profile Templates from OneView... + +----+------------------------+----------------------+---------------------------+ + | Id | Name | Enclosure Group Name | Server Hardware Type Name | + +----+------------------------+----------------------+---------------------------+ + | 1 | template-dcs-virt-enc3 | virt-enclosure-group | BL460c Gen8 3 | + | 2 | template-dcs-virt-enc4 | virt-enclosure-group | BL660c Gen9 1 | + +----+------------------------+----------------------+---------------------------+ + + Once a valid Server Profile Template has been chosen, the tool lists the available Server + Hardware that match the chosen Server Profile Template. Choose a Server Hardware to be + used as base to the Ironic node: + + .. code-block:: bash + + Listing compatible Server Hardware objects... + +----+-----------------+------+-----------+----------+----------------------+---------------------------+ + | Id | Name | CPUs | Memory MB | Local GB | Enclosure Group Name | Server Hardware Type Name | + +----+-----------------+------+-----------+----------+----------------------+---------------------------+ + | 1 | VIRT-enl, bay 5 | 8 | 32768 | 120 | virt-enclosure-group | BL460c Gen8 3 | + | 2 | VIRT-enl, bay 8 | 8 | 32768 | 120 | virt-enclosure-group | BL460c Gen8 3 | + +----+-----------------+------+-----------+----------+----------------------+---------------------------+ + + .. note:: + + Multiple Ironic nodes can be created at once by typing multiple Server Hardware IDs + separated by blank spaces. + + The created Ironic nodes will be in the *enroll* provisioning state, going to the + *manageable* state then *cleaning*. After a susccesfull cleaning the node + should be on the *available* state. This means that the node is ready to be + provisioned. + +Creating flavors +---------------- + +Run the following command to create Nova flavors compatible with available +Ironic nodes: + +.. code-block:: bash + + . openrc + ironic-oneview flavor-create + +The tool will now prompt you to choose a valid flavor configuration, according +to available Ironic nodes: + +.. code-block:: bash + + +----+------+---------+-----------+-------------------------------------+----------------------+-------------------------+ + | Id | CPUs | Disk GB | Memory MB | Server Profile Template | Server Hardware Type | Enclosure Group Name | + +----+------+---------+-----------+-------------------------------------+----------------------+-------------------------+ + | 1 | 8 | 120 | 8192 | second-virt-server-profile-template | BL460c Gen8 3 | virt-enclosure-group | + +----+------+---------+-----------+-------------------------------------+----------------------+-------------------------+ + +After choosing a valid configuration ID, you will be prompted to name the new +flavor. Leaving the field blank, a default name will be used. + +Deploying a bare metal node +--------------------------- + +Boot the node with the previously created flavor: + +.. code-block:: bash + + nova boot --flavor --image --key-name + +Replace ```` with the name of the flavor created using +ironic-oneview, also replace ```` with the name of the +image to be used to provision the node (user image) and ```` +with the key. diff --git a/files/rootwrap.d/ironic-lib.filters b/files/rootwrap.d/ironic-lib.filters index c06530c5..342ab69e 100644 --- a/files/rootwrap.d/ironic-lib.filters +++ b/files/rootwrap.d/ironic-lib.filters @@ -12,6 +12,7 @@ blkid: CommandFilter, blkid, root blockdev: CommandFilter, blockdev, root hexdump: CommandFilter, hexdump, root +lsblk: CommandFilter, lsblk, root qemu-img: CommandFilter, qemu-img, root wipefs: CommandFilter, wipefs, root sgdisk: CommandFilter, sgdisk, root diff --git a/handlers/main.yml b/handlers/main.yml index eb474651..93b18ab8 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -20,6 +20,13 @@ with_items: "{{ ironic_service_names }}" failed_when: false +- name: Restart ironic-oneviewd + service: + name: "ironic-oneviewd" + state: restarted + pattern: "ironic-oneviewd" + failed_when: false + - name: Restart tftpd-hpa service: name: "tftpd-hpa" diff --git a/meta/main.yml b/meta/main.yml index e7700b3f..dd24780c 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -27,9 +27,9 @@ galaxy_info: - baremetal - system dependencies: - - pip_install - - role: apt_package_pinning - when: - - ansible_pkg_mgr == 'apt' - - galera_client - - openstack_openrc +# - pip_install +# - role: apt_package_pinning +# when: +# - ansible_pkg_mgr == 'apt' +# - galera_client +# - openstack_openrc diff --git a/releasenotes/notes/ironic-oneview-drivers-support-6d9c6c5a7e7bfc36.yaml b/releasenotes/notes/ironic-oneview-drivers-support-6d9c6c5a7e7bfc36.yaml new file mode 100644 index 00000000..bc76662f --- /dev/null +++ b/releasenotes/notes/ironic-oneview-drivers-support-6d9c6c5a7e7bfc36.yaml @@ -0,0 +1,4 @@ +features: + - Added support for ironic-OneView drivers. + Check the documentation on how to enable + them. diff --git a/tasks/ironic_api_post_install.yml b/tasks/ironic_api_post_install.yml index ccbcc764..9a301000 100644 --- a/tasks/ironic_api_post_install.yml +++ b/tasks/ironic_api_post_install.yml @@ -20,39 +20,39 @@ owner: "root" group: "root" with_items: - - { src: "ironic-ports.conf.j2", dest: "/etc/apache2/ports.conf" } - - { src: "ironic-httpd.conf.j2", dest: "/etc/apache2/sites-available/ironic-httpd.conf" } + - { src: "ironic-ports.conf.j2", dest: "/etc/httpd/conf/ironic-ports.conf" } + - { src: "ironic-httpd.conf.j2", dest: "/etc/httpd/conf/ironic.conf" } notify: - Restart ironic services -- name: Disable default apache site - file: - path: "/etc/apache2/sites-enabled/000-default.conf" - state: "absent" - when: not ironic_standalone - notify: - - Restart ironic services - -- name: Enable default apache site vhost - file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - state: "{{ item.state }}" - with_items: - - { src: "/etc/apache2/sites-available/000-default.conf", dest: "/etc/apache2/sites-enabled/000-default.conf", state: "link" } - when: ironic_standalone - notify: - - Restart ironic services +#- name: Disable default apache site +# file: +# path: "/etc/apache2/sites-enabled/000-default.conf" +# state: "absent" +# when: not ironic_standalone +# notify: +# - Restart ironic services -- name: Enable ironic vhost - file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - state: "{{ item.state }}" - with_items: - - { src: "/etc/apache2/sites-available/ironic-httpd.conf", dest: "/etc/apache2/sites-enabled/ironic-httpd.conf", state: "link" } - notify: - - Restart ironic services +#- name: Enable default apache site vhost +# file: +# src: "{{ item.src }}" +# dest: "{{ item.dest }}" +# state: "{{ item.state }}" +# with_items: +# - { src: "/etc/apache2/sites-available/000-default.conf", dest: "/etc/apache2/sites-enabled/000-default.conf", state: "link" } +# when: ironic_standalone +# notify: +# - Restart ironic services +# +#- name: Enable ironic vhost +# file: +# src: "{{ item.src }}" +# dest: "{{ item.dest }}" +# state: "{{ item.state }}" +# with_items: +# - { src: "/etc/apache2/sites-available/ironic-httpd.conf", dest: "/etc/apache2/sites-enabled/ironic-httpd.conf", state: "link" } +# notify: +# - Restart ironic services - name: Setup Ironic WSGI Configs template: diff --git a/tasks/ironic_install.yml b/tasks/ironic_install.yml index d533de61..29564f30 100644 --- a/tasks/ironic_install.yml +++ b/tasks/ironic_install.yml @@ -77,7 +77,7 @@ name: "{{ ironic_pip_packages }}" state: "{{ ironic_pip_package_state }}" virtualenv: "{{ ironic_bin | dirname }}" - virtualenv_site_packages: "no" + virtualenv_site_packages: "yes" extra_args: >- {{ ironic_developer_mode | ternary('--constraint /opt/developer-pip-constraints.txt', '') }} {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }} diff --git a/tasks/ironic_oneview_setup.yml b/tasks/ironic_oneview_setup.yml new file mode 100644 index 00000000..c174ead9 --- /dev/null +++ b/tasks/ironic_oneview_setup.yml @@ -0,0 +1,58 @@ +--- +# Copyright 2016 Hewlett Packard Enterprise Development LP. +# Copyright 2016 Universidade Federal de Campina Grande +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +- name: Create ironic-oneviewd dir + file: + path: "/etc/ironic-oneviewd" + state: directory + owner: "{{ ironic_system_user_name }}" + group: "{{ ironic_system_group_name }}" + mode: "0755" + +- name: Install ironic-oneview pip packages (venv) + pip: + name: "{{ ironic_oneview_optional_pip_packages }}" + state: "{{ ironic_pip_package_state }}" + virtualenv: "{{ ironic_bin | dirname }}" + virtualenv_site_packages: "no" + extra_args: >- + {{ ironic_developer_mode | ternary('--constraint /opt/developer-pip-constraints.txt', '') }} + {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }} + {{ pip_install_options | default('') }} + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + +- include: ironic_init_common.yml + vars: + program_name: "{{ ironic_oneviewd_program_name }}" + service_name: "{{ ironic_service_name }}" + system_user: "{{ ironic_system_user_name }}" + system_group: "{{ ironic_system_group_name }}" + service_home: "{{ ironic_system_home_folder }}" + +- name: Generate ironic-oneviewd config + config_template: + src: "ironic-oneviewd.conf.j2" + dest: "/etc/ironic-oneviewd/ironic-oneviewd.conf" + owner: "{{ ironic_system_user_name }}" + group: "{{ ironic_system_group_name }}" + mode: "0644" + config_overrides: "{{ ironic_ironic_oneviewd_conf_overrides }}" + config_type: "ini" + notify: Restart ironic-oneviewd diff --git a/tasks/ironic_post_install.yml b/tasks/ironic_post_install.yml index 1fc2fdc6..efb81536 100644 --- a/tasks/ironic_post_install.yml +++ b/tasks/ironic_post_install.yml @@ -15,7 +15,7 @@ - name: Setup ironic for standalone usage set_fact: - ironic_driver_list: "{{ ironic_standalone_driver_list }}" + ironic_driver_list: "{{ ironic_standalone_driver_loaded_list }}" ironic_auth_strategy: "{{ ironic_standalone_auth_strategy }}" ironic_api_url: "{{ ironic_standalone_api_url }}" ironic_dhcp_provider: "{{ ironic_standalone_dhcp_provider }}" @@ -27,7 +27,7 @@ - name: Setup ironic for integrated Openstack usage set_fact: - ironic_driver_list: "{{ ironic_openstack_driver_list }}" + ironic_driver_list: "{{ ironic_openstack_driver_loaded_list }}" ironic_auth_strategy: "{{ ironic_openstack_auth_strategy }}" ironic_api_url: "{{ ironic_openstack_api_url | default(omit) }}" ironic_dhcp_provider: "{{ ironic_openstack_dhcp_provider }}" @@ -55,9 +55,9 @@ - name: Post Swift tempURL secret key via standalone auth command: > - {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure,') }} + {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }} -A {{ swift_auth_url }} -- -U {{ swift_admin_user }} + -U {{ swift_admin_user }} -K {{ swift_admin_password }} post -m temp-url-key:{{ ironic_swift_temp_url_secret_key }} when: diff --git a/tasks/ironic_service_setup.yml b/tasks/ironic_service_setup.yml index bbfc8626..74bffee3 100644 --- a/tasks/ironic_service_setup.yml +++ b/tasks/ironic_service_setup.yml @@ -24,11 +24,29 @@ service_name: "{{ ironic_service_name }}" service_type: "{{ ironic_service_type }}" description: "{{ ironic_service_description }}" - insecure: "{{ keystone_service_adminuri_insecure }}" + #insecure: "{{ keystone_service_adminuri_insecure |bool }}" + insecure: True register: add_service until: add_service|success retries: 5 delay: 2 + when: ironic_keystone_admin_token is not defined + +- name: Ensure ironic service (token) + keystone: + command: "ensure_service" + token: "{{ ironic_keystone_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + service_name: "{{ ironic_service_name }}" + service_type: "{{ ironic_service_type }}" + description: "{{ ironic_service_description }}" + #insecure: "{{ keystone_service_adminuri_insecure |bool }}" + insecure: True + register: add_service + until: add_service|success + retries: 5 + delay: 2 + when: ironic_keystone_admin_token is defined # Create an admin user - name: Ensure ironic user @@ -41,12 +59,29 @@ user_name: "{{ ironic_service_user_name }}" project_name: "{{ ironic_service_project_name }}" password: "{{ ironic_service_password }}" - insecure: "{{ keystone_service_adminuri_insecure }}" + insecure: "{{ keystone_service_adminuri_insecure|bool }}" register: add_service when: not ironic_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 + when: ironic_keystone_admin_token is not defined + +- name: Ensure ironic user (token) + keystone: + command: "ensure_user" + endpoint: "{{ keystone_service_adminurl }}" + token: "{{ ironic_keystone_admin_token }}" + user_name: "{{ ironic_service_user_name }}" + project_name: "{{ ironic_service_project_name }}" + password: "{{ ironic_service_password }}" + insecure: "{{ keystone_service_adminuri_insecure|bool }}" + register: add_service + when: not ironic_service_in_ldap | bool + until: add_service|success + retries: 5 + delay: 10 + when: ironic_keystone_admin_token is defined # Add a role to the user - name: Ensure ironic user to admin role @@ -59,12 +94,29 @@ user_name: "{{ ironic_service_user_name }}" project_name: "{{ ironic_service_project_name }}" role_name: "{{ ironic_service_role_name }}" - insecure: "{{ keystone_service_adminuri_insecure }}" + insecure: "{{ keystone_service_adminuri_insecure|bool }}" register: add_service when: not ironic_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 + when: ironic_keystone_admin_token is not defined + +- name: Ensure ironic user to admin role (token) + keystone: + command: "ensure_user_role" + token: "{{ ironic_keystone_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ ironic_service_user_name }}" + project_name: "{{ ironic_service_project_name }}" + role_name: "{{ ironic_service_role_name }}" + insecure: "{{ keystone_service_adminuri_insecure|bool }}" + register: add_service + when: not ironic_service_in_ldap | bool + until: add_service|success + retries: 5 + delay: 10 + when: ironic_keystone_admin_token is defined # Create an endpoint - name: Ensure ironic endpoint @@ -77,7 +129,29 @@ region_name: "{{ ironic_service_region }}" service_name: "{{ ironic_service_name }}" service_type: "{{ ironic_service_type }}" - insecure: "{{ keystone_service_adminuri_insecure }}" + insecure: "{{ keystone_service_adminuri_insecure|bool }}" + endpoint_list: + - url: "{{ ironic_service_publicurl }}" + interface: "public" + - url: "{{ ironic_service_internalurl }}" + interface: "internal" + - url: "{{ ironic_service_adminurl }}" + interface: "admin" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + when: ironic_keystone_admin_token is not defined + +- name: Ensure ironic endpoint (token) + keystone: + command: "ensure_endpoint" + token: "{{ ironic_keystone_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + region_name: "{{ ironic_service_region }}" + service_name: "{{ ironic_service_name }}" + service_type: "{{ ironic_service_type }}" + insecure: "{{ keystone_service_adminuri_insecure|bool }}" endpoint_list: - url: "{{ ironic_service_publicurl }}" interface: "public" @@ -89,3 +163,4 @@ until: add_service|success retries: 5 delay: 10 + when: ironic_keystone_admin_token is defined diff --git a/tasks/main.yml b/tasks/main.yml index 58379bdf..7b8e0a78 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -33,7 +33,7 @@ - ironic-install - include: ironic_api_install.yml - when: inventory_hostname in groups['ironic_api'] + when: "inventory_hostname in groups['ironic_api']" tags: - ironic-install @@ -42,6 +42,11 @@ tags: - ironic-install +- include: ironic_oneview_setup.yml + when: + - ironic_oneview_enabled | bool + - inventory_hostname in groups['ironic_conductor'] + - include: ironic_post_install.yml tags: - ironic-config diff --git a/templates/ironic-oneviewd.conf.j2 b/templates/ironic-oneviewd.conf.j2 new file mode 100644 index 00000000..b52fb250 --- /dev/null +++ b/templates/ironic-oneviewd.conf.j2 @@ -0,0 +1,27 @@ +[DEFAULT] +retry_interval = {{ ironic_oneviewd_retry_interval }} +rpc_thread_pool_size = {{ ironic_oneviewd_rpc_thread_pool_size }} + +[oneview] +manager_url = {{ ironic_oneview_manager_url }} +username = {{ ironic_oneview_username }} +password = {{ ironic_oneview_password }} +allow_insecure_connections = {{ ironic_oneview_allow_insecure_connections }} +tls_cacert_file = {{ ironic_oneview_tls_cacert_file }} +max_polling_attempts = {{ ironic_oneview_max_polling_attempts }} +enable_periodic_tasks = {{ ironic_oneviewd_enable_periodic_tasks }} +periodic_check_interval = {{ ironic_oneviewd_periodic_check_interval }} +audit_enabled = {{ ironic_oneviewd_audit_enabled }} +audit_map_file = {{ ironic_oneviewd_audit_map_file }} +audit_output_file = {{ ironic_oneviewd_audit_output_file }} + +[openstack] +auth_url = {{ keystone_service_adminuri }} +username = {{ ironic_service_user_name }} +password = {{ ironic_service_password }} +region_name = {{ keystone_service_region }} +insecure = {{ keystone_service_internaluri_insecure | bool }} +endpoint_type = internalURL +project_name = {{ ironic_service_project_name }} +user_domain_id = {{ ironic_service_user_domain_id }} +project_domain_id = {{ ironic_service_project_domain_id }} diff --git a/templates/ironic.conf.j2 b/templates/ironic.conf.j2 index f59562f4..57bb44ce 100644 --- a/templates/ironic.conf.j2 +++ b/templates/ironic.conf.j2 @@ -43,6 +43,7 @@ max_pool_size = {{ ironic_db_max_pool_size }} pool_timeout = {{ ironic_db_pool_timeout }} [deploy] +erase_devices_priority = {{ ironic_erase_devices_priority }} [dhcp] dhcp_provider = {{ ironic_dhcp_provider }} @@ -119,6 +120,14 @@ cleaning_network_uuid = {{ ironic_neutron_cleaning_network_uuid | default(ironic {% endif %} [oneview] +{% if ironic_oneview_enabled %} +manager_url = {{ ironic_oneview_manager_url }} +username = {{ ironic_oneview_username }} +password = {{ ironic_oneview_password }} +allow_insecure_connections = {{ ironic_oneview_allow_insecure_connections }} +tls_cacert_file = {{ ironic_oneview_tls_cacert_file }} +max_polling_attempts = {{ ironic_oneview_max_polling_attempts }} +{% endif %} [oslo_concurrency] lock_path = {{ ironic_lock_path }} diff --git a/vars/redhat.yml b/vars/redhat.yml new file mode 100644 index 00000000..6730291f --- /dev/null +++ b/vars/redhat.yml @@ -0,0 +1,47 @@ +--- +# Copyright 2016, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +cache_timeout: 600 + +ironic_developer_mode_distro_packages: +# - git-core +# - libffi-dev + - mysql-devel + +ironic_api_distro_packages: +# - apache2 +# - apache2-utils +# - libapache2-mod-wsgi + +ironic_conductor_distro_packages: +# - libxml2-dev + - syslinux +# - syslinux-common +# - pxelinux +# - libxslt1-dev +# - qemu-utils +# - libpq-dev +# - python-yaml +# - open-iscsi +# - ipmitool +# - tftpd-hpa + +ironic_conductor_standalone_distro_packages: +# - isc-dhcp-server + +ironic_library_modules_paths: + - "/usr/share/syslinux/pxelinux.0" + - "/usr/share/syslinux/chain.c32" +# - "/usr/share/syslinux/modules/bios/ldlinux.c32" # Only needed for syslinux >= v5