Improve standalone ironic support
Adds a new flag, 'enable_openstack_core', which defaults to 'yes'. Setting this flag to 'no' will disable the core OpenStack services, including Glance, Heat, Horizon, Keystone, Neutron, and Nova. Improves the default configuration of OpenStack Ironic when used in standalone mode. In particular, configures a noauth mode when Keystone is disabled, and allows the iPXE server to be used for provisioning as well as inspection if Neutron is disabled. Documentation for standalone ironic will be updated separately. This patch was developed and tested using Bikolla [1]. [1] https://github.com/markgoddard/bikolla Change-Id: Ic47f5ad81b8126a51e52a445097f7950dba233cd Implements: blueprint standalone-ironic
This commit is contained in:
		| @@ -430,16 +430,20 @@ nova_console: "novnc" | ||||
| # Valid options are [ public, internal, admin ] | ||||
| openstack_interface: "admin" | ||||
|  | ||||
| # Enable core OpenStack services. This includes: | ||||
| # glance, keystone, neutron, nova, heat, and horizon. | ||||
| enable_openstack_core: "yes" | ||||
|  | ||||
| # These roles are required for Kolla to be operation, however a savvy deployer | ||||
| # could disable some of these required roles and run their own services. | ||||
| enable_glance: "yes" | ||||
| enable_glance: "{{ enable_openstack_core | bool }}" | ||||
| enable_haproxy: "yes" | ||||
| enable_keepalived: "{{ enable_haproxy | bool }}" | ||||
| enable_keystone: "yes" | ||||
| enable_keystone: "{{ enable_openstack_core | bool }}" | ||||
| enable_mariadb: "yes" | ||||
| enable_memcached: "yes" | ||||
| enable_neutron: "yes" | ||||
| enable_nova: "yes" | ||||
| enable_neutron: "{{ enable_openstack_core | bool }}" | ||||
| enable_nova: "{{ enable_openstack_core | bool }}" | ||||
| enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}" | ||||
| enable_outward_rabbitmq: "{{ enable_murano | bool }}" | ||||
|  | ||||
| @@ -479,8 +483,8 @@ enable_fluentd: "yes" | ||||
| enable_freezer: "no" | ||||
| enable_gnocchi: "no" | ||||
| enable_grafana: "no" | ||||
| enable_heat: "yes" | ||||
| enable_horizon: "yes" | ||||
| enable_heat: "{{ enable_openstack_core | bool }}" | ||||
| enable_horizon: "{{ enable_openstack_core | bool }}" | ||||
| enable_horizon_blazar: "{{ enable_blazar | bool }}" | ||||
| enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}" | ||||
| enable_horizon_congress: "{{ enable_congress | bool }}" | ||||
| @@ -545,7 +549,7 @@ enable_nova_ssh: "yes" | ||||
| enable_octavia: "no" | ||||
| enable_onos: "no" | ||||
| enable_opendaylight: "no" | ||||
| enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' }}" | ||||
| enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}" | ||||
| enable_ovs_dpdk: "no" | ||||
| enable_osprofiler: "no" | ||||
| enable_panko: "no" | ||||
|   | ||||
| @@ -182,7 +182,7 @@ ironic_console_serial_speed: "115200n8" | ||||
| ironic_ipxe_url: http://{{ api_interface_address }}:{{ ironic_ipxe_port }} | ||||
| ironic_enable_rolling_upgrade: "yes" | ||||
| ironic_inspector_kernel_cmdline_extras: [] | ||||
| ironic_inspector_pxe_filter: iptables | ||||
| ironic_inspector_pxe_filter: "{% if enable_neutron | bool %}iptables{% else %}none{% endif %}" | ||||
|  | ||||
| #################### | ||||
| ## Kolla | ||||
|   | ||||
| @@ -3,6 +3,14 @@ | ||||
| :retry_dhcp | ||||
| dhcp || goto retry_dhcp | ||||
|  | ||||
| {# Standalone ironic: use ironic-configured PXE configs #} | ||||
| {% if not enable_neutron | bool %} | ||||
| # load the MAC-specific file or fail if it's not found | ||||
| :boot_system | ||||
| chain pxelinux.cfg/${mac:hexhyp} || goto inspector_ipa | ||||
| {% endif %} | ||||
|  | ||||
| :inspector_ipa | ||||
| :retry_boot | ||||
| imgfree | ||||
| kernel --timeout 30000 {{ ironic_ipxe_url }}/ironic-agent.kernel ipa-inspection-callback-url=http://{{ kolla_internal_vip_address }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd=agent.ramdisk {{ ironic_inspector_kernel_cmdline_extras | join(' ') }} || goto retry_boot | ||||
|   | ||||
| @@ -2,6 +2,9 @@ | ||||
| debug = {{ ironic_logging_debug }} | ||||
| log_dir = /var/log/kolla/ironic-inspector | ||||
|  | ||||
| {% if not enable_keystone | bool %} | ||||
| auth_strategy = noauth | ||||
| {% endif %} | ||||
| listen_address = {{ api_interface_address }} | ||||
| listen_port = {{ ironic_inspector_port }} | ||||
| transport_url = {{ rpc_transport_url }} | ||||
| @@ -10,6 +13,7 @@ transport_url = {{ rpc_transport_url }} | ||||
| transport_url = {{ notify_transport_url }} | ||||
|  | ||||
| [ironic] | ||||
| {% if enable_keystone | bool %} | ||||
| auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} | ||||
| auth_type = password | ||||
| project_domain_id = {{ default_project_domain_id }} | ||||
| @@ -18,7 +22,12 @@ project_name = service | ||||
| username = {{ ironic_inspector_keystone_user }} | ||||
| password = {{ ironic_inspector_keystone_password }} | ||||
| os_endpoint_type = internalURL | ||||
| {% else %} | ||||
| auth_type = none | ||||
| endpoint_override = {{ ironic_internal_endpoint }} | ||||
| {% endif %} | ||||
|  | ||||
| {% if enable_keystone | bool %} | ||||
| [keystone_authtoken] | ||||
| www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} | ||||
| auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} | ||||
| @@ -32,6 +41,7 @@ password = {{ ironic_inspector_keystone_password }} | ||||
| memcache_security_strategy = ENCRYPT | ||||
| memcache_secret_key = {{ memcache_secret_key }} | ||||
| memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} | ||||
| {% endif %} | ||||
|  | ||||
| {% if ironic_policy_file is defined %} | ||||
| [oslo_policy] | ||||
|   | ||||
| @@ -59,7 +59,6 @@ memcache_secret_key = {{ memcache_secret_key }} | ||||
| memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} | ||||
| {% endif %} | ||||
|  | ||||
|  | ||||
| {% if enable_cinder | bool %} | ||||
| [cinder] | ||||
| auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} | ||||
| @@ -69,8 +68,9 @@ user_domain_id = default | ||||
| project_name = service | ||||
| username = {{ ironic_keystone_user }} | ||||
| password = {{ ironic_keystone_password }} | ||||
|  | ||||
| {% endif %} | ||||
|  | ||||
| {% if enable_glance | bool %} | ||||
| [glance] | ||||
| glance_api_servers = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }} | ||||
| auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} | ||||
| @@ -80,7 +80,9 @@ user_domain_id = default | ||||
| project_name = service | ||||
| username = {{ ironic_keystone_user }} | ||||
| password = {{ ironic_keystone_password }} | ||||
| {% endif %} | ||||
|  | ||||
| {% if enable_neutron | bool %} | ||||
| [neutron] | ||||
| url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }} | ||||
| auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} | ||||
| @@ -91,9 +93,11 @@ project_name = service | ||||
| username = {{ ironic_keystone_user }} | ||||
| password = {{ ironic_keystone_password }} | ||||
| cleaning_network = {{ ironic_cleaning_network }} | ||||
| {% endif %} | ||||
|  | ||||
| [inspector] | ||||
| enabled = true | ||||
| {% if enable_keystone | bool %} | ||||
| auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} | ||||
| auth_type = password | ||||
| project_domain_id = default | ||||
| @@ -101,7 +105,10 @@ user_domain_id = default | ||||
| project_name = service | ||||
| username = {{ ironic_keystone_user }} | ||||
| password = {{ ironic_keystone_password }} | ||||
| service_url = {{ ironic_inspector_internal_endpoint }} | ||||
| {% else %} | ||||
| auth_type=none | ||||
| {% endif %} | ||||
| endpoint_override = {{ ironic_inspector_internal_endpoint }} | ||||
|  | ||||
| [agent] | ||||
| deploy_logs_local_path = /var/log/kolla/ironic | ||||
| @@ -128,3 +135,8 @@ http_url = {{ ironic_ipxe_url }} | ||||
|  | ||||
| [oslo_middleware] | ||||
| enable_proxy_headers_parsing = True | ||||
|  | ||||
| {% if not enable_neutron | bool %} | ||||
| [dhcp] | ||||
| dhcp_provider = none | ||||
| {% endif %} | ||||
|   | ||||
| @@ -171,6 +171,19 @@ kolla_internal_vip_address: "10.10.10.254" | ||||
| # Valid options are [ none, novnc, spice, rdp ] | ||||
| #nova_console: "novnc" | ||||
|  | ||||
| # These roles are required for Kolla to be operation, however a savvy deployer | ||||
| # could disable some of these required roles and run their own services. | ||||
| #enable_glance: "{{ enable_openstack_core | bool }}" | ||||
| #enable_haproxy: "yes" | ||||
| #enable_keepalived: "{{ enable_haproxy | bool }}" | ||||
| #enable_keystone: "{{ enable_openstack_core | bool }}" | ||||
| #enable_mariadb: "yes" | ||||
| #enable_memcached: "yes" | ||||
| #enable_neutron: "{{ enable_openstack_core | bool }}" | ||||
| #enable_nova: "{{ enable_openstack_core | bool }}" | ||||
| #enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}" | ||||
| #enable_outward_rabbitmq: "{{ enable_murano | bool }}" | ||||
|  | ||||
| # OpenStack services can be enabled or disabled with these options | ||||
| #enable_aodh: "no" | ||||
| #enable_barbican: "no" | ||||
| @@ -202,9 +215,8 @@ kolla_internal_vip_address: "10.10.10.254" | ||||
| #enable_freezer: "no" | ||||
| #enable_gnocchi: "no" | ||||
| #enable_grafana: "no" | ||||
| #enable_haproxy: "yes" | ||||
| #enable_heat: "yes" | ||||
| #enable_horizon: "yes" | ||||
| #enable_heat: "{{ enable_openstack_core | bool }}" | ||||
| #enable_horizon: "{{ enable_openstack_core | bool }}" | ||||
| #enable_horizon_blazar: "{{ enable_blazar | bool }}" | ||||
| #enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}" | ||||
| #enable_horizon_congress: "{{ enable_congress | bool }}" | ||||
| @@ -264,7 +276,8 @@ kolla_internal_vip_address: "10.10.10.254" | ||||
| #enable_octavia: "no" | ||||
| #enable_onos: "no" | ||||
| #enable_opendaylight: "no" | ||||
| #enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' }}" | ||||
| #enable_openstack_core: "yes" | ||||
| #enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}" | ||||
| #enable_ovs_dpdk: "no" | ||||
| #enable_osprofiler: "no" | ||||
| #enable_panko: "no" | ||||
|   | ||||
| @@ -0,0 +1,9 @@ | ||||
| --- | ||||
| features: | ||||
|   - | | ||||
|     Adds a new flag, ``enable_openstack_core``, which defaults to ``yes``. | ||||
|     Setting this flag to ``no`` will disable the core OpenStack services, | ||||
|     including Glance, Heat, Horizon, Keystone, Neutron, and Nova. | ||||
|   - | | ||||
|     Improves the default configuration of OpenStack Ironic when used in | ||||
|     standalone mode. | ||||
		Reference in New Issue
	
	Block a user
	 Mark Goddard
					Mark Goddard