Commit d3edce12 authored by Flávio Ramalho's avatar Flávio Ramalho
Browse files

Adds support for the ironic-oneview drivers [+Docs].

This change adds support for the oneview drivers (agent, iscsi).

Note that changes on the ironic installation will occur only when
the oneview drivers are being used (agent_pxe_oneview or
iscsi_pxe_oneview are in the ironic_openstack_driver_list). This
means that this patch should not change anything on the the default
ironic installation (using agent_ipmitool driver).

Change-Id: I969df888c6a8b68e7a1a0643b46eee4b546ec13c
parent 35e96e72
......@@ -48,6 +48,7 @@ ironic_lock_path: /var/lock/ironic
# Ironic Program and Service names
ironic_api_program_name: apache2
ironic_conductor_program_name: ironic-conductor
ironic_oneviewd_program_name: ironic-oneviewd
python_ironic_client_program_name: ironic
ironic_service_names:
- "{{ ironic_api_program_name }}"
......@@ -94,6 +95,44 @@ ironic_standalone: False
# that are performed on the node to ensure it is in a baseline
# state and ready to be deployed to.
ironic_automated_clean: false
# Set to 0 to disable erase devices on cleaning
ironic_erase_devices_priority: 10
## ironic-oneview
ironic_oneview_enabled: "{% if 'agent_pxe_oneview' in ironic_openstack_driver_list or
'agent_pxe_oneview' in ironic_standalone_driver_list or
'iscsi_pxe_oneview' in ironic_openstack_driver_list or
'iscsi_pxe_oneview' in ironic_standalone_driver_list %}True{% else %}False{% endif %}"
ironic_oneview_manager_url: ""
ironic_oneview_username: ""
ironic_oneview_password: ""
ironic_oneview_allow_insecure_connections: False
ironic_oneview_tls_cacert_file: "None"
ironic_oneview_max_polling_attempts: 12
# ironic-oneviewd
# Polling interval in seconds for daemon to manage the nodes
ironic_oneviewd_retry_interval: 15
# Size the of the RPC thread pool
ironic_oneviewd_rpc_thread_pool_size: 20
# (Optional) Whether to enable the periodic tasks for OneView
# driver be aware when OneView hardware resources are taken
# and released by Ironic or OneView users and proactively
# manage nodes in clean fail state according to Dynamic
# Allocation model of hardware resources allocation in
# OneView
ironic_oneviewd_enable_periodic_tasks: True
# Period (in seconds) for periodic tasks to be executed when
# enable_periodic_tasks is True
ironic_oneviewd_periodic_check_interval: "{{ ironic_oneviewd_retry_interval }}"
# (Optional) Enable auditing of OneView API requests
ironic_oneviewd_audit_enabled: False
# Path to map file for OneView audit cases. Used only when
# OneView API audit is enabled
ironic_oneviewd_audit_map_file: "None"
# Path to OneView audit log file. Created only when Oneview
# API audit is enabled.
ironic_oneviewd_audit_output_file: "None"
# Database
ironic_galera_user: ironic
......@@ -112,10 +151,12 @@ ironic_keystone_auth_plugin: password
# ironic_neutron_cleaning_network_name: "Name of cleaning network in neutron"
# Integrated Openstack configuration
ironic_openstack_driver_list: "pxe_ipmitool, agent_ipmitool"
ironic_enabled_network_interfaces_list: "flat,noop{{ (ironic_neutron_provisioning_network_uuid is defined) | ternary(',neutron','') }}"
ironic_default_network_interface: "{{ (ironic_neutron_provisioning_network_uuid is defined) | ternary('neutron','flat') }}"
ironic_openstack_driver_list: agent_ipmitool
ironic_openstack_driver_list:
- agent_ipmitool
- pxe_ipmitool
ironic_openstack_driver_loaded_list: "{% for driver in ironic_openstack_driver_list %}{{ driver }}{% if not loop.last %},{% endif %}{% endfor %}"
ironic_openstack_auth_strategy: keystone
ironic_openstack_api_url: '' # Not required when we have keystone
ironic_openstack_dhcp_provider: neutron
......@@ -123,7 +164,9 @@ ironic_openstack_sync_power_state_interval: 60
ironic_openstack_db_connection_string: "mysql+pymysql://{{ ironic_galera_user }}:{{ ironic_container_mysql_password }}@{{ ironic_galera_address }}/ironic"
# Standalone Ironic configuration
ironic_standalone_driver_list: agent_ipmitool
ironic_standalone_driver_list:
- agent_ipmitool
ironic_standalone_driver_loaded_list: "{% for driver in ironic_standalone_driver_list %}{{ driver }}{% if not loop.last %},{% endif %}{% endfor %}"
ironic_standalone_auth_strategy: noauth
ironic_standalone_api_url: "api_url={{ ironic_service_internaluri }}/"
ironic_standalone_dhcp_provider: none
......@@ -153,6 +196,10 @@ ironic_requires_pip_packages:
- python-keystoneclient # Keystoneclient needed for the OSA keystone lib
- httplib2 # for Ansible's uri module
ironic_oneview_optional_pip_packages:
- ironic-oneview-cli
- ironic-oneviewd
ironic_pip_packages:
- PyMySQL
- ironic
......@@ -193,6 +240,7 @@ ironic_role_project_group: ironic_all
### Config Overrides
ironic_ironic_conf_overrides: {}
ironic_ironic_oneviewd_conf_overrides: {}
ironic_rootwrap_conf_overrides: {}
ironic_policy_overrides: {}
......
......@@ -218,3 +218,184 @@ Now boot a node:
nova boot --flavor ${FLAVOR_NAME} --image ${IMAGE_NAME} --key-name admin ${NODE_NAME}
Setup OpenStack-Ansible with ironic-OneView drivers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HP OneView is a single integrated platform, packaged as an appliance that
implements a software-defined approach to managing physical infrastructure.
The appliance supports scenarios such as deploying bare metal servers with
ironic (Bare Metal service). In this context, the HP OneView driver enables
the users of OneView to use ironic as a bare metal provider to their managed
physical hardware.
Currently there are two ironic-OneView drivers:
#. ``iscsi_pxe_oneview``
#. ``agent_pxe_oneview``
.. important::
When using the ``iscsi_pxe_oneview`` drivers, install ironic-conductor
on metal. Add ``is_metal: true`` to the properties of the
``ironic_conductor_container`` section in ``/opt/openstack-ansible/
playbooks/inventory/env.d/ironic.yml`` before running the
ironic installation playbook.
Considering that the ironic images and network are already in place.
Configuring OpenStack-Ansible to set up ironic with the OneView drivers
requires the following variables to be defined in
``/etc/openstack_deploy/user_variables``:
.. code-block:: yaml
## Ironic
ironic_openstack_driver_list:
- pxe_ipmitool
- agent_ipmitool
- agent_pxe_oneview
- iscsi_pxe_oneview
ironic_automated_clean: True
## Nova
nova_reserved_host_disk_mb: 0
nova_reserved_host_memory_mb: 0
nova_scheduler_host_subset_size: 99999999
## ironic-oneviewd
ironic_oneview_manager_url: "<oneview_url>"
ironic_oneview_username: "<oneview_username>"
ironic_oneview_password: "<oneview_password>"
Replace ``<oneview_*>`` with the respective OneView resources.
Run the os-ironic-install.yml playbook:
.. code-block:: bash
cd /opt/openstack-ansible/playbooks
openstack-ansible os-ironic-install.yml
Adding bare metal nodes
-----------------------
Ironic-OneView CLI is a command line interface tool for the OneView Drivers
for ironic. It allows the user to easily create and configure ironic nodes,
compatible with OneView Server Hardware objects, and create nova flavors to
match available Ironic nodes that use OneView drivers. It also offers the
option to migrate Ironic nodes using pre-allocation model to the dynamic
allocation model.
#. Install ``ironic-oneview-cli`` on the utility container:
.. code-block:: bash
pip install ironic-oneview-cli
#. Add the following variables to the openrc file:
.. code-block:: bash
export OV_AUTH_URL=<oneview_url>
export OV_USERNAME=<oneview_username>
export OV_PASSWORD=<oneview_password>
export OS_IRONIC_NODE_DRIVER=<ironic_driver>
export OS_IRONIC_DEPLOY_KERNEL_UUID=<kernel_deploy_image_id>
export OS_IRONIC_DEPLOY_RAMDISK_UUID=<ramdisk_deploy_image_id>
Replace ``<*_id>`` with the ID of the respective resource. Also replace
``<oneview_*>`` with the respective OneView resources and
``<ironic_driver>`` with the driver being used to manage the node.
.. note::
Optionally we can use ``ironic-oneview-cli`` to generate a configuration
file by running the following command:
.. code-block:: bash
ironic-oneview genrc
#. Create Ironic nodes, based on available HPE OneView Server Hardware objects,
by running the following command:
.. code-block:: bash
. openrc
ironic-oneview node-create
The tool will ask you to choose a valid Server Profile Template from those retrieved
from HPE OneView appliance:
.. code-block:: bash
Retrieving Server Profile Templates from OneView...
+----+------------------------+----------------------+---------------------------+
| Id | Name | Enclosure Group Name | Server Hardware Type Name |
+----+------------------------+----------------------+---------------------------+
| 1 | template-dcs-virt-enc3 | virt-enclosure-group | BL460c Gen8 3 |
| 2 | template-dcs-virt-enc4 | virt-enclosure-group | BL660c Gen9 1 |
+----+------------------------+----------------------+---------------------------+
Once a valid Server Profile Template has been chosen, the tool lists the available Server
Hardware that match the chosen Server Profile Template. Choose a Server Hardware to be
used as base to the Ironic node:
.. code-block:: bash
Listing compatible Server Hardware objects...
+----+-----------------+------+-----------+----------+----------------------+---------------------------+
| Id | Name | CPUs | Memory MB | Local GB | Enclosure Group Name | Server Hardware Type Name |
+----+-----------------+------+-----------+----------+----------------------+---------------------------+
| 1 | VIRT-enl, bay 5 | 8 | 32768 | 120 | virt-enclosure-group | BL460c Gen8 3 |
| 2 | VIRT-enl, bay 8 | 8 | 32768 | 120 | virt-enclosure-group | BL460c Gen8 3 |
+----+-----------------+------+-----------+----------+----------------------+---------------------------+
.. note::
Multiple Ironic nodes can be created at once by typing multiple Server Hardware IDs
separated by blank spaces.
The created Ironic nodes will be in the *enroll* provisioning state, going to the
*manageable* state then *cleaning*. After a susccesfull cleaning the node
should be on the *available* state. This means that the node is ready to be
provisioned.
Creating flavors
----------------
Run the following command to create Nova flavors compatible with available
Ironic nodes:
.. code-block:: bash
. openrc
ironic-oneview flavor-create
The tool will now prompt you to choose a valid flavor configuration, according
to available Ironic nodes:
.. code-block:: bash
+----+------+---------+-----------+-------------------------------------+----------------------+-------------------------+
| Id | CPUs | Disk GB | Memory MB | Server Profile Template | Server Hardware Type | Enclosure Group Name |
+----+------+---------+-----------+-------------------------------------+----------------------+-------------------------+
| 1 | 8 | 120 | 8192 | second-virt-server-profile-template | BL460c Gen8 3 | virt-enclosure-group |
+----+------+---------+-----------+-------------------------------------+----------------------+-------------------------+
After choosing a valid configuration ID, you will be prompted to name the new
flavor. Leaving the field blank, a default name will be used.
Deploying a bare metal node
---------------------------
Boot the node with the previously created flavor:
.. code-block:: bash
nova boot --flavor <flavor_name> --image <image_name> --key-name <key>
Replace ``<flavor_name>`` with the name of the flavor created using
ironic-oneview, also replace ``<image_name>`` with the name of the
image to be used to provision the node (user image) and ``<key_name>``
with the key.
......@@ -20,6 +20,13 @@
with_items: "{{ ironic_service_names }}"
failed_when: false
- name: Restart ironic-oneviewd
service:
name: "ironic-oneviewd"
state: restarted
pattern: "ironic-oneviewd"
failed_when: false
- name: Restart tftpd-hpa
service:
name: "tftpd-hpa"
......
features:
- Added support for ironic-OneView drivers.
Check the documentation on how to enable
them.
---
# Copyright 2016 Hewlett Packard Enterprise Development LP.
# Copyright 2016 Universidade Federal de Campina Grande
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create ironic-oneviewd dir
file:
path: "/etc/ironic-oneviewd"
state: directory
owner: "{{ ironic_system_user_name }}"
group: "{{ ironic_system_group_name }}"
mode: "0755"
- name: Install ironic-oneview pip packages (venv)
pip:
name: "{{ ironic_oneview_optional_pip_packages }}"
state: "{{ ironic_pip_package_state }}"
virtualenv: "{{ ironic_bin | dirname }}"
virtualenv_site_packages: "no"
extra_args: >-
{{ ironic_developer_mode | ternary('--constraint /opt/developer-pip-constraints.txt', '') }}
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
{{ pip_install_options | default('') }}
register: install_packages
until: install_packages|success
retries: 5
delay: 2
- include: ironic_init_common.yml
vars:
program_name: "{{ ironic_oneviewd_program_name }}"
service_name: "{{ ironic_service_name }}"
system_user: "{{ ironic_system_user_name }}"
system_group: "{{ ironic_system_group_name }}"
service_home: "{{ ironic_system_home_folder }}"
- name: Generate ironic-oneviewd config
config_template:
src: "ironic-oneviewd.conf.j2"
dest: "/etc/ironic-oneviewd/ironic-oneviewd.conf"
owner: "{{ ironic_system_user_name }}"
group: "{{ ironic_system_group_name }}"
mode: "0644"
config_overrides: "{{ ironic_ironic_oneviewd_conf_overrides }}"
config_type: "ini"
notify: Restart ironic-oneviewd
......@@ -15,7 +15,7 @@
- name: Setup ironic for standalone usage
set_fact:
ironic_driver_list: "{{ ironic_standalone_driver_list }}"
ironic_driver_list: "{{ ironic_standalone_driver_loaded_list }}"
ironic_auth_strategy: "{{ ironic_standalone_auth_strategy }}"
ironic_api_url: "{{ ironic_standalone_api_url }}"
ironic_dhcp_provider: "{{ ironic_standalone_dhcp_provider }}"
......@@ -27,7 +27,7 @@
- name: Setup ironic for integrated Openstack usage
set_fact:
ironic_driver_list: "{{ ironic_openstack_driver_list }}"
ironic_driver_list: "{{ ironic_openstack_driver_loaded_list }}"
ironic_auth_strategy: "{{ ironic_openstack_auth_strategy }}"
ironic_api_url: "{{ ironic_openstack_api_url }}"
ironic_dhcp_provider: "{{ ironic_openstack_dhcp_provider }}"
......
......@@ -42,6 +42,11 @@
tags:
- ironic-install
- include: ironic_oneview_setup.yml
when:
- ironic_oneview_enabled | bool
- inventory_hostname in groups['ironic_conductor']
- include: ironic_post_install.yml
tags:
- ironic-install
......
[DEFAULT]
retry_interval = {{ ironic_oneviewd_retry_interval }}
rpc_thread_pool_size = {{ ironic_oneviewd_rpc_thread_pool_size }}
[oneview]
manager_url = {{ ironic_oneview_manager_url }}
username = {{ ironic_oneview_username }}
password = {{ ironic_oneview_password }}
allow_insecure_connections = {{ ironic_oneview_allow_insecure_connections }}
tls_cacert_file = {{ ironic_oneview_tls_cacert_file }}
max_polling_attempts = {{ ironic_oneview_max_polling_attempts }}
enable_periodic_tasks = {{ ironic_oneviewd_enable_periodic_tasks }}
periodic_check_interval = {{ ironic_oneviewd_periodic_check_interval }}
audit_enabled = {{ ironic_oneviewd_audit_enabled }}
audit_map_file = {{ ironic_oneviewd_audit_map_file }}
audit_output_file = {{ ironic_oneviewd_audit_output_file }}
[openstack]
auth_url = {{ keystone_service_adminuri }}
username = {{ ironic_service_user_name }}
password = {{ ironic_service_password }}
region_name = {{ keystone_service_region }}
insecure = {{ keystone_service_internaluri_insecure | bool }}
endpoint_type = internalURL
project_name = {{ ironic_service_project_name }}
user_domain_id = {{ ironic_service_user_domain_id }}
project_domain_id = {{ ironic_service_project_domain_id }}
......@@ -41,6 +41,7 @@ max_pool_size = {{ ironic_db_max_pool_size }}
pool_timeout = {{ ironic_db_pool_timeout }}
[deploy]
erase_devices_priority = {{ ironic_erase_devices_priority }}
[dhcp]
dhcp_provider = {{ ironic_dhcp_provider }}
......@@ -122,6 +123,14 @@ cleaning_network_uuid = {{ ironic_neutron_cleaning_network_uuid | default(ironic
{% endif %}
[oneview]
{% if ironic_oneview_enabled %}
manager_url = {{ ironic_oneview_manager_url }}
username = {{ ironic_oneview_username }}
password = {{ ironic_oneview_password }}
allow_insecure_connections = {{ ironic_oneview_allow_insecure_connections }}
tls_cacert_file = {{ ironic_oneview_tls_cacert_file }}
max_polling_attempts = {{ ironic_oneview_max_polling_attempts }}
{% endif %}
[oslo_concurrency]
lock_path = {{ ironic_lock_path }}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment