diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index b51b98903e..be196432d4 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -188,6 +188,8 @@ murano_api_port: "8082"
ironic_api_port: "6385"
+ironic_inspector_port: "5050"
+
magnum_api_port: "9511"
solum_application_deployment_port: "9777"
diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2
index b9eb13c4e3..1bd9e1b717 100644
--- a/ansible/roles/haproxy/templates/haproxy.cfg.j2
+++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2
@@ -353,6 +353,11 @@ listen ironic_api
{% for host in groups['ironic-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
+listen ironic_inspector
+ bind {{ kolla_internal_vip_address }}:{{ ironic_inspector_port }}
+{% for host in groups['ironic-inspector'] %}
+ server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_inspector_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
{% if haproxy_enable_external_vip | bool %}
listen ironic_api_external
@@ -360,6 +365,13 @@ listen ironic_api_external
{% for host in groups['ironic-api'] %}
server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_api_port }} check inter 2000 rise 2 fall 5
{% endfor %}
+listen ironic_inspector_external
+ bind {{ kolla_external_vip_address }}:{{ ironic_inspector_port }} {{ tls_bind_info }}
+ http-request del-header X-Forwarded-Proto
+ http-request set-header X-Forwarded-Proto https if { ssl_fc }
+{% for host in groups['ironic-inspector'] %}
+ server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ ironic_inspector_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
{% endif %}
{% endif %}
diff --git a/ansible/roles/ironic/defaults/main.yml b/ansible/roles/ironic/defaults/main.yml
index 1b052ebe10..6f201b17e9 100644
--- a/ansible/roles/ironic/defaults/main.yml
+++ b/ansible/roles/ironic/defaults/main.yml
@@ -8,6 +8,10 @@ ironic_database_name: "ironic"
ironic_database_user: "ironic"
ironic_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
+ironic_inspector_database_name: "ironic_inspector"
+ironic_inspector_database_user: "ironic_inspector"
+ironic_inspector_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}"
+
####################
# Docker
@@ -20,22 +24,43 @@ ironic_conductor_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{
ironic_conductor_tag: "{{ openstack_release }}"
ironic_conductor_image_full: "{{ ironic_conductor_image }}:{{ ironic_conductor_tag }}"
+ironic_pxe_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-ironic-pxe"
+ironic_pxe_tag: "{{ openstack_release }}"
+ironic_pxe_image_full: "{{ ironic_pxe_image }}:{{ ironic_pxe_tag }}"
+
ironic_inspector_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-ironic-inspector"
ironic_inspector_tag: "{{ openstack_release }}"
ironic_inspector_image_full: "{{ ironic_inspector_image }}:{{ ironic_inspector_tag }}"
-ironic_pxe_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-ironic-pxe"
-ironic_pxe_tag: "{{ openstack_release }}"
-ironic_pxe_image_full: "{{ ironic_pxe_image }}:{{ ironic_pxe_tag }}"
+ironic_dnsmasq_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-dnsmasq"
+ironic_dnsmasq_tag: "{{ openstack_release }}"
+ironic_dnsmasq_image_full: "{{ ironic_dnsmasq_image }}:{{ ironic_dnsmasq_tag }}"
####################
# OpenStack
####################
+ironic_inspector_keystone_user: "ironic-inspector"
+
ironic_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}"
ironic_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}"
ironic_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ ironic_api_port }}"
+ironic_inspector_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_inspector_port }}"
+ironic_inspector_internal_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_inspector_port }}"
+ironic_inspector_public_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_inspector_port }}"
+
ironic_logging_debug: "{{ openstack_logging_debug }}"
openstack_ironic_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
+
+openstack_ironic_inspector_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
+
+
+#########
+# Ironic
+#########
+
+ironic_dnsmasq_interface: "{{ api_interface }}"
+ironic_dnsmasq_dhcp_range:
+ironic_cleaning_network:
diff --git a/ansible/roles/ironic/tasks/bootstrap.yml b/ansible/roles/ironic/tasks/bootstrap.yml
index bbeba8e5f9..208cb681d6 100644
--- a/ansible/roles/ironic/tasks/bootstrap.yml
+++ b/ansible/roles/ironic/tasks/bootstrap.yml
@@ -7,10 +7,15 @@
login_port: "{{ database_port }}"
login_user: "{{ database_user }}"
login_password: "{{ database_password }}"
- name: "{{ ironic_database_name }}"
+ name: "{{ item.database_name }}"
register: database
run_once: True
- delegate_to: "{{ groups['ironic-api'][0] }}"
+ delegate_to: "{{ item.delegate_to }}"
+ with_items:
+ - database_name: "{{ ironic_database_name }}"
+ delegate_to: "{{ groups['ironic-api'][0] }}"
+ - database_name: "{{ ironic_inspector_database_name }}"
+ delegate_to: "{{ groups['ironic-inspector'][0] }}"
- name: Creating Ironic database user and setting permissions
kolla_toolbox:
@@ -20,13 +25,20 @@
login_port: "{{ database_port }}"
login_user: "{{ database_user }}"
login_password: "{{ database_password }}"
- name: "{{ ironic_database_name }}"
- password: "{{ ironic_database_password }}"
+ name: "{{ item.database_name }}"
+ password: "{{ item.database_password }}"
host: "%"
- priv: "{{ ironic_database_name }}.*:ALL"
+ priv: "{{ item.database_name }}.*:ALL"
append_privs: "yes"
run_once: True
- delegate_to: "{{ groups['ironic-api'][0] }}"
+ delegate_to: "{{ item.delegate_to }}"
+ with_items:
+ - database_name: "{{ ironic_database_name }}"
+ database_password: "{{ ironic_database_password }}"
+ delegate_to: "{{ groups['ironic-api'][0] }}"
+ - database_name: "{{ ironic_inspector_database_name }}"
+ database_password: "{{ ironic_inspector_database_password }}"
+ delegate_to: "{{ groups['ironic-inspector'][0] }}"
- include: bootstrap_service.yml
when: database.changed
diff --git a/ansible/roles/ironic/tasks/bootstrap_service.yml b/ansible/roles/ironic/tasks/bootstrap_service.yml
index 986d1a6572..b25da1de34 100644
--- a/ansible/roles/ironic/tasks/bootstrap_service.yml
+++ b/ansible/roles/ironic/tasks/bootstrap_service.yml
@@ -17,3 +17,22 @@
- "/etc/localtime:/etc/localtime:ro"
run_once: True
delegate_to: "{{ groups['ironic-api'][0] }}"
+
+- name: Running Ironic Inspector bootstrap container
+ kolla_docker:
+ action: "start_container"
+ common_options: "{{ docker_common_options }}"
+ detach: False
+ environment:
+ KOLLA_BOOTSTRAP:
+ KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+ image: "{{ ironic_inspector_image_full }}"
+ labels:
+ BOOTSTRAP:
+ name: "bootstrap_ironic_inspector"
+ restart_policy: "never"
+ volumes:
+ - "{{ node_config_directory }}/ironic-inspector/:{{ container_config_directory }}/:ro"
+ - "/etc/localtime:/etc/localtime:ro"
+ run_once: True
+ delegate_to: "{{ groups['ironic-inspector'][0] }}"
diff --git a/ansible/roles/ironic/tasks/config.yml b/ansible/roles/ironic/tasks/config.yml
index d082ecf088..e3efcde0cd 100644
--- a/ansible/roles/ironic/tasks/config.yml
+++ b/ansible/roles/ironic/tasks/config.yml
@@ -9,6 +9,7 @@
- "ironic-conductor"
- "ironic-inspector"
- "ironic-pxe"
+ - "ironic-dnsmasq"
- name: Copying over config.json files for services
template:
@@ -19,6 +20,7 @@
- "ironic-conductor"
- "ironic-inspector"
- "ironic-pxe"
+ - "ironic-dnsmasq"
- name: Copying over ironic.conf
merge_configs:
@@ -36,7 +38,46 @@
with_items:
- "ironic-api"
- "ironic-conductor"
- - "ironic-inspector"
+
+- name: Copying over inspector.conf
+ merge_configs:
+ vars:
+ service_name: "ironic-inspector"
+ sources:
+ - "{{ role_path }}/templates/ironic-inspector.conf.j2"
+ - "{{ node_custom_config }}/global.conf"
+ - "{{ node_custom_config }}/database.conf"
+ - "{{ node_custom_config }}/messaging.conf"
+ - "{{ node_custom_config }}/ironic-inspector.conf"
+ - "{{ node_custom_config }}/ironic-inspector/inspector.conf"
+ - "{{ node_custom_config }}/ironic-inspector/{{ inventory_hostname }}/inspector.conf"
+ dest: "{{ node_config_directory }}/ironic-inspector/inspector.conf"
+
+- name: Copying over dnsmasq.conf
+ template:
+ src: "{{ item }}"
+ dest: "{{ node_config_directory }}/ironic-dnsmasq/dnsmasq.conf"
+ with_first_found:
+ - "{{ node_custom_config }}/ironic/ironic-dnsmasq.conf"
+ - "{{ node_custom_config }}/ironic/{{ inventory_hostname }}/ironic-dnsmasq.conf"
+ - "ironic-dnsmasq.conf.j2"
+
+- name: Copying pxelinux.cfg default
+ template:
+ src: "{{ item }}"
+ dest: "{{ node_config_directory }}/ironic-pxe/default"
+ with_first_found:
+ - "{{ node_custom_config }}/ironic/pxelinux.default"
+ - "{{ node_custom_config }}/ironic/{{ inventory_hostname }}/pxelinux.default"
+ - "pxelinux.default.j2"
+
+- name: Copying ironic-agent kernel and initramfs
+ copy:
+ src: "{{ node_custom_config }}/ironic/{{ item }}"
+ dest: "{{ node_config_directory }}/ironic-pxe/{{ item }}"
+ with_items:
+ - "ironic-agent.kernel"
+ - "ironic-agent.initramfs"
- name: Check if policies shall be overwritten
local_action: stat path="{{ node_custom_config }}/ironic/policy.json"
diff --git a/ansible/roles/ironic/tasks/deploy.yml b/ansible/roles/ironic/tasks/deploy.yml
index 09fa82b225..13589d6aa9 100644
--- a/ansible/roles/ironic/tasks/deploy.yml
+++ b/ansible/roles/ironic/tasks/deploy.yml
@@ -1,6 +1,7 @@
---
- include: register.yml
- when: inventory_hostname in groups['ironic-api']
+ when: inventory_hostname in groups['ironic-api'] or
+ inventory_hostname in groups['ironic-inspector']
- include: config.yml
when: inventory_hostname in groups['ironic-api'] or
@@ -9,7 +10,8 @@
inventory_hostname in groups['ironic-pxe']
- include: bootstrap.yml
- when: inventory_hostname in groups['ironic-api']
+ when: inventory_hostname in groups['ironic-api'] or
+ inventory_hostname in groups['ironic-inspector']
- include: start.yml
when: inventory_hostname in groups['ironic-api'] or
diff --git a/ansible/roles/ironic/tasks/register.yml b/ansible/roles/ironic/tasks/register.yml
index 0a6d52a1e7..71e25143d0 100644
--- a/ansible/roles/ironic/tasks/register.yml
+++ b/ansible/roles/ironic/tasks/register.yml
@@ -17,6 +17,7 @@
retries: 10
delay: 5
run_once: True
+ when: inventory_hostname in groups['ironic-api']
with_items:
- {'interface': 'admin', 'url': '{{ ironic_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ ironic_internal_endpoint }}'}
@@ -38,3 +39,46 @@
retries: 10
delay: 5
run_once: True
+ when: inventory_hostname in groups['ironic-api']
+
+- name: Creating the Ironic Inspector service and endpoint
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m kolla_keystone_service
+ -a "service_name=ironic-inspector
+ service_type=baremetal-introspection
+ description='Ironic Inspector baremetal introspection service'
+ endpoint_region={{ openstack_region_name }}
+ url='{{ item.url }}'
+ interface='{{ item.interface }}'
+ region_name={{ openstack_region_name }}
+ auth={{ '{{ openstack_ironic_inspector_auth }}' }}"
+ -e "{'openstack_ironic_inspector_auth':{{ openstack_ironic_inspector_auth }}}"
+ register: ironic_inspector_endpoint
+ changed_when: "{{ ironic_inspector_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (ironic_inspector_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ until: ironic_inspector_endpoint.stdout.split()[2] == 'SUCCESS'
+ retries: 10
+ delay: 5
+ run_once: True
+ when: inventory_hostname in groups['ironic-inspector']
+ with_items:
+ - {'interface': 'admin', 'url': '{{ ironic_inspector_admin_endpoint }}'}
+ - {'interface': 'internal', 'url': '{{ ironic_inspector_internal_endpoint }}'}
+ - {'interface': 'public', 'url': '{{ ironic_inspector_public_endpoint }}'}
+
+- name: Creating the Ironic Inspector project, user, and role
+ command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+ -m kolla_keystone_user
+ -a "project=service
+ user={{ ironic_inspector_keystone_user }}
+ password={{ ironic_inspector_keystone_password }}
+ role=admin
+ region_name={{ openstack_region_name }}
+ auth={{ '{{ openstack_ironic_inspector_auth }}' }}"
+ -e "{'openstack_ironic_inspector_auth':{{ openstack_ironic_inspector_auth }}}"
+ register: ironic_inspector_user
+ changed_when: "{{ ironic_inspector_user.stdout.find('localhost | SUCCESS => ') != -1 and (ironic_inspector_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+ until: ironic_inspector_user.stdout.split()[2] == 'SUCCESS'
+ retries: 10
+ delay: 5
+ run_once: True
+ when: inventory_hostname in groups['ironic-inspector']
diff --git a/ansible/roles/ironic/tasks/start.yml b/ansible/roles/ironic/tasks/start.yml
index 874f3e176b..22195d4586 100644
--- a/ansible/roles/ironic/tasks/start.yml
+++ b/ansible/roles/ironic/tasks/start.yml
@@ -51,4 +51,16 @@
volumes:
- "{{ node_config_directory }}/ironic-inspector/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
+ - "kolla_logs:/var/log/kolla"
when: inventory_hostname in groups['ironic-inspector']
+
+- name: Staring ironic-dnsmasq container
+ kolla_docker:
+ action: "start_container"
+ common_options: "{{ docker_common_options }}"
+ image: "{{ ironic_dnsmasq_image_full }}"
+ name: "ironic_dnsmasq"
+ volumes:
+ - "{{ node_config_directory }}/ironic-dnsmasq/:{{ container_config_directory }}/:ro"
+ - "/etc/localtime:/etc/localtime:ro"
+ when: inventory_hostname in groups['ironic-conductor']
diff --git a/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2 b/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2
new file mode 100644
index 0000000000..df0019a0ea
--- /dev/null
+++ b/ansible/roles/ironic/templates/ironic-dnsmasq.conf.j2
@@ -0,0 +1,10 @@
+port=0
+interface={{ api_interface }}
+bind-interfaces
+dhcp-range={{ ironic_dnsmasq_dhcp_range }}
+dhcp-sequential-ip
+
+dhcp-option=option:tftp-server,{{ kolla_internal_vip_address }}
+dhcp-option=option:server-ip-address,{{ kolla_internal_vip_address }}
+dhcp-option=option:bootfile-name,pxelinux.0
+dhcp-option=210,/tftpboot/
diff --git a/ansible/roles/ironic/templates/ironic-dnsmasq.json.j2 b/ansible/roles/ironic/templates/ironic-dnsmasq.json.j2
new file mode 100644
index 0000000000..baab505285
--- /dev/null
+++ b/ansible/roles/ironic/templates/ironic-dnsmasq.json.j2
@@ -0,0 +1,11 @@
+{
+ "command": "dnsmasq --no-daemon --conf-file=/etc/dnsmasq.conf",
+ "config_files": [
+ {
+ "source": "{{ container_config_directory }}/dnsmasq.conf",
+ "dest": "/etc/dnsmasq.conf",
+ "owner": "root",
+ "perm": "0600"
+ }
+ ]
+}
diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
new file mode 100644
index 0000000000..86a8975315
--- /dev/null
+++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
@@ -0,0 +1,35 @@
+[DEFAULT]
+debug = {{ ironic_logging_debug }}
+log_dir = /var/log/kolla/ironic
+
+listen_address = {{ api_interface_address }}
+listen_port = {{ ironic_inspector_port }}
+
+[ironic]
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ ironic_inspector_keystone_user }}
+password = {{ ironic_inspector_keystone_password }}
+
+[keystone_authtoken]
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ ironic_inspector_keystone_user }}
+password = {{ ironic_inspector_keystone_password }}
+
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+
+[firewall]
+dnsmasq_interface = {{ ironic_dnsmasq_interface }}
+
+[database]
+connection = mysql+pymysql://{{ ironic_inspector_database_user }}:{{ ironic_inspector_database_password }}@{{ ironic_inspector_database_address }}/{{ ironic_inspector_database_name }}
diff --git a/ansible/roles/ironic/templates/ironic-inspector.json.j2 b/ansible/roles/ironic/templates/ironic-inspector.json.j2
index e4c362050a..5db6cbc90c 100644
--- a/ansible/roles/ironic/templates/ironic-inspector.json.j2
+++ b/ansible/roles/ironic/templates/ironic-inspector.json.j2
@@ -1,9 +1,9 @@
{
- "command": "ironic-inspector --config-file /etc/ironic-inspector/ironic.conf",
+ "command": "ironic-inspector --config-file /etc/ironic-inspector/inspector.conf",
"config_files": [
{
- "source": "{{ container_config_directory }}/ironic.conf",
- "dest": "/etc/ironic-inspector/ironic.conf",
+ "source": "{{ container_config_directory }}/inspector.conf",
+ "dest": "/etc/ironic-inspector/inspector.conf",
"owner": "ironic",
"perm": "0600"
},
diff --git a/ansible/roles/ironic/templates/ironic-pxe.json.j2 b/ansible/roles/ironic/templates/ironic-pxe.json.j2
index 3fdf9d88bd..74c4295ca4 100644
--- a/ansible/roles/ironic/templates/ironic-pxe.json.j2
+++ b/ansible/roles/ironic/templates/ironic-pxe.json.j2
@@ -1,4 +1,23 @@
{
"command": "/usr/sbin/in.tftpd --verbose --foreground --user root --address 0.0.0.0:69 --map-file /map-file /tftpboot",
- "config_files": []
+ "config_files": [
+ {
+ "source": "{{ container_config_directory }}/ironic-agent.kernel",
+ "dest": "/tftpboot/ironic-agent.kernel",
+ "owner": "root",
+ "perm": "0644"
+ },
+ {
+ "source": "{{ container_config_directory }}/ironic-agent.initramfs",
+ "dest": "/tftpboot/ironic-agent.initramfs",
+ "owner": "root",
+ "perm": "0644"
+ },
+ {
+ "source": "{{ container_config_directory }}/default",
+ "dest": "/tftpboot/pxelinux.cfg/default",
+ "owner": "root",
+ "perm": "0644"
+ }
+ ]
}
diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2
index c1f84ae554..15109880f9 100644
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@@ -21,18 +21,6 @@ api_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port
automated_clean=false
{% endif %}
-{% if service_name == 'ironic-inspector' %}
-[ironic]
-os_auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v2.0
-os_username = {{ openstack_auth.username }}
-os_password = {{ openstack_auth.password }}
-os_tenant_name = {{ openstack_auth.project_name }}
-identity_uri = {{ openstack_auth.auth_url }}
-
-[firewall]
-dnsmasq_interface = {{ api_interface }}
-{% endif %}
-
[database]
connection = mysql+pymysql://{{ ironic_database_user }}:{{ ironic_database_password }}@{{ ironic_database_address }}/{{ ironic_database_name }}
max_retries = -1
@@ -57,3 +45,7 @@ glance_host = {{ kolla_internal_fqdn }}
[neutron]
url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}
+cleaning_network = {{ ironic_cleaning_network }}
+
+[inspector]
+enabled = true
diff --git a/ansible/roles/ironic/templates/pxelinux.default.j2 b/ansible/roles/ironic/templates/pxelinux.default.j2
new file mode 100644
index 0000000000..5304611a3d
--- /dev/null
+++ b/ansible/roles/ironic/templates/pxelinux.default.j2
@@ -0,0 +1,7 @@
+default introspect
+
+label introspect
+kernel ironic-agent.kernel
+append initrd=ironic-agent.initramfs ipa-inspection-callback-url=http://{{ kolla_internal_vip_address }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes
+
+ipappend 3
diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml
index bafe4906b9..928974bc72 100644
--- a/etc/kolla/passwords.yml
+++ b/etc/kolla/passwords.yml
@@ -87,6 +87,9 @@ murano_keystone_password:
ironic_database_password:
ironic_keystone_password:
+ironic_inspector_database_password:
+ironic_inspector_keystone_password:
+
magnum_database_password:
magnum_keystone_password: