The ironic_dnsmasq config for ironic inspector uses the internal VIP for
the TFTP server address DHCP option. This is not going to work,
since HAProxy is not configured to forward TFTP, and does not support
UDP forwarding anyway. The config should use the api_interface IP for
the host running ironic_dnsmasq.
Change-Id: I56a0d46e9b528041cacea7196a525891ed5922f0
Closes-Bug: #1761815
If SSL is enabled, api of multiple services returns
wrong external URL without https prefix.
Removal of condition for deletion of http header.
Change-Id: I4264e04d0d6b9a3e11ef7dd7add6c5e166cf9fb4
Closes-Bug: #1749155
Closes-Bug: #1717491
Fixes a bug where the Baremetal Introspection service's public endpoint
registered in the Identity service referenced the internal API endpoint.
Also updates keystone endpoints for the Baremetal and Baremetal
Introspection services during reconfigure and upgrade operations.
Previously this was only done during deploy.
Change-Id: I32d475f288bb4a3834c13cc86f0c53b5437c3d25
Closes-Bug: #1738418
Kolla-ansible typically configures services to access the internal API
endpoint of other services, rather than the default public endpoint.
This change ensures that this is the case for ironic inspector.
Change-Id: I998f12435fc1bd306444f9a68bd7f99f5b78f6f8
Closes-Bug: #1740591
Support pxe uefi mode following guide
https://docs.openstack.org/ironic/latest/install/configure-pxe.html
In the meantime, ironic-agent kernel and initramfs does not have to
be provided as precondition under /etc/kolla/config in such mode.
Add condition check as well.
Change-Id: Ieefcf5f9fe839eab63f3fe4a1c5cf845f4fd4eb5
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
This commit separates the messaging rpc and notify transports in order
to support separate and different oslo.messaging backends
This patch:
* add rpc and notify variables
* update service role conf templates
* add example to globals.yaml
* add release note
Implements: blueprint hybrid-messaging
Change-Id: I34691c2895c8563f1f322f0850ecff98d11b5185
The admin_password and admin_user in default section is discarded
in code, no longer be used anymore.
Change-Id: I1d31faf0781cb61d13aa6a76534e38783e4f920f
This patch fixes Jinja2 syntax error in ironic.conf.j2.
All kolla-kubernetes configurations was recently removed by [1], but the
commit overlooked to remove a '{% endif %}' statement in ironic.conf.j2.
[1] cacf08f0a6d009301f28c6723f399fb8c1daf267
Change-Id: I115fedfd026f14409b62f9552ff401956909f8a8
Closes-Bug: #1706230
The Ironic templates and roles assume Keystone is enabled and they don't
make use of the `enable_keystone var. This patch changes the behavior so
that `noauth` is used as auth method for Ironic if keystone is not
enabled, the Ironic endpoint is not registered if keystone is not
enabled and the keystone section is not created in the config file.
Change-Id: I813de42d10ac264eec81076cb107b58af09ff686
Ironic inspector should honour the Ansible inventory group
ironic-inspector. Ironic inspector may not be required at all. If
Ironic inspector is required then it should only run on a single
node, and this should be reflected by the inventory.
This change makes a number of Ironic inspector-related tasks dependent
upon the host's membership of the ironic-inspector group. Also, we
couple the ironic-dnsmasq container with the ironic-inspector group
rather than ironic-conductor, as the service is for inspector rather
than Ironic.
Change-Id: Ifd90753b0fe1a55c11b7723c28e1d14ab3d32737
Closes-Bug: #1665257
This reverts commit 898155dfd294371f361f0563a2c4ee1325487507.
The default value of the ironic configuration option default_boot_option
will eventually change from netboot to local. The netboot option is
incompatible with multitenancy in ironic, as it requires a PXE
environment in the tenant network, so it was no longer deemed a suitable
default value.
Ironic added a warning message when this option is not explicitly set,
presumably to alert operators to the change. The commit being reverted
set the option to 'netboot'. This will cause operators to continue to
use the netboot option even after the default value changes, which was
presumably not the intention of the ironic team in changing the default
value. It also hides the warning message from the operator that could
alert them to the fact that this default is changing.
Change-Id: I0ebb1d5ffbead50b034488337e6c93a2f48aaf69
Related-Bug: #1696636
kolla-kubernetes is using its own configuration generation[0], so it is
time for kolla-ansible to remove the related code to simplify the
logical.
[0] https://github.com/openstack/kolla-kubernetes/tree/master/ansible
Change-Id: I7bb0b7fe3b8eea906613e936d5e9d19f4f2e80bb
Implements: blueprint clean-k8s-config
As of [1], the ironic configuration for neutron, glance, swift,
inspector and service_catalog requires explicit configuration of
authentication parameters for communication with these services.
This change adds the required parameters to [neutron], [glance] and
[inspector] sections of ironic.conf. Kolla-ansible does not configure
the [swift] or [service_discovery] sections currently.
We also replace option [glance] glance_hosts with [glance]
glance_api_servers as the former is deprecated.
Since we no longer need to support generating configuration for
kolla-kubernetes[2], some related options have been cleaned.
[1]
4f9035c24f
[2]
https://blueprints.launchpad.net/kolla-ansible/+spec/clean-k8s-config
Change-Id: Ifc239af5f3e44a508fedc9dea08cb06160c4f7f3
Closes-Bug: #1701713
The TFTP server used by ironic and ironic inspector (in.tftpd) requires
files to be world readable in order for them to be accessible via
TFTP[1].
The permissions of these files were recently changed to 0600 along with
a number of other files[2].
This change reverts the permissions to 0644 for the ironic inspector PXE
configuration files.
[1] https://linux.die.net/man/8/in.tftpd (security section)
[2]
274291463e
Change-Id: Ibc281949ebf5bab1e1d2e450ec943728aa00943b
Closes-Bug: #1701695
The default value of default_boot_option configuration will
change eventually from "netboot" to "local".
It is recommended to set an explicit value for it during the
transition period
Change-Id: Ic42b84e82d4ad27e371536ad9915b5a32118012d
Closes-Bug: #1696636
XenServer drivers can be used to deploy hosts with Ironic by
using XenServer VMs to simulate bare metal nodes.
Ironic provides support via the pxe_ssh and agent_ssh drivers
for using a XenServer VM as a bare metal target and do provisioning on it.
Change-Id: Icd39f9f4573cf7c8c654591256f0228ef21d6117
Many of the templates use 600, remove unnecessary permission
on these templates to bring them in line with the others.
Change-Id: I30fe1b3822b9c7bb6ab98729fc519dc1d603db27
The pxelinux.cfg directory gets created but isn't owned by the correct
user. This patch ensures that the permissions are correctly updated.
Change-Id: Ifcb80018b72d40c5d4eccf059d1c3442b71be6f8
This change updates the ironic_inspector container deployment tasks
to use the new kolla ironic-inspector image (see kolla change
Ibdc5ba35db61f4974d4282aff34bcb5ccd952d45). The new image uses the
ironic-inspector user rather than the ironic user to execute the
ironic inspector service as this more closely aligns with what is
typically done by downstream packagers (specifically, Ubuntu and
RDO).
This change sets the owner and group to ironic-inspector when
copying configuration files into place, and uses the log directory
/var/log/kolla/ironic-inspector.
Change-Id: I8579d5c2d741636406ff60bececc74b50743b83e
Depends-On: Ibdc5ba35db61f4974d4282aff34bcb5ccd952d45
Closes-Bug: #1624457
* Ironic do not support multi glance ips.
* Write the nova-compute-ironic binary log to nova-compute-ironic.log
file
Change-Id: I87359c47a5845c4d7a6ab9daaefcc94a51c92eb0
Closes-Bug: #1671989
Ironic supports collecting log from IPA for debugging,
But it's not defined in kolla.
This is default settings about collecting log from IPA.
Closes-Bug: #1661468
Change-Id: Iccb47a70b12effb5a704435f334faee29538f9d2
Signed-off-by: jangpro2 <jangseon.ryu@gmail.com>
Currently it's not working in ironic-api, in spite of
setting openstack_service_workers config in globals.yml.
Because it's not implement about workers in ironic.
Closes-Bug: #1661173
Change-Id: I89de95fe03813ae44bcdbf9aac22b7337ffe4968
Signed-off-by: jangpro2 <jangseon.ryu@gmail.com>
* Mount system folder in ironic-conductor
* Add package need in ironic-conductor
* Fix the log path issue
* Add ironic sudoer in ironic-base
* Fix credential issue
* Do not start nova-compute when enable ironic
Closes-Bug: #1629334
Change-Id: If9d478c6513de37465403d458a88cf0da7ebd8a6
When ironic is deployed using kolla, in ironic.conf file
there is no configuration option of enabled_drivers present.
Change-Id: I5c9e7533e8ca139addee8cf4cc4084e856ae0306
Closes-Bug: 1610272
Make sure that all the sevices will attempt to
connect to the database an infinite about of times.
If the database ever disappears for some reason we
want the services to try and reconnect more than just
10 times.
Closes-bug: #1505636
Change-Id: I77abbf72ce5bfd68faa451bb9a72bd2544963f4b
The in-process cache for keystone tokens has been deprecated due to
"incosistent results and high memory usage" with the expectation we
switch to memcached_servers if we want to stay performant.
Add memcache_servers [cache] section to the appropriate servers as the
[DEFAULT]\memcache_servers options was deprecated.
TrivialFix
Related-Id: Ied2b88c8cefe5655a88d0c2f334de04e588fa75a
Change-Id: Ic971bdddc0be3338b15924f7cc0f97d4a3ad2440
