summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTiago Gomes <tiago.gomes@codethink.co.uk>2015-04-01 09:04:02 +0000
committerTiago Gomes <tiago.gomes@codethink.co.uk>2015-04-17 11:51:17 +0100
commit7f138d531f5d30dddef1a5b828b91bf26b71ea06 (patch)
treec005fd647e1c956f2e36cd1105cb797ad9a27342
parent87dfef316f63446cc1ebe91a1402eaa00eb33ead (diff)
downloaddefinitions-7f138d531f5d30dddef1a5b828b91bf26b71ea06.tar.gz
Openstack: Make Ironic configurable
This commit configures Ironic to integrate with Keystone, Neutron and Glance. Nova integration will be added in a following commit. Change-Id: Id557e8e048b6051d764b4915192cfd55bfe68d32
-rw-r--r--clusters/openstack-one-node.morph5
-rw-r--r--openstack-ironic.configure136
-rw-r--r--openstack/manifest7
-rw-r--r--openstack/usr/lib/systemd/system/openstack-ironic-api.service13
-rw-r--r--openstack/usr/lib/systemd/system/openstack-ironic-conductor.service13
-rw-r--r--openstack/usr/lib/systemd/system/openstack-ironic-setup.service10
-rw-r--r--openstack/usr/share/openstack/ironic.yml104
-rw-r--r--openstack/usr/share/openstack/ironic/ironic.conf34
-rw-r--r--systems/openstack-system-x86_64.morph1
9 files changed, 306 insertions, 17 deletions
diff --git a/clusters/openstack-one-node.morph b/clusters/openstack-one-node.morph
index 4c8e9851..3c659598 100644
--- a/clusters/openstack-one-node.morph
+++ b/clusters/openstack-one-node.morph
@@ -81,6 +81,11 @@ systems:
NEUTRON_DB_PASSWORD: veryinsecure
METADATA_PROXY_SHARED_SECRET: novaneutronmetasecret
+ IRONIC_SERVICE_USER: ironic
+ IRONIC_SERVICE_PASSWORD: veryinsecure
+ IRONIC_DB_USER: ironicDB
+ IRONIC_DB_PASSWORD: veryinsecure
+
HOSTS_CONTROLLER: <management ip> onenode
# Network interface to be used, only needed if there are more
diff --git a/openstack-ironic.configure b/openstack-ironic.configure
new file mode 100644
index 00000000..50d8e5c6
--- /dev/null
+++ b/openstack-ironic.configure
@@ -0,0 +1,136 @@
+#!/bin/sh
+
+# Copyright (C) 2015 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -e
+
+ROOT="$1"
+
+##########################################################################
+
+ln -sf "/usr/lib/systemd/system/openstack-ironic-setup.service" \
+ "$ROOT/etc/systemd/system/multi-user.target.wants/openstack-ironic-setup.service"
+
+##########################################################################
+# Check variables
+##########################################################################
+
+if [ -z "$IRONIC_SERVICE_USER" -a \
+ -z "$IRONIC_SERVICE_PASSWORD" -a \
+ -z "$IRONIC_DB_USER" -a \
+ -z "$IRONIC_DB_PASSWORD" -a \
+ -z "$RABBITMQ_HOST" -a \
+ -z "$RABBITMQ_USER" -a \
+ -z "$RABBITMQ_PASSWORD" -a \
+ -z "$RABBITMQ_PORT" -a \
+ -z "$CONTROLLER_HOST_ADDRESS" -a \
+ -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -a \
+ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" ]; then
+ # No Ironic options defined, do nothing.
+ exit 0
+fi
+
+if [ -z "$IRONIC_SERVICE_USER" -o \
+ -z "$IRONIC_SERVICE_PASSWORD" -o \
+ -z "$IRONIC_DB_USER" -o \
+ -z "$IRONIC_DB_PASSWORD" -o \
+ -z "$RABBITMQ_HOST" -o \
+ -z "$RABBITMQ_USER" -o \
+ -z "$RABBITMQ_PASSWORD" -o \
+ -z "$RABBITMQ_PORT" -o \
+ -z "$CONTROLLER_HOST_ADDRESS" -o \
+ -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -o \
+ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" ]; then
+ echo Some options required for Ironic were defined, but not all.
+ exit 1
+fi
+
+##########################################################################
+# Generate configuration file
+##########################################################################
+
+OPENSTACK_DATA="$ROOT/etc/openstack"
+mkdir -p "$OPENSTACK_DATA"
+
+python <<'EOF' >"$OPENSTACK_DATA/ironic.conf"
+import os, sys, yaml
+
+ironic_configuration={
+ 'IRONIC_SERVICE_USER': os.environ['IRONIC_SERVICE_USER'],
+ 'IRONIC_SERVICE_PASSWORD': os.environ['IRONIC_SERVICE_PASSWORD'],
+ 'IRONIC_DB_USER': os.environ['IRONIC_DB_USER'],
+ 'IRONIC_DB_PASSWORD': os.environ['IRONIC_DB_PASSWORD'],
+ 'RABBITMQ_HOST':os.environ['RABBITMQ_HOST'],
+ 'RABBITMQ_PORT':os.environ['RABBITMQ_PORT'],
+ 'RABBITMQ_USER':os.environ['RABBITMQ_USER'],
+ 'RABBITMQ_PASSWORD':os.environ['RABBITMQ_PASSWORD'],
+ 'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'],
+ 'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'],
+ 'KEYSTONE_TEMPORARY_ADMIN_TOKEN': os.environ['KEYSTONE_TEMPORARY_ADMIN_TOKEN'],
+
+}
+
+yaml.dump(ironic_configuration, sys.stdout, default_flow_style=False)
+EOF
+
+##########################################################################
+# Configure the TFTP service #
+##########################################################################
+
+tftp_root="/srv/tftp_root/" # trailing slash is essential
+mkdir -p "$ROOT/$tftp_root"
+
+install -D /dev/stdin -m 644 "$ROOT/usr/lib/systemd/system/tftp-hpa.service" << 'EOF'
+[Unit]
+Description=tftp service for booting kernels
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+EnvironmentFile=/etc/tftp-hpa.conf
+ExecStart=/usr/sbin/in.tftpd $TFTP_OPTIONS ${TFTP_ROOT}
+StandardInput=socket
+StandardOutput=inherit
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+install -D /dev/stdin -m 644 "$ROOT/usr/lib/systemd/system/tftp-hpa.socket" << EOF
+[Unit]
+Description=Tftp server activation socket
+
+[Socket]
+ListenDatagram=$MANAGEMENT_INTERFACE_IP_ADDRESS:69
+FreeBind=yes
+
+[Install]
+WantedBy=sockets.target
+EOF
+
+install -D -m 644 /dev/stdin "$ROOT"/etc/tftp-hpa.conf << EOF
+TFTP_ROOT=$tftp_root
+TFTP_OPTIONS="-v -v -v -v -v --map-file $tftp_root/map-file"
+EOF
+
+install -D /dev/stdin -m 644 "$ROOT/$tftp_root"/map-file << EOF
+r ^([^/]) $tftp_root\1
+r ^/tftpboot/ $tftp_root\2
+EOF
+
+cp "$ROOT"/usr/share/syslinux/pxelinux.0 "$ROOT/$tftp_root"
diff --git a/openstack/manifest b/openstack/manifest
index 4fa106ae..ad2841d8 100644
--- a/openstack/manifest
+++ b/openstack/manifest
@@ -24,6 +24,10 @@
0100644 0 0 /usr/share/openstack/glance/glance-api-paste.ini
0100644 0 0 /usr/share/openstack/glance/glance-registry-paste.ini
0100644 0 0 /usr/share/openstack/horizon.yml
+0040755 0 0 /usr/share/openstack/ironic
+0100644 0 0 /usr/share/openstack/ironic.yml
+0100644 0 0 /usr/share/openstack/ironic/ironic.conf
+0100644 0 0 /usr/share/openstack/ironic/policy.json
0100644 0 0 /usr/share/openstack/keystone.yml
0040755 0 0 /usr/share/openstack/keystone
0100644 0 0 /usr/share/openstack/keystone/logging.conf
@@ -119,6 +123,9 @@
0100644 0 0 /usr/lib/systemd/system/openstack-glance-api.service
0100644 0 0 /usr/lib/systemd/system/openstack-glance-registry.service
0100644 0 0 /usr/lib/systemd/system/openstack-horizon-setup.service
+0100644 0 0 /usr/lib/systemd/system/openstack-ironic-setup.service
+0100644 0 0 /usr/lib/systemd/system/openstack-ironic-api.service
+0100644 0 0 /usr/lib/systemd/system/openstack-ironic-conductor.service
0100644 0 0 /usr/lib/systemd/system/openstack-network-setup.service
0100644 0 0 /usr/lib/systemd/system/openstack-neutron-setup.service
0100644 0 0 /usr/lib/systemd/system/openstack-neutron-server.service
diff --git a/openstack/usr/lib/systemd/system/openstack-ironic-api.service b/openstack/usr/lib/systemd/system/openstack-ironic-api.service
new file mode 100644
index 00000000..83d56787
--- /dev/null
+++ b/openstack/usr/lib/systemd/system/openstack-ironic-api.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=OpenStack Bare Metal Provisioning Service (code-named Ironic) API server
+After=syslog.target network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=ironic
+ExecStart=/usr/bin/ironic-api --config-file /etc/ironic/ironic.conf
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/openstack/usr/lib/systemd/system/openstack-ironic-conductor.service b/openstack/usr/lib/systemd/system/openstack-ironic-conductor.service
new file mode 100644
index 00000000..f276f6f0
--- /dev/null
+++ b/openstack/usr/lib/systemd/system/openstack-ironic-conductor.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=OpenStack Bare Metal Provisioning Service (code-named Ironic) Conductor server
+After=syslog.target network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=ironic
+ExecStart=/usr/bin/ironic-conductor --config-file /etc/ironic/ironic.conf
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/openstack/usr/lib/systemd/system/openstack-ironic-setup.service b/openstack/usr/lib/systemd/system/openstack-ironic-setup.service
new file mode 100644
index 00000000..443d2829
--- /dev/null
+++ b/openstack/usr/lib/systemd/system/openstack-ironic-setup.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Run ironic-setup Ansible scripts
+After=local-fs.target openstack-keystone-setup.service postgres-server.service
+
+[Service]
+ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/ironic.yml
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/openstack/usr/share/openstack/ironic.yml b/openstack/usr/share/openstack/ironic.yml
new file mode 100644
index 00000000..db0a8aa8
--- /dev/null
+++ b/openstack/usr/share/openstack/ironic.yml
@@ -0,0 +1,104 @@
+---
+- hosts: localhost
+ vars_files:
+ - "/etc/openstack/ironic.conf"
+ tasks:
+ - name: Create the ironic user
+ user:
+ name: ironic
+ comment: Openstack Ironic Daemons
+ shell: /sbin/nologin
+ home: /var/lib/ironic
+
+ - name: Create the /var folders for Ironic
+ file:
+ path: "{{ item }}"
+ state: directory
+ owner: ironic
+ group: ironic
+ with_items:
+ - /var/run/ironic
+ - /var/lock/ironic
+ - /var/log/ironic
+ - /var/lib/ironic
+
+ - file: path=/etc/ironic state=directory
+ - name: Add the configuration needed for ironic in /etc/ironic using templates
+ template:
+ src: /usr/share/openstack/ironic/{{ item }}
+ dest: /etc/ironic/{{ item }}
+ with_lines:
+ - cd /usr/share/openstack/ironic && find -type f
+
+ - name: Create Ironic service user in service tenant
+ keystone_user:
+ user: "{{ IRONIC_SERVICE_USER }}"
+ password: "{{ IRONIC_SERVICE_PASSWORD }}"
+ tenant: service
+ token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}"
+
+ - name: Assign admin role to Ironic service user in the service tenant
+ keystone_user:
+ role: admin
+ user: "{{ IRONIC_SERVICE_USER }}"
+ tenant: service
+ token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}"
+
+ - name: Add Ironic endpoint
+ keystone_service:
+ name: ironic
+ type: baremetal
+ description: Openstack Ironic Service
+ publicurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:6385'
+ internalurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:6385'
+ adminurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:6385'
+ region: 'regionOne'
+ token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}"
+
+ - name: Create postgresql user for Ironic
+ postgresql_user:
+ name: "{{ IRONIC_DB_USER }}"
+ login_host: "{{ CONTROLLER_HOST_ADDRESS }}"
+ password: "{{ IRONIC_DB_PASSWORD }}"
+ sudo: yes
+ sudo_user: ironic
+
+ - name: Create database for Ironic services
+ postgresql_db:
+ name: ironic
+ owner: "{{ IRONIC_DB_USER }}"
+ login_host: "{{ CONTROLLER_HOST_ADDRESS }}"
+ sudo: yes
+ sudo_user: ironic
+
+ - name: Initiate Ironic database
+ # Use 'upgrade' instead of 'create_schema' to make the operation
+ # idempotent
+ shell: |
+ ironic-dbsync \
+ --config-file /etc/ironic/ironic.conf upgrade
+ sudo: yes
+ sudo_user: ironic
+
+ - name: Enable and start openstack-ironic services
+ service:
+ name: "{{ item }}"
+ enabled: yes
+ state: started
+ with_items:
+ - openstack-ironic-conductor.service
+ - openstack-ironic-api.service
+
+ - name: Set owner and group for the tftp root directory
+ file:
+ path: "/srv/tftp_root/"
+ state: directory
+ owner: ironic
+ group: ironic
+ recurse: yes
+
+ - name: Enable and start tftp-hpa
+ service:
+ name: tftp-hpa.socket
+ enabled: yes
+ state: started
diff --git a/openstack/usr/share/openstack/ironic/ironic.conf b/openstack/usr/share/openstack/ironic/ironic.conf
index 9aaae0e6..6888ede6 100644
--- a/openstack/usr/share/openstack/ironic/ironic.conf
+++ b/openstack/usr/share/openstack/ironic/ironic.conf
@@ -76,11 +76,11 @@
# The RabbitMQ broker address where a single node is used.
# (string value)
-#rabbit_host=localhost
+rabbit_host={{ RABBITMQ_HOST }}
# The RabbitMQ broker port where a single node is used.
# (integer value)
-#rabbit_port=5672
+rabbit_port={{ RABBITMQ_PORT }}
# RabbitMQ HA cluster host:port pairs. (list value)
#rabbit_hosts=$rabbit_host:$rabbit_port
@@ -89,10 +89,10 @@
#rabbit_use_ssl=false
# The RabbitMQ userid. (string value)
-#rabbit_userid=guest
+rabbit_userid={{ RABBITMQ_USER }}
# The RabbitMQ password. (string value)
-#rabbit_password=guest
+rabbit_password={{ RABBITMQ_PASSWORD }}
# the RabbitMQ login method (string value)
#rabbit_login_method=AMQPLAIN
@@ -190,7 +190,7 @@
#
# IP address of this host. (string value)
-#my_ip=10.0.0.1
+my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# Use IPv6. (boolean value)
#use_ipv6=false
@@ -217,7 +217,7 @@
# present on your system may be found by enumerating the
# "ironic.drivers" entrypoint. An example may be found in the
# developer documentation online. (list value)
-#enabled_drivers=pxe_ipmitool
+enabled_drivers=pxe_ipmitool,pxe_ssh
#
@@ -520,7 +520,7 @@
# URL of Ironic API service. If not set ironic can get the
# current value from the keystone service catalog. (string
# value)
-#api_url=<None>
+api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385
# Seconds between conductor heart beats. (integer value)
#heartbeat_interval=10
@@ -635,7 +635,7 @@
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
-#connection=<None>
+connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ironic
# The SQLAlchemy connection string to use to connect to the
# slave database. (string value)
@@ -817,7 +817,7 @@
#
# Default glance hostname or IP address. (string value)
-#glance_host=$my_ip
+glance_host={{ CONTROLLER_HOST_ADDRESS }}
# Default glance port. (integer value)
#glance_port=9292
@@ -917,12 +917,12 @@
#auth_protocol=https
# Complete public Identity API endpoint (string value)
-#auth_uri=<None>
+auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
# Complete admin Identity API endpoint. This should specify
# the unversioned root endpoint e.g. https://localhost:35357/
# (string value)
-#identity_uri=<None>
+identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
# API version of the admin Identity API endpoint (string
# value)
@@ -950,14 +950,14 @@
#admin_token=<None>
# Keystone account username (string value)
-#admin_user=<None>
+admin_user={{ IRONIC_SERVICE_USER }}
# Keystone account password (string value)
-#admin_password=<None>
+admin_password={{ IRONIC_SERVICE_PASSWORD }}
# Keystone service account tenant name to validate user tokens
# (string value)
-#admin_tenant_name=admin
+admin_tenant_name=service
# Env key for the swift cache (string value)
#cache=<None>
@@ -1109,7 +1109,7 @@
#
# URL for connecting to neutron. (string value)
-#url=http://$my_ip:9696
+url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696
# Timeout value for connecting to neutron in seconds. (integer
# value)
@@ -1173,11 +1173,11 @@
#tftp_server=$my_ip
# Ironic compute node's tftp root path. (string value)
-#tftp_root=/tftpboot
+tftp_root=/srv/tftp_root/
# Directory where master tftp images are stored on disk.
# (string value)
-#tftp_master_path=/tftpboot/master_images
+tftp_master_path=/srv/tftp_root/master_images
# Bootfile DHCP parameter. (string value)
#pxe_bootfile_name=pxelinux.0
diff --git a/systems/openstack-system-x86_64.morph b/systems/openstack-system-x86_64.morph
index 0d706f34..ac784730 100644
--- a/systems/openstack-system-x86_64.morph
+++ b/systems/openstack-system-x86_64.morph
@@ -72,3 +72,4 @@ configuration-extensions:
- fstab
- swift-storage
- openstack-swift-controller
+- openstack-ironic