From db0d3989f1d1de2cbfc74a5be99a42583042781b Mon Sep 17 00:00:00 2001 From: Rafal Lewandowski Date: Wed, 6 Dec 2023 14:40:14 +0100 Subject: [PATCH] Add Redfish rules to Ironic and Bifrost introspection Change-Id: I719fc8042742fe8b3b0312658aec39317a1bc358 (cherry picked from commit be2b1a4eda39892e56fb5317a074d377ca2ba157) --- ansible/inventory/group_vars/all/bifrost | 6 ++ ansible/inventory/group_vars/all/inspector | 71 ++++++++++++++++++- ansible/overcloud-introspection-rules.yml | 2 + ansible/seed-introspection-rules.yml | 2 + .../configuration/reference/bifrost.rst | 12 +++- etc/kayobe/bifrost.yml | 6 ++ etc/kayobe/inspector.yml | 18 +++++ .../notes/redfish_rules-956ca7498f5f13b4.yaml | 12 ++++ 8 files changed, 125 insertions(+), 4 deletions(-) create mode 100644 releasenotes/notes/redfish_rules-956ca7498f5f13b4.yaml diff --git a/ansible/inventory/group_vars/all/bifrost b/ansible/inventory/group_vars/all/bifrost index 49d8f64f1..ee239d0ea 100644 --- a/ansible/inventory/group_vars/all/bifrost +++ b/ansible/inventory/group_vars/all/bifrost @@ -111,6 +111,12 @@ kolla_bifrost_inspector_ipmi_username: "{{ ipmi_username }}" # Ironic inspector IPMI password to set. kolla_bifrost_inspector_ipmi_password: "{{ ipmi_password }}" +# Ironic inspector Redfish username to set. +kolla_bifrost_inspector_redfish_username: "{{ inspector_redfish_username }}" + +# Ironic inspector Redfish password to set. +kolla_bifrost_inspector_redfish_password: "{{ inspector_redfish_password }}" + # Ironic inspector network interface name on which to check for an LLDP switch # port description to use as the node's name. kolla_bifrost_inspector_lldp_switch_port_interface: "{{ inspector_lldp_switch_port_interface_default }}" diff --git a/ansible/inventory/group_vars/all/inspector b/ansible/inventory/group_vars/all/inspector index 1abe5fcaf..81b3f51e0 100644 --- a/ansible/inventory/group_vars/all/inspector +++ b/ansible/inventory/group_vars/all/inspector @@ -72,6 +72,12 @@ inspector_ipmi_username: "{{ ipmi_username }}" # Ironic inspector IPMI password to set. inspector_ipmi_password: "{{ ipmi_password }}" +# Ironic inspector Redfish username to set. +inspector_redfish_username: "{{ ipmi_username }}" + +# Ironic inspector Redfish password to set. +inspector_redfish_password: "{{ ipmi_password }}" + # Ironic inspector default network interface name on which to check for an LLDP # switch port description to use as the node's name. inspector_lldp_switch_port_interface_default: eth0 @@ -83,12 +89,27 @@ inspector_lldp_switch_port_interface_map: {} ############################################################################### # Ironic inspector introspection rules configuration. +# Enable IPMI rules: +inspector_rules_ipmi_enabled: True + # IPMI username referenced by inspector rule. inspector_rule_var_ipmi_username: # IPMI password referenced by inspector rule. inspector_rule_var_ipmi_password: +# Enable Redfish rules +inspector_rules_redfish_enabled: False + +# Redfish username referenced by inspector rule. +inspector_rule_var_redfish_username: + +# Redfish password referenced by inspector rule. +inspector_rule_var_redfish_password: + +# Redfish CA setting. +inspector_rule_var_redfish_verify_ca: True + # Ironic inspector rule to set IPMI credentials. inspector_rule_ipmi_credentials: description: "Set IPMI driver_info if no credentials" @@ -304,9 +325,47 @@ inspector_rule_save_data: path: "extra/introspection_data" value: "{data}" +# Redfish rules +# Ironic inspector rule to set Redfish credentials. +inspector_rule_redfish_credentials: + description: "Set Redfish driver_info if no credentials" + conditions: + - field: "node://driver_info.redfish_username" + op: "is-empty" + - field: "node://driver_info.redfish_password" + op: "is-empty" + actions: + - action: "set-attribute" + path: "driver_info/redfish_username" + value: "{{ inspector_rule_var_redfish_username }}" + - action: "set-attribute" + path: "driver_info/redfish_password" + value: "{{ inspector_rule_var_redfish_password }}" + +# Ironic inspector rule to set Redfish address. +inspector_rule_redfish_address: + description: "Set Redfish address" + conditions: + - field: "node://driver_info.redfish_address" + op: "is-empty" + actions: + - action: "set-attribute" + path: "driver_info/redfish_address" + value: "{data[inventory][bmc_address]}" + +# Ironic inspector rule to set Redfish certificate authority. +inspector_rule_redfish_verify_ca: + description: "Set Redfish Verify CA" + conditions: + - field: "node://driver_info.redfish_verify_ca" + op: "is-empty" + actions: + - action: "set-attribute" + path: "driver_info/redfish_verify_ca" + value: "{{ inspector_rule_var_redfish_verify_ca }}" + # List of default ironic inspector rules. inspector_rules_default: - - "{{ inspector_rule_ipmi_credentials }}" - "{{ inspector_rule_deploy_kernel }}" - "{{ inspector_rule_deploy_ramdisk }}" - "{{ inspector_rule_root_hint_init }}" @@ -318,11 +377,19 @@ inspector_rules_default: - "{{ inspector_rule_save_system_vendor_serial_number }}" - "{{ inspector_rule_save_system_vendor_product_name }}" +inspector_rules_ipmi: + - "{{ inspector_rule_ipmi_credentials }}" + +inspector_rules_redfish: + - "{{ inspector_rule_redfish_credentials }}" + - "{{ inspector_rule_redfish_address }}" + - "{{ inspector_rule_redfish_verify_ca }}" + # List of additional ironic inspector rules. inspector_rules_extra: [] # List of all ironic inspector rules. -inspector_rules: "{{ inspector_rules_default + inspector_rules_extra }}" +inspector_rules: "{{ inspector_rules_default + inspector_rules_extra + (inspector_rules_ipmi if inspector_rules_ipmi_enabled | bool else []) + (inspector_rules_redfish if inspector_rules_redfish_enabled | bool else []) }}" ############################################################################### # Dell switch LLDP workaround configuration. diff --git a/ansible/overcloud-introspection-rules.yml b/ansible/overcloud-introspection-rules.yml index 98d3ca8cc..667288740 100644 --- a/ansible/overcloud-introspection-rules.yml +++ b/ansible/overcloud-introspection-rules.yml @@ -70,6 +70,8 @@ # These variables may be referenced in the introspection rules. inspector_rule_var_ipmi_username: "{{ inspector_ipmi_username }}" inspector_rule_var_ipmi_password: "{{ inspector_ipmi_password }}" + inspector_rule_var_redfish_username: "{{ inspector_redfish_username }}" + inspector_rule_var_redfish_password: "{{ inspector_redfish_password }}" inspector_rule_var_lldp_switch_port_interface: "{{ inspector_lldp_switch_port_interface_default }}" inspector_rule_var_deploy_kernel: "{{ ipa_kernel_id.stdout }}" inspector_rule_var_deploy_ramdisk: "{{ ipa_ramdisk_id.stdout }}" diff --git a/ansible/seed-introspection-rules.yml b/ansible/seed-introspection-rules.yml index 185b1b454..2ceb050cb 100644 --- a/ansible/seed-introspection-rules.yml +++ b/ansible/seed-introspection-rules.yml @@ -14,6 +14,8 @@ # These variables may be referenced in the introspection rules. inspector_rule_var_ipmi_username: "{{ kolla_bifrost_inspector_ipmi_username }}" inspector_rule_var_ipmi_password: "{{ kolla_bifrost_inspector_ipmi_password }}" + inspector_rule_var_redfish_username: "{{ kolla_bifrost_inspector_ipmi_username }}" + inspector_rule_var_redfish_password: "{{ kolla_bifrost_inspector_ipmi_password }}" inspector_rule_var_lldp_switch_port_interface: "{{ kolla_bifrost_inspector_lldp_switch_port_interface }}" inspector_rule_var_deploy_kernel: "{{ kolla_bifrost_inspector_deploy_kernel }}" inspector_rule_var_deploy_ramdisk: "{{ kolla_bifrost_inspector_deploy_ramdisk }}" diff --git a/doc/source/configuration/reference/bifrost.rst b/doc/source/configuration/reference/bifrost.rst index 7d3b71025..db7361fdc 100644 --- a/doc/source/configuration/reference/bifrost.rst +++ b/doc/source/configuration/reference/bifrost.rst @@ -266,8 +266,8 @@ The following options configure the Ironic Inspector service in the ``{{ ipmi_password }}``, defined in ``${KAYOBE_CONFIG_PATH}/bmc.yml``. ``kolla_bifrost_inspector_lldp_switch_port_interface`` Ironic inspector network interface name on which to check for an LLDP switch - port description to use as the node's name. Default is ``{{ - inspector_lldp_switch_port_interface_default }}``, defined in + port description to use as the node's name. Default is + ``{{ inspector_lldp_switch_port_interface_default }}``, defined in ``${KAYOBE_CONFIG_PATH}/inspector.yml``. ``kolla_bifrost_inspector_deploy_kernel`` Ironic inspector deployment kernel location. Default is ``http://{{ @@ -279,6 +279,14 @@ The following options configure the Ironic Inspector service in the Timeout of hardware inspection on overcloud nodes, in seconds. Default is ``{{ inspector_inspection_timeout }}``, defined in ``${KAYOBE_CONFIG_PATH}/inspector.yml``. +``kolla_bifrost_inspector_redfish_username`` + Ironic inspector Redfish username to set via an introspection rule. + Defined in ``${KAYOBE_CONFIG_PATH}/bifrost.yml``. Default is + ``{{ inspector_redfish_username }}``. +``kolla_bifrost_inspector_redfish_password`` + Ironic inspector Redfish username to set via an introspection rule. + Defined in ``${KAYOBE_CONFIG_PATH}/bifrost.yml``. Default is + ``{{ inspector_redfish_username }}``. Ironic Python Agent (IPA) configuration ======================================= diff --git a/etc/kayobe/bifrost.yml b/etc/kayobe/bifrost.yml index 53921a1b4..296d0a874 100644 --- a/etc/kayobe/bifrost.yml +++ b/etc/kayobe/bifrost.yml @@ -110,6 +110,12 @@ # Ironic inspector IPMI password to set. #kolla_bifrost_inspector_ipmi_password: +# Ironic inspector Redfish username to set. +#kolla_bifrost_inspector_redfish_username: + +# Ironic inspector Redfish password to set. +#kolla_bifrost_inspector_redfish_password: + # Ironic inspector network interface name on which to check for an LLDP switch # port description to use as the node's name. #kolla_bifrost_inspector_lldp_switch_port_interface: diff --git a/etc/kayobe/inspector.yml b/etc/kayobe/inspector.yml index 90c5d8750..123481a5f 100644 --- a/etc/kayobe/inspector.yml +++ b/etc/kayobe/inspector.yml @@ -58,6 +58,9 @@ ############################################################################### # Ironic inspector configuration. +# Ironic inspector option to enable IPMI rules. Set to 'True' by default. +#inspector_rules_ipmi_enabled: + # Ironic inspector IPMI username to set. #inspector_ipmi_username: @@ -72,6 +75,21 @@ # check for an LLDP switch port description to use as the node's name. #inspector_lldp_switch_port_interface_map: +# Ironic inspector uses IPMI by default enroll the baremetal nodes, however it +# is possible to use Redfish instead. To do that enable Redfish and make sure +# all of the necessary variables below have been properly set. +# Enable inspector Redfish rules. Set to 'False' by default. +#inspector_rules_redfish_enabled: + +# Ironic inspector Redfish username to set. +#inspector_redfish_username: + +# Ironic inspector Redfish password to set. +#inspector_redfish_password: + +# Redfish CA setting. Set to 'True' by default +#inspector_rule_var_redfish_verify_ca: + ############################################################################### # Ironic inspector introspection rules configuration. diff --git a/releasenotes/notes/redfish_rules-956ca7498f5f13b4.yaml b/releasenotes/notes/redfish_rules-956ca7498f5f13b4.yaml new file mode 100644 index 000000000..b6f0ed23e --- /dev/null +++ b/releasenotes/notes/redfish_rules-956ca7498f5f13b4.yaml @@ -0,0 +1,12 @@ +--- +features: + - | + Adds new Redfish rules to Ironic and Bifrost introspection + New variables available: + * ``inspector_rules_redfish_enabled`` + * ``inspector_redfish_username`` + * ``inspector_redfish_password`` + * ``inspector_rule_var_redfish_verify_ca`` + * ``inspector_rules_ipmi_enabled`` + * ``kolla_bifrost_inspector_redfish_username`` + * ``kolla_bifrost_inspector_redfish_password``