Add ironic adoption

* New test make target `test-with-ironic`, runs playbook tests_with_ironic.yaml. * The `ironic_adoption` role contains the steps to adopt ironic and ironic-inspector services. * Minor changes to roles keystone_adoption and ovn_adoption to facilitate the ironic adoption. * Split up tasks in nova_adoption role to `nova_libvirt.yaml` and `nova_ironic.yaml`. Use condition on `ironic_adoption` var to include the appropriate tasks file.
booxter · Apr 10, 2024 · 6f2abb0 · 6f2abb0
1 parent 54f0564
commit 6f2abb0
Show file tree

Hide file tree

Showing 18 changed files with 639 additions and 108 deletions.
diff --git a/Makefile b/Makefile
@@ -31,6 +31,11 @@ test-rollback-with-ceph:
 	mkdir -p tests/logs
 	ANSIBLE_CONFIG=$(TEST_CONFIG) ansible-playbook -v -i $(TEST_INVENTORY) -e @$(TEST_VARS) -e @$(TEST_SECRETS) $(TEST_ARGS) tests/playbooks/test_rollback_with_ceph.yaml 2>&1 | tee $(TEST_OUTFILE)
 
+test-with-ironic: TEST_OUTFILE := tests/logs/test_with_ironic_out_$(shell date +%FT%T%Z).log
+test-with-ironic:
+	mkdir -p tests/logs
+	ANSIBLE_CONFIG=$(TEST_CONFIG) ansible-playbook -v -i $(TEST_INVENTORY) -e @$(TEST_VARS) -e @$(TEST_SECRETS) tests/playbooks/test_with_ironic.yaml 2>&1 | tee $(TEST_OUTFILE)
+
 ### DOCS ###
 
 docs-dependencies: .bundle

diff --git a/docs_dev/assemblies/development_environment.adoc b/docs_dev/assemblies/development_environment.adoc
@@ -55,7 +55,7 @@ cd ~/install_yamls
 make nmstate
 make namespace
 cd devsetup  # back to install_yamls/devsetup
-make bmaas
+make bmaas BMAAS_NODE_COUNT=2
 ----
 
 A node definition YAML file to use with the `openstack baremetal

diff --git a/docs_user/modules/openstack-ironic_adoption.adoc b/docs_user/modules/openstack-ironic_adoption.adoc
@@ -33,6 +33,8 @@ $CONTROLLER1_SSH cat /var/lib/config-data/puppet-generated/ironic/etc/ironic/iro
 
 It is critical that this configuration file comes from one of the controllers and *not* an Undercloud node. The Director Undercloud node specifically operated with different configuration which would not be appropriate or applicable to apply when adopting the Overcloud Ironic deployment.
 
+If adopting the Ironic Inspector service you need the value of the `IronicInspectorSubnets` Director parameter. Use the same values to populate the `dhcpRanges` parameter in the target environment.
+
 == Configurations
 
 As described in xref:planning-the-new-deployment_{context}[Planning the new deployment], Ironic is configured using
@@ -89,11 +91,25 @@ spec:
   ironic:
     enabled: true
     template:
+      rpcTransport: oslo
       databaseInstance: openstack
       ironicAPI:
         replicas: 1
+        override:
+          service:
+            internal:
+              metadata:
+                annotations:
+                  metallb.universe.tf/address-pool: internalapi
+                  metallb.universe.tf/allow-shared-ip: internalapi
+                  metallb.universe.tf/loadBalancerIPs: 172.17.0.80
+              spec:
+                type: LoadBalancer
       ironicConductors:
       - replicas: 1
+        networkAttachments:
+          - baremetal
+        provisionNetwork: baremetal
         storageRequest: 10G
         customServiceConfig: |
           [neutron]
@@ -105,17 +121,51 @@ spec:
           automated_clean=true
       ironicInspector:
         replicas: 1
+        inspectionNetwork: baremetal
+        networkAttachments:
+          - baremetal
+        dhcpRanges:
+          - name: inspector-0
+            cidr: 172.20.1.0/24
+            start: 172.20.1.190
+            end: 172.20.1.199
+            gateway: 172.20.1.1
+        serviceUser: ironic-inspector
+        databaseAccount: ironic-inspector
+        passwordSelectors:
+          database: IronicInspectorDatabasePassword
+          service: IronicInspectorPassword
       ironicNeutronAgent:
         replicas: 1
+        rabbitMqClusterName: rabbitmq
       secret: osp-secret
 '
 ----
 
-// TODO ? Do we want to include something like nova has
-// oc wait --for condition=Ready --timeout=300s Nova/nova
-
 After applying the this configuration, the operator will begin to apply the configuration and start the necessary Ironic services. Once the services have reached a running state, Ironic will automatically begin polling the power state of baremetal nodes for which it is configured to manage. 
 
+Wait for Ironic control plane services' CRs to become ready:
+
+[source,bash]
+----
+oc wait --for condition=Ready --timeout=300s ironics.ironic.openstack.org ironic
+
+# Optionally verify the individual services
+oc wait --for condition=Ready --timeout=300s ironicapis.ironic.openstack.org ironic-api
+oc wait --for condition=Ready --timeout=300s ironicconductors.ironic.openstack.org ironic-conductor
+oc wait --for condition=Ready --timeout=300s ironicinspectors.ironic.openstack.org ironic-inspector
+oc wait --for condition=Ready --timeout=300s ironicneutronagents.ironic.openstack.org ironic-ironic-neutron-agent
+----
+
+=== Updating the DNS Nameservers on the provisoning/cleaning/rescue networks ===
+
+For name resolution to work for ironic operations the DNS nameserver must be set to use the internal DNS servers in the new Openstack Controlplane.
+
+[source,bash]
+----
+openstack subnet set --dns-nameserver 192.168.122.80 provisioning-subnet
+----
+
 === Role Based Access Control - Navigating upstream improvements
 
 It is critical to note that newer versions of Ironic, by default, contains a more restritive access control model while also becoming multi-tenant aware. By default you may find baremetal nodes missing from a `openstack baremetal node list` command *after* upgrading. Your nodes have not been deleted, but the `owner` field needs to be set on each baremetal node due to the increased access restrictions in the Role Based Access Control model. Because this involves access controls and the model of use which can be site specific, it is highly recommended that you identify the "project" to "own" the baremetal nodes.

diff --git a/docs_user/modules/proc_adopting-the-compute-service.adoc b/docs_user/modules/proc_adopting-the-compute-service.adoc
@@ -21,6 +21,7 @@ must already be imported into the control plane MariaDB;
  ** the xref:adopting-the-image-service_{context}[Adopting the Image service] needs to be imported;
  ** the xref:migrating-ovn-data_migrating-databases[Migrating OVN data] need to be imported;
  ** the xref:adopting-the-networking-service_{context}[Adopting the Networking service] needs to be imported;
+ ** the xref:adopting-the-bare-metal-provisioning-service_{context}[Adopting the Openstack Baremetal service] needs to be imported;
  ** Required services specific topology
 xref:pulling-the-openstack-configuration_{context}[Pulling the OpenStack configuration].
 //kgilliga: this xref should specifically point to the Get services topology specific configuration module when it's ready.
@@ -111,6 +112,22 @@ spec:
 '
 ----
 
+* If adopting nova with the Baremetal service (`ironic`), append the following `novaComputeTemplates` in the `cell1` section of the Nova CR patch:
++
+*NOTE*: Set the `[DEFAULT]host` configuration option to match the hostname of the node running the `ironic` compute driver in the source cloud.
++
+[source,yaml]
+----
+        cell1:
+          novaComputeTemplates:
+            standalone:
+              customServiceConfig: |
+                [DEFAULT]
+                host = standalone.localdomain
+                [workarounds]
+                disable_compute_service_check_for_ffu=true
+----
+
 . Wait for {compute_service} control plane services' custom resources (CRs) to become ready:
 +
 ----

diff --git a/tests/playbooks/test_with_ironic.yaml b/tests/playbooks/test_with_ironic.yaml
@@ -0,0 +1,42 @@
+- name: Prelude
+  hosts: local
+  gather_facts: false
+  module_defaults:
+    ansible.builtin.shell:
+      executable: /bin/bash
+  roles:
+    - prelude_local
+
+- name: Cleanup
+  hosts: local
+  gather_facts: false
+  module_defaults:
+    ansible.builtin.shell:
+      executable: /bin/bash
+  roles:
+    - pcp_cleanup
+
+- name: Adoption
+  hosts: local
+  gather_facts: false
+  force_handlers: true
+  module_defaults:
+    ansible.builtin.shell:
+      executable: /bin/bash
+  vars:
+    ironic_adoption: true
+  roles:
+    - role: development_environment
+    - role: backend_services
+    - role: pull_openstack_configuration
+    - role: stop_openstack_services
+    - role: mariadb_copy
+    - role: ovn_adoption
+    - role: keystone_adoption
+    - role: neutron_adoption
+    - role: swift_adoption
+    - role: glance_adoption
+    - role: ironic_adoption
+    - role: placement_adoption
+    - role: nova_adoption
+    - role: stop_remaining_services
diff --git a/tests/roles/development_environment/files/pre_launch_ironic.bash b/tests/roles/development_environment/files/pre_launch_ironic.bash
@@ -1,5 +1,40 @@
 set -e
 
+function wait_node_state() {
+  local node_state=$1
+  local retries=50
+  local counter=0
+  set +e
+  until ! ${BASH_ALIASES[openstack]} baremetal node list -f value -c "Provisioning\ State" | grep -P "^(?!${node_state}).*$"; do
+    if [[ "$counter" -eq "$retries" ]]; then
+      echo "ERROR: Timeout. Nodes did not reach provisioning state: ${node_state}"
+      exit 1
+    fi
+    echo "Waiting for nodes to reach provisioning state: ${node_state}"
+    sleep 10
+    ((counter++))
+  done
+  set -e
+}
+
+function wait_image_active() {
+  local image_name=$1
+  local retries=100
+  local counter=0
+  set +e
+  until ! ${BASH_ALIASES[openstack]} image show  Fedora-Cloud-Base-38 -f value -c status | grep -P "^(?!active).*$"; do
+    if [[ "$counter" -eq "$retries" ]]; then
+      echo "ERROR: Timeout. Image: ${image_name} did not reach state: active"
+      exit 1
+    fi
+    echo "Waiting for image \"${image_name}\" to reach state \"active\""
+    sleep 10
+    ((counter++))
+  done
+  set -e
+}
+
+
 # If the snapshot was reverted, and time is way off we get SSL issues in agent<->ironic connection
 # Workaround by restarting chronyd.service
 ssh -i $EDPM_PRIVATEKEY_PATH [email protected] systemctl restart chronyd.service
@@ -37,22 +72,29 @@ URL=https://download.fedoraproject.org/pub/fedora/linux/releases/38/Cloud/x86_64
 curl --silent --show-error -o /tmp/${IMG} -L $URL
 DISK_FORMAT=$(qemu-img info /tmp/${IMG} | grep "file format:" | awk '{print $NF}')
 ${BASH_ALIASES[openstack]} image create --container-format bare --disk-format ${DISK_FORMAT} Fedora-Cloud-Base-38 < /tmp/${IMG}
+wait_image_active Fedora-Cloud-Base-38
+
 
 export BAREMETAL_NODES=$(${BASH_ALIASES[openstack]} baremetal node list -c UUID -f value)
 # Manage nodes
 for node in $BAREMETAL_NODES; do
-  ${BASH_ALIASES[openstack]} baremetal node manage $node --wait 120
+  ${BASH_ALIASES[openstack]} baremetal node manage $node
 done
+wait_node_state "manageable"
 
 # Inspect baremetal nodes
 for node in $BAREMETAL_NODES; do
-  ${BASH_ALIASES[openstack]} baremetal node inspect $node --wait 300
+  ${BASH_ALIASES[openstack]} baremetal node inspect $node
+  sleep 10
 done
+wait_node_state "manageable"
 
 # Provide nodes
 for node in $BAREMETAL_NODES; do
-  ${BASH_ALIASES[openstack]} baremetal node provide $node --wait 300
+  ${BASH_ALIASES[openstack]} baremetal node provide $node
+  sleep 10
 done
+wait_node_state "available"
 
 # Wait for nova to be aware of the node
 sleep 60

diff --git a/tests/roles/ironic_adoption/meta/main.yaml b/tests/roles/ironic_adoption/meta/main.yaml
@@ -0,0 +1,2 @@
+dependencies:
+  - role: common_defaults