Extending overcloud nodes provisioning

Starting with the Queens release, the new ansible deploy interface is available in Ironic. Unlike the default iSCSI deploy interface, it is highly customizable through operator-provided Ansible playbooks. These playbooks will run on the target image when Ironic boots the deploy ramdisk.

Warning

The ansible deploy interface support in TripleO is technical preview in the Queens release. This guide may change substantially as the feature is stabilizing.

Note

This feature is not related to the ongoing work of switching overcloud configuration to Ansible.

Enabling Ansible deploy

The ansible deploy interface is enabled by default starting with Queens. However, additional configuration is required when installing an undercloud.

Custom ansible playbooks

To avoid modifying playbooks, provided by the distribution, you must copy them to a new location that is accessible by Ironic. In this guide it is /var/lib/ironic.

Note

Use of the /var/lib directory is not fully compliant to FHS. We do it because for containerized undercloud this directory is shared between the host and the ironic-conductor container.

  1. Set up repositories and install the Ironic common package, if it is not installed yet:

    sudo yum install -y openstack-ironic-common
    
  2. Copy the files to the new location (/var/lib/ironic/playbooks):

    sudo cp -R /usr/lib/python2.7/site-packages/ironic/drivers/modules/ansible/playbooks/ \
        /var/lib/ironic
    

Installing undercloud

  1. Generate an SSH key pair, for example:

    ssh-keygen -t rsa -b 2048 -f ~/ipa-ssh -N ''
    

    Warning

    The private part should not be password-protected or Ironic will not be able to use it.

  2. Create a custom hieradata override. Pass the public SSH key for the deploy ramdisk to the common PXE parameters, and set the new playbooks path.

    For example, create a file called ansible-deploy.yaml with the following content:

    ironic::drivers::ansible::default_username: 'root'
    ironic::drivers::ansible::default_key_file: '/var/lib/ironic/ipa-ssh'
    ironic::drivers::ansible::playbooks_path: '/var/lib/ironic/playbooks'
    ironic::drivers::pxe::pxe_append_params: 'nofb nomodeset vga=normal selinux=0 sshkey="<INSERT PUBLIC KEY HERE>"'
    
  3. Link to this file in your undercloud.conf:

    hieradata_override=/home/stack/ansible-deploy.yaml
    
  4. Deploy or update your undercloud as usual.

  5. Move the private key to /var/lib/ironic and ensure correct ACLs:

    sudo mv ~/ipa-ssh /var/lib/ironic
    sudo chown ironic:ironic /var/lib/ironic/ipa-ssh
    sudo chmod 0600 /var/lib/ironic/ipa-ssh
    

Enabling temporary URLs

  1. First, enable the admin user access to other Swift accounts:

    $ openstack role add --user admin --project service ResellerAdmin
    
  2. Check if the service account has a temporary URL key generated in the Object Store service. Look for Temp-Url-Key properties in the output of the following command:

    $ openstack --os-project-name service object store account show
    +------------+---------------------------------------+
    | Field      | Value                                 |
    +------------+---------------------------------------+
    | Account    | AUTH_97ae97383424400d8ee1a54c3a2c41a0 |
    | Bytes      | 2209530996                            |
    | Containers | 5                                     |
    | Objects    | 42                                    |
    +------------+---------------------------------------+
    
  3. If the property is not present, generate a value and add it:

    $ openstack --os-project-name service object store account set \
        --property Temp-URL-Key=$(uuidgen | sha1sum | awk '{print $1}')
    

Configuring nodes

Nodes have to be explicitly configured to use the Ansible deploy. For example, to configure all nodes, use:

for node in $(openstack baremetal node list -f value -c UUID); do
    openstack baremetal node set $node --deploy-interface ansible
done

Editing playbooks

Example: kernel arguments

Let’s modify the playbooks to include additional kernel parameters for some nodes.

  1. Update /var/lib/ironic/playbooks/roles/configure/tasks/grub.yaml from

    - name: create grub config
      become: yes
      command: chroot {{ tmp_rootfs_mount }} /bin/sh -c '{{ grub_config_cmd }} -o {{ grub_config_file }}'
    

    to

    - name: append kernel params
      become: yes
      lineinfile:
        dest: "{{ tmp_rootfs_mount }}/etc/default/grub"
        state: present
        line: 'GRUB_CMDLINE_LINUX+=" {{ ironic_extra.kernel_params | default("") }}"'
    - name: create grub config
      become: yes
      command: chroot {{ tmp_rootfs_mount }} /bin/sh -c '{{ grub_config_cmd }} -o {{ grub_config_file }}'
    
  2. Set the newly introduced kernel_params extra variable to the desired kernel parameters. For example, to update only compute nodes use:

    for node in $(openstack baremetal node list -c Name -f value | grep compute); do
        openstack baremetal node set $node \
            --extra kernel_params='param1=value1 param2=value2'
    done