Skip to content
This repository has been archived by the owner on Jul 23, 2019. It is now read-only.

Commit

Permalink
WIP add ironic
Browse files Browse the repository at this point in the history
This adds ironic to the bootstrap VM.

We'll need to make this conditional on the platform, but for now
this gets added unconditionally like mdns/keepalived.

Also this doesn't yet support CACHEURL so the image downloads can take
a while, we'll need some way to ensure the master deployment waits until
the images are ready and that's still TODO.
  • Loading branch information
Steven Hardy committed Jun 14, 2019
1 parent 27dc191 commit e0a6a42
Show file tree
Hide file tree
Showing 5 changed files with 102 additions and 2 deletions.
73 changes: 73 additions & 0 deletions data/data/bootstrap/baremetal/files/usr/local/bin/startironic.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
#!/bin/bash

set -ex

IRONIC_IMAGE=${IRONIC_IMAGE:-"quay.io/metal3-io/ironic:master"}
IRONIC_INSPECTOR_IMAGE=${IRONIC_INSPECTOR_IMAGE:-"quay.io/metal3-io/ironic-inspector:master"}
IPA_DOWNLOADER_IMAGE=${IPA_DOWNLOADER_IMAGE:-"quay.io/metal3-io/ironic-ipa-downloader:master"}
COREOS_DOWNLOADER_IMAGE=${COREOS_DOWNLOADER_IMAGE:-"quay.io/openshift-metal3/rhcos-downloader:master"}

# FIXME this should be provided by the installer
RHCOS_IMAGE_URL="https://releases-art-rhcos.svc.ci.openshift.org/art/storage/releases/ootpa/410.8.20190508.1/"

# Start the provisioning nic if not already started
# FIXME we should detect the nic in the ironic container (currently relies on the ifname, and won't pick
# up the description added here)
# FIXME The IP/subnet and gateway should be provided via survey input?
# FIXME: the ironic containers currently bind to all interfaces, which is not secure in the
# case of the cluster, but we'll need the installer to access the public nic on the boostrap node
# so probably we'll need a forwarding rule after https://github.com/metal3-io/ironic-image/pull/56
PROVISIONING_NIC=ens4
if ! nmcli -t device | grep "$PROVISIONING_NIC:ethernet:connected:provisioning"; then
nmcli c add type ethernet ifname $PROVISIONING_NIC con-name provisioning ip4 172.22.0.2/24 gw4 172.22.0.1
fi

# set password for mariadb
mariadb_password=$(echo $(date;hostname)|sha256sum |cut -c-20)

IRONIC_SHARED_VOLUME="ironic"
podman volume create $IRONIC_SHARED_VOLUME || true

# Add firewall rules to ensure the IPA ramdisk can reach httpd, Ironic and the Inspector API on the host
for port in 80 5050 6385 ; do
if ! sudo iptables -C INPUT -i $PROVISIONING_NIC -p tcp -m tcp --dport $port -j ACCEPT > /dev/null 2>&1; then
sudo iptables -I INPUT -i $PROVISIONING_NIC -p tcp -m tcp --dport $port -j ACCEPT
fi
done

# Start dnsmasq, http, mariadb, and ironic containers using same image
# FIXME with the current version of podman/libpod on the bootstrap VM this
# breaks when trying to use a pod to encapsulate the containers
podman run -d --net host --privileged --name dnsmasq \
--env PROVISIONING_INTERFACE=$PROVISIONING_NIC \
-v $IRONIC_SHARED_VOLUME:/shared:z --entrypoint /bin/rundnsmasq ${IRONIC_IMAGE}

podman run -d --net host --privileged --name httpd \
--env PROVISIONING_INTERFACE=$PROVISIONING_NIC \
-v $IRONIC_SHARED_VOLUME:/shared:z --entrypoint /bin/runhttpd ${IRONIC_IMAGE}

podman run -d --net host --privileged --name mariadb \
-v $IRONIC_SHARED_VOLUME:/shared:z --entrypoint /bin/runmariadb \
--env MARIADB_PASSWORD=$mariadb_password ${IRONIC_IMAGE}

podman run -d --net host --name ipa-downloader \
-v $IRONIC_SHARED_VOLUME:/shared:z ${IPA_DOWNLOADER_IMAGE} /usr/local/bin/get-resource.sh

podman run -d --net host --name coreos-downloader \
-v $IRONIC_SHARED_VOLUME:/shared:z ${COREOS_DOWNLOADER_IMAGE} /usr/local/bin/get-resource.sh $RHCOS_IMAGE_URL

podman run -d --net host --privileged --name ironic-inspector \
--env PROVISIONING_INTERFACE=$PROVISIONING_NIC \
-v $IRONIC_SHARED_VOLUME:/shared:z "${IRONIC_INSPECTOR_IMAGE}"

podman run -d --net host --privileged --name ironic \
--env MARIADB_PASSWORD=$mariadb_password \
--env PROVISIONING_INTERFACE=$PROVISIONING_NIC \
-v $IRONIC_SHARED_VOLUME:/shared:z ${IRONIC_IMAGE}

while true; do
for name in ironic ironic-inspector dnsmasq httpd mariadb ipa-downloader coreos-downloader; do
podman ps | grep -w "$name$" || exit 1
done
sleep 10
done
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/bash

set -x

for name in ironic ironic-inspector dnsmasq httpd mariadb ipa-downloader coreos-downloader; do
podman ps | grep -w "$name$" && podman kill $name
podman ps --all | grep -w "$name$" && podman rm $name -f
done
16 changes: 16 additions & 0 deletions data/data/bootstrap/baremetal/systemd/units/ironic.service
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
[Unit]
Description=Baremetal Deployment with Ironic
Wants=network-online.target
After=network-online.target

[Service]
ExecStart=/usr/local/bin/startironic.sh
ExecStop=/usr/local/bin/stopironic.sh
ConditionPathExists=!/etc/pivot/image-pullspec

Restart=on-failure
RestartSec=5
TimeoutStartSec=600

[Install]
WantedBy=multi-user.target
3 changes: 3 additions & 0 deletions pkg/asset/ignition/bootstrap/bootstrap.go
Original file line number Diff line number Diff line change
Expand Up @@ -274,6 +274,7 @@ func (a *Bootstrap) addSystemdUnits(uri string, templateData *bootstrapTemplateD
// baremetal platform services
"keepalived.service": {},
"coredns.service": {},
"ironic.service": {},
}

directory, err := data.Assets.Open(uri)
Expand Down Expand Up @@ -378,6 +379,8 @@ func readFile(name string, reader io.Reader, templateData interface{}) (finalNam
if err != nil {
return name, data, err
}
logrus.Tracef("SHDEBUG Rendering file %s", name)
logrus.Tracef("SHDEBUG templateData %s", templateData)
stringData := applyTemplateData(tmpl, templateData)
data = []byte(stringData)
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/types/baremetal/defaults/platform.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ import (

const (
LibvirtURI = "qemu:///system"
IronicURI = "http://localhost:6385/v1"
IronicURI = "http://172.22.0.2:6385/v1"
ExternalBridge = "baremetal"
ProvisioningBridge = "provisioning"
HardwareProfile = "default"
ApiVIP = ""
ApiVIP = ""
)

// SetPlatformDefaults sets the defaults for the platform.
Expand Down

0 comments on commit e0a6a42

Please sign in to comment.