feat: add ironic environment mixins

Introduce the `stack-ironic` environment mixin. This environment is
intended to be used as an environment mixin that other environments
depend upon. It implements configuration for the `Ironic` service such
that hardware support for `idrac`, `ipmi` and `redfish`.

- Drop in support for ironic configuration
- Apply sensible tweaks to `ironic` services
- Add playbook for adding port groups

Signed-off-by: Jack Hodgkiss <jack@stackhpc.com>

Author: jackhodgkiss

etc/kayobe/environments/stack-ironic/ansible/add-port-groups.yml

@@ -0,0 +1,131 @@
+---
+- name: Add Ironic Port Groups
+  hosts: controllers[0]
+  vars:
+    venv: "{{ virtualenv_path }}/openstack-cli"
+  tasks:
+    - name: Set up openstack cli virtualenv
+      pip:
+        virtualenv: "{{ venv }}"
+        name:
+          - python-openstackclient
+          - python-ironicclient
+        state: latest
+        virtualenv_command: "python3.{{ ansible_facts.python.version.minor }} -m venv"
+        extra_args: "{% if pip_upper_constraints_file %}-c {{ pip_upper_constraints_file }}{% endif %}"
+
+- name: Ensure Ironic port groups exist
+  hosts: baremetal-compute-is-bonded
+  gather_facts: false
+  max_fail_percentage: >-
+    {{ baremetal_compute_register_max_fail_percentage |
+       default(baremetal_compute_max_fail_percentage) |
+       default(kayobe_max_fail_percentage) |
+       default(100) }}
+  tags:
+    - baremetal
+  vars:
+    venv: "{{ virtualenv_path }}/openstack-cli"
+    controller_host: "{{ groups['controllers'][0] }}"
+  tasks:
+    - name: Check Ironic variables are defined
+      ansible.builtin.assert:
+        that:
+          - ironic_bond_physical_network_name is defined
+          - ironic_bond_mode is defined
+          - ironic_bond_miimon is defined
+          - ironic_bond_xmit_hash_policy is defined
+          - ironic_bond_is_standalone_ports is defined
+        fail_msg: One or more Ironic variables are undefined.
+
+    - block:
+        - name: Show baremetal node
+          ansible.builtin.command:
+            cmd: "{{ venv }}/bin/openstack baremetal node show {{ inventory_hostname }} -f json"
+          register: node_show
+          failed_when:
+            - '"HTTP 404" in node_show.stderr'
+            - node_show.rc != 0
+          changed_when: false
+
+        - name: Set baremetal_uuid fact
+          ansible.builtin.set_fact:
+            baremetal_uuid: "{{ (node_show.stdout | from_json).uuid }}"
+
+        - name: Get baremetal port
+          ansible.builtin.command:
+            cmd: "{{ venv }}/bin/openstack baremetal port list --long --node {{ baremetal_uuid }} -f json --sort-column Address"
+          register: port_list
+          changed_when: false
+
+        - name: Set port facts
+          ansible.builtin.set_fact:
+            baremetal_ports: "{{ baremetal_ports | default([]) + [item] }}"
+          loop: "{{ port_list.stdout | from_json | community.general.json_query(_query) }}"
+          vars:
+            _query: "[?\"Physical Network\"=='{{ ironic_bond_physical_network_name }}'].{uuid: UUID, mac_address: Address, port_group: \"Portgroup UUID\"}"
+
+        - name: List existing port groups
+          ansible.builtin.command:
+            cmd: "{{ venv }}/bin/openstack baremetal port group list"
+          register: existing_port_groups
+          changed_when: false
+
+        - name: Create port group
+          ansible.builtin.command:
+            cmd: >
+              {{ venv }}/bin/openstack baremetal port group create
+              --node {{ baremetal_uuid }}
+              --name {{ inventory_hostname }}
+              --address {{ baremetal_ports[0].mac_address }}
+              --mode {{ ironic_bond_mode }}
+              --property miimon={{ ironic_bond_miimon }}
+              --property xmit_hash_policy="{{ ironic_bond_xmit_hash_policy }}"
+              {{ '--support-standalone-ports' if ironic_bond_is_standalone_ports | bool else '' }}
+          register: create_port_group
+          when:
+            - "inventory_hostname not in existing_port_groups.stdout"
+            - "baremetal_ports[0].mac_address not in existing_port_groups.stdout"
+          changed_when:
+            - create_port_group.rc == 0
+
+        - name: Show port group uuid
+          ansible.builtin.command:
+            cmd: "{{ venv }}/bin/openstack baremetal port group show {{ inventory_hostname }} -f value -c uuid"
+          register: port_group_show
+          changed_when: false
+
+        - name: Set port group uuid fact
+          ansible.builtin.set_fact:
+            port_group_uuid: "{{ port_group_show.stdout }}"
+
+        - block:
+          - name: Enter maintenance mode
+            ansible.builtin.command: |
+              {{ venv }}/bin/openstack
+              baremetal node maintenance set {{ inventory_hostname }}
+              {{ '--reason ' + maintenance_reason | default('None', true) | quote }}
+            vars:
+              maintenance_reason: "Maintenance entered at {{ '%Y-%m-%d %H:%M:%S' | strftime() }} for port group association"
+
+          - name: Associate port group with ports
+            ansible.builtin.command:
+              cmd: "{{ venv }}/bin/openstack baremetal port set --port-group {{ port_group_uuid }} {{ item.uuid }}"
+            register: associate_port_group
+            loop: "{{ baremetal_ports }}"
+            changed_when:
+              - associate_port_group.rc == 0
+
+          - name: Exit maintenance mode
+            ansible.builtin.command: |
+              {{ venv }}/bin/openstack
+              baremetal node maintenance unset {{ inventory_hostname }}
+          when: >
+            baremetal_ports | selectattr('port_group', 'undefined') | list | length > 0 or
+            baremetal_ports | selectattr('port_group', 'none') | list | length > 0
+      delegate_to: "{{ controller_host }}"
+      vars:
+        # NOTE: Without this, the controller's ansible_host variable will not
+        # be respected when using delegate_to.
+        ansible_host: "{{ hostvars[controller_host].ansible_host | default(controller_host) }}"
+      environment: "{{ openstack_auth_env }}"

etc/kayobe/environments/stack-ironic/inspector.yml

@@ -0,0 +1,29 @@
+---
+###############################################################################
+# Ironic inspector processing configuration.
+
+# List of of additional inspector processing plugins.
+inspector_processing_hooks_extra:
+  - system_name_llc
+  - system_name_physnet
+
+# Which MAC addresses to add as ports during introspection. One of 'all',
+# 'active' or 'pxe'.
+inspector_add_ports: all
+
+# Which ports to keep after introspection. One of 'all', 'present', or 'added'.
+inspector_keep_ports: added
+
+# Whether to enable discovery of nodes not managed by Ironic.
+inspector_enable_discovery: false
+
+# The Ironic driver with which to register newly discovered nodes.
+inspector_discovery_enroll_node_driver: redfish
+
+###############################################################################
+# Inspection store configuration.
+# The inspection store provides a Swift-like service for storing inspection
+# data which may be useful in environments without Swift.
+
+# Whether the inspection data store is enabled.
+inspector_store_enabled: false

etc/kayobe/environments/stack-ironic/inventory/group_vars/baremetal-compute/ironic.yml

@@ -0,0 +1,5 @@
+---
+ironic_properties:
+  capabilities: "{{ ironic_capabilities }}"
+
+ironic_capabilities: "boot_option:local,boot_mode:uefi"

etc/kayobe/environments/stack-ironic/inventory/group_vars/baremetal-idrac/ironic.yml

@@ -0,0 +1,13 @@
+---
+ironic_driver: idrac
+
+ironic_driver_info:
+  redfish_address: "{{ ironic_redfish_address }}"
+  redfish_username: "{{ ironic_redfish_username }}"
+  redfish_password: "{{ ironic_redfish_password }}"
+  redfish_verify_ca: "{{ ironic_redfish_verify_ca }}"
+
+ironic_redfish_verify_ca: false
+ironic_redfish_address: "{{ redfish_address }}"
+ironic_redfish_username: "{{ secrets_idrac_baremetal_username }}"
+ironic_redfish_password: "{{ secrets_idrac_baremetal_password }}"

etc/kayobe/environments/stack-ironic/inventory/group_vars/baremetal-ipmi/ironic.yml

@@ -0,0 +1,13 @@
+---
+ironic_driver: ipmi
+
+ironic_driver_info:
+  ipmi_address: "{{ ironic_ipmi_address }}"
+  ipmi_username: "{{ ironic_ipmi_username }}"
+  ipmi_password: "{{ ironic_ipmi_password }}"
+  ipmi_verify_ca: "{{ ironic_ipmi_verify_ca }}"
+
+ironic_ipmi_verify_ca: false
+ironic_ipmi_address: "{{ ipmi_address }}"
+ironic_ipmi_username: "{{ secrets_ipmi_baremetal_username }}"
+ironic_ipmi_password: "{{ secrets_ipmi_baremetal_password }}"

etc/kayobe/environments/stack-ironic/inventory/group_vars/baremetal-redfish/ironic.yml

@@ -0,0 +1,13 @@
+---
+ironic_driver: redfish
+
+ironic_driver_info:
+  redfish_address: "{{ ironic_redfish_address }}"
+  redfish_username: "{{ ironic_redfish_username }}"
+  redfish_password: "{{ ironic_redfish_password }}"
+  redfish_verify_ca: "{{ ironic_redfish_verify_ca }}"
+
+ironic_redfish_verify_ca: false
+ironic_redfish_address: "{{ redfish_address }}"
+ironic_redfish_username: "{{ secrets_redfish_baremetal_username }}"
+ironic_redfish_password: "{{ secrets_redfish_baremetal_password }}"

etc/kayobe/environments/stack-ironic/inventory/group_vars/controllers/network_routing.yml

@@ -0,0 +1,18 @@
+---
+# Use policy-based routing on the admin API network for ironic. This ensures
+# that during provisioning and cleaning, nodes accessing the admin API network
+# can be routed to without routing asymmetrically which would cause packets to be
+# dropped by the kernel.
+network_route_tables:
+  - name: admin-api
+    id: 1
+
+# IP routing rule to process all packets from the admin API subnet using the
+# admin-api routing table.
+internal_rules:
+  - from {{ internal_net_name | net_cidr }} table 1
+
+# IP routes for the admin-api routing table.
+internal_routes:
+  - cidr: "{{ internal_net_name | net_cidr }}"
+    table: 1

etc/kayobe/environments/stack-ironic/inventory/groups

@@ -0,0 +1,8 @@
+[baremetal-idrac]
+[baremetal-ipmi]
+[baremetal-redfish]
+
+[baremetal-compute:children]
+baremetal-idrac
+baremetal-ipmi
+baremetal-redfish

etc/kayobe/environments/stack-ironic/inventory/hosts

@@ -0,0 +1,141 @@
+---
+###############################################################################
+# Ironic configuration.
+
+# Specify the list of hardware types to load during service initialization.
+kolla_ironic_enabled_hardware_types:
+  - idrac
+  - ipmi
+  - redfish
+
+# Specify the list of bios interfaces to load during service initialization.
+kolla_ironic_enabled_bios_interfaces:
+  - idrac-redfish
+  - no-bios
+  - redfish
+
+# Default bios interface to be used for nodes that do not have bios_interface
+# field set.
+kolla_ironic_default_bios_interface:
+
+# Specify the list of boot interfaces to load during service initialization.
+kolla_ironic_enabled_boot_interfaces:
+  - idrac-redfish-virtual-media
+  - ipxe
+  - pxe
+  - redfish-virtual-media
+
+# Default boot interface to be used for nodes that do not have boot_interface
+# field set.
+kolla_ironic_default_boot_interface:
+
+# Specify the list of console interfaces to load during service initialization.
+kolla_ironic_enabled_console_interfaces:
+  - ipmitool-socat
+  - no-console
+
+# Default console interface to be used for nodes that do not have
+# console_interface field set.
+kolla_ironic_default_console_interface:
+
+# Specify the list of deploy interfaces to load during service initialization.
+kolla_ironic_enabled_deploy_interfaces:
+  - direct
+  - ramdisk
+
+# Default deploy interface to be used for nodes that do not have
+# deploy_interface field set.
+kolla_ironic_default_deploy_interface:
+
+# Specify the list of inspect interfaces to load during service initialization.
+kolla_ironic_enabled_inspect_interfaces:
+  - inspector
+  - no-inspect
+
+# Default inspect interface to be used for nodes that do not have
+# inspect_interface field set.
+kolla_ironic_default_inspect_interface:
+
+# Specify the list of management interfaces to load during service
+# initialization.
+kolla_ironic_enabled_management_interfaces:
+  - idrac-redfish
+  - ipmitool
+  - noop
+  - redfish
+
+# Default management interface to be used for nodes that do not have
+# management_interface field set.
+kolla_ironic_default_management_interface:
+
+# Specify the list of network interfaces to load during service initialization.
+kolla_ironic_enabled_network_interfaces:
+  - flat
+  - neutron
+  - noop
+
+# Default network interface to be used for nodes that do not have
+# network_interface field set.
+kolla_ironic_default_network_interface:
+
+# Specify the list of power interfaces to load during service initialization.
+kolla_ironic_enabled_power_interfaces:
+  - idrac-redfish
+  - ipmitool
+  - redfish
+
+# Default power interface to be used for nodes that do not have power_interface
+# field set.
+kolla_ironic_default_power_interface:
+
+# Specify the list of raid interfaces to load during service initialization.
+kolla_ironic_enabled_raid_interfaces:
+  - agent
+  - idrac-redfish
+  - no-raid
+  - redfish
+
+# Default raid interface to be used for nodes that do not have
+# raid_interface field set.
+kolla_ironic_default_raid_interface:
+
+# Specify the list of rescue interfaces to load during service initialization.
+kolla_ironic_enabled_rescue_interfaces:
+  - agent
+  - no-rescue
+
+# Default rescue interface to be used for nodes that do not have
+# rescue_interface field set.
+kolla_ironic_default_rescue_interface:
+
+# Specify the list of storage interfaces to load during
+# service initialization.
+kolla_ironic_enabled_storage_interfaces:
+
+# Default storage interface to be used for nodes that do not
+# have storage_interface field set.
+kolla_ironic_default_storage_interface:
+
+# Specify the list of vendor interfaces to load during service initialization.
+kolla_ironic_enabled_vendor_interfaces:
+  - no-vendor
+
+# Default vendor interface to be used for nodes that do not have
+# vendor_interface field set.
+kolla_ironic_default_vendor_interface:
+
+# Name of the Neutron network to use for cleaning.
+kolla_ironic_cleaning_network: "{{ kolla_ironic_provisioning_network if cleaning_net_name == provision_wl_net_name else 'cleaning-net' }}"
+
+# Name of the Neutron network to use for provisioning.
+kolla_ironic_provisioning_network: 'provision-net'
+
+# List of default kernel parameters to append for baremetal PXE boot.
+kolla_ironic_pxe_append_params_default:
+  - nofb
+  - nomodeset
+  - vga=normal
+  - console=tty0
+  - console=ttyS0,115200n8
+  - "ipa-ntp-server={{ provision_wl_net_name | net_ip(inventory_hostname=groups['controllers'][0]) }}"
+  - "ipa-insecure=1"