Blame - README.rst - salt-formulas/ironic

blob: fbab424bb7b2c4f18e761a9dc5c8b355aa37cecf [file] [log] [blame]

Vasyl Saienko	8403d17	2017-04-27 14:21:46 +0300	[diff] [blame]	1
Pavel Cizinsky	2d241f1	2018-12-12 12:02:03 +0100	[diff] [blame]	2	======
Vasyl Saienko	8403d17	2017-04-27 14:21:46 +0300	[diff] [blame]	3	ironic
Pavel Cizinsky	2d241f1	2018-12-12 12:02:03 +0100	[diff] [blame]	4	======
Vasyl Saienko	8403d17	2017-04-27 14:21:46 +0300	[diff] [blame]	5
				6	Service ironic description
				7
				8	Sample pillars
				9	==============
				10
				11	Single ironic service
				12
				13	.. code-block:: yaml
				14
				15	ironic:
				16	api:
				17	enabled: true
				18	version: mitaka
				19	bind:
				20	address: 0.0.0.0
				21	port: 6385
				22	database:
				23	engine: mysql
				24	host: localhost
				25	port: 3306
				26	name: ironic
				27	user: ironic
				28	password: password
				29	identity:
				30	engine: keystone
				31	region: RegionOne
				32	host: localhost
				33	port: 35357
				34	user: ironic
				35	password: password
				36	tenant: service
				37	message_queue:
				38	engine: rabbitmq
				39	host: localhost
				40	port: 5672
				41	user: openstack
				42	password: password
				43	virtual_host: '/openstack'
				44	conductor:
				45	enabled: true
				46	version: mitaka
				47	database:
				48	engine: mysql
				49	host: localhost
				50	port: 3306
				51	name: ironic
				52	user: ironic
				53	password: password
				54	message_queue:
				55	engine: rabbitmq
				56	host: localhost
				57	port: 5672
				58	user: openstack
				59	password: password
				60	virtual_host: '/openstack'
				61
				62	Standalone ironic without keystone
				63
				64	.. code-block:: yaml
				65
				66	ironic:
				67	api:
				68	version: mitaka
				69	enabled: true
				70	bind:
				71	address: 0.0.0.0
				72	port: 6385
				73	database:
				74	engine: mysql
				75	host: localhost
				76	port: 3306
				77	name: ironic
				78	user: ironic
				79	password: password
				80	identity:
				81	engine: noauth
				82	message_queue:
				83	engine: rabbitmq
				84	host: localhost
				85	port: 5672
				86	user: openstack
				87	password: password
				88	virtual_host: '/openstack'
				89	conductor:
				90	enabled: true
				91	version: mitaka
				92	database:
				93	engine: mysql
				94	host: localhost
				95	port: 3306
				96	name: ironic
				97	user: ironic
				98	password: password
				99	message_queue:
				100	engine: rabbitmq
				101	host: localhost
				102	port: 5672
				103	user: openstack
				104	password: password
				105	virtual_host: '/openstack'
Oleksandr Shyshko	258bf7c	2018-09-13 14:23:29 +0300	[diff] [blame]	106
				107	Enable x509 and ssl communication between Ironic and Galera cluster.
				108	---------------------
				109	By default communication between Ironic and Galera is unsecure.
				110
				111	ironic:
				112	api:
				113	database:
				114	x509:
				115	enabled: True
				116	conductor:
				117	database:
				118	x509:
				119	enabled: True
				120
				121	You able to set custom certificates in pillar:
				122
				123	ironic:
				124	api:
				125	database:
				126	x509:
				127	cacert: (certificate content)
				128	cert: (certificate content)
				129	key: (certificate content)
				130	conductor:
				131	database:
				132	x509:
				133	cacert: (certificate content)
				134	cert: (certificate content)
				135	key: (certificate content)
				136
				137	You can read more about it here:
				138	https://docs.openstack.org/security-guide/databases/database-access-control.html
				139
Oleksandr Shyshko	c51d28c	2018-09-20 12:30:00 +0300	[diff] [blame]	140	Enable x509 and ssl communication between Ironic and Rabbitmq.
				141	---------------------
				142	By default communication between Ironic and Rabbitmq is unsecure.
				143
				144	.. code-block:: yaml
				145
				146	ironic:
				147	api:
				148	message_queue:
				149	x509:
				150	enabled: True
				151	conductor:
				152	message_queue:
				153	x509:
				154	enabled: True
				155
				156	You able to set custom certificates in pillar:
				157
				158	.. code-block:: yaml
				159
				160	ironic:
				161	api:
				162	message_queue:
				163	x509:
				164	cacert: (certificate content)
				165	cert: (certificate content)
				166	key: (certificate content)
				167	conductor:
				168	message_queue:
				169	x509:
				170	cacert: (certificate content)
				171	cert: (certificate content)
				172	key: (certificate content)
				173
				174	You can read more about it here:
				175	https://docs.openstack.org/security-guide/messaging/security.html
Oleksandr Bryndzii	69a6d02	2018-11-07 12:38:16 +0200	[diff] [blame]	176
				177	Ironic service with cache and security enabled
				178
				179	.. code-block:: yaml
				180
				181	ironic:
				182	api:
				183	enabled: true
				184	version: pike
				185	cache:
				186	engine: memcached
				187	members:
				188	- host: 127.0.0.1
				189	port: 11211
				190	- host: 127.0.0.1
				191	port: 11211
				192	security:
				193	enabled: true
				194	strategy: ENCRYPT
				195	secret_key: secret
Vasyl Saienko	ebaa23c	2019-01-19 09:14:36 +0000	[diff] [blame]	196
Vasyl Saienko	22f94f5	2019-01-29 10:56:16 +0000	[diff] [blame]	197
				198	Enable serial console for Baremetal Nodes
				199	-----------------------------------------
				200
				201	.. code-block:: yaml
				202
				203	ironic:
				204	conductor:
				205	console:
				206	terminal: shellinaboxd
				207	terminal_cert_dir: /tmp/ca
				208	terminal_timeout: 10
				209	subprocess_checking_interval: 1
				210	subprocess_timeout: 10
Kostiantyn Ovchynnykov	878c514	2019-08-22 11:57:46 +0300	[diff] [blame^]	211	kill_timeout: 1
Vasyl Saienko	22f94f5	2019-01-29 10:56:16 +0000	[diff] [blame]	212	socat_address: 127.0.0.1
				213
				214	You can read more info about it here:
				215	https://docs.openstack.org/ironic/pike/admin/console.html#node-serial-console
				216
				217
Vasyl Saienko	ebaa23c	2019-01-19 09:14:36 +0000	[diff] [blame]	218	Ensure nodes are in target state (available).
				219	Starting from 1.11 API microversion newly-created node is moved to `enroll`
				220	state. To move it to available the following client pillar might be used:
				221
				222	.. code-block:: yaml
				223
				224	ironic:
				225	client:
				226	node_state_transition:
				227	enabled: true
				228	enroll_to_available:
				229	provision_state: 'enroll'
				230	pool_size: 5
				231	sleep_time: 10
				232	timeout: 15
root	afa89e6	2019-02-05 16:44:43 +0000	[diff] [blame]	233
Oleksandr Pidrepnyi	c2db714	2019-05-13 16:18:47 +0300	[diff] [blame]	234	Change default options using configmap template settings
				235	========================================================
				236
				237	.. code-block:: yaml
				238
				239	ironic:
				240	api:
				241	configmap:
				242	DEFAULT:
				243	enabled_drivers: pxe_ipmitool
				244	enabled_hardware_types: ipmi
				245	enabled_boot_interfaces: pxe
				246	api:
				247	host_ip: 0.0.0.0
				248	port: 6385
				249	max_limit: 1000
				250	conductor:
				251	configmap:
				252	DEFAULT:
				253	enabled_drivers: pxe_ipmitool
				254	enabled_hardware_types: ipmi
				255	enabled_boot_interfaces: pxe
				256	disk_partitioner:
				257	check_device_interval: 1
				258	check_device_max_retries: 20
				259	disk_utils:
				260	efi_system_partition_size: 200
				261	bios_boot_partition_size: 1
				262
root	afa89e6	2019-02-05 16:44:43 +0000	[diff] [blame]	263	Upgrades
				264	========
				265
				266	Each openstack formula provide set of phases (logical blocks) that will help to
				267	build flexible upgrade orchestration logic for particular components. The list
				268	of phases and theirs descriptions are listed in table below:
				269
				270	+-------------------------------+------------------------------------------------------+
				271	\| State \| Description \|
				272	+===============================+======================================================+
				273	\| <app>.upgrade.service_running \| Ensure that all services for particular application \|
				274	\| \| are enabled for autostart and running \|
				275	+-------------------------------+------------------------------------------------------+
				276	\| <app>.upgrade.service_stopped \| Ensure that all services for particular application \|
				277	\| \| disabled for autostart and dead \|
				278	+-------------------------------+------------------------------------------------------+
				279	\| <app>.upgrade.pkgs_latest \| Ensure that packages used by particular application \|
				280	\| \| are installed to latest available version. \|
				281	\| \| This will not upgrade data plane packages like qemu \|
				282	\| \| and openvswitch as usually minimal required version \|
				283	\| \| in openstack services is really old. The data plane \|
				284	\| \| packages should be upgraded separately by `apt-get \|
				285	\| \| upgrade` or `apt-get dist-upgrade` \|
				286	\| \| Applying this state will not autostart service. \|
				287	+-------------------------------+------------------------------------------------------+
				288	\| <app>.upgrade.render_config \| Ensure configuration is rendered actual version. +
				289	+-------------------------------+------------------------------------------------------+
				290	\| <app>.upgrade.pre \| We assume this state is applied on all nodes in the \|
				291	\| \| cloud before running upgrade. \|
				292	\| \| Only non destructive actions will be applied during \|
				293	\| \| this phase. Perform service built in service check \|
				294	\| \| like (keystone-manage doctor and nova-status upgrade)\|
				295	+-------------------------------+------------------------------------------------------+
				296	\| <app>.upgrade.upgrade.pre \| Mostly applicable for data plane nodes. During this \|
				297	\| \| phase resources will be gracefully removed from \|
				298	\| \| current node if it is allowed. Services for upgraded \|
				299	\| \| application will be set to admin disabled state to \|
				300	\| \| make sure node will not participate in resources \|
				301	\| \| scheduling. For example on gtw nodes this will set \|
				302	\| \| all agents to admin disable state and will move all \|
				303	\| \| routers to other agents. \|
				304	+-------------------------------+------------------------------------------------------+
				305	\| <app>.upgrade.upgrade \| This state will basically upgrade application on \|
				306	\| \| particular target. Stop services, render \|
				307	\| \| configuration, install new packages, run offline \|
				308	\| \| dbsync (for ctl), start services. Data plane should \|
				309	\| \| not be affected, only OpenStack python services. \|
				310	+-------------------------------+------------------------------------------------------+
				311	\| <app>.upgrade.upgrade.post \| Add services back to scheduling. \|
				312	+-------------------------------+------------------------------------------------------+
				313	\| <app>.upgrade.post \| This phase should be launched only when upgrade of \|
				314	\| \| the cloud is completed. Cleanup temporary files, \|
				315	\| \| perform other post upgrade tasks. \|
				316	+-------------------------------+------------------------------------------------------+
				317	\| <app>.upgrade.verify \| Here we will do basic health checks (API CRUD \|
				318	\| \| operations, verify do not have dead network \|
				319	\| \| agents/compute services) \|
				320	+-------------------------------+------------------------------------------------------+
				321
				322	Upgrade pillar example:
				323	ironic:
				324	upgrade:
				325	enabled: True
				326	old_release: pike
				327	new_release: queens