新钛云服已为您服务894天
Inspect是用来在Ironic部署时做硬件检测的。Ironic部署过程中,会使用到deploy image和user image两套镜像。其中,deploy image必须包含ironic python agent(简称IPA或者agent)。
作为一个基于python的代理,它可用于处理ironic中裸机节点的一系列动作,比如检查、配置、清除和部署镜像,暴露API给ironic-conductor,IPA使用lookup和hearteat机制与Ironic Conductor进行交互。
inspector 配置(u版)
该测试环境为All-In-One。inspector提供了openstack-ironic-inspector.service和dnsmasq两个服务。
安装inspect包(centos8):
yum install openstack-ironic-inspector python3-ironic-inspector-client
创建数据库:
1. mysql -e "create database ironic_inspector;"
2. mysql -e "grant all on vim.* to ironic_inspector@'localhost' identified by 'ironic_inspector';"
3. mysql -e "grant all on ironic_inspector.* to ironic_inspector@'%' identified by 'ironic_inspector';"
4. mysql -e "flush privileges;"
创建ironic-inspector的认证信息及endpoint:
1. openstack user create --domaindefault--password ironic-inspector ironic-inspector
2. openstack role add --project services --user ironic-inspector admin
3. openstack service create --name ironic-inspector --description "Bare Metal Introspection Service" baremetal-introspection
4. openstack endpoint create --region RegionOne ironic-inspector admin http://192.168.100.12:5050
5. openstack endpoint create --region RegionOne ironic-inspector internal http://192.168.100.12:5050
6. openstack endpoint create --region RegionOne ironic-inspectorpublichttp://192.168.100.12:5050
ironic-inspector配置, /etc/ironic-inspector/inspector.conf:
1. [DEFAULT]
2. listen_address = 0.0.0.0
3. listen_port = 5050
4. auth_strategy = keystone
5. debug =false
6. verbose =true
7. transport_url=rabbit://guest:guest@192.168.100.12:5672/
8. [capabilities]
9. [cors]
10. [database]
11. connection=mysql+pymysql://ironic_inspector:ironic_inspector@192.168.100.12/ironic_inspector
13. [discovery]
14. [dnsmasq_pxe_filter]
15. [pxe_filter]
16. [iptables]
18. [ironic]
19. auth_url = http://192.168.100.12:5000/v3
20. auth_strategy = keystone
21. auth_type = password
22. default_domain_name =default
23. project_domain_name=Default
24. project_name=services
25. ironic_url = http://192.168.100.12:6385/v1
26. os_region = RegionOne
27. password = ironic-inspector
28. username = ironic-inspector
31. [keystone_authtoken]
32. project_name = services
33. password = ironic-inspector
34. username = ironic-inspector
35. auth_url = http://192.168.100.12:5000/v3
36. auth_type = password
37. region_name = RegionOne
38. project_domain_id =default
39. user_domain_id =default
42. [oslo_messaging_amqp]
43. [oslo_messaging_kafka]
44. [oslo_messaging_notifications]
45. [oslo_messaging_rabbit]
46. [oslo_policy]
47. [pci_devices]
48. [processing]
49. add_ports = all
50. keep_ports = all
51. ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk
52. store_data = database
54. [ssl]
55. [swift]
tftp配置,这里假设 tftp 服务器已配置,我们只添加 default 文件(/tftpboot/pxelinux.cfg/default),内容如下:
1.defaultintrospect
2. label introspect
3. kernel ironic-python-agent.kernel
4. append initrd=ironic-python-agent.initramfs ipa-inspection-callback-url=http://192.168.100.12:5050/v1/continue ipa-inspection-collectors=default,logs ipa-collect-lldp=1 ipa-debug=1 systemd.journald.forward_to_console=yes selinux=0
5. ipappend 3
dnsmasq配置,/etc/ironic-inspector/dnsmasq.conf:
1. port=0
2. bind-interfaces
3. enable-tftp
4. tftp-root=/tftpboot
5. interface=ens3
6. dhcp-range=192.168.100.200,192.168.100.240
7. dhcp-boot=pxelinux.0
8. #dhcp-sequential-ip
9. log-facility=/var/log/dnsmasq.log
修改ironic配置, /etc/ironic/ironic.conf:
1. [inspector]
2. enabled=true
3. service_url=http://192.168.100.12:5050
4. project_name = services
5. password = ironic
6. username = ironic
7. auth_type = password
8. auth_url=http://192.168.100.12:5000
9. project_domain_id =default
10. user_domain_id =default
11. region_name = RegionOne
配置IPA(ironic-python-agent)
下载 ipa-centos8-stable-ussuri.kernel、ipa-centos8-stable-ussuri.initramfs 镜像,重命名为ironic-python-agent.kernel、ironic-python-agent.initramfs(与/tftpboot/pxelinux.cfg/default配置的名称一致即可)
下载地址:https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/,放置在 /tftpboot目录下。
同步数据库:
ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade
启动服务:
systemctl start openstack-ironic-inspector.service
dnsmasq --conf-file=/etc/ironic-inspector/dnsmasq.conf
Inspect阶段
1、使用ironic创建node。
2、将node设置为manageable状态。
3、开始自检。 自检时,文件的查找顺序大致如下:
1. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/44454c4c-4c00-1033-8039-b7c04f5a5931 not found
2. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/01-75-86-9a-e0-07-3c not found
3. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/C0A866F4 not found
4. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/C0A866F not found
5. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/C0A866 not found
6. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/C0A86 not found
7. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/C0A8 not found
8. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/C0A not found
9. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/C0 not found
10. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/C not found
11. dnsmasq-tftp[5352]: sent /tftpboot/pxelinux.cfg/defaultto 192.168.102.244
12. dnsmasq-tftp[5352]: sent /tftpboot/ironic-python-agent.kernel to 192.168.102.244
13. dnsmasq-tftp[5352]: sent /tftpboot/ironic-python-agent.initramfs to 192.168.102.244
当baremetal的node节点没有实例时, 会直接找到/tftpboot/pxelinux.cfg目录下的default文件,同时将之前配置的/tftpboo目录下的镜像文件传送给被自检的裸机,裸机上会启动Ironic Python Agent服务(默认端口9999),启动过程中会检测配置文件default中是否有回调地址ipa-inspection-callback-url来决定是否启动自检流程。
[ironic-python-agent] ironic_python_agent.hardware.py collect_default收集的主要信息如下:
inspect阶段完成之后,节点状态会再次变为manageable。此时会发现节点的属性中会增加许多信息,主要包括内存、cpu、硬盘等信息。
点击节点详情去查看端口信息,会发现自检时会将裸机的端口信息也收集上来。每个端口信息中包含了端口的MAC地址,以及交换机的地址和对应连接的交换机口。
默认情况下利用 LLDP 协议收集的交换机信息是不会进行保存的,为了将收集到交换机信息写入数据库中,要在配置中/etc/ironic-inspector/inspector.conf进行修改
[processing]
default_processing_hooks= ramdisk_error,root_disk_selection,scheduler,validate_interfaces,capabilities,pci_devices,local_link_connection
说明:
如果把 ironic-inspector 和 ironic-conductor 放到同一个节点, 那么 provision流程和 inspector 流程是公用一个 tftp 服务器, 然后监听不同的网口。
在正常情况下是没有冲突的,但是如果部署流程失败了, tftp 数据会有残留,那么后续进行 inspector 流程时,可能会下到 deploy 的镜像和配置文件,从而导致 inspector 失败。
特别声明:以上内容(如有图片或视频亦包括在内)为自媒体平台“网易号”用户上传并发布,本平台仅提供信息存储服务。
Notice: The content above (including the pictures and videos if any) is uploaded and posted by a user of NetEase Hao, which is a social media platform and only provides information storage services.
