Infrastructure Ironic

Infrastructure Ironic is meant to be a standalone ironic for deployment of the nodes. Its not build to have connection to other services besides keystone. In a perfect scenario ironic would run in a separate deployment cluster using its dedicated keystone.

To use the infrastructure ironic you need to build an ipa (ironic-python-agent) kernel and ramdisk first. This can be done by using the ironic-python-agent-builder. This uses the regular diskimage-builder to build ipa kernel and ramdisk. (https://docs.openstack.org/ironic-python-agent-builder/latest/)

After building ipa.kernel and ipa.initramfs those to be placed within the imgserver.

The path which is used as default-path for the imgservers webserver is /usr/share/nginx/html/

Example Config

---
apiVersion: yaook.cloud/v1
kind: InfrastructureIronicDeployment
metadata:
  name: infra-ironic
spec:
  ingressAddress: 10.20.30.105
  api:
    replicas: 1
    ingress:
      fqdn: ironic.yaook.cloud
      port: 443
  inspectorApi:
    replicas: 1
    ingress:
      fqdn: inspector.yaook.cloud
      port: 443
  database:
    ironic:
      replicas: 1
      storageClassName: local-storage
      proxy: {}
      backup:
        schedule: "0 * * * *"
    inspector:
      replicas: 1
      storageClassName: local-storage
      proxy: {}
      backup:
        schedule: "0 * * * *"
  imageServer:
    ingress:
      fqdn: image.yaook.cloud
      port: 443
    storageClassName: local-storage
  targetRelease: train
  issuerRef:
    name: ca-issuer
  pxe:
    listenNetwork: 10.20.30.96/28
    dhcp:
      - dhcpRange: 10.10.10.240,10.10.10.250,255.255.255.0
        defaultGateway: 10.10.10.1
  dnsmasq:
    storageClassName: local-storage
  keystoneRef:
    name: keystone
  ironicConfig:
    DEFAULT:
      enabled_power_interfaces:
        - ipmitool
      enabled_management_interfaces:
        - ipmitool
      enabled_hardware_types:
        - ipmi
    deploy:
      erase_devices_metadata_priority: 10
    pxe:
      # if your are running anything newer than xena
      kernel_append_params: ipa-insecure=1 ipa-ntp-server=192.168.1.2
      # otherwise
      pxe_append_params: ipa-insecure=1 ipa-ntp-server=192.168.1.2
      # after victoria, ssl between the agent (running its local temp wsgi) and the conductor becomes mandatory
      # to make sure the ssl cert is valid we suggest you use an reachable
      # ntp relay so the time between the agent (ipa) and the conductor is synced
      #
      # Also make sure your ipa is runing the same timezone as your conductor.
      # For some reason CentOS Stream9 runs EST as its default timezone...
  ipa:
    pxeAppendKernelParams: ipa-collect-lldp=1 ipa-lldp-timeout=107
  inspectorConfig:
    processing:
      processing_hooks: \$default_processing_hooks,lldp_basic
  region:
    name: MyRegion
---