Add Redfish rules to Ironic and Bifrost introspection

Change-Id: I719fc8042742fe8b3b0312658aec39317a1bc358

ansible/inventory/group_vars/all/bifrost

@@ -108,6 +108,12 @@ kolla_bifrost_inspector_ipmi_username: "{{ ipmi_username }}"
 # Ironic inspector IPMI password to set.
 kolla_bifrost_inspector_ipmi_password: "{{ ipmi_password }}"
 
+# Ironic inspector Redfish username to set.
+kolla_bifrost_inspector_redfish_username: "{{ inspector_redfish_username }}"
+
+# Ironic inspector Redfish password to set.
+kolla_bifrost_inspector_redfish_password: "{{ inspector_redfish_password }}"
+
 # Ironic inspector network interface name on which to check for an LLDP switch
 # port description to use as the node's name.
 kolla_bifrost_inspector_lldp_switch_port_interface: "{{ inspector_lldp_switch_port_interface_default }}"

ansible/inventory/group_vars/all/inspector

@@ -72,6 +72,12 @@ inspector_ipmi_username: "{{ ipmi_username }}"
 # Ironic inspector IPMI password to set.
 inspector_ipmi_password: "{{ ipmi_password }}"
 
+# Ironic inspector Redfish username to set.
+inspector_redfish_username: "{{ ipmi_username }}"
+
+# Ironic inspector Redfish password to set.
+inspector_redfish_password: "{{ ipmi_password }}"
+
 # Ironic inspector default network interface name on which to check for an LLDP
 # switch port description to use as the node's name.
 inspector_lldp_switch_port_interface_default: eth0
@@ -83,12 +89,27 @@ inspector_lldp_switch_port_interface_map: {}
 ###############################################################################
 # Ironic inspector introspection rules configuration.
 
+# Enable IPMI rules:
+inspector_rules_ipmi_enabled: True
+
 # IPMI username referenced by inspector rule.
 inspector_rule_var_ipmi_username:
 
 # IPMI password referenced by inspector rule.
 inspector_rule_var_ipmi_password:
 
+# Enable Redfish rules
+inspector_rules_redfish_enabled: False
+
+# Redfish username referenced by inspector rule.
+inspector_rule_var_redfish_username:
+
+# Redfish password referenced by inspector rule.
+inspector_rule_var_redfish_password:
+
+# Redfish CA setting.
+inspector_rule_var_redfish_verify_ca: True
+
 # Ironic inspector rule to set IPMI credentials.
 inspector_rule_ipmi_credentials:
   description: "Set IPMI driver_info if no credentials"
@@ -304,9 +325,47 @@ inspector_rule_save_data:
       path: "extra/introspection_data"
       value: "{data}"
 
+# Redfish rules
+# Ironic inspector rule to set Redfish credentials.
+inspector_rule_redfish_credentials:
+  description: "Set Redfish driver_info if no credentials"
+  conditions:
+    - field: "node://driver_info.redfish_username"
+      op: "is-empty"
+    - field: "node://driver_info.redfish_password"
+      op: "is-empty"
+  actions:
+    - action: "set-attribute"
+      path: "driver_info/redfish_username"
+      value: "{{ inspector_rule_var_redfish_username }}"
+    - action: "set-attribute"
+      path: "driver_info/redfish_password"
+      value: "{{ inspector_rule_var_redfish_password }}"
+
+# Ironic inspector rule to set Redfish address.
+inspector_rule_redfish_address:
+  description: "Set Redfish address"
+  conditions:
+    - field: "node://driver_info.redfish_address"
+      op: "is-empty"
+  actions:
+    - action: "set-attribute"
+      path: "driver_info/redfish_address"
+      value: "{data[inventory][bmc_address]}"
+
+# Ironic inspector rule to set Redfish certificate authority.
+inspector_rule_redfish_verify_ca:
+  description: "Set Redfish Verify CA"
+  conditions:
+    - field: "node://driver_info.redfish_verify_ca"
+      op: "is-empty"
+  actions:
+    - action: "set-attribute"
+      path: "driver_info/redfish_verify_ca"
+      value: "{{ inspector_rule_var_redfish_verify_ca }}"
+
 # List of default ironic inspector rules.
 inspector_rules_default:
-  - "{{ inspector_rule_ipmi_credentials }}"
   - "{{ inspector_rule_deploy_kernel }}"
   - "{{ inspector_rule_deploy_ramdisk }}"
   - "{{ inspector_rule_root_hint_init }}"
@@ -318,11 +377,19 @@ inspector_rules_default:
   - "{{ inspector_rule_save_system_vendor_serial_number }}"
   - "{{ inspector_rule_save_system_vendor_product_name }}"
 
+inspector_rules_ipmi:
+  - "{{ inspector_rule_ipmi_credentials }}"
+
+inspector_rules_redfish:
+  - "{{ inspector_rule_redfish_credentials }}"
+  - "{{ inspector_rule_redfish_address }}"
+  - "{{ inspector_rule_redfish_verify_ca }}"
+
 # List of additional ironic inspector rules.
 inspector_rules_extra: []
 
 # List of all ironic inspector rules.
-inspector_rules: "{{ inspector_rules_default + inspector_rules_extra }}"
+inspector_rules: "{{ inspector_rules_default + inspector_rules_extra + (inspector_rules_ipmi if inspector_rules_ipmi_enabled | bool else []) + (inspector_rules_redfish if inspector_rules_redfish_enabled | bool else []) }}"
 
 ###############################################################################
 # Dell switch LLDP workaround configuration.

ansible/overcloud-introspection-rules.yml

@@ -70,6 +70,8 @@
       # These variables may be referenced in the introspection rules.
       inspector_rule_var_ipmi_username: "{{ inspector_ipmi_username }}"
       inspector_rule_var_ipmi_password: "{{ inspector_ipmi_password }}"
+      inspector_rule_var_redfish_username: "{{ inspector_redfish_username }}"
+      inspector_rule_var_redfish_password: "{{ inspector_redfish_password }}"
       inspector_rule_var_lldp_switch_port_interface: "{{ inspector_lldp_switch_port_interface_default }}"
       inspector_rule_var_deploy_kernel: "{{ ipa_kernel_id.stdout }}"
       inspector_rule_var_deploy_ramdisk: "{{ ipa_ramdisk_id.stdout }}"

ansible/seed-introspection-rules.yml

@@ -14,6 +14,8 @@
       # These variables may be referenced in the introspection rules.
       inspector_rule_var_ipmi_username: "{{ kolla_bifrost_inspector_ipmi_username }}"
       inspector_rule_var_ipmi_password: "{{ kolla_bifrost_inspector_ipmi_password }}"
+      inspector_rule_var_redfish_username: "{{ kolla_bifrost_inspector_ipmi_username }}"
+      inspector_rule_var_redfish_password: "{{ kolla_bifrost_inspector_ipmi_password }}"
       inspector_rule_var_lldp_switch_port_interface: "{{ kolla_bifrost_inspector_lldp_switch_port_interface }}"
       inspector_rule_var_deploy_kernel: "{{ kolla_bifrost_inspector_deploy_kernel }}"
       inspector_rule_var_deploy_ramdisk: "{{ kolla_bifrost_inspector_deploy_ramdisk }}"

doc/source/configuration/reference/bifrost.rst

@@ -264,8 +264,8 @@ The following options configure the Ironic Inspector service in the
     ``{{ ipmi_password }}``, defined in ``${KAYOBE_CONFIG_PATH}/bmc.yml``.
 ``kolla_bifrost_inspector_lldp_switch_port_interface``
     Ironic inspector network interface name on which to check for an LLDP switch
-    port description to use as the node's name. Default is ``{{
-    inspector_lldp_switch_port_interface_default }}``, defined in
+    port description to use as the node's name. Default is
+    ``{{ inspector_lldp_switch_port_interface_default }}``, defined in
     ``${KAYOBE_CONFIG_PATH}/inspector.yml``.
 ``kolla_bifrost_inspector_deploy_kernel``
     Ironic inspector deployment kernel location. Default is ``http://{{
@@ -277,6 +277,14 @@ The following options configure the Ironic Inspector service in the
     Timeout of hardware inspection on overcloud nodes, in seconds. Default is
     ``{{ inspector_inspection_timeout }}``, defined in
     ``${KAYOBE_CONFIG_PATH}/inspector.yml``.
+``kolla_bifrost_inspector_redfish_username``
+    Ironic inspector Redfish username to set via an introspection rule.
+    Defined in ``${KAYOBE_CONFIG_PATH}/bifrost.yml``. Default is
+    ``{{ inspector_redfish_username }}``.
+``kolla_bifrost_inspector_redfish_password``
+    Ironic inspector Redfish username to set via an introspection rule.
+    Defined in ``${KAYOBE_CONFIG_PATH}/bifrost.yml``. Default is
+    ``{{ inspector_redfish_username }}``.
 
 Ironic Python Agent (IPA) configuration
 =======================================

etc/kayobe/bifrost.yml

@@ -108,6 +108,12 @@
 # Ironic inspector IPMI password to set.
 #kolla_bifrost_inspector_ipmi_password:
 
+# Ironic inspector Redfish username to set.
+#kolla_bifrost_inspector_redfish_username:
+
+# Ironic inspector Redfish password to set.
+#kolla_bifrost_inspector_redfish_password:
+
 # Ironic inspector network interface name on which to check for an LLDP switch
 # port description to use as the node's name.
 #kolla_bifrost_inspector_lldp_switch_port_interface:

etc/kayobe/inspector.yml

@@ -58,6 +58,9 @@
 ###############################################################################
 # Ironic inspector configuration.
 
+# Ironic inspector option to enable IPMI rules. Set to 'True' by default.
+#inspector_rules_ipmi_enabled:
+
 # Ironic inspector IPMI username to set.
 #inspector_ipmi_username:
 
@@ -72,6 +75,21 @@
 # check for an LLDP switch port description to use as the node's name.
 #inspector_lldp_switch_port_interface_map:
 
+# Ironic inspector uses IPMI by default enroll the baremetal nodes, however it
+# is possible to use Redfish instead. To do that enable Redfish and make sure
+# all of the necessary variables below have been properly set.
+# Enable inspector Redfish rules. Set to 'False' by default.
+#inspector_rules_redfish_enabled:
+
+# Ironic inspector Redfish username to set.
+#inspector_redfish_username:
+
+# Ironic inspector Redfish password to set.
+#inspector_redfish_password:
+
+# Redfish CA setting. Set to 'True' by default
+#inspector_rule_var_redfish_verify_ca:
+
 ###############################################################################
 # Ironic inspector introspection rules configuration.
 

releasenotes/notes/redfish_rules-956ca7498f5f13b4.yaml

@@ -0,0 +1,12 @@
+---
+features:
+  - |
+    Adds new Redfish rules to Ironic and Bifrost introspection
+    New variables available:
+    * ``inspector_rules_redfish_enabled``
+    * ``inspector_redfish_username``
+    * ``inspector_redfish_password``
+    * ``inspector_rule_var_redfish_verify_ca``
+    * ``inspector_rules_ipmi_enabled``
+    * ``kolla_bifrost_inspector_redfish_username``
+    * ``kolla_bifrost_inspector_redfish_password``