first ironic push

.original-images.json

@@ -32,6 +32,8 @@
   "ghcr.io/rackerlabs/genestack/octavia-ovn:2024.1-ubuntu_jammy-1737651745",
   "ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1739377879",
   "ghcr.io/rackerlabs/skyline-rxt:master-ubuntu_jammy-1739967315",
+  "docker.io/openstackhelm/ironic:2024.1-ubuntu_jammy",
+  "docker.io/openstackhelm/ironic-inspector:2024.1-ubuntu_jammy",
   "ghcr.io/vexxhost/netoffload:v1.0.1",
   "quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy",
   "quay.io/airshipit/porthole-postgresql-utility:latest-ubuntu_bionic"

base-helm-configs/ironic/ironic-helm-overrides.yaml

@@ -0,0 +1,243 @@
+# ironic-helm-overrides.yml
+# Helm overrides for OpenStack Ironic based on openstack-helm/ironic/values.yaml
+# Integrated with Keystone, Glance, Nova, Cinder, Horizon, and Neutron configurations
+# Date: April 03, 2025
+
+---
+
+images:
+  tags:
+    ironic_manage_cleaning_network: "quay.io/rackspace/rackerlabs-heat:2024.1-ubuntu_jammy"
+    ironic_retrive_cleaning_network: "quay.io/rackspace/rackerlabs-heat:2024.1-ubuntu_jammy"
+    ironic_retrive_swift_config: "quay.io/rackspace/rackerlabs-heat:2024.1-ubuntu_jammy"
+    bootstrap: "quay.io/rackspace/rackerlabs-heat:2024.1-ubuntu_jammy"
+    db_drop: "quay.io/rackspace/rackerlabs-heat:2024.1-ubuntu_jammy"
+    db_init: "quay.io/rackspace/rackerlabs-heat:2024.1-ubuntu_jammy"
+    ironic_db_sync: "quay.io/rackspace/rackerlabs-ironic:2024.1-ubuntu_jammy"
+    ks_user: "quay.io/rackspace/rackerlabs-heat:2024.1-ubuntu_jammy"
+    ks_service: "quay.io/rackspace/rackerlabs-heat:2024.1-ubuntu_jammy"
+    ks_endpoints: "quay.io/rackspace/rackerlabs-heat:2024.1-ubuntu_jammy"
+    rabbit_init: "quay.io/rackspace/rackerlabs-rabbitmq:3.13-management"
+    ironic_api: "quay.io/rackspace/rackerlabs-ironic:2024.1-ubuntu_jammy"
+    ironic_conductor: "quay.io/rackspace/rackerlabs-ironic:2024.1-ubuntu_jammy"
+    ironic_pxe: "quay.io/rackspace/rackerlabs-ironic:2024.1-ubuntu_jammy"
+    ironic_pxe_init: "quay.io/rackspace/rackerlabs-ironic:2024.1-ubuntu_jammy"
+    ironic_pxe_http: "docker.io/nginx:1.13.3"  # Retained from openstack-helm default
+    ironic_inspector: "quay.io/rackspace/rackerlabs-ironic-inspector:2024.1-ubuntu_jammy"
+    ironic_inspector_db_sync: "quay.io/rackspace/rackerlabs-ironic-inspector:2024.1-ubuntu_jammy"
+    dep_check: "quay.io/rackspace/rackerlabs-kubernetes-entrypoint:latest-ubuntu_jammy"
+    image_repo_sync: "quay.io/rackspace/rackerlabs-docker:17.07.0"
+  pull_policy: "IfNotPresent"
+
+conf:
+  ironic:
+    DEFAULT:
+      log_config_append: /etc/ironic/logging.conf
+      tempdir: /var/lib/openstack-helm/tmp  # Matches openstack-helm default
+      default_deploy_interface: "direct"
+      default_inspect_interface: "inspector"
+      default_network_interface: "neutron"
+      enabled_hardware_types: "ipmi,redfish"
+      enabled_boot_interfaces: "pxe,ipxe"
+      enabled_deploy_interfaces: "direct,ramdisk"
+      enabled_inspect_interfaces: "inspector,no-inspect"
+      enabled_management_interfaces: "ipmitool,redfish"
+      enabled_power_interfaces: "ipmitool,redfish"
+      enabled_raid_interfaces: "no-raid"
+    database:
+      connection_debug: 0
+      connection_recycle_time: 600
+      connection_trace: true
+      idle_timeout: 3600
+      mysql_sql_mode: ""
+      use_db_reconnect: true
+      pool_timeout: 60
+      max_retries: -1
+    glance:
+      auth_type: password
+      num_retries: 8
+    keystone_authtoken:
+      auth_type: password
+      auth_version: v3
+      memcache_security_strategy: ENCRYPT
+      service_token_roles: service
+      service_token_roles_required: true
+      service_type: baremetal
+    neutron:
+      auth_type: password
+      cleaning_network: "baremetal-cleaning-network"
+      provisioning_network: "baremetal-provisioning-network"
+    oslo_messaging_rabbit:
+      amqp_durable_queues: false
+      rabbit_ha_queues: false
+      rabbit_quorum_queue: true
+      rabbit_transient_quorum_queue: false
+      use_queue_manager: false
+      rabbit_interval_max: 10
+      heartbeat_rate: 3
+      heartbeat_timeout_threshold: 60
+      heartbeat_in_pthread: True  # Note: Deprecation warning for 2024.2
+      kombu_reconnect_delay: 0.5
+    pxe:
+      pxe_append_params: "nofb nomodeset vga=normal ipa-debug=1"
+      images_path: /var/lib/openstack-helm/ironic/images
+      instance_master_path: /var/lib/openstack-helm/ironic/master_images
+      tftp_root: /var/lib/openstack-helm/tftpboot
+      tftp_master_path: /var/lib/openstack-helm/tftpboot/master_images
+      pxe_bootfile_name: "undionly.kpxe"
+      uefi_pxe_bootfile_name: "ipxe.efi"
+      ipxe_enabled: true
+  ironic_inspector:
+    DEFAULT:
+      processing_hooks: "$processing.default_hooks,ramdisk_error"
+      ramdisk_logs_dir: "/var/log/ironic-inspector/ramdisk/"
+  logging:
+    logger_root:
+      level: INFO
+      handlers:
+        - stdout
+  rabbitmq:
+    policies: []
+
+network:
+  backend:
+    - ovn
+  pxe:
+    device: ironic-pxe
+    neutron_network_name: baremetal
+    neutron_subnet_name: baremetal
+    neutron_provider_network: ironic
+    neutron_subnet_gateway: 172.24.6.1/24
+    neutron_subnet_cidr: 172.24.6.0/24
+    neutron_subnet_alloc_start: 172.24.6.100
+    neutron_subnet_alloc_end: 172.24.6.200
+    neutron_subnet_dns_nameserver: 8.8.8.8  # Aligned with Neutron's OVN DNS
+
+dependencies:
+  static:
+    api:
+      jobs:
+        - ironic-db-sync
+        - ironic-ks-user
+        - ironic-ks-endpoints
+        - ironic-manage-cleaning-network
+        - ironic-rabbit-init
+      services:
+        - endpoint: internal
+          service: oslo_db
+        - endpoint: internal
+          service: identity
+        - endpoint: internal
+          service: oslo_messaging
+    conductor:
+      jobs:
+        - ironic-db-sync
+        - ironic-ks-user
+        - ironic-ks-endpoints
+        - ironic-manage-cleaning-network
+        - ironic-rabbit-init
+      services:
+        - endpoint: internal
+          service: oslo_db
+        - endpoint: internal
+          service: identity
+        - endpoint: internal
+          service: baremetal
+        - endpoint: internal
+          service: oslo_messaging
+    db_sync:
+      jobs:
+        - ironic-db-init
+
+endpoints:
+  baremetal:
+    hosts:
+      default: ironic-api
+      public: ironic
+    port:
+      api:
+        default: 6385
+        public: 80
+      pxe_http:
+        default: 8080
+  identity:
+    hosts:
+      default: keystone-api
+    host_fqdn_override:
+      default: keystone-api.openstack.svc.cluster.local
+    port:
+      api:
+        default: 5000
+        internal: 5000
+        public: 80
+        service: 5000
+  image:
+    hosts:
+      default: glance-api
+    host_fqdn_override:
+      default: glance-api.openstack.svc.cluster.local
+    port:
+      api:
+        default: 9292
+        internal: 9292
+        public: 80
+        service: 9292
+  network:
+    hosts:
+      default: neutron-server
+    host_fqdn_override:
+      default: neutron-server.openstack.svc.cluster.local
+    port:
+      api:
+        default: 9696
+        internal: 9696
+        public: 80
+        service: 9696
+  oslo_db:
+    host_fqdn_override:
+      default: mariadb-cluster-primary.openstack.svc.cluster.local
+    hosts:
+      default: mariadb-cluster-primary
+    port:
+      mysql:
+        default: 3306
+  oslo_cache:
+    host_fqdn_override:
+      default: memcached.openstack.svc.cluster.local
+    hosts:
+      default: memcached
+    port:
+      memcache:
+        default: 11211
+  oslo_messaging:
+    host_fqdn_override:
+      default: rabbitmq.openstack.svc.cluster.local
+    hosts:
+      default: rabbitmq-nodes
+    port:
+      amqp:
+        default: 5672
+
+pod:
+  replicas:
+    api: 1
+    conductor: 1
+  useHostNetwork:
+    conductor: true
+  useHostIPC:
+    conductor: true
+
+manifests:
+  deployment_api: true
+  ingress_api: false
+  job_bootstrap: false
+  job_db_drop: false
+  job_db_init: true
+  job_db_sync: true
+  job_ks_endpoints: true
+  job_ks_service: true
+  job_ks_user: true
+  job_manage_cleaning_network: true
+  job_rabbit_init: true
+  service_ingress_api: false
+  statefulset_conductor: true

base-kustomize/ironic/aoi/kustomization.yaml

@@ -0,0 +1,14 @@
+bases:
+  - ../base
+
+patches:
+  - target:
+      kind: HorizontalPodAutoscaler
+      name: ironic-api
+    patch: |-
+      - op: replace
+        path: /spec/minReplicas
+        value: 1
+      - op: replace
+        path: /spec/maxReplicas
+        value: 1

base-kustomize/ironic/base/hpa-iconic-conductor.yaml

@@ -0,0 +1,19 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: ironic-conductor
+  namespace: openstack
+spec:
+  maxReplicas: 9
+  minReplicas: 3
+  metrics:
+    - resource:
+        name: cpu
+        target:
+          averageUtilization: 50
+          type: Utilization
+      type: Resource
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: ironic-conductor

base-kustomize/ironic/base/hpa-ironic-api.yaml

@@ -0,0 +1,19 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: ironic-api
+  namespace: openstack
+spec:
+  maxReplicas: 9
+  minReplicas: 3
+  metrics:
+    - resource:
+        name: cpu
+        target:
+          averageUtilization: 50
+          type: Utilization
+      type: Resource
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: ironic-api

base-kustomize/ironic/base/ironic-mariadb-database.yaml

@@ -0,0 +1,55 @@
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Database
+metadata:
+  name: ironic
+  namespace: openstack
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  # If you want the database to be created with a different name than the resource name
+  # name: data-custom
+  mariaDbRef:
+    name: mariadb-cluster
+  characterSet: utf8
+  collate: utf8_general_ci
+  retryInterval: 5s
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: User
+metadata:
+  name: ironic
+  namespace: openstack
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  # If you want the user to be created with a different name than the resource name
+  # name: user-custom
+  mariaDbRef:
+    name: mariadb-cluster
+  passwordSecretKeyRef:
+    name: ironic-db-password
+    key: password
+  # This field is immutable and defaults to 10, 0 means unlimited.
+  maxUserConnections: 0
+  host: "%"
+  retryInterval: 5s
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Grant
+metadata:
+  name: ironic-grant
+  namespace: openstack
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  mariaDbRef:
+    name: mariadb-cluster
+  privileges:
+    - "ALL"
+  database: "ironic"
+  table: "*"
+  username: ironic
+  grantOption: true
+  host: "%"
+  retryInterval: 5s