Skip to content

feat: Nova compute driver with storage network IP injection #1282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 26 commits into from
Oct 7, 2025
Merged

feat: Nova compute driver with storage network IP injection #1282

merged 26 commits into from
Oct 7, 2025

Conversation

skrobul
Copy link
Collaborator

@skrobul skrobul commented Sep 24, 2025
edited
Loading

This PR introduces a custom Nova compute driver that automatically injects storage network configuration into instance config drives when requested.

Key Changes

  • New IronicUnderstackDriver: Extends Nova's standard Ironic driver to support storage network injection
  • Nautobot integration: Queries Nautobot GraphQL API to retrieve storage interface configurations for bare metal nodes
  • Argo Workflows integration: Triggers Ansible playbooks via Argo when storage networks are needed (when user requests a server with storage=wanted property and the project is enabled for UNDERSTACK_SVM).
  • Configurable behavior: Added config options to control IP injection and playbook selection as well as credentials for dependencies
  • Kubernetes integration: Added RBAC, secrets, and service account tokens for Nova to access Argo and Nautobot

How it works

When an instance has metadata.storage=wanted, the driver:

  1. Runs the configured Ansible playbook via Argo Workflows to set up storage networking
  2. Queries Nautobot for the node's storage interface details
  3. Injects the storage network configuration into the instance's config drive

Below (simplified) diagram shows how the components interact to make this feature work:

sequenceDiagram
  actor User
  participant Nova
  participant Placement
  participant Argo
  participant Ansible

  participant Nautobot
  participant Ironic
  
  activate Nova
  User ->> Nova: create server
  Nova ->>+ Placement: select node
  Placement -->>-Nova: 
  Nova ->>+ Argo: schedule ansible-run
  Argo ->>+ Ansible: populate IPs
  Ansible ->>+ Nautobot: populate IPs for server
  Nautobot <<-->>- Ansible: exchange info
  Ansible -->>- Argo: completed
  Argo -->>- Nova: completed
  Nova ->> Nautobot: retrieve IPs
  Nautobot -->> Nova: 
  Nova ->> Nova: merge IPs into config drive
  Nova ->> Ironic: boot srv with updated configdrive
  Ironic -->> Nova: done
  Nova -->> User: server is ready
  deactivate Nova
Loading

Configuration

Most of the configuration is under [nova_understack] section of the nova-compute-ironic.

  • Storage network IP injection feature can be completely disabled via ip_injection_enabled=False
  • Ansible playbook name is configurable via ansible_playbook_filename - this can come handy if we decide to cleanup .yml extensions and name them correctly with .yaml.
  • Supports both direct API keys and Kubernetes secret-based authentication

Closes https://rackspace.atlassian.net/browse/PUC-1242
Depends on https://github.com/RSS-Engineering/undercloud-deploy/pull/771

Notes for the reviewer

If reviewing commit-by-commit, please start from c1d22b6 as the earlier commit have been reverted in f9cb501. I have purposefully included them in PR so that Ironic custom hardware manager experiment is recorded in history if we ever want to create something similar.
I have at least one idea where this may become useful, so don't want to just throw it out.

@skrobul skrobul force-pushed the ironic-inject-storage-ips branch 17 times, most recently from 695eac1 to c8cad09 Compare October 1, 2025 09:20
@skrobul skrobul force-pushed the ironic-inject-storage-ips branch 6 times, most recently from 16836b3 to ce40876 Compare October 6, 2025 17:14
@skrobul skrobul changed the title WIP - inject storage IPs to the servers feat: Nova Ironic driver with storage network IP injection Oct 6, 2025
@skrobul skrobul requested a review from a team October 6, 2025 17:45
@skrobul skrobul changed the title feat: Nova Ironic driver with storage network IP injection feat: Nova compute driver with storage network IP injection Oct 6, 2025
@skrobul skrobul marked this pull request as ready for review October 6, 2025 17:48
@skrobul skrobul force-pushed the ironic-inject-storage-ips branch from ce40876 to 761ffde Compare October 7, 2025 13:50
cardoe
cardoe reviewed Oct 7, 2025
View reviewed changes
skrobul added 21 commits October 7, 2025 17:20
@skrobul
add Nova IronicUnderstackDriver
9ceaeca 
nova driver must live under nova.virt.

It cannot be external to the nova project because of this:

https://github.com/openstack/nova/blob/b99a882366251f88d145e27312b94692e0b2266f/nova/virt/driver.py#L2074
@skrobul
install IronicUnderstackDriver into the nova container
8fe190f
@skrobul
nova: add logging to IronicUnderstackDriver
53658de
@skrobul
nova: inject IPs through _get_network_metadata override
e6ffca4 
Rather than trying to intercept and rewrite whole spawn() method, we
should be able to override only the _get_network_metadata(). It's better
this way because it's much smaller and it's also used inside the
rebuild() which we'd have to override too.
@skrobul
nova: use Nautobot client to obtain storage IPs
52326a9
@skrobul
nova: create and mount nautobot token secret
1cb9eac
@skrobul
nova: add secret and role bindings for Argo access
7d27fc0
@skrobul
nova: add ArgoClient
d51a5e5
@skrobul
nova: make ArgoClient more generic
ce294d3 
In case we need to run other playbooks...
@skrobul
nova: use dynamic routes for A/B side
9c0e0c0 
Rather than hardcoding 100.127.0.0/16, we should use side-specific
routes so both sides can be reached independently.
@skrobul
nova: inject storage info only when requested
94e0a8c
@skrobul
nova: run ansible playbook before configdrive build
9802865
@skrobul
sensor-ironic: don't run storage_on_server_create
94176af 
Running this again would be redundant since this is already triggered in
Nova (see previous commit)
@skrobul
nova: normalize project_id before calling ansible
e6949a9 
Openstack uses format without dashes, Nautobot expects one with dashes.
@skrobul
scripts: normalise uuids in cleanup_storage_stuff_in_nautobot
47dc284
@skrobul
Revert Ironic hardware manager version
0d301e2 
This reverts commit c37e3fd.
This reverts commit c57b2a8.
@skrobul
nova: make ansible playbook name configurable
2f75728
@skrobul
nova: add conf option to disable IP injection feature
a9c4e7b
@skrobul
nova: refactor the IronicUnderstackDriver to make testing easier
843c57e 
This way our modified code is almost all in separate method and it's
clear what has been changed.
@skrobul
nova: refactor the IronicUnderstackDriver to make testing easier
bba9037 
This way our modified code is almost all in separate method and it's
clear what has been changed.
@skrobul
nova: add tests for IronicUnderstackDriver and related classes
ab35ff1
@skrobul skrobul force-pushed the ironic-inject-storage-ips branch from 761ffde to ab35ff1 Compare October 7, 2025 16:22
@cardoe cardoe added this pull request to the merge queue Oct 7, 2025
Merged via the queue into main with commit cadbfc9 Oct 7, 2025
39 checks passed
@cardoe cardoe deleted the ironic-inject-storage-ips branch October 7, 2025 22:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cardoe cardoe cardoe approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@skrobul @cardoe