| 2023-11-24 17:17:33 |
Dmitry Tantsur |
description |
In a standalone multi-conductor environment, where the dnsmasq configuration is static and does not use any node-specific information, there is no way for a networking booting node to learn its conductor. The conductor it will reach will probably be the one next to dnsmasq. It may or may not have the files required to boot the node.
Several approaches have been proposed to tackle this problem. https://review.opendev.org/c/openstack/ironic-specs/+/873662 proposes a coordination between conductors, but has an issue with JSON RPC multiplication: each conductor will need to notify each conductor on any provisioning actions with a node. This RFE is a revival of https://bugs.launchpad.net/ironic/+bug/1526275 with a less ambitious scope, but also slightly more generic in case we want to expand it on e.g. grub boot later on.
New unauthenticated API will be added to Ironic:
GET /v1/boot/<MAC>/<FILE>
where <MAC> is a valid MAC address (acceptable in several formats)
<FILE> is a file name, only "boot.ipxe" supported initially.
The behavior will be as follows:
1. Find the node by the provided MAC addresses. We will probably need a new lightweight database API to find only the most necessary fields in the most efficient way.
2. If the node is not found, return HTTP 404.
3. If the node is invalid state (see below), return HTTP 404.
4. Else, find the correct conductor and call the new RPC get_boot_config(node_id, file) on it.
On the conductor:
5. If the file name is not "file.ipxe", raise NotFound (HTTP 404).
6. Otherwise, return the configuration with the right IP addresses. At least initially, it will be done by reading the file from the disk. This will ensure a very lean first implementation.
Ironic is currently capable of generating the root boot.pxe. This code will be updated to optionally use the new API.
The feature will be configured by these options:
* [pxe]ipxe_use_boot_config_api = true/false (default false) - enable this feature
* [pxe]ipxe_config_api_root_url = http://host:port (default empty) - configure the base URL for generated root boot.ipxe (the static one, not the one returned by this API). It is needed, for example, when the normal Ironic API uses HTTPS. In this case, a proxy needs to be established to allow HTTP connection to this specific endpoint.
* [api]restrict_boot_config = true/false (default true) - whether to reject boot configuration requests for nodes not in one of the expected states (*WAIT essentially). Operators using fast track mode may set this to false to be able to boot available nodes too. |
In a standalone multi-conductor environment, where the dnsmasq configuration is static and does not use any node-specific information, there is no way for a networking booting node to learn its conductor. The conductor it will reach will probably be the one next to dnsmasq. It may or may not have the files required to boot the node.
Several approaches have been proposed to tackle this problem. https://review.opendev.org/c/openstack/ironic-specs/+/873662 proposes a coordination between conductors, but has an issue with JSON RPC multiplication: each conductor will need to notify each conductor on any provisioning actions with a node. This RFE is a revival of https://bugs.launchpad.net/ironic/+bug/1526275 with a less ambitious scope, but also slightly more generic in case we want to expand it on e.g. grub boot later on.
New unauthenticated API will be added to Ironic:
GET /v1/boot/<MAC>/<FILE>
where <MAC> is a valid MAC address (acceptable in several formats)
<FILE> is a file name, only "boot.ipxe" supported initially.
The behavior will be as follows:
1. Find the node by the provided MAC addresses. We will probably need a new lightweight database API to find only the most necessary fields in the most efficient way.
2. If the node is not found, return HTTP 404.
3. If the node is invalid state (see below), return HTTP 404.
4. Else, find the correct conductor and call the new RPC get_boot_config(node_id, file) on it.
On the conductor:
5. If the file name is not "boot.ipxe", raise NotFound (HTTP 404).
6. Otherwise, return the configuration with the right IP addresses. At least initially, it will be done by reading the file from the disk. This will ensure a very lean first implementation.
Ironic is currently capable of generating the root boot.pxe. This code will be updated to optionally use the new API.
The feature will be configured by these options:
* [pxe]ipxe_use_boot_config_api = true/false (default false) - enable this feature
* [pxe]ipxe_config_api_root_url = http://host:port (default empty) - configure the base URL for generated root boot.ipxe (the static one, not the one returned by this API). It is needed, for example, when the normal Ironic API uses HTTPS. In this case, a proxy needs to be established to allow HTTP connection to this specific endpoint.
* [api]restrict_boot_config = true/false (default true) - whether to reject boot configuration requests for nodes not in one of the expected states (*WAIT essentially). Operators using fast track mode may set this to false to be able to boot available nodes too. |
|
| 2023-11-26 16:38:24 |
Dmitry Tantsur |
description |
In a standalone multi-conductor environment, where the dnsmasq configuration is static and does not use any node-specific information, there is no way for a networking booting node to learn its conductor. The conductor it will reach will probably be the one next to dnsmasq. It may or may not have the files required to boot the node.
Several approaches have been proposed to tackle this problem. https://review.opendev.org/c/openstack/ironic-specs/+/873662 proposes a coordination between conductors, but has an issue with JSON RPC multiplication: each conductor will need to notify each conductor on any provisioning actions with a node. This RFE is a revival of https://bugs.launchpad.net/ironic/+bug/1526275 with a less ambitious scope, but also slightly more generic in case we want to expand it on e.g. grub boot later on.
New unauthenticated API will be added to Ironic:
GET /v1/boot/<MAC>/<FILE>
where <MAC> is a valid MAC address (acceptable in several formats)
<FILE> is a file name, only "boot.ipxe" supported initially.
The behavior will be as follows:
1. Find the node by the provided MAC addresses. We will probably need a new lightweight database API to find only the most necessary fields in the most efficient way.
2. If the node is not found, return HTTP 404.
3. If the node is invalid state (see below), return HTTP 404.
4. Else, find the correct conductor and call the new RPC get_boot_config(node_id, file) on it.
On the conductor:
5. If the file name is not "boot.ipxe", raise NotFound (HTTP 404).
6. Otherwise, return the configuration with the right IP addresses. At least initially, it will be done by reading the file from the disk. This will ensure a very lean first implementation.
Ironic is currently capable of generating the root boot.pxe. This code will be updated to optionally use the new API.
The feature will be configured by these options:
* [pxe]ipxe_use_boot_config_api = true/false (default false) - enable this feature
* [pxe]ipxe_config_api_root_url = http://host:port (default empty) - configure the base URL for generated root boot.ipxe (the static one, not the one returned by this API). It is needed, for example, when the normal Ironic API uses HTTPS. In this case, a proxy needs to be established to allow HTTP connection to this specific endpoint.
* [api]restrict_boot_config = true/false (default true) - whether to reject boot configuration requests for nodes not in one of the expected states (*WAIT essentially). Operators using fast track mode may set this to false to be able to boot available nodes too. |
In a standalone multi-conductor environment, where the dnsmasq configuration is static and does not use any node-specific information, there is no way for a networking booting node to learn its conductor. The conductor it will reach will probably be the one next to dnsmasq. It may or may not have the files required to boot the node.
Several approaches have been proposed to tackle this problem. https://review.opendev.org/c/openstack/ironic-specs/+/873662 proposes a coordination between conductors, but has an issue with JSON RPC multiplication: each conductor will need to notify each conductor on any provisioning actions with a node. This RFE is a revival of https://bugs.launchpad.net/ironic/+bug/1526275 with a less ambitious scope, but also slightly more generic in case we want to expand it on e.g. grub boot later on.
New unauthenticated API will be added to Ironic:
GET /v1/boot/<MAC>/<FILE>
where <MAC> is a valid MAC address (acceptable in several formats)
<FILE> is a file name, only "boot.ipxe" supported initially.
The behavior will be as follows:
1. Find the node by the provided MAC addresses. We will probably need a new lightweight database API to find only the most necessary fields in the most efficient way.
2. If the node is not found, return HTTP 404.
3. If the node is invalid state (see below), return HTTP 404.
4. Else, find the correct conductor and call the new RPC get_boot_config(node_id, file) on it.
On the conductor:
5. After basic checks, the call is forwarded to driver.boot.get_boot_config(task, file) with a shared lock.
The iPXE implementation:
6. If the file name is not "boot.ipxe", raise UnsupportedDriverExtension (handled as HTTP 404 on the API side).
7. Otherwise, return the configuration with the right IP addresses. At least initially, it will be done by reading the file from the disk. This will ensure a very lean first implementation.
Ironic is currently capable of generating the root boot.pxe. This code will be updated to optionally use the new API.
The feature will be configured by these options:
* [pxe]ipxe_use_boot_config_api = true/false (default false) - enable this feature
* [pxe]ipxe_config_api_root_url = http://host:port (default empty) - configure the base URL for generated root boot.ipxe (the static one, not the one returned by this API). It is needed, for example, when the normal Ironic API uses HTTPS. In this case, a proxy needs to be established to allow HTTP connection to this specific endpoint.
* [api]restrict_boot_config = true/false (default true) - whether to reject boot configuration requests for nodes not in one of the expected states (*WAIT essentially). Operators using fast track mode may set this to false to be able to boot available nodes too. |
|
