ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

Osic tech talk presentation on ironic inspector

?
?
A
Annie Lezil

The document discusses the Ironic Inspector service, which discovers hardware properties of bare metal nodes through introspection. It describes the general workflow where a node is enrolled, brought to a manageable state, and has its hardware inventory collected by booting an Ironic Python Agent ramdisk. The collected data is processed by plugins, stored in Swift according to introspection rules, and used to update the node's properties. It also covers capabilities detection, optional collectors like Dmidecode and Biosdevname, and CLI commands for managing introspection.

1 of 24
Downloaded 12 times
Bare Metal Introspection service (ironic-inspector) Annie Lezil Ramamani Yeleswarapu
AGENDA ¡ñ Ironic Inspector ¡ñ Workflow ¡ñ Plugins/ Collectors ¡ñ Introspection Rules & Reapplying Introspection ¡ñ Capabilities ¡ñ Biosdevname & Dmidecode collectors
IRONIC INSPECTOR ¡ñ Service for discovering hardware properties of a node ¡ñ Properties required for scheduling a bare metal node ¡ñ Inspection involves booting Ironic Python Agent(IPA) ramdisk on the node ¡ñ IPA - agent running in the ramdisk to control and deploy nodes ¡ñ Inspection requires configuring the IPA ramdisk, PXE/iPXE boot environments
GENERAL WORKFLOW Enroll a node (IPMI Credentials) Bring node to manageable state (CLI command) Request node inspection (CLI command) Inspector validates node (power credentials, power and provision states) Inspector allows firewall access (PXE boot services for the node) Issues reboot command (IPA boots on the node) IPA collects the HW info (post it back data to the Inspector) Inspector figures out the node the data belongs to Inspector processes the data (updates the node¡¯s DB) Inspector stores HW inventory in Swift
INSTALL / CONTRIBUTION
USAGE ¡ñ Node States ¡ñ Introspection Rules ¡ñ Reapplying Introspection on Stored Data ¡ñ Discovery ¡ñ Capabilities Detection ¡ñ Plugins
NODE STATES ¡ñ The nodes should be moved to MANAGEABLE provision state before introspection. ¡ñ Move node to manageable state: ¡°openstack baremetal node manage <UUID>¡± ¡°ironic node-set-provision-state <node_UUID> manage¡± ¡ñ INSPECT a node: ¡°openstack baremetal node inspect <UUID>¡± ¡°openstack baremetal introspection start <UUID>¡± ¡°ironic node-set-provision-state <node_UUID> inspect¡± ¡ñ Get back a data in json file and store it in Swift: ¡°openstack baremetal introspection data save <UUID>¡± ¡ñ After successful introspection and before deploying nodes should be made available to Nova, by moving them to AVAILABLE state: ¡°openstack baremetal node provide <UUID>¡± ¡°ironic node-set-provision-state <UUID> provide¡± manageable enroll available manage (via API) provide (via API) manage (via API) Inspection inspect (via API)
PLUGINS ¡ñ For data processing including standard functionality ¡ñ Plugins enabled by default: scheduler, validate_interfaces, root_disk_selection, ramdisk_error, capabilities, pci_devices ¡ñ Optional plugins: example, raid_device, local_link_connection, lldp_basic ¡ñ Set in ironic.conf: processing_hooks default_processing_hooks
PLUGINS Receives data from ramdisk Run pre-processing hooks Look up for node Run post-processing hooks Updates Ironic DBSaves data to Swift
INTROSPECTION RULES ¡ñ Operator/User creates ¡°Conditions¡± on introspection data to perform ¡°Action¡± on node. ¡ñ Simple JSON-based domain-specific language used to define rules. Condition {"field":"data://introspection.path, "op": "eq", "value": "val"} True Action {"action": "set-attribute", "path":"/driver_info/ipmi_address", "value": "{data[inventory][bmc_address]}"} False Action not performed
INTROSPECTION RULES EXAMPLES ¡ñ Save the conditions and actions as .json file.
INTROSPECTION RULES EXAMPLES
INTROSPECTION RULES EXAMPLES
REAPPLYING INTROSPECTION ON STORED DATA Create/Import Rules Inspect Reboots node Collects data Process the data Applies the rules Saves the data in Swift Reapply Fetch data from Swift ¡ñ Allows correcting mistakes in introspection rules. ¡ñ Not necessary to inspect a node if the rules created are wrong. ¡ñ ¡°openstack baremetal introspection reprocess <UUID>¡±
DISCOVERY ¡ñ Inspector can automatically enroll new nodes to Ironic ¡ñ Set ¡°node_not_found_hook = enroll¡± in inspector.conf to load the processing hook ¡°enroll¡± ¡ñ Set "enroll_node_driver" option to the Ironic driver ¡ñ Node is manually booted without registering it with Ironic. ¡ñ Ramdisk is booted and data collected back to inspector. ¡ñ If inspector cannot find the node in ironic, it creates a new node.
CAPABILITIES DETECTION ¡ñ Currently, Inspector can discover these node capabilities: ¡ð Boot mode (current boot mode BIOS or UEFI) ¡ð Several CPU flags (cpu_aes, cpu_vt, cpu_txt, cpu_hugepages, cpu_hugepages_1g) ¡ñ Define your own rules by setting the [capabilities]/cpu_flags in inspector.conf
CAPABILITIES DETECTION Capabilities added to node¡¯s properties
CAPABILITIES DETECTION EXAMPLES Nodes should be available
Osic tech talk presentation on ironic inspector
COLLECTORS in IPA ¡ñ Extensions of the inspection process during the IPA ramdisk run ¡ñ Adding a new collector requires rebuilding the IPA ramdisk and kernel images ¡ñ Using CoreOS/ TinyIPA/ Disk Image Builder ¡ñ Use the resulting .kernel and .initramfs files to set PXE/iPXE (.gz and .vmlinuz files in the case of CoreOS/TinyIPA) ¡ñ Customize the list of collectors by appending to the kernel option in the PXE/iPXE config: ipa-inspection-collectors=default,logs,extra_hardware
DMIDECODE COLLECTOR ¡ñ Collects detailed output of dmidecode utility for processor, memory and bios ¡ñ Optional collector to be added to the ipa-inspection-collectors kernel argument ¡ñ Adds to the hardware inventory:
BIOSDEVNAME ¡ñ Biosdevname - utility that gives BIOS-given name of a device (interface). ¡ñ Default Collector - collects the hardware inventory of a node. ¡ñ Implementation: ¡ð Created the biosdevname utility for TinyIPA (ramdisk). ¡ð Implemented a function to collect the Bios given interface name and added it to interfaces section of default collector. Extra field biosdevname added
INTROSPECTION CLI COMMANDS ¡ñ baremetal introspection abort ¡ñ baremetal introspection data save ¡ñ baremetal introspection list ¡ñ baremetal introspection reprocess ¡ñ baremetal introspection rule delete ¡ñ baremetal introspection rule import ¡ñ baremetal introspection rule list ¡ñ baremetal introspection rule purge ¡ñ baremetal introspection rule show ¡ñ baremetal introspection start ¡ñ baremetal introspection status
Thank You

More Related Content

Osic tech talk presentation on ironic inspector

  • 1. Bare Metal Introspection service (ironic-inspector) Annie Lezil Ramamani Yeleswarapu
  • 2. AGENDA ¡ñ Ironic Inspector ¡ñ Workflow ¡ñ Plugins/ Collectors ¡ñ Introspection Rules & Reapplying Introspection ¡ñ Capabilities ¡ñ Biosdevname & Dmidecode collectors
  • 3. IRONIC INSPECTOR ¡ñ Service for discovering hardware properties of a node ¡ñ Properties required for scheduling a bare metal node ¡ñ Inspection involves booting Ironic Python Agent(IPA) ramdisk on the node ¡ñ IPA - agent running in the ramdisk to control and deploy nodes ¡ñ Inspection requires configuring the IPA ramdisk, PXE/iPXE boot environments
  • 4. GENERAL WORKFLOW Enroll a node (IPMI Credentials) Bring node to manageable state (CLI command) Request node inspection (CLI command) Inspector validates node (power credentials, power and provision states) Inspector allows firewall access (PXE boot services for the node) Issues reboot command (IPA boots on the node) IPA collects the HW info (post it back data to the Inspector) Inspector figures out the node the data belongs to Inspector processes the data (updates the node¡¯s DB) Inspector stores HW inventory in Swift
  • 6. USAGE ¡ñ Node States ¡ñ Introspection Rules ¡ñ Reapplying Introspection on Stored Data ¡ñ Discovery ¡ñ Capabilities Detection ¡ñ Plugins
  • 7. NODE STATES ¡ñ The nodes should be moved to MANAGEABLE provision state before introspection. ¡ñ Move node to manageable state: ¡°openstack baremetal node manage <UUID>¡± ¡°ironic node-set-provision-state <node_UUID> manage¡± ¡ñ INSPECT a node: ¡°openstack baremetal node inspect <UUID>¡± ¡°openstack baremetal introspection start <UUID>¡± ¡°ironic node-set-provision-state <node_UUID> inspect¡± ¡ñ Get back a data in json file and store it in Swift: ¡°openstack baremetal introspection data save <UUID>¡± ¡ñ After successful introspection and before deploying nodes should be made available to Nova, by moving them to AVAILABLE state: ¡°openstack baremetal node provide <UUID>¡± ¡°ironic node-set-provision-state <UUID> provide¡± manageable enroll available manage (via API) provide (via API) manage (via API) Inspection inspect (via API)
  • 8. PLUGINS ¡ñ For data processing including standard functionality ¡ñ Plugins enabled by default: scheduler, validate_interfaces, root_disk_selection, ramdisk_error, capabilities, pci_devices ¡ñ Optional plugins: example, raid_device, local_link_connection, lldp_basic ¡ñ Set in ironic.conf: processing_hooks default_processing_hooks
  • 9. PLUGINS Receives data from ramdisk Run pre-processing hooks Look up for node Run post-processing hooks Updates Ironic DBSaves data to Swift
  • 10. INTROSPECTION RULES ¡ñ Operator/User creates ¡°Conditions¡± on introspection data to perform ¡°Action¡± on node. ¡ñ Simple JSON-based domain-specific language used to define rules. Condition {"field":"data://introspection.path, "op": "eq", "value": "val"} True Action {"action": "set-attribute", "path":"/driver_info/ipmi_address", "value": "{data[inventory][bmc_address]}"} False Action not performed
  • 11. INTROSPECTION RULES EXAMPLES ¡ñ Save the conditions and actions as .json file.
  • 14. REAPPLYING INTROSPECTION ON STORED DATA Create/Import Rules Inspect Reboots node Collects data Process the data Applies the rules Saves the data in Swift Reapply Fetch data from Swift ¡ñ Allows correcting mistakes in introspection rules. ¡ñ Not necessary to inspect a node if the rules created are wrong. ¡ñ ¡°openstack baremetal introspection reprocess <UUID>¡±
  • 15. DISCOVERY ¡ñ Inspector can automatically enroll new nodes to Ironic ¡ñ Set ¡°node_not_found_hook = enroll¡± in inspector.conf to load the processing hook ¡°enroll¡± ¡ñ Set "enroll_node_driver" option to the Ironic driver ¡ñ Node is manually booted without registering it with Ironic. ¡ñ Ramdisk is booted and data collected back to inspector. ¡ñ If inspector cannot find the node in ironic, it creates a new node.
  • 16. CAPABILITIES DETECTION ¡ñ Currently, Inspector can discover these node capabilities: ¡ð Boot mode (current boot mode BIOS or UEFI) ¡ð Several CPU flags (cpu_aes, cpu_vt, cpu_txt, cpu_hugepages, cpu_hugepages_1g) ¡ñ Define your own rules by setting the [capabilities]/cpu_flags in inspector.conf
  • 20. COLLECTORS in IPA ¡ñ Extensions of the inspection process during the IPA ramdisk run ¡ñ Adding a new collector requires rebuilding the IPA ramdisk and kernel images ¡ñ Using CoreOS/ TinyIPA/ Disk Image Builder ¡ñ Use the resulting .kernel and .initramfs files to set PXE/iPXE (.gz and .vmlinuz files in the case of CoreOS/TinyIPA) ¡ñ Customize the list of collectors by appending to the kernel option in the PXE/iPXE config: ipa-inspection-collectors=default,logs,extra_hardware
  • 21. DMIDECODE COLLECTOR ¡ñ Collects detailed output of dmidecode utility for processor, memory and bios ¡ñ Optional collector to be added to the ipa-inspection-collectors kernel argument ¡ñ Adds to the hardware inventory:
  • 22. BIOSDEVNAME ¡ñ Biosdevname - utility that gives BIOS-given name of a device (interface). ¡ñ Default Collector - collects the hardware inventory of a node. ¡ñ Implementation: ¡ð Created the biosdevname utility for TinyIPA (ramdisk). ¡ð Implemented a function to collect the Bios given interface name and added it to interfaces section of default collector. Extra field biosdevname added
  • 23. INTROSPECTION CLI COMMANDS ¡ñ baremetal introspection abort ¡ñ baremetal introspection data save ¡ñ baremetal introspection list ¡ñ baremetal introspection reprocess ¡ñ baremetal introspection rule delete ¡ñ baremetal introspection rule import ¡ñ baremetal introspection rule list ¡ñ baremetal introspection rule purge ¡ñ baremetal introspection rule show ¡ñ baremetal introspection start ¡ñ baremetal introspection status