New driver in Ironic for OneView

https://bugs.launchpad.net/ironic/+bug/1526406

This spec proposes adding a new driver that supports deployment of servers managed by OneView. OneView is an Integrated Infrastructure Systems Management Software developed by HP.

In this spec, Server Hardware is the label used on OneView to denote a physical server.

Problem description

Currently Ironic does not have integration with any Infrastructure Management System. Nowadays, being able to use hardware from these systems inventory to provision a baremetal instance is a manual/time consuming task that would require pre-configuration of each server. OneView eases this configuration workload.

This spec proposes a new Ironic OneView driver that will promote integration with the HP OneView Management System. The proposed driver will provide automatic inventory management with OneView, allowing Ironic to borrow non-dedicated servers from OneViews’s inventory to provision baremetal instances with minimal common pre-configuration, set through OneView’s Server Profile Templates (SPT).

In order to use a Server Hardware managed by OneView, one needs to assign it a Server Profile, prior to the enrollment of the node, in order to configure the hardware to be used (select/update firmware, enable NIC’s, setup the network connections on them, BIOS/UEFI settings, initialize storage and so on). The cloud administrator can take advantage of such a resource to configure the server’s NIC to use the Ironic provision network on the fly as needed, along with other options that could allow optimal performance.

Proposed change

This spec proposes the pxe_oneview and agent_oneview drivers, implementing the Power, Management and, in the case of the Agent driver, Vendor interfaces.

The driver uses python-oneviewclient in order to handle the communication between the driver and OneView for, e.g., getting information about a resource, turning a server hardware on and off, and handling the configuration of a server profile.

Server profiles are based on SPT’s, which have information to configure the hardware NIC to join a flat network, initialize the server storage and other configuration options used by Ironic like boot_type and boot_order. The SPT can also hold specific configuration options to improve the hardware performance for Ironic, like Advanced Memory Protection, USB boot, enable Virtualization Technology and HyperThreading, change the thermal configuration and so on. Based on this premises, to be enrolled, the node MUST have the following parameters:

  • driver_info
    • server_hardware_uri: URI of the Server Hardware on OneView
    • server_profile_template_uri: URI for the Server Profile Template used to create the Server Profile of the node. This will be used on the future to change the Server Profile of the node on a zapping task.
  • properties/capabilities
    • server_hardware_type_uri: URI for the Server Hardware Type on OneView, for scheduling purposes if one wants to deploy on specific hardware determined on the flavor.
    • enclosure_group_uri: URI for the Enclosure Group on OneView, for scheduling purposes if one wants to deploy on specific enclosure determined on the flavor.

The driver implements:

  • oneview.power.OneViewPower
  • oneview.management.OneViewManagement
  • oneview.vendor.AgentVendorInterface
Power Interface:
The *_oneview driver’s Power Interface controls and synchronizes the power state of the nodes using OneView’s REST API. The validate() method on this interface will check the required parameters and if the node already has a server profile associated.
Management Interface:
The *_oneview driver’s Management Interface allows the user to get and set the boot-order of a server hardware by modifying the server profile assigned to the server hardware. If no server profile is assigned yet to an instance, an exception will be thrown since the boot order of a server managed by OneView can only be modified through a server profile. The validate() method on this interface will also check the required parameters and if the node already has a server profile associated.
Agent Vendor Interface:
The agent_oneview interface modifies the way reboot_to_instance method sets the boot device since OneView doesn’t allow such a change with the machine powered on.

This driver reuses PXEBoot for boot and ISCSIDeploy/AgentDeploy for deploy.

To be deployed using the *_oneview driver, the node’s Server Profile MUST be applied to the server hardware the node represents. This Server Profile MUST connect the 1st NIC of the node to Ironic’s provision network.

Alternatives

We could use the already existing drivers (such as pxe_ipmitool, pxe_ilo, iscsi_ilo or even agent_ilo) to launch instances managed by OneView. But then: - We would lose the capability to manage these instances through OneView; - If the node is being managed by OneView, without a Server Profile, and deployed with other driver, another user can claim it by applying a Server Profile and thus Ironic would lose control of the server; - Without using OneView, the task of maintaining configuration consistency between the Server Hardware items is manual, boring and time consuming.

Data model impact

None

State Machine Impact

None

REST API impact

None

Client (CLI) impact

None

RPC API impact

None

Driver API impact

None

Nova driver impact

None

Ramdisk impact

N/A

Security impact

The connection with OneView is by default secure using TLS with certificate authentication, but the user can allow insecure connections by setting to True the allow_insecure_connections field in the configuration file.

Other end user impact

None

Scalability impact

The driver gets some data using python-oneviewclient through OneView’s REST API which is an external service. The calls are simple, but considering a large amount of Server Hardware items a small increase in network traffic can happen.

Performance Impact

None

Other deployer impact

The following parameters are required in the newly created [oneview] section on ironic.conf:

  • manager_url: OneView Manager url
  • username: User account with admin/server-profile access privilege in OneView
  • password: User account password in OneView
  • allow_insecure_connections: Allow connections to OneView without a certificate signed by a trusted CA. Its default value is False.
  • tls_cacert_file: The path to the certificate of a trusted CA to be used to verify the OneView certificate when insecure connections are not allowed
  • max_polling_attempts: Max connection attempts to check changes on OneView

Developer impact

None

Implementation

Assignee(s)

Primary assignee:
thiagop
Other contributors:
albertoffb caiobo diegolp liliars sinval afaranha

Work Items

  • Implement new iscsi_pxe_oneview and agent_pxe_oneview drivers.
  • Implement unit-test cases for *_oneview driver.
  • Write configuration documents.

Dependencies

Testing

Unit-tests will be implemented for the new drivers. A third party CI will be used in the future to provide a suitable test environment for tests involving an OneView appliance.

Upgrades and Backwards Compatibility

None

Documentation Impact

The required parameters on the node and [oneview] section of ironic.conf will be included in the documentation to instruct operators how to use Ironic with OneView.