When using Ironic multi-tenancy with networking-ansible, Ironic leaves nodes (actually their associated switch ports) in a non-introspectable state.
For example, consider a scenario in which VLAN 1001 is used for provisioning, cleaning, and introspection, and VLANs 1002+ are used for tenant networks. Ironic and networking-ansible can clean and provision a node using VLAN 1001 and configure the node's switch port to connect the node to it's tenant network. (I.e., the basic multi-tenancy use case works.)
However, the introspection workflow does not do this. Introspecting a node requires that the switch be pre-configured to place the node on the provisioning network. Furthermore, Ironic does not place nodes on the provisioning network when a node is unused; instead it removes any VLAN tag from the port.
Thus, a node that is not in active use by Ironic is left in a state in which it cannot be introspected without manual reconfiguration of the node's switch port.
This has 2 implications for operators:
1. When deploying new BMaaS hardware, switch ports for the new nodes must be
manually configured to place them in the provisioning VLAN.
2. When re-introspecting an existing node (after replacing a faulty hardware
component, for example) the switch port must be manually recofigured to
connect the node to the provisioning VLAN.
The Ironic introspection process should be able to connect the node to the
provisioning VLAN. Alternatively, Ironic could leave the node connected to
the provisioning VLAN at the end of the cleaning process (but this would only
address case #2 above).
NOTE: The text above does assume that the same network is used for provsioning,
cleaning, and introspection. It's somewhat more complicated if different
networks are being used.
> The Ironic introspection process should be able to connect the node to the
provisioning VLAN.
I posted a spec for it long ago, but it kind of got stuck for 2 years without reviews. I'll try to revive it and poke people to review.
I'm marking it as an RFE because of the fast scope of the actual code changes and the amount of testing that will be required to cover it.
When using Ironic multi-tenancy with networking-ansible, Ironic leaves nodes (actually their associated switch ports) in a non-introspectable state. For example, consider a scenario in which VLAN 1001 is used for provisioning, cleaning, and introspection, and VLANs 1002+ are used for tenant networks. Ironic and networking-ansible can clean and provision a node using VLAN 1001 and configure the node's switch port to connect the node to it's tenant network. (I.e., the basic multi-tenancy use case works.) However, the introspection workflow does not do this. Introspecting a node requires that the switch be pre-configured to place the node on the provisioning network. Furthermore, Ironic does not place nodes on the provisioning network when a node is unused; instead it removes any VLAN tag from the port. Thus, a node that is not in active use by Ironic is left in a state in which it cannot be introspected without manual reconfiguration of the node's switch port. This has 2 implications for operators: 1. When deploying new BMaaS hardware, switch ports for the new nodes must be manually configured to place them in the provisioning VLAN. 2. When re-introspecting an existing node (after replacing a faulty hardware component, for example) the switch port must be manually recofigured to connect the node to the provisioning VLAN. The Ironic introspection process should be able to connect the node to the provisioning VLAN. Alternatively, Ironic could leave the node connected to the provisioning VLAN at the end of the cleaning process (but this would only address case #2 above). NOTE: The text above does assume that the same network is used for provsioning, cleaning, and introspection. It's somewhat more complicated if different networks are being used.