When using Ironic multi-tenancy with networking-ansible, Ironic leaves nodes (actually their associated switch ports) in a non-introspectable state.

For example, consider a scenario in which VLAN 1001 is used for provisioning, cleaning, and introspection, and VLANs 1002+ are used for tenant networks.  Ironic and networking-ansible can clean and provision a node using VLAN 1001 and configure the node's switch port to connect the node to it's tenant network.  (I.e., the basic multi-tenancy use case works.)

However, the introspection workflow does not do this.  Introspecting a node requires that the switch be pre-configured to place the node on the provisioning network.  Furthermore, Ironic does not place nodes on the provisioning network when a node is unused; instead it removes any VLAN tag from the port.

Thus, a node that is not in active use by Ironic is left in a state in which it cannot be introspected without manual reconfiguration of the node's switch port.

This has 2 implications for operators:

1.  When deploying new BMaaS hardware, switch ports for the new nodes must be
    manually configured to place them in the provisioning VLAN.

2.  When re-introspecting an existing node (after replacing a faulty hardware
    component, for example) the switch port must be manually recofigured to
    connect the node to the provisioning VLAN.

The Ironic introspection process should be able to connect the node to the
provisioning VLAN.  Alternatively, Ironic could leave the node connected to
the provisioning VLAN at the end of the cleaning process (but this would only
address case #2 above).

NOTE: The text above does assume that the same network is used for provsioning,
cleaning, and introspection.  It's somewhat more complicated if different
networks are being used.