Inspect是用来在Ironic部署时做硬件检测的。Ironic部署过程中，会使用到deploy image和user image两套镜像。其中，deploy image必须包含ironic python agent（简称IPA或者agent）。

作为一个基于python的代理，它可用于处理ironic中裸机节点的一系列动作，比如检查、配置、清除和部署镜像，暴露API给ironic-conductor，IPA使用lookup和hearteat机制与Ironic Conductor进行交互。

inspector 配置（u版）

该测试环境为All-In-One。inspector提供了openstack-ironic-inspector.service和dnsmasq两个服务。

安装inspect包(centos8)：

yum install openstack-ironic-inspector python3-ironic-inspector-client

创建数据库：

1. mysql -e “create database ironic_inspector;”

2. mysql -e “grant all on vim.* to ironic_inspector@’localhost’ identified by ‘ironic_inspector’;”

3. mysql -e “grant all on ironic_inspector.* to ironic_inspector@’%’ identified by ‘ironic_inspector’;”

4. mysql -e “flush privileges;”

创建ironic-inspector的认证信息及endpoint：

1. openstack user create –domain default –password ironic-inspector ironic-inspector

2. openstack role add –project services –user ironic-inspector admin

3. openstack service create –name ironic-inspector –description “Bare Metal Introspection Service” baremetal-introspection

4. openstack endpoint create –region RegionOne ironic-inspector admin https://192.168.100.12:5050

5. openstack endpoint create –region RegionOne ironic-inspector internal https://192.168.100.12:5050

6. openstack endpoint create –region RegionOne ironic-inspector public https://192.168.100.12:5050

ironic-inspector配置, /etc/ironic-inspector/inspector.conf：

1. [DEFAULT]

2. listen_address = 0.0.0.0

3. listen_port = 5050

4. auth_strategy = keystone

5. debug = false

6. verbose = true

7. transport_url=rabbit://guest:guest@192.168.100.12:5672/

8. [capabilities]

9. [cors]

10. [database]

11. connection=mysql+pymysql://ironic_inspector:ironic_inspector@192.168.100.12/ironic_inspector

12.

13. [discovery]

14. [dnsmasq_pxe_filter]

15. [pxe_filter]

16. [iptables]

17.

18. [ironic]

19. auth_url = https://192.168.100.12:5000/v3

20. auth_strategy = keystone

21. auth_type = password

22. default_domain_name = default

23. project_domain_name=Default

24. project_name=services

25. ironic_url = https://192.168.100.12:6385/v1

26. os_region = RegionOne

27. password = ironic-inspector

28. username = ironic-inspector

29.

30.

31. [keystone_authtoken]

32. project_name = services

33. password = ironic-inspector

34. username = ironic-inspector

35. auth_url = https://192.168.100.12:5000/v3

36. auth_type = password

37. region_name = RegionOne

38. project_domain_id = default

39. user_domain_id = default

40.

41.

42. [oslo_messaging_amqp]

43. [oslo_messaging_kafka]

44. [oslo_messaging_notifications]

45. [oslo_messaging_rabbit]

46. [oslo_policy]

47. [pci_devices]

48. [processing]

49. add_ports = all

50. keep_ports = all

51. ramdisk_logs_dir = /var/log/ironic-inspector/ramdisk

52. store_data = database

53.

54. [ssl]

55. [swift]

tftp配置，这里假设 tftp 服务器已配置，我们只添加 default 文件（/tftpboot/pxelinux.cfg/default），内容如下：

1. default introspect

2. label introspect

3. kernel ironic-python-agent.kernel

4. append initrd=ironic-python-agent.initramfs ipa-inspection-callback-url=https://192.168.100.12:5050/v1/continue ipa-inspection-collectors=default,logs ipa-collect-lldp=1 ipa-debug=1 systemd.journald.forward_to_console=yes selinux=0

5. ipappend 3

dnsmasq配置，/etc/ironic-inspector/dnsmasq.conf：

1. port=0

2. bind-interfaces

3. enable-tftp

4. tftp-root=/tftpboot

5. interface=ens3

6. dhcp-range=192.168.100.200,192.168.100.240

7. dhcp-boot=pxelinux.0

8. #dhcp-sequential-ip

9. log-facility=/var/log/dnsmasq.log

修改ironic配置， /etc/ironic/ironic.conf：

1. [inspector]

2. enabled=true

3. service_url=https://192.168.100.12:5050

4. project_name = services

5. password = ironic

6. username = ironic

7. auth_type = password

8. auth_url=https://192.168.100.12:5000

9. project_domain_id = default

10. user_domain_id = default

11. region_name = RegionOne

配置IPA（ironic-python-agent）

下载 ipa-centos8-stable-ussuri.kernel、ipa-centos8-stable-ussuri.initramfs 镜像，重命名为ironic-python-agent.kernel、ironic-python-agent.initramfs（与/tftpboot/pxelinux.cfg/default配置的名称一致即可）

下载地址：https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/，放置在 /tftpboot目录下。

同步数据库：

ironic-inspector-dbsync –config-file /etc/ironic-inspector/inspector.conf upgrade

 

启动服务：

systemctl start openstack-ironic-inspector.service

dnsmasq –conf-file=/etc/ironic-inspector/dnsmasq.conf

Inspect阶段

1、使用ironic创建node。

2、将node设置为manageable状态。

3、开始自检。自检时，文件的查找顺序大致如下：

1. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/44454c4c-4c00-1033-8039-b7c04f5a5931 not found

2. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/01-75-86-9a-e0-07-3c not found

3. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/C0A866F4 not found

4. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/C0A866F not found

5. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/C0A866 not found

6. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/C0A86 not found

7. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/C0A8 not found

8. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/C0A not found

9. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/C0 not found

10. dnsmasq-tftp[5352]: file /tftpboot/pxelinux.cfg/C not found

11. dnsmasq-tftp[5352]: sent /tftpboot/pxelinux.cfg/default to 192.168.102.244

12. dnsmasq-tftp[5352]: sent /tftpboot/ironic-python-agent.kernel to 192.168.102.244

13. dnsmasq-tftp[5352]: sent /tftpboot/ironic-python-agent.initramfs to 192.168.102.244

 

当baremetal的node节点没有实例时， 会直接找到/tftpboot/pxelinux.cfg目录下的default 文件，同时将之前配置的/tftpboo目录下的镜像文件传送给被自检的裸机，裸机上会启动Ironic Python Agent服务（默认端口9999），启动过程中会检测配置文件default中是否有回调地址ipa-inspection-callback-url来决定是否启动自检流程。

[ironic-python-agent] ironic_python_agent.hardware.py collect_default收集的主要信息如下：

inspect阶段完成之后，节点状态会再次变为manageable。此时会发现节点的属性中会增加许多信息，主要包括内存、cpu、硬盘等信息。

点击节点详情去查看端口信息，会发现自检时会将裸机的端口信息也收集上来。每个端口信息中包含了端口的MAC地址，以及交换机的地址和对应连接的交换机口。

默认情况下利用 LLDP 协议收集的交换机信息是不会进行保存的，为了将收集到交换机信息写入数据库中，要在配置中/etc/ironic-inspector/inspector.conf进行修改

[processing]

default_processing_hooks= ramdisk_error,root_disk_selection,scheduler,validate_interfaces,capabilities,pci_devices,local_link_connection

说明：

如果把 ironic-inspector 和 ironic-conductor 放到同一个节点， 那么 provision流程和 inspector 流程是公用一个 tftp 服务器， 然后监听不同的网口。

在正常情况下是没有冲突的，但是如果部署流程失败了， tftp 数据会有残留，那么后续进行 inspector 流程时，可能会下到 deploy 的镜像和配置文件，从而导致 inspector 失败。

作者：新钛云服 舒祝