StackHPC Mixin Environments¶

StackHPC Kayobe configuration provides a set of mixin environments, which can be used to apply configuration in modular way. These provide a mechanism where users can opt into new sets of configuration mid-cycle, at a time of the their choosing, and thereby facilitate gradual adoption of new features. Config may be moved into the the base configuration for the next major release.

For more information about Kayobe environments, please see the upstream Kayobe documentation.

Note

To override settings in mixin environments, you will need to define the overrides in an environment that inherits from that one, rather than in the base configuration.

baremetal¶

StackHPC Ironic environment¶

Mixin that adds StackHPC opinionated defaults for Ironic.

Consuming this environment¶

Add the baremetal environment to your .kayobe-environment file:

$KAYOBE_CONFIG_PATH/$KAYOBE_ENVIRONMENT/.kayobe-environment¶

dependencies:
  - baremetal

Redeploy the loadbalancer, Neutron, Nova, and Ironic:

kayobe overcloud service deploy -kt loadbalancer,ironic,nova,neutron

Cleaning¶

Storage¶

Hardware assisted secure erase, i.e the erase_devices clean step, is enabled by default. This is normally dependent on the Hardware Manager in use. For example, when using the GenericHardwareManager the priority would be 10, whereas if using the ProliantHardwareManager it would be 0. The idea is that we will prevent the catastrophic case where data could be leaked to another tenant; forcing you to have to explicitly relax this setting if this is a risk you want to take. This can be customised by editing the following variables:

$KAYOBE_CONFIG_PATH/$KAYOBE_ENVIRONMENT/kolla/config/ironic/ironic-conductor.conf¶

[deploy]
erase_devices_priority=10
erase_devices_metadata_priority=0

See Ironic documentation for more details.

baremetal-policy¶

Policy for a baremetaluser role¶

When deploying Slurm on baremetal nodes, it is typical to select a specific baremetal node, and give it the expected hostname. We allow this via a tweak to Nova policy.

Similarly, it is common that the IP address has to match the expected one for the given node. We tweak neutron policy to allow fixed IPs, even when we do not own the network.

We should never use the admin role to do these operations, as it has far too much privilege.

Consuming this environment¶

Add the baremetal-policy environment to your .kayobe-environment file:

$KAYOBE_CONFIG_PATH/$KAYOBE_ENVIRONMENT/.kayobe-environment¶

dependencies:
  - baremetal-policy

Redeploy Neutron, and Nova:

kayobe overcloud service deploy -kt neutron,nova