feat(ironic): Add update_baremetal_port ironic inspection hook #1347
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stevekeay
force-pushed
the
ironic-inspection-hook
branch
from
9ff91f9 to
21d33c6
Compare
cardoe
changed the title
stevekeay
force-pushed
the
ironic-inspection-hook
branch
3 times, most recently
from
30e1717 to
6038946
Compare
stevekeay
force-pushed
the
ironic-inspection-hook
branch
5 times, most recently
from
9949abc to
3b3481f
Compare
stevekeay
force-pushed
the
ironic-inspection-hook
branch
3 times, most recently
from
1d0d819 to
68ce0f1
Compare
stevekeay
force-pushed
the
ironic-inspection-hook
branch
15 times, most recently
from
9006136 to
3ade42b
Compare
stevekeay
force-pushed
the
ironic-inspection-hook
branch
6 times, most recently
from
ed99ae7 to
6dc2467
Compare
cardoe
approved these changes
Dec 2, 2025
Contributor
cardoe
left a comment
cardoe
left a comment
There was a problem hiding this comment.
Two suggestions that I'm fine if they don't happen.
Comment on lines
+34
to
+47
| extra = baremetal_port.extra | ||
| current_bios_name = extra.get("bios_name") | ||
|
|
||
| if current_bios_name != required_bios_name: | ||
| LOG.info( | ||
| "Port %(mac)s updating bios_name from %(old)s to %(new)s", | ||
| {"mac": mac, "old": current_bios_name, "new": required_bios_name}, | ||
| ) | ||
|
|
||
| if required_bios_name: | ||
| extra["bios_name"] = required_bios_name | ||
| else: | ||
| extra.pop("bios_name", None) | ||
|
|
||
| baremetal_port.extra = extra | ||
| baremetal_port.save() |
Contributor
There was a problem hiding this comment.
We could also unconditionally set baremetal_port.description
Contributor
Author
There was a problem hiding this comment.
Description is cool, however the "description" suggests to me "human readable" whereas this field is intended for a machine to consume. Parsing a description seems fragile because people might be tempted to add other "helpful" information in there.
Also, our openstack today doesn't seem to have a description field:
openstack --os-cloud=prod-infra baremetal port show 57951a4b-ae40-4e1a-9ff6-524e36ec976c
+-----------------------+---------------------------------------------------------+
| Field | Value |
+-----------------------+---------------------------------------------------------+
| address | c4:cb:e1:d5:92:54 |
| created_at | 2025-03-31T14:33:26+00:00 |
| extra | {} |
| internal_info | {} |
| is_smartnic | False |
| local_link_connection | {} |
| name | 57951a4b-ae40-4e1a-9ff6-524e36ec976c NIC.Embedded.1-1-1 |
| node_uuid | 11fe6307-3c25-47eb-911c-a470e6094913 |
| physical_network | None |
| portgroup_uuid | None |
| pxe_enabled | False |
| updated_at | None |
| uuid | 57951a4b-ae40-4e1a-9ff6-524e36ec976c |
+-----------------------+---------------------------------------------------------+
Contributor
There was a problem hiding this comment.
If it's intended for machines then I agree with the field in extra. As far as the field not showing up, upgrade your client.
stevekeay
force-pushed
the
ironic-inspection-hook
branch
2 times, most recently
from
9e7dfa3 to
40c284e
Compare
stevekeay
force-pushed
the
ironic-inspection-hook
branch
from
40c284e to
089cacc
Compare
After out-of-band inspection we run port-bios-name. The interface names returned by the BMC are generally more meaningful to the data center than the linux names we get in the agent inspection data After Agent Inspection we run update-baremetal-port. This consumes the LLDP information, so it must run after agent inspection. Out-of-band inspection doesn't give us the full LLDP data. The default ironic local-link-connection is removed because the new hook updates the same fields. We add "validate-interfaces" because that populates data we consume.
stevekeay
force-pushed
the
ironic-inspection-hook
branch
from
089cacc to
bb4bd7a
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Understack operation requires that every baremetal node has baremetal ports for each NIC we want to use.
Upstream ironic includes inspection hooks which can create baremetal ports and set local_link_info based on LLDP information, but UnderStack requires that Baremetal ports have specific attributes populated:
In addition, the baremetal node should have traits indicating the networks (VLAN Groups) to which it is connected, for example if it has NICs connected to the
STORAGEswitch then we would add theCUSTOM_STORAGE_SWITCHtrait.Switch uplink connections for the node are identified during node inspection using LLDP. The "agent" inspector does this today, and we are enhancing the out-of-band inspection to provide the same data (where the hardware permits).
This inspection hook is understack-specific in that it assumes our switch hostnames will follow a certain naming convention, however the details of that convention are supplied as configuration.
We previously performed these activities as part of the "enrol" process, but performing these activities inside Ironic gives operators more visibility and allows them to drive remediation or updates via the openstack API. For example, if a physical node had cabling issues during enrol, these can be resolved and the node can be "inspected" to straighten out the baremetal ports without needing to trigger an external workflow or process.
Once this PR is done, we can remove those steps from the enrol process - see #1416
PREREQUISITES
Today when a node undergoes cleaning, provisioning or agent inspection, all but one of its ports are shut down. This defeats LLDP and prevents the inspection from seeing the link on the other ports. We need to change our network design/template so that during inspection all ports are UP (and talk LLDP) but don't have any other traffic. This includes ports already documented in ironic (being re-inspected) as well as ports that are currently unknown (ports being discovered and created in ironic for the first time).
NOTE that when these baremetal port updates occur, ironic emits events which should trigger a workflow to make corresponding changes in nautobot)