From 1d1eb68052d6215edb1d7b1b2051a983d24559ec Mon Sep 17 00:00:00 2001
From: Bob Fournier <bfournie@redhat.com>
Date: Fri, 19 Mar 2021 10:04:58 -0400
Subject: [PATCH] Include vlan interfaces in introspection report

Add the inspector kernel param to include vlan interfaces and
associated IP addresses in the introspection report. This feature
was added to IPA in
https://review.opendev.org/c/openstack/ironic-python-agent/+/760570.

By default all VLAN interfaces are included in the report using LLDP
info from the switch to determine the VLANs. An override is provided
to define a particular VLAN interface if LLDP is not enabled.
---
 config/inspector.ipxe.j2    | 2 +-
 config/ironic.conf.j2       | 2 +-
 scripts/configure-ironic.sh | 6 ++++++
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/config/inspector.ipxe.j2 b/config/inspector.ipxe.j2
index 169f43cd2..8604b1196 100644
--- a/config/inspector.ipxe.j2
+++ b/config/inspector.ipxe.j2
@@ -5,6 +5,6 @@ echo In inspector.ipxe
 imgfree
 # NOTE(dtantsur): keep inspection kernel params in [mdns]params in
 # ironic-inspector-image and configuration in configure-ironic.sh
-kernel --timeout 60000 http://IRONIC_IP:HTTP_PORT/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors=default,extra-hardware,logs systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 EXTRA_ARGS initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
+kernel --timeout 60000 http://IRONIC_IP:HTTP_PORT/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors=default,extra-hardware,logs systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_INSPECTOR_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 EXTRA_ARGS initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
 initrd --timeout 60000 http://IRONIC_IP:HTTP_PORT/images/ironic-python-agent.initramfs || goto retry_boot
 boot
diff --git a/config/ironic.conf.j2 b/config/ironic.conf.j2
index fa83e9be2..9d734fb56 100644
--- a/config/ironic.conf.j2
+++ b/config/ironic.conf.j2
@@ -94,7 +94,7 @@ insecure = {{ env.IRONIC_INSPECTOR_INSECURE }}
 # TODO(dtantsur): ipa-api-url should be populated by ironic itself, but it's
 # not, so working around here.
 # NOTE(dtantsur): keep inspection arguments synchronized with inspector.ipxe
-extra_kernel_params = ipa-insecure=1 ipa-inspection-collectors=default,extra-hardware,logs ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {% if env.IRONIC_FAST_TRACK == "true" %} ipa-api-url={{ env.IRONIC_BASE_URL }} {% endif %}{% if env.IRONIC_RAMDISK_SSH_KEY %} sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }}
+extra_kernel_params = ipa-insecure=1 ipa-inspection-collectors=default,extra-hardware,logs ipa-enable-vlan-interfaces={{ env.IRONIC_INSPECTOR_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {% if env.IRONIC_FAST_TRACK == "true" %} ipa-api-url={{ env.IRONIC_BASE_URL }} {% endif %}{% if env.IRONIC_RAMDISK_SSH_KEY %} sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }}
 
 [ipmi]
 # use_ipmitool_retries transfers the responsibility of retrying to ipmitool
diff --git a/scripts/configure-ironic.sh b/scripts/configure-ironic.sh
index fd786c3a7..321e24721 100755
--- a/scripts/configure-ironic.sh
+++ b/scripts/configure-ironic.sh
@@ -9,6 +9,12 @@ export IRONIC_INSPECTOR_CERT_FILE=/certs/ironic-inspector/tls.crt
 export IRONIC_INSPECTOR_CACERT_FILE=/certs/ca/ironic-inspector/tls.crt
 export IRONIC_INSPECTOR_INSECURE=${IRONIC_INSPECTOR_INSECURE:-$IRONIC_INSECURE}
 
+# Define the VLAN interfaces to be included in introspection report, e.g.
+#   all - all VLANs on all interfaces using LLDP information
+#   <interface> - all VLANs on a particular interface using LLDP information
+#   <interface.vlan> - a particular VLAN on an interface, not relying on LLDP
+export IRONIC_INSPECTOR_VLAN_INTERFACES=${IRONIC_INSPECTOR_VLAN_INTERFACES:-all}
+
 export MARIADB_CACERT_FILE=/certs/ca/mariadb/tls.crt
 
 mkdir -p /certs/ironic