From 48ebb4e6c8ea70cc0b8aac403d66db08f29ab906 Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Thu, 11 Jul 2024 12:35:33 +0200
Subject: [PATCH] inspector: Add support for copying known_devices.yaml

See [1].

[1]: https://opendev.org/openstack/ironic-inspector/commit/0b9b1756660b4ea63b44c0f01bbf3c1aa71c1f1a

Change-Id: I8866cdab396b805ec75bc4ccccdc5c1909e63bcf
---
 ansible/roles/ironic/tasks/config.yml         | 26 +++++++++++++++++++
 .../ironic/templates/ironic-inspector.conf.j2 |  5 ++++
 .../ironic/templates/ironic-inspector.json.j2 |  6 +++++
 3 files changed, 37 insertions(+)

diff --git a/ansible/roles/ironic/tasks/config.yml b/ansible/roles/ironic/tasks/config.yml
index dc4cb4469..00f4eab21 100644
--- a/ansible/roles/ironic/tasks/config.yml
+++ b/ansible/roles/ironic/tasks/config.yml
@@ -47,6 +47,32 @@
   when:
     - ironic_inspector_policy.results
 
+- name: Check if Ironic Inspector known_devices.yaml shall be overwritten
+  stat:
+    path: "{{ node_custom_config }}/ironic-inspector/known_devices.yaml"
+  delegate_to: localhost
+  run_once: True
+  register: ironic_inspector_known_devices
+
+- name: Set known_devices file path
+  set_fact:
+    ironic_inspector_known_devices_file_path: "{{ ironic_inspector_known_devices.stat.path }}"
+  when:
+    - ironic_inspector_known_devices.stat.exists
+
+- name: Copying over known_devices.yaml
+  template:
+    src: "{{ ironic_inspector_known_devices_file_path }}"
+    dest: "{{ node_config_directory }}/ironic-inspector/known_devices.yaml"
+    mode: "0660"
+  become: true
+  when:
+    - ironic_inspector_known_devices_file_path is defined
+    - inventory_hostname in groups["ironic-inspector"]
+    - ironic_services["ironic-inspector"].enabled | bool
+  notify:
+    - "Restart ironic-inspector container"
+
 - include_tasks: copy-certs.yml
   when:
     - kolla_copy_ca_into_containers | bool or ironic_enable_tls_backend | bool
diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
index 115381c45..dc45de268 100644
--- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2
+++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
@@ -93,3 +93,8 @@ backend_url = {{ redis_connection_string }}
 # tooz defaults to a newer version, we should explicitly specify `v3`
 backend_url = etcd3+{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ etcd_client_port }}?api_version=v3{% if openstack_cacert %}?ca_cert={{ openstack_cacert }}{% endif %}
 {% endif %}
+
+{% if ironic_inspector_known_devices_file_path is defined %}
+[accelerators]
+known_devices = /etc/ironic-inspector/known_devices.yaml
+{% endif %}
diff --git a/ansible/roles/ironic/templates/ironic-inspector.json.j2 b/ansible/roles/ironic/templates/ironic-inspector.json.j2
index 6047e14c3..e20417684 100644
--- a/ansible/roles/ironic/templates/ironic-inspector.json.j2
+++ b/ansible/roles/ironic/templates/ironic-inspector.json.j2
@@ -12,6 +12,12 @@
             "dest": "/etc/ironic-inspector/{{ ironic_inspector_policy_file }}",
             "owner": "ironic-inspector",
             "perm": "0600"
+        }{% endif %}{% if ironic_inspector_known_devices_file_path is defined %},
+        {
+            "source": "{{ container_config_directory }}/known_devices.yaml",
+            "dest": "/etc/ironic-inspector/known_devices.yaml",
+            "owner": "ironic-inspector",
+            "perm": "0600"
         }{% endif %}
     ]
 }
-- 
GitLab