c0f901c1b4
This way we don't expose the plain text endpoints to anyone even locally. Change-Id: I40b3e863f78e185c39a20f4254b68b8140eea9e0 Depends-On: https://review.opendev.org/c/openstack/ironic/+/828508 Depends-On: https://review.opendev.org/c/openstack/ironic-inspector/+/827124
95 lines
2.9 KiB
Django/Jinja
95 lines
2.9 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
[DEFAULT]
|
|
{% if enable_keystone | bool %}
|
|
auth_strategy = keystone
|
|
{% elif noauth_mode | bool %}
|
|
auth_strategy = noauth
|
|
{% else %}
|
|
auth_strategy = http_basic
|
|
http_basic_auth_user_file = /etc/ironic-inspector/htpasswd
|
|
{% endif %}
|
|
debug = {{ inspector_debug | bool }}
|
|
|
|
{% if inspector_log_dir | default("") != "" %}
|
|
log_dir = {{ inspector_log_dir }}
|
|
{% endif %}
|
|
|
|
transport_url = fake://
|
|
|
|
{% if enable_tls | bool %}
|
|
# TLS is handled by nginx is proxy mode
|
|
listen_address = 127.0.0.1
|
|
listen_unix_socket = /run/ironic/ironic-inspector.socket
|
|
# Nginx should be able to write to the socket, access will be further limited
|
|
# by the containing directory.
|
|
listen_unix_socket_mode = 0660
|
|
{% endif %}
|
|
|
|
[database]
|
|
connection=mysql+pymysql://{{ ironic_inspector.database.username }}:{{ ironic_inspector.database.password }}@{{ ironic_inspector.database.host }}/{{ ironic_inspector.database.name }}?charset=utf8
|
|
|
|
[pxe_filter]
|
|
{% if inspector_manage_firewall | bool | default('false') == false %}
|
|
driver = noop
|
|
{% else %}
|
|
driver = iptables
|
|
{% endif %}
|
|
|
|
[ironic]
|
|
{% if enable_keystone | bool %}
|
|
os_region = {{ keystone.bootstrap.region_name | default('RegionOne') }}
|
|
project_name = baremetal
|
|
username = {{ ironic_inspector.keystone.default_username }}
|
|
password = {{ ironic_inspector.keystone.default_password }}
|
|
auth_url = {{ ironic_inspector.service_catalog.auth_url }}
|
|
auth_type = password
|
|
user_domain_id = default
|
|
project_domain_id = default
|
|
{% elif noauth_mode | bool %}
|
|
auth_type = none
|
|
endpoint_override = {{ ironic_api_url }}
|
|
{% else %}
|
|
auth_type = http_basic
|
|
endpoint_override = {{ ironic_api_url }}
|
|
username = {{ admin_username }}
|
|
password = {{ admin_password }}
|
|
{% endif %}
|
|
{% if enable_tls | bool %}
|
|
cafile = {{ tls_certificate_path }}
|
|
{% endif %}
|
|
|
|
{% if enable_keystone is defined and enable_keystone | bool == true %}
|
|
[keystone_authtoken]
|
|
auth_plugin = password
|
|
auth_url = {{ ironic_inspector.service_catalog.auth_url }}
|
|
username = {{ ironic_inspector.service_catalog.username }}
|
|
password = {{ ironic_inspector.service_catalog.password }}
|
|
user_domain_id = default
|
|
project_name = service
|
|
project_domain_id = default
|
|
{% if enable_tls | bool %}
|
|
cafile = {{ tls_certificate_path }}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
[processing]
|
|
add_ports = {{ inspector_port_addition | default('pxe') }}
|
|
keep_ports = {{ inspector_keep_ports | default('present') }}
|
|
{% if inspector_ramdisk_logs_local_path | default("") != "" %}
|
|
ramdisk_logs_dir = {{ inspector_ramdisk_logs_local_path }}
|
|
{% endif %}
|
|
always_store_ramdisk_logs = {{ inspector_store_ramdisk_logs | default('true') | bool }}
|
|
{% if inspector_processing_hooks is defined %}
|
|
processing_hooks = {{ inspector_processing_hooks }}
|
|
{% endif %}
|
|
store_data = database
|
|
power_off = {{ power_off_after_inspection }}
|
|
|
|
{% if inspector.discovery.enabled == true %}
|
|
node_not_found_hook = enroll
|
|
|
|
[discovery]
|
|
enroll_node_driver = {{ inspector.discovery.default_node_driver }}
|
|
{% endif %}
|