[DEFAULT] # # From ironic_inspector # # IP to listen on. (string value) #listen_address = 0.0.0.0 # Port to listen on. (port value) # Minimum value: 0 # Maximum value: 65535 #listen_port = 5050 # Authentication method used on the ironic-inspector API. Either # "noauth" or "keystone" are currently valid options. "noauth" will # disable all authentication. (string value) # Allowed values: keystone, noauth #auth_strategy = keystone # Timeout after which introspection is considered failed, set to 0 to # disable. (integer value) #timeout = 3600 # DEPRECATED: For how much time (in seconds) to keep status # information about nodes after introspection was finished for them. # Set to 0 (the default) to disable the timeout. (integer value) # This option is deprecated for removal. # Its value may be silently ignored in the future. #node_status_keep_time = 0 # Amount of time in seconds, after which repeat clean up of timed out # nodes and old nodes status information. (integer value) #clean_up_period = 60 # SSL Enabled/Disabled (boolean value) #use_ssl = false # Path to SSL certificate (string value) #ssl_cert_path = # Path to SSL key (string value) #ssl_key_path = # The green thread pool size. (integer value) # Minimum value: 2 #max_concurrency = 1000 # Delay (in seconds) between two introspections. (integer value) #introspection_delay = 5 # Ironic driver_info fields that are equivalent to ipmi_address. (list # value) #ipmi_address_fields = ilo_address,drac_host,drac_address,cimc_address # Path to the rootwrap configuration file to use for running commands # as root (string value) #rootwrap_config = /etc/ironic-inspector/rootwrap.conf # Limit the number of elements an API list-call returns (integer # value) # Minimum value: 1 #api_max_limit = 1000 # # From oslo.log # # If set to true, the logging level will be set to DEBUG instead of # the default INFO level. (boolean value) # Note: This option can be changed without restarting. #debug = false # The name of a logging configuration file. This file is appended to # any existing logging configuration files. For details about logging # configuration files, see the Python logging module documentation. # Note that when logging configuration files are used then all logging # configuration is set in the configuration file and other logging # configuration options are ignored (for example, # logging_context_format_string). (string value) # Note: This option can be changed without restarting. # Deprecated group/name - [DEFAULT]/log_config #log_config_append = # Defines the format string for %%(asctime)s in log records. Default: # %(default)s . This option is ignored if log_config_append is set. # (string value) #log_date_format = %Y-%m-%d %H:%M:%S # (Optional) Name of log file to send logging output to. If no default # is set, logging will go to stderr as defined by use_stderr. This # option is ignored if log_config_append is set. (string value) # Deprecated group/name - [DEFAULT]/logfile #log_file = # (Optional) The base directory used for relative log_file paths. # This option is ignored if log_config_append is set. (string value) # Deprecated group/name - [DEFAULT]/logdir #log_dir = # Uses logging handler designed to watch file system. When log file is # moved or removed this handler will open a new log file with # specified path instantaneously. It makes sense only if log_file # option is specified and Linux platform is used. This option is # ignored if log_config_append is set. (boolean value) #watch_log_file = false # Use syslog for logging. Existing syslog format is DEPRECATED and # will be changed later to honor RFC5424. This option is ignored if # log_config_append is set. (boolean value) #use_syslog = false # Enable journald for logging. If running in a systemd environment you # may wish to enable journal support. Doing so will use the journal # native protocol which includes structured metadata in addition to # log messages.This option is ignored if log_config_append is set. # (boolean value) #use_journal = false # Syslog facility to receive log lines. This option is ignored if # log_config_append is set. (string value) #syslog_log_facility = LOG_USER # Log output to standard error. This option is ignored if # log_config_append is set. (boolean value) #use_stderr = false # Format string to use for log messages with context. (string value) #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s # Format string to use for log messages when context is undefined. # (string value) #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s # Additional data to append to log message when logging level for the # message is DEBUG. (string value) #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d # Prefix each line of exception output with this format. (string # value) #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s # Defines the format string for %(user_identity)s that is used in # logging_context_format_string. (string value) #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s # List of package logging levels in logger=LEVEL pairs. This option is # ignored if log_config_append is set. (list value) #default_log_levels = sqlalchemy=WARNING,iso8601=WARNING,requests=WARNING,urllib3.connectionpool=WARNING,keystonemiddleware=WARNING,swiftclient=WARNING,keystoneauth=WARNING,ironicclient=WARNING # Enables or disables publication of error events. (boolean value) #publish_errors = false # The format for an instance that is passed with the log message. # (string value) #instance_format = "[instance: %(uuid)s] " # The format for an instance UUID that is passed with the log message. # (string value) #instance_uuid_format = "[instance: %(uuid)s] " # Interval, number of seconds, of log rate limiting. (integer value) #rate_limit_interval = 0 # Maximum number of logged messages per rate_limit_interval. (integer # value) #rate_limit_burst = 0 # Log level name used by rate limiting: CRITICAL, ERROR, INFO, # WARNING, DEBUG or empty string. Logs with level greater or equal to # rate_limit_except_level are not filtered. An empty string means that # all levels are filtered. (string value) #rate_limit_except_level = CRITICAL # Enables or disables fatal status of deprecations. (boolean value) #fatal_deprecations = false [capabilities] # # From ironic_inspector.plugins.capabilities # # Whether to store the boot mode (BIOS or UEFI). (boolean value) #boot_mode = false # Mapping between a CPU flag and a capability to set if this flag is # present. (dict value) #cpu_flags = aes:cpu_aes,pdpe1gb:cpu_hugepages_1g,pse:cpu_hugepages,smx:cpu_txt,svm:cpu_vt,vmx:cpu_vt [cors] # # From oslo.middleware.cors # # Indicate whether this resource may be shared with the domain # received in the requests "origin" header. Format: # "://[:]", no trailing slash. Example: # https://horizon.example.com (list value) #allowed_origin = # Indicate that the actual request can include user credentials # (boolean value) #allow_credentials = true # Indicate which headers are safe to expose to the API. Defaults to # HTTP Simple Headers. (list value) #expose_headers = # Maximum cache age of CORS preflight requests. (integer value) #max_age = 3600 # Indicate which methods can be used during the actual request. (list # value) #allow_methods = GET,POST,PUT,HEAD,PATCH,DELETE,OPTIONS # Indicate which header field names may be used during the actual # request. (list value) #allow_headers = X-Auth-Token,X-OpenStack-Ironic-Inspector-API-Minimum-Version,X-OpenStack-Ironic-Inspector-API-Maximum-Version,X-OpenStack-Ironic-Inspector-API-Version [database] # # From oslo.db # # If True, SQLite uses synchronous mode. (boolean value) #sqlite_synchronous = true # The back end to use for the database. (string value) # Deprecated group/name - [DEFAULT]/db_backend #backend = sqlalchemy # The SQLAlchemy connection string to use to connect to the database. # (string value) # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection = # The SQLAlchemy connection string to use to connect to the slave # database. (string value) #slave_connection = # The SQL mode to be used for MySQL sessions. This option, including # the default, overrides any server-set SQL mode. To use whatever SQL # mode is set by the server configuration, set this to no value. # Example: mysql_sql_mode= (string value) #mysql_sql_mode = TRADITIONAL # If True, transparently enables support for handling MySQL Cluster # (NDB). (boolean value) #mysql_enable_ndb = false # Timeout before idle SQL connections are reaped. (integer value) # Deprecated group/name - [DEFAULT]/sql_idle_timeout # Deprecated group/name - [DATABASE]/sql_idle_timeout # Deprecated group/name - [sql]/idle_timeout #idle_timeout = 3600 # Minimum number of SQL connections to keep open in a pool. (integer # value) # Deprecated group/name - [DEFAULT]/sql_min_pool_size # Deprecated group/name - [DATABASE]/sql_min_pool_size #min_pool_size = 1 # Maximum number of SQL connections to keep open in a pool. Setting a # value of 0 indicates no limit. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_pool_size # Deprecated group/name - [DATABASE]/sql_max_pool_size #max_pool_size = 5 # Maximum number of database connection retries during startup. Set to # -1 to specify an infinite retry count. (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries #max_retries = 10 # Interval between retries of opening a SQL connection. (integer # value) # Deprecated group/name - [DEFAULT]/sql_retry_interval # Deprecated group/name - [DATABASE]/reconnect_interval #retry_interval = 10 # If set, use this value for max_overflow with SQLAlchemy. (integer # value) # Deprecated group/name - [DEFAULT]/sql_max_overflow # Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow #max_overflow = 50 # Verbosity of SQL debugging information: 0=None, 100=Everything. # (integer value) # Minimum value: 0 # Maximum value: 100 # Deprecated group/name - [DEFAULT]/sql_connection_debug #connection_debug = 0 # Add Python stack traces to SQL as comment strings. (boolean value) # Deprecated group/name - [DEFAULT]/sql_connection_trace #connection_trace = false # If set, use this value for pool_timeout with SQLAlchemy. (integer # value) # Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout #pool_timeout = # Enable the experimental use of database reconnect on connection # lost. (boolean value) #use_db_reconnect = false # Seconds between retries of a database transaction. (integer value) #db_retry_interval = 1 # If True, increases the interval between retries of a database # operation up to db_max_retry_interval. (boolean value) #db_inc_retry_interval = true # If db_inc_retry_interval is set, the maximum seconds between retries # of a database operation. (integer value) #db_max_retry_interval = 10 # Maximum retries in case of connection error or deadlock error before # error is raised. Set to -1 to specify an infinite retry count. # (integer value) #db_max_retries = 20 [discovery] # # From ironic_inspector.plugins.discovery # # The name of the Ironic driver used by the enroll hook when creating # a new node in Ironic. (string value) #enroll_node_driver = fake [firewall] # # From ironic_inspector # # Whether to manage firewall rules for PXE port. (boolean value) #manage_firewall = true # Interface on which dnsmasq listens, the default is for VM's. (string # value) #dnsmasq_interface = br-ctlplane # Amount of time in seconds, after which repeat periodic update of # firewall. (integer value) #firewall_update_period = 15 # iptables chain name to use. (string value) #firewall_chain = ironic-inspector # List of Etherent Over InfiniBand interfaces on the Inspector host # which are used for physical access to the DHCP network. Multiple # interfaces would be attached to a bond or bridge specified in # dnsmasq_interface. The MACs of the InfiniBand nodes which are not in # desired state are going to be blacklisted based on the list of # neighbor MACs on these interfaces. (list value) #ethoib_interfaces = [ironic] # # From ironic_inspector.common.ironic # # Authentication URL (string value) #auth_url = # Method to use for authentication: noauth or keystone. (string value) # Allowed values: keystone, noauth #auth_strategy = keystone # Authentication type to load (string value) # Deprecated group/name - [ironic]/auth_plugin #auth_type = # PEM encoded Certificate Authority to use when verifying HTTPs # connections. (string value) #cafile = # PEM encoded client certificate cert file (string value) #certfile = # Optional domain ID to use with v3 and v2 parameters. It will be used # for both the user and project domain in v3 and ignored in v2 # authentication. (string value) #default_domain_id = # Optional domain name to use with v3 API and v2 parameters. It will # be used for both the user and project domain in v3 and ignored in v2 # authentication. (string value) #default_domain_name = # Domain ID to scope to (string value) #domain_id = # Domain name to scope to (string value) #domain_name = # Verify HTTPS connections. (boolean value) #insecure = false # Ironic API URL, used to set Ironic API URL when auth_strategy option # is noauth to work with standalone Ironic without keystone. (string # value) #ironic_url = http://localhost:6385/ # PEM encoded client certificate key file (string value) #keyfile = # Maximum number of retries in case of conflict error (HTTP 409). # (integer value) #max_retries = 30 # Ironic endpoint type. (string value) #os_endpoint_type = internalURL # Keystone region used to get Ironic endpoints. (string value) #os_region = # Ironic service type. (string value) #os_service_type = baremetal # User's password (string value) #password = # Domain ID containing project (string value) #project_domain_id = # Domain name containing project (string value) #project_domain_name = # Project ID to scope to (string value) # Deprecated group/name - [ironic]/tenant_id #project_id = # Project name to scope to (string value) # Deprecated group/name - [ironic]/tenant_name #project_name = # Interval between retries in case of conflict error (HTTP 409). # (integer value) #retry_interval = 2 # Tenant ID (string value) #tenant_id = # Tenant Name (string value) #tenant_name = # Timeout value for http requests (integer value) #timeout = # Trust ID (string value) #trust_id = # User's domain id (string value) #user_domain_id = # User's domain name (string value) #user_domain_name = # User id (string value) #user_id = # Username (string value) # Deprecated group/name - [ironic]/user_name #username = [keystone_authtoken] # # From keystonemiddleware.auth_token # # Complete "public" Identity API endpoint. This endpoint should not be # an "admin" endpoint, as it should be accessible by all end users. # Unauthenticated clients are redirected to this endpoint to # authenticate. Although this endpoint should ideally be unversioned, # client support in the wild varies. If you're using a versioned v2 # endpoint here, then this should *not* be the same endpoint the # service user utilizes for validating tokens, because normal end # users may not be able to reach that endpoint. (string value) #auth_uri = # API version of the admin Identity API endpoint. (string value) #auth_version = # Do not handle authorization requests within the middleware, but # delegate the authorization decision to downstream WSGI components. # (boolean value) #delay_auth_decision = false # Request timeout value for communicating with Identity API server. # (integer value) #http_connect_timeout = # How many times are we trying to reconnect when communicating with # Identity API Server. (integer value) #http_request_max_retries = 3 # Request environment key where the Swift cache object is stored. When # auth_token middleware is deployed with a Swift cache, use this # option to have the middleware share a caching backend with swift. # Otherwise, use the ``memcached_servers`` option instead. (string # value) #cache = # Required if identity server requires client certificate (string # value) #certfile = # Required if identity server requires client certificate (string # value) #keyfile = # A PEM encoded Certificate Authority to use when verifying HTTPs # connections. Defaults to system CAs. (string value) #cafile = # Verify HTTPS connections. (boolean value) #insecure = false # The region in which the identity server can be found. (string value) #region_name = # DEPRECATED: Directory used to cache files related to PKI tokens. # This option has been deprecated in the Ocata release and will be # removed in the P release. (string value) # This option is deprecated for removal since Ocata. # Its value may be silently ignored in the future. # Reason: PKI token format is no longer supported. #signing_dir = # Optionally specify a list of memcached server(s) to use for caching. # If left undefined, tokens will instead be cached in-process. (list # value) # Deprecated group/name - [keystone_authtoken]/memcache_servers #memcached_servers = # In order to prevent excessive effort spent validating tokens, the # middleware caches previously-seen tokens for a configurable duration # (in seconds). Set to -1 to disable caching completely. (integer # value) #token_cache_time = 300 # DEPRECATED: Determines the frequency at which the list of revoked # tokens is retrieved from the Identity service (in seconds). A high # number of revocation events combined with a low cache duration may # significantly reduce performance. Only valid for PKI tokens. This # option has been deprecated in the Ocata release and will be removed # in the P release. (integer value) # This option is deprecated for removal since Ocata. # Its value may be silently ignored in the future. # Reason: PKI token format is no longer supported. #revocation_cache_time = 10 # (Optional) If defined, indicate whether token data should be # authenticated or authenticated and encrypted. If MAC, token data is # authenticated (with HMAC) in the cache. If ENCRYPT, token data is # encrypted and authenticated in the cache. If the value is not one of # these options or empty, auth_token will raise an exception on # initialization. (string value) # Allowed values: None, MAC, ENCRYPT #memcache_security_strategy = None # (Optional, mandatory if memcache_security_strategy is defined) This # string is used for key derivation. (string value) #memcache_secret_key = # (Optional) Number of seconds memcached server is considered dead # before it is tried again. (integer value) #memcache_pool_dead_retry = 300 # (Optional) Maximum total number of open connections to every # memcached server. (integer value) #memcache_pool_maxsize = 10 # (Optional) Socket timeout in seconds for communicating with a # memcached server. (integer value) #memcache_pool_socket_timeout = 3 # (Optional) Number of seconds a connection to memcached is held # unused in the pool before it is closed. (integer value) #memcache_pool_unused_timeout = 60 # (Optional) Number of seconds that an operation will wait to get a # memcached client connection from the pool. (integer value) #memcache_pool_conn_get_timeout = 10 # (Optional) Use the advanced (eventlet safe) memcached client pool. # The advanced pool will only work under python 2.x. (boolean value) #memcache_use_advanced_pool = false # (Optional) Indicate whether to set the X-Service-Catalog header. If # False, middleware will not ask for service catalog on token # validation and will not set the X-Service-Catalog header. (boolean # value) #include_service_catalog = true # Used to control the use and type of token binding. Can be set to: # "disabled" to not check token binding. "permissive" (default) to # validate binding information if the bind type is of a form known to # the server and ignore it if not. "strict" like "permissive" but if # the bind type is unknown the token will be rejected. "required" any # form of token binding is needed to be allowed. Finally the name of a # binding method that must be present in tokens. (string value) #enforce_token_bind = permissive # DEPRECATED: If true, the revocation list will be checked for cached # tokens. This requires that PKI tokens are configured on the identity # server. (boolean value) # This option is deprecated for removal since Ocata. # Its value may be silently ignored in the future. # Reason: PKI token format is no longer supported. #check_revocations_for_cached = false # DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may # be a single algorithm or multiple. The algorithms are those # supported by Python standard hashlib.new(). The hashes will be tried # in the order given, so put the preferred one first for performance. # The result of the first hash will be stored in the cache. This will # typically be set to multiple values only while migrating from a less # secure algorithm to a more secure one. Once all the old tokens are # expired this option should be set to a single value for better # performance. (list value) # This option is deprecated for removal since Ocata. # Its value may be silently ignored in the future. # Reason: PKI token format is no longer supported. #hash_algorithms = md5 # A choice of roles that must be present in a service token. Service # tokens are allowed to request that an expired token can be used and # so this check should tightly control that only actual services # should be sending this token. Roles here are applied as an ANY check # so any role in this list must be present. For backwards # compatibility reasons this currently only affects the allow_expired # check. (list value) #service_token_roles = service # For backwards compatibility reasons we must let valid service tokens # pass that don't pass the service_token_roles check as valid. Setting # this true will become the default in a future release and should be # enabled if possible. (boolean value) #service_token_roles_required = false # Authentication type to load (string value) # Deprecated group/name - [keystone_authtoken]/auth_plugin #auth_type = # Config Section from which to load plugin specific options (string # value) #auth_section = [pci_devices] # # From ironic_inspector.plugins.pci_devices # # An alias for PCI device identified by 'vendor_id' and 'product_id' # fields. Format: {"vendor_id": "1234", "product_id": "5678", "name": # "pci_dev1"} (multi valued) #alias = [processing] # # From ironic_inspector # # Which MAC addresses to add as ports during introspection. Possible # values: all (all MAC addresses), active (MAC addresses of NIC with # IP addresses), pxe (only MAC address of NIC node PXE booted from, # falls back to "active" if PXE MAC is not supplied by the ramdisk). # (string value) # Allowed values: all, active, pxe, disabled #add_ports = pxe # Which ports (already present on a node) to keep after introspection. # Possible values: all (do not delete anything), present (keep ports # which MACs were present in introspection data), added (keep only # MACs that we added during introspection). (string value) # Allowed values: all, present, added #keep_ports = all # Whether to overwrite existing values in node database. Disable this # option to make introspection a non-destructive operation. (boolean # value) #overwrite_existing = true # Comma-separated list of default hooks for processing pipeline. Hook # 'scheduler' updates the node with the minimum properties required by # the Nova scheduler. Hook 'validate_interfaces' ensures that valid # NIC data was provided by the ramdisk. Do not exclude these two # unless you really know what you're doing. (string value) #default_processing_hooks = ramdisk_error,root_disk_selection,scheduler,validate_interfaces,capabilities,pci_devices # Comma-separated list of enabled hooks for processing pipeline. The # default for this is $default_processing_hooks, hooks can be added # before or after the defaults like this: # "prehook,$default_processing_hooks,posthook". (string value) #processing_hooks = $default_processing_hooks # If set, logs from ramdisk will be stored in this directory. (string # value) #ramdisk_logs_dir = # Whether to store ramdisk logs even if it did not return an error # message (dependent upon "ramdisk_logs_dir" option being set). # (boolean value) #always_store_ramdisk_logs = false # The name of the hook to run when inspector receives inspection # information from a node it isn't already aware of. This hook is # ignored by default. (string value) #node_not_found_hook = # Method for storing introspection data. If set to 'none', # introspection data will not be stored. (string value) # Allowed values: none, swift #store_data = none # Name of the key to store the location of stored data in the extra # column of the Ironic database. (string value) #store_data_location = # Whether to leave 1 GiB of disk size untouched for partitioning. Only # has effect when used with the IPA as a ramdisk, for older ramdisk # local_gb is calculated on the ramdisk side. (boolean value) #disk_partitioning_spacing = true # File name template for storing ramdisk logs. The following # replacements can be used: {uuid} - node UUID or "unknown", {bmc} - # node BMC address or "unknown", {dt} - current UTC date and time, # {mac} - PXE booting MAC or "unknown". (string value) #ramdisk_logs_filename_format = {uuid}_{dt:%Y%m%d-%H%M%S.%f}.tar.gz # Whether to power off a node after introspection. (boolean value) #power_off = true [pxe_filter] # # From ironic_inspector # # PXE boot filter driver to use, such as iptables. This option has no # effect yet. (string value) #driver = noop # Amount of time in seconds, after which repeat periodic update of the # filter. This option has no effect yet. (integer value) # Minimum value: 0 #sync_period = 15 [swift] # # From ironic_inspector.common.swift # # Authentication URL (string value) #auth_url = # Authentication type to load (string value) # Deprecated group/name - [swift]/auth_plugin #auth_type = # PEM encoded Certificate Authority to use when verifying HTTPs # connections. (string value) #cafile = # PEM encoded client certificate cert file (string value) #certfile = # Default Swift container to use when creating objects. (string value) #container = ironic-inspector # Optional domain ID to use with v3 and v2 parameters. It will be used # for both the user and project domain in v3 and ignored in v2 # authentication. (string value) #default_domain_id = # Optional domain name to use with v3 API and v2 parameters. It will # be used for both the user and project domain in v3 and ignored in v2 # authentication. (string value) #default_domain_name = # Number of seconds that the Swift object will last before being # deleted. (set to 0 to never delete the object). (integer value) #delete_after = 0 # Domain ID to scope to (string value) #domain_id = # Domain name to scope to (string value) #domain_name = # Verify HTTPS connections. (boolean value) #insecure = false # PEM encoded client certificate key file (string value) #keyfile = # Maximum number of times to retry a Swift request, before failing. # (integer value) #max_retries = 2 # Swift endpoint type. (string value) #os_endpoint_type = internalURL # Keystone region to get endpoint for. (string value) #os_region = # Swift service type. (string value) #os_service_type = object-store # User's password (string value) #password = # Domain ID containing project (string value) #project_domain_id = # Domain name containing project (string value) #project_domain_name = # Project ID to scope to (string value) # Deprecated group/name - [swift]/tenant_id #project_id = # Project name to scope to (string value) # Deprecated group/name - [swift]/tenant_name #project_name = # Tenant ID (string value) #tenant_id = # Tenant Name (string value) #tenant_name = # Timeout value for http requests (integer value) #timeout = # Trust ID (string value) #trust_id = # User's domain id (string value) #user_domain_id = # User's domain name (string value) #user_domain_name = # User id (string value) #user_id = # Username (string value) # Deprecated group/name - [swift]/user_name #username =