openstack/ironic-inspector
Code Issues Proposed changes
ironic-inspector/example.conf
Sam Betts 8efb8cba04 Add SSL/TLS Support 
This patch adds SSL/TLS support by passing an SSLContext into the flask
app.run command if the operator sets use_ssl=True in the configuration
file. Operators also have the option to pass in paths to a
certificate and key to load their own certificate chain, via the
ssl_key_path and ssl_cert_path configuration options.

Change-Id: I67792722129645e1f452c7d7d04e7c9d26176e0a
Closes-Bug: #1413204
2015-06-02 12:04:06 +01:00

170 lines
5.3 KiB
Plaintext
Raw Blame History

[DEFAULT]
#
# From ironic_inspector
#
# IP to listen on. (string value)
# Deprecated group/name - [discoverd]/listen_address
#listen_address = 0.0.0.0
# Port to listen on. (integer value)
# Deprecated group/name - [discoverd]/listen_port
#listen_port = 5050
# Whether to authenticate with Keystone on public HTTP endpoints. Note
# that introspection ramdisk postback endpoint is never authenticated.
# (boolean value)
# Deprecated group/name - [discoverd]/authenticate
#authenticate = true
# SQLite3 database to store nodes under introspection, required. Do
# not use :memory: here, it won't work. (string value)
# Deprecated group/name - [discoverd]/database
#database =
# Debug mode enabled/disabled. (boolean value)
# Deprecated group/name - [discoverd]/debug
#debug = false
# Timeout after which introspection is considered failed, set to 0 to
# disable. (integer value)
# Deprecated group/name - [discoverd]/timeout
#timeout = 3600
# For how much time (in seconds) to keep status information about
# nodes after introspection was finished for them. Default value is 1
# week. (integer value)
# Deprecated group/name - [discoverd]/node_status_keep_time
#node_status_keep_time = 604800
# Amount of time in seconds, after which repeat clean up of timed out
# nodes and old nodes status information. (integer value)
# Deprecated group/name - [discoverd]/clean_up_period
#clean_up_period = 60
# SSL Enabled/Disabled (boolean value)
#use_ssl = false
# Path to SSL certificate (string value)
#ssl_cert_path =
# Path to SSL key (string value)
#ssl_key_path =
[firewall]
#
# From ironic_inspector
#
# Whether to manage firewall rules for PXE port. (boolean value)
# Deprecated group/name - [discoverd]/manage_firewall
#manage_firewall = true
# Interface on which dnsmasq listens, the default is for VM's. (string
# value)
# Deprecated group/name - [discoverd]/dnsmasq_interface
#dnsmasq_interface = br-ctlplane
# Amount of time in seconds, after which repeat periodic update of
# firewall. (integer value)
# Deprecated group/name - [discoverd]/firewall_update_period
#firewall_update_period = 15
# iptables chain name to use. (string value)
#firewall_chain = ironic-inspector
[ironic]
#
# From ironic_inspector
#
# Keystone authentication endpoint. (string value)
# Deprecated group/name - [discoverd]/os_auth_url
#os_auth_url = http://127.0.0.1:5000/v2.0
# User name for accessing Keystone and Ironic API. (string value)
# Deprecated group/name - [discoverd]/os_username
#os_username =
# Password for accessing Keystone and Ironic API. (string value)
# Deprecated group/name - [discoverd]/os_password
#os_password =
# Tenant name for accessing Keystone and Ironic API. (string value)
# Deprecated group/name - [discoverd]/os_tenant_name
#os_tenant_name =
# Keystone admin endpoint. (string value)
# Deprecated group/name - [discoverd]/identity_uri
#identity_uri = http://127.0.0.1:35357
# Number of attempts to do when trying to connect to Ironic on start
# up. (integer value)
# Deprecated group/name - [discoverd]/ironic_retry_attempts
#ironic_retry_attempts = 5
# Amount of time between attempts to connect to Ironic on start up.
# (integer value)
# Deprecated group/name - [discoverd]/ironic_retry_period
#ironic_retry_period = 5
[processing]
#
# From ironic_inspector
#
# Which MAC addresses to add as ports during introspection. Possible
# values: all (all MAC addresses), active (MAC addresses of NIC with
# IP addresses), pxe (only MAC address of NIC node PXE booted from,
# falls back to "active" if PXE MAC is not supplied by the ramdisk).
# (string value)
# Allowed values: all, active, pxe
# Deprecated group/name - [discoverd]/add_ports
#add_ports = pxe
# Which ports (already present on a node) to keep after introspection.
# Possible values: all (do not delete anything), present (keep ports
# which MACs were present in introspection data), added (keep only
# MACs that we added during introspection). (string value)
# Allowed values: all, present, added
# Deprecated group/name - [discoverd]/keep_ports
#keep_ports = all
# Whether to overwrite existing values in node database. Disable this
# option to make introspection a non-destructive operation. (boolean
# value)
# Deprecated group/name - [discoverd]/overwrite_existing
#overwrite_existing = true
# Whether to enable setting IPMI credentials during introspection.
# This is an experimental and not well tested feature, use at your own
# risk. (boolean value)
# Deprecated group/name - [discoverd]/enable_setting_ipmi_credentials
#enable_setting_ipmi_credentials = false
# Comma-separated list of enabled hooks for processing pipeline. Hook
# 'scheduler' updates the node with the minimum properties required by
# the Nova scheduler. Hook 'validate_interfaces' ensures that valid
# NIC data was provided by the ramdisk.Do not exclude these two unless
# you really know what you're doing. (string value)
# Deprecated group/name - [discoverd]/processing_hooks
#processing_hooks = ramdisk_error,scheduler,validate_interfaces
# If set, logs from ramdisk will be stored in this directory. (string
# value)
# Deprecated group/name - [discoverd]/ramdisk_logs_dir
#ramdisk_logs_dir = <None>
# Whether to store ramdisk logs even if it did not return an error
# message (dependent upon "ramdisk_logs_dir" option being set).
# (boolean value)
# Deprecated group/name - [discoverd]/always_store_ramdisk_logs
#always_store_ramdisk_logs = false
View Git Blame Copy Permalink