da4fd2d6a2
Basically, there are three main installation scenario: Scenario 1: Ironic installation together with other openstack services including keystone. In this case variable enable_keystone is set to true and keystone service will be installed together with ironic installation. It is possible realise this scenario, no fix needed Scenario 2: Ironic installation with connection to already installed keystone. In this scenario we have to set enable_keystone to “No” to prevent from new keystone service installation during the ironic installation process. But in other hand, we need to have correct sections in ironic.conf to provide all information needed to connect to existing keystone. But all sections for keystone are added to ironic.conf only if enable_keystone var is set to “Yes”. It isn’t possible to realise this scenario. Proposed fix provide support for this scenario, where multiple regions share the same keystone service. Scenario 3: No keystone integration. Ironic don't connect to Keystone. It is possible realise this scenario, no fix needed Proposed solution also keep the default behaviour: if no enable_keystone_integration is manually defined by default it takes value of enable_keystone variable and all behaviour is the same. But if we don't want to install keystone and want to connect to existing one at the same time, it will be possible to set enable_keystone var to “No” (preventing keystone from installation) and at the same time set ironic_enable_keystone_integration to Yes to allow needed section appear in ironic.conf through templating. Change-Id: I0c7e9a28876a1d4278fb2ed8555c2b08472864b9
322 lines
15 KiB
YAML
322 lines
15 KiB
YAML
---
|
|
project_name: "ironic"
|
|
|
|
ironic_services:
|
|
ironic-api:
|
|
container_name: ironic_api
|
|
group: ironic-api
|
|
enabled: true
|
|
image: "{{ ironic_api_image_full }}"
|
|
volumes: "{{ ironic_api_default_volumes + ironic_api_extra_volumes }}"
|
|
dimensions: "{{ ironic_api_dimensions }}"
|
|
healthcheck: "{{ ironic_api_healthcheck }}"
|
|
haproxy:
|
|
ironic_api:
|
|
enabled: "{{ enable_ironic }}"
|
|
mode: "http"
|
|
external: false
|
|
port: "{{ ironic_api_port }}"
|
|
listen_port: "{{ ironic_api_listen_port }}"
|
|
tls_backend: "{{ ironic_enable_tls_backend }}"
|
|
ironic_api_external:
|
|
enabled: "{{ enable_ironic }}"
|
|
mode: "http"
|
|
external: true
|
|
port: "{{ ironic_api_port }}"
|
|
listen_port: "{{ ironic_api_listen_port }}"
|
|
tls_backend: "{{ ironic_enable_tls_backend }}"
|
|
ironic-conductor:
|
|
container_name: ironic_conductor
|
|
group: ironic-conductor
|
|
enabled: true
|
|
image: "{{ ironic_conductor_image_full }}"
|
|
privileged: True
|
|
volumes: "{{ ironic_conductor_default_volumes + ironic_conductor_extra_volumes }}"
|
|
dimensions: "{{ ironic_conductor_dimensions }}"
|
|
healthcheck: "{{ ironic_conductor_healthcheck }}"
|
|
ironic-inspector:
|
|
container_name: ironic_inspector
|
|
group: ironic-inspector
|
|
enabled: true
|
|
image: "{{ ironic_inspector_image_full }}"
|
|
privileged: True
|
|
volumes: "{{ ironic_inspector_default_volumes + ironic_inspector_extra_volumes }}"
|
|
dimensions: "{{ ironic_inspector_dimensions }}"
|
|
healthcheck: "{{ ironic_inspector_healthcheck }}"
|
|
haproxy:
|
|
ironic_inspector:
|
|
enabled: "{{ enable_ironic }}"
|
|
mode: "http"
|
|
external: false
|
|
port: "{{ ironic_inspector_port }}"
|
|
listen_port: "{{ ironic_inspector_listen_port }}"
|
|
ironic_inspector_external:
|
|
enabled: "{{ enable_ironic }}"
|
|
mode: "http"
|
|
external: true
|
|
port: "{{ ironic_inspector_port }}"
|
|
listen_port: "{{ ironic_inspector_listen_port }}"
|
|
ironic-pxe:
|
|
container_name: ironic_pxe
|
|
group: ironic-pxe
|
|
enabled: true
|
|
image: "{{ ironic_pxe_image_full }}"
|
|
volumes: "{{ ironic_pxe_default_volumes + ironic_pxe_extra_volumes }}"
|
|
dimensions: "{{ ironic_pxe_dimensions }}"
|
|
ironic-ipxe:
|
|
container_name: ironic_ipxe
|
|
group: ironic-ipxe
|
|
# NOTE(mgoddard): This container is always enabled, since may be used by
|
|
# the direct deploy driver.
|
|
enabled: true
|
|
image: "{{ ironic_pxe_image_full }}"
|
|
volumes: "{{ ironic_ipxe_default_volumes + ironic_ipxe_extra_volumes }}"
|
|
dimensions: "{{ ironic_ipxe_dimensions }}"
|
|
healthcheck: "{{ ironic_ipxe_healthcheck }}"
|
|
ironic-dnsmasq:
|
|
container_name: ironic_dnsmasq
|
|
group: ironic-inspector
|
|
enabled: true
|
|
cap_add:
|
|
- NET_ADMIN
|
|
image: "{{ ironic_dnsmasq_image_full }}"
|
|
volumes: "{{ ironic_dnsmasq_default_volumes + ironic_dnsmasq_extra_volumes }}"
|
|
dimensions: "{{ ironic_dnsmasq_dimensions }}"
|
|
|
|
|
|
####################
|
|
# Database
|
|
####################
|
|
ironic_database_name: "ironic"
|
|
ironic_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic{% endif %}"
|
|
ironic_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
|
|
|
|
ironic_inspector_database_name: "ironic_inspector"
|
|
ironic_inspector_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic_inspector{% endif %}"
|
|
ironic_inspector_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
|
|
|
|
|
|
####################
|
|
# Docker
|
|
####################
|
|
ironic_install_type: "{{ kolla_install_type }}"
|
|
ironic_tag: "{{ openstack_tag }}"
|
|
|
|
ironic_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ironic_install_type }}-ironic-api"
|
|
ironic_api_tag: "{{ ironic_tag }}"
|
|
ironic_api_image_full: "{{ ironic_api_image }}:{{ ironic_api_tag }}"
|
|
|
|
ironic_conductor_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ironic_install_type }}-ironic-conductor"
|
|
ironic_conductor_tag: "{{ ironic_tag }}"
|
|
ironic_conductor_image_full: "{{ ironic_conductor_image }}:{{ ironic_conductor_tag }}"
|
|
|
|
ironic_pxe_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ironic_install_type }}-ironic-pxe"
|
|
ironic_pxe_tag: "{{ ironic_tag }}"
|
|
ironic_pxe_image_full: "{{ ironic_pxe_image }}:{{ ironic_pxe_tag }}"
|
|
|
|
ironic_inspector_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ironic_install_type }}-ironic-inspector"
|
|
ironic_inspector_tag: "{{ ironic_tag }}"
|
|
ironic_inspector_image_full: "{{ ironic_inspector_image }}:{{ ironic_inspector_tag }}"
|
|
|
|
ironic_dnsmasq_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ironic_install_type }}-dnsmasq"
|
|
ironic_dnsmasq_tag: "{{ ironic_tag }}"
|
|
ironic_dnsmasq_image_full: "{{ ironic_dnsmasq_image }}:{{ ironic_dnsmasq_tag }}"
|
|
|
|
ironic_api_dimensions: "{{ default_container_dimensions }}"
|
|
ironic_conductor_dimensions: "{{ default_container_dimensions }}"
|
|
ironic_pxe_dimensions: "{{ default_container_dimensions }}"
|
|
ironic_ipxe_dimensions: "{{ default_container_dimensions }}"
|
|
ironic_inspector_dimensions: "{{ default_container_dimensions }}"
|
|
ironic_dnsmasq_dimensions: "{{ default_container_dimensions }}"
|
|
|
|
ironic_api_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
ironic_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
ironic_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
ironic_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
ironic_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ ironic_api_listen_port }}"]
|
|
ironic_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
ironic_api_healthcheck:
|
|
interval: "{{ ironic_api_healthcheck_interval }}"
|
|
retries: "{{ ironic_api_healthcheck_retries }}"
|
|
start_period: "{{ ironic_api_healthcheck_start_period }}"
|
|
test: "{% if ironic_api_enable_healthchecks | bool %}{{ ironic_api_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ ironic_api_healthcheck_timeout }}"
|
|
|
|
ironic_conductor_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
ironic_conductor_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
ironic_conductor_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
ironic_conductor_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
ironic_conductor_healthcheck_test: ["CMD-SHELL", "healthcheck_port ironic-conductor {{ om_rpc_port }}"]
|
|
ironic_conductor_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
ironic_conductor_healthcheck:
|
|
interval: "{{ ironic_conductor_healthcheck_interval }}"
|
|
retries: "{{ ironic_conductor_healthcheck_retries }}"
|
|
start_period: "{{ ironic_conductor_healthcheck_start_period }}"
|
|
test: "{% if ironic_conductor_enable_healthchecks | bool %}{{ ironic_conductor_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ ironic_conductor_healthcheck_timeout }}"
|
|
|
|
ironic_inspector_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
ironic_inspector_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
ironic_inspector_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
ironic_inspector_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
ironic_inspector_healthcheck_test: ["CMD-SHELL", "healthcheck_port ironic-inspector {{ om_rpc_port }}"]
|
|
ironic_inspector_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
ironic_inspector_healthcheck:
|
|
interval: "{{ ironic_inspector_healthcheck_interval }}"
|
|
retries: "{{ ironic_inspector_healthcheck_retries }}"
|
|
start_period: "{{ ironic_inspector_healthcheck_start_period }}"
|
|
test: "{% if ironic_inspector_enable_healthchecks | bool %}{{ ironic_inspector_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ ironic_inspector_healthcheck_timeout }}"
|
|
|
|
ironic_ipxe_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
ironic_ipxe_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
ironic_ipxe_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
ironic_ipxe_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
ironic_ipxe_healthcheck_test: ["CMD-SHELL", "healthcheck_listen {% if kolla_base_distro in ['debian', 'ubuntu'] %}apache2{% else %}httpd{% endif %} {{ ironic_ipxe_port }}"]
|
|
ironic_ipxe_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
ironic_ipxe_healthcheck:
|
|
interval: "{{ ironic_ipxe_healthcheck_interval }}"
|
|
retries: "{{ ironic_ipxe_healthcheck_retries }}"
|
|
start_period: "{{ ironic_ipxe_healthcheck_start_period }}"
|
|
test: "{% if ironic_ipxe_enable_healthchecks | bool %}{{ ironic_ipxe_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ ironic_ipxe_healthcheck_timeout }}"
|
|
|
|
ironic_api_default_volumes:
|
|
- "{{ node_config_directory }}/ironic-api/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
|
- "kolla_logs:/var/log/kolla"
|
|
- "{{ kolla_dev_repos_directory ~ '/ironic/ironic:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/ironic' if ironic_dev_mode | bool else '' }}"
|
|
ironic_conductor_default_volumes:
|
|
- "{{ node_config_directory }}/ironic-conductor/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
|
- "/lib/modules:/lib/modules:ro"
|
|
- "/sys:/sys"
|
|
- "/dev:/dev"
|
|
- "/run:/run:shared"
|
|
- "kolla_logs:/var/log/kolla"
|
|
- "ironic:/var/lib/ironic"
|
|
- "ironic_pxe:/tftpboot/"
|
|
- "ironic_ipxe:/httpboot/"
|
|
- "{{ kolla_dev_repos_directory ~ '/ironic/ironic:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/ironic' if ironic_dev_mode | bool else '' }}"
|
|
ironic_pxe_default_volumes:
|
|
- "{{ node_config_directory }}/ironic-pxe/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
|
- "ironic_pxe:/tftpboot/"
|
|
- "kolla_logs:/var/log/kolla"
|
|
ironic_ipxe_default_volumes:
|
|
- "{{ node_config_directory }}/ironic-ipxe/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
|
- "ironic:/var/lib/ironic:ro"
|
|
- "ironic_ipxe:/httpboot/"
|
|
- "kolla_logs:/var/log/kolla"
|
|
ironic_inspector_default_volumes:
|
|
- "{{ node_config_directory }}/ironic-inspector/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
|
- "kolla_logs:/var/log/kolla"
|
|
- "ironic_inspector_dhcp_hosts:/var/lib/ironic-inspector/dhcp-hostsdir"
|
|
- "{{ kolla_dev_repos_directory ~ '/ironic-inspector/ironic_inspector:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/ironic_inspector' if ironic_dev_mode | bool else '' }}"
|
|
ironic_dnsmasq_default_volumes:
|
|
- "{{ node_config_directory }}/ironic-dnsmasq/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
|
- "kolla_logs:/var/log/kolla"
|
|
- "ironic_inspector_dhcp_hosts:/etc/dnsmasq/dhcp-hostsdir:ro"
|
|
|
|
ironic_extra_volumes: "{{ default_extra_volumes }}"
|
|
ironic_api_extra_volumes: "{{ ironic_extra_volumes }}"
|
|
ironic_conductor_extra_volumes: "{{ ironic_extra_volumes }}"
|
|
ironic_pxe_extra_volumes: "{{ ironic_extra_volumes }}"
|
|
ironic_ipxe_extra_volumes: "{{ ironic_extra_volumes }}"
|
|
ironic_inspector_extra_volumes: "{{ ironic_extra_volumes }}"
|
|
ironic_dnsmasq_extra_volumes: "{{ ironic_extra_volumes }}"
|
|
|
|
####################
|
|
# OpenStack
|
|
####################
|
|
ironic_inspector_keystone_user: "ironic-inspector"
|
|
|
|
ironic_inspector_admin_endpoint: "{{ admin_protocol }}://{{ ironic_inspector_internal_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}"
|
|
ironic_inspector_internal_endpoint: "{{ internal_protocol }}://{{ ironic_inspector_internal_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}"
|
|
ironic_inspector_public_endpoint: "{{ public_protocol }}://{{ ironic_inspector_external_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}"
|
|
|
|
ironic_logging_debug: "{{ openstack_logging_debug }}"
|
|
|
|
openstack_ironic_auth: "{{ openstack_auth }}"
|
|
|
|
openstack_ironic_inspector_auth: "{{ openstack_auth }}"
|
|
|
|
|
|
#########
|
|
# Ironic
|
|
#########
|
|
ironic_dnsmasq_interface: "{{ api_interface }}"
|
|
ironic_dnsmasq_dhcp_range:
|
|
ironic_dnsmasq_default_gateway:
|
|
ironic_dnsmasq_boot_file: "{% if enable_ironic_ipxe | bool %}undionly.kpxe{% else %}pxelinux.0{% endif %}"
|
|
ironic_cleaning_network:
|
|
ironic_console_serial_speed: "115200n8"
|
|
ironic_ipxe_url: "http://{{ api_interface_address | put_address_in_context('url') }}:{{ ironic_ipxe_port }}"
|
|
ironic_enable_rolling_upgrade: "yes"
|
|
ironic_inspector_kernel_cmdline_extras: []
|
|
ironic_inspector_pxe_filter: "{% if enable_neutron | bool %}dnsmasq{% else %}noop{% endif %}"
|
|
|
|
|
|
####################
|
|
## Kolla
|
|
#####################
|
|
ironic_inspector_git_repository: "{{ kolla_dev_repos_git }}/ironic-inspector"
|
|
ironic_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
|
|
ironic_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
|
|
ironic_dev_mode: "{{ kolla_dev_mode }}"
|
|
ironic_source_version: "{{ kolla_source_version }}"
|
|
|
|
|
|
####################
|
|
# Notifications
|
|
####################
|
|
ironic_notification_topics:
|
|
- name: notifications
|
|
enabled: "{{ enable_ceilometer | bool }}"
|
|
|
|
ironic_enabled_notification_topics: "{{ ironic_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
|
|
|
|
####################
|
|
# Keystone
|
|
####################
|
|
ironic_enable_keystone_integration: "{{ enable_keystone | bool }}"
|
|
ironic_ks_services:
|
|
- name: "ironic"
|
|
type: "baremetal"
|
|
description: "Ironic baremetal provisioning service"
|
|
endpoints:
|
|
- {'interface': 'admin', 'url': '{{ ironic_admin_endpoint }}'}
|
|
- {'interface': 'internal', 'url': '{{ ironic_internal_endpoint }}'}
|
|
- {'interface': 'public', 'url': '{{ ironic_public_endpoint }}'}
|
|
- name: "ironic-inspector"
|
|
type: "baremetal-introspection"
|
|
description: "Ironic Inspector baremetal introspection service"
|
|
endpoints:
|
|
- {'interface': 'admin', 'url': '{{ ironic_inspector_admin_endpoint }}'}
|
|
- {'interface': 'internal', 'url': '{{ ironic_inspector_internal_endpoint }}'}
|
|
- {'interface': 'public', 'url': '{{ ironic_inspector_public_endpoint }}'}
|
|
|
|
ironic_ks_users:
|
|
- project: "service"
|
|
user: "{{ ironic_keystone_user }}"
|
|
password: "{{ ironic_keystone_password }}"
|
|
role: "admin"
|
|
- project: "service"
|
|
user: "{{ ironic_inspector_keystone_user }}"
|
|
password: "{{ ironic_inspector_keystone_password }}"
|
|
role: "admin"
|
|
|
|
####################
|
|
# TLS
|
|
####################
|
|
ironic_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
|