556d979930
The bootloader used to boot Ironic nodes in UEFI boot mode during inspection when iPXE is enabled has been changed from ipxe.efi to snponly.efi. This is in line with the default UEFI iPXE bootloader used in Ironic since the Xena release. The bootloader may be changed via ironic_dnsmasq_uefi_ipxe_boot_file. Note that snponly.efi was not available via in the ironic-pxe image prior to I79e78dca550262fc86b092a036f9ea96b214ab48. Related-Bug: #1959203 Change-Id: I879db340769cc1b076e77313dff15876e27fcac4
318 lines
15 KiB
YAML
318 lines
15 KiB
YAML
---
|
|
ironic_services:
|
|
ironic-api:
|
|
container_name: ironic_api
|
|
group: ironic-api
|
|
enabled: true
|
|
image: "{{ ironic_api_image_full }}"
|
|
volumes: "{{ ironic_api_default_volumes + ironic_api_extra_volumes }}"
|
|
dimensions: "{{ ironic_api_dimensions }}"
|
|
healthcheck: "{{ ironic_api_healthcheck }}"
|
|
haproxy:
|
|
ironic_api:
|
|
enabled: "{{ enable_ironic }}"
|
|
mode: "http"
|
|
external: false
|
|
port: "{{ ironic_api_port }}"
|
|
listen_port: "{{ ironic_api_listen_port }}"
|
|
tls_backend: "{{ ironic_enable_tls_backend }}"
|
|
ironic_api_external:
|
|
enabled: "{{ enable_ironic }}"
|
|
mode: "http"
|
|
external: true
|
|
port: "{{ ironic_api_port }}"
|
|
listen_port: "{{ ironic_api_listen_port }}"
|
|
tls_backend: "{{ ironic_enable_tls_backend }}"
|
|
ironic-conductor:
|
|
container_name: ironic_conductor
|
|
group: ironic-conductor
|
|
enabled: true
|
|
image: "{{ ironic_conductor_image_full }}"
|
|
privileged: True
|
|
volumes: "{{ ironic_conductor_default_volumes + ironic_conductor_extra_volumes }}"
|
|
dimensions: "{{ ironic_conductor_dimensions }}"
|
|
healthcheck: "{{ ironic_conductor_healthcheck }}"
|
|
ironic-inspector:
|
|
container_name: ironic_inspector
|
|
group: ironic-inspector
|
|
enabled: true
|
|
image: "{{ ironic_inspector_image_full }}"
|
|
privileged: True
|
|
volumes: "{{ ironic_inspector_default_volumes + ironic_inspector_extra_volumes }}"
|
|
dimensions: "{{ ironic_inspector_dimensions }}"
|
|
healthcheck: "{{ ironic_inspector_healthcheck }}"
|
|
haproxy:
|
|
ironic_inspector:
|
|
enabled: "{{ enable_ironic }}"
|
|
mode: "http"
|
|
external: false
|
|
port: "{{ ironic_inspector_port }}"
|
|
listen_port: "{{ ironic_inspector_listen_port }}"
|
|
ironic_inspector_external:
|
|
enabled: "{{ enable_ironic }}"
|
|
mode: "http"
|
|
external: true
|
|
port: "{{ ironic_inspector_port }}"
|
|
listen_port: "{{ ironic_inspector_listen_port }}"
|
|
ironic-pxe:
|
|
container_name: ironic_pxe
|
|
group: ironic-pxe
|
|
enabled: true
|
|
image: "{{ ironic_pxe_image_full }}"
|
|
volumes: "{{ ironic_pxe_default_volumes + ironic_pxe_extra_volumes }}"
|
|
dimensions: "{{ ironic_pxe_dimensions }}"
|
|
ironic-ipxe:
|
|
container_name: ironic_ipxe
|
|
group: ironic-ipxe
|
|
# NOTE(mgoddard): This container is always enabled, since may be used by
|
|
# the direct deploy driver.
|
|
enabled: true
|
|
image: "{{ ironic_pxe_image_full }}"
|
|
volumes: "{{ ironic_ipxe_default_volumes + ironic_ipxe_extra_volumes }}"
|
|
dimensions: "{{ ironic_ipxe_dimensions }}"
|
|
healthcheck: "{{ ironic_ipxe_healthcheck }}"
|
|
ironic-dnsmasq:
|
|
container_name: ironic_dnsmasq
|
|
group: ironic-inspector
|
|
enabled: true
|
|
cap_add:
|
|
- NET_ADMIN
|
|
image: "{{ ironic_dnsmasq_image_full }}"
|
|
volumes: "{{ ironic_dnsmasq_default_volumes + ironic_dnsmasq_extra_volumes }}"
|
|
dimensions: "{{ ironic_dnsmasq_dimensions }}"
|
|
|
|
|
|
####################
|
|
# Database
|
|
####################
|
|
ironic_database_name: "ironic"
|
|
ironic_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic{% endif %}"
|
|
ironic_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
|
|
|
|
ironic_inspector_database_name: "ironic_inspector"
|
|
ironic_inspector_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic_inspector{% endif %}"
|
|
ironic_inspector_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
|
|
|
|
|
|
####################
|
|
# Docker
|
|
####################
|
|
ironic_install_type: "{{ kolla_install_type }}"
|
|
ironic_tag: "{{ openstack_tag }}"
|
|
|
|
ironic_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ironic_install_type }}-ironic-api"
|
|
ironic_api_tag: "{{ ironic_tag }}"
|
|
ironic_api_image_full: "{{ ironic_api_image }}:{{ ironic_api_tag }}"
|
|
|
|
ironic_conductor_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ironic_install_type }}-ironic-conductor"
|
|
ironic_conductor_tag: "{{ ironic_tag }}"
|
|
ironic_conductor_image_full: "{{ ironic_conductor_image }}:{{ ironic_conductor_tag }}"
|
|
|
|
ironic_pxe_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ironic_install_type }}-ironic-pxe"
|
|
ironic_pxe_tag: "{{ ironic_tag }}"
|
|
ironic_pxe_image_full: "{{ ironic_pxe_image }}:{{ ironic_pxe_tag }}"
|
|
|
|
ironic_inspector_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ironic_install_type }}-ironic-inspector"
|
|
ironic_inspector_tag: "{{ ironic_tag }}"
|
|
ironic_inspector_image_full: "{{ ironic_inspector_image }}:{{ ironic_inspector_tag }}"
|
|
|
|
ironic_dnsmasq_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ironic_install_type }}-dnsmasq"
|
|
ironic_dnsmasq_tag: "{{ ironic_tag }}"
|
|
ironic_dnsmasq_image_full: "{{ ironic_dnsmasq_image }}:{{ ironic_dnsmasq_tag }}"
|
|
|
|
ironic_api_dimensions: "{{ default_container_dimensions }}"
|
|
ironic_conductor_dimensions: "{{ default_container_dimensions }}"
|
|
ironic_pxe_dimensions: "{{ default_container_dimensions }}"
|
|
ironic_ipxe_dimensions: "{{ default_container_dimensions }}"
|
|
ironic_inspector_dimensions: "{{ default_container_dimensions }}"
|
|
ironic_dnsmasq_dimensions: "{{ default_container_dimensions }}"
|
|
|
|
ironic_api_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
ironic_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
ironic_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
ironic_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
ironic_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ ironic_api_listen_port }}"]
|
|
ironic_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
ironic_api_healthcheck:
|
|
interval: "{{ ironic_api_healthcheck_interval }}"
|
|
retries: "{{ ironic_api_healthcheck_retries }}"
|
|
start_period: "{{ ironic_api_healthcheck_start_period }}"
|
|
test: "{% if ironic_api_enable_healthchecks | bool %}{{ ironic_api_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ ironic_api_healthcheck_timeout }}"
|
|
|
|
ironic_conductor_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
ironic_conductor_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
ironic_conductor_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
ironic_conductor_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
ironic_conductor_healthcheck_test: ["CMD-SHELL", "healthcheck_port ironic-conductor {{ om_rpc_port }}"]
|
|
ironic_conductor_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
ironic_conductor_healthcheck:
|
|
interval: "{{ ironic_conductor_healthcheck_interval }}"
|
|
retries: "{{ ironic_conductor_healthcheck_retries }}"
|
|
start_period: "{{ ironic_conductor_healthcheck_start_period }}"
|
|
test: "{% if ironic_conductor_enable_healthchecks | bool %}{{ ironic_conductor_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ ironic_conductor_healthcheck_timeout }}"
|
|
|
|
ironic_inspector_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
ironic_inspector_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
ironic_inspector_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
ironic_inspector_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
ironic_inspector_healthcheck_test: ["CMD-SHELL", "healthcheck_port ironic-inspector {{ om_rpc_port }}"]
|
|
ironic_inspector_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
ironic_inspector_healthcheck:
|
|
interval: "{{ ironic_inspector_healthcheck_interval }}"
|
|
retries: "{{ ironic_inspector_healthcheck_retries }}"
|
|
start_period: "{{ ironic_inspector_healthcheck_start_period }}"
|
|
test: "{% if ironic_inspector_enable_healthchecks | bool %}{{ ironic_inspector_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ ironic_inspector_healthcheck_timeout }}"
|
|
|
|
ironic_ipxe_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
ironic_ipxe_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
ironic_ipxe_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
ironic_ipxe_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
ironic_ipxe_healthcheck_test: ["CMD-SHELL", "healthcheck_listen {% if kolla_base_distro in ['debian', 'ubuntu'] %}apache2{% else %}httpd{% endif %} {{ ironic_ipxe_port }}"]
|
|
ironic_ipxe_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
ironic_ipxe_healthcheck:
|
|
interval: "{{ ironic_ipxe_healthcheck_interval }}"
|
|
retries: "{{ ironic_ipxe_healthcheck_retries }}"
|
|
start_period: "{{ ironic_ipxe_healthcheck_start_period }}"
|
|
test: "{% if ironic_ipxe_enable_healthchecks | bool %}{{ ironic_ipxe_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
timeout: "{{ ironic_ipxe_healthcheck_timeout }}"
|
|
|
|
ironic_api_default_volumes:
|
|
- "{{ node_config_directory }}/ironic-api/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
|
- "kolla_logs:/var/log/kolla"
|
|
- "{{ kolla_dev_repos_directory ~ '/ironic/ironic:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/ironic' if ironic_dev_mode | bool else '' }}"
|
|
ironic_conductor_default_volumes:
|
|
- "{{ node_config_directory }}/ironic-conductor/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
|
- "/lib/modules:/lib/modules:ro"
|
|
- "/sys:/sys"
|
|
- "/dev:/dev"
|
|
- "/run:/run:shared"
|
|
- "kolla_logs:/var/log/kolla"
|
|
- "ironic:/var/lib/ironic"
|
|
- "ironic_pxe:/tftpboot/"
|
|
- "ironic_ipxe:/httpboot/"
|
|
- "{{ kolla_dev_repos_directory ~ '/ironic/ironic:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/ironic' if ironic_dev_mode | bool else '' }}"
|
|
ironic_pxe_default_volumes:
|
|
- "{{ node_config_directory }}/ironic-pxe/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
|
- "ironic_pxe:/tftpboot/"
|
|
- "kolla_logs:/var/log/kolla"
|
|
ironic_ipxe_default_volumes:
|
|
- "{{ node_config_directory }}/ironic-ipxe/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
|
- "ironic:/var/lib/ironic:ro"
|
|
- "ironic_ipxe:/httpboot/"
|
|
- "kolla_logs:/var/log/kolla"
|
|
ironic_inspector_default_volumes:
|
|
- "{{ node_config_directory }}/ironic-inspector/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
|
- "kolla_logs:/var/log/kolla"
|
|
- "ironic_inspector_dhcp_hosts:/var/lib/ironic-inspector/dhcp-hostsdir"
|
|
- "{{ kolla_dev_repos_directory ~ '/ironic-inspector/ironic_inspector:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/ironic_inspector' if ironic_dev_mode | bool else '' }}"
|
|
ironic_dnsmasq_default_volumes:
|
|
- "{{ node_config_directory }}/ironic-dnsmasq/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
|
- "kolla_logs:/var/log/kolla"
|
|
- "ironic_inspector_dhcp_hosts:/etc/dnsmasq/dhcp-hostsdir:ro"
|
|
|
|
ironic_extra_volumes: "{{ default_extra_volumes }}"
|
|
ironic_api_extra_volumes: "{{ ironic_extra_volumes }}"
|
|
ironic_conductor_extra_volumes: "{{ ironic_extra_volumes }}"
|
|
ironic_pxe_extra_volumes: "{{ ironic_extra_volumes }}"
|
|
ironic_ipxe_extra_volumes: "{{ ironic_extra_volumes }}"
|
|
ironic_inspector_extra_volumes: "{{ ironic_extra_volumes }}"
|
|
ironic_dnsmasq_extra_volumes: "{{ ironic_extra_volumes }}"
|
|
|
|
####################
|
|
# OpenStack
|
|
####################
|
|
ironic_inspector_keystone_user: "ironic-inspector"
|
|
|
|
ironic_inspector_internal_endpoint: "{{ internal_protocol }}://{{ ironic_inspector_internal_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}"
|
|
ironic_inspector_public_endpoint: "{{ public_protocol }}://{{ ironic_inspector_external_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}"
|
|
|
|
ironic_logging_debug: "{{ openstack_logging_debug }}"
|
|
|
|
openstack_ironic_auth: "{{ openstack_auth }}"
|
|
|
|
openstack_ironic_inspector_auth: "{{ openstack_auth }}"
|
|
|
|
|
|
#########
|
|
# Ironic
|
|
#########
|
|
ironic_dnsmasq_interface: "{{ api_interface }}"
|
|
ironic_dnsmasq_dhcp_range:
|
|
ironic_dnsmasq_default_gateway:
|
|
ironic_dnsmasq_boot_file: "{% if enable_ironic_ipxe | bool %}undionly.kpxe{% else %}pxelinux.0{% endif %}"
|
|
ironic_dnsmasq_uefi_ipxe_boot_file: "snponly.efi"
|
|
ironic_cleaning_network:
|
|
ironic_console_serial_speed: "115200n8"
|
|
ironic_ipxe_url: "http://{{ api_interface_address | put_address_in_context('url') }}:{{ ironic_ipxe_port }}"
|
|
ironic_enable_rolling_upgrade: "yes"
|
|
ironic_inspector_kernel_cmdline_extras: []
|
|
ironic_inspector_pxe_filter: "{% if enable_neutron | bool %}dnsmasq{% else %}noop{% endif %}"
|
|
|
|
|
|
####################
|
|
## Kolla
|
|
#####################
|
|
ironic_inspector_git_repository: "{{ kolla_dev_repos_git }}/ironic-inspector"
|
|
ironic_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
|
|
ironic_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
|
|
ironic_dev_mode: "{{ kolla_dev_mode }}"
|
|
ironic_source_version: "{{ kolla_source_version }}"
|
|
|
|
|
|
####################
|
|
# Notifications
|
|
####################
|
|
ironic_notification_topics:
|
|
- name: notifications
|
|
enabled: "{{ enable_ceilometer | bool }}"
|
|
|
|
ironic_enabled_notification_topics: "{{ ironic_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
|
|
|
|
####################
|
|
# Keystone
|
|
####################
|
|
ironic_enable_keystone_integration: "{{ enable_keystone | bool }}"
|
|
ironic_ks_services:
|
|
- name: "ironic"
|
|
type: "baremetal"
|
|
description: "Ironic baremetal provisioning service"
|
|
endpoints:
|
|
- {'interface': 'internal', 'url': '{{ ironic_internal_endpoint }}'}
|
|
- {'interface': 'public', 'url': '{{ ironic_public_endpoint }}'}
|
|
- name: "ironic-inspector"
|
|
type: "baremetal-introspection"
|
|
description: "Ironic Inspector baremetal introspection service"
|
|
endpoints:
|
|
- {'interface': 'internal', 'url': '{{ ironic_inspector_internal_endpoint }}'}
|
|
- {'interface': 'public', 'url': '{{ ironic_inspector_public_endpoint }}'}
|
|
|
|
ironic_ks_users:
|
|
- project: "service"
|
|
user: "{{ ironic_keystone_user }}"
|
|
password: "{{ ironic_keystone_password }}"
|
|
role: "admin"
|
|
- project: "service"
|
|
user: "{{ ironic_inspector_keystone_user }}"
|
|
password: "{{ ironic_inspector_keystone_password }}"
|
|
role: "admin"
|
|
|
|
####################
|
|
# TLS
|
|
####################
|
|
ironic_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
|