openstack/kolla-ansible
Code Issues Proposed changes
568fd4dcfd
kolla-ansible/ansible/roles/ironic/templates/ironic-inspector.conf.j2
Mark Goddard 4418c1641b Support Ironic Inspector dnsmasq PXE filter 
The dnsmasq PXE filter [1] provides far better scalability than the
iptables filter typically used. Inspector manages files in a dhcp-hostsdir
directory that is watched by dnsmasq via inotify. Dnsmasq then either
whitelists or blacklists MAC addresses based on the contents of these
files.

This change adds a new variable, ironic_inspector_pxe_filter, that can
be used to configure the PXE filter for ironic inspector. Currently
supported values are 'iptables' and 'dnsmasq', with 'iptables' being the
default for backwards compatibility.

[1]
https://docs.openstack.org/ironic-inspector/latest/admin/dnsmasq-pxe-filter.html

Implements: blueprint ironic-inspector-dnsmasq-pxe-filter
Change-Id: I73cae9c33b49972342cf1984372a5c784df5cbc2
2018-11-20 14:01:15 +00:00

50 lines
1.8 KiB
Django/Jinja
Raw Blame History

[DEFAULT]
debug = {{ ironic_logging_debug }}
log_dir = /var/log/kolla/ironic-inspector
listen_address = {{ api_interface_address }}
listen_port = {{ ironic_inspector_port }}
[ironic]
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ ironic_inspector_keystone_user }}
password = {{ ironic_inspector_keystone_password }}
os_endpoint_type = internalURL
[keystone_authtoken]
www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ ironic_inspector_keystone_user }}
password = {{ ironic_inspector_keystone_password }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
{% if ironic_policy_file is defined %}
[oslo_policy]
policy_file = {{ ironic_policy_file }}
{% endif %}
[database]
connection = mysql+pymysql://{{ ironic_inspector_database_user }}:{{ ironic_inspector_database_password }}@{{ ironic_inspector_database_address }}/{{ ironic_inspector_database_name }}
[processing]
ramdisk_logs_dir = /var/log/kolla/ironic-inspector
[pxe_filter]
driver = {{ ironic_inspector_pxe_filter }}
{% if ironic_inspector_pxe_filter == 'iptables' %}
[iptables]
dnsmasq_interface = {{ ironic_dnsmasq_interface }}
{% endif %}
View Git Blame Copy Permalink