From 2603e8de6a9ee63df67a9ed5356e684134d59386 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Tue, 5 Apr 2016 09:32:49 -0500 Subject: [PATCH] Update ironic.conf for swift and keystone compat This change makes is intended to simplify the the ironic.conf file so that we only carry what is needed. In the file we're setting the swift configuration section when not in stand alone mode and the keystone_auth section has been updated for the options that ironic requires. URI testing for ironic's rest API has been updated to run the tests using a header for the authentication token. This is required now that the keystone_auth section is filled in. Co-Authored-By: Michael Davies Change-Id: Ic6bd466e6fa03c2382424666588c306bad473e99 Partially-implements: blueprint role-ironic Signed-off-by: Kevin Carter --- defaults/main.yml | 28 +- tasks/ironic_post_install.yml | 74 +- tasks/ironic_pre_install.yml | 1 + templates/ironic.conf.j2 | 2150 +-------------------------------- tests/test-rest-api.yml | 28 +- tests/test-vars.yml | 17 +- 6 files changed, 195 insertions(+), 2103 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 1cb2faf2..828454ab 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -17,7 +17,6 @@ # Verbosity Options debug: False -verbose: True # These variables are used in 'developer mode' in order to allow the role # to build an environment directly from a git source without the presence @@ -73,19 +72,35 @@ ironic_service_project_name: "service" ironic_service_project_domain_id: default ironic_service_user_domain_id: default ironic_service_role_name: "admin" - ironic_service_in_ldap: False +# Ironic image store information +ironic_swift_image_container: glance_images +ironic_swift_api_version: v1 +# The ironic swift auth account and swift endpoints will be generated using the +# known swift data as provided by swift stat. If you wish to set either of these +# items to something else define these variables. +# ironic_swift_auth_account: AUTH_1234567890 +# ironic_swift_endpoint: https://localhost:8080 # Is this Ironic installation working standalone? # If you're wanting Ironic to work without being integrated to other OpenStack # services, set this to True, and update the dhcp configuration appropriately ironic_standalone: False +# Enables or disables automated cleaning. Automated cleaning +# is a configurable set of steps, such as erasing disk drives, +# that are performed on the node to ensure it is in a baseline +# state and ready to be deployed to. +ironic_automated_clean: false + # Database ironic_galera_user: ironic ironic_galera_database: ironic +## Keystone authentication middleware +ironic_keystone_auth_plugin: password + # Integrated Openstack configuration ironic_openstack_driver_list: agent_ipmitool ironic_openstack_auth_strategy: keystone @@ -102,6 +117,11 @@ ironic_standalone_dhcp_provider: none ironic_standalone_sync_power_state_interval: -1 ironic_standalone_db_connection_string: "mysql+pymysql://{{ ironic_galera_user }}:{{ ironic_galera_password }}@{{ ironic_galera_address }}/ironic" +# Ironic db tuning +ironic_db_max_overflow: 10 +ironic_db_max_pool_size: 120 +ironic_db_pool_timeout: 30 + # Common configuration ironic_node_name: ironic @@ -114,6 +134,8 @@ ironic_bin: "{{ ironic_venv_bin }}" ironic_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/ironic.tgz +ironic_tftp_server_address: "{{ ansible_ssh_host }}" + ironic_requires_pip_packages: - virtualenv - virtualenv-tools @@ -124,6 +146,7 @@ ironic_pip_packages: - PyMySQL - ironic - python-ironicclient + - python-swiftclient ironic_api_apt_packages: - apache2 @@ -164,7 +187,6 @@ ironic_wsgi_processes: "{{ (_ironic_wsgi_processes | int > 1) | ternary(_ironic_ ironic_glance_auth_strategy: "{{ ironic_openstack_auth_strategy }}" # Neutron -# neutron_service_adminurl: ironic_neutron_auth_strategy: "{{ ironic_openstack_auth_strategy }}" ### Config Overrides diff --git a/tasks/ironic_post_install.yml b/tasks/ironic_post_install.yml index 5e6962e6..e63a3ec3 100644 --- a/tasks/ironic_post_install.yml +++ b/tasks/ironic_post_install.yml @@ -21,7 +21,9 @@ ironic_dhcp_provider: "{{ ironic_standalone_dhcp_provider }}" ironic_sync_power_state_interval: "{{ ironic_standalone_sync_power_state_interval }}" ironic_db_connection_string: "{{ ironic_standalone_db_connection_string }}" - when: ironic_standalone + when: ironic_standalone | bool + tags: + - always - name: Setup ironic for integrated Openstack usage set_fact: @@ -31,7 +33,9 @@ ironic_dhcp_provider: "{{ ironic_openstack_dhcp_provider }}" ironic_sync_power_state_interval: "{{ ironic_openstack_sync_power_state_interval }}" ironic_db_connection_string: "{{ ironic_openstack_db_connection_string }}" - when: not ironic_standalone + when: not ironic_standalone | bool + tags: + - always - name: Get ironic command path command: which ironic @@ -49,6 +53,72 @@ tags: - ironic-command-bin +- name: Post swift tempURL secret key + shell: | + . ~/openrc + {{ ironic_bin }}/swift \ + --os-username "service:{{ glance_service_user_name }}" \ + --os-password {{ glance_service_password }} \ + --os-auth-url {{ keystone_service_internalurl }} \ + --os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }} \ + post -m temp-url-key:{{ ironic_swift_temp_url_secret_key }} + when: + - inventory_hostname == groups['ironic_all'][0] + - not ironic_standalone | bool + tags: + - ironic-swift-auth + - always + +- name: Get swift account + shell: | + . ~/openrc + {{ ironic_bin }}/swift \ + --os-username "service:{{ glance_service_user_name }}" \ + --os-password {{ glance_service_password }} \ + --os-auth-url {{ keystone_service_internalurl }} \ + --os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }} \ + stat -v | awk '/StorageURL\:/ {print $2}' + register: swift_storage_url + when: + - (ironic_swift_auth_account is undefined) or (ironic_swift_endpoint is undefined) + - not ironic_standalone | bool + tags: + - ironic-swift-auth + - always + +- name: Validate swift output + fail: + msg: | + No StorageURL output found using the `swift stat` command and either + the ``ironic_swift_auth_account`` or ``ironic_swift_auth_account`` + variables are undefined. Ensure swift is functional and/or define + those variables. + when: + - (ironic_swift_auth_account is undefined) and (ironic_swift_endpoint is undefined) + - not ironic_standalone | bool + - not swift_storage_url.stdout + tags: + - ironic-swift-auth + - always + +- name: Set the swift auth facts + set_fact: + ironic_swift_auth_account: "{{ swift_storage_url.stdout.split('/v1/')[-1] }}" + when: + - ironic_swift_auth_account is undefined + - not ironic_standalone | bool + tags: + - always + +- name: Set the swift endpoint facts + set_fact: + ironic_swift_endpoint: "{{ swift_storage_url.stdout.split('/v1/')[0] }}" + when: + - ironic_swift_endpoint is undefined + - not ironic_standalone | bool + tags: + - always + - name: Generate ironic config config_template: src: "{{ item.src }}" diff --git a/tasks/ironic_pre_install.yml b/tasks/ironic_pre_install.yml index 2566dd5b..fa4d3b93 100644 --- a/tasks/ironic_pre_install.yml +++ b/tasks/ironic_pre_install.yml @@ -66,6 +66,7 @@ - { path: "{{ ironic_system_home_folder }}/.ssh", mode: "0700" } - { path: "{{ ironic_system_home_folder }}/images" } - { path: "{{ ironic_system_home_folder }}/master_images" } + - { path: "{{ ironic_system_home_folder }}/cache/api", mode: "0700" } - { path: "/var/lock/ironic" } - { path: "/var/run/ironic" } - { path: "/var/www/cgi-bin", owner: root, group: root } diff --git a/templates/ironic.conf.j2 b/templates/ironic.conf.j2 index 57ebf111..bf123db7 100644 --- a/templates/ironic.conf.j2 +++ b/templates/ironic.conf.j2 @@ -1,2184 +1,148 @@ +# {{ ansible_managed }} + [DEFAULT] +debug = {{ debug }} -# -# Options defined in ironic.api.app -# - -# Authentication strategy used by ironic-api. "noauth" should -# not be used in a production environment because all -# authentication will be disabled. (string value) -# Possible values: noauth, keystone -auth_strategy={{ ironic_auth_strategy }} - -# Return server tracebacks in the API response for any error -# responses. WARNING: this is insecure and should not be used -# in a production environment. (boolean value) -#debug_tracebacks_in_api=false - -# Enable pecan debug mode. WARNING: this is insecure and -# should not be used in a production environment. (boolean -# value) -#pecan_debug=false - - -# -# Options defined in ironic.common.driver_factory -# - -# Specify the list of drivers to load during service -# initialization. Missing drivers, or drivers which fail to -# initialize, will prevent the conductor service from -# starting. The option default is a recommended set of -# production-oriented drivers. A complete list of drivers -# present on your system may be found by enumerating the -# "ironic.drivers" entrypoint. An example may be found in the -# developer documentation online. (list value) -enabled_drivers={{ ironic_driver_list }} - - -# -# Options defined in ironic.common.exception -# - -# Used if there is a formatting error when generating an -# exception message (a programming error). If True, raise an -# exception; if False, use the unformatted message. (boolean -# value) -#fatal_exception_format_errors=false - - -# -# Options defined in ironic.common.hash_ring -# - -# Exponent to determine number of hash partitions to use when -# distributing load across conductors. Larger values will -# result in more even distribution of load and less load when -# rebalancing the ring, but more memory usage. Number of -# partitions per conductor is (2^hash_partition_exponent). -# This determines the granularity of rebalancing: given 10 -# hosts, and an exponent of the 2, there are 40 partitions in -# the ring.A few thousand partitions should make rebalancing -# smooth in most cases. The default is suitable for up to a -# few hundred conductors. Too many partitions has a CPU -# impact. (integer value) -#hash_partition_exponent=5 - -# [Experimental Feature] Number of hosts to map onto each hash -# partition. Setting this to more than one will cause -# additional conductor services to prepare deployment -# environments and potentially allow the Ironic cluster to -# recover more quickly if a conductor instance is terminated. -# (integer value) -#hash_distribution_replicas=1 - -# Interval (in seconds) between hash ring resets. (integer -# value) -#hash_ring_reset_interval=180 - - -# -# Options defined in ironic.common.images -# - -# If True, convert backing images to "raw" disk image format. -# (boolean value) -#force_raw_images=true - -# Path to isolinux binary file. (string value) -#isolinux_bin=/usr/lib/syslinux/isolinux.bin - -# Template file for isolinux configuration file. (string -# value) -#isolinux_config_template=$pybasedir/common/isolinux_config.template - -# Template file for grub configuration file. (string value) -#grub_config_template=$pybasedir/common/grub_conf.template - - -# -# Options defined in ironic.common.paths -# - -# Directory where the ironic python module is installed. -# (string value) -#pybasedir=/usr/lib/python/site-packages/ironic/ironic - -# Directory where ironic binaries are installed. (string -# value) -#bindir=$pybasedir/bin - -# Top-level directory for maintaining ironic's state. (string -# value) -#state_path=$pybasedir - - -# -# Options defined in ironic.common.service -# - -# Default interval (in seconds) for running driver periodic -# tasks. (integer value) -# This option is deprecated and planned for removal in a future release. -#periodic_interval=60 - -# Name of this node. This can be an opaque identifier. It is -# not necessarily a hostname, FQDN, or IP address. However, -# the node name must be valid within an AMQP key, and if using -# ZeroMQ, a valid hostname, FQDN, or IP address. (string -# value) -host={{ ansible_hostname }} - - -# -# Options defined in ironic.common.utils -# - -# Path to the rootwrap configuration file to use for running -# commands as root. (string value) -#rootwrap_config=/etc/ironic/rootwrap.conf - -# Temporary working directory, default is Python temp dir. -# (string value) -#tempdir=/tmp - - -# -# Options defined in ironic.drivers.modules.image_cache -# - -# Run image downloads and raw format conversions in parallel. -# (boolean value) -#parallel_image_downloads=false - - -# -# Options defined in ironic.netconf -# - -# IP address of this host. If unset, will determine the IP -# programmatically. If unable to do so, will use "127.0.0.1". -# (string value) -#my_ip=10.0.0.1 - - -# -# Options defined in oslo.log -# - -# If set to true, the logging level will be set to DEBUG -# instead of the default INFO level. (boolean value) -#debug=false - -# If set to false, the logging level will be set to WARNING -# instead of the default INFO level. (boolean value) -# This option is deprecated and planned for removal in a future release. -#verbose=true - -# The name of a logging configuration file. This file is -# appended to any existing logging configuration files. For -# details about logging configuration files, see the Python -# logging module documentation. Note that when logging -# configuration files are used then all logging configuration -# is set in the configuration file and other logging -# configuration options are ignored (for example, -# logging_context_format_string). (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append= - -# Defines the format string for %%(asctime)s in log records. -# Default: %(default)s . This option is ignored if -# log_config_append is set. (string value) -#log_date_format=%Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to send logging output to. If no -# default is set, logging will go to stderr as defined by -# use_stderr. This option is ignored if log_config_append is -# set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file= - -# (Optional) The base directory used for relative log_file -# paths. This option is ignored if log_config_append is set. -# (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir= - -# Uses logging handler designed to watch file system. When log -# file is moved or removed this handler will open a new log -# file with specified path instantaneously. It makes sense -# only if log_file option is specified and Linux platform is -# used. This option is ignored if log_config_append is set. -# (boolean value) -#watch_log_file=false - -# Use syslog for logging. Existing syslog format is DEPRECATED -# and will be changed later to honor RFC5424. This option is -# ignored if log_config_append is set. (boolean value) -#use_syslog=false - -# Syslog facility to receive log lines. This option is ignored -# if log_config_append is set. (string value) -#syslog_log_facility=LOG_USER - -# Log output to standard error. This option is ignored if -# log_config_append is set. (boolean value) -#use_stderr=true - -# Format string to use for log messages with context. (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages when context is -# undefined. (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Additional data to append to log message when logging level -# for the message is DEBUG. (string value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. -# (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s - -# Defines the format string for %(user_identity)s that is used -# in logging_context_format_string. (string value) -#logging_user_identity_format=%(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s - -# List of package logging levels in logger=LEVEL pairs. This -# option is ignored if log_config_append is set. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO - -# Enables or disables publication of error events. (boolean -# value) -#publish_errors=false - -# The format for an instance that is passed with the log -# message. (string value) -#instance_format="[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log -# message. (string value) -#instance_uuid_format="[instance: %(uuid)s] " - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - - -# -# Options defined in oslo.messaging -# - -# Size of RPC connection pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size -#rpc_conn_pool_size=30 - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -#rpc_zmq_bind_address=* - -# MatchMaker driver. (string value) -# Possible values: redis, dummy -#rpc_zmq_matchmaker=redis - -# Type of concurrency used. Either "native" or "eventlet" -# (string value) -#rpc_zmq_concurrency=eventlet - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts=1 - -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog= - -# Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir=/var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -#rpc_zmq_host=localhost - -# Seconds to wait before a cast expires (TTL). The default -# value of -1 specifies an infinite linger period. The value -# of 0 specifies no linger period. Pending messages shall be -# discarded immediately when the socket is closed. Only -# supported by impl_zmq. (integer value) -#rpc_cast_timeout=-1 - -# The default number of seconds that poll should wait. Poll -# raises timeout exception when timeout expired. (integer -# value) -#rpc_poll_timeout=1 - -# Expiration timeout in seconds of a name service record about -# existing target ( < 0 means no timeout). (integer value) -#zmq_target_expire=120 - -# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses -# proxy. (boolean value) -#use_pub_sub=true - -# Minimal port number for random ports range. (port value) -# Possible values: 0-65535 -#rpc_zmq_min_port=49152 - -# Maximal port number for random ports range. (integer value) -# Possible values: 1-65536 -#rpc_zmq_max_port=65536 - -# Number of retries to find free port number before fail with -# ZMQBindError. (integer value) -#rpc_zmq_bind_port_retries=100 - -# Size of executor thread pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size -#executor_thread_pool_size=64 - -# Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout=60 - -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend -# option and driver specific configuration. (string value) -#transport_url= - -# The messaging driver to use, defaults to rabbit. Other -# drivers include amqp and zmq. (string value) -#rpc_backend=rabbit - -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the -# transport_url option. (string value) -#control_exchange=openstack - - -# -# Options defined in oslo.service.periodic_task -# - -# Some periodic tasks can be run in a separate process. Should -# we run them here? (boolean value) -#run_external_periodic_tasks=true - - -# -# Options defined in oslo.service.service -# - -# Enable eventlet backdoor. Acceptable values are 0, , -# and :, where 0 results in listening on a random -# tcp port number; results in listening on the -# specified port number (and not enabling backdoor if that -# port is in use); and : results in listening on -# the smallest unused port number within the specified range -# of port numbers. The chosen port is displayed in the -# service's log file. (string value) -#backdoor_port= - -# Enable eventlet backdoor, using the provided path as a unix -# socket that can receive connections. This option is mutually -# exclusive with 'backdoor_port' in that only one should be -# provided. If both are provided then the existence of this -# option overrides the usage of that option. (string value) -#backdoor_socket= - -# Enables or disables logging values of all registered options -# when starting a service (at DEBUG level). (boolean value) -#log_options=true - -# Specify a timeout after which a gracefully shutdown server -# will exit. Zero value means endless wait. (integer value) -#graceful_shutdown_timeout=60 +auth_strategy = {{ ironic_openstack_auth_strategy }} +enabled_drivers = {{ ironic_driver_list }} +host = {{ inventory_hostname }} +memcached_servers = {{ memcached_servers }} [agent] -# -# Options defined in ironic.drivers.modules.agent -# - -# DEPRECATED. Additional append parameters for baremetal PXE -# boot. This option is deprecated and will be removed in -# Mitaka release. Please use [pxe]pxe_append_params instead. -# (string value) -#agent_pxe_append_params=nofb nomodeset vga=normal - -# DEPRECATED. Template file for PXE configuration. This option -# is deprecated and will be removed in Mitaka release. Please -# use [pxe]pxe_config_template instead. (string value) -#agent_pxe_config_template=$pybasedir/drivers/modules/agent_config.template - -# Whether Ironic will manage booting of the agent ramdisk. If -# set to False, you will need to configure your mechanism to -# allow booting the agent ramdisk. (boolean value) -# Deprecated group/name - [agent]/manage_tftp -#manage_agent_boot=true - -# The memory size in MiB consumed by agent when it is booted -# on a bare metal node. This is used for checking if the image -# can be downloaded and deployed on the bare metal node after -# booting agent ramdisk. This may be set according to the -# memory consumed by the agent ramdisk image. (integer value) -#memory_consumed_by_agent=0 - -# Whether the agent ramdisk should stream raw images directly -# onto the disk or not. By streaming raw images directly onto -# the disk the agent ramdisk will not spend time copying the -# image to a tmpfs partition (therefore consuming less memory) -# prior to writing it to the disk. Unless the disk where the -# image will be copied to is really slow, this option should -# be set to True. Defaults to True. (boolean value) -#stream_raw_images=true - - -# -# Options defined in ironic.drivers.modules.agent_base_vendor -# - -# Maximum interval (in seconds) for agent heartbeats. (integer -# value) -#heartbeat_timeout=300 - -# Number of times to retry getting power state to check if -# bare metal node has been powered off after a soft power off. -# (integer value) -#post_deploy_get_power_state_retries=6 - -# Amount of time (in seconds) to wait between polling power -# state after trigger soft poweroff. (integer value) -#post_deploy_get_power_state_retry_interval=5 - - -# -# Options defined in ironic.drivers.modules.agent_client -# - -# API version to use for communicating with the ramdisk agent. -# (string value) -#agent_api_version=v1 - - [amt] -# -# Options defined in ironic.drivers.modules.amt.common -# - -# Protocol used for AMT endpoint (string value) -# Possible values: http, https -#protocol=http - -# Time interval (in seconds) for successive awake call to AMT -# interface, this depends on the IdleTimeout setting on AMT -# interface. AMT Interface will go to sleep after 60 seconds -# of inactivity by default. IdleTimeout=0 means AMT will not -# go to sleep at all. Setting awake_interval=0 will disable -# awake call. (integer value) -# Minimum value: 0 -#awake_interval=60 - - -# -# Options defined in ironic.drivers.modules.amt.power -# - -# Maximum number of times to attempt an AMT operation, before -# failing (integer value) -#max_attempts=3 - -# Amount of time (in seconds) to wait, before retrying an AMT -# operation (integer value) -#action_wait=10 - - [api] -# -# Options defined in ironic.api -# - -# The IP address on which ironic-api listens. (string value) -#host_ip=0.0.0.0 - -# The TCP port on which ironic-api listens. (port value) -# Possible values: 0-65535 -#port=6385 - -# The maximum number of items returned in a single response -# from a collection resource. (integer value) -#max_limit=1000 - -# Public URL to use when building the links to the API -# resources (for example, "https://ironic.rocks:6384"). If -# None the links will be built using the request's host URL. -# If the API is operating behind a proxy, you will want to -# change this to represent the proxy's URL. Defaults to None. -# (string value) -#public_endpoint= - -# Number of workers for OpenStack Ironic API service. The -# default is equal to the number of CPUs available if that can -# be determined, else a default worker count of 1 is returned. -# (integer value) -#api_workers= - -# Enable the integrated stand-alone API to service requests -# via HTTPS instead of HTTP. If there is a front-end service -# performing HTTPS offloading from the service, this option -# should be False; note, you will want to change public API -# endpoint to represent SSL termination URL with -# 'public_endpoint' option. (boolean value) -#enable_ssl_api=false - - [cimc] -# -# Options defined in ironic.drivers.modules.cimc.power -# - -# Number of times a power operation needs to be retried -# (integer value) -#max_retry=6 - -# Amount of time in seconds to wait in between power -# operations (integer value) -#action_interval=10 - - [cisco_ucs] -# -# Options defined in ironic.drivers.modules.ucs.power -# - -# Number of times a power operation needs to be retried -# (integer value) -#max_retry=6 - -# Amount of time in seconds to wait in between power -# operations (integer value) -#action_interval=5 - - [conductor] - -# -# Options defined in ironic.conductor.base_manager -# - -# The size of the workers greenthread pool. Note that 2 -# threads will be reserved by the conductor itself for -# handling heart beats and periodic tasks. (integer value) -# Minimum value: 3 -#workers_pool_size=100 - -# Seconds between conductor heart beats. (integer value) -#heartbeat_interval=10 - - -# -# Options defined in ironic.conductor.manager -# - -# URL of Ironic API service. If not set ironic can get the -# current value from the keystone service catalog. (string -# value) -api_url={{ ironic_api_url }} - -# Maximum time (in seconds) since the last check-in of a -# conductor. A conductor is considered inactive when this time -# has been exceeded. (integer value) -#heartbeat_timeout=60 - -# Interval between syncing the node power state to the -# database, in seconds. (integer value) -sync_power_state_interval={{ ironic_sync_power_state_interval }} - -# Interval between checks of provision timeouts, in seconds. -# (integer value) -#check_provision_state_interval=60 - -# Timeout (seconds) to wait for a callback from a deploy -# ramdisk. Set to 0 to disable timeout. (integer value) -#deploy_callback_timeout=1800 - -# During sync_power_state, should the hardware power state be -# set to the state recorded in the database (True) or should -# the database be updated based on the hardware state (False). -# (boolean value) -#force_power_state_during_sync=true - -# During sync_power_state failures, limit the number of times -# Ironic should try syncing the hardware node power state with -# the node power state in DB (integer value) -#power_state_sync_max_retries=3 - -# Maximum number of worker threads that can be started -# simultaneously by a periodic task. Should be less than RPC -# thread pool size. (integer value) -#periodic_max_workers=8 - -# Number of attempts to grab a node lock. (integer value) -#node_locked_retry_attempts=3 - -# Seconds to sleep between node lock attempts. (integer value) -#node_locked_retry_interval=1 - -# Enable sending sensor data message via the notification bus -# (boolean value) -#send_sensor_data=false - -# Seconds between conductor sending sensor data message to -# ceilometer via the notification bus. (integer value) -#send_sensor_data_interval=600 - -# List of comma separated meter types which need to be sent to -# Ceilometer. The default value, "ALL", is a special value -# meaning send all the sensor data. (list value) -#send_sensor_data_types=ALL - -# When conductors join or leave the cluster, existing -# conductors may need to update any persistent local state as -# nodes are moved around the cluster. This option controls how -# often, in seconds, each conductor will check for nodes that -# it should "take over". Set it to a negative value to disable -# the check entirely. (integer value) -#sync_local_state_interval=180 - -# Whether to upload the config drive to Swift. (boolean value) -#configdrive_use_swift=false - -# Name of the Swift container to store config drive data. Used -# when configdrive_use_swift is True. (string value) -#configdrive_swift_container=ironic_configdrive_container - -# Timeout (seconds) for waiting for node inspection. 0 - -# unlimited. (integer value) -#inspect_timeout=1800 - -# Enables or disables automated cleaning. Automated cleaning -# is a configurable set of steps, such as erasing disk drives, -# that are performed on the node to ensure it is in a baseline -# state and ready to be deployed to. This is done after -# instance deletion as well as during the transition from a -# "manageable" to "available" state. When enabled, the -# particular steps performed to clean a node depend on which -# driver that node is managed by; see the individual driver's -# documentation for details. NOTE: The introduction of the -# cleaning operation causes instance deletion to take -# significantly longer. In an environment where all tenants -# are trusted (eg, because there is only one tenant), this -# option could be safely disabled. (boolean value) -# Deprecated group/name - [conductor]/clean_nodes -#automated_clean=true - -# Timeout (seconds) to wait for a callback from the ramdisk -# doing the cleaning. If the timeout is reached the node will -# be put in the "clean failed" provision state. Set to 0 to -# disable timeout. (integer value) -#clean_callback_timeout=1800 - +api_url = {{ ironic_api_url }} +sync_power_state_interval = {{ ironic_sync_power_state_interval }} +automated_clean = {{ ironic_automated_clean }} [console] -# -# Options defined in ironic.drivers.modules.console_utils -# - -# Path to serial console terminal program (string value) -#terminal=shellinaboxd - -# Directory containing the terminal SSL cert(PEM) for serial -# console access (string value) -#terminal_cert_dir= - -# Directory for holding terminal pid files. If not specified, -# the temporary directory will be used. (string value) -#terminal_pid_dir= - -# Time interval (in seconds) for checking the status of -# console subprocess. (integer value) -#subprocess_checking_interval=1 - -# Time (in seconds) to wait for the console subprocess to -# start. (integer value) -#subprocess_timeout=10 - - [cors] -# -# Options defined in oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain -# received in the requests "origin" header. (list value) -#allowed_origin= - -# Indicate that the actual request can include user -# credentials (boolean value) -#allow_credentials=true - -# Indicate which headers are safe to expose to the API. -# Defaults to HTTP Simple Headers. (list value) -#expose_headers=Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma - -# Maximum cache age of CORS preflight requests. (integer -# value) -#max_age=3600 - -# Indicate which methods can be used during the actual -# request. (list value) -#allow_methods=GET,POST,PUT,DELETE,OPTIONS - -# Indicate which header field names may be used during the -# actual request. (list value) -#allow_headers=Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma - - [cors.subdomain] -# -# Options defined in oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain -# received in the requests "origin" header. (list value) -#allowed_origin= - -# Indicate that the actual request can include user -# credentials (boolean value) -#allow_credentials=true - -# Indicate which headers are safe to expose to the API. -# Defaults to HTTP Simple Headers. (list value) -#expose_headers=Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma - -# Maximum cache age of CORS preflight requests. (integer -# value) -#max_age=3600 - -# Indicate which methods can be used during the actual -# request. (list value) -#allow_methods=GET,POST,PUT,DELETE,OPTIONS - -# Indicate which header field names may be used during the -# actual request. (list value) -#allow_headers=Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma - - [database] - -# -# Options defined in ironic.db.sqlalchemy.models -# - -# MySQL engine to use. (string value) -#mysql_engine=InnoDB - - -# -# Options defined in oslo.db -# - -# The file name to use with SQLite. (string value) -# Deprecated group/name - [DEFAULT]/sqlite_db -#sqlite_db=oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -# Deprecated group/name - [DEFAULT]/sqlite_synchronous -#sqlite_synchronous=true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend=sqlalchemy - -# The SQLAlchemy connection string to use to connect to the -# database. (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -connection={{ ironic_db_connection_string }} - -# The SQLAlchemy connection string to use to connect to the -# slave database. (string value) -#slave_connection= - -# The SQL mode to be used for MySQL sessions. This option, -# including the default, overrides any server-set SQL mode. To -# use whatever SQL mode is set by the server configuration, -# set this to no value. Example: mysql_sql_mode= (string -# value) -#mysql_sql_mode=TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout=3600 - -# Minimum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size=1 - -# Maximum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size= - -# Maximum number of database connection retries during -# startup. Set to -1 to specify an infinite retry count. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries=10 - -# Interval between retries of opening a SQL connection. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval=10 - -# If set, use this value for max_overflow with SQLAlchemy. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow=50 - -# Verbosity of SQL debugging information: 0=None, -# 100=Everything. (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug=0 - -# Add Python stack traces to SQL as comment strings. (boolean -# value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace=false - -# If set, use this value for pool_timeout with SQLAlchemy. -# (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout= - -# Enable the experimental use of database reconnect on -# connection lost. (boolean value) -#use_db_reconnect=false - -# Seconds between retries of a database transaction. (integer -# value) -#db_retry_interval=1 - -# If True, increases the interval between retries of a -# database operation up to db_max_retry_interval. (boolean -# value) -#db_inc_retry_interval=true - -# If db_inc_retry_interval is set, the maximum seconds between -# retries of a database operation. (integer value) -#db_max_retry_interval=10 - -# Maximum retries in case of connection error or deadlock -# error before error is raised. Set to -1 to specify an -# infinite retry count. (integer value) -#db_max_retries=20 - +connection = {{ ironic_db_connection_string }} +max_overflow = {{ ironic_db_max_overflow }} +max_pool_size = {{ ironic_db_max_pool_size }} +pool_timeout = {{ ironic_db_pool_timeout }} [deploy] -# -# Options defined in ironic.drivers.modules.deploy_utils -# - -# ironic-conductor node's HTTP server URL. Example: -# http://192.1.2.3:8080 (string value) -# Deprecated group/name - [pxe]/http_url -#http_url= - -# ironic-conductor node's HTTP root path. (string value) -# Deprecated group/name - [pxe]/http_root -#http_root=/httpboot - -# Priority to run in-band erase devices via the Ironic Python -# Agent ramdisk. If unset, will use the priority set in the -# ramdisk (defaults to 10 for the GenericHardwareManager). If -# set to 0, will not run during cleaning. (integer value) -# Deprecated group/name - [agent]/agent_erase_devices_priority -#erase_devices_priority= - -# Number of iterations to be run for erasing devices. (integer -# value) -# Deprecated group/name - [agent]/agent_erase_devices_iterations -#erase_devices_iterations=1 - - [dhcp] - -# -# Options defined in ironic.common.dhcp_factory -# - -# DHCP provider to use. "neutron" uses Neutron, and "none" -# uses a no-op provider. (string value) -dhcp_provider={{ ironic_dhcp_provider }} - +dhcp_provider = {{ ironic_dhcp_provider }} [disk_partitioner] -# -# Options defined in ironic_lib.disk_partitioner -# - -# After Ironic has completed creating the partition table, it -# continues to check for activity on the attached iSCSI device -# status at this interval prior to copying the image to the -# node, in seconds (integer value) -#check_device_interval=1 - -# The maximum number of times to check that the device is not -# accessed by another process. If the device is still busy -# after that, the disk partitioning will be treated as having -# failed. (integer value) -#check_device_max_retries=20 - - [disk_utils] -# -# Options defined in ironic_lib.disk_utils -# - -# Size of EFI system partition in MiB when configuring UEFI -# systems for local boot. (integer value) -# Deprecated group/name - [deploy]/efi_system_partition_size -#efi_system_partition_size=200 - -# Block size to use when writing to the nodes disk. (string -# value) -# Deprecated group/name - [deploy]/dd_block_size -#dd_block_size=1M - -# Maximum attempts to verify an iSCSI connection is active, -# sleeping 1 second between attempts. (integer value) -# Deprecated group/name - [deploy]/iscsi_verify_attempts -#iscsi_verify_attempts=3 - - [glance] - -# -# Options defined in ironic.common.glance_service.v2.image_service -# - -# A list of URL schemes that can be downloaded directly via -# the direct_url. Currently supported schemes: [file]. (list -# value) -#allowed_direct_url_schemes= - -# The secret token given to Swift to allow temporary URL -# downloads. Required for temporary URLs. (string value) -#swift_temp_url_key= - -# The length of time in seconds that the temporary URL will be -# valid for. Defaults to 20 minutes. If some deploys get a 401 -# response code when trying to download from the temporary -# URL, try raising this duration. This value must be greater -# than or equal to the value for -# swift_temp_url_expected_download_start_delay (integer value) -#swift_temp_url_duration=1200 - -# Whether to cache generated Swift temporary URLs. Setting it -# to true is only useful when an image caching proxy is used. -# Defaults to False. (boolean value) -#swift_temp_url_cache_enabled=false - -# This is the delay (in seconds) from the time of the deploy -# request (when the Swift temporary URL is generated) to when -# the IPA ramdisk starts up and URL is used for the image -# download. This value is used to check if the Swift temporary -# URL duration is large enough to let the image download -# begin. Also if temporary URL caching is enabled this will -# determine if a cached entry will still be valid when the -# download starts. swift_temp_url_duration value must be -# greater than or equal to this option's value. Defaults to 0. -# (integer value) -# Minimum value: 0 -#swift_temp_url_expected_download_start_delay=0 - -# The "endpoint" (scheme, hostname, optional port) for the -# Swift URL of the form -# "endpoint_url/api_version/[account/]container/object_id". Do -# not include trailing "/". For example, use -# "https://swift.example.com". If using RADOS Gateway, -# endpoint may also contain /swift path; if it does not, it -# will be appended. Required for temporary URLs. (string -# value) -#swift_endpoint_url= - -# The Swift API version to create a temporary URL for. -# Defaults to "v1". Swift temporary URL format: -# "endpoint_url/api_version/[account/]container/object_id" -# (string value) -#swift_api_version=v1 - -# The account that Glance uses to communicate with Swift. The -# format is "AUTH_uuid". "uuid" is the UUID for the account -# configured in the glance-api.conf. Required for temporary -# URLs when Glance backend is Swift. For example: -# "AUTH_a422b2-91f3-2f46-74b7-d7c9e8958f5d30". Swift temporary -# URL format: -# "endpoint_url/api_version/[account/]container/object_id" -# (string value) -#swift_account= - -# The Swift container Glance is configured to store its images -# in. Defaults to "glance", which is the default in glance- -# api.conf. Swift temporary URL format: -# "endpoint_url/api_version/[account/]container/object_id" -# (string value) -#swift_container=glance - -# This should match a config by the same name in the Glance -# configuration file. When set to 0, a single-tenant store -# will only use one container to store all images. When set to -# an integer value between 1 and 32, a single-tenant store -# will use multiple containers to store images, and this value -# will determine how many containers are created. (integer -# value) -#swift_store_multiple_containers_seed=0 - -# Type of endpoint to use for temporary URLs. If the Glance -# backend is Swift, use "swift"; if it is CEPH with RADOS -# gateway, use "radosgw". (string value) -# Possible values: swift, radosgw -#temp_url_endpoint_type=swift - - -# -# Options defined in ironic.common.image_service -# - -# Default glance hostname or IP address. (string value) -{% if ironic_glance_host is defined %} -glance_host={{ ironic_glance_host }} -{% else %} -#glance_host=$my_ip +glance_api_servers = {{ glance_api_servers }} +{% if not ironic_standalone | bool %} +swift_temp_url_key = {{ ironic_swift_temp_url_secret_key }} +swift_container = {{ ironic_swift_image_container }} +swift_endpoint_url = {{ ironic_swift_endpoint }} +swift_account = {{ ironic_swift_auth_account }} +swift_api_version = {{ ironic_swift_api_version }} +temp_url_endpoint_type = swift {% endif %} -# Default glance port. (port value) -# Possible values: 0-65535 -#glance_port=9292 - -# Default protocol to use when connecting to glance. Set to -# https for SSL. (string value) -# Possible values: http, https -#glance_protocol=http - -# A list of the glance api servers available to ironic. Prefix -# with https:// for SSL-based glance API servers. Format is -# [hostname|IP]:port. (list value) -#glance_api_servers= - -# Allow to perform insecure SSL (https) requests to glance. -# (boolean value) -#glance_api_insecure=false - -# Number of retries when downloading an image from glance. -# (integer value) -#glance_num_retries=0 - -# Authentication strategy to use when connecting to glance. -# (string value) -# Possible values: keystone, noauth -auth_strategy={{ ironic_glance_auth_strategy }} - -# Optional path to a CA certificate bundle to be used to -# validate the SSL certificate served by glance. It is used -# when glance_api_insecure is set to False. (string value) -#glance_cafile= - - [iboot] -# -# Options defined in ironic.drivers.modules.iboot -# - -# Maximum retries for iBoot operations (integer value) -#max_retry=3 - -# Time (in seconds) between retry attempts for iBoot -# operations (integer value) -#retry_interval=1 - -# Time (in seconds) to sleep between when rebooting (powering -# off and on again). (integer value) -# Minimum value: 0 -#reboot_delay=5 - - [ilo] -# -# Options defined in ironic.drivers.modules.ilo.common -# - -# Timeout (in seconds) for iLO operations (integer value) -#client_timeout=60 - -# Port to be used for iLO operations (port value) -# Possible values: 0-65535 -#client_port=443 - -# The Swift iLO container to store data. (string value) -#swift_ilo_container=ironic_ilo_container - -# Amount of time in seconds for Swift objects to auto-expire. -# (integer value) -#swift_object_expiry_timeout=900 - -# Set this to True to use http web server to host floppy -# images and generated boot ISO. This requires http_root and -# http_url to be configured in the [deploy] section of the -# config file. If this is set to False, then Ironic will use -# Swift to host the floppy images and generated boot_iso. -# (boolean value) -#use_web_server_for_images=false - - -# -# Options defined in ironic.drivers.modules.ilo.deploy -# - -# Priority for erase devices clean step. If unset, it defaults -# to 10. If set to 0, the step will be disabled and will not -# run during cleaning. (integer value) -#clean_priority_erase_devices= - - -# -# Options defined in ironic.drivers.modules.ilo.management -# - -# Priority for reset_ilo clean step. (integer value) -#clean_priority_reset_ilo=0 - -# Priority for reset_bios_to_default clean step. (integer -# value) -#clean_priority_reset_bios_to_default=10 - -# Priority for reset_secure_boot_keys clean step. This step -# will reset the secure boot keys to manufacturing defaults. -# (integer value) -#clean_priority_reset_secure_boot_keys_to_default=20 - -# Priority for clear_secure_boot_keys clean step. This step is -# not enabled by default. It can be enabled to clear all -# secure boot keys enrolled with iLO. (integer value) -#clean_priority_clear_secure_boot_keys=0 - -# Priority for reset_ilo_credential clean step. This step -# requires "ilo_change_password" parameter to be updated in -# nodes's driver_info with the new password. (integer value) -#clean_priority_reset_ilo_credential=30 - - -# -# Options defined in ironic.drivers.modules.ilo.power -# - -# Number of times a power operation needs to be retried -# (integer value) -#power_retry=6 - -# Amount of time in seconds to wait in between power -# operations (integer value) -#power_wait=2 - - [inspector] -# -# Options defined in ironic.drivers.modules.inspector -# - -# whether to enable inspection using ironic-inspector (boolean -# value) -# Deprecated group/name - [discoverd]/enabled -#enabled=false - -# ironic-inspector HTTP endpoint. If this is not set, the -# ironic-inspector client default (http://127.0.0.1:5050) will -# be used. (string value) -# Deprecated group/name - [discoverd]/service_url -#service_url= - -# period (in seconds) to check status of nodes on inspection -# (integer value) -# Deprecated group/name - [discoverd]/status_check_period -#status_check_period=60 - - [ipmi] -# -# Options defined in ironic.drivers.modules.ipminative -# - -# Maximum time in seconds to retry IPMI operations. There is a -# tradeoff when setting this value. Setting this too low may -# cause older BMCs to crash and require a hard reset. However, -# setting too high can cause the sync power state periodic -# task to hang when there are slow or unresponsive BMCs. -# (integer value) -#retry_timeout=60 - -# Minimum time, in seconds, between IPMI operations sent to a -# server. There is a risk with some hardware that setting this -# too low may cause the BMC to crash. Recommended setting is 5 -# seconds. (integer value) -#min_command_interval=5 - - [irmc] -# -# Options defined in ironic.drivers.modules.irmc.boot -# - -# Ironic conductor node's "NFS" or "CIFS" root path (string -# value) -#remote_image_share_root=/remote_image_share_root - -# IP of remote image server (string value) -#remote_image_server= - -# Share type of virtual media (string value) -# Possible values: CIFS, NFS -#remote_image_share_type=CIFS - -# share name of remote_image_server (string value) -#remote_image_share_name=share - -# User name of remote_image_server (string value) -#remote_image_user_name= - -# Password of remote_image_user_name (string value) -#remote_image_user_password= - -# Domain name of remote_image_user_name (string value) -#remote_image_user_domain= - - -# -# Options defined in ironic.drivers.modules.irmc.common -# - -# Port to be used for iRMC operations (port value) -# Possible values: 443, 80 -#port=443 - -# Authentication method to be used for iRMC operations (string -# value) -# Possible values: basic, digest -#auth_method=basic - -# Timeout (in seconds) for iRMC operations (integer value) -#client_timeout=60 - -# Sensor data retrieval method. (string value) -# Possible values: ipmitool, scci -#sensor_method=ipmitool - -# SNMP protocol version (string value) -# Possible values: v1, v2c, v3 -#snmp_version=v2c - -# SNMP port (port value) -# Possible values: 0-65535 -#snmp_port=161 - -# SNMP community. Required for versions "v1" and "v2c" (string -# value) -#snmp_community=public - -# SNMP security name. Required for version "v3" (string value) -#snmp_security= - - [ironic_lib] -# -# Options defined in ironic_lib.utils -# - -# Command that is prefixed to commands that are run as root. -# If not specified, no commands are run as root. (string -# value) -#root_helper=sudo ironic-rootwrap /etc/ironic/rootwrap.conf - - [keystone] - -# -# Options defined in ironic.common.keystone -# - -# The region used for getting endpoints of OpenStack services. -# (string value) -#region_name= - +region_name = {{ ironic_service_region }} [keystone_authtoken] -auth_url = {{ keystone_service_adminurl }} +insecure = {{ keystone_service_internaluri_insecure | bool }} +auth_type = {{ ironic_keystone_auth_plugin }} +signing_dir = {{ ironic_system_home_folder }}/cache/api +auth_url = {{ keystone_service_adminuri }} +auth_uri = {{ keystone_service_internaluri }} project_domain_id = {{ ironic_service_project_domain_id }} user_domain_id = {{ ironic_service_user_domain_id }} project_name = {{ ironic_service_project_name }} username = {{ ironic_service_user_name }} password = {{ ironic_service_password }} -# -# Options defined in keystonemiddleware.auth_token -# +memcached_servers = {{ memcached_servers }} -# Complete public Identity API endpoint. (string value) -auth_uri={{ keystone_service_internaluri }} +token_cache_time = 300 +revocation_cache_time = 60 -# API version of the admin Identity API endpoint. (string -# value) -auth_version={% if keystone_service_adminurl.endswith('v3') %}3{% else %}2.0{% endif %} - -# Do not handle authorization requests within the middleware, -# but delegate the authorization decision to downstream WSGI -# components. (boolean value) -#delay_auth_decision=false - -# Request timeout value for communicating with Identity API -# server. (integer value) -#http_connect_timeout= - -# How many times are we trying to reconnect when communicating -# with Identity API Server. (integer value) -#http_request_max_retries=3 - -# Env key for the swift cache. (string value) -#cache= - -# Required if identity server requires client certificate -# (string value) -#certfile= - -# Required if identity server requires client certificate -# (string value) -#keyfile= - -# A PEM encoded Certificate Authority to use when verifying -# HTTPs connections. Defaults to system CAs. (string value) -#cafile= - -# Verify HTTPS connections. (boolean value) -insecure={{ keystone_service_adminuri_insecure }} - -# The region in which the identity server can be found. -# (string value) -#region_name= - -# Directory used to cache files related to PKI tokens. (string -# value) -#signing_dir= - -# Optionally specify a list of memcached server(s) to use for -# caching. If left undefined, tokens will instead be cached -# in-process. (list value) -# Deprecated group/name - [keystone_authtoken]/memcache_servers -memcached_servers={{ memcached_servers }} - -# In order to prevent excessive effort spent validating -# tokens, the middleware caches previously-seen tokens for a -# configurable duration (in seconds). Set to -1 to disable -# caching completely. (integer value) -#token_cache_time=300 - -# Determines the frequency at which the list of revoked tokens -# is retrieved from the Identity service (in seconds). A high -# number of revocation events combined with a low cache -# duration may significantly reduce performance. (integer -# value) -#revocation_cache_time=10 - -# (Optional) If defined, indicate whether token data should be -# authenticated or authenticated and encrypted. If MAC, token -# data is authenticated (with HMAC) in the cache. If ENCRYPT, -# token data is encrypted and authenticated in the cache. If -# the value is not one of these options or empty, auth_token -# will raise an exception on initialization. (string value) -# Possible values: None, MAC, ENCRYPT -memcache_security_strategy=ENCRYPT - -# (Optional, mandatory if memcache_security_strategy is -# defined) This string is used for key derivation. (string -# value) -memcache_secret_key={{ memcached_encryption_key }} - -# (Optional) Number of seconds memcached server is considered -# dead before it is tried again. (integer value) -#memcache_pool_dead_retry=300 - -# (Optional) Maximum total number of open connections to every -# memcached server. (integer value) -#memcache_pool_maxsize=10 - -# (Optional) Socket timeout in seconds for communicating with -# a memcached server. (integer value) -#memcache_pool_socket_timeout=3 - -# (Optional) Number of seconds a connection to memcached is -# held unused in the pool before it is closed. (integer value) -#memcache_pool_unused_timeout=60 - -# (Optional) Number of seconds that an operation will wait to -# get a memcached client connection from the pool. (integer -# value) -#memcache_pool_conn_get_timeout=10 - -# (Optional) Use the advanced (eventlet safe) memcached client -# pool. The advanced pool will only work under python 2.x. -# (boolean value) -#memcache_use_advanced_pool=false - -# (Optional) Indicate whether to set the X-Service-Catalog -# header. If False, middleware will not ask for service -# catalog on token validation and will not set the X-Service- -# Catalog header. (boolean value) -#include_service_catalog=true - -# Used to control the use and type of token binding. Can be -# set to: "disabled" to not check token binding. "permissive" -# (default) to validate binding information if the bind type -# is of a form known to the server and ignore it if not. -# "strict" like "permissive" but if the bind type is unknown -# the token will be rejected. "required" any form of token -# binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string -# value) -#enforce_token_bind=permissive - -# If true, the revocation list will be checked for cached -# tokens. This requires that PKI tokens are configured on the -# identity server. (boolean value) -#check_revocations_for_cached=false - -# Hash algorithms to use for hashing PKI tokens. This may be a -# single algorithm or multiple. The algorithms are those -# supported by Python standard hashlib.new(). The hashes will -# be tried in the order given, so put the preferred one first -# for performance. The result of the first hash will be stored -# in the cache. This will typically be set to multiple values -# only while migrating from a less secure algorithm to a more -# secure one. Once all the old tokens are expired this option -# should be set to a single value for better performance. -# (list value) -#hash_algorithms=md5 - -# Authentication type to load (type of value is unknown) -# Deprecated group/name - [keystone_authtoken]/auth_plugin -auth_type=password - -# Config Section from which to load plugin specific options -# (type of value is unknown) -#auth_section= +# if your memcached server is shared, use these settings to avoid cache poisoning +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcached_encryption_key }} +# if your keystone deployment uses PKI, and you value security over performance: +check_revocations_for_cached = False [matchmaker_redis] -# -# Options defined in oslo.messaging -# - -# Host to locate redis. (string value) -#host=127.0.0.1 - -# Use this port to connect to redis host. (port value) -# Possible values: 0-65535 -#port=6379 - -# Password for Redis server (optional). (string value) -#password= - -# List of Redis Sentinel hosts (fault tolerance mode) e.g. -# [host:port, host1:port ... ] (list value) -#sentinel_hosts= - -# Redis replica set name. (string value) -#sentinel_group_name=oslo-messaging-zeromq - -# Time in ms to wait between connection attempts. (integer -# value) -#wait_timeout=500 - -# Time in ms to wait before the transaction is killed. -# (integer value) -#check_timeout=20000 - -# Timeout in ms on blocking socket operations (integer value) -#socket_timeout=1000 - - [neutron] - -# -# Options defined in ironic.dhcp.neutron -# - -# URL for connecting to neutron. (string value) -{% if neutron_service_adminuri is defined %} -url={{ neutron_service_adminurl }} -{% else %} -#url= -{% endif %} - -# Timeout value for connecting to neutron in seconds. (integer -# value) -#url_timeout=30 - -# Client retries in the case of a failed request. (integer -# value) -#retries=3 - -# Default authentication strategy to use when connecting to -# neutron. Running neutron in noauth mode (related to but not -# affected by this setting) is insecure and should only be -# used for testing. (string value) -# Possible values: keystone, noauth -auth_strategy={{ ironic_neutron_auth_strategy }} - -# UUID of the network to create Neutron ports on, when booting -# to a ramdisk for cleaning using Neutron DHCP. (string value) -#cleaning_network_uuid= - +url = {{ neutron_service_adminurl }} +region_name = {{ neutron_service_region }} +auth_type = password +# Keystone client plugin password option +password = {{ neutron_service_password }} +# Keystone client plugin username option +username = {{ neutron_service_user_name }} +project_name = {{ neutron_service_project_name }} +user_domain_name = {{ neutron_service_domain_name |default("Default") }} +project_domain_name = {{ neutron_service_domain_name |default("Default") }} +# Keystone client plugin authentication URL option +auth_url = {{ keystone_service_adminurl }} +insecure = {{ keystone_service_adminuri_insecure | bool }} [oneview] -# -# Options defined in ironic.drivers.modules.oneview.common -# - -# URL where OneView is available (string value) -#manager_url= - -# OneView username to be used (string value) -#username= - -# OneView password to be used (string value) -#password= - -# Option to allow insecure connection with OneView (boolean -# value) -#allow_insecure_connections=false - -# Path to CA certificate (string value) -#tls_cacert_file= - -# Max connection retries to check changes on OneView (integer -# value) -#max_polling_attempts=12 - - [oslo_concurrency] - -# -# Options defined in oslo.concurrency -# - -# Enables or disables inter-process locks. (boolean value) -# Deprecated group/name - [DEFAULT]/disable_process_locking -#disable_process_locking=false - -# Directory to use for lock files. For security, the -# specified directory should only be writable by the user -# running the processes that need locking. Defaults to -# environment variable OSLO_LOCK_PATH. If external locks are -# used, a lock path must be set. (string value) -# Deprecated group/name - [DEFAULT]/lock_path -#lock_path= - +lock_path = /var/lock/ironic [oslo_messaging_amqp] -# -# Options defined in oslo.messaging -# - -# address prefix used when sending to a specific server -# (string value) -# Deprecated group/name - [amqp1]/server_request_prefix -#server_request_prefix=exclusive - -# address prefix used when broadcasting to all servers (string -# value) -# Deprecated group/name - [amqp1]/broadcast_prefix -#broadcast_prefix=broadcast - -# address prefix when sending to any server in group (string -# value) -# Deprecated group/name - [amqp1]/group_request_prefix -#group_request_prefix=unicast - -# Name for the AMQP container (string value) -# Deprecated group/name - [amqp1]/container_name -#container_name= - -# Timeout for inactive connections (in seconds) (integer -# value) -# Deprecated group/name - [amqp1]/idle_timeout -#idle_timeout=0 - -# Debug: dump AMQP frames to stdout (boolean value) -# Deprecated group/name - [amqp1]/trace -#trace=false - -# CA certificate PEM file to verify server certificate (string -# value) -# Deprecated group/name - [amqp1]/ssl_ca_file -#ssl_ca_file= - -# Identifying certificate PEM file to present to clients -# (string value) -# Deprecated group/name - [amqp1]/ssl_cert_file -#ssl_cert_file= - -# Private key PEM file used to sign cert_file certificate -# (string value) -# Deprecated group/name - [amqp1]/ssl_key_file -#ssl_key_file= - -# Password for decrypting ssl_key_file (if encrypted) (string -# value) -# Deprecated group/name - [amqp1]/ssl_key_password -#ssl_key_password= - -# Accept clients using either SSL or plain TCP (boolean value) -# Deprecated group/name - [amqp1]/allow_insecure_clients -#allow_insecure_clients=false - -# Space separated list of acceptable SASL mechanisms (string -# value) -# Deprecated group/name - [amqp1]/sasl_mechanisms -#sasl_mechanisms= - -# Path to directory that contains the SASL configuration -# (string value) -# Deprecated group/name - [amqp1]/sasl_config_dir -#sasl_config_dir= - -# Name of configuration file (without .conf suffix) (string -# value) -# Deprecated group/name - [amqp1]/sasl_config_name -#sasl_config_name= - -# User name for message broker authentication (string value) -# Deprecated group/name - [amqp1]/username -#username= - -# Password for message broker authentication (string value) -# Deprecated group/name - [amqp1]/password -#password= - - [oslo_messaging_notifications] -# -# Options defined in oslo.messaging -# - -# The Drivers(s) to handle sending notifications. Possible -# values are messaging, messagingv2, routing, log, test, noop -# (multi valued) -# Deprecated group/name - [DEFAULT]/notification_driver -#driver= - -# A URL representing the messaging driver to use for -# notifications. If not set, we fall back to the same -# configuration used for RPC. (string value) -# Deprecated group/name - [DEFAULT]/notification_transport_url -#transport_url= - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -# Deprecated group/name - [DEFAULT]/notification_topics -#topics=notifications - - [oslo_messaging_rabbit] - -# -# Options defined in oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_durable_queues -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_auto_delete -#amqp_auto_delete=false - -# SSL version to use (valid only if SSL enabled). Valid values -# are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may -# be available on some distributions. (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_version -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL -# enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs -#kombu_ssl_ca_certs= - -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay -#kombu_reconnect_delay=1.0 - -# EXPERIMENTAL: Possible values are: gzip, bz2. If not set -# compression will not be used. This option may notbe -# available in future versions. (string value) -#kombu_compression= - -# How long to wait a missing client beforce abandoning to send -# it its replies. This value should not be longer than -# rpc_response_timeout. (integer value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout -#kombu_missing_consumer_retry_timeout=60 - -# Determines how the next RabbitMQ node is chosen in case the -# one we are currently connected to becomes unavailable. Takes -# effect only if more than one RabbitMQ node is provided in -# config. (string value) -# Possible values: round-robin, shuffle -#kombu_failover_strategy=round-robin - -# The RabbitMQ broker address where a single node is used. -# (string value) -# Deprecated group/name - [DEFAULT]/rabbit_host -#rabbit_host=localhost - -# The RabbitMQ broker port where a single node is used. (port -# value) -# Possible values: 0-65535 -# Deprecated group/name - [DEFAULT]/rabbit_port -#rabbit_port=5672 - -# RabbitMQ HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/rabbit_hosts -rabbit_hosts={{ rabbitmq_servers }} - -# Connect over SSL for RabbitMQ. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_use_ssl -rabbit_use_ssl={{ rabbitmq_use_ssl }} - -# The RabbitMQ userid. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_userid -rabbit_userid={{ ironic_rabbitmq_userid }} - -# The RabbitMQ password. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_password -rabbit_password={{ ironic_rabbitmq_password }} - -# The RabbitMQ login method. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_login_method -#rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_virtual_host -rabbit_virtual_host={{ ironic_rabbitmq_vhost }} - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff -#rabbit_retry_backoff=2 - -# Maximum interval of RabbitMQ connection retries. Default is -# 30 seconds. (integer value) -#rabbit_interval_max=30 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_max_retries -#rabbit_max_retries=0 - -# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you -# change this option, you must wipe the RabbitMQ database. In -# RabbitMQ 3.0, queue mirroring is no longer controlled by the -# x-ha-policy argument when declaring a queue. If you just -# want to make sure that all queues (except those with auto- -# generated names) are mirrored across all nodes, run: -# "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-mode": -# "all"}' " (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_ha_queues -#rabbit_ha_queues=false - -# Positive integer representing duration in seconds for queue -# TTL (x-expires). Queues which are unused for the duration of -# the TTL are automatically deleted. The parameter affects -# only reply and fanout queues. (integer value) -# Minimum value: 1 -#rabbit_transient_queues_ttl=1800 - -# Specifies the number of messages to prefetch. Setting to -# zero allows unlimited messages. (integer value) -#rabbit_qos_prefetch_count=0 - -# Number of seconds after which the Rabbit broker is -# considered down if heartbeat's keep-alive fails (0 disable -# the heartbeat). EXPERIMENTAL (integer value) -#heartbeat_timeout_threshold=60 - -# How often times during the heartbeat_timeout_threshold we -# check the heartbeat. (integer value) -#heartbeat_rate=2 - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake -# (boolean value) -# Deprecated group/name - [DEFAULT]/fake_rabbit -#fake_rabbit=false - -# Maximum number of channels to allow (integer value) -#channel_max= - -# The maximum byte size for an AMQP frame (integer value) -#frame_max= - -# How often to send heartbeats for consumer's connections -# (integer value) -#heartbeat_interval=1 - -# Enable SSL (boolean value) -#ssl= - -# Arguments passed to ssl.wrap_socket (dict value) -#ssl_options= - -# Set socket timeout in seconds for connection's socket -# (floating point value) -#socket_timeout=0.25 - -# Set TCP_USER_TIMEOUT in seconds for connection's socket -# (floating point value) -#tcp_user_timeout=0.25 - -# Set delay for reconnection to some host which has connection -# error (floating point value) -#host_connection_reconnect_delay=0.25 - -# Maximum number of connections to keep queued. (integer -# value) +rabbit_port = {{ rabbitmq_port }} +rabbit_userid = {{ ironic_rabbitmq_userid }} +rabbit_password = {{ ironic_rabbitmq_password }} +rabbit_virtual_host = {{ ironic_rabbitmq_vhost }} +rabbit_hosts = {{ rabbitmq_servers }} +rabbit_use_ssl = {{ rabbitmq_use_ssl }} pool_max_size = {{ ironic_wsgi_processes }} -# Maximum number of connections to create above -# `pool_max_size`. (integer value) -#pool_max_overflow=0 - -# Default number of seconds to wait for a connections to -# available (integer value) -#pool_timeout=30 - -# Lifetime of a connection (since creation) in seconds or None -# for no recycling. Expired connections are closed on acquire. -# (integer value) -#pool_recycle=600 - -# Threshold at which inactive (since release) connections are -# considered stale in seconds or None for no staleness. Stale -# connections are closed on acquire. (integer value) -#pool_stale=60 - -# Persist notification messages. (boolean value) -#notification_persistence=false - -# Exchange name for for sending notifications (string value) -#default_notification_exchange=${control_exchange}_notification - -# Max number of not acknowledged message which RabbitMQ can -# send to notification listener. (integer value) -#notification_listener_prefetch_count=100 - -# Reconnecting retry count in case of connectivity problem -# during sending notification, -1 means infinite retry. -# (integer value) -#default_notification_retry_attempts=-1 - -# Reconnecting retry delay in case of connectivity problem -# during sending notification message (floating point value) -#notification_retry_delay=0.25 - -# Time to live for rpc queues without consumers in seconds. -# (integer value) -#rpc_queue_expiration=60 - -# Exchange name for sending RPC messages (string value) -#default_rpc_exchange=${control_exchange}_rpc - -# Exchange name for receiving RPC replies (string value) -#rpc_reply_exchange=${control_exchange}_rpc_reply - -# Max number of not acknowledged message which RabbitMQ can -# send to rpc listener. (integer value) -#rpc_listener_prefetch_count=100 - -# Max number of not acknowledged message which RabbitMQ can -# send to rpc reply listener. (integer value) -#rpc_reply_listener_prefetch_count=100 - -# Reconnecting retry count in case of connectivity problem -# during sending reply. -1 means infinite retry during -# rpc_timeout (integer value) -#rpc_reply_retry_attempts=-1 - -# Reconnecting retry delay in case of connectivity problem -# during sending reply. (floating point value) -#rpc_reply_retry_delay=0.25 - -# Reconnecting retry count in case of connectivity problem -# during sending RPC message, -1 means infinite retry. If -# actual retry attempts in not 0 the rpc request could be -# processed more then one time (integer value) -#default_rpc_retry_attempts=-1 - -# Reconnecting retry delay in case of connectivity problem -# during sending RPC message (floating point value) -#rpc_retry_delay=0.25 - [oslo_policy] -# -# Options defined in oslo.policy -# - -# The JSON file that defines policies. (string value) -# Deprecated group/name - [DEFAULT]/policy_file -#policy_file=policy.json - -# Default rule. Enforced when a requested rule is not found. -# (string value) -# Deprecated group/name - [DEFAULT]/policy_default_rule -#policy_default_rule=default - -# Directories where policy configuration files are stored. -# They can be relative to any directory in the search path -# defined by the config_dir option, or absolute paths. The -# file defined by policy_file must exist for these directories -# to be searched. Missing or empty directories are ignored. -# (multi valued) -# Deprecated group/name - [DEFAULT]/policy_dirs -#policy_dirs=policy.d - - [pxe] -# -# Options defined in ironic.drivers.modules.iscsi_deploy -# - -# Additional append parameters for baremetal PXE boot. (string -# value) -#pxe_append_params=nofb nomodeset vga=normal - -# Default file system format for ephemeral partition, if one -# is created. (string value) -#default_ephemeral_format=ext4 - -# On the ironic-conductor node, directory where images are -# stored on disk. (string value) -#images_path=/var/lib/ironic/images/ - -# On the ironic-conductor node, directory where master -# instance images are stored on disk. Setting to -# disables image caching. (string value) -#instance_master_path=/var/lib/ironic/master_images - -# Maximum size (in MiB) of cache for master images, including -# those in use. (integer value) -#image_cache_size=20480 - -# Maximum TTL (in minutes) for old master images in cache. -# (integer value) -#image_cache_ttl=10080 - -# The disk devices to scan while doing the deploy. (string -# value) -#disk_devices=cciss/c0d0,sda,hda,vda - - -# -# Options defined in ironic.drivers.modules.pxe -# - -# On ironic-conductor node, template file for PXE -# configuration. (string value) -#pxe_config_template=$pybasedir/drivers/modules/pxe_config.template - -# On ironic-conductor node, template file for PXE -# configuration for UEFI boot loader. (string value) -#uefi_pxe_config_template=$pybasedir/drivers/modules/elilo_efi_pxe_config.template - -# IP address of ironic-conductor node's TFTP server. (string -# value) -#tftp_server=$my_ip - -# ironic-conductor node's TFTP root path. The ironic-conductor -# must have read/write access to this path. (string value) -#tftp_root=/tftpboot - -# On ironic-conductor node, directory where master TFTP images -# are stored on disk. Setting to disables image -# caching. (string value) -#tftp_master_path=/tftpboot/master_images - -# Bootfile DHCP parameter. (string value) -#pxe_bootfile_name=pxelinux.0 - -# Bootfile DHCP parameter for UEFI boot mode. (string value) -#uefi_pxe_bootfile_name=elilo.efi - -# Enable iPXE boot. (boolean value) -#ipxe_enabled=false - -# On ironic-conductor node, the path to the main iPXE script -# file. (string value) -#ipxe_boot_script=$pybasedir/drivers/modules/boot.ipxe - -# Timeout value (in seconds) for downloading an image via -# iPXE. Defaults to 0 (no timeout) (integer value) -#ipxe_timeout=0 - -# The IP version that will be used for PXE booting. Defaults -# to 4. EXPERIMENTAL (string value) -# Possible values: 4, 6 -#ip_version=4 - - [seamicro] -# -# Options defined in ironic.drivers.modules.seamicro -# - -# Maximum retries for SeaMicro operations (integer value) -#max_retry=3 - -# Seconds to wait for power action to be completed (integer -# value) -#action_timeout=10 - - [snmp] -# -# Options defined in ironic.drivers.modules.snmp -# - -# Seconds to wait for power action to be completed (integer -# value) -#power_timeout=10 - -# Time (in seconds) to sleep between when rebooting (powering -# off and on again) (integer value) -# Minimum value: 0 -#reboot_delay=0 - - [ssh] -# -# Options defined in ironic.drivers.modules.ssh -# - -# libvirt URI. (string value) -#libvirt_uri=qemu:///system - -# Number of attempts to try to get VM name used by the host -# that corresponds to a node's MAC address. (integer value) -#get_vm_name_attempts=3 - -# Number of seconds to wait between attempts to get VM name -# used by the host that corresponds to a node's MAC address. -# (integer value) -#get_vm_name_retry_interval=3 - - [ssl] -# -# Options defined in oslo.service.sslutils -# - -# CA certificate file to use to verify connecting clients. -# (string value) -# Deprecated group/name - [DEFAULT]/ssl_ca_file -#ca_file= - -# Certificate file to use when starting the server securely. -# (string value) -# Deprecated group/name - [DEFAULT]/ssl_cert_file -#cert_file= - -# Private key file to use when starting the server securely. -# (string value) -# Deprecated group/name - [DEFAULT]/ssl_key_file -#key_file= - -# SSL version to use (valid only if SSL enabled). Valid values -# are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may -# be available on some distributions. (string value) -#version= - -# Sets the list of available ciphers. value should be a string -# in the OpenSSL cipher list format. (string value) -#ciphers= - - [swift] -# -# Options defined in ironic.common.swift -# - -# Maximum number of times to retry a Swift request, before -# failing. (integer value) -#swift_max_retries=2 - - [virtualbox] - -# -# Options defined in ironic.drivers.modules.virtualbox -# - -# Port on which VirtualBox web service is listening. (port -# value) -# Possible values: 0-65535 -#port=18083 - - diff --git a/tests/test-rest-api.yml b/tests/test-rest-api.yml index 84271799..04018f98 100644 --- a/tests/test-rest-api.yml +++ b/tests/test-rest-api.yml @@ -7,14 +7,26 @@ # needed by the functional test playbook below - name: Install httplib2 so we can use the uri module pip: - name: httplib2 + name: "{{ item }}" + with_items: + - httplib2 + - python-openstackclient + - name: Get auth token + shell: > + . /root/openrc && openstack token issue --format yaml | awk '/^id\:/ {print $2}' + register: get_keystone_token + - name: set token + set_fact: + keystone_token: "{{ get_keystone_token.stdout }}" - name: Check the ironic-api uri: url: "{{ ironic_service_publicuri }}" + HEADER_X-Auth-Token: "{{ keystone_token }}" status_code: 200 - name: list chassis uri: url: "{{ ironic_service_publicuri }}/v1/chassis" + HEADER_X-Auth-Token: "{{ keystone_token }}" status_code: 200 return_content: yes register: chassis_list @@ -22,6 +34,7 @@ assert: that="chassis_list.json.chassis == []" - name: list drivers uri: + HEADER_X-Auth-Token: "{{ keystone_token }}" url: "{{ ironic_service_publicuri }}/v1/drivers" status_code: 200 return_content: yes @@ -31,6 +44,7 @@ - name: list nodes uri: url: "{{ ironic_service_publicuri }}/v1/nodes" + HEADER_X-Auth-Token: "{{ keystone_token }}" status_code: 200 return_content: yes register: node_list @@ -42,6 +56,7 @@ method: POST HEADER_Content-Type: "application/json" HEADER_X-OpenStack-Ironic-API-Version: "1.9" + HEADER_X-Auth-Token: "{{ keystone_token }}" body_format: json body: "{\"name\": \"restnode\", \"driver\": \"agent_ipmitool\", \"driver_info\": {\"ipmi_address\": \"1.2.3.4\"}}" status_code: 201 @@ -58,15 +73,17 @@ method: POST HEADER_Content-Type: "application/json" HEADER_X-OpenStack-Ironic-API-Version: "1.9" + HEADER_X-Auth-Token: "{{ keystone_token }}" body_format: json body: " {\"node_uuid\": \"{{ node_response.json.uuid }}\", \"address\": \"00:00:00:00:00:01\"}" status_code: 201 return_content: yes - name: list ports uri: + url: "{{ ironic_service_publicuri }}/v1/ports" + HEADER_X-Auth-Token: "{{ keystone_token }}" HEADER_Content-Type: "application/json" HEADER_X-OpenStack-Ironic-API-Version: "1.9" - url: "{{ ironic_service_publicuri }}/v1/ports" body: " {\"node\": \"{{ node_response.json.uuid }}\"}" body_format: json return_content: yes @@ -82,15 +99,17 @@ method: POST HEADER_Content-Type: "application/json" HEADER_X-OpenStack-Ironic-API-Version: "1.9" + HEADER_X-Auth-Token: "{{ keystone_token }}" body_format: json body: " {\"node_uuid\": \"{{ node_response.json.uuid }}\", \"address\": \"00:00:00:00:00:02\"}" status_code: 201 return_content: yes - name: list ports again uri: + url: "{{ ironic_service_publicuri }}/v1/ports" + HEADER_X-Auth-Token: "{{ keystone_token }}" HEADER_Content-Type: "application/json" HEADER_X-OpenStack-Ironic-API-Version: "1.9" - url: "{{ ironic_service_publicuri }}/v1/ports" body: " {\"node\": \"{{ node_response.json.uuid }}\"}" body_format: json return_content: yes @@ -104,6 +123,7 @@ url: "{{ ironic_service_publicuri }}/v1/nodes/restnode/validate" method: GET HEADER_X-OpenStack-Ironic-API-Version: "1.9" + HEADER_X-Auth-Token: "{{ keystone_token }}" status_code: 200 return_content: yes register: validate_node @@ -123,6 +143,7 @@ - "validate_node.json.raid.result == true" - name: update a node uri: + HEADER_X-Auth-Token: "{{ keystone_token }}" url: "{{ ironic_service_publicuri }}/v1/nodes/restnode" body: " [{\"path\": \"/name\", \"value\": \"renamednode\", \"op\": \"replace\"}]" method: PATCH @@ -139,6 +160,7 @@ method: DELETE HEADER_Content-Type: "application/json" HEADER_X-OpenStack-Ironic-API-Version: "1.9" + HEADER_X-Auth-Token: "{{ keystone_token }}" status_code: 204 return_content: yes vars_files: diff --git a/tests/test-vars.yml b/tests/test-vars.yml index 5de65d43..9ce83b58 100644 --- a/tests/test-vars.yml +++ b/tests/test-vars.yml @@ -19,6 +19,7 @@ galera_root_user: root galera_root_password: "secrete" rabbitmq_servers: 10.100.100.101:5672 rabbitmq_use_ssl: False +rabbitmq_port: 5672 memcached_servers: 127.0.0.1 memcached_encryption_key: "secrete" keystone_venv_tag: "testing" @@ -29,7 +30,7 @@ keystone_service_password: "secrete" keystone_galera_address: 10.100.100.101 keystone_galera_database: keystone keystone_galera_user: keystone -keystone_container_mysql_password: "SuperSecrete" +keystone_container_mysql_password: "secrete" keystone_auth_admin_token: "SuperSecreteTestToken" keystone_admin_user_name: admin keystone_admin_tenant_name: admin @@ -62,8 +63,20 @@ ironic_service_password: "secrete" ironic_galera_address: 10.100.100.101 ironic_galera_database: ironic ironic_galera_user: ironic -ironic_galera_password: "SuperSecrete" +ironic_galera_password: "secrete" ironic_rabbitmq_password: "secrete" ironic_rabbitmq_userid: ironic ironic_rabbitmq_vhost: /ironic ironic_standalone: True +ironic_swift_endpoint: "http://localhost:8080" +ironic_swift_auth_account: "AUTH_1234567890" +ironic_swift_temp_url_secret_key: secrete +ironic_rabbitmq_userid: ironic +ironic_rabbitmq_password: secrete +ironic_rabbitmq_vhost: /ironic +glance_api_servers: http://localhost:9292 +neutron_service_adminurl: http://localhost:9696 +neutron_service_region: RegionOne +neutron_service_password: secrete +neutron_service_project_name: ironic +neutron_service_user_name: ironic