openstack/openstack-ansible-os_ironic
Code Issues Proposed changes
321ee06231
openstack-ansible-os_ironic/templates/inspector.conf.j2
James Denton 7900aeb223 Update Inspector listener address and network 
This patch allows ironic-inspector to listen on host IP
rather than 0.0.0.0, as well as allows an existing Neutron-managed
inspection network to be used for inspection traffic.

Change-Id: I645857ad62954f08b160e5889f93dc1f6423def2
2020-11-09 11:35:08 -06:00

105 lines
3.2 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
[DEFAULT]
listen_address = {{ ironic_inspector_service_address }}
listen_port = {{ ironic_inspector_service_port }}
rootwrap_config = /etc/ironic-inspector/rootwrap.conf
auth_strategy = keystone
debug = {{ debug }}
# RPC Backend
transport_url = {{ ironic_inspector_oslomsg_rpc_transport }}://{% for host in ironic_inspector_oslomsg_rpc_servers.split(',') %}{{ ironic_inspector_oslomsg_rpc_userid }}:{{ ironic_oslomsg_rpc_password }}@{{ host }}:{{ ironic_inspector_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ ironic_inspector_oslomsg_rpc_vhost }}{% if ironic_inspector_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
[capabilities]
[cors]
[database]
connection = {{ ironic_inspector_openstack_db_connection_string }}
max_overflow = {{ ironic_inspector_db_max_overflow }}
max_pool_size = {{ ironic_inspector_db_max_pool_size }}
pool_timeout = {{ ironic_inspector_db_pool_timeout }}
[discovery]
enroll_node_driver = ipmi
[dnsmasq_pxe_filter]
{% if ironic_inspector_pxe_filter == "dnsmasq" %}
dhcp_hostsdir = /etc/dnsmasq.d/dhcp-hostsdir
dnsmasq_start_command = systemctl start dnsmasq
dnsmasq_stop_command = systemctl stop dnsmasq
{% endif %}
[iptables]
{% if ironic_inspector_pxe_filter == "iptables" %}
manage_firewall = True
{% endif %}
dnsmasq_interface = br-ironic
[ironic]
username = ironic
password = {{ ironic_service_password }}
project_name = service
user_domain_name = {{ ironic_service_user_domain_id }}
project_domain_name = {{ ironic_service_project_domain_id }}
auth_url = {{ keystone_service_adminurl }}
insecure = {{ keystone_service_adminuri_insecure | bool }}
auth_type = password
valid_interfaces = internal,public
insecure = {{ keystone_service_internaluri_insecure | bool }}
[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = password
auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }}
project_domain_id = default
user_domain_id = default
project_name = "service"
username = ironic_inspector
password = {{ ironic_inspector_service_password }}
region_name = {{ keystone_service_region }}
memcached_servers = {{ memcached_servers }}
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
[oslo_policy]
[pci_devices]
[processing]
add_ports = pxe
keep_ports = present
store_data = database
store_data_location = report_path
ramdisk_logs_dir = {{ ironic_system_home_folder }}/ramdisk-logs
always_store_ramdisk_logs = true
{% if ironic_inspector_processing_hooks is defined %}
processing_hooks = {{ ironic_inspector_processing_hooks }}
{% endif %}
{% if ironic_inspector_enable_discovery == true %}
node_not_found_hook = enroll
{% endif %}
[pxe_filter]
{% if ironic_inspector_dhcp_type == "isc_dhcp" %}
driver = iptables
{% else %}
driver = dnsmasq
{% endif %}
[swift]
username = swift-inspector
password = {{ ironic_inspector_swift_password }}
project_name = ironic-inspector
user_domain_name = default
project_domain_name = default
auth_url = {{ keystone_service_adminurl }}
insecure = {{ keystone_service_adminuri_insecure | bool }}
auth_type = password
valid_interfaces = internal,public
container = ironic-inspector
View Git Blame Copy Permalink