# Copyright 2017 The Openstack-Helm Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Default values for keystone. # This is a YAML-formatted file. # Declare name/value pairs to be passed into your templates. # name: value labels: api: node_selector_key: openstack-control-plane node_selector_value: enabled conductor: node_selector_key: openstack-control-plane node_selector_value: enabled job: node_selector_key: openstack-control-plane node_selector_value: enabled images: tags: ironic_manage_cleaning_network: docker.io/openstackhelm/heat:newton ironic_retrive_cleaning_network: docker.io/openstackhelm/heat:newton # Bootstrap image requires curl bootstrap: docker.io/openstackhelm/heat:newton db_init: docker.io/openstackhelm/heat:newton ironic_db_sync: docker.io/openstackhelm/ironic:newton ks_user: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton ks_endpoints: docker.io/openstackhelm/heat:newton rabbit_init: docker.io/rabbitmq:3.7-management ironic_api: docker.io/openstackhelm/ironic:newton ironic_conductor: docker.io/openstackhelm/ironic:newton ironic_pxe: docker.io/openstackhelm/ironic:newton ironic_pxe_init: docker.io/openstackhelm/ironic:newton ironic_pxe_http: docker.io/nginx:1.13.3 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 pull_policy: "IfNotPresent" conf: paste: override: append: policy: {} tftp_map_file: | re ^(/tftpboot/) /tftpboot/\2 re ^/tftpboot/ /tftpboot/ re ^(^/) /tftpboot/\1 re ^([^/]) /tftpboot/\1 nginx: | user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; server { listen OSH_PXE_IP:{{ tuple "baremetal" "internal" "pxe_http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}; server_name localhost; #charset koi8-r; #access_log /var/log/nginx/host.access.log main; location / { root /var/lib/openstack-helm/httpboot; } } } ironic: DEFAULT: enabled_drivers: agent_ipmitool api: port: null conductor: api_url: null database: connection: null deploy: http_root: /var/lib/openstack-helm/httpboot glance: auth_type: password swift_temp_url_duration: 86400 temp_url_endpoint_type: radosgw inspector: auth_type: password keystone_authtoken: auth_type: password auth_version: v3 neutron: auth_type: password cleaning_network_uuid: null pxe: pxe_append_params: "nofb nomodeset vga=normal ipa-debug=1" images_path: /var/lib/openstack-helm/ironic/images instance_master_path: /var/lib/openstack-helm/ironic/master_images pxe_config_template: $pybasedir/drivers/modules/ipxe_config.template uefi_pxe_config_template: $pybasedir/drivers/modules/ipxe_config.template tftp_root: /var/lib/openstack-helm/tftpboot tftp_master_path: /var/lib/openstack-helm/tftpboot/master_images pxe_bootfile_name: undionly.kpxe uefi_pxe_bootfile_name: ipxe.efi ipxe_enabled: true service_catalog: auth_type: password swift: auth_url: null network: pxe: device: ironic-pxe neutron_network_name: baremetal neutron_subnet_name: baremetal neutron_provider_network: ironic neutron_subnet_gateway: 172.24.6.1/24 neutron_subnet_cidr: 172.24.6.0/24 neutron_subnet_alloc_start: 172.24.6.100 neutron_subnet_alloc_end: 172.24.6.200 api: ingress: public: true classes: namespace: "nginx" cluster: "nginx-cluster" annotations: nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30511 bootstrap: enabled: true ks_user: ironic script: | RELEASE="newton" IMAGE_URL_BASE="http://tarballs.openstack.org/ironic-python-agent/tinyipa/files" IMAGE_INITRAMFS="ironic-agent.initramfs" IMAGE_INITRAMFS_URL="${IMAGE_URL_BASE}/tinyipa-stable-${RELEASE}.gz" IMAGE_KERNEL="ironic-agent.kernel" IMAGE_KERNEL_URL="${IMAGE_URL_BASE}/tinyipa-stable-${RELEASE}.vmlinuz" openstack image show ${IMAGE_INITRAMFS} || ( IMAGE_LOC=$(mktemp) curl -L ${IMAGE_INITRAMFS_URL} -o ${IMAGE_LOC} openstack image create \ --file ${IMAGE_LOC} \ --disk-format ari \ --container-format ari \ --public \ ${IMAGE_INITRAMFS} rm -f ${IMAGE_LOC} ) openstack image show ${IMAGE_KERNEL} || ( IMAGE_LOC=$(mktemp) curl -L ${IMAGE_KERNEL_URL} -o ${IMAGE_LOC} openstack image create \ --file ${IMAGE_LOC} \ --disk-format aki \ --container-format aki \ --public \ ${IMAGE_KERNEL} rm -f ${IMAGE_LOC} ) dependencies: static: api: jobs: - ironic-db-sync - ironic-ks-user - ironic-ks-endpoints - ironic-manage-cleaning-network services: - endpoint: internal service: oslo_db - endpoint: internal service: identity bootstrap: jobs: - ironic-db-sync - ironic-ks-user - ironic-ks-endpoints services: - endpoint: internal service: identity - endpoint: internal service: image - endpoint: internal service: baremetal conductor: jobs: - ironic-db-sync - ironic-ks-user - ironic-ks-endpoints - ironic-manage-cleaning-network services: - endpoint: internal service: oslo_db - endpoint: internal service: identity - endpoint: internal service: baremetal db_init: services: - endpoint: internal service: oslo_db db_sync: jobs: - ironic-db-init services: - endpoint: internal service: oslo_db ks_endpoints: jobs: - ironic-ks-service services: - endpoint: internal service: identity ks_service: services: - endpoint: internal service: identity ks_user: services: - endpoint: internal service: identity rabbit_init: services: - service: oslo_messaging endpoint: internal manage_cleaning_network: services: - endpoint: internal service: network # Names of secrets used by bootstrap and environmental checks secrets: identity: admin: ironic-keystone-admin ironic: ironic-keystone-user oslo_db: admin: ironic-db-admin ironic: ironic-db-user oslo_messaging: admin: ironic-rabbitmq-admin ironic: ironic-rabbitmq-user # typically overridden by environmental # values, but should include all endpoints # required by this chart endpoints: cluster_domain_suffix: cluster.local identity: name: keystone auth: admin: region_name: RegionOne username: admin password: password project_name: admin user_domain_name: default project_domain_name: default ironic: role: admin region_name: RegionOne username: ironic password: password project_name: service user_domain_name: default project_domain_name: default hosts: default: keystone-api public: keystone host_fqdn_override: default: null path: default: /v3 scheme: default: http port: admin: default: 35357 api: default: 80 baremetal: name: ironic hosts: default: ironic-api public: ironic host_fqdn_override: default: null path: default: null scheme: default: http port: api: default: 6385 public: 80 pxe_http: default: 8080 image: name: glance hosts: default: glance-api public: glance host_fqdn_override: default: null path: default: null scheme: default: http port: api: default: 9292 public: 80 ceph_object_store: name: radosgw namespace: ceph auth: glance: tmpurlkey: supersecret hosts: default: ceph-rgw host_fqdn_override: default: null path: default: /auth/v1.0 scheme: default: http port: api: default: 8088 oslo_db: auth: admin: username: root password: password ironic: username: ironic password: password hosts: default: mariadb host_fqdn_override: default: null path: /ironic scheme: mysql+pymysql port: mysql: default: 3306 oslo_cache: auth: # NOTE(portdirect): this is used to define the value for keystone # authtoken cache encryption key, if not set it will be populated # automatically with a random value, but to take advantage of # this feature all services should be set to use the same key, # and memcache service. memcache_secret_key: null hosts: default: memcached host_fqdn_override: default: null port: memcache: default: 11211 oslo_messaging: auth: admin: username: rabbitmq password: password ironic: username: ironic password: password hosts: default: rabbitmq host_fqdn_override: default: null path: /ironic scheme: rabbit port: amqp: default: 5672 http: default: 15672 network: name: neutron hosts: default: neutron-server public: neutron host_fqdn_override: default: null path: default: null scheme: default: 'http' port: api: default: 9696 public: 80 pod: affinity: anti: type: default: preferredDuringSchedulingIgnoredDuringExecution topologyKey: default: kubernetes.io/hostname mounts: ironic_api: init_container: null ironic_api: ironic_conductor: init_container: null ironic_conductor: ironic_bootstrap: init_container: null ironic_bootstrap: replicas: api: 1 conductor: 1 lifecycle: upgrades: deployments: revision_history: 3 pod_replacement_strategy: RollingUpdate rolling_update: max_unavailable: 1 max_surge: 3 disruption_budget: api: min_available: 0 termination_grace_period: api: timeout: 30 resources: enabled: false api: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" conductor: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" jobs: bootstrap: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" db_init: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" db_sync: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_endpoints: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_service: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" ks_user: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" rabbit_init: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" tests: requests: memory: "128Mi" cpu: "100m" limits: memory: "1024Mi" cpu: "2000m" manifests: configmap_bin: true configmap_etc: true deployment_api: true ingress_api: true job_bootstrap: true job_db_drop: false job_db_init: true job_db_sync: true job_ks_endpoints: true job_ks_service: true job_ks_user: true job_manage_cleaning_network: true job_rabbit_init: true pdb_api: true secret_db: true secret_keystone: true secret_rabbitmq: true service_api: true service_ingress_api: true statefulset_conductor: true