8cbbd08259
* auth_uri was replaced by www_authenticate_uri * conductor::api_url is redundant, can be fetched from keystone * glance_api_servers is redundant, can be fetched from keystone Change-Id: I654f312754e169c54f3e7072160006b8d3112265
371 lines
18 KiB
YAML
371 lines
18 KiB
YAML
heat_template_version: queens
|
|
|
|
description: >
|
|
OpenStack Ironic conductor configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
Debug:
|
|
default: false
|
|
description: Set to True to enable debugging on all services.
|
|
type: boolean
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
IronicAutomatedClean:
|
|
default: true
|
|
description: Enables or disables automated cleaning which may result in
|
|
security problems and deployment failures on rebuilds.
|
|
Do not set to False, unless you really know what you are doing.
|
|
type: boolean
|
|
IronicCleaningDiskErase:
|
|
default: 'full'
|
|
description: Type of disk cleaning before and between deployments,
|
|
"full" for full cleaning, "metadata" to clean only disk
|
|
metadata (partition table).
|
|
type: string
|
|
IronicCleaningNetwork:
|
|
default: 'provisioning'
|
|
description: Name or UUID of the *overcloud* network used for cleaning
|
|
bare metal nodes. The default value of "provisioning" can be
|
|
left during the initial deployment (when no networks are
|
|
created yet) and should be changed to an actual UUID in
|
|
a post-deployment stack update.
|
|
type: string
|
|
IronicDebug:
|
|
default: ''
|
|
description: Set to True to enable debugging Ironic services.
|
|
type: string
|
|
constraints:
|
|
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
|
|
IronicDefaultBootOption:
|
|
default: 'local'
|
|
description: How to boot the bare metal instances. Set to 'local' (the
|
|
default) to use local bootloader (requires grub2 for partition
|
|
images). Set to 'netboot' to make the instances boot from
|
|
controllers using PXE/iPXE.
|
|
type: string
|
|
IronicDefaultInspectInterface:
|
|
default: ''
|
|
description: Inspect interface implementation to use by default. Leave empty to
|
|
use the hardware type default.
|
|
type: string
|
|
IronicDefaultNetworkInterface:
|
|
default: 'flat'
|
|
description: Network interface implementation to use by default.
|
|
Set to "flat" (the default) to use one flat provider network.
|
|
Set to "neutron" to make Ironic interact with the Neutron
|
|
ML2 driver to enable other network types and certain
|
|
advances networking features. Requires
|
|
IronicProvisioningNetwork to be correctly set.
|
|
type: string
|
|
IronicDefaultRescueInterface:
|
|
default: 'agent'
|
|
description: Default rescue implementation to use. The "agent" rescue
|
|
requires a compatible ramdisk to be used.
|
|
type: string
|
|
IronicDeployLogsStorageBackend:
|
|
default: 'local'
|
|
description: Backend to use to store ramdisk logs, either "local"
|
|
or "swift".
|
|
type: string
|
|
IronicEnabledDrivers:
|
|
default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo']
|
|
description: Enabled Ironic drivers
|
|
type: comma_delimited_list
|
|
IronicEnabledHardwareTypes:
|
|
default: ['ipmi', 'redfish']
|
|
description: Enabled Ironic hardware types
|
|
type: comma_delimited_list
|
|
IronicEnabledBootInterfaces:
|
|
default: ['pxe']
|
|
description: Enabled boot interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledConsoleInterfaces:
|
|
default: ['ipmitool-socat', 'no-console']
|
|
description: Enabled console interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledDeployInterfaces:
|
|
default: ['iscsi', 'direct']
|
|
description: Enabled deploy interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledInspectInterfaces:
|
|
default: ['no-inspect']
|
|
description: Enabled inspect interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledManagementInterfaces:
|
|
default: ['ipmitool', 'redfish']
|
|
description: Enabled management interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledNetworkInterfaces:
|
|
default: ['flat', 'neutron']
|
|
description: Enabled network interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledPowerInterfaces:
|
|
default: ['ipmitool', 'redfish']
|
|
description: Enabled power interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledRaidInterfaces:
|
|
default: ['no-raid', 'agent']
|
|
description: Enabled RAID interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledRescueInterfaces:
|
|
default: ['no-rescue', 'agent']
|
|
description: Enabled rescue interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledStorageInterfaces:
|
|
default: ['cinder', 'noop']
|
|
description: Enabled storage interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledVendorInterfaces:
|
|
default: ['ipmitool', 'no-vendor']
|
|
description: Enabled vendor interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnableStagingDrivers:
|
|
default: false
|
|
description: Whether to enable use of staging drivers.
|
|
type: boolean
|
|
IronicIPXEEnabled:
|
|
default: true
|
|
description: Whether to use iPXE instead of PXE for deployment.
|
|
type: boolean
|
|
IronicIPXEPort:
|
|
default: 8088
|
|
description: Port to use for serving images when iPXE is used.
|
|
type: string
|
|
IronicIPXETimeout:
|
|
default: 60
|
|
description: iPXE timeout in second. Set to 0 for infinite timeout.
|
|
type: string
|
|
IronicPassword:
|
|
description: The password for the Ironic service and db account, used by the Ironic services
|
|
type: string
|
|
hidden: true
|
|
IronicProvisioningNetwork:
|
|
default: 'provisioning'
|
|
description: Name or UUID of the *overcloud* network used for provisioning
|
|
of bare metal nodes, if IronicDefaultNetworkInterface is
|
|
set to "neutron". The default value of "provisioning" can be
|
|
left during the initial deployment (when no networks are
|
|
created yet) and should be changed to an actual UUID in
|
|
a post-deployment stack update.
|
|
type: string
|
|
IronicRescuingNetwork:
|
|
default: 'provisioning'
|
|
description: Name or UUID of the *overcloud* network used for resucing
|
|
of bare metal nodes, if IronicDefaultRescueInterface is not
|
|
set to "no-rescue". The default value of "provisioning" can be
|
|
left during the initial deployment (when no networks are
|
|
created yet) and should be changed to an actual UUID in
|
|
a post-deployment stack update.
|
|
type: string
|
|
IronicForcePowerStateDuringSync:
|
|
default: true
|
|
description: Whether to force power state during sync.
|
|
type: boolean
|
|
MonitoringSubscriptionIronicConductor:
|
|
default: 'overcloud-ironic-conductor'
|
|
type: string
|
|
|
|
resources:
|
|
IronicBase:
|
|
type: ./ironic-base.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
Debug: {get_param: Debug}
|
|
IronicDebug: {get_param: IronicDebug}
|
|
|
|
conditions:
|
|
default_inspect_interface_unset: {equals : [{get_param: IronicDefaultInspectInterface}, '']}
|
|
service_debug:
|
|
or:
|
|
- equals: [{get_param: IronicDebug}, 'true']
|
|
- equals: [{get_param: IronicDebug}, 'True']
|
|
- equals: [{get_param: IronicDebug}, 'TRUE']
|
|
- equals: [{get_param: Debug}, true]
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Ironic conductor role.
|
|
value:
|
|
service_name: ironic_conductor
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [IronicBase, role_data, config_settings]
|
|
-
|
|
if:
|
|
- default_inspect_interface_unset
|
|
- {}
|
|
- ironic::drivers::interfaces::default_inspect_interface: {get_param: IronicDefaultInspectInterface}
|
|
- ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
|
|
ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork}
|
|
ironic::conductor::provisioning_network: {get_param: IronicProvisioningNetwork}
|
|
ironic::conductor::rescuing_network: {get_param: IronicRescuingNetwork}
|
|
ironic::conductor::default_boot_option: {get_param: IronicDefaultBootOption}
|
|
ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
|
|
ironic::conductor::automated_clean: {get_param: IronicAutomatedClean}
|
|
ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes}
|
|
ironic::conductor::force_power_state_during_sync: {get_param: IronicForcePowerStateDuringSync}
|
|
# We need an endpoint containing a real IP, not a VIP here
|
|
ironic_conductor_http_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
|
ironic::conductor::http_url:
|
|
list_join:
|
|
- ''
|
|
- - 'http://'
|
|
- "%{hiera('ironic_conductor_http_host')}:"
|
|
- {get_param: IronicIPXEPort}
|
|
ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
|
|
ironic::drivers::pxe::ipxe_timeout: {get_param: IronicIPXETimeout}
|
|
# NOTE: bind IP is found in hiera replacing the network name with the
|
|
# local node IP for the given network; replacement examples
|
|
# (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
ironic::drivers::pxe::tftp_server:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
|
ironic::pxe::tftp_bind_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
|
# NOTE(dtantsur): UEFI only works with iPXE currently for us
|
|
ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
|
|
ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
|
|
ironic::drivers::agent::deploy_logs_storage_backend: {get_param: IronicDeployLogsStorageBackend}
|
|
ironic::drivers::agent::deploy_logs_local_path: '/var/log/ironic/deploy/'
|
|
ironic::drivers::agent::deploy_logs_collect:
|
|
if:
|
|
- service_debug
|
|
- 'always'
|
|
- 'on_failure'
|
|
# NOTE(emilien): ILO defaulting to UEFI does not match other drivers so bios is used.
|
|
ironic::drivers::ilo::default_boot_mode: 'bios'
|
|
ironic::drivers::interfaces::enabled_boot_interfaces: {get_param: IronicEnabledBootInterfaces}
|
|
ironic::drivers::interfaces::enabled_console_interfaces: {get_param: IronicEnabledConsoleInterfaces}
|
|
ironic::drivers::interfaces::enabled_deploy_interfaces: {get_param: IronicEnabledDeployInterfaces}
|
|
ironic::drivers::interfaces::enabled_inspect_interfaces: {get_param: IronicEnabledInspectInterfaces}
|
|
ironic::drivers::interfaces::enabled_management_interfaces: {get_param: IronicEnabledManagementInterfaces}
|
|
ironic::drivers::interfaces::enabled_network_interfaces: {get_param: IronicEnabledNetworkInterfaces}
|
|
ironic::drivers::interfaces::enabled_power_interfaces: {get_param: IronicEnabledPowerInterfaces}
|
|
ironic::drivers::interfaces::enabled_raid_interfaces: {get_param: IronicEnabledRaidInterfaces}
|
|
ironic::drivers::interfaces::enabled_rescue_interfaces: {get_param: IronicEnabledRescueInterfaces}
|
|
ironic::drivers::interfaces::enabled_storage_interfaces: {get_param: IronicEnabledStorageInterfaces}
|
|
ironic::drivers::interfaces::enabled_vendor_interfaces: {get_param: IronicEnabledVendorInterfaces}
|
|
ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface}
|
|
ironic::drivers::interfaces::default_rescue_interface: {get_param: IronicDefaultRescueInterface}
|
|
tripleo.ironic_conductor.firewall_rules:
|
|
'134 ironic conductor TFTP':
|
|
dport: 69
|
|
proto: udp
|
|
'135 ironic conductor HTTP':
|
|
dport: {get_param: IronicIPXEPort}
|
|
# NOTE(dtantsur): the my_ip parameter is heavily overloaded in
|
|
# ironic. It's used as a default value for e.g. TFTP server IP,
|
|
# glance and neutron endpoints, virtual console IP. We override
|
|
# the TFTP server IP in ironic-conductor.yaml as it should not be
|
|
# the VIP, but rather a real IP of the host.
|
|
ironic::my_ip:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
|
ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
|
|
# Credentials to access other services
|
|
ironic::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::cinder::username: 'ironic'
|
|
ironic::cinder::password: {get_param: IronicPassword}
|
|
ironic::cinder::project_name: 'service'
|
|
ironic::cinder::user_domain_name: 'Default'
|
|
ironic::cinder::project_domain_name: 'Default'
|
|
ironic::glance::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::glance::username: 'ironic'
|
|
ironic::glance::password: {get_param: IronicPassword}
|
|
ironic::glance::project_name: 'service'
|
|
ironic::glance::user_domain_name: 'Default'
|
|
ironic::glance::project_domain_name: 'Default'
|
|
ironic::neutron::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::neutron::username: 'ironic'
|
|
ironic::neutron::password: {get_param: IronicPassword}
|
|
ironic::neutron::project_name: 'service'
|
|
ironic::neutron::user_domain_name: 'Default'
|
|
ironic::neutron::project_domain_name: 'Default'
|
|
ironic::service_catalog::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::service_catalog::username: 'ironic'
|
|
ironic::service_catalog::password: {get_param: IronicPassword}
|
|
ironic::service_catalog::project_name: 'service'
|
|
ironic::service_catalog::user_domain_name: 'Default'
|
|
ironic::service_catalog::project_domain_name: 'Default'
|
|
ironic::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::swift::username: 'ironic'
|
|
ironic::swift::password: {get_param: IronicPassword}
|
|
ironic::swift::project_name: 'service'
|
|
ironic::swift::user_domain_name: 'Default'
|
|
ironic::swift::project_domain_name: 'Default'
|
|
# ironic-inspector support is not implemented, but let's configure
|
|
# the credentials for consistency.
|
|
ironic::drivers::inspector::enabled: false
|
|
ironic::drivers::inspector::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::drivers::inspector::username: 'ironic'
|
|
ironic::drivers::inspector::password: {get_param: IronicPassword}
|
|
ironic::drivers::inspector::project_name: 'service'
|
|
ironic::drivers::inspector::user_domain_name: 'Default'
|
|
ironic::drivers::inspector::project_domain_name: 'Default'
|
|
tripleo::profile::base::ironic::conductor::enable_staging: {get_param: IronicEnableStagingDrivers}
|
|
step_config: |
|
|
include ::tripleo::profile::base::ironic::conductor
|
|
upgrade_tasks:
|
|
- name: Stop ironic_conductor service
|
|
when: step|int == 1
|
|
service: name=openstack-ironic-conductor state=stopped
|