bd13adefd1
Add new parameter IronicIPXEUefiSnpOnly (default: true). When `true` ipxe-snponly.efi is used for UEFI, when `false` ipxe.efi is used. 'snponly.efi' is the default in puppet-ironic master branch, however in Wallaby and earlier releases 'ipxe.efi' is the default. Since 'ipxe.efi' is not compatible with a lot of hardware TripleO should change this default. Related: RHBZ#2049179 Closes-Bug: 1959726 Change-Id: I8ee338c3f3e20f1826d98efb38d3b21fefda5031
767 lines
35 KiB
YAML
767 lines
35 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
OpenStack containerized Ironic Conductor service
|
|
|
|
parameters:
|
|
ContainerIronicConductorImage:
|
|
description: image
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
ContainerIronicConfigImage:
|
|
description: The container image to use for the ironic config_volume
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. Use
|
|
parameter_merge_strategies to merge it with the defaults.
|
|
type: json
|
|
Debug:
|
|
default: false
|
|
description: Set to True to enable debugging on all services.
|
|
type: boolean
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
KeystoneRegion:
|
|
type: string
|
|
default: 'regionOne'
|
|
description: Keystone region for endpoint
|
|
IronicConfigureSwiftTempUrlKey:
|
|
default: true
|
|
description: Whether to configure Swift temporary URLs for use with
|
|
the "direct" and "ansible" deploy interfaces.
|
|
type: boolean
|
|
IronicAutomatedClean:
|
|
default: true
|
|
description: Enables or disables automated cleaning which may result in
|
|
security problems and deployment failures on rebuilds.
|
|
Do not set to False, unless you really know what you are doing.
|
|
type: boolean
|
|
IronicCleaningDiskErase:
|
|
default: 'full'
|
|
description: Type of disk cleaning before and between deployments,
|
|
"full" for full cleaning, "metadata" to clean only disk
|
|
metadata (partition table).
|
|
type: string
|
|
IronicCleaningNetwork:
|
|
default: 'provisioning'
|
|
description: Name or UUID of the *overcloud* network used for cleaning
|
|
bare metal nodes. The default value of "provisioning" can be
|
|
left during the initial deployment (when no networks are
|
|
created yet) and should be changed to an actual UUID in
|
|
a post-deployment stack update.
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
IronicDebug:
|
|
default: false
|
|
description: Set to True to enable debugging Ironic services.
|
|
type: boolean
|
|
IronicDefaultBootOption:
|
|
default: 'local'
|
|
description: How to boot the bare metal instances. Set to 'local' (the
|
|
default) to use local bootloader (requires grub2 for partition
|
|
images). Set to 'netboot' to make the instances boot from
|
|
controllers using PXE/iPXE.
|
|
type: string
|
|
IronicDefaultBootMode:
|
|
default: 'uefi'
|
|
description: Default boot mode to use when no boot mode is explicitly
|
|
requested in node's driver_info, capabilities or in the
|
|
"instance_info" configuration. One of 'bios' or 'uefi'.
|
|
type: string
|
|
IronicDefaultBootInterface:
|
|
default: ''
|
|
description: Boot interface implementation to use by default. Leave empty to
|
|
set none. This may not work if a hardware type does not support
|
|
the set boot interface. This overrides create-time defaults.
|
|
The ordered union of the enabled boot interfaces and hardware
|
|
type determines, under normal circumstances, what the default
|
|
will be.
|
|
type: string
|
|
IronicDefaultDeployInterface:
|
|
default: ''
|
|
description: Deploy interface implementation to use by default. Leave empty to
|
|
use the hardware type default.
|
|
type: string
|
|
IronicDefaultInspectInterface:
|
|
default: ''
|
|
description: Inspect interface implementation to use by default. Leave empty to
|
|
use the hardware type default.
|
|
type: string
|
|
IronicDefaultNetworkInterface:
|
|
default: 'flat'
|
|
description: Network interface implementation to use by default.
|
|
Set to "flat" (the default) to use one flat provider network.
|
|
Set to "neutron" to make Ironic interact with the Neutron
|
|
ML2 driver to enable other network types and certain
|
|
advances networking features. Requires
|
|
IronicProvisioningNetwork to be correctly set.
|
|
type: string
|
|
IronicDefaultRescueInterface:
|
|
default: 'agent'
|
|
description: Default rescue implementation to use. The "agent" rescue
|
|
requires a compatible ramdisk to be used.
|
|
type: string
|
|
IronicDeployLogsStorageBackend:
|
|
default: 'local'
|
|
description: Backend to use to store ramdisk logs, either "local"
|
|
or "swift".
|
|
type: string
|
|
IronicEnabledHardwareTypes:
|
|
default: ['ipmi', 'redfish']
|
|
description: Enabled Ironic hardware types
|
|
type: comma_delimited_list
|
|
IronicEnabledBiosInterfaces:
|
|
default: ['no-bios']
|
|
description: Enabled bios interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledBootInterfaces:
|
|
default: ['ipxe', 'pxe']
|
|
description: Enabled boot interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledConsoleInterfaces:
|
|
default: ['ipmitool-socat', 'no-console']
|
|
description: Enabled console interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledDeployInterfaces:
|
|
default: ['direct']
|
|
description: Enabled deploy interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledInspectInterfaces:
|
|
default: ['no-inspect']
|
|
description: Enabled inspect interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledManagementInterfaces:
|
|
default: ['ipmitool', 'noop', 'redfish']
|
|
description: Enabled management interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledNetworkInterfaces:
|
|
default: ['flat', 'neutron']
|
|
description: Enabled network interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledPowerInterfaces:
|
|
default: ['ipmitool', 'redfish']
|
|
description: Enabled power interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledRaidInterfaces:
|
|
default: ['no-raid', 'agent']
|
|
description: Enabled RAID interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledRescueInterfaces:
|
|
default: ['no-rescue', 'agent']
|
|
description: Enabled rescue interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledStorageInterfaces:
|
|
default: ['cinder', 'noop']
|
|
description: Enabled storage interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnabledVendorInterfaces:
|
|
default: ['ipmitool', 'no-vendor']
|
|
description: Enabled vendor interface implementations. Each hardware
|
|
type must have at least one valid implementation enabled.
|
|
type: comma_delimited_list
|
|
IronicEnableStagingDrivers:
|
|
default: false
|
|
description: Whether to enable use of staging drivers.
|
|
type: boolean
|
|
IronicImageDownloadSource:
|
|
default: http
|
|
description: Image delivery method for the "direct" deploy interface.
|
|
Use "swift" for the Object Storage temporary URLs,
|
|
use "http" for the local HTTP server (the same as for iPXE).
|
|
type: string
|
|
IronicIPXEEnabled:
|
|
default: false
|
|
description: DEPRECATED, boot interfaces are specified on a per-node basis
|
|
type: boolean
|
|
IronicIPXEPort:
|
|
default: 8088
|
|
description: Port to use for serving images when iPXE is used.
|
|
type: string
|
|
IronicIPXETimeout:
|
|
default: 60
|
|
description: iPXE timeout in second. Set to 0 for infinite timeout.
|
|
type: string
|
|
IronicPowerStateChangeTimeout:
|
|
default: 60
|
|
description: Number of seconds to wait for power operations to
|
|
complete, i.e., so that a baremetal node is in the
|
|
desired power state. If timed out, the power operation
|
|
is considered a failure.
|
|
type: string
|
|
IronicPassword:
|
|
description: The password for the Ironic service and db account, used by the Ironic services
|
|
type: string
|
|
hidden: true
|
|
IronicProvisioningNetwork:
|
|
default: 'provisioning'
|
|
description: Name or UUID of the *overcloud* network used for provisioning
|
|
of bare metal nodes, if IronicDefaultNetworkInterface is
|
|
set to "neutron". The default value of "provisioning" can be
|
|
left during the initial deployment (when no networks are
|
|
created yet) and should be changed to an actual UUID in
|
|
a post-deployment stack update.
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
IronicRescuingNetwork:
|
|
default: 'provisioning'
|
|
description: Name or UUID of the *overcloud* network used for resucing
|
|
of bare metal nodes, if IronicDefaultRescueInterface is not
|
|
set to "no-rescue". The default value of "provisioning" can be
|
|
left during the initial deployment (when no networks are
|
|
created yet) and should be changed to an actual UUID in
|
|
a post-deployment stack update.
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
IronicForcePowerStateDuringSync:
|
|
default: true
|
|
description: Whether to force power state during sync.
|
|
type: boolean
|
|
IronicConductorGroup:
|
|
description: The name of an Ironic Conductor Group.
|
|
default: ''
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
constraints:
|
|
- allowed_pattern: '^[a-zA-Z0-9_\-\.]*$'
|
|
MonitoringSubscriptionIronicConductor:
|
|
default: 'overcloud-ironic-conductor'
|
|
type: string
|
|
AdditionalArchitectures:
|
|
default: []
|
|
description: List of additional architectures to enable.
|
|
type: comma_delimited_list
|
|
IronicIpVersion:
|
|
default: 4
|
|
description: DEPRECATED, The IP version that will be used for PXE booting.
|
|
type: string
|
|
IronicDhcpv6StatefulAddressCount:
|
|
default: 4
|
|
description: Number of IPv6 addresses to allocate for ports created for
|
|
provisioning, cleaning, rescue or inspection on DHCPv6-stateful
|
|
networks. Different stages of the chain-loading process will
|
|
request addresses with different CLID/IAID. Due to non-
|
|
identical identifiers multiple addresses must be reserved for
|
|
the host to ensure each step of the boot process can
|
|
successfully lease addresses.
|
|
type: string
|
|
IronicAuthStrategy:
|
|
type: string
|
|
description: Auth strategy to use with ironic.
|
|
default: keystone
|
|
constraints:
|
|
- allowed_values: ['keystone', 'http_basic', 'noauth']
|
|
NeutronAuthStrategy:
|
|
type: string
|
|
description: Auth strategy to use with neutron.
|
|
default: keystone
|
|
constraints:
|
|
- allowed_values: ['keystone', 'noauth', 'http_basic']
|
|
IronicRpcTransport:
|
|
description: The remote procedure call transport between conductor and
|
|
API processes, such as a messaging broker or JSON RPC.
|
|
default: 'oslo'
|
|
type: string
|
|
constraints:
|
|
- allowed_values: ['oslo', 'json-rpc']
|
|
IronicIPXEUefiSnpOnly:
|
|
type: boolean
|
|
description: Wheater to use SNP (Simple Network Protocol) iPXE EFI, or not.
|
|
When set to true `ipxe-snponly` EFI is used.
|
|
default: true
|
|
|
|
parameter_groups:
|
|
- label: deprecated
|
|
description: |
|
|
The following parameters are deprecated and will be removed. They should not
|
|
be relied on for new deployments. If you have concerns regarding deprecated
|
|
parameters, please contact the TripleO development team on IRC or the
|
|
Openstack mailing list.
|
|
parameters:
|
|
- IronicIPXEEnabled
|
|
- IronicIpVersion
|
|
|
|
conditions:
|
|
default_boot_interface_set:
|
|
not: {equals : [{get_param: IronicDefaultBootInterface}, '']}
|
|
default_deploy_interface_set:
|
|
not: {equals : [{get_param: IronicDefaultDeployInterface}, '']}
|
|
default_inspect_interface_set:
|
|
not: {equals : [{get_param: IronicDefaultInspectInterface}, '']}
|
|
service_debug:
|
|
or:
|
|
- {get_param: IronicDebug}
|
|
- {get_param: Debug}
|
|
enable_architecture_ppc64le: {contains: ['ppc64le', {get_param: AdditionalArchitectures}]}
|
|
ironic_conductor_group:
|
|
or:
|
|
- not: {equals: [{get_param: IronicConductorGroup}, '']}
|
|
- not: {equals: [{get_param: [RoleParameters, IronicConductorGroup]}, '']}
|
|
auth_strategy_non_default:
|
|
contains: [{get_param: IronicAuthStrategy}, ['noauth', 'http_basic']]
|
|
auth_strategy_noauth:
|
|
equals: [{get_param: IronicAuthStrategy}, 'noauth']
|
|
neutron_noauth:
|
|
equals: [{get_param: NeutronAuthStrategy}, 'noauth']
|
|
neutron_auth_non_default:
|
|
contains: [{get_param: NeutronAuthStrategy}, ['noauth', 'http_basic']]
|
|
rpc_transport_json_rpc:
|
|
{equals : [{get_param: IronicRpcTransport}, 'json-rpc']}
|
|
json_rpc_with_http_basic:
|
|
and:
|
|
- rpc_transport_json_rpc
|
|
- equals: [{get_param: IronicAuthStrategy}, 'http_basic']
|
|
|
|
resources:
|
|
RoleParametersValue:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_replace:
|
|
- map_replace:
|
|
- map_merge:
|
|
- if:
|
|
- ironic_conductor_group
|
|
- ironic::conductor::conductor_group: IronicConductorGroup
|
|
- {}
|
|
- ironic::conductor::cleaning_network: IronicCleaningNetwork
|
|
ironic::conductor::provisioning_network: IronicProvisioningNetwork
|
|
ironic::conductor::rescuing_network: IronicRescuingNetwork
|
|
ContainerIronicConductorImage: ContainerIronicConductorImage
|
|
ContainerIronicConfigImage: ContainerIronicConfigImage
|
|
- values: {get_param: [RoleParameters]}
|
|
- values:
|
|
IronicConductorGroup: {get_param: IronicConductorGroup}
|
|
IronicProvisioningNetwork: {get_param: IronicProvisioningNetwork}
|
|
IronicCleaningNetwork: {get_param: IronicCleaningNetwork}
|
|
IronicRescuingNetwork: {get_param: IronicRescuingNetwork}
|
|
ContainerIronicConductorImage: {get_param: ContainerIronicConductorImage}
|
|
ContainerIronicConfigImage: {get_param: ContainerIronicConfigImage}
|
|
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
MySQLClient:
|
|
type: ../database/mysql-client.yaml
|
|
|
|
IronicBase:
|
|
type: ./ironic-base-puppet.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
Debug: {get_param: Debug}
|
|
IronicDebug: {get_param: IronicDebug}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Ironic Conductor role.
|
|
value:
|
|
service_name: ironic_conductor
|
|
firewall_rules:
|
|
'134 ironic conductor TFTP':
|
|
dport: 69
|
|
proto: udp
|
|
'135 ironic conductor HTTP':
|
|
dport: {get_param: IronicIPXEPort}
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [IronicBase, role_data, config_settings]
|
|
- get_attr: [RoleParametersValue, value]
|
|
- if:
|
|
- default_deploy_interface_set
|
|
- ironic::drivers::interfaces::default_deploy_interface: {get_param: IronicDefaultDeployInterface}
|
|
- if:
|
|
- default_boot_interface_set
|
|
- ironic::drivers::interfaces::default_boot_interface: {get_param: IronicDefaultBootInterface}
|
|
- if:
|
|
- default_inspect_interface_set
|
|
- ironic::drivers::interfaces::default_inspect_interface: {get_param: IronicDefaultInspectInterface}
|
|
- if:
|
|
- enable_architecture_ppc64le
|
|
- ironic::pxe::enable_ppc64le: true
|
|
ironic::drivers::ipmi::command_retry_timeout: 120
|
|
ironic::drivers::ipmi::min_command_interval: 15
|
|
- if:
|
|
- rpc_transport_json_rpc
|
|
- ironic::json_rpc::auth_strategy: {get_param: IronicAuthStrategy}
|
|
ironic::api::authtoken::password: {get_param: IronicPassword}
|
|
ironic::api::authtoken::project_name: 'service'
|
|
ironic::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
|
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::api::authtoken::region_name: {get_param: KeystoneRegion}
|
|
ironic::api::authtoken::interface: 'internal'
|
|
- ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
|
|
ironic::conductor::default_boot_option: {get_param: IronicDefaultBootOption}
|
|
ironic::conductor::default_boot_mode: {get_param: IronicDefaultBootMode}
|
|
ironic::drivers::ilo::default_boot_mode: {get_param: IronicDefaultBootMode}
|
|
ironic::conductor::automated_clean: {get_param: IronicAutomatedClean}
|
|
ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes}
|
|
ironic::conductor::force_power_state_during_sync: {get_param: IronicForcePowerStateDuringSync}
|
|
ironic::conductor::allow_provisioning_in_maintenance: false
|
|
ironic::conductor::power_state_change_timeout: {get_param: IronicPowerStateChangeTimeout}
|
|
# We need an endpoint containing a real IP, not a VIP here
|
|
ironic_conductor_http_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK_uri')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
|
ironic::conductor::http_url:
|
|
list_join:
|
|
- ''
|
|
- - 'http://'
|
|
- "%{hiera('ironic_conductor_http_host')}:"
|
|
- {get_param: IronicIPXEPort}
|
|
ironic::drivers::pxe::ipxe_timeout: {get_param: IronicIPXETimeout}
|
|
# NOTE: bind IP is found in hiera replacing the network name with the
|
|
# local node IP for the given network; replacement examples
|
|
# (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
ironic::drivers::pxe::tftp_server:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
|
ironic::pxe::tftp_bind_host:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK_uri')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
|
ironic::drivers::agent::deploy_logs_storage_backend: {get_param: IronicDeployLogsStorageBackend}
|
|
ironic::drivers::agent::deploy_logs_local_path: '/var/log/ironic/deploy/'
|
|
ironic::drivers::agent::deploy_logs_collect:
|
|
if:
|
|
- service_debug
|
|
- 'always'
|
|
- 'on_failure'
|
|
ironic::drivers::agent::image_download_source: {get_param: IronicImageDownloadSource}
|
|
ironic::drivers::interfaces::enabled_bios_interfaces: {get_param: IronicEnabledBiosInterfaces}
|
|
ironic::drivers::interfaces::enabled_boot_interfaces: {get_param: IronicEnabledBootInterfaces}
|
|
ironic::drivers::interfaces::enabled_console_interfaces: {get_param: IronicEnabledConsoleInterfaces}
|
|
ironic::drivers::interfaces::enabled_deploy_interfaces: {get_param: IronicEnabledDeployInterfaces}
|
|
ironic::drivers::interfaces::enabled_inspect_interfaces: {get_param: IronicEnabledInspectInterfaces}
|
|
ironic::drivers::interfaces::enabled_management_interfaces: {get_param: IronicEnabledManagementInterfaces}
|
|
ironic::drivers::interfaces::enabled_network_interfaces: {get_param: IronicEnabledNetworkInterfaces}
|
|
ironic::drivers::interfaces::enabled_power_interfaces: {get_param: IronicEnabledPowerInterfaces}
|
|
ironic::drivers::interfaces::enabled_raid_interfaces: {get_param: IronicEnabledRaidInterfaces}
|
|
ironic::drivers::interfaces::enabled_rescue_interfaces: {get_param: IronicEnabledRescueInterfaces}
|
|
ironic::drivers::interfaces::enabled_storage_interfaces: {get_param: IronicEnabledStorageInterfaces}
|
|
ironic::drivers::interfaces::enabled_vendor_interfaces: {get_param: IronicEnabledVendorInterfaces}
|
|
ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface}
|
|
ironic::drivers::interfaces::default_rescue_interface: {get_param: IronicDefaultRescueInterface}
|
|
# NOTE(dtantsur): the my_ip parameter is heavily overloaded in
|
|
# ironic. It's used as a default value for e.g. TFTP server IP,
|
|
# glance and neutron endpoints, virtual console IP. We override
|
|
# the TFTP server IP in ironic-conductor.yaml as it should not be
|
|
# the VIP, but rather a real IP of the host.
|
|
ironic::my_ip:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, IronicNetwork]}
|
|
ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
|
|
# Credentials to access other services
|
|
ironic::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::cinder::username: 'ironic'
|
|
ironic::cinder::password: {get_param: IronicPassword}
|
|
ironic::cinder::project_name: 'service'
|
|
ironic::cinder::user_domain_name: 'Default'
|
|
ironic::cinder::project_domain_name: 'Default'
|
|
ironic::cinder::region_name: {get_param: KeystoneRegion}
|
|
ironic::glance::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::glance::username: 'ironic'
|
|
ironic::glance::password: {get_param: IronicPassword}
|
|
ironic::glance::project_name: 'service'
|
|
ironic::glance::user_domain_name: 'Default'
|
|
ironic::glance::project_domain_name: 'Default'
|
|
ironic::glance::region_name: {get_param: KeystoneRegion}
|
|
ironic::neutron::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::neutron::username: 'ironic'
|
|
ironic::neutron::password: {get_param: IronicPassword}
|
|
ironic::neutron::project_name: 'service'
|
|
ironic::neutron::user_domain_name: 'Default'
|
|
ironic::neutron::project_domain_name: 'Default'
|
|
ironic::neutron::region_name: {get_param: KeystoneRegion}
|
|
ironic::neutron::dhcpv6_stateful_address_count: {get_param: IronicDhcpv6StatefulAddressCount}
|
|
ironic::service_catalog::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::service_catalog::username: 'ironic'
|
|
ironic::service_catalog::password: {get_param: IronicPassword}
|
|
ironic::service_catalog::project_name: 'service'
|
|
ironic::service_catalog::user_domain_name: 'Default'
|
|
ironic::service_catalog::project_domain_name: 'Default'
|
|
ironic::service_catalog::region_name: {get_param: KeystoneRegion}
|
|
ironic::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::swift::username: 'ironic'
|
|
ironic::swift::password: {get_param: IronicPassword}
|
|
ironic::swift::project_name: 'service'
|
|
ironic::swift::user_domain_name: 'Default'
|
|
ironic::swift::project_domain_name: 'Default'
|
|
ironic::swift::region_name: {get_param: KeystoneRegion}
|
|
ironic::drivers::inspector::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
|
ironic::drivers::inspector::username: 'ironic'
|
|
ironic::drivers::inspector::password: {get_param: IronicPassword}
|
|
ironic::drivers::inspector::project_name: 'service'
|
|
ironic::drivers::inspector::user_domain_name: 'Default'
|
|
ironic::drivers::inspector::project_domain_name: 'Default'
|
|
ironic::drivers::inspector::region_name: {get_param: KeystoneRegion}
|
|
tripleo::profile::base::ironic::conductor::enable_staging: {get_param: IronicEnableStagingDrivers}
|
|
# to avoid hard linking errors we store these on the same
|
|
# volume/device as the ironic master_path
|
|
# https://github.com/docker/docker/issues/7457
|
|
ironic::drivers::pxe::tftp_root: /var/lib/ironic/tftpboot
|
|
ironic::drivers::pxe::tftp_master_path: /var/lib/ironic/tftpboot/master_images
|
|
ironic::pxe::tftp_root: /var/lib/ironic/tftpboot
|
|
ironic::pxe::http_root: /var/lib/ironic/httpboot
|
|
ironic::conductor::http_root: /var/lib/ironic/httpboot
|
|
- if:
|
|
- neutron_auth_non_default
|
|
- ironic::neutron::auth_type:
|
|
if:
|
|
- neutron_noauth
|
|
- 'none'
|
|
- {get_param: NeutronAuthStrategy}
|
|
ironic::neutron::endpoint_override: {get_param: [EndpointMap, NeutronInternal, uri_no_suffix]}
|
|
- if:
|
|
- auth_strategy_non_default
|
|
- ironic::service_catalog::auth_type:
|
|
if:
|
|
- auth_strategy_noauth
|
|
- 'none'
|
|
- {get_param: IronicAuthStrategy}
|
|
ironic::drivers::inspector::auth_type:
|
|
if:
|
|
- auth_strategy_noauth
|
|
- none
|
|
- {get_param: IronicAuthStrategy}
|
|
ironic::drivers::inspector::endpoint_override: {get_param: [EndpointMap, IronicInspectorInternal, uri_no_suffix]}
|
|
ironic::service_catalog::endpoint_override: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
|
|
- if:
|
|
- {get_param: IronicIPXEUefiSnpOnly}
|
|
- ironic::pxe::common::uefi_ipxe_bootfile_name: snponly.efi
|
|
ironic::pxe::ipxe_name_base: ipxe-snponly
|
|
- ironic::pxe::common::uefi_ipxe_bootfile_name: ipxe.efi
|
|
ironic::pxe::ipxe_name_base: ipxe
|
|
service_config_settings: {}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: ironic
|
|
puppet_tags: ironic_config
|
|
step_config:
|
|
list_join:
|
|
- "\n"
|
|
- - include tripleo::profile::base::ironic::conductor
|
|
- {get_attr: [MySQLClient, role_data, step_config]}
|
|
config_image: {get_attr: [RoleParametersValue, value, ContainerIronicConfigImage]}
|
|
volumes:
|
|
- /var/lib/ironic:/var/lib/ironic:z
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/ironic_conductor.json:
|
|
command: /usr/bin/ironic-conductor
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/lib/ironic
|
|
owner: ironic:ironic
|
|
recurse: true
|
|
- path: /var/log/ironic
|
|
owner: ironic:ironic
|
|
recurse: true
|
|
container_config_scripts:
|
|
create_swift_temp_url_key.sh:
|
|
mode: "0700"
|
|
content: |
|
|
#!/bin/bash
|
|
export OS_PROJECT_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_domain_name)
|
|
export OS_USER_DOMAIN_NAME=$(crudini --get /etc/ironic/ironic.conf swift user_domain_name)
|
|
export OS_PROJECT_NAME=$(crudini --get /etc/ironic/ironic.conf swift project_name)
|
|
export OS_USERNAME=$(crudini --get /etc/ironic/ironic.conf swift username)
|
|
export OS_PASSWORD=$(crudini --get /etc/ironic/ironic.conf swift password)
|
|
export OS_AUTH_URL=$(crudini --get /etc/ironic/ironic.conf swift auth_url)
|
|
export OS_INTERFACE=internal
|
|
export OS_AUTH_TYPE=password
|
|
export OS_IDENTITY_API_VERSION=3
|
|
|
|
echo "Check if a temporary URL key already exists"
|
|
RETVAL=-1
|
|
RETRIES=5
|
|
while [ ${RETVAL} -ne 0 ] && [ ${RETRIES} -gt 0 ]; do
|
|
RETRIES=$[$RETRIES-1]
|
|
CMD_OUT=$(openstack object store account show -f value)
|
|
RETVAL=$?
|
|
if [ ${RETVAL} -ne 0 ]; then
|
|
echo Retrying...
|
|
sleep 5
|
|
continue
|
|
fi
|
|
if [[ ! ${CMD_OUT} =~ "Temp-Url-Key" ]] ; then
|
|
echo "Creating a new temporary URL for project $OS_PROJECT_NAME"
|
|
SWIFT_TEMP_URL_KEY=$(uuidgen | sha1sum | awk '{print $1}')
|
|
openstack object store account set --property "Temp-URL-Key=$SWIFT_TEMP_URL_KEY"
|
|
RETVAL=$?
|
|
fi
|
|
done
|
|
|
|
docker_config:
|
|
step_4:
|
|
create_swift_temp_url_key:
|
|
if:
|
|
- {get_param: IronicConfigureSwiftTempUrlKey}
|
|
- start_order: 70
|
|
image: &ironic_conductor_image {get_attr: [RoleParametersValue, value, ContainerIronicConductorImage]}
|
|
net: host
|
|
detach: false
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- - /var/lib/config-data/puppet-generated/ironic/etc/ironic:/etc/ironic:ro
|
|
- /var/lib/container-config-scripts/create_swift_temp_url_key.sh:/create_swift_temp_url_key.sh:ro
|
|
user: root
|
|
command: "/usr/bin/bootstrap_host_exec ironic_conductor /create_swift_temp_url_key.sh"
|
|
ironic_conductor:
|
|
start_order: 80
|
|
image: *ironic_conductor_image
|
|
net: host
|
|
privileged: true
|
|
restart: always
|
|
healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]}
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- - /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/ironic:/var/lib/kolla/config_files/src:ro
|
|
- /lib/modules:/lib/modules:ro
|
|
- /sys:/sys
|
|
- /dev:/dev
|
|
- /run:/run #shared?
|
|
- /var/lib/ironic:/var/lib/ironic:z
|
|
- /var/log/containers/ironic:/var/log/ironic:z
|
|
- if:
|
|
- json_rpc_with_http_basic
|
|
- - /etc/ironic_conductor_passwd:/etc/ironic/htpasswd-json-rpc:z
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
host_prep_tasks:
|
|
- name: create fcontext entry for ironic data
|
|
community.general.sefcontext:
|
|
target: "/var/lib/ironic(/.*)?"
|
|
setype: container_file_t
|
|
state: present
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
setype: "{{ item.setype }}"
|
|
mode: "{{ item.mode|default(omit) }}"
|
|
with_items:
|
|
- { 'path': /var/log/containers/ironic, 'setype': container_file_t, 'mode': '0750' }
|
|
- { 'path': /var/lib/ironic, 'setype': container_file_t, 'mode': 'g+s' }
|
|
- name: create password file for json_rpc
|
|
vars:
|
|
is_json_rpc_with_http_basic:
|
|
if:
|
|
- json_rpc_with_http_basic
|
|
- true
|
|
- false
|
|
copy:
|
|
dest: /etc/ironic_conductor_passwd
|
|
content:
|
|
str_replace:
|
|
template: |
|
|
ironic:{{'$IRONIC_PASSWORD' | password_hash('bcrypt')}}
|
|
params:
|
|
$IRONIC_PASSWORD: {get_param: IronicPassword}
|
|
when: is_json_rpc_with_http_basic | bool
|
|
- name: stat /httpboot
|
|
stat: path=/httpboot
|
|
register: stat_httpboot
|
|
- name: stat /tftpboot
|
|
stat: path=/tftpboot
|
|
register: stat_tftpboot
|
|
- name: stat /var/lib/ironic/httpboot
|
|
stat: path=/var/lib/ironic/httpboot
|
|
register: stat_ironic_httpboot
|
|
- name: stat /var/lib/ironic/tftpboot
|
|
stat: path=/var/lib/ironic/tftpboot
|
|
register: stat_ironic_tftpboot
|
|
# cannot use 'copy' module as with 'remote_src' it doesn't support recursion
|
|
- name: migrate /httpboot to containerized (if applicable)
|
|
command: /bin/cp -R /httpboot /var/lib/ironic/httpboot
|
|
when: stat_httpboot.stat.exists and not stat_ironic_httpboot.stat.exists
|
|
- name: migrate /tftpboot to containerized (if applicable)
|
|
command: /bin/cp -R /tftpboot /var/lib/ironic/tftpboot
|
|
when: stat_tftpboot.stat.exists and not stat_ironic_tftpboot.stat.exists
|
|
# Even if there was nothing to copy from original locations,
|
|
# we need to create the dirs before starting the containers
|
|
- name: ensure ironic pxe directories exist
|
|
file:
|
|
path: /var/lib/ironic/{{ item }}
|
|
state: directory
|
|
with_items:
|
|
- httpboot
|
|
- tftpboot
|
|
- tftpboot/ppc64le
|
|
- images
|
|
upgrade_tasks: []
|
|
external_upgrade_tasks:
|
|
- when:
|
|
- step|int == 1
|
|
tags:
|
|
- never
|
|
- system_upgrade_transfer_data
|
|
- system_upgrade_stop_services
|
|
block:
|
|
- name: Stop ironic conductor container
|
|
import_role:
|
|
name: tripleo_container_stop
|
|
vars:
|
|
tripleo_containers_to_stop:
|
|
- ironic_conductor
|
|
tripleo_delegate_to: "{{ groups['ironic_conductor'] | default([]) }}"
|