From 9c59e5985cdde808136b046ad28f9bf56cee68d2 Mon Sep 17 00:00:00 2001 From: Julia Kreger Date: Tue, 21 Jul 2015 10:41:40 -0400 Subject: [PATCH] Change ironic configuration to utilize sample file Changed the install-ironic role to utilize the sample ironic.conf file supplied with ironic for the new installation, which leverages Ansible lineinfile and sed to modify the file to be in the required state. By and large, this change will address the bug the most, since ironic's configuration file is the file we want to track, however other configuration template files need to be reviewed. Change-Id: I45c4543c069805a3e0c9989c63852712bacbefb5 Partial-Bug: 1471985 --- playbooks/roles/ironic-install/README.md | 4 + .../roles/ironic-install/defaults/main.yml | 2 + .../ironic-install/tasks/ironic_config.yml | 71 + playbooks/roles/ironic-install/tasks/main.yml | 5 +- .../ironic-install/templates/ironic.conf.j2 | 1383 ----------------- 5 files changed, 79 insertions(+), 1386 deletions(-) create mode 100644 playbooks/roles/ironic-install/tasks/ironic_config.yml delete mode 100644 playbooks/roles/ironic-install/templates/ironic.conf.j2 diff --git a/playbooks/roles/ironic-install/README.md b/playbooks/roles/ironic-install/README.md index 818023644..a152a20d1 100644 --- a/playbooks/roles/ironic-install/README.md +++ b/playbooks/roles/ironic-install/README.md @@ -32,6 +32,10 @@ By default this role installs dnsmasq to act as a DHCP server for provisioning h include_dhcp_server: false +When testing, the default Ironic Conductor driver is "agent_ssh". When +testing mode has not been engaged, drivers can be set via the enabled_drivers +variable which defaults to: "agent_ipmitool,pxe_amt,agent_ilo,agent_ucs" + In the event of an external DHCP server being used, the user will need to configure their DHCP server such that PXE, and iPXE chain loading occurs. For additional information for setting up DHCP in this scenario refer to the Bifrost documentation file doc/source/deploy/dhcp.rst. Additional default variables exist in defaults/main.yml, however these are mainly limited to settings which are unlikely to be modified, unless a user has a custom Ironic Python Agent image, or needs to modify where the httpboot folder is set to. diff --git a/playbooks/roles/ironic-install/defaults/main.yml b/playbooks/roles/ironic-install/defaults/main.yml index 38cd6b841..a4d30c0e9 100644 --- a/playbooks/roles/ironic-install/defaults/main.yml +++ b/playbooks/roles/ironic-install/defaults/main.yml @@ -47,3 +47,5 @@ disable_dnsmasq_dns: False ironic_git_folder: /tmp/ironic.git ironicclient_git_folder: /tmp/ironicclient.git shade_git_folder: /tmp/shade.git +# Comma separated list, in the format of a string, of drivers that are enabled. +enabled_drivers: "agent_ipmitool,pxe_amt,agent_ilo,agent_ucs" diff --git a/playbooks/roles/ironic-install/tasks/ironic_config.yml b/playbooks/roles/ironic-install/tasks/ironic_config.yml new file mode 100644 index 000000000..dfd34b6b2 --- /dev/null +++ b/playbooks/roles/ironic-install/tasks/ironic_config.yml @@ -0,0 +1,71 @@ +# Copyright (c) 2015 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: "Determine if ironic.conf needs to be put in place." + stat: path=/etc/ironic/ironic.conf + register: test_place_ironic_config +- name: "Copy ironic sample config" + copy: src="{{ ironic_git_folder }}/etc/ironic/ironic.conf.sample" dest=/etc/ironic/ironic.conf owner=ironic group=ironic mode=0644 + when: test_place_ironic_config.stat.exists == false +- name: "If testing, set agent_ssh as the enabled driver" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[DEFAULT]" regexp='^(.*)enabled_drivers=(.*)$' line="enabled_drivers=agent_ssh" + when: testing | bool == true +- name: "If not testing, set driver list" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[DEFAULT]" regexp='^(.*)enabled_drivers=(.*)$' line="enabled_drivers={{ enabled_drivers }}" + when: testing | bool == false +- name: "Set rabbit user" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[DEFAULT]" regexp='^(.*)rabbit_userid=(.*)$' line="rabbit_userid=ironic" +- name: "Set rabbit password" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[DEFAULT]" regexp='^(.*)rabbit_password=(.*)$' line="rabbit_password={{ ironic_db_password }}" +- name: "Set auth_strategy to noauth" + command: sed -i 's/#auth_strategy=keystone/auth_strategy=noauth/g' /etc/ironic/ironic.conf +# lineinfile: dest=/etc/ironic/ironic.conf insertbefore='enabled_drivers=(.*)' regexp='^(.*)auth_strategy=(.*)$' line="auth_strategy=noauth" +- name: "If testing, enable debug logging" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[DEFAULT]" regexp='^(.*)debug=(.*)$' line="debug=true" + when: testing | bool == true +- name: "If not testing, disable debug logging" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[DEFAULT]" regexp='^(.*)debug=(.*)$' line="debug=false" + when: testing | bool == false +- name: "For agent, disable coreos.configdrive" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[agent]" regexp='^(.*)agent_pxe_append_params=(.*)$' line="agent_pxe_append_params=coreos.configdrive=0" +- name: "For agent, disable coreos.configdrive" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[agent]" regexp='^(.*)agent_pxe_config_template=(.*)$' line="agent_pxe_config_template=/etc/ironic/agent_config.template" +- name: "Configure conductor api url" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[conductor]" regexp='^(.*)api_url=(.*)$' line="api_url=http://{{ hostvars[inventory_hostname]['ansible_' + network_interface]['ipv4']['address'] }}:6385/" +- name: "Configure conductor cleaning" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[conductor]" regexp='^(.*)clean_nodes=(.*)$' line="clean_nodes={{ cleaning | lower }}" +- name: "Configure database connection" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[database]" regexp='^(.*)connection=(.*)$' line="connection=mysql://ironic:{{ ironic_db_password }}@localhost/ironic?charset=utf8" +- name: "Configure dhcp provider" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[dhcp]" regexp='^(.*)dhcp_provider=(.*)$' line="dhcp_provider=none" +- name: "Set pxe pxe_config_template" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[pxe]" regexp='^(.*)pxe_config_template=(.*)$' line="pxe_config_template=$pybasedir/drivers/modules/ipxe_config.template" +- name: "Set pxe tftp_server" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[pxe]" regexp='^(.*)tftp_server=(.*)$' line="tftp_server={{ hostvars[inventory_hostname]['ansible_' + network_interface]['ipv4']['address'] }}" +- name: "Set pxe tftp_root" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[pxe]" regexp='^(.*)tftp_root=(.*)$' line="tftp_root=/tftpboot" +- name: "Set iPXE pxe_bootfile_name" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[pxe]" regexp='^(.*)pxe_bootfile_name=(.*)$' line="pxe_bootfile_name=undionly.kpxe" +- name: "Set iPXE http_url" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[pxe]" regexp='^(.*)http_url=(.*)$' line="http_url=http://{{ hostvars[inventory_hostname]['ansible_' + network_interface]['ipv4']['address'] }}:{{nginx_port}}/" +- name: "Set iPXE http_root" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[pxe]" regexp='^(.*)http_root=(.*)$' line="http_root={{ http_boot_folder }}" +- name: "Set iPXE to be enabled" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[pxe]" regexp='^(.*)ipxe_enabled=(.*)$' line="ipxe_enabled=true" +- name: "Set path to ipxe template file" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[pxe]" regexp='^(.*)ipxe_boot_script=(.*)$' line="ipxe_boot_script=$pybasedir/drivers/modules/boot.ipxe" +- name: "Configure ssh libvirt URL if testing" + lineinfile: dest=/etc/ironic/ironic.conf insertafter="[ssh]" regexp='^(.*)libvirt_uri=(.*)$' line="libvirt_uri=qemu:///system" + when: testing | bool == true diff --git a/playbooks/roles/ironic-install/tasks/main.yml b/playbooks/roles/ironic-install/tasks/main.yml index 6f5666eab..8f0989488 100644 --- a/playbooks/roles/ironic-install/tasks/main.yml +++ b/playbooks/roles/ironic-install/tasks/main.yml @@ -13,7 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. --- - - name: Include OS-specific packages variables. include_vars: "{{ item }}" with_first_found: @@ -90,8 +89,8 @@ user: name=ironic group=ironic - name: "Ensure /etc/ironic exists" file: name=/etc/ironic state=directory owner=ironic group=ironic mode=0755 -- name: "Place Ironic Config file" - template: src=ironic.conf.j2 dest=/etc/ironic/ironic.conf owner=ironic group=ironic mode=0640 +- name: "Generate Ironic Configuration" + include: ironic_config.yml - name: "Place Ironic IPA Agent PXE configuration file" template: src=agent_config.template.j2 dest=/etc/ironic/agent_config.template owner=ironic group=ironic mode=0644 - name: "Copy policy.json to /etc/ironic" diff --git a/playbooks/roles/ironic-install/templates/ironic.conf.j2 b/playbooks/roles/ironic-install/templates/ironic.conf.j2 deleted file mode 100644 index 2ce5376a0..000000000 --- a/playbooks/roles/ironic-install/templates/ironic.conf.j2 +++ /dev/null @@ -1,1383 +0,0 @@ -[DEFAULT] - -# -# Options defined in oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in AMQP. (boolean value) -#amqp_auto_delete=false - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 - -# Qpid broker hostname. (string value) -#qpid_hostname=localhost - -# Qpid broker port. (integer value) -#qpid_port=5672 - -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -#qpid_username= - -# Password for Qpid connection. (string value) -#qpid_password= - -# Space separated list of SASL mechanisms to use for auth. -# (string value) -#qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats. (integer -# value) -#qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true - -# The number of prefetched messages held by receiver. (integer -# value) -#qpid_receiver_capacity=1 - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - -# SSL version to use (valid only if SSL enabled). Valid values -# are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may -# be available on some distributions. (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL -# enabled). (string value) -#kombu_ssl_ca_certs= - -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 - -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host=localhost - -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port=5672 - -# RabbitMQ HA cluster host:port pairs. (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -#rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -rabbit_userid=ironic - -# The RabbitMQ password. (string value) -rabbit_password={{ ironic_db_password }} - -# The RabbitMQ login method. (string value) -#rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -rabbit_ha_queues=false - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake -# (boolean value) -#fake_rabbit=false - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -#rpc_zmq_bind_address=* - -# MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo_messaging._drivers.matchmaker.MatchMakerLocalhost - -# ZeroMQ receiver listening port. (integer value) -#rpc_zmq_port=9501 - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts=1 - -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog= - -# Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir=/var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -#rpc_zmq_host=ironic - -# Seconds to wait before a cast expires (TTL). Only supported -# by impl_zmq. (integer value) -#rpc_cast_timeout=30 - -# Heartbeat frequency. (integer value) -#matchmaker_heartbeat_freq=300 - -# Heartbeat time-to-live. (integer value) -#matchmaker_heartbeat_ttl=600 - -# Size of RPC thread pool. (integer value) -#rpc_thread_pool_size=64 - -# Driver or drivers to handle sending notifications. (multi -# valued) -#notification_driver= - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -#notification_topics=notifications - -# Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout=60 - -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend -# option and driver specific configuration. (string value) -#transport_url= - -# The messaging driver to use, defaults to rabbit. Other -# drivers include qpid and zmq. (string value) -#rpc_backend=rabbit - -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the -# transport_url option. (string value) -#control_exchange=openstack - - -# -# Options defined in ironic.netconf -# - -# IP address of this host. (string value) -#my_ip=10.0.0.1 - - -# -# Options defined in ironic.api.app -# - -# Method to use for authentication: noauth or keystone. -# (string value) -auth_strategy=noauth - - -# -# Options defined in ironic.common.driver_factory -# - -# Specify the list of drivers to load during service -# initialization. Missing drivers, or drivers which fail to -# initialize, will prevent the conductor service from -# starting. The option default is a recommended set of -# production-oriented drivers. A complete list of drivers -# present on your system may be found by enumerating the -# "ironic.drivers" entrypoint. An example may be found in the -# developer documentation online. (list value) -{% if testing %} -enabled_drivers=agent_ssh -{% else %} -enabled_drivers=agent_ipmitool,pxe_amt,agent_ilo,agent_ucs -{% endif %} - -# -# Options defined in ironic.common.exception -# - -# Make exception message format errors fatal. (boolean value) -#fatal_exception_format_errors=false - - -# -# Options defined in ironic.common.hash_ring -# - -# Exponent to determine number of hash partitions to use when -# distributing load across conductors. Larger values will -# result in more even distribution of load and less load when -# rebalancing the ring, but more memory usage. Number of -# partitions per conductor is (2^hash_partition_exponent). -# This determines the granularity of rebalancing: given 10 -# hosts, and an exponent of the 2, there are 40 partitions in -# the ring.A few thousand partitions should make rebalancing -# smooth in most cases. The default is suitable for up to a -# few hundred conductors. Too many partitions has a CPU -# impact. (integer value) -#hash_partition_exponent=5 - -# [Experimental Feature] Number of hosts to map onto each hash -# partition. Setting this to more than one will cause -# additional conductor services to prepare deployment -# environments and potentially allow the Ironic cluster to -# recover more quickly if a conductor instance is terminated. -# (integer value) -#hash_distribution_replicas=1 - - -# -# Options defined in ironic.common.images -# - -# Force backing images to raw format. (boolean value) -#force_raw_images=true - -# Path to isolinux binary file. (string value) -#isolinux_bin=/usr/lib/syslinux/isolinux.bin - -# Template file for isolinux configuration file. (string -# value) -#isolinux_config_template=$pybasedir/common/isolinux_config.template - - -# -# Options defined in ironic.common.paths -# - -# Directory where the ironic python module is installed. -# (string value) -#pybasedir=/usr/lib/python/site-packages/ironic - -# Directory where ironic binaries are installed. (string -# value) -#bindir=$pybasedir/bin - -# Top-level directory for maintaining ironic's state. (string -# value) -#state_path=$pybasedir - - -# -# Options defined in ironic.common.service -# - -# Seconds between running periodic tasks. (integer value) -#periodic_interval=60 - -# Name of this node. This can be an opaque identifier. It is -# not necessarily a hostname, FQDN, or IP address. However, -# the node name must be valid within an AMQP key, and if using -# ZeroMQ, a valid hostname, FQDN, or IP address. (string -# value) -#host=ironic - - -# -# Options defined in ironic.common.utils -# - -# Path to the rootwrap configuration file to use for running -# commands as root. (string value) -#rootwrap_config=/etc/ironic/rootwrap.conf - -# Explicitly specify the temporary working directory. (string -# value) -#tempdir= - - -# -# Options defined in ironic.drivers.modules.image_cache -# - -# Run image downloads and raw format conversions in parallel. -# (boolean value) -#parallel_image_downloads=false - - -# -# Options defined in ironic.openstack.common.eventlet_backdoor -# - -# Enable eventlet backdoor. Acceptable values are 0, , -# and :, where 0 results in listening on a random -# tcp port number; results in listening on the -# specified port number (and not enabling backdoor if that -# port is in use); and : results in listening on -# the smallest unused port number within the specified range -# of port numbers. The chosen port is displayed in the -# service's log file. (string value) -#backdoor_port= - - -# -# Options defined in ironic.openstack.common.log -# - -# Print debugging output (set logging level to DEBUG instead -# of default WARNING level). (boolean value) -debug=true - -# Print more verbose output (set logging level to INFO instead -# of default WARNING level). (boolean value) -#verbose=false - -# Log output to standard error. (boolean value) -#use_stderr=true - -# Format string to use for log messages with context. (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages without context. -# (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Data to append to log format when level is DEBUG. (string -# value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. -# (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s - -# List of logger=LEVEL pairs. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN - -# Enables or disables publication of error events. (boolean -# value) -#publish_errors=false - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - -# The format for an instance that is passed with the log -# message. (string value) -#instance_format="[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log -# message. (string value) -#instance_uuid_format="[instance: %(uuid)s] " - -# The name of a logging configuration file. This file is -# appended to any existing logging configuration files. For -# details about logging configuration files, see the Python -# logging module documentation. (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append= - -# DEPRECATED. A logging.Formatter log message format string -# which may use any of the available logging.LogRecord -# attributes. This option is deprecated. Please use -# logging_context_format_string and -# logging_default_format_string instead. (string value) -#log_format= - -# Format string for %%(asctime)s in log records. Default: -# %(default)s . (string value) -#log_date_format=%Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to output to. If no default is -# set, logging will go to stdout. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file= - -# (Optional) The base directory used for relative --log-file -# paths. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir= - -# Use syslog for logging. Existing syslog format is DEPRECATED -# during I, and will change in J to honor RFC5424. (boolean -# value) -#use_syslog=false - -# (Optional) Enables or disables syslog rfc5424 format for -# logging. If enabled, prefixes the MSG part of the syslog -# message with APP-NAME (RFC5424). The format without the APP- -# NAME is deprecated in I, and will be removed in J. (boolean -# value) -#use_syslog_rfc_format=false - -# Syslog facility to receive log lines. (string value) -#syslog_log_facility=LOG_USER - - -# -# Options defined in ironic.openstack.common.periodic_task -# - -# Some periodic tasks can be run in a separate process. Should -# we run them here? (boolean value) -#run_external_periodic_tasks=true - - -# -# Options defined in ironic.openstack.common.policy -# - -# The JSON file that defines policies. (string value) -#policy_file=policy.json - -# Default rule. Enforced when a requested rule is not found. -# (string value) -#policy_default_rule=default - -# Directories where policy configuration files are stored. -# They can be relative to any directory in the search path -# defined by the config_dir option, or absolute paths. The -# file defined by policy_file must exist for these directories -# to be searched. (multi valued) -#policy_dirs=policy.d - - -[agent] - -# -# Options defined in ironic.drivers.modules.agent -# - -# Additional append parameters for baremetal PXE boot. (string -# value) -#agent_pxe_append_params=nofb nomodeset vga=normal - -# The coreos.configdrive=0 parameter is a temporary fix to block -# pre-existing configuration drives from being loaded. Per JayF -# CoreOS is working on a longer term fix, but this will mitigate -# the issue for the time being. - -{% if testing %} -agent_pxe_append_params=nofb nomodeset vga=normal console=ttyS0 systemd.journald.forward_to_console=yes coreos.configdrive=0 -{% else %} -agent_pxe_append_params=coreos.configdrive=0 -{% endif %} - -# Template file for PXE configuration. (string value) -#agent_pxe_config_template=$pybasedir/drivers/modules/agent_config.template -agent_pxe_config_template=/etc/ironic/agent_config.template - -# Neutron bootfile DHCP parameter. (string value) -#agent_pxe_bootfile_name=pxelinux.0 - - -# -# Options defined in ironic.drivers.modules.agent_base_vendor -# - -# Maximum interval (in seconds) for agent heartbeats. (integer -# value) -#heartbeat_timeout=300 - - -# -# Options defined in ironic.drivers.modules.agent_client -# - -# API version to use for communicating with the ramdisk agent. -# (string value) -#agent_api_version=v1 - - -[amt] - -# -# Options defined in ironic.drivers.modules.amt.common -# - -# Protocol used for AMT endpoint, support http/https (string -# value) -#protocol=http - - -[api] - -# -# Options defined in ironic.api -# - -# The listen IP for the Ironic API server. (string value) -#host_ip=0.0.0.0 - -# The port for the Ironic API server. (integer value) -#port=6385 - -# The maximum number of items returned in a single response -# from a collection resource. (integer value) -#max_limit=1000 - - -[conductor] - -# -# Options defined in ironic.conductor.manager -# - -# URL of Ironic API service. If not set ironic can get the -# current value from the keystone service catalog. (string -# value) -api_url=http://{{ hostvars[inventory_hostname]['ansible_' + network_interface]['ipv4']['address'] }}:6385/ - -# Seconds between conductor heart beats. (integer value) -#heartbeat_interval=10 - -# Maximum time (in seconds) since the last check-in of a -# conductor. (integer value) -#heartbeat_timeout=60 - -# Interval between syncing the node power state to the -# database, in seconds. (integer value) -#sync_power_state_interval=60 - -# Interval between checks of provision timeouts, in seconds. -# (integer value) -#check_provision_state_interval=60 - -# Timeout (seconds) for waiting callback from deploy ramdisk. -# 0 - unlimited. (integer value) -#deploy_callback_timeout=1800 - -# During sync_power_state, should the hardware power state be -# set to the state recorded in the database (True) or should -# the database be updated based on the hardware state (False). -# (boolean value) -#force_power_state_during_sync=true - -# During sync_power_state failures, limit the number of times -# Ironic should try syncing the hardware node power state with -# the node power state in DB (integer value) -#power_state_sync_max_retries=3 - -# Maximum number of worker threads that can be started -# simultaneously by a periodic task. Should be less than RPC -# thread pool size. (integer value) -#periodic_max_workers=8 - -# The size of the workers greenthread pool. (integer value) -#workers_pool_size=100 - -# Number of attempts to grab a node lock. (integer value) -node_locked_retry_attempts=6 - -# Seconds to sleep between node lock attempts. (integer value) -node_locked_retry_interval=1 - -# Enable sending sensor data message via the notification bus -# (boolean value) -#send_sensor_data=false - -# Seconds between conductor sending sensor data message to -# ceilometer via the notification bus. (integer value) -#send_sensor_data_interval=600 - -# List of comma separated metric types which need to be sent -# to Ceilometer. The default value, "ALL", is a special value -# meaning send all the sensor data. (list value) -#send_sensor_data_types=ALL - -# When conductors join or leave the cluster, existing -# conductors may need to update any persistent local state as -# nodes are moved around the cluster. This option controls how -# often, in seconds, each conductor will check for nodes that -# it should "take over". Set it to a negative value to disable -# the check entirely. (integer value) -#sync_local_state_interval=180 - -# Whether to upload the config drive to Swift. (boolean value) -#configdrive_use_swift=false - -# Name of the Swift container to store config drive data. Used -# when configdrive_use_swift is True. (string value) -#configdrive_swift_container=ironic_configdrive_container - -# Cleaning is a configurable set of steps, such as erasing -# disk drives, that are performed on the node to ensure it is -# in a baseline state and ready to be deployed to. This is -# done after instance deletion, and during the transition from -# a "managed" to "available" state. When enabled, the -# particular steps performed to clean a node depend on which -# driver that node is managed by; see the individual driver's -# documentation for details. NOTE: The introduction of the -# cleaning operation causes instance deletion to take -# significantly longer. While this provides a better and more -# secure user experience, it does impact the service behavior, -# and as such IS DISABLED BY DEFAULT until consuming services -# (eg, Nova) have been updated to accommodate the additional -# time for deletion. (boolean value) -#clean_nodes=false -{% if cleaning and not testing %} -clean_nodes=true -{% else %} -clean_nodes=false -{% endif %} - - -[console] - -# -# Options defined in ironic.drivers.modules.console_utils -# - -# Path to serial console terminal program (string value) -#terminal=shellinaboxd - -# Directory containing the terminal SSL cert(PEM) for serial -# console access (string value) -#terminal_cert_dir= - -# Directory for holding terminal pid files. If not specified, -# the temporary directory will be used. (string value) -#terminal_pid_dir= - -# Time interval (in seconds) for checking the status of -# console subprocess. (integer value) -#subprocess_checking_interval=1 - -# Time (in seconds) to wait for the console subprocess to -# start. (integer value) -#subprocess_timeout=10 - - -[database] - -# -# Options defined in oslo.db -# - -# The file name to use with SQLite. (string value) -#sqlite_db=oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -#sqlite_synchronous=true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend=sqlalchemy - -# The SQLAlchemy connection string to use to connect to the -# database. (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -connection=mysql://ironic:{{ ironic_db_password }}@localhost/ironic?charset=utf8 - -# The SQLAlchemy connection string to use to connect to the -# slave database. (string value) -#slave_connection= - -# The SQL mode to be used for MySQL sessions. This option, -# including the default, overrides any server-set SQL mode. To -# use whatever SQL mode is set by the server configuration, -# set this to no value. Example: mysql_sql_mode= (string -# value) -#mysql_sql_mode=TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout=3600 - -# Minimum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size=1 - -# Maximum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size= - -# Maximum number of database connection retries during -# startup. Set to -1 to specify an infinite retry count. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries=10 - -# Interval between retries of opening a SQL connection. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval=10 - -# If set, use this value for max_overflow with SQLAlchemy. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow= - -# Verbosity of SQL debugging information: 0=None, -# 100=Everything. (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug=0 - -# Add Python stack traces to SQL as comment strings. (boolean -# value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace=false - -# If set, use this value for pool_timeout with SQLAlchemy. -# (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout= - -# Enable the experimental use of database reconnect on -# connection lost. (boolean value) -#use_db_reconnect=false - -# Seconds between database connection retries. (integer value) -#db_retry_interval=1 - -# If True, increases the interval between database connection -# retries up to db_max_retry_interval. (boolean value) -#db_inc_retry_interval=true - -# If db_inc_retry_interval is set, the maximum seconds between -# database connection retries. (integer value) -#db_max_retry_interval=10 - -# Maximum database connection retries before error is raised. -# Set to -1 to specify an infinite retry count. (integer -# value) -#db_max_retries=20 - - -# -# Options defined in ironic.db.sqlalchemy.models -# - -# MySQL engine to use. (string value) -#mysql_engine=InnoDB - - -[deploy] - -# -# Options defined in ironic.drivers.modules.deploy_utils -# - -# Block size to use when writing to the nodes disk. (string -# value) -#dd_block_size=1M - -# Maximum attempts to verify an iSCSI connection is active, -# sleeping 1 second between attempts. (integer value) -#iscsi_verify_attempts=3 - - -[dhcp] - -# -# Options defined in ironic.common.dhcp_factory -# - -# DHCP provider to use. "neutron" uses Neutron, and "none" -# uses a no-op provider. (string value) -dhcp_provider=none - - -[disk_partitioner] - -# -# Options defined in ironic.common.disk_partitioner -# - -# After Ironic has completed creating the partition table, it -# continues to check for activity on the attached iSCSI device -# status at this interval prior to copying the image to the -# node, in seconds (integer value) -#check_device_interval=1 - -# The maximum number of times to check that the device is not -# accessed by another process. If the device is still busy -# after that, the disk partitioning will be treated as having -# failed. (integer value) -#check_device_max_retries=20 - - -[glance] - -# -# Options defined in ironic.common.glance_service.v2.image_service -# - -# A list of URL schemes that can be downloaded directly via -# the direct_url. Currently supported schemes: [file]. (list -# value) -#allowed_direct_url_schemes= - -# The secret token given to Swift to allow temporary URL -# downloads. Required for temporary URLs. (string value) -#swift_temp_url_key= - -# The length of time in seconds that the temporary URL will be -# valid for. Defaults to 20 minutes. If some deploys get a 401 -# response code when trying to download from the temporary -# URL, try raising this duration. (integer value) -#swift_temp_url_duration=1200 - -# The "endpoint" (scheme, hostname, optional port) for the -# Swift URL of the form -# "endpoint_url/api_version/account/container/object_id". Do -# not include trailing "/". For example, use -# "https://swift.example.com". Required for temporary URLs. -# (string value) -#swift_endpoint_url= - -# The Swift API version to create a temporary URL for. -# Defaults to "v1". Swift temporary URL format: -# "endpoint_url/api_version/account/container/object_id" -# (string value) -#swift_api_version=v1 - -# The account that Glance uses to communicate with Swift. The -# format is "AUTH_uuid". "uuid" is the UUID for the account -# configured in the glance-api.conf. Required for temporary -# URLs. For example: -# "AUTH_a422b2-91f3-2f46-74b7-d7c9e8958f5d30". Swift temporary -# URL format: -# "endpoint_url/api_version/account/container/object_id" -# (string value) -#swift_account= - -# The Swift container Glance is configured to store its images -# in. Defaults to "glance", which is the default in glance- -# api.conf. Swift temporary URL format: -# "endpoint_url/api_version/account/container/object_id" -# (string value) -#swift_container=glance - -# This should match a config by the same name in the Glance -# configuration file. When set to 0, a single-tenant store -# will only use one container to store all images. When set to -# an integer value between 1 and 32, a single-tenant store -# will use multiple containers to store images, and this value -# will determine how many containers are created. (integer -# value) -#swift_store_multiple_containers_seed=0 - - -# -# Options defined in ironic.common.image_service -# - -# Default glance hostname or IP address. (string value) -#glance_host=$my_ip - -# Default glance port. (integer value) -#glance_port=9292 - -# Default protocol to use when connecting to glance. Set to -# https for SSL. (string value) -#glance_protocol=http - -# A list of the glance api servers available to ironic. Prefix -# with https:// for SSL-based glance API servers. Format is -# [hostname|IP]:port. (list value) -#glance_api_servers= - -# Allow to perform insecure SSL (https) requests to glance. -# (boolean value) -#glance_api_insecure=false - -# Number of retries when downloading an image from glance. -# (integer value) -#glance_num_retries=0 - -# Default protocol to use when connecting to glance. Set to -# https for SSL. (string value) -#auth_strategy=keystone - - -[ilo] - -# -# Options defined in ironic.drivers.modules.ilo.common -# - -# Timeout (in seconds) for iLO operations (integer value) -#client_timeout=60 - -# Port to be used for iLO operations (integer value) -#client_port=443 - -# The Swift iLO container to store data. (string value) -#swift_ilo_container=ironic_ilo_container - -# Amount of time in seconds for Swift objects to auto-expire. -# (integer value) -#swift_object_expiry_timeout=900 - - -# -# Options defined in ironic.drivers.modules.ilo.power -# - -# Number of times a power operation needs to be retried -# (integer value) -#power_retry=6 - -# Amount of time in seconds to wait in between power -# operations (integer value) -#power_wait=2 - - -[ipmi] - -# -# Options defined in ironic.drivers.modules.ipminative -# - -# Maximum time in seconds to retry IPMI operations. There is a -# tradeoff when setting this value. Setting this too low may -# cause older BMCs to crash and require a hard reset. However, -# setting too high can cause the sync power state periodic -# task to hang when there are slow or unresponsive BMCs. -# (integer value) -#retry_timeout=60 - -# Minimum time, in seconds, between IPMI operations sent to a -# server. There is a risk with some hardware that setting this -# too low may cause the BMC to crash. Recommended setting is 5 -# seconds. (integer value) -#min_command_interval=5 - - -[irmc] - -# -# Options defined in ironic.drivers.modules.irmc.common -# - -# Port to be used for iRMC operations, either 80 or 443 -# (integer value) -#port=443 - -# Authentication method to be used for iRMC operations, either -# "basic" or "digest" (string value) -#auth_method=basic - -# Timeout (in seconds) for iRMC operations (integer value) -#client_timeout=60 - - -[keystone] - -# -# Options defined in ironic.common.keystone -# - -# The region used for getting endpoints of OpenStackservices. -# (string value) -#region_name= - - -[keystone_authtoken] - -# -# Options defined in keystonemiddleware.auth_token -# - -# Complete public Identity API endpoint. (string value) -#auth_uri= - -# API version of the admin Identity API endpoint. (string -# value) -#auth_version= - -# Do not handle authorization requests within the middleware, -# but delegate the authorization decision to downstream WSGI -# components. (boolean value) -#delay_auth_decision=false - -# Request timeout value for communicating with Identity API -# server. (integer value) -#http_connect_timeout= - -# How many times are we trying to reconnect when communicating -# with Identity API Server. (integer value) -#http_request_max_retries=3 - -# Env key for the swift cache. (string value) -#cache= - -# Required if identity server requires client certificate -# (string value) -#certfile= - -# Required if identity server requires client certificate -# (string value) -#keyfile= - -# A PEM encoded Certificate Authority to use when verifying -# HTTPs connections. Defaults to system CAs. (string value) -#cafile= - -# Verify HTTPS connections. (boolean value) -#insecure=false - -# Directory used to cache files related to PKI tokens. (string -# value) -#signing_dir= - -# Optionally specify a list of memcached server(s) to use for -# caching. If left undefined, tokens will instead be cached -# in-process. (list value) -# Deprecated group/name - [DEFAULT]/memcache_servers -#memcached_servers= - -# In order to prevent excessive effort spent validating -# tokens, the middleware caches previously-seen tokens for a -# configurable duration (in seconds). Set to -1 to disable -# caching completely. (integer value) -#token_cache_time=300 - -# Determines the frequency at which the list of revoked tokens -# is retrieved from the Identity service (in seconds). A high -# number of revocation events combined with a low cache -# duration may significantly reduce performance. (integer -# value) -#revocation_cache_time=10 - -# (Optional) If defined, indicate whether token data should be -# authenticated or authenticated and encrypted. Acceptable -# values are MAC or ENCRYPT. If MAC, token data is -# authenticated (with HMAC) in the cache. If ENCRYPT, token -# data is encrypted and authenticated in the cache. If the -# value is not one of these options or empty, auth_token will -# raise an exception on initialization. (string value) -#memcache_security_strategy= - -# (Optional, mandatory if memcache_security_strategy is -# defined) This string is used for key derivation. (string -# value) -#memcache_secret_key= - -# (Optional) Number of seconds memcached server is considered -# dead before it is tried again. (integer value) -#memcache_pool_dead_retry=300 - -# (Optional) Maximum total number of open connections to every -# memcached server. (integer value) -#memcache_pool_maxsize=10 - -# (Optional) Socket timeout in seconds for communicating with -# a memcache server. (integer value) -#memcache_pool_socket_timeout=3 - -# (Optional) Number of seconds a connection to memcached is -# held unused in the pool before it is closed. (integer value) -#memcache_pool_unused_timeout=60 - -# (Optional) Number of seconds that an operation will wait to -# get a memcache client connection from the pool. (integer -# value) -#memcache_pool_conn_get_timeout=10 - -# (Optional) Use the advanced (eventlet safe) memcache client -# pool. The advanced pool will only work under python 2.x. -# (boolean value) -#memcache_use_advanced_pool=false - -# (Optional) Indicate whether to set the X-Service-Catalog -# header. If False, middleware will not ask for service -# catalog on token validation and will not set the X-Service- -# Catalog header. (boolean value) -#include_service_catalog=true - -# Used to control the use and type of token binding. Can be -# set to: "disabled" to not check token binding. "permissive" -# (default) to validate binding information if the bind type -# is of a form known to the server and ignore it if not. -# "strict" like "permissive" but if the bind type is unknown -# the token will be rejected. "required" any form of token -# binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string -# value) -#enforce_token_bind=permissive - -# If true, the revocation list will be checked for cached -# tokens. This requires that PKI tokens are configured on the -# identity server. (boolean value) -#check_revocations_for_cached=false - -# Hash algorithms to use for hashing PKI tokens. This may be a -# single algorithm or multiple. The algorithms are those -# supported by Python standard hashlib.new(). The hashes will -# be tried in the order given, so put the preferred one first -# for performance. The result of the first hash will be stored -# in the cache. This will typically be set to multiple values -# only while migrating from a less secure algorithm to a more -# secure one. Once all the old tokens are expired this option -# should be set to a single value for better performance. -# (list value) -#hash_algorithms=md5 - - -[matchmaker_redis] - -# -# Options defined in oslo.messaging -# - -# Host to locate redis. (string value) -#host=127.0.0.1 - -# Use this port to connect to redis host. (integer value) -#port=6379 - -# Password for Redis server (optional). (string value) -#password= - - -[matchmaker_ring] - -# -# Options defined in oslo.messaging -# - -# Matchmaker ring file (JSON). (string value) -# Deprecated group/name - [DEFAULT]/matchmaker_ringfile -#ringfile=/etc/oslo/matchmaker_ring.json - - -[neutron] - -# -# Options defined in ironic.dhcp.neutron -# - -# URL for connecting to neutron. (string value) -#url=http://$my_ip:9696 - -# Timeout value for connecting to neutron in seconds. (integer -# value) -#url_timeout=30 - -# Client retries in the case of a failed request. (integer -# value) -#retries=3 - -# Default authentication strategy to use when connecting to -# neutron. Can be either "keystone" or "noauth". Running -# neutron in noauth mode (related to but not affected by this -# setting) is insecure and should only be used for testing. -# (string value) -#auth_strategy=keystone - - -[oslo_messaging_amqp] - -# -# Options defined in oslo.messaging -# - -# address prefix used when sending to a specific server -# (string value) -#server_request_prefix=exclusive - -# address prefix used when broadcasting to all servers (string -# value) -#broadcast_prefix=broadcast - -# address prefix when sending to any server in group (string -# value) -#group_request_prefix=unicast - -# Name for the AMQP container (string value) -#container_name= - -# Timeout for inactive connections (in seconds) (integer -# value) -#idle_timeout=0 - -# Debug: dump AMQP frames to stdout (boolean value) -#trace=false - -# CA certificate PEM file for verifing server certificate -# (string value) -#ssl_ca_file= - -# Identifying certificate PEM file to present to clients -# (string value) -#ssl_cert_file= - -# Private key PEM file used to sign cert_file certificate -# (string value) -#ssl_key_file= - -# Password for decrypting ssl_key_file (if encrypted) (string -# value) -#ssl_key_password= - -# Accept clients using either SSL or plain TCP (boolean value) -#allow_insecure_clients=false - - -[pxe] - -# -# Options defined in ironic.drivers.modules.iscsi_deploy -# - -# Additional append parameters for baremetal PXE boot. (string -# value) -#pxe_append_params=nofb nomodeset vga=normal - -# Default file system format for ephemeral partition, if one -# is created. (string value) -#default_ephemeral_format=ext4 - -# Directory where images are stored on disk. (string value) -#images_path=/var/lib/ironic/images/ - -# Directory where master instance images are stored on disk. -# (string value) -#instance_master_path=/var/lib/ironic/master_images - -# Maximum size (in MiB) of cache for master images, including -# those in use. (integer value) -#image_cache_size=20480 - -# Maximum TTL (in minutes) for old master images in cache. -# (integer value) -#image_cache_ttl=10080 - -# The disk devices to scan while doing the deploy. (string -# value) -#disk_devices=cciss/c0d0,sda,hda,vda - - -# -# Options defined in ironic.drivers.modules.pxe -# - -# Template file for PXE configuration. (string value) -pxe_config_template=$pybasedir/drivers/modules/ipxe_config.template - -# Template file for PXE configuration for UEFI boot loader. -# (string value) -#uefi_pxe_config_template=$pybasedir/drivers/modules/elilo_efi_pxe_config.template - -# IP address of Ironic compute node's tftp server. (string -# value) -tftp_server={{ hostvars[inventory_hostname]['ansible_' + network_interface]['ipv4']['address'] }} - -# Ironic compute node's tftp root path. (string value) -tftp_root=/tftpboot - -# Directory where master tftp images are stored on disk. -# (string value) -#tftp_master_path=/tftpboot/master_images - -# Bootfile DHCP parameter. (string value) -pxe_bootfile_name=undionly.kpxe - -# Bootfile DHCP parameter for UEFI boot mode. (string value) -#uefi_pxe_bootfile_name=elilo.efi - -# Ironic compute node's HTTP server URL. Example: -# http://192.1.2.3:{{nginx_port}} (string value) -http_url=http://{{ hostvars[inventory_hostname]['ansible_' + network_interface]['ipv4']['address'] }}:{{nginx_port}}/ - -# Ironic compute node's HTTP root path. (string value) -http_root={{ http_boot_folder }} - -# Enable iPXE boot. (boolean value) -ipxe_enabled=true - -# The path to the main iPXE script file. (string value) -ipxe_boot_script=$pybasedir/drivers/modules/boot.ipxe - - -[seamicro] - -# -# Options defined in ironic.drivers.modules.seamicro -# - -# Maximum retries for SeaMicro operations (integer value) -#max_retry=3 - -# Seconds to wait for power action to be completed (integer -# value) -#action_timeout=10 - - -[snmp] - -# -# Options defined in ironic.drivers.modules.snmp -# - -# Seconds to wait for power action to be completed (integer -# value) -#power_timeout=10 - - -[ssh] - -# -# Options defined in ironic.drivers.modules.ssh -# - -# libvirt uri (string value) -{% if testing %} -libvirt_uri=qemu:///system -{% endif %} - -[swift] - -# -# Options defined in ironic.common.swift -# - -# Maximum number of times to retry a Swift request, before -# failing. (integer value) -#swift_max_retries=2 - - -[virtualbox] - -# -# Options defined in ironic.drivers.modules.virtualbox -# - -# Port on which VirtualBox web service is listening. (integer -# value) -#port=18083 - -