--- # Cleaning turns on ironic conductor clean_nodes flag # which causes the nodes to be wiped after deletion. cleaning: false http_boot_folder: /httpboot staging_drivers_include: false # Deprecated: nginx_port is no longer used and file_url_port should # be used instead. file_url_port: "{{ nginx_port | default('8080') }}" ironicclient_source_install: false shade_source_install: true ironicinspector_source_install: false ironicinspectorclient_source_install: false staging_drivers_source_install: false # Setting to utilize diskimage-builder to create a bootable image. create_image_via_dib: true # Setting to install diskimage-builder install_dib: "{{ create_image_via_dib }}" # Setting to prepend a partition image with a boot sector and partition table. transform_boot_image: false # If testing is true, then the environment is setup for using libvirt # virtual machines for the hardware instead of real hardware. testing: false ci_testing: false # set to true to skip installing ironic dependencies skip_package_install: False # set to true to skip generation of configs, ironic db and rabbitmq configuration skip_bootstrap: False # set to true to skip starting ironic services and dependencies skip_start: False # Default network interface that bifrost will be attached to. # This is used in ipa_* so it must be before network_interface: "virbr0" ans_network_interface: "{{ network_interface | replace('-', '_') }}" # Normally this would setting would be http in a bifrost installation # without TLS. This setting allows a user to override the setting in case # the local webserver has been updated to support HTTPS. # Note: Users wishing to leverage HTTPS should reference the iPXE # documentation at http://ipxe.org/crypto ipa_file_protocol: "http" ipa_kernel: "{{http_boot_folder}}/ipa.vmlinuz" ipa_ramdisk: "{{http_boot_folder}}/ipa.initramfs" ipa_kernel_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{file_url_port}}/ipa.vmlinuz" ipa_kernel_upstream_url: https://tarballs.openstack.org/ironic-python-agent/tinyipa/files/tinyipa-master.vmlinuz ipa_ramdisk_url: "{{ ipa_file_protocol }}://{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}:{{file_url_port}}/ipa.initramfs" ipa_ramdisk_upstream_url: https://tarballs.openstack.org/ironic-python-agent/tinyipa/files/tinyipa-master.gz deploy_image_filename: "deployment_image.qcow2" deploy_image: "{{http_boot_folder}}/{{deploy_image_filename}}" # Use cirros instead of building an image via diskimage-builder use_cirros: false # Download IPA by default download_ipa: true cirros_deploy_image_upstream_url: http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img # By default bifrost will deploy dnsmasq to utilize as an integrated DHCP # server. If you already have a DHCP server, you will need to disable # this setting, and perform manual configuration of your DHCP server. include_dhcp_server: true # *_git_url can be overridden by local clones for offline installs dib_git_url: https://git.openstack.org/openstack/diskimage-builder ironicclient_git_url: https://git.openstack.org/openstack/python-ironicclient shade_git_url: https://git.openstack.org/openstack-infra/shade ironic_git_url: https://git.openstack.org/openstack/ironic ironicinspector_git_url: https://github.com/openstack/ironic-inspector ironicinspectorclient_git_url: https://github.com/openstack/python-ironic-inspector-client mysql_username: "root" mysql_password: "" disable_dnsmasq_dns: False ironic_git_folder: /opt/stack/ironic ironicclient_git_folder: /opt/stack/python-ironicclient shade_git_folder: /opt/stack/shade dib_git_folder: /opt/stack/diskimage-builder reqs_git_folder: /opt/stack/requirements staging_drivers_git_folder: /opt/stack/ironic-staging-drivers ironicinspector_git_folder: /opt/stack/ironic-inspector ironicinspectorclient_git_folder: /opt/stack/python-ironic-inspector-client staging_drivers_git_url: http://git.openstack.org/cgit/openstack/ironic-staging-drivers # Comma-separated list, in the format of a string, of drivers that are enabled # by default. This is intended to be a list of agent based drivers. # PXE drivers can be found in the setting pxe_drivers that can be found below. enabled_drivers: "agent_ipmitool,agent_ilo,agent_ucs" # DHCP pool for requests -- ignored if inventory_dhcp is set to True # since IP allocation will be static. dhcp_pool_start: 192.168.1.200 dhcp_pool_end: 192.168.1.250 dhcp_lease_time: 12h dhcp_static_mask: 255.255.255.0 # Dnsmasq default route for clients. If not defined, dnsmasq will push to clients # as default route the same IP of the dnsmasq server. # If set to false, it will disable default route creation in clients. # Default: undefined # dnsmasq_router: # Dnsmasq default dns servers for clients. If defined, dnsmasq will use the specified # DNS servers for name resolving. # dnsmasq_dns_servers: 8.8.8.8,8.8.4.4 # Support for CORS configuration # By default CORS support is disabled. enable_cors: false # Origin to accept for CORS requests cors_allowed_origin: "http://localhost:8000" # bifrost utilizes noauth mode by default and as such # the setting should be set to false. This setting should # not need to be modified by the user. enable_cors_credential_support: false # Set this to true to configure dnsmasq to respond to requests from the # hosts in your dynamic inventory. inventory_dhcp: False # Set this to true to configure dnsmasq to resolv to ipv4_address from the # hosts in your dynamic inventory. inventory_dns: False # Settings to enable the use of inspector enable_inspector: true inspector_auth: "noauth" # Deprecated: inspector_auth will be removed in Pike, and is # overriden when enable_keystone is set to true. #inspector_auth: "noauth" inspector_debug: true inspector_manage_firewall: false # Deprecated: ironic_auth_strategy will be removed in Pike. ironic_auth_strategy: "noauth" inspector_data_dir: "/opt/stack/ironic-inspector/var" inspector_store_ramdisk_logs: true # Note: inspector_port_addition has three valid values: all, active, pxe inspector_port_addition: "pxe" # Note: inspector_keep_ports has three valid values: all, present, added inspector_keep_ports: "present" # Inspector defaults inspector: discovery: enabled: "{{ enable_inspector_discovery | default(true) }}" default_node_driver: "{{ inspector_default_node_driver | default('agent_ipmitool')}}" # We may not have packaged iPXE files on some distros, or may want to # download them on their own. download_ipxe: false # This enables installation of substrate for PXE driver support enable_pxe_drivers: true # Comma-separated list of PXE drivers to enable when # enable_pxe_drivers is set to true pxe_drivers: "pxe_amt,pxe_ssh,pxe_ipmitool,pxe_ilo" # Settings related to installing bifrost in a virtual environment enable_venv: false bifrost_venv_dir: "{{ lookup('env', 'VENV') | default('/opt/stack/bifrost') }}" bifrost_venv_env: VIRTUAL_ENV: "{{ bifrost_venv_dir }}" PATH: "{{ bifrost_venv_dir }}/bin:{{ ansible_env.PATH }}" # include regular path via lookup env pydoc: "python -m pydoc" # Authentication support # By default, bifrost was developed around being a toolkit # for noauth mode. Since we are introducing the concept of # authentication, we need to record the default for # conditional statements in the playbooks. noauth_mode: true # Keystone Support # Default parameter if keystone is enabled, or disabled. enable_keystone: false # NOTE: The keystone support in this role # expects the keystone.bootstrap variables to # either be loaded OR present from keystone # installation. The keystone settings below # should only be used if the role is utilized # independently of the keystone installation # role, such as leveraging a pre-existing # keystone installation. # WARNING: Using a pre-existing keystone has # not been tested. # #keystone: # debug: true # bootstrap: # enabled: true # username: admin # password: ChangeThisPa55w0rd # project_name: admin # admin_url: "http://127.0.0.1:35357/v3/" # public_url: "http://127.0.0.1:5000/v3/" # internal_url: "http://127.0.0.1:5000/v3/" # region_name: "RegionOne" # message_queue: # username: keystone # password: ChangeThisPa55w0rd # host: 127.0.0.1 # database: # name: keystone # username: keystone # password: ChangeThisPa55w0rd # host: 127.0.0.1 ironic: service_catalog: username: "ironic" password: "ChangeThisPa55w0rd" auth_url: "http://127.0.0.1:5000/v3" project_name: "service" keystone: default_username: "bifrost_user" default_password: "ChangeThisPa55w0rd" ironic_inspector: service_catalog: username: "ironic_inspector" password: "ChangeThisPa55w0rd" auth_url: "http://127.0.0.1:5000/v3" project_name: "service" keystone: default_username: "inspector_user" default_password: "ChangeThisPa55w0rd" # public_url: "http://127.0.0.1:5050/" # private_url: "http://127.0.0.1:5050/" # internal_url: "http://127.0.0.1:5050/" # TODO(TheJulia): Thinking outloud, I we ought to head in the # direction of identifying the address of the conductor host # in a more uniform fashion. What that is exactly, is TBD. my_ip_address: "{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}"