4418c1641b
The dnsmasq PXE filter [1] provides far better scalability than the iptables filter typically used. Inspector manages files in a dhcp-hostsdir directory that is watched by dnsmasq via inotify. Dnsmasq then either whitelists or blacklists MAC addresses based on the contents of these files. This change adds a new variable, ironic_inspector_pxe_filter, that can be used to configure the PXE filter for ironic inspector. Currently supported values are 'iptables' and 'dnsmasq', with 'iptables' being the default for backwards compatibility. [1] https://docs.openstack.org/ironic-inspector/latest/admin/dnsmasq-pxe-filter.html Implements: blueprint ironic-inspector-dnsmasq-pxe-filter Change-Id: I73cae9c33b49972342cf1984372a5c784df5cbc2
26 lines
1004 B
Django/Jinja
26 lines
1004 B
Django/Jinja
port=0
|
|
interface={{ ironic_dnsmasq_interface }}
|
|
dhcp-range={{ ironic_dnsmasq_dhcp_range }}
|
|
{% if ironic_dnsmasq_default_gateway is not none %}
|
|
dhcp-option=3,{{ ironic_dnsmasq_default_gateway }}
|
|
{% endif %}
|
|
dhcp-option=option:tftp-server,{{ api_interface_address }}
|
|
dhcp-option=option:server-ip-address,{{ api_interface_address }}
|
|
bind-interfaces
|
|
dhcp-sequential-ip
|
|
dhcp-option=210,/tftpboot/
|
|
{% if enable_ironic_ipxe | bool %}
|
|
dhcp-match=ipxe,175
|
|
dhcp-match=set:efi,option:client-arch,7
|
|
dhcp-match=set:efi,option:client-arch,9
|
|
# Client is already running iPXE; move to next stage of chainloading
|
|
dhcp-option=tag:ipxe,option:bootfile-name,{{ ironic_ipxe_url }}/inspector.ipxe
|
|
# Client is PXE booting over EFI without iPXE ROM,
|
|
# send EFI version of iPXE chainloader
|
|
dhcp-option=tag:efi,tag:!ipxe,option:bootfile-name,ipxe.efi
|
|
{% endif %}
|
|
dhcp-option=option:bootfile-name,{{ ironic_dnsmasq_boot_file }}
|
|
{% if ironic_inspector_pxe_filter == 'dnsmasq' %}
|
|
dhcp-hostsdir=/etc/dnsmasq/dhcp-hostsdir
|
|
{% endif %}
|