d6f4ef81f6
Bifrost supports enabling TLS for the services it deploys, as well as generating a self-signed TLS certificate. Let's use it. Change-Id: I2a60ec780c37895e810cdba65bb485d0986a196d
36 lines
1.3 KiB
Django/Jinja
36 lines
1.3 KiB
Django/Jinja
---
|
|
# Ironic log directory.
|
|
ironic_log_dir: "/var/log/kolla/ironic"
|
|
|
|
# Ironic inspector log directory.
|
|
inspector_log_dir: "/var/log/kolla/ironic-inspector"
|
|
|
|
# Ironic Python Agent deploy logs directory
|
|
ironic_agent_deploy_logs_local_path: "/var/log/kolla/ironic/deploy"
|
|
|
|
# Nginx log directory.
|
|
nginx_log_dir: "/var/log/kolla/nginx"
|
|
|
|
ansible_python_interpreter: /var/lib/kolla/venv/bin/python
|
|
network_interface: "{{ bifrost_network_interface }}"
|
|
|
|
# Ironic creates hardlinks between the TFTP master image store and the
|
|
# HTTP root path when iPXE is enabled. With Docker volumes used for these
|
|
# locations we run into https://bugs.launchpad.net/ironic/+bug/1507894
|
|
# during deployment. If we use a directory under /httpboot to store the
|
|
# master images this issue is avoided.
|
|
ironic_tftp_master_path: "/httpboot/master_images"
|
|
|
|
# Bifrost in Yoga changed the default TFTP and HTTP boot directories to reside
|
|
# under /var/lib/ironic/. Avoid this breaking us by reverting to the previous
|
|
# defaults. https://review.opendev.org/c/openstack/bifrost/+/822743
|
|
tftp_boot_folder: "/tftpboot"
|
|
http_boot_folder: "/httpboot"
|
|
|
|
# Enable TLS and generate self-signed certificates.
|
|
enable_tls: true
|
|
generate_tls: true
|
|
# NOTE: Needs to be world-readable, writeable by root, and persistent, which
|
|
# the default /etc/bifrost is not.
|
|
tls_root: "/etc/bifrost-certs"
|