5d3eed23a7
deployments This allows services to work with etcd when coordination is enabled for TLS internal deployments. Without this fix, we fail to connect to etcd with the coordination backend and the service itself crashes. Change-Id: I0c1d6b87e663e48c15a846a2774b0a4531a3ca68
91 lines
3.1 KiB
Django/Jinja
91 lines
3.1 KiB
Django/Jinja
[DEFAULT]
|
|
debug = {{ ironic_logging_debug }}
|
|
log_dir = /var/log/kolla/ironic-inspector
|
|
|
|
{% if not ironic_enable_keystone_integration | bool %}
|
|
auth_strategy = noauth
|
|
{% endif %}
|
|
listen_address = {{ api_interface_address }}
|
|
listen_port = {{ ironic_inspector_listen_port }}
|
|
transport_url = {{ rpc_transport_url }}
|
|
|
|
[oslo_messaging_notifications]
|
|
transport_url = {{ notify_transport_url }}
|
|
|
|
[oslo_messaging_rabbit]
|
|
heartbeat_in_pthread = true
|
|
{% if om_enable_rabbitmq_tls | bool %}
|
|
ssl = true
|
|
ssl_ca_file = {{ om_rabbitmq_cacert }}
|
|
{% endif %}
|
|
{% if om_enable_rabbitmq_high_availability | bool %}
|
|
amqp_durable_queues = true
|
|
{% endif %}
|
|
|
|
[ironic]
|
|
{% if ironic_enable_keystone_integration | bool %}
|
|
auth_url = {{ keystone_internal_url }}
|
|
auth_type = password
|
|
project_domain_id = {{ default_project_domain_id }}
|
|
user_domain_id = {{ default_user_domain_id }}
|
|
project_name = service
|
|
username = {{ ironic_inspector_keystone_user }}
|
|
password = {{ ironic_inspector_keystone_password }}
|
|
valid_interfaces = internal
|
|
cafile = {{ openstack_cacert }}
|
|
region_name = {{ openstack_region_name }}
|
|
{% else %}
|
|
auth_type = none
|
|
endpoint_override = {{ ironic_internal_endpoint }}
|
|
{% endif %}
|
|
|
|
{% if ironic_enable_keystone_integration | bool %}
|
|
[keystone_authtoken]
|
|
service_type = baremetal-introspection
|
|
www_authenticate_uri = {{ keystone_internal_url }}
|
|
auth_url = {{ keystone_internal_url }}
|
|
auth_type = password
|
|
project_domain_id = {{ default_project_domain_id }}
|
|
user_domain_id = {{ default_user_domain_id }}
|
|
project_name = service
|
|
username = {{ ironic_inspector_keystone_user }}
|
|
password = {{ ironic_inspector_keystone_password }}
|
|
cafile = {{ openstack_cacert }}
|
|
region_name = {{ openstack_region_name }}
|
|
|
|
memcache_security_strategy = ENCRYPT
|
|
memcache_secret_key = {{ memcache_secret_key }}
|
|
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if ironic_policy_file is defined %}
|
|
[oslo_policy]
|
|
policy_file = {{ ironic_policy_file }}
|
|
{% endif %}
|
|
|
|
[database]
|
|
connection = mysql+pymysql://{{ ironic_inspector_database_user }}:{{ ironic_inspector_database_password }}@{{ ironic_inspector_database_address }}/{{ ironic_inspector_database_name }}
|
|
connection_recycle_time = {{ database_connection_recycle_time }}
|
|
max_pool_size = {{ database_max_pool_size }}
|
|
|
|
[processing]
|
|
ramdisk_logs_dir = /var/log/kolla/ironic-inspector
|
|
|
|
[pxe_filter]
|
|
driver = {{ ironic_inspector_pxe_filter }}
|
|
|
|
{% if ironic_inspector_pxe_filter == 'iptables' %}
|
|
[iptables]
|
|
dnsmasq_interface = {{ ironic_dnsmasq_interface }}
|
|
{% endif %}
|
|
|
|
[coordination]
|
|
{% if ironic_coordination_backend == 'redis' %}
|
|
backend_url = {{ redis_connection_string }}
|
|
{% elif ironic_coordination_backend == 'etcd' %}
|
|
# NOTE(yoctozepto): we must use etcd3gw (aka etcd3+http) due to issues with alternative (etcd3) and eventlet (as used by cinder)
|
|
# see https://bugs.launchpad.net/kolla-ansible/+bug/1854932
|
|
# and https://review.opendev.org/466098 for details
|
|
backend_url = etcd3+{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ etcd_client_port }}{% if openstack_cacert %}?ca_cert={{ openstack_cacert }}{% endif %}
|
|
{% endif %}
|