# {{ ansible_managed }}

[DEFAULT]
# Disable stderr logging
use_stderr = False
use_journal = True
debug = {{ debug }}

auth_strategy = {{ ironic_auth_strategy }}
host = {{ inventory_hostname }}

memcached_servers = {{ ironic_memcached_servers }}
enabled_network_interfaces = {{ ironic_enabled_network_interfaces_list }}
default_network_interface = {{ ironic_default_network_interface }}

## RPC Backend
transport_url = {{ ironic_oslomsg_rpc_transport }}://{% for host in ironic_oslomsg_rpc_servers.split(',') %}{{ ironic_oslomsg_rpc_userid }}:{{ ironic_oslomsg_rpc_password }}@{{ host }}:{{ ironic_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ ironic_oslomsg_rpc_vhost }}{% if ironic_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}

# drivers
enabled_hardware_types = {{ filtered_ironic_drivers | json_query('[*].hardware_type') | unique | join(',') }}
enabled_boot_interfaces = {{ filtered_ironic_drivers | json_query('[*].boot') | unique | join(',') }}
enabled_deploy_interfaces = {{ filtered_ironic_drivers | json_query('[*].deploy') | unique | join(',') }}
enabled_inspect_interfaces = {{ filtered_ironic_drivers | json_query('[*].inspect') | unique | join(',') }}
enabled_management_interfaces = {{ filtered_ironic_drivers | json_query('[*].management') | unique | join(',') }}
enabled_power_interfaces = {{ filtered_ironic_drivers | json_query('[*].power') | unique | join(',') }}


[agent]

[amt]

[api]

[cimc]

[cisco_ucs]

[conductor]
{% if ironic_standalone | bool %}
api_url = {{ ironic_service_internaluri }}/
{% endif %}
sync_power_state_interval = {{ ironic_sync_power_state_interval }}
automated_clean = {{ ironic_automated_clean }}

[console]

[cors]

[cors.subdomain]

[database]
connection = {{ ironic_db_connection_string }}
max_overflow = {{ ironic_db_max_overflow }}
max_pool_size = {{ ironic_db_max_pool_size }}
pool_timeout = {{ ironic_db_pool_timeout }}

[deploy]
erase_devices_priority = {{ ironic_erase_devices_priority }}
{% if not ironic_standalone | bool %}
object_store_endpoint_type = {{ ironic_swift_url_endpoint_type }}
{% endif %}
{% if ironic_enable_web_server_for_images | bool %}
http_root ={{ ironic_http_root }}
http_url = {{ ironic_http_url }}
{% endif %}

[dhcp]
dhcp_provider = {{ ironic_dhcp_provider }}

[disk_partitioner]

[disk_utils]

[glance]
# TODO(evrardjp): Remove this in the future to use the service catalog
# and reduce the amount of variables.
auth_url = {{ ironic_glance_keystone_auth_url }}
auth_type = {{ ironic_glance_keystone_auth_plugin }}
project_name = {{ ironic_glance_service_project_name }}
project_domain_id = {{ ironic_glance_service_project_domain_id }}
username = {{ ironic_glance_service_user_name }}
user_domain_id = {{ ironic_glance_service_user_domain_id }}
password = {{ glance_service_password }}
glance_api_servers = {{ ironic_glance_api_servers }}
{% if not ironic_standalone | bool and not ironic_enable_web_server_for_images | bool %}
swift_temp_url_key = {{ ironic_swift_temp_url_secret_key }}
swift_container = {{ ironic_swift_image_container }}
swift_endpoint_url = {{ ironic_swift_endpoint }}
swift_account = {{ ironic_swift_auth_account }}
swift_api_version = {{ ironic_swift_api_version }}
{% endif %}

[iboot]

[ilo]
{% if ironic_enable_web_server_for_images | bool %}
use_web_server_for_images = True
{% endif %}

[inspector]
{% if  ironic_services['ironic-inspector']['group'] in group_names %}
auth_type = {{ ironic_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminuri }}
insecure = {{ keystone_service_internaluri_insecure | bool }}
password = {{ ironic_inspector_service_password  }}
project_domain_name = {{ ironic_inspector_service_domain_id }}
project_name ={{ ironic_inspector_service_project_name }}
user_domain_name = {{ ironic_inspector_service_domain_id }}
username = {{ ironic_inspector_service_user_name }}
valid_interfaces = {{ ironic_inspector_valid_interfaces }}
{% endif %}

[ipmi]

[irmc]

[ironic_lib]

[keystone]
region_name = {{ ironic_service_region }}

[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ ironic_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminuri }}
www_authenticate_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ ironic_service_project_domain_id }}
user_domain_id = {{ ironic_service_user_domain_id }}
project_name = {{ ironic_service_project_name }}
username = {{ ironic_service_user_name }}
password = {{ ironic_service_password }}
region_name = {{ keystone_service_region }}

memcached_servers = {{ ironic_memcached_servers }}

token_cache_time = 300

# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}

[matchmaker_redis]

[service_catalog]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ ironic_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminuri }}
www_authenticate_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ ironic_service_project_domain_id }}
user_domain_id = {{ ironic_service_user_domain_id }}
project_name = {{ ironic_service_project_name }}
username = {{ ironic_service_user_name }}
password = {{ ironic_service_password }}
region_name = {{ keystone_service_region }}


[neutron]
auth_type = password
# Keystone auth using ironic credentials
username = {{ ironic_service_user_name }}
password = {{ ironic_service_password }}
project_name = {{ ironic_service_project_name }}
user_domain_id = {{ ironic_service_user_domain_id }}
project_domain_id = {{ ironic_service_project_domain_id }}
auth_url = {{ keystone_service_adminurl }}
insecure = {{ keystone_service_adminuri_insecure | bool }}
{% if ironic_neutron_provisioning_network_name is defined %}
provisioning_network = {{ ironic_neutron_provisioning_network_uuid | default(ironic_neutron_provisioning_network_name) | default('') }}
cleaning_network = {{ ironic_neutron_cleaning_network_uuid | default(ironic_neutron_cleaning_network_name) | default(ironic_neutron_provisioning_network_uuid) | default(ironic_neutron_provisioning_network_name) | default('') }}
{% endif %}

[oslo_concurrency]
lock_path = {{ ironic_lock_path }}

[oslo_messaging_amqp]

[oslo_messaging_notifications]
transport_url = {{ ironic_oslomsg_notify_transport }}://{% for host in ironic_oslomsg_notify_servers.split(',') %}{{ ironic_oslomsg_notify_userid }}:{{ ironic_oslomsg_notify_password }}@{{ host }}:{{ ironic_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ ironic_oslomsg_notify_vhost }}{% if ironic_oslomsg_notify_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}

[oslo_messaging_rabbit]
ssl = {{ ironic_oslomsg_rpc_use_ssl }}
pool_max_size = {{ ironic_wsgi_processes }}


[oslo_policy]

[pxe]
tftp_server = {{ ironic_tftp_server_address }}
pxe_append_params = {{ ironic_pxe_append_params }}
tftp_root = {{ ironic_tftpd_root }}
tftp_master_path = {{ ironic_tftpd_root }}/master_images

[seamicro]

[snmp]

[ssh]

[ssl]

[swift]

[virtualbox]