# {{ ansible_managed }} [DEFAULT] listen_address = {{ ironic_inspector_service_address }} listen_port = {{ ironic_inspector_service_port }} rootwrap_config = /etc/ironic-inspector/rootwrap.conf auth_strategy = keystone debug = {{ debug }} # RPC Backend transport_url = {{ ironic_inspector_oslomsg_rpc_transport }}://{% for host in ironic_inspector_oslomsg_rpc_servers.split(',') %}{{ ironic_inspector_oslomsg_rpc_userid }}:{{ ironic_oslomsg_rpc_password }}@{{ host }}:{{ ironic_inspector_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ ironic_inspector_oslomsg_rpc_vhost }}{% if ironic_inspector_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} [capabilities] [cors] [database] connection = {{ ironic_inspector_openstack_db_connection_string }} max_overflow = {{ ironic_inspector_db_max_overflow }} max_pool_size = {{ ironic_inspector_db_max_pool_size }} pool_timeout = {{ ironic_inspector_db_pool_timeout }} connection_recycle_time = {{ ironic_inspector_db_connection_recycle_time }} [discovery] enroll_node_driver = ipmi [dnsmasq_pxe_filter] {% if ironic_inspector_pxe_filter == "dnsmasq" %} dhcp_hostsdir = /etc/ironic-inspector/dhcp-hostsdir dnsmasq_start_command = systemctl start ironic-inspector-dnsmasq dnsmasq_stop_command = systemctl stop ironic-inspector-dnsmasq {% endif %} [healthcheck] enabled = True [iptables] {% if ironic_inspector_pxe_filter == "iptables" %} manage_firewall = True {% endif %} dnsmasq_interface = {{ ironic_inspector_dhcp_interface }} [ironic] username = ironic password = {{ ironic_service_password }} project_name = service user_domain_name = {{ ironic_service_user_domain_id }} project_domain_name = {{ ironic_service_project_domain_id }} auth_url = {{ keystone_service_adminurl }} insecure = {{ keystone_service_adminuri_insecure | bool }} auth_type = password valid_interfaces = internal,public insecure = {{ keystone_service_internaluri_insecure | bool }} [keystone_authtoken] insecure = {{ keystone_service_internaluri_insecure | bool }} auth_type = password auth_url = {{ keystone_service_adminuri }} auth_uri = {{ keystone_service_internaluri }} project_domain_id = default user_domain_id = default project_name = "service" username = ironic_inspector password = {{ ironic_inspector_service_password }} region_name = {{ keystone_service_region }} service_token_roles = {{ ironic_inspector_service_token_roles | join(',') }} service_token_roles_required = {{ ironic_inspector_service_token_roles_required | bool }} service_type = {{ ironic_inspector_service_type }} memcached_servers = {{ memcached_servers }} # if your memcached server is shared, use these settings to avoid cache poisoning memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcached_encryption_key }} [oslo_policy] [pci_devices] [processing] add_ports = pxe keep_ports = present store_data = database store_data_location = report_path ramdisk_logs_dir = {{ ironic_system_home_folder }}/ramdisk-logs always_store_ramdisk_logs = true {% if ironic_inspector_processing_hooks is defined %} processing_hooks = {{ ironic_inspector_processing_hooks }} {% endif %} {% if ironic_inspector_enable_discovery == true %} node_not_found_hook = enroll {% endif %} [pxe_filter] {% if ironic_inspector_dhcp_type == "isc_dhcp" %} driver = iptables {% else %} driver = dnsmasq {% endif %} [swift] username = swift-inspector password = {{ ironic_inspector_swift_password }} project_name = ironic-inspector user_domain_name = default project_domain_name = default auth_url = {{ keystone_service_adminurl }} insecure = {{ keystone_service_adminuri_insecure | bool }} auth_type = password valid_interfaces = internal,public container = ironic-inspector