--- ironic_services: ironic-api: container_name: ironic_api group: ironic-api enabled: true image: "{{ ironic_api_image_full }}" volumes: "{{ ironic_api_default_volumes + ironic_api_extra_volumes }}" dimensions: "{{ ironic_api_dimensions }}" healthcheck: "{{ ironic_api_healthcheck }}" haproxy: ironic_api: enabled: "{{ enable_ironic }}" mode: "http" external: false port: "{{ ironic_api_port }}" listen_port: "{{ ironic_api_listen_port }}" tls_backend: "{{ ironic_enable_tls_backend }}" ironic_api_external: enabled: "{{ enable_ironic }}" mode: "http" external: true port: "{{ ironic_api_port }}" listen_port: "{{ ironic_api_listen_port }}" tls_backend: "{{ ironic_enable_tls_backend }}" ironic-conductor: container_name: ironic_conductor group: ironic-conductor enabled: true image: "{{ ironic_conductor_image_full }}" privileged: True volumes: "{{ ironic_conductor_default_volumes + ironic_conductor_extra_volumes }}" dimensions: "{{ ironic_conductor_dimensions }}" healthcheck: "{{ ironic_conductor_healthcheck }}" ironic-inspector: container_name: ironic_inspector group: ironic-inspector enabled: true image: "{{ ironic_inspector_image_full }}" privileged: True volumes: "{{ ironic_inspector_default_volumes + ironic_inspector_extra_volumes }}" dimensions: "{{ ironic_inspector_dimensions }}" healthcheck: "{{ ironic_inspector_healthcheck }}" haproxy: ironic_inspector: enabled: "{{ enable_ironic }}" mode: "http" external: false port: "{{ ironic_inspector_port }}" listen_port: "{{ ironic_inspector_listen_port }}" ironic_inspector_external: enabled: "{{ enable_ironic }}" mode: "http" external: true port: "{{ ironic_inspector_port }}" listen_port: "{{ ironic_inspector_listen_port }}" ironic-tftp: container_name: ironic_tftp group: ironic-tftp enabled: true image: "{{ ironic_pxe_image_full }}" environment: TFTPBOOT_PATH: /var/lib/ironic/tftpboot HTTPBOOT_PATH: /var/lib/ironic/httpboot volumes: "{{ ironic_tftp_default_volumes + ironic_tftp_extra_volumes }}" dimensions: "{{ ironic_tftp_dimensions }}" ironic-http: container_name: ironic_http group: ironic-http # NOTE(mgoddard): This container is always enabled, since may be used by # the direct deploy driver. enabled: true image: "{{ ironic_pxe_image_full }}" volumes: "{{ ironic_http_default_volumes + ironic_http_extra_volumes }}" dimensions: "{{ ironic_http_dimensions }}" healthcheck: "{{ ironic_http_healthcheck }}" ironic-dnsmasq: container_name: ironic_dnsmasq group: ironic-inspector enabled: true cap_add: - NET_ADMIN image: "{{ ironic_dnsmasq_image_full }}" volumes: "{{ ironic_dnsmasq_default_volumes + ironic_dnsmasq_extra_volumes }}" dimensions: "{{ ironic_dnsmasq_dimensions }}" #################### # Database #################### ironic_database_name: "ironic" ironic_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic{% endif %}" ironic_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}" ironic_inspector_database_name: "ironic_inspector" ironic_inspector_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic_inspector{% endif %}" ironic_inspector_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}" #################### # Docker #################### ironic_tag: "{{ openstack_tag }}" ironic_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-ironic-api" ironic_api_tag: "{{ ironic_tag }}" ironic_api_image_full: "{{ ironic_api_image }}:{{ ironic_api_tag }}" ironic_conductor_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-ironic-conductor" ironic_conductor_tag: "{{ ironic_tag }}" ironic_conductor_image_full: "{{ ironic_conductor_image }}:{{ ironic_conductor_tag }}" ironic_pxe_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-ironic-pxe" ironic_pxe_tag: "{{ ironic_tag }}" ironic_pxe_image_full: "{{ ironic_pxe_image }}:{{ ironic_pxe_tag }}" ironic_inspector_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-ironic-inspector" ironic_inspector_tag: "{{ ironic_tag }}" ironic_inspector_image_full: "{{ ironic_inspector_image }}:{{ ironic_inspector_tag }}" ironic_dnsmasq_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-dnsmasq" ironic_dnsmasq_tag: "{{ ironic_tag }}" ironic_dnsmasq_image_full: "{{ ironic_dnsmasq_image }}:{{ ironic_dnsmasq_tag }}" ironic_api_dimensions: "{{ default_container_dimensions }}" ironic_conductor_dimensions: "{{ default_container_dimensions }}" ironic_tftp_dimensions: "{{ default_container_dimensions }}" ironic_http_dimensions: "{{ default_container_dimensions }}" ironic_inspector_dimensions: "{{ default_container_dimensions }}" ironic_dnsmasq_dimensions: "{{ default_container_dimensions }}" ironic_api_enable_healthchecks: "{{ enable_container_healthchecks }}" ironic_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}" ironic_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}" ironic_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" ironic_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl http://{{ api_interface_address | put_address_in_context('url') }}:{{ ironic_api_listen_port }}"] ironic_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" ironic_api_healthcheck: interval: "{{ ironic_api_healthcheck_interval }}" retries: "{{ ironic_api_healthcheck_retries }}" start_period: "{{ ironic_api_healthcheck_start_period }}" test: "{% if ironic_api_enable_healthchecks | bool %}{{ ironic_api_healthcheck_test }}{% else %}NONE{% endif %}" timeout: "{{ ironic_api_healthcheck_timeout }}" ironic_conductor_enable_healthchecks: "{{ enable_container_healthchecks }}" ironic_conductor_healthcheck_interval: "{{ default_container_healthcheck_interval }}" ironic_conductor_healthcheck_retries: "{{ default_container_healthcheck_retries }}" ironic_conductor_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" ironic_conductor_healthcheck_test: ["CMD-SHELL", "healthcheck_port ironic-conductor {{ om_rpc_port }}"] ironic_conductor_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" ironic_conductor_healthcheck: interval: "{{ ironic_conductor_healthcheck_interval }}" retries: "{{ ironic_conductor_healthcheck_retries }}" start_period: "{{ ironic_conductor_healthcheck_start_period }}" test: "{% if ironic_conductor_enable_healthchecks | bool %}{{ ironic_conductor_healthcheck_test }}{% else %}NONE{% endif %}" timeout: "{{ ironic_conductor_healthcheck_timeout }}" ironic_inspector_enable_healthchecks: "{{ enable_container_healthchecks }}" ironic_inspector_healthcheck_interval: "{{ default_container_healthcheck_interval }}" ironic_inspector_healthcheck_retries: "{{ default_container_healthcheck_retries }}" ironic_inspector_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" ironic_inspector_healthcheck_test: ["CMD-SHELL", "healthcheck_port ironic-inspector {{ om_rpc_port }}"] ironic_inspector_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" ironic_inspector_healthcheck: interval: "{{ ironic_inspector_healthcheck_interval }}" retries: "{{ ironic_inspector_healthcheck_retries }}" start_period: "{{ ironic_inspector_healthcheck_start_period }}" test: "{% if ironic_inspector_enable_healthchecks | bool %}{{ ironic_inspector_healthcheck_test }}{% else %}NONE{% endif %}" timeout: "{{ ironic_inspector_healthcheck_timeout }}" ironic_http_enable_healthchecks: "{{ enable_container_healthchecks }}" ironic_http_healthcheck_interval: "{{ default_container_healthcheck_interval }}" ironic_http_healthcheck_retries: "{{ default_container_healthcheck_retries }}" ironic_http_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}" ironic_http_healthcheck_test: ["CMD-SHELL", "healthcheck_listen {% if kolla_base_distro in ['debian', 'ubuntu'] %}apache2{% else %}httpd{% endif %} {{ ironic_http_port }}"] ironic_http_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}" ironic_http_healthcheck: interval: "{{ ironic_http_healthcheck_interval }}" retries: "{{ ironic_http_healthcheck_retries }}" start_period: "{{ ironic_http_healthcheck_start_period }}" test: "{% if ironic_http_enable_healthchecks | bool %}{{ ironic_http_healthcheck_test }}{% else %}NONE{% endif %}" timeout: "{{ ironic_http_healthcheck_timeout }}" ironic_api_default_volumes: - "{{ node_config_directory }}/ironic-api/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}" - "kolla_logs:/var/log/kolla" - "{{ kolla_dev_repos_directory ~ '/ironic/ironic:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/ironic' if ironic_dev_mode | bool else '' }}" ironic_conductor_default_volumes: - "{{ node_config_directory }}/ironic-conductor/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}" - "/lib/modules:/lib/modules:ro" - "/sys:/sys" - "/dev:/dev" - "/run:/run:shared" - "kolla_logs:/var/log/kolla" - "ironic:/var/lib/ironic" - "{{ kolla_dev_repos_directory ~ '/ironic/ironic:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/ironic' if ironic_dev_mode | bool else '' }}" ironic_tftp_default_volumes: - "{{ node_config_directory }}/ironic-tftp/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}" - "ironic:/var/lib/ironic" - "kolla_logs:/var/log/kolla" ironic_http_default_volumes: - "{{ node_config_directory }}/ironic-http/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}" - "ironic:/var/lib/ironic" - "kolla_logs:/var/log/kolla" ironic_inspector_default_volumes: - "{{ node_config_directory }}/ironic-inspector/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}" - "kolla_logs:/var/log/kolla" - "ironic_inspector_dhcp_hosts:/var/lib/ironic-inspector/dhcp-hostsdir" - "{{ kolla_dev_repos_directory ~ '/ironic-inspector/ironic_inspector:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/ironic_inspector' if ironic_dev_mode | bool else '' }}" ironic_dnsmasq_default_volumes: - "{{ node_config_directory }}/ironic-dnsmasq/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}" - "kolla_logs:/var/log/kolla" - "ironic_inspector_dhcp_hosts:/etc/dnsmasq/dhcp-hostsdir:ro" ironic_extra_volumes: "{{ default_extra_volumes }}" ironic_api_extra_volumes: "{{ ironic_extra_volumes }}" ironic_conductor_extra_volumes: "{{ ironic_extra_volumes }}" ironic_tftp_extra_volumes: "{{ ironic_extra_volumes }}" ironic_http_extra_volumes: "{{ ironic_extra_volumes }}" ironic_inspector_extra_volumes: "{{ ironic_extra_volumes }}" ironic_dnsmasq_extra_volumes: "{{ ironic_extra_volumes }}" #################### # OpenStack #################### ironic_inspector_keystone_user: "ironic-inspector" ironic_inspector_internal_endpoint: "{{ internal_protocol }}://{{ ironic_inspector_internal_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}" ironic_inspector_public_endpoint: "{{ public_protocol }}://{{ ironic_inspector_external_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}" ironic_logging_debug: "{{ openstack_logging_debug }}" openstack_ironic_auth: "{{ openstack_auth }}" openstack_ironic_inspector_auth: "{{ openstack_auth }}" ######### # Ironic ######### ironic_dnsmasq_interface: "{{ api_interface }}" ironic_dnsmasq_dhcp_ranges: ironic_dnsmasq_dhcp_default_lease_time: "10m" # TODO(yoctozepto): Do not rely on deprecated enable_ironic_ipxe in Zed. ironic_dnsmasq_serve_ipxe: "{{ enable_ironic_ipxe | default(\"yes\") }}" ironic_dnsmasq_boot_file: "{% if ironic_dnsmasq_serve_ipxe | bool %}undionly.kpxe{% else %}pxelinux.0{% endif %}" ironic_dnsmasq_uefi_ipxe_boot_file: "snponly.efi" ironic_cleaning_network: ironic_console_serial_speed: "115200n8" ironic_http_url: "http://{{ api_interface_address | put_address_in_context('url') }}:{{ ironic_http_port }}" ironic_enable_rolling_upgrade: "yes" ironic_upgrade_skip_wait_check: false ironic_inspector_kernel_cmdline_extras: [] ironic_inspector_pxe_filter: "{% if enable_neutron | bool %}dnsmasq{% else %}noop{% endif %}" #################### ## Kolla ##################### ironic_inspector_git_repository: "{{ kolla_dev_repos_git }}/ironic-inspector" ironic_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}" ironic_dev_repos_pull: "{{ kolla_dev_repos_pull }}" ironic_dev_mode: "{{ kolla_dev_mode }}" ironic_source_version: "{{ kolla_source_version }}" #################### # Notifications #################### ironic_notification_topics: - name: notifications enabled: "{{ enable_ceilometer | bool }}" ironic_enabled_notification_topics: "{{ ironic_notification_topics | selectattr('enabled', 'equalto', true) | list }}" #################### # Keystone #################### ironic_enable_keystone_integration: "{{ enable_keystone | bool }}" ironic_ks_services: - name: "ironic" type: "baremetal" description: "Ironic baremetal provisioning service" endpoints: - {'interface': 'internal', 'url': '{{ ironic_internal_endpoint }}'} - {'interface': 'public', 'url': '{{ ironic_public_endpoint }}'} - name: "ironic-inspector" type: "baremetal-introspection" description: "Ironic Inspector baremetal introspection service" endpoints: - {'interface': 'internal', 'url': '{{ ironic_inspector_internal_endpoint }}'} - {'interface': 'public', 'url': '{{ ironic_inspector_public_endpoint }}'} ironic_ks_users: - project: "service" user: "{{ ironic_keystone_user }}" password: "{{ ironic_keystone_password }}" role: "admin" - project: "service" user: "{{ ironic_inspector_keystone_user }}" password: "{{ ironic_inspector_keystone_password }}" role: "admin" #################### # TLS #################### ironic_enable_tls_backend: "{{ kolla_enable_tls_backend }}"