openstack/kolla-ansible
Code Issues Proposed changes
2b88144c05
kolla-ansible/ansible/roles/ironic/defaults/main.yml
Matt Crees 6c2aace8d6 Integrate oslo-config-validator 
Regularly, we experience issues in Kolla Ansible deployments because we
use wrong options in OpenStack configuration files. This is because
OpenStack services ignore unknown options. We also need to keep on top
of deprecated options that may be removed in the future. Integrating
oslo-config-validator into Kolla Ansible will greatly help.

Adds a shared role to run oslo-config-validator on each service. Takes
into account that services have multiple containers, and these may also
use multiple config files. Service roles are extended to use this shared
role. Executed with the new command ``kolla-ansible validate-config``.

Change-Id: Ic10b410fc115646d96d2ce39d9618e7c46cb3fbc
2022-12-21 17:19:09 +00:00

342 lines
16 KiB
YAML
Raw Blame History

---
ironic_services:
ironic-api:
container_name: ironic_api
group: ironic-api
enabled: true
image: "{{ ironic_api_image_full }}"
volumes: "{{ ironic_api_default_volumes + ironic_api_extra_volumes }}"
dimensions: "{{ ironic_api_dimensions }}"
healthcheck: "{{ ironic_api_healthcheck }}"
haproxy:
ironic_api:
enabled: "{{ enable_ironic }}"
mode: "http"
external: false
port: "{{ ironic_api_port }}"
listen_port: "{{ ironic_api_listen_port }}"
tls_backend: "{{ ironic_enable_tls_backend }}"
ironic_api_external:
enabled: "{{ enable_ironic }}"
mode: "http"
external: true
port: "{{ ironic_api_port }}"
listen_port: "{{ ironic_api_listen_port }}"
tls_backend: "{{ ironic_enable_tls_backend }}"
ironic-conductor:
container_name: ironic_conductor
group: ironic-conductor
enabled: true
image: "{{ ironic_conductor_image_full }}"
privileged: True
volumes: "{{ ironic_conductor_default_volumes + ironic_conductor_extra_volumes }}"
dimensions: "{{ ironic_conductor_dimensions }}"
healthcheck: "{{ ironic_conductor_healthcheck }}"
ironic-inspector:
container_name: ironic_inspector
group: ironic-inspector
enabled: true
image: "{{ ironic_inspector_image_full }}"
privileged: True
volumes: "{{ ironic_inspector_default_volumes + ironic_inspector_extra_volumes }}"
dimensions: "{{ ironic_inspector_dimensions }}"
healthcheck: "{{ ironic_inspector_healthcheck }}"
haproxy:
ironic_inspector:
enabled: "{{ enable_ironic }}"
mode: "http"
external: false
port: "{{ ironic_inspector_port }}"
listen_port: "{{ ironic_inspector_listen_port }}"
ironic_inspector_external:
enabled: "{{ enable_ironic }}"
mode: "http"
external: true
port: "{{ ironic_inspector_port }}"
listen_port: "{{ ironic_inspector_listen_port }}"
ironic-tftp:
container_name: ironic_tftp
group: ironic-tftp
enabled: true
image: "{{ ironic_pxe_image_full }}"
environment:
TFTPBOOT_PATH: /var/lib/ironic/tftpboot
HTTPBOOT_PATH: /var/lib/ironic/httpboot
volumes: "{{ ironic_tftp_default_volumes + ironic_tftp_extra_volumes }}"
dimensions: "{{ ironic_tftp_dimensions }}"
ironic-http:
container_name: ironic_http
group: ironic-http
# NOTE(mgoddard): This container is always enabled, since may be used by
# the direct deploy driver.
enabled: true
image: "{{ ironic_pxe_image_full }}"
volumes: "{{ ironic_http_default_volumes + ironic_http_extra_volumes }}"
dimensions: "{{ ironic_http_dimensions }}"
healthcheck: "{{ ironic_http_healthcheck }}"
ironic-dnsmasq:
container_name: ironic_dnsmasq
group: ironic-inspector
enabled: true
cap_add:
- NET_ADMIN
image: "{{ ironic_dnsmasq_image_full }}"
volumes: "{{ ironic_dnsmasq_default_volumes + ironic_dnsmasq_extra_volumes }}"
dimensions: "{{ ironic_dnsmasq_dimensions }}"
####################
# Config Validate
####################
ironic_config_validation:
- generator: "/ironic/tools/config/ironic-config-generator.conf"
config: "/etc/ironic/ironic.conf"
####################
# Database
####################
ironic_database_name: "ironic"
ironic_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic{% endif %}"
ironic_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
ironic_inspector_database_name: "ironic_inspector"
ironic_inspector_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic_inspector{% endif %}"
ironic_inspector_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
####################
# Database sharding
####################
ironic_database_shard_root_user: "{% if enable_proxysql | bool %}root_shard_{{ ironic_database_shard_id }}{% else %}{{ database_user }}{% endif %}"
ironic_database_shard:
users:
- user: "{{ ironic_database_user }}"
password: "{{ ironic_database_password }}"
- user: "{{ ironic_inspector_database_user }}"
password: "{{ ironic_inspector_database_password }}"
rules:
- schema: "{{ ironic_database_name }}"
shard_id: "{{ ironic_database_shard_id }}"
- schema: "{{ ironic_inspector_database_name }}"
shard_id: "{{ ironic_database_shard_id }}"
####################
# Docker
####################
ironic_tag: "{{ openstack_tag }}"
ironic_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/ironic-api"
ironic_api_tag: "{{ ironic_tag }}"
ironic_api_image_full: "{{ ironic_api_image }}:{{ ironic_api_tag }}"
ironic_conductor_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/ironic-conductor"
ironic_conductor_tag: "{{ ironic_tag }}"
ironic_conductor_image_full: "{{ ironic_conductor_image }}:{{ ironic_conductor_tag }}"
ironic_pxe_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/ironic-pxe"
ironic_pxe_tag: "{{ ironic_tag }}"
ironic_pxe_image_full: "{{ ironic_pxe_image }}:{{ ironic_pxe_tag }}"
ironic_inspector_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/ironic-inspector"
ironic_inspector_tag: "{{ ironic_tag }}"
ironic_inspector_image_full: "{{ ironic_inspector_image }}:{{ ironic_inspector_tag }}"
ironic_dnsmasq_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/dnsmasq"
ironic_dnsmasq_tag: "{{ ironic_tag }}"
ironic_dnsmasq_image_full: "{{ ironic_dnsmasq_image }}:{{ ironic_dnsmasq_tag }}"
ironic_api_dimensions: "{{ default_container_dimensions }}"
ironic_conductor_dimensions: "{{ default_container_dimensions }}"
ironic_tftp_dimensions: "{{ default_container_dimensions }}"
ironic_http_dimensions: "{{ default_container_dimensions }}"
ironic_inspector_dimensions: "{{ default_container_dimensions }}"
ironic_dnsmasq_dimensions: "{{ default_container_dimensions }}"
ironic_api_enable_healthchecks: "{{ enable_container_healthchecks }}"
ironic_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
ironic_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
ironic_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
ironic_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl {{ 'https' if ironic_enable_tls_backend | bool else 'http' }}://{{ api_interface_address | put_address_in_context('url') }}:{{ ironic_api_listen_port }}"]
ironic_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
ironic_api_healthcheck:
interval: "{{ ironic_api_healthcheck_interval }}"
retries: "{{ ironic_api_healthcheck_retries }}"
start_period: "{{ ironic_api_healthcheck_start_period }}"
test: "{% if ironic_api_enable_healthchecks | bool %}{{ ironic_api_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ ironic_api_healthcheck_timeout }}"
ironic_conductor_enable_healthchecks: "{{ enable_container_healthchecks }}"
ironic_conductor_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
ironic_conductor_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
ironic_conductor_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
ironic_conductor_healthcheck_test: ["CMD-SHELL", "healthcheck_port ironic-conductor {{ om_rpc_port }}"]
ironic_conductor_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
ironic_conductor_healthcheck:
interval: "{{ ironic_conductor_healthcheck_interval }}"
retries: "{{ ironic_conductor_healthcheck_retries }}"
start_period: "{{ ironic_conductor_healthcheck_start_period }}"
test: "{% if ironic_conductor_enable_healthchecks | bool %}{{ ironic_conductor_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ ironic_conductor_healthcheck_timeout }}"
ironic_inspector_enable_healthchecks: "{{ enable_container_healthchecks }}"
ironic_inspector_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
ironic_inspector_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
ironic_inspector_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
ironic_inspector_healthcheck_test: ["CMD-SHELL", "healthcheck_port ironic-inspector {{ om_rpc_port }}"]
ironic_inspector_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
ironic_inspector_healthcheck:
interval: "{{ ironic_inspector_healthcheck_interval }}"
retries: "{{ ironic_inspector_healthcheck_retries }}"
start_period: "{{ ironic_inspector_healthcheck_start_period }}"
test: "{% if ironic_inspector_enable_healthchecks | bool %}{{ ironic_inspector_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ ironic_inspector_healthcheck_timeout }}"
ironic_http_enable_healthchecks: "{{ enable_container_healthchecks }}"
ironic_http_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
ironic_http_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
ironic_http_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
ironic_http_healthcheck_test: ["CMD-SHELL", "healthcheck_listen {% if kolla_base_distro in ['debian', 'ubuntu'] %}apache2{% else %}httpd{% endif %} {{ ironic_http_port }}"]
ironic_http_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
ironic_http_healthcheck:
interval: "{{ ironic_http_healthcheck_interval }}"
retries: "{{ ironic_http_healthcheck_retries }}"
start_period: "{{ ironic_http_healthcheck_start_period }}"
test: "{% if ironic_http_enable_healthchecks | bool %}{{ ironic_http_healthcheck_test }}{% else %}NONE{% endif %}"
timeout: "{{ ironic_http_healthcheck_timeout }}"
ironic_api_default_volumes:
- "{{ node_config_directory }}/ironic-api/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla"
- "{{ kolla_dev_repos_directory ~ '/ironic/ironic:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/ironic' if ironic_dev_mode | bool else '' }}"
ironic_conductor_default_volumes:
- "{{ node_config_directory }}/ironic-conductor/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "/lib/modules:/lib/modules:ro"
- "/sys:/sys"
- "/dev:/dev"
- "/run:/run:shared"
- "kolla_logs:/var/log/kolla"
- "ironic:/var/lib/ironic"
- "{{ kolla_dev_repos_directory ~ '/ironic/ironic:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/ironic' if ironic_dev_mode | bool else '' }}"
ironic_tftp_default_volumes:
- "{{ node_config_directory }}/ironic-tftp/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "ironic:/var/lib/ironic"
- "kolla_logs:/var/log/kolla"
ironic_http_default_volumes:
- "{{ node_config_directory }}/ironic-http/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "ironic:/var/lib/ironic"
- "kolla_logs:/var/log/kolla"
ironic_inspector_default_volumes:
- "{{ node_config_directory }}/ironic-inspector/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla"
- "ironic_inspector_dhcp_hosts:/var/lib/ironic-inspector/dhcp-hostsdir"
- "{{ kolla_dev_repos_directory ~ '/ironic-inspector/ironic_inspector:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/ironic_inspector' if ironic_dev_mode | bool else '' }}"
ironic_dnsmasq_default_volumes:
- "{{ node_config_directory }}/ironic-dnsmasq/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "kolla_logs:/var/log/kolla"
- "ironic_inspector_dhcp_hosts:/etc/dnsmasq/dhcp-hostsdir:ro"
ironic_extra_volumes: "{{ default_extra_volumes }}"
ironic_api_extra_volumes: "{{ ironic_extra_volumes }}"
ironic_conductor_extra_volumes: "{{ ironic_extra_volumes }}"
ironic_tftp_extra_volumes: "{{ ironic_extra_volumes }}"
ironic_http_extra_volumes: "{{ ironic_extra_volumes }}"
ironic_inspector_extra_volumes: "{{ ironic_extra_volumes }}"
ironic_dnsmasq_extra_volumes: "{{ ironic_extra_volumes }}"
####################
# OpenStack
####################
ironic_inspector_keystone_user: "ironic-inspector"
ironic_inspector_internal_endpoint: "{{ internal_protocol }}://{{ ironic_inspector_internal_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}"
ironic_inspector_public_endpoint: "{{ public_protocol }}://{{ ironic_inspector_external_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}"
ironic_logging_debug: "{{ openstack_logging_debug }}"
openstack_ironic_auth: "{{ openstack_auth }}"
openstack_ironic_inspector_auth: "{{ openstack_auth }}"
ironic_api_workers: "{{ openstack_service_workers }}"
#########
# Ironic
#########
ironic_dnsmasq_interface: "{{ api_interface }}"
ironic_dnsmasq_dhcp_ranges:
ironic_dnsmasq_dhcp_default_lease_time: "10m"
ironic_dnsmasq_serve_ipxe: true
ironic_dnsmasq_boot_file: "{% if ironic_dnsmasq_serve_ipxe | bool %}undionly.kpxe{% else %}pxelinux.0{% endif %}"
ironic_dnsmasq_uefi_ipxe_boot_file: "snponly.efi"
ironic_cleaning_network:
ironic_console_serial_speed: "115200n8"
ironic_http_url: "http://{{ ironic_http_interface_address | put_address_in_context('url') }}:{{ ironic_http_port }}"
ironic_enable_rolling_upgrade: "yes"
ironic_upgrade_skip_wait_check: false
ironic_inspector_kernel_cmdline_extras: []
ironic_inspector_pxe_filter: "{% if enable_neutron | bool %}dnsmasq{% else %}noop{% endif %}"
####################
## Kolla
#####################
ironic_inspector_git_repository: "{{ kolla_dev_repos_git }}/ironic-inspector"
ironic_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
ironic_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
ironic_dev_mode: "{{ kolla_dev_mode }}"
ironic_source_version: "{{ kolla_source_version }}"
####################
# Notifications
####################
ironic_notification_topics:
- name: notifications
enabled: "{{ enable_ceilometer | bool }}"
ironic_enabled_notification_topics: "{{ ironic_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
ironic_enable_keystone_integration: "{{ enable_keystone | bool }}"
ironic_ks_services:
- name: "ironic"
type: "baremetal"
description: "Ironic baremetal provisioning service"
endpoints:
- {'interface': 'internal', 'url': '{{ ironic_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ ironic_public_endpoint }}'}
- name: "ironic-inspector"
type: "baremetal-introspection"
description: "Ironic Inspector baremetal introspection service"
endpoints:
- {'interface': 'internal', 'url': '{{ ironic_inspector_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ ironic_inspector_public_endpoint }}'}
ironic_ks_users:
- project: "service"
user: "{{ ironic_keystone_user }}"
password: "{{ ironic_keystone_password }}"
role: "admin"
- project: "service"
user: "{{ ironic_inspector_keystone_user }}"
password: "{{ ironic_inspector_keystone_password }}"
role: "admin"
####################
# TLS
####################
ironic_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
View Git Blame Copy Permalink