Flavio Percoco bbe9d418ba Allow for running standalone Ironic w/o keystone
The Ironic templates and roles assume Keystone is enabled and they don't
make use of the `enable_keystone var. This patch changes the behavior so
that `noauth` is used as auth method for Ironic if keystone is not
enabled, the Ironic endpoint is not registered if keystone is not
enabled and the keystone section is not created in the config file.

Change-Id: I813de42d10ac264eec81076cb107b58af09ff686
2017-07-19 13:32:11 +02:00

94 lines
3.4 KiB
Django/Jinja

# NOTE(mgoddard): Ironic is changing the default value of [deploy]
# default_boot_option from 'netboot' to 'local'. If the option is not set,
# ironic will log a warning during the transition period. Even so,
# kolla-ansible should not set a value for this option as the warning is
# intended to inform operators of the impending change. The warning may be
# suppressed by the deployer by setting a value for the option.
[DEFAULT]
{% if not enable_keystone | bool %}
auth_strategy = noauth
admin_user = {{ openstack_auth.username }}
admin_password = {{ keystone_admin_password }}
{% endif %}
debug = {{ ironic_logging_debug }}
log_dir = /var/log/kolla/ironic
enabled_drivers = pxe_ipmitool,pxe_ssh
transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
{% if service_name == 'ironic-api' %}
[api]
host_ip = {{ api_interface_address }}
api_workers = {{ openstack_service_workers }}
{% endif %}
{% if service_name == 'ironic-conductor' %}
[conductor]
api_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}
{% endif %}
automated_clean=false
{% endif %}
[database]
connection = mysql+pymysql://{{ ironic_database_user }}:{{ ironic_database_password }}@{{ ironic_database_address }}/{{ ironic_database_name }}
max_retries = -1
{% if enable_keystone | bool %}
[keystone_authtoken]
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
{% endif %}
[glance]
glance_api_servers = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }}
[neutron]
url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }}
cleaning_network = {{ ironic_cleaning_network }}
[inspector]
enabled = true
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = {{ ironic_keystone_user }}
password = {{ ironic_keystone_password }}
[agent]
deploy_logs_local_path = /var/log/kolla/ironic
deploy_logs_storage_backend = local
deploy_logs_collect = always
[pxe]
pxe_append_params = nofb nomodeset vga=normal console=tty0 console=ttyS0,{{ ironic_console_serial_speed }}