86e83faeb1
With Docker CE, the daemon sets the default policy of the iptables FORWARD chain to DROP. This causes problems for provisioning bare metal servers when ironic inspector is used with the 'iptables' PXE filter. It's not entirely clear why these two things interact in this way, but switching to the 'dnsmasq' filter works around the issue, and is probably a good move anyway because it is more efficient. We have added a migration task here to flush and remove the ironic-inspector iptables chain since inspector does not do this itself currently. Change-Id: Iceed5a096819203eb2b92466d39575d3adf8e218 Closes-Bug: #1823044
199 lines
8.3 KiB
YAML
199 lines
8.3 KiB
YAML
---
|
|
project_name: "ironic"
|
|
|
|
ironic_services:
|
|
ironic-api:
|
|
container_name: ironic_api
|
|
group: ironic-api
|
|
enabled: true
|
|
image: "{{ ironic_api_image_full }}"
|
|
volumes:
|
|
- "{{ node_config_directory }}/ironic-api/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "kolla_logs:/var/log/kolla"
|
|
- "{{ kolla_dev_repos_directory ~ '/ironic/ironic:/var/lib/kolla/venv/lib/python2.7/site-packages/ironic' if ironic_dev_mode | bool else '' }}"
|
|
dimensions: "{{ ironic_api_dimensions }}"
|
|
haproxy:
|
|
ironic_api:
|
|
enabled: "{{ enable_ironic }}"
|
|
mode: "http"
|
|
external: false
|
|
port: "{{ ironic_api_port }}"
|
|
listen_port: "{{ ironic_api_listen_port }}"
|
|
ironic_api_external:
|
|
enabled: "{{ enable_ironic }}"
|
|
mode: "http"
|
|
external: true
|
|
port: "{{ ironic_api_port }}"
|
|
listen_port: "{{ ironic_api_listen_port }}"
|
|
ironic-conductor:
|
|
container_name: ironic_conductor
|
|
group: ironic-conductor
|
|
enabled: true
|
|
image: "{{ ironic_conductor_image_full }}"
|
|
privileged: True
|
|
volumes:
|
|
- "{{ node_config_directory }}/ironic-conductor/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "/lib/modules:/lib/modules:ro"
|
|
- "/sys:/sys"
|
|
- "/dev:/dev"
|
|
- "/run:/run:shared"
|
|
- "kolla_logs:/var/log/kolla"
|
|
- "ironic:/var/lib/ironic"
|
|
- "ironic_pxe:/tftpboot/"
|
|
- "ironic_ipxe:/httpboot/"
|
|
- "{{ kolla_dev_repos_directory ~ '/ironic/ironic:/var/lib/kolla/venv/lib/python2.7/site-packages/ironic' if ironic_dev_mode | bool else '' }}"
|
|
dimensions: "{{ ironic_conductor_dimensions }}"
|
|
ironic-inspector:
|
|
container_name: ironic_inspector
|
|
group: ironic-inspector
|
|
enabled: true
|
|
image: "{{ ironic_inspector_image_full }}"
|
|
privileged: True
|
|
volumes:
|
|
- "{{ node_config_directory }}/ironic-inspector/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "kolla_logs:/var/log/kolla"
|
|
- "ironic_inspector_dhcp_hosts:/var/lib/ironic-inspector/dhcp-hostsdir"
|
|
- "{{ kolla_dev_repos_directory ~ '/ironic-inspector/ironic_inspector:/var/lib/kolla/venv/lib/python2.7/site-packages/ironic_inspector' if ironic_dev_mode | bool else '' }}"
|
|
dimensions: "{{ ironic_inspector_dimensions }}"
|
|
haproxy:
|
|
ironic_inspector:
|
|
enabled: "{{ enable_ironic }}"
|
|
mode: "http"
|
|
external: false
|
|
port: "{{ ironic_inspector_port }}"
|
|
listen_port: "{{ ironic_inspector_listen_port }}"
|
|
ironic_inspector_external:
|
|
enabled: "{{ enable_ironic }}"
|
|
mode: "http"
|
|
external: true
|
|
port: "{{ ironic_inspector_port }}"
|
|
listen_port: "{{ ironic_inspector_listen_port }}"
|
|
ironic-pxe:
|
|
container_name: ironic_pxe
|
|
group: ironic-pxe
|
|
enabled: true
|
|
image: "{{ ironic_pxe_image_full }}"
|
|
volumes:
|
|
- "{{ node_config_directory }}/ironic-pxe/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "ironic_pxe:/tftpboot/"
|
|
- "kolla_logs:/var/log/kolla"
|
|
dimensions: "{{ ironic_pxe_dimensions }}"
|
|
ironic-ipxe:
|
|
container_name: ironic_ipxe
|
|
group: ironic-ipxe
|
|
enabled: "{{ enable_ironic_ipxe | bool }}"
|
|
image: "{{ ironic_pxe_image_full }}"
|
|
volumes:
|
|
- "{{ node_config_directory }}/ironic-ipxe/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "ironic_ipxe:/httpboot/"
|
|
- "kolla_logs:/var/log/kolla"
|
|
dimensions: "{{ ironic_ipxe_dimensions }}"
|
|
ironic-dnsmasq:
|
|
container_name: ironic_dnsmasq
|
|
group: ironic-inspector
|
|
enabled: true
|
|
cap_add:
|
|
- NET_ADMIN
|
|
image: "{{ ironic_dnsmasq_image_full }}"
|
|
volumes:
|
|
- "{{ node_config_directory }}/ironic-dnsmasq/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "kolla_logs:/var/log/kolla"
|
|
- "ironic_inspector_dhcp_hosts:/etc/dnsmasq/dhcp-hostsdir:ro"
|
|
dimensions: "{{ ironic_dnsmasq_dimensions }}"
|
|
|
|
|
|
####################
|
|
# Database
|
|
####################
|
|
ironic_database_name: "ironic"
|
|
ironic_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic{% endif %}"
|
|
ironic_database_address: "{{ database_address }}:{{ database_port }}"
|
|
|
|
ironic_inspector_database_name: "ironic_inspector"
|
|
ironic_inspector_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic_inspector{% endif %}"
|
|
ironic_inspector_database_address: "{{ database_address }}:{{ database_port }}"
|
|
|
|
|
|
####################
|
|
# Docker
|
|
####################
|
|
ironic_install_type: "{{ kolla_install_type }}"
|
|
ironic_tag: "{{ openstack_release }}"
|
|
|
|
ironic_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ironic_install_type }}-ironic-api"
|
|
ironic_api_tag: "{{ ironic_tag }}"
|
|
ironic_api_image_full: "{{ ironic_api_image }}:{{ ironic_api_tag }}"
|
|
|
|
ironic_conductor_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ironic_install_type }}-ironic-conductor"
|
|
ironic_conductor_tag: "{{ ironic_tag }}"
|
|
ironic_conductor_image_full: "{{ ironic_conductor_image }}:{{ ironic_conductor_tag }}"
|
|
|
|
ironic_pxe_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ironic_install_type }}-ironic-pxe"
|
|
ironic_pxe_tag: "{{ ironic_tag }}"
|
|
ironic_pxe_image_full: "{{ ironic_pxe_image }}:{{ ironic_pxe_tag }}"
|
|
|
|
ironic_inspector_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ironic_install_type }}-ironic-inspector"
|
|
ironic_inspector_tag: "{{ ironic_tag }}"
|
|
ironic_inspector_image_full: "{{ ironic_inspector_image }}:{{ ironic_inspector_tag }}"
|
|
|
|
ironic_dnsmasq_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ironic_install_type }}-dnsmasq"
|
|
ironic_dnsmasq_tag: "{{ ironic_tag }}"
|
|
ironic_dnsmasq_image_full: "{{ ironic_dnsmasq_image }}:{{ ironic_dnsmasq_tag }}"
|
|
|
|
ironic_api_dimensions: "{{ default_container_dimensions }}"
|
|
ironic_conductor_dimensions: "{{ default_container_dimensions }}"
|
|
ironic_pxe_dimensions: "{{ default_container_dimensions }}"
|
|
ironic_ipxe_dimensions: "{{ default_container_dimensions }}"
|
|
ironic_inspector_dimensions: "{{ default_container_dimensions }}"
|
|
ironic_dnsmasq_dimensions: "{{ default_container_dimensions }}"
|
|
|
|
####################
|
|
# OpenStack
|
|
####################
|
|
ironic_inspector_keystone_user: "ironic-inspector"
|
|
|
|
ironic_admin_endpoint: "{{ admin_protocol }}://{{ ironic_internal_fqdn }}:{{ ironic_api_port }}"
|
|
ironic_internal_endpoint: "{{ internal_protocol }}://{{ ironic_internal_fqdn }}:{{ ironic_api_port }}"
|
|
ironic_public_endpoint: "{{ public_protocol }}://{{ ironic_external_fqdn }}:{{ ironic_api_port }}"
|
|
|
|
ironic_inspector_admin_endpoint: "{{ admin_protocol }}://{{ ironic_inspector_internal_fqdn }}:{{ ironic_inspector_port }}"
|
|
ironic_inspector_internal_endpoint: "{{ internal_protocol }}://{{ ironic_inspector_internal_fqdn }}:{{ ironic_inspector_port }}"
|
|
ironic_inspector_public_endpoint: "{{ public_protocol }}://{{ ironic_inspector_external_fqdn }}:{{ ironic_inspector_port }}"
|
|
|
|
ironic_logging_debug: "{{ openstack_logging_debug }}"
|
|
|
|
openstack_ironic_auth: "{{ openstack_auth }}"
|
|
|
|
openstack_ironic_inspector_auth: "{{ openstack_auth }}"
|
|
|
|
|
|
#########
|
|
# Ironic
|
|
#########
|
|
|
|
ironic_dnsmasq_interface: "{{ api_interface }}"
|
|
ironic_dnsmasq_dhcp_range:
|
|
ironic_dnsmasq_default_gateway:
|
|
ironic_dnsmasq_boot_file: "{% if enable_ironic_ipxe | bool %}undionly.kpxe{% else %}pxelinux.0{% endif %}"
|
|
ironic_cleaning_network:
|
|
ironic_console_serial_speed: "115200n8"
|
|
ironic_ipxe_url: http://{{ api_interface_address }}:{{ ironic_ipxe_port }}
|
|
ironic_enable_rolling_upgrade: "yes"
|
|
ironic_inspector_kernel_cmdline_extras: []
|
|
ironic_inspector_pxe_filter: "{% if enable_neutron | bool %}dnsmasq{% else %}none{% endif %}"
|
|
|
|
####################
|
|
## Kolla
|
|
#####################
|
|
ironic_inspector_git_repository: "{{ kolla_dev_repos_git }}/ironic-inspector"
|
|
ironic_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
|
|
ironic_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
|
|
ironic_dev_mode: "{{ kolla_dev_mode }}"
|
|
ironic_source_version: "{{ kolla_source_version }}"
|