openstack/tripleo-heat-templates
Code Issues Proposed changes

ironic/undercloud: align configuration with instack-undercloud

Browse Source 
Change-Id: Iaa266da1627ff877f86d7ef8f4709b834f931fde
This commit is contained in:
Emilien Macchi 2018-03-07 23:40:10 +01:00
parent 301a582234
commit 5513d94075
5 changed files with 45 additions and 10 deletions

4
environments/undercloud.yaml

@ -34,6 +34,8 @@ parameter_defaults:
HeatMaxResourcesPerStack: -1
HeatMaxJsonBodySize: 2097152
IronicCleaningDiskErase: 'metadata'
IronicCorsAllowedOrigin: '*'
IronicDefaultInspectInterface: 'inspector'
IronicDefaultResourceClass: 'baremetal'
IronicEnabledHardwareTypes: ['ipmi', 'redfish', 'idrac', 'ilo']
IronicEnabledBootInterfaces: ['pxe', 'ilo-pxe']
@ -54,6 +56,8 @@ parameter_defaults:
IronicEnabledVendorInterfaces: ['ipmitool', 'idrac', 'no-vendor']
IronicEnableStagingDrivers: true
IronicCleaningNetwork: 'ctlplane'
IronicForcePowerStateDuringSync: false
IronicInspectorCollectors: default,extra-hardware,numa-topology,logs
IronicInspectorInterface: br-ctlplane
IronicInspectorIpRange: '192.168.24.100,192.168.24.200'
IronicProvisioningNetwork: 'ctlplane'

18
puppet/services/ironic-api.yaml

@ -47,10 +47,18 @@ parameters:
e.g. { ironic-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
IronicCorsAllowedOrigin:
type: string
default: ''
description: Indicate whether this resource may be shared with the domain received in the request
"origin" header.
EnableInternalTLS:
type: boolean
default: false
conditions:
cors_allowed_origin_unset: {equals : [{get_param: IronicCorsAllowedOrigin}, '']}
resources:
ApacheServiceBase:
type: ./apache.yaml
@ -83,6 +91,11 @@ outputs:
map_merge:
- get_attr: [IronicBase, role_data, config_settings]
- get_attr: [ApacheServiceBase, role_data, config_settings]
-
if:
- cors_allowed_origin_unset
- {}
- ironic::cors::allowed_origin: {get_param: IronicCorsAllowedOrigin}
- ironic::api::authtoken::password: {get_param: IronicPassword}
ironic::api::authtoken::project_name: 'service'
ironic::api::authtoken::user_domain_name: 'Default'
@ -121,6 +134,11 @@ outputs:
params:
$NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::wsgi::apache::ssl: {get_param: EnableInternalTLS}
ironic::cors::max_age: 3600
ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
tripleo.ironic_api.firewall_rules:
'133 ironic api':
dport:

18
puppet/services/ironic-conductor.yaml

@ -67,6 +67,11 @@ parameters:
images). Set to 'netboot' to make the instances boot from
controllers using PXE/iPXE.
type: string
IronicDefaultInspectInterface:
default: ''
description: Inspect interface implementation to use by default. Leave empty to
use the hardware type default.
type: string
IronicDefaultNetworkInterface:
default: 'flat'
description: Network interface implementation to use by default.
@ -164,6 +169,10 @@ parameters:
created yet) and should be changed to an actual UUID in
a post-deployment stack update.
type: string
IronicForcePowerStateDuringSync:
default: true
description: Whether to force power state during sync.
type: boolean
MonitoringSubscriptionIronicConductor:
default: 'overcloud-ironic-conductor'
type: string
@ -182,6 +191,7 @@ resources:
IronicDebug: {get_param: IronicDebug}
conditions:
default_inspect_interface_unset: {equals : [{get_param: IronicDefaultInspectInterface}, '']}
service_debug:
or:
- equals: [{get_param: IronicDebug}, 'true']
@ -198,6 +208,11 @@ outputs:
config_settings:
map_merge:
- get_attr: [IronicBase, role_data, config_settings]
-
if:
- default_inspect_interface_unset
- {}
- ironic::drivers::interfaces::default_inspect_interface: {get_param: IronicDefaultInspectInterface}
- ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork}
@ -206,6 +221,7 @@ outputs:
ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
ironic::conductor::automated_clean: {get_param: IronicAutomatedClean}
ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes}
ironic::conductor::force_power_state_during_sync: {get_param: IronicForcePowerStateDuringSync}
# We need an endpoint containing a real IP, not a VIP here
ironic_conductor_http_host:
str_replace:
@ -249,6 +265,8 @@ outputs:
- service_debug
- 'always'
- 'on_failure'
# NOTE(emilien): ILO defaulting to UEFI does not match other drivers so bios is used.
ironic::drivers::ilo::default_boot_mode: 'bios'
ironic::drivers::interfaces::enabled_boot_interfaces: {get_param: IronicEnabledBootInterfaces}
ironic::drivers::interfaces::enabled_console_interfaces: {get_param: IronicEnabledConsoleInterfaces}
ironic::drivers::interfaces::enabled_deploy_interfaces: {get_param: IronicEnabledDeployInterfaces}

5
puppet/services/ironic-inspector.yaml

@ -135,6 +135,11 @@ outputs:
ironic::inspector::authtoken::project_name: 'service'
ironic::inspector::authtoken::user_domain_name: 'Default'
ironic::inspector::authtoken::project_domain_name: 'Default'
ironic::inspector::cors::allowed_origin: '*'
ironic::inspector::cors::max_age: 3600
ironic::inspector::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
ironic::inspector::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
ironic::inspector::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
tripleo.ironic_inspector.firewall_rules:
'137 ironic-inspector':
dport:

10
puppet/services/tripleo-ui.yaml

@ -65,16 +65,6 @@ outputs:
map_merge:
- get_attr: [ApacheServiceBase, role_data, config_settings]
- keystone::cors::allowed_origin: '*'
ironic::cors::allowed_origin: '*'
ironic::cors::max_age: 3600
ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
ironic::inspector::cors::allowed_origin: '*'
ironic::inspector::cors::max_age: 3600
ironic::inspector::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
ironic::inspector::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
ironic::inspector::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
heat::cors::allowed_origin: '*'
heat::cors::max_age: 3600
heat::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'