puppet/services/ironic-conductor.yaml

   1 heat_template_version: ocata
   2
   3 description: >
   4   OpenStack Ironic conductor configured with Puppet
   5
   6 parameters:
   7   ServiceNetMap:
   8     default: {}
   9     description: Mapping of service_name -> network name. Typically set
  10                  via parameter_defaults in the resource registry.  This
  11                  mapping overrides those in ServiceNetMapDefaults.
  12     type: json
  13   DefaultPasswords:
  14     default: {}
  15     type: json
  16   EndpointMap:
  17     default: {}
  18     description: Mapping of service endpoint -> protocol. Typically set
  19                  via parameter_defaults in the resource registry.
  20     type: json
  21   IronicCleaningDiskErase:
  22     default: 'full'
  23     description: Type of disk cleaning before and between deployments,
  24                  "full" for full cleaning, "metadata" to clean only disk
  25                  metadata (partition table).
  26     type: string
  27   IronicCleaningNetwork:
  28     default: 'provisioning'
  29     description: Name or UUID of the *overcloud* network used for cleaning
  30                  bare metal nodes. The default value of "provisioning" can be
  31                  left during the initial deployment (when no networks are
  32                  created yet) and should be changed to an actual UUID in
  33                  a post-deployment stack update.
  34     type: string
  35   IronicEnabledDrivers:
  36     default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo']
  37     description: Enabled Ironic drivers
  38     type: comma_delimited_list
  39   IronicIPXEEnabled:
  40     default: true
  41     description: Whether to use iPXE instead of PXE for deployment.
  42     type: boolean
  43   IronicIPXEPort:
  44     default: 8088
  45     description: Port to use for serving images when iPXE is used.
  46     type: string
  47   IronicPassword:
  48     description: The password for the Ironic service and db account, used by the Ironic services
  49     type: string
  50     hidden: true
  51   MonitoringSubscriptionIronicConductor:
  52     default: 'overcloud-ironic-conductor'
  53     type: string
  54
  55 resources:
  56   IronicBase:
  57     type: ./ironic-base.yaml
  58     properties:
  59       ServiceNetMap: {get_param: ServiceNetMap}
  60       DefaultPasswords: {get_param: DefaultPasswords}
  61       EndpointMap: {get_param: EndpointMap}
  62
  63 outputs:
  64   role_data:
  65     description: Role data for the Ironic conductor role.
  66     value:
  67       service_name: ironic_conductor
  68       monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor}
  69       config_settings:
  70         map_merge:
  71           - get_attr: [IronicBase, role_data, config_settings]
  72           - ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
  73             ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
  74             ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork}
  75             ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
  76             # We need an endpoint containing a real IP, not a VIP here
  77             ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
  78             ironic::conductor::http_url:
  79               list_join:
  80                 - ''
  81                 - - 'http://'
  82                   - "%{hiera('ironic_conductor_http_host')}:"
  83                   - {get_param: IronicIPXEPort}
  84             ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
  85             ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
  86             # NOTE: bind IP is found in Heat replacing the network name with the
  87             # local node IP for the given network; replacement examples
  88             # (eg. for internal_api):
  89             # internal_api -> IP
  90             # internal_api_uri -> [IP]
  91             # internal_api_subnet - > IP/CIDR
  92             ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]}
  93             # NOTE(dtantsur): UEFI only works with iPXE currently for us
  94             ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
  95             ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
  96             tripleo.ironic_conductor.firewall_rules:
  97               '134 ironic conductor TFTP':
  98                 dport: 69
  99                 proto: udp
 100               '135 ironic conductor HTTP':
 101                 dport: {get_param: IronicIPXEPort}
 102             # NOTE(dtantsur): the my_ip parameter is heavily overloaded in
 103             # ironic. It's used as a default value for e.g. TFTP server IP,
 104             # glance and neutron endpoints, virtual console IP. We override
 105             # the TFTP server IP in ironic-conductor.yaml as it should not be
 106             # the VIP, but rather a real IP of the host.
 107             ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
 108             ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
 109             # Credentials to access other services
 110             ironic::glance::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 111             ironic::glance::username: 'ironic'
 112             ironic::glance::password: {get_param: IronicPassword}
 113             ironic::glance::project_name: 'service'
 114             ironic::glance::user_domain_name: 'Default'
 115             ironic::glance::project_domain_name: 'Default'
 116             ironic::neutron::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 117             ironic::neutron::username: 'ironic'
 118             ironic::neutron::password: {get_param: IronicPassword}
 119             ironic::neutron::project_name: 'service'
 120             ironic::neutron::user_domain_name: 'Default'
 121             ironic::neutron::project_domain_name: 'Default'
 122             ironic::service_catalog::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 123             ironic::service_catalog::username: 'ironic'
 124             ironic::service_catalog::password: {get_param: IronicPassword}
 125             ironic::service_catalog::project_name: 'service'
 126             ironic::service_catalog::user_domain_name: 'Default'
 127             ironic::service_catalog::project_domain_name: 'Default'
 128             ironic::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 129             ironic::swift::username: 'ironic'
 130             ironic::swift::password: {get_param: IronicPassword}
 131             ironic::swift::project_name: 'service'
 132             ironic::swift::user_domain_name: 'Default'
 133             ironic::swift::project_domain_name: 'Default'
 134             # ironic-inspector support is not implemented, but let's configure
 135             # the credentials for consistency.
 136             ironic::drivers::inspector::enabled: false
 137             ironic::drivers::inspector::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 138             ironic::drivers::inspector::username: 'ironic'
 139             ironic::drivers::inspector::password: {get_param: IronicPassword}
 140             ironic::drivers::inspector::project_name: 'service'
 141             ironic::drivers::inspector::user_domain_name: 'Default'
 142             ironic::drivers::inspector::project_domain_name: 'Default'
 143       step_config: |
 144         include ::tripleo::profile::base::ironic::conductor
 145       upgrade_tasks:
 146         - name: Stop ironic_conductor service
 147           tags: step1
 148           service: name=openstack-ironic-conductor state=stopped