1 heat_template_version: ocata
4 OpenStack Ironic conductor configured with Puppet
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Mapping of service endpoint -> protocol. Typically set
19 via parameter_defaults in the resource registry.
21 IronicCleaningDiskErase:
23 description: Type of disk cleaning before and between deployments,
24 "full" for full cleaning, "metadata" to clean only disk
25 metadata (partition table).
27 IronicCleaningNetwork:
28 default: 'provisioning'
29 description: Name or UUID of the *overcloud* network used for cleaning
30 bare metal nodes. The default value of "provisioning" can be
31 left during the initial deployment (when no networks are
32 created yet) and should be changed to an actual UUID in
33 a post-deployment stack update.
36 default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo']
37 description: Enabled Ironic drivers
38 type: comma_delimited_list
41 description: Whether to use iPXE instead of PXE for deployment.
45 description: Port to use for serving images when iPXE is used.
48 description: The password for the Ironic service and db account, used by the Ironic services
51 MonitoringSubscriptionIronicConductor:
52 default: 'overcloud-ironic-conductor'
57 type: ./ironic-base.yaml
59 ServiceNetMap: {get_param: ServiceNetMap}
60 DefaultPasswords: {get_param: DefaultPasswords}
61 EndpointMap: {get_param: EndpointMap}
65 description: Role data for the Ironic conductor role.
67 service_name: ironic_conductor
68 monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor}
71 - get_attr: [IronicBase, role_data, config_settings]
72 - ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
73 ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
74 ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork}
75 ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
76 # We need an endpoint containing a real IP, not a VIP here
77 ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
78 ironic::conductor::http_url:
82 - "%{hiera('ironic_conductor_http_host')}:"
83 - {get_param: IronicIPXEPort}
84 ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
85 ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
86 # NOTE: bind IP is found in Heat replacing the network name with the
87 # local node IP for the given network; replacement examples
88 # (eg. for internal_api):
90 # internal_api_uri -> [IP]
91 # internal_api_subnet - > IP/CIDR
92 ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]}
93 # NOTE(dtantsur): UEFI only works with iPXE currently for us
94 ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
95 ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
96 tripleo.ironic_conductor.firewall_rules:
97 '134 ironic conductor TFTP':
100 '135 ironic conductor HTTP':
101 dport: {get_param: IronicIPXEPort}
102 # NOTE(dtantsur): the my_ip parameter is heavily overloaded in
103 # ironic. It's used as a default value for e.g. TFTP server IP,
104 # glance and neutron endpoints, virtual console IP. We override
105 # the TFTP server IP in ironic-conductor.yaml as it should not be
106 # the VIP, but rather a real IP of the host.
107 ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
108 ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
109 # Credentials to access other services
110 ironic::glance::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
111 ironic::glance::username: 'ironic'
112 ironic::glance::password: {get_param: IronicPassword}
113 ironic::glance::project_name: 'service'
114 ironic::glance::user_domain_name: 'Default'
115 ironic::glance::project_domain_name: 'Default'
116 ironic::neutron::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
117 ironic::neutron::username: 'ironic'
118 ironic::neutron::password: {get_param: IronicPassword}
119 ironic::neutron::project_name: 'service'
120 ironic::neutron::user_domain_name: 'Default'
121 ironic::neutron::project_domain_name: 'Default'
122 ironic::service_catalog::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
123 ironic::service_catalog::username: 'ironic'
124 ironic::service_catalog::password: {get_param: IronicPassword}
125 ironic::service_catalog::project_name: 'service'
126 ironic::service_catalog::user_domain_name: 'Default'
127 ironic::service_catalog::project_domain_name: 'Default'
128 ironic::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
129 ironic::swift::username: 'ironic'
130 ironic::swift::password: {get_param: IronicPassword}
131 ironic::swift::project_name: 'service'
132 ironic::swift::user_domain_name: 'Default'
133 ironic::swift::project_domain_name: 'Default'
134 # ironic-inspector support is not implemented, but let's configure
135 # the credentials for consistency.
136 ironic::drivers::inspector::enabled: false
137 ironic::drivers::inspector::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
138 ironic::drivers::inspector::username: 'ironic'
139 ironic::drivers::inspector::password: {get_param: IronicPassword}
140 ironic::drivers::inspector::project_name: 'service'
141 ironic::drivers::inspector::user_domain_name: 'Default'
142 ironic::drivers::inspector::project_domain_name: 'Default'
144 include ::tripleo::profile::base::ironic::conductor
146 - name: Stop ironic_conductor service
148 service: name=openstack-ironic-conductor state=stopped