puppet/services/ironic-conductor.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   OpenStack Ironic conductor configured with Puppet
   5
   6 parameters:
   7   ServiceNetMap:
   8     default: {}
   9     description: Mapping of service_name -> network name. Typically set
  10                  via parameter_defaults in the resource registry.  This
  11                  mapping overrides those in ServiceNetMapDefaults.
  12     type: json
  13   DefaultPasswords:
  14     default: {}
  15     type: json
  16   RoleName:
  17     default: ''
  18     description: Role name on which the service is applied
  19     type: string
  20   RoleParameters:
  21     default: {}
  22     description: Parameters specific to the role
  23     type: json
  24   EndpointMap:
  25     default: {}
  26     description: Mapping of service endpoint -> protocol. Typically set
  27                  via parameter_defaults in the resource registry.
  28     type: json
  29   IronicCleaningDiskErase:
  30     default: 'full'
  31     description: Type of disk cleaning before and between deployments,
  32                  "full" for full cleaning, "metadata" to clean only disk
  33                  metadata (partition table).
  34     type: string
  35   IronicCleaningNetwork:
  36     default: 'provisioning'
  37     description: Name or UUID of the *overcloud* network used for cleaning
  38                  bare metal nodes. The default value of "provisioning" can be
  39                  left during the initial deployment (when no networks are
  40                  created yet) and should be changed to an actual UUID in
  41                  a post-deployment stack update.
  42     type: string
  43   IronicDefaultBootOption:
  44     default: 'local'
  45     description: How to boot the bare metal instances. Set to 'local' (the
  46                  default) to use local bootloader (requires grub2 for partition
  47                  images). Set to 'netboot' to make the instances boot from
  48                  controllers using PXE/iPXE.
  49     type: string
  50   IronicDefaultNetworkInterface:
  51     default: 'flat'
  52     description: Network interface implementation to use by default.
  53                  Set to "flat" (the default) to use one flat provider network.
  54                  Set to "neutron" to make Ironic interact with the Neutron
  55                  ML2 driver to enable other network types and certain
  56                  advances networking features. Requires
  57                  IronicProvisioningNetwork to be correctly set.
  58     type: string
  59   IronicEnabledDrivers:
  60     default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo']
  61     description: Enabled Ironic drivers
  62     type: comma_delimited_list
  63   IronicEnabledHardwareTypes:
  64     default: ['ipmi', 'redfish']
  65     description: Enabled Ironic hardware types
  66     type: comma_delimited_list
  67   IronicEnabledManagementInterfaces:
  68     default: ['ipmitool', 'redfish']
  69     description: Enabled management interface implementations. Each hardware
  70                  type must have at least one valid implementation enabled.
  71     type: comma_delimited_list
  72   IronicEnabledPowerInterfaces:
  73     default: ['ipmitool', 'redfish']
  74     description: Enabled power interface implementations. Each hardware
  75                  type must have at least one valid implementation enabled.
  76     type: comma_delimited_list
  77   IronicIPXEEnabled:
  78     default: true
  79     description: Whether to use iPXE instead of PXE for deployment.
  80     type: boolean
  81   IronicIPXEPort:
  82     default: 8088
  83     description: Port to use for serving images when iPXE is used.
  84     type: string
  85   IronicPassword:
  86     description: The password for the Ironic service and db account, used by the Ironic services
  87     type: string
  88     hidden: true
  89   IronicProvisioningNetwork:
  90     default: 'provisioning'
  91     description: Name or UUID of the *overcloud* network used for provisioning
  92                  of bare metal nodes, if IronicDefaultNetworkInterface is
  93                  set to "neutron". The default value of "provisioning" can be
  94                  left during the initial deployment (when no networks are
  95                  created yet) and should be changed to an actual UUID in
  96                  a post-deployment stack update.
  97     type: string
  98   MonitoringSubscriptionIronicConductor:
  99     default: 'overcloud-ironic-conductor'
 100     type: string
 101
 102 resources:
 103   IronicBase:
 104     type: ./ironic-base.yaml
 105     properties:
 106       ServiceNetMap: {get_param: ServiceNetMap}
 107       DefaultPasswords: {get_param: DefaultPasswords}
 108       EndpointMap: {get_param: EndpointMap}
 109       RoleName: {get_param: RoleName}
 110       RoleParameters: {get_param: RoleParameters}
 111
 112 outputs:
 113   role_data:
 114     description: Role data for the Ironic conductor role.
 115     value:
 116       service_name: ironic_conductor
 117       monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor}
 118       config_settings:
 119         map_merge:
 120           - get_attr: [IronicBase, role_data, config_settings]
 121           - ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
 122             ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
 123             ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork}
 124             ironic::conductor::provisioning_network: {get_param: IronicProvisioningNetwork}
 125             ironic::conductor::default_boot_option: {get_param: IronicDefaultBootOption}
 126             ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
 127             ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes}
 128             # We need an endpoint containing a real IP, not a VIP here
 129             ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
 130             ironic::conductor::http_url:
 131               list_join:
 132                 - ''
 133                 - - 'http://'
 134                   - "%{hiera('ironic_conductor_http_host')}:"
 135                   - {get_param: IronicIPXEPort}
 136             ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
 137             ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
 138             # NOTE: bind IP is found in Heat replacing the network name with the
 139             # local node IP for the given network; replacement examples
 140             # (eg. for internal_api):
 141             # internal_api -> IP
 142             # internal_api_uri -> [IP]
 143             # internal_api_subnet - > IP/CIDR
 144             ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]}
 145             # NOTE(dtantsur): UEFI only works with iPXE currently for us
 146             ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
 147             ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
 148             ironic::drivers::interfaces::enabled_console_interfaces: ['ipmitool-socat', 'no-console']
 149             ironic::drivers::interfaces::enabled_management_interfaces: {get_param: IronicEnabledManagementInterfaces}
 150             ironic::drivers::interfaces::enabled_network_interfaces: ['flat', 'neutron']
 151             ironic::drivers::interfaces::enabled_power_interfaces: {get_param: IronicEnabledPowerInterfaces}
 152             ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface}
 153             tripleo.ironic_conductor.firewall_rules:
 154               '134 ironic conductor TFTP':
 155                 dport: 69
 156                 proto: udp
 157               '135 ironic conductor HTTP':
 158                 dport: {get_param: IronicIPXEPort}
 159             # NOTE(dtantsur): the my_ip parameter is heavily overloaded in
 160             # ironic. It's used as a default value for e.g. TFTP server IP,
 161             # glance and neutron endpoints, virtual console IP. We override
 162             # the TFTP server IP in ironic-conductor.yaml as it should not be
 163             # the VIP, but rather a real IP of the host.
 164             ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
 165             ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
 166             # Credentials to access other services
 167             ironic::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 168             ironic::cinder::username: 'ironic'
 169             ironic::cinder::password: {get_param: IronicPassword}
 170             ironic::cinder::project_name: 'service'
 171             ironic::cinder::user_domain_name: 'Default'
 172             ironic::cinder::project_domain_name: 'Default'
 173             ironic::glance::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 174             ironic::glance::username: 'ironic'
 175             ironic::glance::password: {get_param: IronicPassword}
 176             ironic::glance::project_name: 'service'
 177             ironic::glance::user_domain_name: 'Default'
 178             ironic::glance::project_domain_name: 'Default'
 179             ironic::neutron::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 180             ironic::neutron::username: 'ironic'
 181             ironic::neutron::password: {get_param: IronicPassword}
 182             ironic::neutron::project_name: 'service'
 183             ironic::neutron::user_domain_name: 'Default'
 184             ironic::neutron::project_domain_name: 'Default'
 185             ironic::service_catalog::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 186             ironic::service_catalog::username: 'ironic'
 187             ironic::service_catalog::password: {get_param: IronicPassword}
 188             ironic::service_catalog::project_name: 'service'
 189             ironic::service_catalog::user_domain_name: 'Default'
 190             ironic::service_catalog::project_domain_name: 'Default'
 191             ironic::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 192             ironic::swift::username: 'ironic'
 193             ironic::swift::password: {get_param: IronicPassword}
 194             ironic::swift::project_name: 'service'
 195             ironic::swift::user_domain_name: 'Default'
 196             ironic::swift::project_domain_name: 'Default'
 197             # ironic-inspector support is not implemented, but let's configure
 198             # the credentials for consistency.
 199             ironic::drivers::inspector::enabled: false
 200             ironic::drivers::inspector::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 201             ironic::drivers::inspector::username: 'ironic'
 202             ironic::drivers::inspector::password: {get_param: IronicPassword}
 203             ironic::drivers::inspector::project_name: 'service'
 204             ironic::drivers::inspector::user_domain_name: 'Default'
 205             ironic::drivers::inspector::project_domain_name: 'Default'
 206       step_config: |
 207         include ::tripleo::profile::base::ironic::conductor
 208       upgrade_tasks:
 209         - name: Stop ironic_conductor service
 210           tags: step1
 211           service: name=openstack-ironic-conductor state=stopped