Code Review / apex-tripleo-heat-templates.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge "Add parameter Ec2ApiExternalNetwork for VPCs"
[apex-tripleo-heat-templates.git] / puppet / services / ironic-conductor.yaml
1 heat_template_version: ocata
2
3 description: >
4   OpenStack Ironic conductor configured with Puppet
5
6 parameters:
7   ServiceNetMap:
8     default: {}
9     description: Mapping of service_name -> network name. Typically set
10                  via parameter_defaults in the resource registry.  This
11                  mapping overrides those in ServiceNetMapDefaults.
12     type: json
13   DefaultPasswords:
14     default: {}
15     type: json
16   EndpointMap:
17     default: {}
18     description: Mapping of service endpoint -> protocol. Typically set
19                  via parameter_defaults in the resource registry.
20     type: json
21   IronicCleaningDiskErase:
22     default: 'full'
23     description: Type of disk cleaning before and between deployments,
24                  "full" for full cleaning, "metadata" to clean only disk
25                  metadata (partition table).
26     type: string
27   IronicCleaningNetwork:
28     default: 'provisioning'
29     description: Name or UUID of the *overcloud* network used for cleaning
30                  bare metal nodes. The default value of "provisioning" can be
31                  left during the initial deployment (when no networks are
32                  created yet) and should be changed to an actual UUID in
33                  a post-deployment stack update.
34     type: string
35   IronicDefaultBootOption:
36     default: 'local'
37     description: How to boot the bare metal instances. Set to 'local' (the
38                  default) to use local bootloader (requires grub2 for partition
39                  images). Set to 'netboot' to make the instances boot from
40                  controllers using PXE/iPXE.
41     type: string
42   IronicDefaultNetworkInterface:
43     default: 'flat'
44     description: Network interface implementation to use by default.
45                  Set to "flat" (the default) to use one flat provider network.
46                  Set to "neutron" to make Ironic interact with the Neutron
47                  ML2 driver to enable other network types and certain
48                  advances networking features. Requires
49                  IronicProvisioningNetwork to be correctly set.
50     type: string
51   IronicEnabledDrivers:
52     default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo']
53     description: Enabled Ironic drivers
54     type: comma_delimited_list
55   IronicEnabledHardwareTypes:
56     default: ['ipmi']
57     description: Enabled Ironic hardware types
58     type: comma_delimited_list
59   IronicIPXEEnabled:
60     default: true
61     description: Whether to use iPXE instead of PXE for deployment.
62     type: boolean
63   IronicIPXEPort:
64     default: 8088
65     description: Port to use for serving images when iPXE is used.
66     type: string
67   IronicPassword:
68     description: The password for the Ironic service and db account, used by the Ironic services
69     type: string
70     hidden: true
71   IronicProvisioningNetwork:
72     default: 'provisioning'
73     description: Name or UUID of the *overcloud* network used for provisioning
74                  of bare metal nodes, if IronicDefaultNetworkInterface is
75                  set to "neutron". The default value of "provisioning" can be
76                  left during the initial deployment (when no networks are
77                  created yet) and should be changed to an actual UUID in
78                  a post-deployment stack update.
79     type: string
80   MonitoringSubscriptionIronicConductor:
81     default: 'overcloud-ironic-conductor'
82     type: string
83
84 resources:
85   IronicBase:
86     type: ./ironic-base.yaml
87     properties:
88       ServiceNetMap: {get_param: ServiceNetMap}
89       DefaultPasswords: {get_param: DefaultPasswords}
90       EndpointMap: {get_param: EndpointMap}
91
92 outputs:
93   role_data:
94     description: Role data for the Ironic conductor role.
95     value:
96       service_name: ironic_conductor
97       monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor}
98       config_settings:
99         map_merge:
100           - get_attr: [IronicBase, role_data, config_settings]
101           - ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
102             ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
103             ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork}
104             ironic::conductor::provisioning_network: {get_param: IronicProvisioningNetwork}
105             ironic::conductor::default_boot_option: {get_param: IronicDefaultBootOption}
106             ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
107             ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes}
108             # We need an endpoint containing a real IP, not a VIP here
109             ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
110             ironic::conductor::http_url:
111               list_join:
112                 - ''
113                 - - 'http://'
114                   - "%{hiera('ironic_conductor_http_host')}:"
115                   - {get_param: IronicIPXEPort}
116             ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
117             ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
118             # NOTE: bind IP is found in Heat replacing the network name with the
119             # local node IP for the given network; replacement examples
120             # (eg. for internal_api):
121             # internal_api -> IP
122             # internal_api_uri -> [IP]
123             # internal_api_subnet - > IP/CIDR
124             ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]}
125             # NOTE(dtantsur): UEFI only works with iPXE currently for us
126             ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
127             ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
128             ironic::drivers::interfaces::enabled_console_interfaces: ['ipmitool-socat', 'no-console']
129             ironic::drivers::interfaces::enabled_network_interfaces: ['flat', 'neutron']
130             ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface}
131             tripleo.ironic_conductor.firewall_rules:
132               '134 ironic conductor TFTP':
133                 dport: 69
134                 proto: udp
135               '135 ironic conductor HTTP':
136                 dport: {get_param: IronicIPXEPort}
137             # NOTE(dtantsur): the my_ip parameter is heavily overloaded in
138             # ironic. It's used as a default value for e.g. TFTP server IP,
139             # glance and neutron endpoints, virtual console IP. We override
140             # the TFTP server IP in ironic-conductor.yaml as it should not be
141             # the VIP, but rather a real IP of the host.
142             ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
143             ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
144             # Credentials to access other services
145             ironic::glance::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
146             ironic::glance::username: 'ironic'
147             ironic::glance::password: {get_param: IronicPassword}
148             ironic::glance::project_name: 'service'
149             ironic::glance::user_domain_name: 'Default'
150             ironic::glance::project_domain_name: 'Default'
151             ironic::neutron::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
152             ironic::neutron::username: 'ironic'
153             ironic::neutron::password: {get_param: IronicPassword}
154             ironic::neutron::project_name: 'service'
155             ironic::neutron::user_domain_name: 'Default'
156             ironic::neutron::project_domain_name: 'Default'
157             ironic::service_catalog::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
158             ironic::service_catalog::username: 'ironic'
159             ironic::service_catalog::password: {get_param: IronicPassword}
160             ironic::service_catalog::project_name: 'service'
161             ironic::service_catalog::user_domain_name: 'Default'
162             ironic::service_catalog::project_domain_name: 'Default'
163             ironic::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
164             ironic::swift::username: 'ironic'
165             ironic::swift::password: {get_param: IronicPassword}
166             ironic::swift::project_name: 'service'
167             ironic::swift::user_domain_name: 'Default'
168             ironic::swift::project_domain_name: 'Default'
169             # ironic-inspector support is not implemented, but let's configure
170             # the credentials for consistency.
171             ironic::drivers::inspector::enabled: false
172             ironic::drivers::inspector::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
173             ironic::drivers::inspector::username: 'ironic'
174             ironic::drivers::inspector::password: {get_param: IronicPassword}
175             ironic::drivers::inspector::project_name: 'service'
176             ironic::drivers::inspector::user_domain_name: 'Default'
177             ironic::drivers::inspector::project_domain_name: 'Default'
178       step_config: |
179         include ::tripleo::profile::base::ironic::conductor
180       upgrade_tasks:
181         - name: Stop ironic_conductor service
182           tags: step1
183           service: name=openstack-ironic-conductor state=stopped