puppet/services/ironic-conductor.yaml

   1 heat_template_version: ocata
   2
   3 description: >
   4   OpenStack Ironic conductor configured with Puppet
   5
   6 parameters:
   7   ServiceNetMap:
   8     default: {}
   9     description: Mapping of service_name -> network name. Typically set
  10                  via parameter_defaults in the resource registry.  This
  11                  mapping overrides those in ServiceNetMapDefaults.
  12     type: json
  13   DefaultPasswords:
  14     default: {}
  15     type: json
  16   EndpointMap:
  17     default: {}
  18     description: Mapping of service endpoint -> protocol. Typically set
  19                  via parameter_defaults in the resource registry.
  20     type: json
  21   IronicCleaningDiskErase:
  22     default: 'full'
  23     description: Type of disk cleaning before and between deployments,
  24                  "full" for full cleaning, "metadata" to clean only disk
  25                  metadata (partition table).
  26     type: string
  27   IronicCleaningNetwork:
  28     default: 'provisioning'
  29     description: Name or UUID of the *overcloud* network used for cleaning
  30                  bare metal nodes. The default value of "provisioning" can be
  31                  left during the initial deployment (when no networks are
  32                  created yet) and should be changed to an actual UUID in
  33                  a post-deployment stack update.
  34     type: string
  35   IronicDefaultNetworkInterface:
  36     default: 'flat'
  37     description: Network interface implementation to use by default.
  38                  Set to "flat" (the default) to use one flat provider network.
  39                  Set to "neutron" to make Ironic interact with the Neutron
  40                  ML2 driver to enable other network types and certain
  41                  advances networking features. Requires
  42                  IronicProvisioningNetwork to be correctly set.
  43     type: string
  44   IronicEnabledDrivers:
  45     default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo']
  46     description: Enabled Ironic drivers
  47     type: comma_delimited_list
  48   IronicIPXEEnabled:
  49     default: true
  50     description: Whether to use iPXE instead of PXE for deployment.
  51     type: boolean
  52   IronicIPXEPort:
  53     default: 8088
  54     description: Port to use for serving images when iPXE is used.
  55     type: string
  56   IronicPassword:
  57     description: The password for the Ironic service and db account, used by the Ironic services
  58     type: string
  59     hidden: true
  60   IronicProvisioningNetwork:
  61     default: 'provisioning'
  62     description: Name or UUID of the *overcloud* network used for provisioning
  63                  of bare metal nodes, if IronicDefaultNetworkInterface is
  64                  set to "neutron". The default value of "provisioning" can be
  65                  left during the initial deployment (when no networks are
  66                  created yet) and should be changed to an actual UUID in
  67                  a post-deployment stack update.
  68     type: string
  69   MonitoringSubscriptionIronicConductor:
  70     default: 'overcloud-ironic-conductor'
  71     type: string
  72
  73 resources:
  74   IronicBase:
  75     type: ./ironic-base.yaml
  76     properties:
  77       ServiceNetMap: {get_param: ServiceNetMap}
  78       DefaultPasswords: {get_param: DefaultPasswords}
  79       EndpointMap: {get_param: EndpointMap}
  80
  81 outputs:
  82   role_data:
  83     description: Role data for the Ironic conductor role.
  84     value:
  85       service_name: ironic_conductor
  86       monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor}
  87       config_settings:
  88         map_merge:
  89           - get_attr: [IronicBase, role_data, config_settings]
  90           - ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
  91             ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
  92             ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork}
  93             ironic::conductor::provisioning_network: {get_param: IronicProvisioningNetwork}
  94             ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
  95             # We need an endpoint containing a real IP, not a VIP here
  96             ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
  97             ironic::conductor::http_url:
  98               list_join:
  99                 - ''
 100                 - - 'http://'
 101                   - "%{hiera('ironic_conductor_http_host')}:"
 102                   - {get_param: IronicIPXEPort}
 103             ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
 104             ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
 105             # NOTE: bind IP is found in Heat replacing the network name with the
 106             # local node IP for the given network; replacement examples
 107             # (eg. for internal_api):
 108             # internal_api -> IP
 109             # internal_api_uri -> [IP]
 110             # internal_api_subnet - > IP/CIDR
 111             ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]}
 112             # NOTE(dtantsur): UEFI only works with iPXE currently for us
 113             ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
 114             ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
 115             ironic::drivers::interfaces::enabled_network_interfaces: ['flat', 'neutron']
 116             ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface}
 117             tripleo.ironic_conductor.firewall_rules:
 118               '134 ironic conductor TFTP':
 119                 dport: 69
 120                 proto: udp
 121               '135 ironic conductor HTTP':
 122                 dport: {get_param: IronicIPXEPort}
 123             # NOTE(dtantsur): the my_ip parameter is heavily overloaded in
 124             # ironic. It's used as a default value for e.g. TFTP server IP,
 125             # glance and neutron endpoints, virtual console IP. We override
 126             # the TFTP server IP in ironic-conductor.yaml as it should not be
 127             # the VIP, but rather a real IP of the host.
 128             ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
 129             ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
 130             # Credentials to access other services
 131             ironic::glance::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 132             ironic::glance::username: 'ironic'
 133             ironic::glance::password: {get_param: IronicPassword}
 134             ironic::glance::project_name: 'service'
 135             ironic::glance::user_domain_name: 'Default'
 136             ironic::glance::project_domain_name: 'Default'
 137             ironic::neutron::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 138             ironic::neutron::username: 'ironic'
 139             ironic::neutron::password: {get_param: IronicPassword}
 140             ironic::neutron::project_name: 'service'
 141             ironic::neutron::user_domain_name: 'Default'
 142             ironic::neutron::project_domain_name: 'Default'
 143             ironic::service_catalog::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 144             ironic::service_catalog::username: 'ironic'
 145             ironic::service_catalog::password: {get_param: IronicPassword}
 146             ironic::service_catalog::project_name: 'service'
 147             ironic::service_catalog::user_domain_name: 'Default'
 148             ironic::service_catalog::project_domain_name: 'Default'
 149             ironic::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 150             ironic::swift::username: 'ironic'
 151             ironic::swift::password: {get_param: IronicPassword}
 152             ironic::swift::project_name: 'service'
 153             ironic::swift::user_domain_name: 'Default'
 154             ironic::swift::project_domain_name: 'Default'
 155             # ironic-inspector support is not implemented, but let's configure
 156             # the credentials for consistency.
 157             ironic::drivers::inspector::enabled: false
 158             ironic::drivers::inspector::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 159             ironic::drivers::inspector::username: 'ironic'
 160             ironic::drivers::inspector::password: {get_param: IronicPassword}
 161             ironic::drivers::inspector::project_name: 'service'
 162             ironic::drivers::inspector::user_domain_name: 'Default'
 163             ironic::drivers::inspector::project_domain_name: 'Default'
 164       step_config: |
 165         include ::tripleo::profile::base::ironic::conductor
 166       upgrade_tasks:
 167         - name: Stop ironic_conductor service
 168           tags: step1
 169           service: name=openstack-ironic-conductor state=stopped