1 heat_template_version: ocata
4 OpenStack Ironic Inspector configured with Puppet (EXPERIMENTAL)
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Role name on which the service is applied
22 description: Parameters specific to the role
26 description: Mapping of service endpoint -> protocol. Typically set
27 via parameter_defaults in the resource registry.
29 MonitoringSubscriptionIronicInspector:
30 default: 'overcloud-ironic-inspector'
35 description: Keystone region for endpoint
38 description: Set to True to enable debugging on all services.
40 IronicInspectorInterface:
43 Network interface on which inspection dnsmasq will listen. Should allow
44 access to untagged traffic from nodes booted for inspection. The default
45 value only makes sense if you don't modify any networking configuration.
47 IronicInspectorIPXEEnabled:
49 description: Whether to use iPXE for inspection.
51 IronicInspectorIpRange:
53 Temporary IP range that will be given to nodes during the inspection
54 process. This should not overlap with any range that Neutron's DHCP
55 gives away, but it has to be routeable back to ironic-inspector API.
56 This option has no meaningful defaults, and thus is required.
58 IronicInspectorUseSwift:
60 description: Whether to use Swift for storing introspection data.
64 description: Port to use for serving images when iPXE is used.
67 description: The password for the Ironic service and db account, used by the Ironic services
72 enable_ipxe: {equals : [{get_param: IronicInspectorIPXEEnabled}, true]}
73 use_swift: {equals : [{get_param: IronicInspectorUseSwift}, true]}
77 description: Role data for the Ironic Inspector role.
79 service_name: ironic_inspector
80 monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
83 - ironic::inspector::listen_address: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
84 ironic::inspector::dnsmasq_local_ip: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
85 ironic::inspector::dnsmasq_ip_range: {get_param: IronicInspectorIpRange}
86 ironic::inspector::dnsmasq_interface: {get_param: IronicInspectorInterface}
87 ironic::inspector::debug: {get_param: Debug}
88 ironic::inspector::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
89 ironic::inspector::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
90 ironic::inspector::authtoken::username: 'ironic'
91 ironic::inspector::authtoken::password: {get_param: IronicPassword}
92 ironic::inspector::authtoken::project_name: 'service'
93 ironic::inspector::authtoken::user_domain_name: 'Default'
94 ironic::inspector::authtoken::project_domain_name: 'Default'
95 tripleo.ironic_inspector.firewall_rules:
96 '137 ironic-inspector':
99 ironic::inspector::ironic_username: 'ironic'
100 ironic::inspector::ironic_password: {get_param: IronicPassword}
101 ironic::inspector::ironic_tenant_name: 'service'
102 ironic::inspector::ironic_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
103 ironic::inspector::ironic_max_retries: 6
104 ironic::inspector::ironic_retry_interval: 10
105 ironic::inspector::ironic_user_domain_name: 'Default'
106 ironic::inspector::ironic_project_domain_name: 'Default'
107 ironic::inspector::http_port: {get_param: IronicIPXEPort}
108 ironic::inspector::db::database_connection:
111 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
112 - '://ironic-inspector:'
113 - {get_param: IronicPassword}
115 - {get_param: [EndpointMap, MysqlInternal, host]}
116 - '/ironic-inspector'
117 - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
121 - ironic::inspector::pxe_transfer_protocol: 'http'
126 - ironic::inspector::store_data: 'swift'
127 ironic::inspector::swift_username: 'ironic'
128 ironic::inspector::swift_password: {get_param: IronicPassword}
129 ironic::inspector::swift_tenant_name: 'service'
130 ironic::inspector::swift_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
131 ironic::inspector::swift_user_domain_name: 'Default'
132 ironic::inspector::swift_project_domain_name: 'Default'
135 include ::tripleo::profile::base::ironic_inspector
136 service_config_settings:
138 ironic::keystone::auth_inspector::tenant: 'service'
139 ironic::keystone::auth_inspector::public_url: {get_param: [EndpointMap, IronicInspectorPublic, uri]}
140 ironic::keystone::auth_inspector::internal_url: {get_param: [EndpointMap, IronicInspectorInternal, uri]}
141 ironic::keystone::auth_inspector::admin_url: {get_param: [EndpointMap, IronicInspectorAdmin, uri]}
142 ironic::keystone::auth_inspector::password: {get_param: IronicPassword}
143 ironic::keystone::auth_inspector::region: {get_param: KeystoneRegion}
145 ironic::inspector::db::mysql::password: {get_param: IronicPassword}
146 ironic::inspector::db::mysql::user: ironic-inspector
147 ironic::inspector::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
148 ironic::inspector::db::mysql::dbname: ironic-inspector
149 ironic::inspector::db::mysql::allowed_hosts:
151 - "%{hiera('mysql_bind_host')}"