1 heat_template_version: ocata
4 OpenStack Ironic Inspector configured with Puppet (EXPERIMENTAL)
9 description: Dictionary packing service data
13 description: Mapping of service_name -> network name. Typically set
14 via parameter_defaults in the resource registry. This
15 mapping overrides those in ServiceNetMapDefaults.
22 description: Role name on which the service is applied
26 description: Parameters specific to the role
30 description: Mapping of service endpoint -> protocol. Typically set
31 via parameter_defaults in the resource registry.
33 MonitoringSubscriptionIronicInspector:
34 default: 'overcloud-ironic-inspector'
39 description: Keystone region for endpoint
42 description: Set to True to enable debugging on all services.
44 IronicInspectorInterface:
47 Network interface on which inspection dnsmasq will listen. Should allow
48 access to untagged traffic from nodes booted for inspection. The default
49 value only makes sense if you don't modify any networking configuration.
51 IronicInspectorIPXEEnabled:
53 description: Whether to use iPXE for inspection.
55 IronicInspectorIpRange:
57 Temporary IP range that will be given to nodes during the inspection
58 process. This should not overlap with any range that Neutron's DHCP
59 gives away, but it has to be routeable back to ironic-inspector API.
60 This option has no meaningful defaults, and thus is required.
62 IronicInspectorUseSwift:
64 description: Whether to use Swift for storing introspection data.
68 description: Port to use for serving images when iPXE is used.
71 description: The password for the Ironic service and db account, used by the Ironic services
76 enable_ipxe: {equals : [{get_param: IronicInspectorIPXEEnabled}, true]}
77 use_swift: {equals : [{get_param: IronicInspectorUseSwift}, true]}
81 description: Role data for the Ironic Inspector role.
83 service_name: ironic_inspector
84 monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
87 - ironic::inspector::listen_address: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
88 ironic::inspector::dnsmasq_local_ip: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
89 ironic::inspector::dnsmasq_ip_range: {get_param: IronicInspectorIpRange}
90 ironic::inspector::dnsmasq_interface: {get_param: IronicInspectorInterface}
91 ironic::inspector::debug: {get_param: Debug}
92 ironic::inspector::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
93 ironic::inspector::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
94 ironic::inspector::authtoken::username: 'ironic'
95 ironic::inspector::authtoken::password: {get_param: IronicPassword}
96 ironic::inspector::authtoken::project_name: 'service'
97 ironic::inspector::authtoken::user_domain_name: 'Default'
98 ironic::inspector::authtoken::project_domain_name: 'Default'
99 tripleo.ironic_inspector.firewall_rules:
100 '137 ironic-inspector':
103 ironic::inspector::ironic_username: 'ironic'
104 ironic::inspector::ironic_password: {get_param: IronicPassword}
105 ironic::inspector::ironic_tenant_name: 'service'
106 ironic::inspector::ironic_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
107 ironic::inspector::ironic_max_retries: 6
108 ironic::inspector::ironic_retry_interval: 10
109 ironic::inspector::ironic_user_domain_name: 'Default'
110 ironic::inspector::ironic_project_domain_name: 'Default'
111 ironic::inspector::http_port: {get_param: IronicIPXEPort}
112 ironic::inspector::db::database_connection:
115 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
116 - '://ironic-inspector:'
117 - {get_param: IronicPassword}
119 - {get_param: [EndpointMap, MysqlInternal, host]}
120 - '/ironic-inspector'
121 - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
125 - ironic::inspector::pxe_transfer_protocol: 'http'
130 - ironic::inspector::store_data: 'swift'
131 ironic::inspector::swift_username: 'ironic'
132 ironic::inspector::swift_password: {get_param: IronicPassword}
133 ironic::inspector::swift_tenant_name: 'service'
134 ironic::inspector::swift_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
135 ironic::inspector::swift_user_domain_name: 'Default'
136 ironic::inspector::swift_project_domain_name: 'Default'
139 include ::tripleo::profile::base::ironic_inspector
140 service_config_settings:
142 ironic::keystone::auth_inspector::tenant: 'service'
143 ironic::keystone::auth_inspector::public_url: {get_param: [EndpointMap, IronicInspectorPublic, uri]}
144 ironic::keystone::auth_inspector::internal_url: {get_param: [EndpointMap, IronicInspectorInternal, uri]}
145 ironic::keystone::auth_inspector::admin_url: {get_param: [EndpointMap, IronicInspectorAdmin, uri]}
146 ironic::keystone::auth_inspector::password: {get_param: IronicPassword}
147 ironic::keystone::auth_inspector::region: {get_param: KeystoneRegion}
149 ironic::inspector::db::mysql::password: {get_param: IronicPassword}
150 ironic::inspector::db::mysql::user: ironic-inspector
151 ironic::inspector::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
152 ironic::inspector::db::mysql::dbname: ironic-inspector
153 ironic::inspector::db::mysql::allowed_hosts:
155 - "%{hiera('mysql_bind_host')}"