puppet/services/ironic-conductor.yaml

   1 heat_template_version: pike
   2
   3 description: >
   4   OpenStack Ironic conductor configured with Puppet
   5
   6 parameters:
   7   ServiceData:
   8     default: {}
   9     description: Dictionary packing service data
  10     type: json
  11   ServiceNetMap:
  12     default: {}
  13     description: Mapping of service_name -> network name. Typically set
  14                  via parameter_defaults in the resource registry.  This
  15                  mapping overrides those in ServiceNetMapDefaults.
  16     type: json
  17   DefaultPasswords:
  18     default: {}
  19     type: json
  20   RoleName:
  21     default: ''
  22     description: Role name on which the service is applied
  23     type: string
  24   RoleParameters:
  25     default: {}
  26     description: Parameters specific to the role
  27     type: json
  28   EndpointMap:
  29     default: {}
  30     description: Mapping of service endpoint -> protocol. Typically set
  31                  via parameter_defaults in the resource registry.
  32     type: json
  33   IronicCleaningDiskErase:
  34     default: 'full'
  35     description: Type of disk cleaning before and between deployments,
  36                  "full" for full cleaning, "metadata" to clean only disk
  37                  metadata (partition table).
  38     type: string
  39   IronicCleaningNetwork:
  40     default: 'provisioning'
  41     description: Name or UUID of the *overcloud* network used for cleaning
  42                  bare metal nodes. The default value of "provisioning" can be
  43                  left during the initial deployment (when no networks are
  44                  created yet) and should be changed to an actual UUID in
  45                  a post-deployment stack update.
  46     type: string
  47   IronicDefaultBootOption:
  48     default: 'local'
  49     description: How to boot the bare metal instances. Set to 'local' (the
  50                  default) to use local bootloader (requires grub2 for partition
  51                  images). Set to 'netboot' to make the instances boot from
  52                  controllers using PXE/iPXE.
  53     type: string
  54   IronicDefaultNetworkInterface:
  55     default: 'flat'
  56     description: Network interface implementation to use by default.
  57                  Set to "flat" (the default) to use one flat provider network.
  58                  Set to "neutron" to make Ironic interact with the Neutron
  59                  ML2 driver to enable other network types and certain
  60                  advances networking features. Requires
  61                  IronicProvisioningNetwork to be correctly set.
  62     type: string
  63   IronicEnabledDrivers:
  64     default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo']
  65     description: Enabled Ironic drivers
  66     type: comma_delimited_list
  67   IronicEnabledHardwareTypes:
  68     default: ['ipmi', 'redfish']
  69     description: Enabled Ironic hardware types
  70     type: comma_delimited_list
  71   IronicEnabledManagementInterfaces:
  72     default: ['ipmitool', 'redfish']
  73     description: Enabled management interface implementations. Each hardware
  74                  type must have at least one valid implementation enabled.
  75     type: comma_delimited_list
  76   IronicEnabledPowerInterfaces:
  77     default: ['ipmitool', 'redfish']
  78     description: Enabled power interface implementations. Each hardware
  79                  type must have at least one valid implementation enabled.
  80     type: comma_delimited_list
  81   IronicIPXEEnabled:
  82     default: true
  83     description: Whether to use iPXE instead of PXE for deployment.
  84     type: boolean
  85   IronicIPXEPort:
  86     default: 8088
  87     description: Port to use for serving images when iPXE is used.
  88     type: string
  89   IronicPassword:
  90     description: The password for the Ironic service and db account, used by the Ironic services
  91     type: string
  92     hidden: true
  93   IronicProvisioningNetwork:
  94     default: 'provisioning'
  95     description: Name or UUID of the *overcloud* network used for provisioning
  96                  of bare metal nodes, if IronicDefaultNetworkInterface is
  97                  set to "neutron". The default value of "provisioning" can be
  98                  left during the initial deployment (when no networks are
  99                  created yet) and should be changed to an actual UUID in
 100                  a post-deployment stack update.
 101     type: string
 102   MonitoringSubscriptionIronicConductor:
 103     default: 'overcloud-ironic-conductor'
 104     type: string
 105
 106 resources:
 107   IronicBase:
 108     type: ./ironic-base.yaml
 109     properties:
 110       ServiceData: {get_param: ServiceData}
 111       ServiceNetMap: {get_param: ServiceNetMap}
 112       DefaultPasswords: {get_param: DefaultPasswords}
 113       EndpointMap: {get_param: EndpointMap}
 114       RoleName: {get_param: RoleName}
 115       RoleParameters: {get_param: RoleParameters}
 116
 117 outputs:
 118   role_data:
 119     description: Role data for the Ironic conductor role.
 120     value:
 121       service_name: ironic_conductor
 122       monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor}
 123       config_settings:
 124         map_merge:
 125           - get_attr: [IronicBase, role_data, config_settings]
 126           - ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
 127             ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
 128             ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork}
 129             ironic::conductor::provisioning_network: {get_param: IronicProvisioningNetwork}
 130             ironic::conductor::default_boot_option: {get_param: IronicDefaultBootOption}
 131             ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
 132             ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes}
 133             # We need an endpoint containing a real IP, not a VIP here
 134             ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
 135             ironic::conductor::http_url:
 136               list_join:
 137                 - ''
 138                 - - 'http://'
 139                   - "%{hiera('ironic_conductor_http_host')}:"
 140                   - {get_param: IronicIPXEPort}
 141             ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
 142             ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
 143             # NOTE: bind IP is found in Heat replacing the network name with the
 144             # local node IP for the given network; replacement examples
 145             # (eg. for internal_api):
 146             # internal_api -> IP
 147             # internal_api_uri -> [IP]
 148             # internal_api_subnet - > IP/CIDR
 149             ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]}
 150             # NOTE(dtantsur): UEFI only works with iPXE currently for us
 151             ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
 152             ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
 153             ironic::drivers::interfaces::enabled_console_interfaces: ['ipmitool-socat', 'no-console']
 154             ironic::drivers::interfaces::enabled_management_interfaces: {get_param: IronicEnabledManagementInterfaces}
 155             ironic::drivers::interfaces::enabled_network_interfaces: ['flat', 'neutron']
 156             ironic::drivers::interfaces::enabled_power_interfaces: {get_param: IronicEnabledPowerInterfaces}
 157             ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface}
 158             tripleo.ironic_conductor.firewall_rules:
 159               '134 ironic conductor TFTP':
 160                 dport: 69
 161                 proto: udp
 162               '135 ironic conductor HTTP':
 163                 dport: {get_param: IronicIPXEPort}
 164             # NOTE(dtantsur): the my_ip parameter is heavily overloaded in
 165             # ironic. It's used as a default value for e.g. TFTP server IP,
 166             # glance and neutron endpoints, virtual console IP. We override
 167             # the TFTP server IP in ironic-conductor.yaml as it should not be
 168             # the VIP, but rather a real IP of the host.
 169             ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
 170             ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
 171             # Credentials to access other services
 172             ironic::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 173             ironic::cinder::username: 'ironic'
 174             ironic::cinder::password: {get_param: IronicPassword}
 175             ironic::cinder::project_name: 'service'
 176             ironic::cinder::user_domain_name: 'Default'
 177             ironic::cinder::project_domain_name: 'Default'
 178             ironic::glance::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 179             ironic::glance::username: 'ironic'
 180             ironic::glance::password: {get_param: IronicPassword}
 181             ironic::glance::project_name: 'service'
 182             ironic::glance::user_domain_name: 'Default'
 183             ironic::glance::project_domain_name: 'Default'
 184             ironic::neutron::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 185             ironic::neutron::username: 'ironic'
 186             ironic::neutron::password: {get_param: IronicPassword}
 187             ironic::neutron::project_name: 'service'
 188             ironic::neutron::user_domain_name: 'Default'
 189             ironic::neutron::project_domain_name: 'Default'
 190             ironic::service_catalog::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 191             ironic::service_catalog::username: 'ironic'
 192             ironic::service_catalog::password: {get_param: IronicPassword}
 193             ironic::service_catalog::project_name: 'service'
 194             ironic::service_catalog::user_domain_name: 'Default'
 195             ironic::service_catalog::project_domain_name: 'Default'
 196             ironic::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 197             ironic::swift::username: 'ironic'
 198             ironic::swift::password: {get_param: IronicPassword}
 199             ironic::swift::project_name: 'service'
 200             ironic::swift::user_domain_name: 'Default'
 201             ironic::swift::project_domain_name: 'Default'
 202             # ironic-inspector support is not implemented, but let's configure
 203             # the credentials for consistency.
 204             ironic::drivers::inspector::enabled: false
 205             ironic::drivers::inspector::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 206             ironic::drivers::inspector::username: 'ironic'
 207             ironic::drivers::inspector::password: {get_param: IronicPassword}
 208             ironic::drivers::inspector::project_name: 'service'
 209             ironic::drivers::inspector::user_domain_name: 'Default'
 210             ironic::drivers::inspector::project_domain_name: 'Default'
 211       step_config: |
 212         include ::tripleo::profile::base::ironic::conductor
 213       upgrade_tasks:
 214         - name: Stop ironic_conductor service
 215           tags: step1
 216           service: name=openstack-ironic-conductor state=stopped