puppet/services/ironic-inspector.yaml

   1 heat_template_version: ocata
   2
   3 description: >
   4   OpenStack Ironic Inspector configured with Puppet (EXPERIMENTAL)
   5
   6 parameters:
   7   ServiceData:
   8     default: {}
   9     description: Dictionary packing service data
  10     type: json
  11   ServiceNetMap:
  12     default: {}
  13     description: Mapping of service_name -> network name. Typically set
  14                  via parameter_defaults in the resource registry.  This
  15                  mapping overrides those in ServiceNetMapDefaults.
  16     type: json
  17   DefaultPasswords:
  18     default: {}
  19     type: json
  20   RoleName:
  21     default: ''
  22     description: Role name on which the service is applied
  23     type: string
  24   RoleParameters:
  25     default: {}
  26     description: Parameters specific to the role
  27     type: json
  28   EndpointMap:
  29     default: {}
  30     description: Mapping of service endpoint -> protocol. Typically set
  31                  via parameter_defaults in the resource registry.
  32     type: json
  33   MonitoringSubscriptionIronicInspector:
  34     default: 'overcloud-ironic-inspector'
  35     type: string
  36   KeystoneRegion:
  37     type: string
  38     default: 'regionOne'
  39     description: Keystone region for endpoint
  40   Debug:
  41     default: ''
  42     description: Set to True to enable debugging on all services.
  43     type: string
  44   IronicInspectorInterface:
  45     default: br-ex
  46     description: |
  47       Network interface on which inspection dnsmasq will listen. Should allow
  48       access to untagged traffic from nodes booted for inspection. The default
  49       value only makes sense if you don't modify any networking configuration.
  50     type: string
  51   IronicInspectorIPXEEnabled:
  52     default: true
  53     description: Whether to use iPXE for inspection.
  54     type: boolean
  55   IronicInspectorIpRange:
  56     description: |
  57         Temporary IP range that will be given to nodes during the inspection
  58         process. This should not overlap with any range that Neutron's DHCP
  59         gives away, but it has to be routeable back to ironic-inspector API.
  60         This option has no meaningful defaults, and thus is required.
  61     type: string
  62   IronicInspectorUseSwift:
  63     default: true
  64     description: Whether to use Swift for storing introspection data.
  65     type: boolean
  66   IronicIPXEPort:
  67     default: 8088
  68     description: Port to use for serving images when iPXE is used.
  69     type: string
  70   IronicPassword:
  71     description: The password for the Ironic service and db account, used by the Ironic services
  72     type: string
  73     hidden: true
  74
  75 conditions:
  76   enable_ipxe: {equals : [{get_param: IronicInspectorIPXEEnabled}, true]}
  77   use_swift: {equals : [{get_param: IronicInspectorUseSwift}, true]}
  78
  79 outputs:
  80   role_data:
  81     description: Role data for the Ironic Inspector role.
  82     value:
  83       service_name: ironic_inspector
  84       monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
  85       config_settings:
  86         map_merge:
  87           - ironic::inspector::listen_address: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
  88             ironic::inspector::dnsmasq_local_ip: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
  89             ironic::inspector::dnsmasq_ip_range: {get_param: IronicInspectorIpRange}
  90             ironic::inspector::dnsmasq_interface: {get_param: IronicInspectorInterface}
  91             ironic::inspector::debug: {get_param: Debug}
  92             ironic::inspector::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
  93             ironic::inspector::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
  94             ironic::inspector::authtoken::username: 'ironic'
  95             ironic::inspector::authtoken::password: {get_param: IronicPassword}
  96             ironic::inspector::authtoken::project_name: 'service'
  97             ironic::inspector::authtoken::user_domain_name: 'Default'
  98             ironic::inspector::authtoken::project_domain_name: 'Default'
  99             tripleo.ironic_inspector.firewall_rules:
 100               '137 ironic-inspector':
 101                 dport:
 102                   - 5050
 103             ironic::inspector::ironic_username: 'ironic'
 104             ironic::inspector::ironic_password: {get_param: IronicPassword}
 105             ironic::inspector::ironic_tenant_name: 'service'
 106             ironic::inspector::ironic_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 107             ironic::inspector::ironic_max_retries: 6
 108             ironic::inspector::ironic_retry_interval: 10
 109             ironic::inspector::ironic_user_domain_name: 'Default'
 110             ironic::inspector::ironic_project_domain_name: 'Default'
 111             ironic::inspector::http_port: {get_param: IronicIPXEPort}
 112             ironic::inspector::db::database_connection:
 113               list_join:
 114                 - ''
 115                 - - {get_param: [EndpointMap, MysqlInternal, protocol]}
 116                   - '://ironic-inspector:'
 117                   - {get_param: IronicPassword}
 118                   - '@'
 119                   - {get_param: [EndpointMap, MysqlInternal, host]}
 120                   - '/ironic-inspector'
 121                   - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
 122           -
 123             if:
 124             - enable_ipxe
 125             - ironic::inspector::pxe_transfer_protocol: 'http'
 126             - {}
 127           -
 128             if:
 129             - use_swift
 130             - ironic::inspector::store_data: 'swift'
 131               ironic::inspector::swift_username: 'ironic'
 132               ironic::inspector::swift_password: {get_param: IronicPassword}
 133               ironic::inspector::swift_tenant_name: 'service'
 134               ironic::inspector::swift_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
 135               ironic::inspector::swift_user_domain_name: 'Default'
 136               ironic::inspector::swift_project_domain_name: 'Default'
 137             - {}
 138       step_config: |
 139         include ::tripleo::profile::base::ironic_inspector
 140       service_config_settings:
 141         keystone:
 142           ironic::keystone::auth_inspector::tenant: 'service'
 143           ironic::keystone::auth_inspector::public_url: {get_param: [EndpointMap, IronicInspectorPublic, uri]}
 144           ironic::keystone::auth_inspector::internal_url: {get_param: [EndpointMap, IronicInspectorInternal, uri]}
 145           ironic::keystone::auth_inspector::admin_url: {get_param: [EndpointMap, IronicInspectorAdmin, uri]}
 146           ironic::keystone::auth_inspector::password: {get_param: IronicPassword}
 147           ironic::keystone::auth_inspector::region: {get_param: KeystoneRegion}
 148         mysql:
 149           ironic::inspector::db::mysql::password: {get_param: IronicPassword}
 150           ironic::inspector::db::mysql::user: ironic-inspector
 151           ironic::inspector::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
 152           ironic::inspector::db::mysql::dbname: ironic-inspector
 153           ironic::inspector::db::mysql::allowed_hosts:
 154             - '%'
 155             - "%{hiera('mysql_bind_host')}"