summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTiago Gomes <tiago.gomes@codethink.co.uk>2015-05-21 09:18:44 (GMT)
committerPedro Alvarez <pedro.alvarez@codethink.co.uk>2015-06-04 13:50:06 (GMT)
commit0575d1a0e5e4cd6768f894d6ccefbe9495ad4418 (patch)
treef7e612d9e79d458621ff99d220f40196e7d52a39
parent8e69093f4266af61c5de2ab045253ae3ac182c7e (diff)
downloaddefinitions-0575d1a0e5e4cd6768f894d6ccefbe9495ad4418.tar.gz
WIP Ironic: update configuration files to Kilo
This commit updates the Ironic's configuration files to be the factory versions for the Kilo release. Our custom configuration will be re-added in a following commit.
-rw-r--r--install-files/openstack/manifest1
-rw-r--r--install-files/openstack/usr/share/openstack/ironic/ironic.conf767
-rw-r--r--strata/openstack-services/ironic.morph15
3 files changed, 552 insertions, 231 deletions
diff --git a/install-files/openstack/manifest b/install-files/openstack/manifest
index ed88169..8a609d7 100644
--- a/install-files/openstack/manifest
+++ b/install-files/openstack/manifest
@@ -27,7 +27,6 @@ template 0100644 0 0 /etc/tempest/tempest.conf
0040755 0 0 /usr/share/openstack/ironic
0100644 0 0 /usr/share/openstack/ironic.yml
0100644 0 0 /usr/share/openstack/ironic/ironic.conf
-0100644 0 0 /usr/share/openstack/ironic/policy.json
0100644 0 0 /usr/share/openstack/iscsi.yml
0100644 0 0 /usr/share/openstack/keystone.yml
0040755 0 0 /usr/share/openstack/keystone
diff --git a/install-files/openstack/usr/share/openstack/ironic/ironic.conf b/install-files/openstack/usr/share/openstack/ironic/ironic.conf
index 75c62b8..ccf368f 100644
--- a/install-files/openstack/usr/share/openstack/ironic/ironic.conf
+++ b/install-files/openstack/usr/share/openstack/ironic/ironic.conf
@@ -4,129 +4,13 @@
# Options defined in oslo.messaging
#
-# Use durable queues in amqp. (boolean value)
-# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
-#amqp_durable_queues=false
-
-# Auto-delete queues in amqp. (boolean value)
-#amqp_auto_delete=false
-
-# Size of RPC connection pool. (integer value)
-#rpc_conn_pool_size=30
-
-# Qpid broker hostname. (string value)
-#qpid_hostname=localhost
-
-# Qpid broker port. (integer value)
-#qpid_port=5672
-
-# Qpid HA cluster host:port pairs. (list value)
-#qpid_hosts=$qpid_hostname:$qpid_port
-
-# Username for Qpid connection. (string value)
-#qpid_username=
-
-# Password for Qpid connection. (string value)
-#qpid_password=
-
-# Space separated list of SASL mechanisms to use for auth.
-# (string value)
-#qpid_sasl_mechanisms=
-
-# Seconds between connection keepalive heartbeats. (integer
-# value)
-#qpid_heartbeat=60
-
-# Transport to use, either 'tcp' or 'ssl'. (string value)
-#qpid_protocol=tcp
-
-# Whether to disable the Nagle algorithm. (boolean value)
-#qpid_tcp_nodelay=true
-
-# The number of prefetched messages held by receiver. (integer
-# value)
-#qpid_receiver_capacity=1
-
-# The qpid topology version to use. Version 1 is what was
-# originally used by impl_qpid. Version 2 includes some
-# backwards-incompatible changes that allow broker federation
-# to work. Users should update to version 2 when they are
-# able to take everything down, as it requires a clean break.
-# (integer value)
-#qpid_topology_version=1
-
-# SSL version to use (valid only if SSL enabled). valid values
-# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some
-# distributions. (string value)
-#kombu_ssl_version=
-
-# SSL key file (valid only if SSL enabled). (string value)
-#kombu_ssl_keyfile=
-
-# SSL cert file (valid only if SSL enabled). (string value)
-#kombu_ssl_certfile=
-
-# SSL certification authority file (valid only if SSL
-# enabled). (string value)
-#kombu_ssl_ca_certs=
-
-# How long to wait before reconnecting in response to an AMQP
-# consumer cancel notification. (floating point value)
-#kombu_reconnect_delay=1.0
-
-# The RabbitMQ broker address where a single node is used.
-# (string value)
-rabbit_host={{ RABBITMQ_HOST }}
-
-# The RabbitMQ broker port where a single node is used.
-# (integer value)
-rabbit_port={{ RABBITMQ_PORT }}
-
-# RabbitMQ HA cluster host:port pairs. (list value)
-#rabbit_hosts=$rabbit_host:$rabbit_port
-
-# Connect over SSL for RabbitMQ. (boolean value)
-#rabbit_use_ssl=false
-
-# The RabbitMQ userid. (string value)
-rabbit_userid={{ RABBITMQ_USER }}
-
-# The RabbitMQ password. (string value)
-rabbit_password={{ RABBITMQ_PASSWORD }}
-
-# the RabbitMQ login method (string value)
-#rabbit_login_method=AMQPLAIN
-
-# The RabbitMQ virtual host. (string value)
-#rabbit_virtual_host=/
-
-# How frequently to retry connecting with RabbitMQ. (integer
-# value)
-#rabbit_retry_interval=1
-
-# How long to backoff for between retries when connecting to
-# RabbitMQ. (integer value)
-#rabbit_retry_backoff=2
-
-# Maximum number of RabbitMQ connection retries. Default is 0
-# (infinite retry count). (integer value)
-#rabbit_max_retries=0
-
-# Use HA queues in RabbitMQ (x-ha-policy: all). If you change
-# this option, you must wipe the RabbitMQ database. (boolean
-# value)
-#rabbit_ha_queues=false
-
-# If passed, use a fake RabbitMQ provider. (boolean value)
-#fake_rabbit=false
-
# ZeroMQ bind address. Should be a wildcard (*), an ethernet
# interface, or IP. The "host" option should point or resolve
# to this address. (string value)
#rpc_zmq_bind_address=*
# MatchMaker driver. (string value)
-#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost
+#rpc_zmq_matchmaker=oslo_messaging._drivers.matchmaker.MatchMakerLocalhost
# ZeroMQ receiver listening port. (integer value)
#rpc_zmq_port=9501
@@ -156,7 +40,7 @@ rabbit_password={{ RABBITMQ_PASSWORD }}
# Heartbeat time-to-live. (integer value)
#matchmaker_heartbeat_ttl=600
-# Size of RPC greenthread pool. (integer value)
+# Size of RPC thread pool. (integer value)
#rpc_thread_pool_size=64
# Driver or drivers to handle sending notifications. (multi
@@ -190,10 +74,7 @@ rabbit_password={{ RABBITMQ_PASSWORD }}
#
# IP address of this host. (string value)
-my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
-
-# Use IPv6. (boolean value)
-#use_ipv6=false
+#my_ip=10.0.0.1
#
@@ -204,6 +85,10 @@ my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# (string value)
#auth_strategy=keystone
+# Enable pecan debug mode. WARNING: this is insecure and
+# should not be used in production. (boolean value)
+#pecan_debug=false
+
#
# Options defined in ironic.common.driver_factory
@@ -217,7 +102,7 @@ my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }}
# present on your system may be found by enumerating the
# "ironic.drivers" entrypoint. An example may be found in the
# developer documentation online. (list value)
-enabled_drivers=pxe_ipmitool,pxe_ssh
+#enabled_drivers=pxe_ipmitool
#
@@ -268,6 +153,9 @@ enabled_drivers=pxe_ipmitool,pxe_ssh
# value)
#isolinux_config_template=$pybasedir/common/isolinux_config.template
+# Template file for grub configuration file. (string value)
+#grub_config_template=$pybasedir/common/grub_conf.template
+
#
# Options defined in ironic.common.paths
@@ -287,18 +175,6 @@ enabled_drivers=pxe_ipmitool,pxe_ssh
#
-# Options defined in ironic.common.policy
-#
-
-# JSON file representing policy. (string value)
-#policy_file=policy.json
-
-# Rule checked when requested rule is not found. (string
-# value)
-#policy_default_rule=default
-
-
-#
# Options defined in ironic.common.service
#
@@ -351,17 +227,6 @@ enabled_drivers=pxe_ipmitool,pxe_ssh
#
-# Options defined in ironic.openstack.common.lockutils
-#
-
-# Enables or disables inter-process locks. (boolean value)
-#disable_process_locking=false
-
-# Directory to use for lock files. (string value)
-#lock_path=<None>
-
-
-#
# Options defined in ironic.openstack.common.log
#
@@ -393,7 +258,7 @@ enabled_drivers=pxe_ipmitool,pxe_ssh
#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s
# List of logger=LEVEL pairs. (list value)
-#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN
+#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN
# Enables or disables publication of error events. (boolean
# value)
@@ -442,7 +307,7 @@ enabled_drivers=pxe_ipmitool,pxe_ssh
# Use syslog for logging. Existing syslog format is DEPRECATED
# during I, and will change in J to honor RFC5424. (boolean
# value)
-use_syslog=True
+#use_syslog=false
# (Optional) Enables or disables syslog rfc5424 format for
# logging. If enabled, prefixes the MSG part of the syslog
@@ -464,6 +329,15 @@ use_syslog=True
#run_external_periodic_tasks=true
+#
+# Options defined in ironic.openstack.common.versionutils
+#
+
+# Enables or disables fatal status of deprecations. (boolean
+# value)
+#fatal_deprecations=false
+
+
[agent]
#
@@ -480,6 +354,22 @@ use_syslog=True
# Neutron bootfile DHCP parameter. (string value)
#agent_pxe_bootfile_name=pxelinux.0
+# Priority to run in-band erase devices via the Ironic Python
+# Agent ramdisk. If unset, will use the priority set in the
+# ramdisk (defaults to 10 for the GenericHardwareManager). If
+# set to 0, will not run during cleaning. (integer value)
+#agent_erase_devices_priority=<None>
+
+# Whether Ironic will manage TFTP files for the deploy
+# ramdisks. If set to False, you will need to configure your
+# own TFTP server that allows booting the deploy ramdisks.
+# (boolean value)
+#manage_tftp=true
+
+#
+# Options defined in ironic.drivers.modules.agent_base_vendor
+#
+
# Maximum interval (in seconds) for agent heartbeats. (integer
# value)
#heartbeat_timeout=300
@@ -494,6 +384,30 @@ use_syslog=True
#agent_api_version=v1
+[amt]
+
+#
+# Options defined in ironic.drivers.modules.amt.common
+#
+
+# Protocol used for AMT endpoint, support http/https (string
+# value)
+#protocol=http
+
+
+#
+# Options defined in ironic.drivers.modules.amt.power
+#
+
+# Maximum number of times to attempt an AMT operation, before
+# failing (integer value)
+#max_attempts=3
+
+# Amount of time (in seconds) to wait, before retrying an AMT
+# operation (integer value)
+#action_wait=10
+
+
[api]
#
@@ -520,7 +434,7 @@ use_syslog=True
# URL of Ironic API service. If not set ironic can get the
# current value from the keystone service catalog. (string
# value)
-api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385
+#api_url=<None>
# Seconds between conductor heart beats. (integer value)
#heartbeat_interval=10
@@ -587,6 +501,31 @@ api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385
# the check entirely. (integer value)
#sync_local_state_interval=180
+# Whether to upload the config drive to Swift. (boolean value)
+#configdrive_use_swift=false
+
+# Name of the Swift container to store config drive data. Used
+# when configdrive_use_swift is True. (string value)
+#configdrive_swift_container=ironic_configdrive_container
+
+# Timeout (seconds) for waiting for node inspection. 0 -
+# unlimited. (integer value)
+#inspect_timeout=1800
+
+# Cleaning is a configurable set of steps, such as erasing
+# disk drives, that are performed on the node to ensure it is
+# in a baseline state and ready to be deployed to. This is
+# done after instance deletion, and during the transition from
+# a "managed" to "available" state. When enabled, the
+# particular steps performed to clean a node depend on which
+# driver that node is managed by; see the individual driver's
+# documentation for details. NOTE: The introduction of the
+# cleaning operation causes instance deletion to take
+# significantly longer. In an environment where all tenants
+# are trusted (eg, because there is only one tenant), this
+# option could be safely disabled. (boolean value)
+#clean_nodes=true
+
[console]
@@ -635,7 +574,7 @@ api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385
# Deprecated group/name - [DEFAULT]/sql_connection
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
-connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ironic
+#connection=<None>
# The SQLAlchemy connection string to use to connect to the
# slave database. (string value)
@@ -667,8 +606,9 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL
# Deprecated group/name - [DATABASE]/sql_max_pool_size
#max_pool_size=<None>
-# Maximum db connection retries during startup. Set to -1 to
-# specify an infinite retry count. (integer value)
+# Maximum number of database connection retries during
+# startup. Set to -1 to specify an infinite retry count.
+# (integer value)
# Deprecated group/name - [DEFAULT]/sql_max_retries
# Deprecated group/name - [DATABASE]/sql_max_retries
#max_retries=10
@@ -704,20 +644,22 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL
# connection lost. (boolean value)
#use_db_reconnect=false
-# Seconds between database connection retries. (integer value)
+# Seconds between retries of a database transaction. (integer
+# value)
#db_retry_interval=1
-# If True, increases the interval between database connection
-# retries up to db_max_retry_interval. (boolean value)
+# If True, increases the interval between retries of a
+# database operation up to db_max_retry_interval. (boolean
+# value)
#db_inc_retry_interval=true
# If db_inc_retry_interval is set, the maximum seconds between
-# database connection retries. (integer value)
+# retries of a database operation. (integer value)
#db_max_retry_interval=10
-# Maximum database connection retries before error is raised.
-# Set to -1 to specify an infinite retry count. (integer
-# value)
+# Maximum retries in case of connection error or deadlock
+# error before error is raised. Set to -1 to specify an
+# infinite retry count. (integer value)
#db_max_retries=20
@@ -729,6 +671,25 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL
#mysql_engine=InnoDB
+[deploy]
+
+#
+# Options defined in ironic.drivers.modules.deploy_utils
+#
+
+# Size of EFI system partition in MiB when configuring UEFI
+# systems for local boot. (integer value)
+#efi_system_partition_size=200
+
+# Block size to use when writing to the nodes disk. (string
+# value)
+#dd_block_size=1M
+
+# Maximum attempts to verify an iSCSI connection is active,
+# sleeping 1 second between attempts. (integer value)
+#iscsi_verify_attempts=3
+
+
[dhcp]
#
@@ -740,6 +701,26 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL
#dhcp_provider=neutron
+[discoverd]
+
+#
+# Options defined in ironic.drivers.modules.discoverd
+#
+
+# whether to enable inspection using ironic-discoverd (boolean
+# value)
+#enabled=false
+
+# ironic-discoverd HTTP endpoint. If this is not set, the
+# ironic-discoverd client default (http://127.0.0.1:5050) will
+# be used. (string value)
+#service_url=<None>
+
+# period (in seconds) to check status of nodes on inspection
+# (integer value)
+#status_check_period=60
+
+
[disk_partitioner]
#
@@ -811,13 +792,22 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL
# (string value)
#swift_container=glance
+# This should match a config by the same name in the Glance
+# configuration file. When set to 0, a single-tenant store
+# will only use one container to store all images. When set to
+# an integer value between 1 and 32, a single-tenant store
+# will use multiple containers to store images, and this value
+# will determine how many containers are created. (integer
+# value)
+#swift_store_multiple_containers_seed=0
+
#
# Options defined in ironic.common.image_service
#
# Default glance hostname or IP address. (string value)
-glance_host={{ CONTROLLER_HOST_ADDRESS }}
+#glance_host=$my_ip
# Default glance port. (integer value)
#glance_port=9292
@@ -828,7 +818,7 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }}
# A list of the glance api servers available to ironic. Prefix
# with https:// for SSL-based glance API servers. Format is
-# [hostname|IP]:port. (string value)
+# [hostname|IP]:port. (list value)
#glance_api_servers=<None>
# Allow to perform insecure SSL (https) requests to glance.
@@ -839,8 +829,9 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }}
# (integer value)
#glance_num_retries=0
-# Default protocol to use when connecting to glance. Set to
-# https for SSL. (string value)
+# Authentication strategy to use when connecting to glance.
+# Only "keystone" and "noauth" are currently supported by
+# ironic. (string value)
#auth_strategy=keystone
@@ -865,6 +856,43 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }}
#
+# Options defined in ironic.drivers.modules.ilo.deploy
+#
+
+# Priority for erase devices clean step. If unset, it defaults
+# to 10. If set to 0, the step will be disabled and will not
+# run during cleaning. (integer value)
+#clean_priority_erase_devices=<None>
+
+
+#
+# Options defined in ironic.drivers.modules.ilo.management
+#
+
+# Priority for reset_ilo clean step. (integer value)
+#clean_priority_reset_ilo=1
+
+# Priority for reset_bios_to_default clean step. (integer
+# value)
+#clean_priority_reset_bios_to_default=10
+
+# Priority for reset_secure_boot_keys clean step. This step
+# will reset the secure boot keys to manufacturing defaults.
+# (integer value)
+#clean_priority_reset_secure_boot_keys_to_default=20
+
+# Priority for clear_secure_boot_keys clean step. This step is
+# not enabled by default. It can be enabled to to clear all
+# secure boot keys enrolled with iLO. (integer value)
+#clean_priority_clear_secure_boot_keys=0
+
+# Priority for reset_ilo_credential clean step. This step
+# requires "ilo_change_password" parameter to be updated in
+# nodes's driver_info with the new password. (integer value)
+#clean_priority_reset_ilo_credential=30
+
+
+#
# Options defined in ironic.drivers.modules.ilo.power
#
@@ -883,8 +911,12 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }}
# Options defined in ironic.drivers.modules.ipminative
#
-# Maximum time in seconds to retry IPMI operations. (integer
-# value)
+# Maximum time in seconds to retry IPMI operations. There is a
+# tradeoff when setting this value. Setting this too low may
+# cause older BMCs to crash and require a hard reset. However,
+# setting too high can cause the sync power state periodic
+# task to hang when there are slow or unresponsive BMCs.
+# (integer value)
#retry_timeout=60
# Minimum time, in seconds, between IPMI operations sent to a
@@ -894,79 +926,73 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }}
#min_command_interval=5
-[keystone_authtoken]
+[irmc]
#
-# Options defined in keystonemiddleware.auth_token
+# Options defined in ironic.drivers.modules.irmc.common
#
-# Prefix to prepend at the beginning of the path. Deprecated,
-# use identity_uri. (string value)
-#auth_admin_prefix=
+# Port to be used for iRMC operations, either 80 or 443
+# (integer value)
+#port=443
-# Host providing the admin Identity API endpoint. Deprecated,
-# use identity_uri. (string value)
-#auth_host=127.0.0.1
+# Authentication method to be used for iRMC operations, either
+# "basic" or "digest" (string value)
+#auth_method=basic
-# Port of the admin Identity API endpoint. Deprecated, use
-# identity_uri. (integer value)
-#auth_port=35357
+# Timeout (in seconds) for iRMC operations (integer value)
+#client_timeout=60
-# Protocol of the admin Identity API endpoint (http or https).
-# Deprecated, use identity_uri. (string value)
-#auth_protocol=https
+# Sensor data retrieval method, either "ipmitool" or "scci"
+# (string value)
+#sensor_method=ipmitool
-# Complete public Identity API endpoint (string value)
-auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
-# Complete admin Identity API endpoint. This should specify
-# the unversioned root endpoint e.g. https://localhost:35357/
+[keystone]
+
+#
+# Options defined in ironic.common.keystone
+#
+
+# The region used for getting endpoints of OpenStackservices.
# (string value)
-identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357
+#region_name=<None>
+
+
+[keystone_authtoken]
-# API version of the admin Identity API endpoint (string
+#
+# Options defined in keystonemiddleware.auth_token
+#
+
+# Complete public Identity API endpoint. (string value)
+#auth_uri=<None>
+
+# API version of the admin Identity API endpoint. (string
# value)
#auth_version=<None>
# Do not handle authorization requests within the middleware,
# but delegate the authorization decision to downstream WSGI
-# components (boolean value)
+# components. (boolean value)
#delay_auth_decision=false
# Request timeout value for communicating with Identity API
-# server. (boolean value)
+# server. (integer value)
#http_connect_timeout=<None>
# How many times are we trying to reconnect when communicating
# with Identity API Server. (integer value)
#http_request_max_retries=3
-# This option is deprecated and may be removed in a future
-# release. Single shared secret with the Keystone
-# configuration used for bootstrapping a Keystone
-# installation, or otherwise bypassing the normal
-# authentication process. This option should not be used, use
-# `admin_user` and `admin_password` instead. (string value)
-#admin_token=<None>
-
-# Keystone account username (string value)
-admin_user={{ IRONIC_SERVICE_USER }}
-
-# Keystone account password (string value)
-admin_password={{ IRONIC_SERVICE_PASSWORD }}
-
-# Keystone service account tenant name to validate user tokens
-# (string value)
-admin_tenant_name=service
-
-# Env key for the swift cache (string value)
+# Env key for the swift cache. (string value)
#cache=<None>
-# Required if Keystone server requires client certificate
+# Required if identity server requires client certificate
# (string value)
#certfile=<None>
-# Required if Keystone server requires client certificate
+# Required if identity server requires client certificate
# (string value)
#keyfile=<None>
@@ -977,7 +1003,7 @@ admin_tenant_name=service
# Verify HTTPS connections. (boolean value)
#insecure=false
-# Directory used to cache files related to PKI tokens (string
+# Directory used to cache files related to PKI tokens. (string
# value)
#signing_dir=<None>
@@ -1000,7 +1026,7 @@ admin_tenant_name=service
# value)
#revocation_cache_time=10
-# (optional) if defined, indicate whether token data should be
+# (Optional) If defined, indicate whether token data should be
# authenticated or authenticated and encrypted. Acceptable
# values are MAC or ENCRYPT. If MAC, token data is
# authenticated (with HMAC) in the cache. If ENCRYPT, token
@@ -1009,38 +1035,38 @@ admin_tenant_name=service
# raise an exception on initialization. (string value)
#memcache_security_strategy=<None>
-# (optional, mandatory if memcache_security_strategy is
-# defined) this string is used for key derivation. (string
+# (Optional, mandatory if memcache_security_strategy is
+# defined) This string is used for key derivation. (string
# value)
#memcache_secret_key=<None>
-# (optional) number of seconds memcached server is considered
+# (Optional) Number of seconds memcached server is considered
# dead before it is tried again. (integer value)
#memcache_pool_dead_retry=300
-# (optional) max total number of open connections to every
+# (Optional) Maximum total number of open connections to every
# memcached server. (integer value)
#memcache_pool_maxsize=10
-# (optional) socket timeout in seconds for communicating with
+# (Optional) Socket timeout in seconds for communicating with
# a memcache server. (integer value)
#memcache_pool_socket_timeout=3
-# (optional) number of seconds a connection to memcached is
+# (Optional) Number of seconds a connection to memcached is
# held unused in the pool before it is closed. (integer value)
#memcache_pool_unused_timeout=60
-# (optional) number of seconds that an operation will wait to
+# (Optional) Number of seconds that an operation will wait to
# get a memcache client connection from the pool. (integer
# value)
#memcache_pool_conn_get_timeout=10
-# (optional) use the advanced (eventlet safe) memcache client
+# (Optional) Use the advanced (eventlet safe) memcache client
# pool. The advanced pool will only work under python 2.x.
# (boolean value)
#memcache_use_advanced_pool=false
-# (optional) indicate whether to set the X-Service-Catalog
+# (Optional) Indicate whether to set the X-Service-Catalog
# header. If False, middleware will not ask for service
# catalog on token validation and will not set the X-Service-
# Catalog header. (boolean value)
@@ -1059,7 +1085,7 @@ admin_tenant_name=service
# If true, the revocation list will be checked for cached
# tokens. This requires that PKI tokens are configured on the
-# Keystone server. (boolean value)
+# identity server. (boolean value)
#check_revocations_for_cached=false
# Hash algorithms to use for hashing PKI tokens. This may be a
@@ -1074,6 +1100,44 @@ admin_tenant_name=service
# (list value)
#hash_algorithms=md5
+# Prefix to prepend at the beginning of the path. Deprecated,
+# use identity_uri. (string value)
+#auth_admin_prefix=
+
+# Host providing the admin Identity API endpoint. Deprecated,
+# use identity_uri. (string value)
+#auth_host=127.0.0.1
+
+# Port of the admin Identity API endpoint. Deprecated, use
+# identity_uri. (integer value)
+#auth_port=35357
+
+# Protocol of the admin Identity API endpoint (http or https).
+# Deprecated, use identity_uri. (string value)
+#auth_protocol=https
+
+# Complete admin Identity API endpoint. This should specify
+# the unversioned root endpoint e.g. https://localhost:35357/
+# (string value)
+#identity_uri=<None>
+
+# This option is deprecated and may be removed in a future
+# release. Single shared secret with the Keystone
+# configuration used for bootstrapping a Keystone
+# installation, or otherwise bypassing the normal
+# authentication process. This option should not be used, use
+# `admin_user` and `admin_password` instead. (string value)
+#admin_token=<None>
+
+# Service username. (string value)
+#admin_user=<None>
+
+# Service user password. (string value)
+#admin_password=<None>
+
+# Service tenant name. (string value)
+#admin_tenant_name=admin
+
[matchmaker_redis]
@@ -1109,12 +1173,16 @@ admin_tenant_name=service
#
# URL for connecting to neutron. (string value)
-url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696
+#url=http://$my_ip:9696
# Timeout value for connecting to neutron in seconds. (integer
# value)
#url_timeout=30
+# Client retries in the case of a failed request. (integer
+# value)
+#retries=3
+
# Default authentication strategy to use when connecting to
# neutron. Can be either "keystone" or "noauth". Running
# neutron in noauth mode (related to but not affected by this
@@ -1122,6 +1190,248 @@ url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696
# (string value)
#auth_strategy=keystone
+# UUID of the network to create Neutron ports on when booting
+# to a ramdisk for cleaning/zapping using Neutron DHCP (string
+# value)
+#cleaning_network_uuid=<None>
+
+
+[oslo_concurrency]
+
+#
+# Options defined in oslo.concurrency
+#
+
+# Enables or disables inter-process locks. (boolean value)
+#disable_process_locking=false
+
+# Directory to use for lock files. For security, the
+# specified directory should only be writable by the user
+# running the processes that need locking. Defaults to
+# environment variable OSLO_LOCK_PATH. If external locks are
+# used, a lock path must be set. (string value)
+#lock_path=<None>
+
+
+[oslo_messaging_amqp]
+
+#
+# Options defined in oslo.messaging
+#
+
+# address prefix used when sending to a specific server
+# (string value)
+#server_request_prefix=exclusive
+
+# address prefix used when broadcasting to all servers (string
+# value)
+#broadcast_prefix=broadcast
+
+# address prefix when sending to any server in group (string
+# value)
+#group_request_prefix=unicast
+
+# Name for the AMQP container (string value)
+#container_name=<None>
+
+# Timeout for inactive connections (in seconds) (integer
+# value)
+#idle_timeout=0
+
+# Debug: dump AMQP frames to stdout (boolean value)
+#trace=false
+
+# CA certificate PEM file for verifing server certificate
+# (string value)
+#ssl_ca_file=
+
+# Identifying certificate PEM file to present to clients
+# (string value)
+#ssl_cert_file=
+
+# Private key PEM file used to sign cert_file certificate
+# (string value)
+#ssl_key_file=
+
+# Password for decrypting ssl_key_file (if encrypted) (string
+# value)
+#ssl_key_password=<None>
+
+# Accept clients using either SSL or plain TCP (boolean value)
+#allow_insecure_clients=false
+
+
+[oslo_messaging_qpid]
+
+#
+# Options defined in oslo.messaging
+#
+
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+#amqp_durable_queues=false
+
+# Auto-delete queues in AMQP. (boolean value)
+#amqp_auto_delete=false
+
+# Size of RPC connection pool. (integer value)
+#rpc_conn_pool_size=30
+
+# Qpid broker hostname. (string value)
+#qpid_hostname=localhost
+
+# Qpid broker port. (integer value)
+#qpid_port=5672
+
+# Qpid HA cluster host:port pairs. (list value)
+#qpid_hosts=$qpid_hostname:$qpid_port
+
+# Username for Qpid connection. (string value)
+#qpid_username=
+
+# Password for Qpid connection. (string value)
+#qpid_password=
+
+# Space separated list of SASL mechanisms to use for auth.
+# (string value)
+#qpid_sasl_mechanisms=
+
+# Seconds between connection keepalive heartbeats. (integer
+# value)
+#qpid_heartbeat=60
+
+# Transport to use, either 'tcp' or 'ssl'. (string value)
+#qpid_protocol=tcp
+
+# Whether to disable the Nagle algorithm. (boolean value)
+#qpid_tcp_nodelay=true
+
+# The number of prefetched messages held by receiver. (integer
+# value)
+#qpid_receiver_capacity=1
+
+# The qpid topology version to use. Version 1 is what was
+# originally used by impl_qpid. Version 2 includes some
+# backwards-incompatible changes that allow broker federation
+# to work. Users should update to version 2 when they are
+# able to take everything down, as it requires a clean break.
+# (integer value)
+#qpid_topology_version=1
+
+
+[oslo_messaging_rabbit]
+
+#
+# Options defined in oslo.messaging
+#
+
+# Use durable queues in AMQP. (boolean value)
+# Deprecated group/name - [DEFAULT]/rabbit_durable_queues
+#amqp_durable_queues=false
+
+# Auto-delete queues in AMQP. (boolean value)
+#amqp_auto_delete=false
+
+# Size of RPC connection pool. (integer value)
+#rpc_conn_pool_size=30
+
+# SSL version to use (valid only if SSL enabled). Valid values
+# are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may
+# be available on some distributions. (string value)
+#kombu_ssl_version=
+
+# SSL key file (valid only if SSL enabled). (string value)
+#kombu_ssl_keyfile=
+
+# SSL cert file (valid only if SSL enabled). (string value)
+#kombu_ssl_certfile=
+
+# SSL certification authority file (valid only if SSL
+# enabled). (string value)
+#kombu_ssl_ca_certs=
+
+# How long to wait before reconnecting in response to an AMQP
+# consumer cancel notification. (floating point value)
+#kombu_reconnect_delay=1.0
+
+# The RabbitMQ broker address where a single node is used.
+# (string value)
+#rabbit_host=localhost
+
+# The RabbitMQ broker port where a single node is used.
+# (integer value)
+#rabbit_port=5672
+
+# RabbitMQ HA cluster host:port pairs. (list value)
+#rabbit_hosts=$rabbit_host:$rabbit_port
+
+# Connect over SSL for RabbitMQ. (boolean value)
+#rabbit_use_ssl=false
+
+# The RabbitMQ userid. (string value)
+#rabbit_userid=guest
+
+# The RabbitMQ password. (string value)
+#rabbit_password=guest
+
+# The RabbitMQ login method. (string value)
+#rabbit_login_method=AMQPLAIN
+
+# The RabbitMQ virtual host. (string value)
+#rabbit_virtual_host=/
+
+# How frequently to retry connecting with RabbitMQ. (integer
+# value)
+#rabbit_retry_interval=1
+
+# How long to backoff for between retries when connecting to
+# RabbitMQ. (integer value)
+#rabbit_retry_backoff=2
+
+# Maximum number of RabbitMQ connection retries. Default is 0
+# (infinite retry count). (integer value)
+#rabbit_max_retries=0
+
+# Use HA queues in RabbitMQ (x-ha-policy: all). If you change
+# this option, you must wipe the RabbitMQ database. (boolean
+# value)
+#rabbit_ha_queues=false
+
+# Number of seconds after which the Rabbit broker is
+# considered down if heartbeat's keep-alive fails (0 disable
+# the heartbeat). (integer value)
+#heartbeat_timeout_threshold=60
+
+# How often times during the heartbeat_timeout_threshold we
+# check the heartbeat. (integer value)
+#heartbeat_rate=2
+
+# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
+# (boolean value)
+#fake_rabbit=false
+
+
+[oslo_policy]
+
+#
+# Options defined in oslo.policy
+#
+
+# The JSON file that defines policies. (string value)
+#policy_file=policy.json
+
+# Default rule. Enforced when a requested rule is not found.
+# (string value)
+#policy_default_rule=default
+
+# Directories where policy configuration files are stored.
+# They can be relative to any directory in the search path
+# defined by the config_dir option, or absolute paths. The
+# file defined by policy_file must exist for these directories
+# to be searched. Missing or empty directories are ignored.
+# (multi valued)
+#policy_dirs=policy.d
+
[pxe]
@@ -1173,11 +1483,11 @@ url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696
#tftp_server=$my_ip
# Ironic compute node's tftp root path. (string value)
-tftp_root=/srv/tftp_root/
+#tftp_root=/tftpboot
# Directory where master tftp images are stored on disk.
# (string value)
-tftp_master_path=/srv/tftp_root/master_images
+#tftp_master_path=/tftpboot/master_images
# Bootfile DHCP parameter. (string value)
#pxe_bootfile_name=pxelinux.0
@@ -1245,3 +1555,14 @@ tftp_master_path=/srv/tftp_root/master_images
#swift_max_retries=2
+[virtualbox]
+
+#
+# Options defined in ironic.drivers.modules.virtualbox
+#
+
+# Port on which VirtualBox web service is listening. (integer
+# value)
+#port=18083
+
+
diff --git a/strata/openstack-services/ironic.morph b/strata/openstack-services/ironic.morph
index 850399b..8003dd1 100644
--- a/strata/openstack-services/ironic.morph
+++ b/strata/openstack-services/ironic.morph
@@ -2,14 +2,15 @@ name: ironic
kind: chunk
build-system: python-distutils
post-install-commands:
-# Install rootwrap.conf
-- install -D -m 640 etc/ironic/rootwrap.conf "$DESTDIR"/etc/ironic/rootwrap.conf
-# Move rootwrap files to a proper location
-- mkdir -p "$DESTDIR"/etc/ironic/rootwrap.d
-- install -m 644 etc/ironic/rootwrap.d/* "$DESTDIR"/etc/ironic/rootwrap.d/
-# Add ironic to sudoers controlling which commands will run as a root
-# using the openstack rootwrap.
- |
+ mkdir -p "$DESTDIR"/etc/ironic
+ install -m 644 etc/ironic/policy.json "$DESTDIR"/etc/ironic
+ install -m 644 etc/ironic/rootwrap.conf "$DESTDIR"/etc/ironic
+ mkdir -p "$DESTDIR"/etc/ironic/rootwrap.d
+ install -m 644 etc/ironic/rootwrap.d/* "$DESTDIR"/etc/ironic/rootwrap.d/
+
+ # Add ironic to sudoers controlling which commands will run as a root
+ # using the openstack rootwrap.
install -D -m 0440 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/sudoers.d/ironic-rootwrap
Defaults:ironic !requiretty