From 0575d1a0e5e4cd6768f894d6ccefbe9495ad4418 Mon Sep 17 00:00:00 2001 From: Tiago Gomes Date: Thu, 21 May 2015 09:18:44 +0000 Subject: WIP Ironic: update configuration files to Kilo This commit updates the Ironic's configuration files to be the factory versions for the Kilo release. Our custom configuration will be re-added in a following commit. --- install-files/openstack/manifest | 1 - .../usr/share/openstack/ironic/ironic.conf | 767 +++++++++++++++------ strata/openstack-services/ironic.morph | 15 +- 3 files changed, 552 insertions(+), 231 deletions(-) diff --git a/install-files/openstack/manifest b/install-files/openstack/manifest index ed88169f..8a609d7c 100644 --- a/install-files/openstack/manifest +++ b/install-files/openstack/manifest @@ -27,7 +27,6 @@ template 0100644 0 0 /etc/tempest/tempest.conf 0040755 0 0 /usr/share/openstack/ironic 0100644 0 0 /usr/share/openstack/ironic.yml 0100644 0 0 /usr/share/openstack/ironic/ironic.conf -0100644 0 0 /usr/share/openstack/ironic/policy.json 0100644 0 0 /usr/share/openstack/iscsi.yml 0100644 0 0 /usr/share/openstack/keystone.yml 0040755 0 0 /usr/share/openstack/keystone diff --git a/install-files/openstack/usr/share/openstack/ironic/ironic.conf b/install-files/openstack/usr/share/openstack/ironic/ironic.conf index 75c62b8e..ccf368f0 100644 --- a/install-files/openstack/usr/share/openstack/ironic/ironic.conf +++ b/install-files/openstack/usr/share/openstack/ironic/ironic.conf @@ -4,129 +4,13 @@ # Options defined in oslo.messaging # -# Use durable queues in amqp. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in amqp. (boolean value) -#amqp_auto_delete=false - -# Size of RPC connection pool. (integer value) -#rpc_conn_pool_size=30 - -# Qpid broker hostname. (string value) -#qpid_hostname=localhost - -# Qpid broker port. (integer value) -#qpid_port=5672 - -# Qpid HA cluster host:port pairs. (list value) -#qpid_hosts=$qpid_hostname:$qpid_port - -# Username for Qpid connection. (string value) -#qpid_username= - -# Password for Qpid connection. (string value) -#qpid_password= - -# Space separated list of SASL mechanisms to use for auth. -# (string value) -#qpid_sasl_mechanisms= - -# Seconds between connection keepalive heartbeats. (integer -# value) -#qpid_heartbeat=60 - -# Transport to use, either 'tcp' or 'ssl'. (string value) -#qpid_protocol=tcp - -# Whether to disable the Nagle algorithm. (boolean value) -#qpid_tcp_nodelay=true - -# The number of prefetched messages held by receiver. (integer -# value) -#qpid_receiver_capacity=1 - -# The qpid topology version to use. Version 1 is what was -# originally used by impl_qpid. Version 2 includes some -# backwards-incompatible changes that allow broker federation -# to work. Users should update to version 2 when they are -# able to take everything down, as it requires a clean break. -# (integer value) -#qpid_topology_version=1 - -# SSL version to use (valid only if SSL enabled). valid values -# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some -# distributions. (string value) -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled). (string value) -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled). (string value) -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL -# enabled). (string value) -#kombu_ssl_ca_certs= - -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -#kombu_reconnect_delay=1.0 - -# The RabbitMQ broker address where a single node is used. -# (string value) -rabbit_host={{ RABBITMQ_HOST }} - -# The RabbitMQ broker port where a single node is used. -# (integer value) -rabbit_port={{ RABBITMQ_PORT }} - -# RabbitMQ HA cluster host:port pairs. (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port - -# Connect over SSL for RabbitMQ. (boolean value) -#rabbit_use_ssl=false - -# The RabbitMQ userid. (string value) -rabbit_userid={{ RABBITMQ_USER }} - -# The RabbitMQ password. (string value) -rabbit_password={{ RABBITMQ_PASSWORD }} - -# the RabbitMQ login method (string value) -#rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -#rabbit_virtual_host=/ - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -#rabbit_retry_backoff=2 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -#rabbit_max_retries=0 - -# Use HA queues in RabbitMQ (x-ha-policy: all). If you change -# this option, you must wipe the RabbitMQ database. (boolean -# value) -#rabbit_ha_queues=false - -# If passed, use a fake RabbitMQ provider. (boolean value) -#fake_rabbit=false - # ZeroMQ bind address. Should be a wildcard (*), an ethernet # interface, or IP. The "host" option should point or resolve # to this address. (string value) #rpc_zmq_bind_address=* # MatchMaker driver. (string value) -#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost +#rpc_zmq_matchmaker=oslo_messaging._drivers.matchmaker.MatchMakerLocalhost # ZeroMQ receiver listening port. (integer value) #rpc_zmq_port=9501 @@ -156,7 +40,7 @@ rabbit_password={{ RABBITMQ_PASSWORD }} # Heartbeat time-to-live. (integer value) #matchmaker_heartbeat_ttl=600 -# Size of RPC greenthread pool. (integer value) +# Size of RPC thread pool. (integer value) #rpc_thread_pool_size=64 # Driver or drivers to handle sending notifications. (multi @@ -190,10 +74,7 @@ rabbit_password={{ RABBITMQ_PASSWORD }} # # IP address of this host. (string value) -my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} - -# Use IPv6. (boolean value) -#use_ipv6=false +#my_ip=10.0.0.1 # @@ -204,6 +85,10 @@ my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # (string value) #auth_strategy=keystone +# Enable pecan debug mode. WARNING: this is insecure and +# should not be used in production. (boolean value) +#pecan_debug=false + # # Options defined in ironic.common.driver_factory @@ -217,7 +102,7 @@ my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # present on your system may be found by enumerating the # "ironic.drivers" entrypoint. An example may be found in the # developer documentation online. (list value) -enabled_drivers=pxe_ipmitool,pxe_ssh +#enabled_drivers=pxe_ipmitool # @@ -268,6 +153,9 @@ enabled_drivers=pxe_ipmitool,pxe_ssh # value) #isolinux_config_template=$pybasedir/common/isolinux_config.template +# Template file for grub configuration file. (string value) +#grub_config_template=$pybasedir/common/grub_conf.template + # # Options defined in ironic.common.paths @@ -286,18 +174,6 @@ enabled_drivers=pxe_ipmitool,pxe_ssh #state_path=$pybasedir -# -# Options defined in ironic.common.policy -# - -# JSON file representing policy. (string value) -#policy_file=policy.json - -# Rule checked when requested rule is not found. (string -# value) -#policy_default_rule=default - - # # Options defined in ironic.common.service # @@ -350,17 +226,6 @@ enabled_drivers=pxe_ipmitool,pxe_ssh #backdoor_port= -# -# Options defined in ironic.openstack.common.lockutils -# - -# Enables or disables inter-process locks. (boolean value) -#disable_process_locking=false - -# Directory to use for lock files. (string value) -#lock_path= - - # # Options defined in ironic.openstack.common.log # @@ -393,7 +258,7 @@ enabled_drivers=pxe_ipmitool,pxe_ssh #logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s # List of logger=LEVEL pairs. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN +#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN # Enables or disables publication of error events. (boolean # value) @@ -442,7 +307,7 @@ enabled_drivers=pxe_ipmitool,pxe_ssh # Use syslog for logging. Existing syslog format is DEPRECATED # during I, and will change in J to honor RFC5424. (boolean # value) -use_syslog=True +#use_syslog=false # (Optional) Enables or disables syslog rfc5424 format for # logging. If enabled, prefixes the MSG part of the syslog @@ -464,6 +329,15 @@ use_syslog=True #run_external_periodic_tasks=true +# +# Options defined in ironic.openstack.common.versionutils +# + +# Enables or disables fatal status of deprecations. (boolean +# value) +#fatal_deprecations=false + + [agent] # @@ -480,6 +354,22 @@ use_syslog=True # Neutron bootfile DHCP parameter. (string value) #agent_pxe_bootfile_name=pxelinux.0 +# Priority to run in-band erase devices via the Ironic Python +# Agent ramdisk. If unset, will use the priority set in the +# ramdisk (defaults to 10 for the GenericHardwareManager). If +# set to 0, will not run during cleaning. (integer value) +#agent_erase_devices_priority= + +# Whether Ironic will manage TFTP files for the deploy +# ramdisks. If set to False, you will need to configure your +# own TFTP server that allows booting the deploy ramdisks. +# (boolean value) +#manage_tftp=true + +# +# Options defined in ironic.drivers.modules.agent_base_vendor +# + # Maximum interval (in seconds) for agent heartbeats. (integer # value) #heartbeat_timeout=300 @@ -494,6 +384,30 @@ use_syslog=True #agent_api_version=v1 +[amt] + +# +# Options defined in ironic.drivers.modules.amt.common +# + +# Protocol used for AMT endpoint, support http/https (string +# value) +#protocol=http + + +# +# Options defined in ironic.drivers.modules.amt.power +# + +# Maximum number of times to attempt an AMT operation, before +# failing (integer value) +#max_attempts=3 + +# Amount of time (in seconds) to wait, before retrying an AMT +# operation (integer value) +#action_wait=10 + + [api] # @@ -520,7 +434,7 @@ use_syslog=True # URL of Ironic API service. If not set ironic can get the # current value from the keystone service catalog. (string # value) -api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385 +#api_url= # Seconds between conductor heart beats. (integer value) #heartbeat_interval=10 @@ -587,6 +501,31 @@ api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385 # the check entirely. (integer value) #sync_local_state_interval=180 +# Whether to upload the config drive to Swift. (boolean value) +#configdrive_use_swift=false + +# Name of the Swift container to store config drive data. Used +# when configdrive_use_swift is True. (string value) +#configdrive_swift_container=ironic_configdrive_container + +# Timeout (seconds) for waiting for node inspection. 0 - +# unlimited. (integer value) +#inspect_timeout=1800 + +# Cleaning is a configurable set of steps, such as erasing +# disk drives, that are performed on the node to ensure it is +# in a baseline state and ready to be deployed to. This is +# done after instance deletion, and during the transition from +# a "managed" to "available" state. When enabled, the +# particular steps performed to clean a node depend on which +# driver that node is managed by; see the individual driver's +# documentation for details. NOTE: The introduction of the +# cleaning operation causes instance deletion to take +# significantly longer. In an environment where all tenants +# are trusted (eg, because there is only one tenant), this +# option could be safely disabled. (boolean value) +#clean_nodes=true + [console] @@ -635,7 +574,7 @@ api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385 # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection -connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ironic +#connection= # The SQLAlchemy connection string to use to connect to the # slave database. (string value) @@ -667,8 +606,9 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL # Deprecated group/name - [DATABASE]/sql_max_pool_size #max_pool_size= -# Maximum db connection retries during startup. Set to -1 to -# specify an infinite retry count. (integer value) +# Maximum number of database connection retries during +# startup. Set to -1 to specify an infinite retry count. +# (integer value) # Deprecated group/name - [DEFAULT]/sql_max_retries # Deprecated group/name - [DATABASE]/sql_max_retries #max_retries=10 @@ -704,20 +644,22 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL # connection lost. (boolean value) #use_db_reconnect=false -# Seconds between database connection retries. (integer value) +# Seconds between retries of a database transaction. (integer +# value) #db_retry_interval=1 -# If True, increases the interval between database connection -# retries up to db_max_retry_interval. (boolean value) +# If True, increases the interval between retries of a +# database operation up to db_max_retry_interval. (boolean +# value) #db_inc_retry_interval=true # If db_inc_retry_interval is set, the maximum seconds between -# database connection retries. (integer value) +# retries of a database operation. (integer value) #db_max_retry_interval=10 -# Maximum database connection retries before error is raised. -# Set to -1 to specify an infinite retry count. (integer -# value) +# Maximum retries in case of connection error or deadlock +# error before error is raised. Set to -1 to specify an +# infinite retry count. (integer value) #db_max_retries=20 @@ -729,6 +671,25 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL #mysql_engine=InnoDB +[deploy] + +# +# Options defined in ironic.drivers.modules.deploy_utils +# + +# Size of EFI system partition in MiB when configuring UEFI +# systems for local boot. (integer value) +#efi_system_partition_size=200 + +# Block size to use when writing to the nodes disk. (string +# value) +#dd_block_size=1M + +# Maximum attempts to verify an iSCSI connection is active, +# sleeping 1 second between attempts. (integer value) +#iscsi_verify_attempts=3 + + [dhcp] # @@ -740,6 +701,26 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL #dhcp_provider=neutron +[discoverd] + +# +# Options defined in ironic.drivers.modules.discoverd +# + +# whether to enable inspection using ironic-discoverd (boolean +# value) +#enabled=false + +# ironic-discoverd HTTP endpoint. If this is not set, the +# ironic-discoverd client default (http://127.0.0.1:5050) will +# be used. (string value) +#service_url= + +# period (in seconds) to check status of nodes on inspection +# (integer value) +#status_check_period=60 + + [disk_partitioner] # @@ -811,13 +792,22 @@ connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLL # (string value) #swift_container=glance +# This should match a config by the same name in the Glance +# configuration file. When set to 0, a single-tenant store +# will only use one container to store all images. When set to +# an integer value between 1 and 32, a single-tenant store +# will use multiple containers to store images, and this value +# will determine how many containers are created. (integer +# value) +#swift_store_multiple_containers_seed=0 + # # Options defined in ironic.common.image_service # # Default glance hostname or IP address. (string value) -glance_host={{ CONTROLLER_HOST_ADDRESS }} +#glance_host=$my_ip # Default glance port. (integer value) #glance_port=9292 @@ -828,7 +818,7 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # A list of the glance api servers available to ironic. Prefix # with https:// for SSL-based glance API servers. Format is -# [hostname|IP]:port. (string value) +# [hostname|IP]:port. (list value) #glance_api_servers= # Allow to perform insecure SSL (https) requests to glance. @@ -839,8 +829,9 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # (integer value) #glance_num_retries=0 -# Default protocol to use when connecting to glance. Set to -# https for SSL. (string value) +# Authentication strategy to use when connecting to glance. +# Only "keystone" and "noauth" are currently supported by +# ironic. (string value) #auth_strategy=keystone @@ -864,6 +855,43 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} #swift_object_expiry_timeout=900 +# +# Options defined in ironic.drivers.modules.ilo.deploy +# + +# Priority for erase devices clean step. If unset, it defaults +# to 10. If set to 0, the step will be disabled and will not +# run during cleaning. (integer value) +#clean_priority_erase_devices= + + +# +# Options defined in ironic.drivers.modules.ilo.management +# + +# Priority for reset_ilo clean step. (integer value) +#clean_priority_reset_ilo=1 + +# Priority for reset_bios_to_default clean step. (integer +# value) +#clean_priority_reset_bios_to_default=10 + +# Priority for reset_secure_boot_keys clean step. This step +# will reset the secure boot keys to manufacturing defaults. +# (integer value) +#clean_priority_reset_secure_boot_keys_to_default=20 + +# Priority for clear_secure_boot_keys clean step. This step is +# not enabled by default. It can be enabled to to clear all +# secure boot keys enrolled with iLO. (integer value) +#clean_priority_clear_secure_boot_keys=0 + +# Priority for reset_ilo_credential clean step. This step +# requires "ilo_change_password" parameter to be updated in +# nodes's driver_info with the new password. (integer value) +#clean_priority_reset_ilo_credential=30 + + # # Options defined in ironic.drivers.modules.ilo.power # @@ -883,8 +911,12 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} # Options defined in ironic.drivers.modules.ipminative # -# Maximum time in seconds to retry IPMI operations. (integer -# value) +# Maximum time in seconds to retry IPMI operations. There is a +# tradeoff when setting this value. Setting this too low may +# cause older BMCs to crash and require a hard reset. However, +# setting too high can cause the sync power state periodic +# task to hang when there are slow or unresponsive BMCs. +# (integer value) #retry_timeout=60 # Minimum time, in seconds, between IPMI operations sent to a @@ -894,79 +926,73 @@ glance_host={{ CONTROLLER_HOST_ADDRESS }} #min_command_interval=5 -[keystone_authtoken] +[irmc] # -# Options defined in keystonemiddleware.auth_token +# Options defined in ironic.drivers.modules.irmc.common # -# Prefix to prepend at the beginning of the path. Deprecated, -# use identity_uri. (string value) -#auth_admin_prefix= +# Port to be used for iRMC operations, either 80 or 443 +# (integer value) +#port=443 -# Host providing the admin Identity API endpoint. Deprecated, -# use identity_uri. (string value) -#auth_host=127.0.0.1 +# Authentication method to be used for iRMC operations, either +# "basic" or "digest" (string value) +#auth_method=basic -# Port of the admin Identity API endpoint. Deprecated, use -# identity_uri. (integer value) -#auth_port=35357 +# Timeout (in seconds) for iRMC operations (integer value) +#client_timeout=60 -# Protocol of the admin Identity API endpoint (http or https). -# Deprecated, use identity_uri. (string value) -#auth_protocol=https +# Sensor data retrieval method, either "ipmitool" or "scci" +# (string value) +#sensor_method=ipmitool -# Complete public Identity API endpoint (string value) -auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 -# Complete admin Identity API endpoint. This should specify -# the unversioned root endpoint e.g. https://localhost:35357/ +[keystone] + +# +# Options defined in ironic.common.keystone +# + +# The region used for getting endpoints of OpenStackservices. # (string value) -identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +#region_name= + + +[keystone_authtoken] -# API version of the admin Identity API endpoint (string +# +# Options defined in keystonemiddleware.auth_token +# + +# Complete public Identity API endpoint. (string value) +#auth_uri= + +# API version of the admin Identity API endpoint. (string # value) #auth_version= # Do not handle authorization requests within the middleware, # but delegate the authorization decision to downstream WSGI -# components (boolean value) +# components. (boolean value) #delay_auth_decision=false # Request timeout value for communicating with Identity API -# server. (boolean value) +# server. (integer value) #http_connect_timeout= # How many times are we trying to reconnect when communicating # with Identity API Server. (integer value) #http_request_max_retries=3 -# This option is deprecated and may be removed in a future -# release. Single shared secret with the Keystone -# configuration used for bootstrapping a Keystone -# installation, or otherwise bypassing the normal -# authentication process. This option should not be used, use -# `admin_user` and `admin_password` instead. (string value) -#admin_token= - -# Keystone account username (string value) -admin_user={{ IRONIC_SERVICE_USER }} - -# Keystone account password (string value) -admin_password={{ IRONIC_SERVICE_PASSWORD }} - -# Keystone service account tenant name to validate user tokens -# (string value) -admin_tenant_name=service - -# Env key for the swift cache (string value) +# Env key for the swift cache. (string value) #cache= -# Required if Keystone server requires client certificate +# Required if identity server requires client certificate # (string value) #certfile= -# Required if Keystone server requires client certificate +# Required if identity server requires client certificate # (string value) #keyfile= @@ -977,7 +1003,7 @@ admin_tenant_name=service # Verify HTTPS connections. (boolean value) #insecure=false -# Directory used to cache files related to PKI tokens (string +# Directory used to cache files related to PKI tokens. (string # value) #signing_dir= @@ -1000,7 +1026,7 @@ admin_tenant_name=service # value) #revocation_cache_time=10 -# (optional) if defined, indicate whether token data should be +# (Optional) If defined, indicate whether token data should be # authenticated or authenticated and encrypted. Acceptable # values are MAC or ENCRYPT. If MAC, token data is # authenticated (with HMAC) in the cache. If ENCRYPT, token @@ -1009,38 +1035,38 @@ admin_tenant_name=service # raise an exception on initialization. (string value) #memcache_security_strategy= -# (optional, mandatory if memcache_security_strategy is -# defined) this string is used for key derivation. (string +# (Optional, mandatory if memcache_security_strategy is +# defined) This string is used for key derivation. (string # value) #memcache_secret_key= -# (optional) number of seconds memcached server is considered +# (Optional) Number of seconds memcached server is considered # dead before it is tried again. (integer value) #memcache_pool_dead_retry=300 -# (optional) max total number of open connections to every +# (Optional) Maximum total number of open connections to every # memcached server. (integer value) #memcache_pool_maxsize=10 -# (optional) socket timeout in seconds for communicating with +# (Optional) Socket timeout in seconds for communicating with # a memcache server. (integer value) #memcache_pool_socket_timeout=3 -# (optional) number of seconds a connection to memcached is +# (Optional) Number of seconds a connection to memcached is # held unused in the pool before it is closed. (integer value) #memcache_pool_unused_timeout=60 -# (optional) number of seconds that an operation will wait to +# (Optional) Number of seconds that an operation will wait to # get a memcache client connection from the pool. (integer # value) #memcache_pool_conn_get_timeout=10 -# (optional) use the advanced (eventlet safe) memcache client +# (Optional) Use the advanced (eventlet safe) memcache client # pool. The advanced pool will only work under python 2.x. # (boolean value) #memcache_use_advanced_pool=false -# (optional) indicate whether to set the X-Service-Catalog +# (Optional) Indicate whether to set the X-Service-Catalog # header. If False, middleware will not ask for service # catalog on token validation and will not set the X-Service- # Catalog header. (boolean value) @@ -1059,7 +1085,7 @@ admin_tenant_name=service # If true, the revocation list will be checked for cached # tokens. This requires that PKI tokens are configured on the -# Keystone server. (boolean value) +# identity server. (boolean value) #check_revocations_for_cached=false # Hash algorithms to use for hashing PKI tokens. This may be a @@ -1074,6 +1100,44 @@ admin_tenant_name=service # (list value) #hash_algorithms=md5 +# Prefix to prepend at the beginning of the path. Deprecated, +# use identity_uri. (string value) +#auth_admin_prefix= + +# Host providing the admin Identity API endpoint. Deprecated, +# use identity_uri. (string value) +#auth_host=127.0.0.1 + +# Port of the admin Identity API endpoint. Deprecated, use +# identity_uri. (integer value) +#auth_port=35357 + +# Protocol of the admin Identity API endpoint (http or https). +# Deprecated, use identity_uri. (string value) +#auth_protocol=https + +# Complete admin Identity API endpoint. This should specify +# the unversioned root endpoint e.g. https://localhost:35357/ +# (string value) +#identity_uri= + +# This option is deprecated and may be removed in a future +# release. Single shared secret with the Keystone +# configuration used for bootstrapping a Keystone +# installation, or otherwise bypassing the normal +# authentication process. This option should not be used, use +# `admin_user` and `admin_password` instead. (string value) +#admin_token= + +# Service username. (string value) +#admin_user= + +# Service user password. (string value) +#admin_password= + +# Service tenant name. (string value) +#admin_tenant_name=admin + [matchmaker_redis] @@ -1109,12 +1173,16 @@ admin_tenant_name=service # # URL for connecting to neutron. (string value) -url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 +#url=http://$my_ip:9696 # Timeout value for connecting to neutron in seconds. (integer # value) #url_timeout=30 +# Client retries in the case of a failed request. (integer +# value) +#retries=3 + # Default authentication strategy to use when connecting to # neutron. Can be either "keystone" or "noauth". Running # neutron in noauth mode (related to but not affected by this @@ -1122,6 +1190,248 @@ url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 # (string value) #auth_strategy=keystone +# UUID of the network to create Neutron ports on when booting +# to a ramdisk for cleaning/zapping using Neutron DHCP (string +# value) +#cleaning_network_uuid= + + +[oslo_concurrency] + +# +# Options defined in oslo.concurrency +# + +# Enables or disables inter-process locks. (boolean value) +#disable_process_locking=false + +# Directory to use for lock files. For security, the +# specified directory should only be writable by the user +# running the processes that need locking. Defaults to +# environment variable OSLO_LOCK_PATH. If external locks are +# used, a lock path must be set. (string value) +#lock_path= + + +[oslo_messaging_amqp] + +# +# Options defined in oslo.messaging +# + +# address prefix used when sending to a specific server +# (string value) +#server_request_prefix=exclusive + +# address prefix used when broadcasting to all servers (string +# value) +#broadcast_prefix=broadcast + +# address prefix when sending to any server in group (string +# value) +#group_request_prefix=unicast + +# Name for the AMQP container (string value) +#container_name= + +# Timeout for inactive connections (in seconds) (integer +# value) +#idle_timeout=0 + +# Debug: dump AMQP frames to stdout (boolean value) +#trace=false + +# CA certificate PEM file for verifing server certificate +# (string value) +#ssl_ca_file= + +# Identifying certificate PEM file to present to clients +# (string value) +#ssl_cert_file= + +# Private key PEM file used to sign cert_file certificate +# (string value) +#ssl_key_file= + +# Password for decrypting ssl_key_file (if encrypted) (string +# value) +#ssl_key_password= + +# Accept clients using either SSL or plain TCP (boolean value) +#allow_insecure_clients=false + + +[oslo_messaging_qpid] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in AMQP. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# Qpid broker hostname. (string value) +#qpid_hostname=localhost + +# Qpid broker port. (integer value) +#qpid_port=5672 + +# Qpid HA cluster host:port pairs. (list value) +#qpid_hosts=$qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +#qpid_username= + +# Password for Qpid connection. (string value) +#qpid_password= + +# Space separated list of SASL mechanisms to use for auth. +# (string value) +#qpid_sasl_mechanisms= + +# Seconds between connection keepalive heartbeats. (integer +# value) +#qpid_heartbeat=60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +#qpid_protocol=tcp + +# Whether to disable the Nagle algorithm. (boolean value) +#qpid_tcp_nodelay=true + +# The number of prefetched messages held by receiver. (integer +# value) +#qpid_receiver_capacity=1 + +# The qpid topology version to use. Version 1 is what was +# originally used by impl_qpid. Version 2 includes some +# backwards-incompatible changes that allow broker federation +# to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. +# (integer value) +#qpid_topology_version=1 + + +[oslo_messaging_rabbit] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in AMQP. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# SSL version to use (valid only if SSL enabled). Valid values +# are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may +# be available on some distributions. (string value) +#kombu_ssl_version= + +# SSL key file (valid only if SSL enabled). (string value) +#kombu_ssl_keyfile= + +# SSL cert file (valid only if SSL enabled). (string value) +#kombu_ssl_certfile= + +# SSL certification authority file (valid only if SSL +# enabled). (string value) +#kombu_ssl_ca_certs= + +# How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. (floating point value) +#kombu_reconnect_delay=1.0 + +# The RabbitMQ broker address where a single node is used. +# (string value) +#rabbit_host=localhost + +# The RabbitMQ broker port where a single node is used. +# (integer value) +#rabbit_port=5672 + +# RabbitMQ HA cluster host:port pairs. (list value) +#rabbit_hosts=$rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +#rabbit_use_ssl=false + +# The RabbitMQ userid. (string value) +#rabbit_userid=guest + +# The RabbitMQ password. (string value) +#rabbit_password=guest + +# The RabbitMQ login method. (string value) +#rabbit_login_method=AMQPLAIN + +# The RabbitMQ virtual host. (string value) +#rabbit_virtual_host=/ + +# How frequently to retry connecting with RabbitMQ. (integer +# value) +#rabbit_retry_interval=1 + +# How long to backoff for between retries when connecting to +# RabbitMQ. (integer value) +#rabbit_retry_backoff=2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +#rabbit_max_retries=0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. (boolean +# value) +#rabbit_ha_queues=false + +# Number of seconds after which the Rabbit broker is +# considered down if heartbeat's keep-alive fails (0 disable +# the heartbeat). (integer value) +#heartbeat_timeout_threshold=60 + +# How often times during the heartbeat_timeout_threshold we +# check the heartbeat. (integer value) +#heartbeat_rate=2 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake +# (boolean value) +#fake_rabbit=false + + +[oslo_policy] + +# +# Options defined in oslo.policy +# + +# The JSON file that defines policies. (string value) +#policy_file=policy.json + +# Default rule. Enforced when a requested rule is not found. +# (string value) +#policy_default_rule=default + +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. The +# file defined by policy_file must exist for these directories +# to be searched. Missing or empty directories are ignored. +# (multi valued) +#policy_dirs=policy.d + [pxe] @@ -1173,11 +1483,11 @@ url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 #tftp_server=$my_ip # Ironic compute node's tftp root path. (string value) -tftp_root=/srv/tftp_root/ +#tftp_root=/tftpboot # Directory where master tftp images are stored on disk. # (string value) -tftp_master_path=/srv/tftp_root/master_images +#tftp_master_path=/tftpboot/master_images # Bootfile DHCP parameter. (string value) #pxe_bootfile_name=pxelinux.0 @@ -1245,3 +1555,14 @@ tftp_master_path=/srv/tftp_root/master_images #swift_max_retries=2 +[virtualbox] + +# +# Options defined in ironic.drivers.modules.virtualbox +# + +# Port on which VirtualBox web service is listening. (integer +# value) +#port=18083 + + diff --git a/strata/openstack-services/ironic.morph b/strata/openstack-services/ironic.morph index 850399b4..8003dd17 100644 --- a/strata/openstack-services/ironic.morph +++ b/strata/openstack-services/ironic.morph @@ -2,14 +2,15 @@ name: ironic kind: chunk build-system: python-distutils post-install-commands: -# Install rootwrap.conf -- install -D -m 640 etc/ironic/rootwrap.conf "$DESTDIR"/etc/ironic/rootwrap.conf -# Move rootwrap files to a proper location -- mkdir -p "$DESTDIR"/etc/ironic/rootwrap.d -- install -m 644 etc/ironic/rootwrap.d/* "$DESTDIR"/etc/ironic/rootwrap.d/ -# Add ironic to sudoers controlling which commands will run as a root -# using the openstack rootwrap. - | + mkdir -p "$DESTDIR"/etc/ironic + install -m 644 etc/ironic/policy.json "$DESTDIR"/etc/ironic + install -m 644 etc/ironic/rootwrap.conf "$DESTDIR"/etc/ironic + mkdir -p "$DESTDIR"/etc/ironic/rootwrap.d + install -m 644 etc/ironic/rootwrap.d/* "$DESTDIR"/etc/ironic/rootwrap.d/ + + # Add ironic to sudoers controlling which commands will run as a root + # using the openstack rootwrap. install -D -m 0440 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/sudoers.d/ironic-rootwrap Defaults:ironic !requiretty -- cgit v1.2.1