diff --git a/defaults/main.yml b/defaults/main.yml index 1cb2faf2..828454ab 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -17,7 +17,6 @@ # Verbosity Options debug: False -verbose: True # These variables are used in 'developer mode' in order to allow the role # to build an environment directly from a git source without the presence @@ -73,19 +72,35 @@ ironic_service_project_name: "service" ironic_service_project_domain_id: default ironic_service_user_domain_id: default ironic_service_role_name: "admin" - ironic_service_in_ldap: False +# Ironic image store information +ironic_swift_image_container: glance_images +ironic_swift_api_version: v1 +# The ironic swift auth account and swift endpoints will be generated using the +# known swift data as provided by swift stat. If you wish to set either of these +# items to something else define these variables. +# ironic_swift_auth_account: AUTH_1234567890 +# ironic_swift_endpoint: https://localhost:8080 # Is this Ironic installation working standalone? # If you're wanting Ironic to work without being integrated to other OpenStack # services, set this to True, and update the dhcp configuration appropriately ironic_standalone: False +# Enables or disables automated cleaning. Automated cleaning +# is a configurable set of steps, such as erasing disk drives, +# that are performed on the node to ensure it is in a baseline +# state and ready to be deployed to. +ironic_automated_clean: false + # Database ironic_galera_user: ironic ironic_galera_database: ironic +## Keystone authentication middleware +ironic_keystone_auth_plugin: password + # Integrated Openstack configuration ironic_openstack_driver_list: agent_ipmitool ironic_openstack_auth_strategy: keystone @@ -102,6 +117,11 @@ ironic_standalone_dhcp_provider: none ironic_standalone_sync_power_state_interval: -1 ironic_standalone_db_connection_string: "mysql+pymysql://{{ ironic_galera_user }}:{{ ironic_galera_password }}@{{ ironic_galera_address }}/ironic" +# Ironic db tuning +ironic_db_max_overflow: 10 +ironic_db_max_pool_size: 120 +ironic_db_pool_timeout: 30 + # Common configuration ironic_node_name: ironic @@ -114,6 +134,8 @@ ironic_bin: "{{ ironic_venv_bin }}" ironic_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/ironic.tgz +ironic_tftp_server_address: "{{ ansible_ssh_host }}" + ironic_requires_pip_packages: - virtualenv - virtualenv-tools @@ -124,6 +146,7 @@ ironic_pip_packages: - PyMySQL - ironic - python-ironicclient + - python-swiftclient ironic_api_apt_packages: - apache2 @@ -164,7 +187,6 @@ ironic_wsgi_processes: "{{ (_ironic_wsgi_processes | int > 1) | ternary(_ironic_ ironic_glance_auth_strategy: "{{ ironic_openstack_auth_strategy }}" # Neutron -# neutron_service_adminurl: ironic_neutron_auth_strategy: "{{ ironic_openstack_auth_strategy }}" ### Config Overrides diff --git a/tasks/ironic_post_install.yml b/tasks/ironic_post_install.yml index 5e6962e6..e63a3ec3 100644 --- a/tasks/ironic_post_install.yml +++ b/tasks/ironic_post_install.yml @@ -21,7 +21,9 @@ ironic_dhcp_provider: "{{ ironic_standalone_dhcp_provider }}" ironic_sync_power_state_interval: "{{ ironic_standalone_sync_power_state_interval }}" ironic_db_connection_string: "{{ ironic_standalone_db_connection_string }}" - when: ironic_standalone + when: ironic_standalone | bool + tags: + - always - name: Setup ironic for integrated Openstack usage set_fact: @@ -31,7 +33,9 @@ ironic_dhcp_provider: "{{ ironic_openstack_dhcp_provider }}" ironic_sync_power_state_interval: "{{ ironic_openstack_sync_power_state_interval }}" ironic_db_connection_string: "{{ ironic_openstack_db_connection_string }}" - when: not ironic_standalone + when: not ironic_standalone | bool + tags: + - always - name: Get ironic command path command: which ironic @@ -49,6 +53,72 @@ tags: - ironic-command-bin +- name: Post swift tempURL secret key + shell: | + . ~/openrc + {{ ironic_bin }}/swift \ + --os-username "service:{{ glance_service_user_name }}" \ + --os-password {{ glance_service_password }} \ + --os-auth-url {{ keystone_service_internalurl }} \ + --os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }} \ + post -m temp-url-key:{{ ironic_swift_temp_url_secret_key }} + when: + - inventory_hostname == groups['ironic_all'][0] + - not ironic_standalone | bool + tags: + - ironic-swift-auth + - always + +- name: Get swift account + shell: | + . ~/openrc + {{ ironic_bin }}/swift \ + --os-username "service:{{ glance_service_user_name }}" \ + --os-password {{ glance_service_password }} \ + --os-auth-url {{ keystone_service_internalurl }} \ + --os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }} \ + stat -v | awk '/StorageURL\:/ {print $2}' + register: swift_storage_url + when: + - (ironic_swift_auth_account is undefined) or (ironic_swift_endpoint is undefined) + - not ironic_standalone | bool + tags: + - ironic-swift-auth + - always + +- name: Validate swift output + fail: + msg: | + No StorageURL output found using the `swift stat` command and either + the ``ironic_swift_auth_account`` or ``ironic_swift_auth_account`` + variables are undefined. Ensure swift is functional and/or define + those variables. + when: + - (ironic_swift_auth_account is undefined) and (ironic_swift_endpoint is undefined) + - not ironic_standalone | bool + - not swift_storage_url.stdout + tags: + - ironic-swift-auth + - always + +- name: Set the swift auth facts + set_fact: + ironic_swift_auth_account: "{{ swift_storage_url.stdout.split('/v1/')[-1] }}" + when: + - ironic_swift_auth_account is undefined + - not ironic_standalone | bool + tags: + - always + +- name: Set the swift endpoint facts + set_fact: + ironic_swift_endpoint: "{{ swift_storage_url.stdout.split('/v1/')[0] }}" + when: + - ironic_swift_endpoint is undefined + - not ironic_standalone | bool + tags: + - always + - name: Generate ironic config config_template: src: "{{ item.src }}" diff --git a/tasks/ironic_pre_install.yml b/tasks/ironic_pre_install.yml index 2566dd5b..fa4d3b93 100644 --- a/tasks/ironic_pre_install.yml +++ b/tasks/ironic_pre_install.yml @@ -66,6 +66,7 @@ - { path: "{{ ironic_system_home_folder }}/.ssh", mode: "0700" } - { path: "{{ ironic_system_home_folder }}/images" } - { path: "{{ ironic_system_home_folder }}/master_images" } + - { path: "{{ ironic_system_home_folder }}/cache/api", mode: "0700" } - { path: "/var/lock/ironic" } - { path: "/var/run/ironic" } - { path: "/var/www/cgi-bin", owner: root, group: root } diff --git a/templates/ironic.conf.j2 b/templates/ironic.conf.j2 index 57ebf111..bf123db7 100644 --- a/templates/ironic.conf.j2 +++ b/templates/ironic.conf.j2 @@ -1,2184 +1,148 @@ +# {{ ansible_managed }} + [DEFAULT] +debug = {{ debug }} -# -# Options defined in ironic.api.app -# - -# Authentication strategy used by ironic-api. "noauth" should -# not be used in a production environment because all -# authentication will be disabled. (string value) -# Possible values: noauth, keystone -auth_strategy={{ ironic_auth_strategy }} - -# Return server tracebacks in the API response for any error -# responses. WARNING: this is insecure and should not be used -# in a production environment. (boolean value) -#debug_tracebacks_in_api=false - -# Enable pecan debug mode. WARNING: this is insecure and -# should not be used in a production environment. (boolean -# value) -#pecan_debug=false - - -# -# Options defined in ironic.common.driver_factory -# - -# Specify the list of drivers to load during service -# initialization. Missing drivers, or drivers which fail to -# initialize, will prevent the conductor service from -# starting. The option default is a recommended set of -# production-oriented drivers. A complete list of drivers -# present on your system may be found by enumerating the -# "ironic.drivers" entrypoint. An example may be found in the -# developer documentation online. (list value) -enabled_drivers={{ ironic_driver_list }} - - -# -# Options defined in ironic.common.exception -# - -# Used if there is a formatting error when generating an -# exception message (a programming error). If True, raise an -# exception; if False, use the unformatted message. (boolean -# value) -#fatal_exception_format_errors=false - - -# -# Options defined in ironic.common.hash_ring -# - -# Exponent to determine number of hash partitions to use when -# distributing load across conductors. Larger values will -# result in more even distribution of load and less load when -# rebalancing the ring, but more memory usage. Number of -# partitions per conductor is (2^hash_partition_exponent). -# This determines the granularity of rebalancing: given 10 -# hosts, and an exponent of the 2, there are 40 partitions in -# the ring.A few thousand partitions should make rebalancing -# smooth in most cases. The default is suitable for up to a -# few hundred conductors. Too many partitions has a CPU -# impact. (integer value) -#hash_partition_exponent=5 - -# [Experimental Feature] Number of hosts to map onto each hash -# partition. Setting this to more than one will cause -# additional conductor services to prepare deployment -# environments and potentially allow the Ironic cluster to -# recover more quickly if a conductor instance is terminated. -# (integer value) -#hash_distribution_replicas=1 - -# Interval (in seconds) between hash ring resets. (integer -# value) -#hash_ring_reset_interval=180 - - -# -# Options defined in ironic.common.images -# - -# If True, convert backing images to "raw" disk image format. -# (boolean value) -#force_raw_images=true - -# Path to isolinux binary file. (string value) -#isolinux_bin=/usr/lib/syslinux/isolinux.bin - -# Template file for isolinux configuration file. (string -# value) -#isolinux_config_template=$pybasedir/common/isolinux_config.template - -# Template file for grub configuration file. (string value) -#grub_config_template=$pybasedir/common/grub_conf.template - - -# -# Options defined in ironic.common.paths -# - -# Directory where the ironic python module is installed. -# (string value) -#pybasedir=/usr/lib/python/site-packages/ironic/ironic - -# Directory where ironic binaries are installed. (string -# value) -#bindir=$pybasedir/bin - -# Top-level directory for maintaining ironic's state. (string -# value) -#state_path=$pybasedir - - -# -# Options defined in ironic.common.service -# - -# Default interval (in seconds) for running driver periodic -# tasks. (integer value) -# This option is deprecated and planned for removal in a future release. -#periodic_interval=60 - -# Name of this node. This can be an opaque identifier. It is -# not necessarily a hostname, FQDN, or IP address. However, -# the node name must be valid within an AMQP key, and if using -# ZeroMQ, a valid hostname, FQDN, or IP address. (string -# value) -host={{ ansible_hostname }} - - -# -# Options defined in ironic.common.utils -# - -# Path to the rootwrap configuration file to use for running -# commands as root. (string value) -#rootwrap_config=/etc/ironic/rootwrap.conf - -# Temporary working directory, default is Python temp dir. -# (string value) -#tempdir=/tmp - - -# -# Options defined in ironic.drivers.modules.image_cache -# - -# Run image downloads and raw format conversions in parallel. -# (boolean value) -#parallel_image_downloads=false - - -# -# Options defined in ironic.netconf -# - -# IP address of this host. If unset, will determine the IP -# programmatically. If unable to do so, will use "127.0.0.1". -# (string value) -#my_ip=10.0.0.1 - - -# -# Options defined in oslo.log -# - -# If set to true, the logging level will be set to DEBUG -# instead of the default INFO level. (boolean value) -#debug=false - -# If set to false, the logging level will be set to WARNING -# instead of the default INFO level. (boolean value) -# This option is deprecated and planned for removal in a future release. -#verbose=true - -# The name of a logging configuration file. This file is -# appended to any existing logging configuration files. For -# details about logging configuration files, see the Python -# logging module documentation. Note that when logging -# configuration files are used then all logging configuration -# is set in the configuration file and other logging -# configuration options are ignored (for example, -# logging_context_format_string). (string value) -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append= - -# Defines the format string for %%(asctime)s in log records. -# Default: %(default)s . This option is ignored if -# log_config_append is set. (string value) -#log_date_format=%Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to send logging output to. If no -# default is set, logging will go to stderr as defined by -# use_stderr. This option is ignored if log_config_append is -# set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file= - -# (Optional) The base directory used for relative log_file -# paths. This option is ignored if log_config_append is set. -# (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir= - -# Uses logging handler designed to watch file system. When log -# file is moved or removed this handler will open a new log -# file with specified path instantaneously. It makes sense -# only if log_file option is specified and Linux platform is -# used. This option is ignored if log_config_append is set. -# (boolean value) -#watch_log_file=false - -# Use syslog for logging. Existing syslog format is DEPRECATED -# and will be changed later to honor RFC5424. This option is -# ignored if log_config_append is set. (boolean value) -#use_syslog=false - -# Syslog facility to receive log lines. This option is ignored -# if log_config_append is set. (string value) -#syslog_log_facility=LOG_USER - -# Log output to standard error. This option is ignored if -# log_config_append is set. (boolean value) -#use_stderr=true - -# Format string to use for log messages with context. (string -# value) -#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages when context is -# undefined. (string value) -#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Additional data to append to log message when logging level -# for the message is DEBUG. (string value) -#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. -# (string value) -#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s - -# Defines the format string for %(user_identity)s that is used -# in logging_context_format_string. (string value) -#logging_user_identity_format=%(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s - -# List of package logging levels in logger=LEVEL pairs. This -# option is ignored if log_config_append is set. (list value) -#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO - -# Enables or disables publication of error events. (boolean -# value) -#publish_errors=false - -# The format for an instance that is passed with the log -# message. (string value) -#instance_format="[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log -# message. (string value) -#instance_uuid_format="[instance: %(uuid)s] " - -# Enables or disables fatal status of deprecations. (boolean -# value) -#fatal_deprecations=false - - -# -# Options defined in oslo.messaging -# - -# Size of RPC connection pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_conn_pool_size -#rpc_conn_pool_size=30 - -# ZeroMQ bind address. Should be a wildcard (*), an ethernet -# interface, or IP. The "host" option should point or resolve -# to this address. (string value) -#rpc_zmq_bind_address=* - -# MatchMaker driver. (string value) -# Possible values: redis, dummy -#rpc_zmq_matchmaker=redis - -# Type of concurrency used. Either "native" or "eventlet" -# (string value) -#rpc_zmq_concurrency=eventlet - -# Number of ZeroMQ contexts, defaults to 1. (integer value) -#rpc_zmq_contexts=1 - -# Maximum number of ingress messages to locally buffer per -# topic. Default is unlimited. (integer value) -#rpc_zmq_topic_backlog= - -# Directory for holding IPC sockets. (string value) -#rpc_zmq_ipc_dir=/var/run/openstack - -# Name of this node. Must be a valid hostname, FQDN, or IP -# address. Must match "host" option, if running Nova. (string -# value) -#rpc_zmq_host=localhost - -# Seconds to wait before a cast expires (TTL). The default -# value of -1 specifies an infinite linger period. The value -# of 0 specifies no linger period. Pending messages shall be -# discarded immediately when the socket is closed. Only -# supported by impl_zmq. (integer value) -#rpc_cast_timeout=-1 - -# The default number of seconds that poll should wait. Poll -# raises timeout exception when timeout expired. (integer -# value) -#rpc_poll_timeout=1 - -# Expiration timeout in seconds of a name service record about -# existing target ( < 0 means no timeout). (integer value) -#zmq_target_expire=120 - -# Use PUB/SUB pattern for fanout methods. PUB/SUB always uses -# proxy. (boolean value) -#use_pub_sub=true - -# Minimal port number for random ports range. (port value) -# Possible values: 0-65535 -#rpc_zmq_min_port=49152 - -# Maximal port number for random ports range. (integer value) -# Possible values: 1-65536 -#rpc_zmq_max_port=65536 - -# Number of retries to find free port number before fail with -# ZMQBindError. (integer value) -#rpc_zmq_bind_port_retries=100 - -# Size of executor thread pool. (integer value) -# Deprecated group/name - [DEFAULT]/rpc_thread_pool_size -#executor_thread_pool_size=64 - -# Seconds to wait for a response from a call. (integer value) -#rpc_response_timeout=60 - -# A URL representing the messaging driver to use and its full -# configuration. If not set, we fall back to the rpc_backend -# option and driver specific configuration. (string value) -#transport_url= - -# The messaging driver to use, defaults to rabbit. Other -# drivers include amqp and zmq. (string value) -#rpc_backend=rabbit - -# The default exchange under which topics are scoped. May be -# overridden by an exchange name specified in the -# transport_url option. (string value) -#control_exchange=openstack - - -# -# Options defined in oslo.service.periodic_task -# - -# Some periodic tasks can be run in a separate process. Should -# we run them here? (boolean value) -#run_external_periodic_tasks=true - - -# -# Options defined in oslo.service.service -# - -# Enable eventlet backdoor. Acceptable values are 0, , -# and :, where 0 results in listening on a random -# tcp port number; results in listening on the -# specified port number (and not enabling backdoor if that -# port is in use); and : results in listening on -# the smallest unused port number within the specified range -# of port numbers. The chosen port is displayed in the -# service's log file. (string value) -#backdoor_port= - -# Enable eventlet backdoor, using the provided path as a unix -# socket that can receive connections. This option is mutually -# exclusive with 'backdoor_port' in that only one should be -# provided. If both are provided then the existence of this -# option overrides the usage of that option. (string value) -#backdoor_socket= - -# Enables or disables logging values of all registered options -# when starting a service (at DEBUG level). (boolean value) -#log_options=true - -# Specify a timeout after which a gracefully shutdown server -# will exit. Zero value means endless wait. (integer value) -#graceful_shutdown_timeout=60 +auth_strategy = {{ ironic_openstack_auth_strategy }} +enabled_drivers = {{ ironic_driver_list }} +host = {{ inventory_hostname }} +memcached_servers = {{ memcached_servers }} [agent] -# -# Options defined in ironic.drivers.modules.agent -# - -# DEPRECATED. Additional append parameters for baremetal PXE -# boot. This option is deprecated and will be removed in -# Mitaka release. Please use [pxe]pxe_append_params instead. -# (string value) -#agent_pxe_append_params=nofb nomodeset vga=normal - -# DEPRECATED. Template file for PXE configuration. This option -# is deprecated and will be removed in Mitaka release. Please -# use [pxe]pxe_config_template instead. (string value) -#agent_pxe_config_template=$pybasedir/drivers/modules/agent_config.template - -# Whether Ironic will manage booting of the agent ramdisk. If -# set to False, you will need to configure your mechanism to -# allow booting the agent ramdisk. (boolean value) -# Deprecated group/name - [agent]/manage_tftp -#manage_agent_boot=true - -# The memory size in MiB consumed by agent when it is booted -# on a bare metal node. This is used for checking if the image -# can be downloaded and deployed on the bare metal node after -# booting agent ramdisk. This may be set according to the -# memory consumed by the agent ramdisk image. (integer value) -#memory_consumed_by_agent=0 - -# Whether the agent ramdisk should stream raw images directly -# onto the disk or not. By streaming raw images directly onto -# the disk the agent ramdisk will not spend time copying the -# image to a tmpfs partition (therefore consuming less memory) -# prior to writing it to the disk. Unless the disk where the -# image will be copied to is really slow, this option should -# be set to True. Defaults to True. (boolean value) -#stream_raw_images=true - - -# -# Options defined in ironic.drivers.modules.agent_base_vendor -# - -# Maximum interval (in seconds) for agent heartbeats. (integer -# value) -#heartbeat_timeout=300 - -# Number of times to retry getting power state to check if -# bare metal node has been powered off after a soft power off. -# (integer value) -#post_deploy_get_power_state_retries=6 - -# Amount of time (in seconds) to wait between polling power -# state after trigger soft poweroff. (integer value) -#post_deploy_get_power_state_retry_interval=5 - - -# -# Options defined in ironic.drivers.modules.agent_client -# - -# API version to use for communicating with the ramdisk agent. -# (string value) -#agent_api_version=v1 - - [amt] -# -# Options defined in ironic.drivers.modules.amt.common -# - -# Protocol used for AMT endpoint (string value) -# Possible values: http, https -#protocol=http - -# Time interval (in seconds) for successive awake call to AMT -# interface, this depends on the IdleTimeout setting on AMT -# interface. AMT Interface will go to sleep after 60 seconds -# of inactivity by default. IdleTimeout=0 means AMT will not -# go to sleep at all. Setting awake_interval=0 will disable -# awake call. (integer value) -# Minimum value: 0 -#awake_interval=60 - - -# -# Options defined in ironic.drivers.modules.amt.power -# - -# Maximum number of times to attempt an AMT operation, before -# failing (integer value) -#max_attempts=3 - -# Amount of time (in seconds) to wait, before retrying an AMT -# operation (integer value) -#action_wait=10 - - [api] -# -# Options defined in ironic.api -# - -# The IP address on which ironic-api listens. (string value) -#host_ip=0.0.0.0 - -# The TCP port on which ironic-api listens. (port value) -# Possible values: 0-65535 -#port=6385 - -# The maximum number of items returned in a single response -# from a collection resource. (integer value) -#max_limit=1000 - -# Public URL to use when building the links to the API -# resources (for example, "https://ironic.rocks:6384"). If -# None the links will be built using the request's host URL. -# If the API is operating behind a proxy, you will want to -# change this to represent the proxy's URL. Defaults to None. -# (string value) -#public_endpoint= - -# Number of workers for OpenStack Ironic API service. The -# default is equal to the number of CPUs available if that can -# be determined, else a default worker count of 1 is returned. -# (integer value) -#api_workers= - -# Enable the integrated stand-alone API to service requests -# via HTTPS instead of HTTP. If there is a front-end service -# performing HTTPS offloading from the service, this option -# should be False; note, you will want to change public API -# endpoint to represent SSL termination URL with -# 'public_endpoint' option. (boolean value) -#enable_ssl_api=false - - [cimc] -# -# Options defined in ironic.drivers.modules.cimc.power -# - -# Number of times a power operation needs to be retried -# (integer value) -#max_retry=6 - -# Amount of time in seconds to wait in between power -# operations (integer value) -#action_interval=10 - - [cisco_ucs] -# -# Options defined in ironic.drivers.modules.ucs.power -# - -# Number of times a power operation needs to be retried -# (integer value) -#max_retry=6 - -# Amount of time in seconds to wait in between power -# operations (integer value) -#action_interval=5 - - [conductor] - -# -# Options defined in ironic.conductor.base_manager -# - -# The size of the workers greenthread pool. Note that 2 -# threads will be reserved by the conductor itself for -# handling heart beats and periodic tasks. (integer value) -# Minimum value: 3 -#workers_pool_size=100 - -# Seconds between conductor heart beats. (integer value) -#heartbeat_interval=10 - - -# -# Options defined in ironic.conductor.manager -# - -# URL of Ironic API service. If not set ironic can get the -# current value from the keystone service catalog. (string -# value) -api_url={{ ironic_api_url }} - -# Maximum time (in seconds) since the last check-in of a -# conductor. A conductor is considered inactive when this time -# has been exceeded. (integer value) -#heartbeat_timeout=60 - -# Interval between syncing the node power state to the -# database, in seconds. (integer value) -sync_power_state_interval={{ ironic_sync_power_state_interval }} - -# Interval between checks of provision timeouts, in seconds. -# (integer value) -#check_provision_state_interval=60 - -# Timeout (seconds) to wait for a callback from a deploy -# ramdisk. Set to 0 to disable timeout. (integer value) -#deploy_callback_timeout=1800 - -# During sync_power_state, should the hardware power state be -# set to the state recorded in the database (True) or should -# the database be updated based on the hardware state (False). -# (boolean value) -#force_power_state_during_sync=true - -# During sync_power_state failures, limit the number of times -# Ironic should try syncing the hardware node power state with -# the node power state in DB (integer value) -#power_state_sync_max_retries=3 - -# Maximum number of worker threads that can be started -# simultaneously by a periodic task. Should be less than RPC -# thread pool size. (integer value) -#periodic_max_workers=8 - -# Number of attempts to grab a node lock. (integer value) -#node_locked_retry_attempts=3 - -# Seconds to sleep between node lock attempts. (integer value) -#node_locked_retry_interval=1 - -# Enable sending sensor data message via the notification bus -# (boolean value) -#send_sensor_data=false - -# Seconds between conductor sending sensor data message to -# ceilometer via the notification bus. (integer value) -#send_sensor_data_interval=600 - -# List of comma separated meter types which need to be sent to -# Ceilometer. The default value, "ALL", is a special value -# meaning send all the sensor data. (list value) -#send_sensor_data_types=ALL - -# When conductors join or leave the cluster, existing -# conductors may need to update any persistent local state as -# nodes are moved around the cluster. This option controls how -# often, in seconds, each conductor will check for nodes that -# it should "take over". Set it to a negative value to disable -# the check entirely. (integer value) -#sync_local_state_interval=180 - -# Whether to upload the config drive to Swift. (boolean value) -#configdrive_use_swift=false - -# Name of the Swift container to store config drive data. Used -# when configdrive_use_swift is True. (string value) -#configdrive_swift_container=ironic_configdrive_container - -# Timeout (seconds) for waiting for node inspection. 0 - -# unlimited. (integer value) -#inspect_timeout=1800 - -# Enables or disables automated cleaning. Automated cleaning -# is a configurable set of steps, such as erasing disk drives, -# that are performed on the node to ensure it is in a baseline -# state and ready to be deployed to. This is done after -# instance deletion as well as during the transition from a -# "manageable" to "available" state. When enabled, the -# particular steps performed to clean a node depend on which -# driver that node is managed by; see the individual driver's -# documentation for details. NOTE: The introduction of the -# cleaning operation causes instance deletion to take -# significantly longer. In an environment where all tenants -# are trusted (eg, because there is only one tenant), this -# option could be safely disabled. (boolean value) -# Deprecated group/name - [conductor]/clean_nodes -#automated_clean=true - -# Timeout (seconds) to wait for a callback from the ramdisk -# doing the cleaning. If the timeout is reached the node will -# be put in the "clean failed" provision state. Set to 0 to -# disable timeout. (integer value) -#clean_callback_timeout=1800 - +api_url = {{ ironic_api_url }} +sync_power_state_interval = {{ ironic_sync_power_state_interval }} +automated_clean = {{ ironic_automated_clean }} [console] -# -# Options defined in ironic.drivers.modules.console_utils -# - -# Path to serial console terminal program (string value) -#terminal=shellinaboxd - -# Directory containing the terminal SSL cert(PEM) for serial -# console access (string value) -#terminal_cert_dir= - -# Directory for holding terminal pid files. If not specified, -# the temporary directory will be used. (string value) -#terminal_pid_dir= - -# Time interval (in seconds) for checking the status of -# console subprocess. (integer value) -#subprocess_checking_interval=1 - -# Time (in seconds) to wait for the console subprocess to -# start. (integer value) -#subprocess_timeout=10 - - [cors] -# -# Options defined in oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain -# received in the requests "origin" header. (list value) -#allowed_origin= - -# Indicate that the actual request can include user -# credentials (boolean value) -#allow_credentials=true - -# Indicate which headers are safe to expose to the API. -# Defaults to HTTP Simple Headers. (list value) -#expose_headers=Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma - -# Maximum cache age of CORS preflight requests. (integer -# value) -#max_age=3600 - -# Indicate which methods can be used during the actual -# request. (list value) -#allow_methods=GET,POST,PUT,DELETE,OPTIONS - -# Indicate which header field names may be used during the -# actual request. (list value) -#allow_headers=Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma - - [cors.subdomain] -# -# Options defined in oslo.middleware.cors -# - -# Indicate whether this resource may be shared with the domain -# received in the requests "origin" header. (list value) -#allowed_origin= - -# Indicate that the actual request can include user -# credentials (boolean value) -#allow_credentials=true - -# Indicate which headers are safe to expose to the API. -# Defaults to HTTP Simple Headers. (list value) -#expose_headers=Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma - -# Maximum cache age of CORS preflight requests. (integer -# value) -#max_age=3600 - -# Indicate which methods can be used during the actual -# request. (list value) -#allow_methods=GET,POST,PUT,DELETE,OPTIONS - -# Indicate which header field names may be used during the -# actual request. (list value) -#allow_headers=Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma - - [database] - -# -# Options defined in ironic.db.sqlalchemy.models -# - -# MySQL engine to use. (string value) -#mysql_engine=InnoDB - - -# -# Options defined in oslo.db -# - -# The file name to use with SQLite. (string value) -# Deprecated group/name - [DEFAULT]/sqlite_db -#sqlite_db=oslo.sqlite - -# If True, SQLite uses synchronous mode. (boolean value) -# Deprecated group/name - [DEFAULT]/sqlite_synchronous -#sqlite_synchronous=true - -# The back end to use for the database. (string value) -# Deprecated group/name - [DEFAULT]/db_backend -#backend=sqlalchemy - -# The SQLAlchemy connection string to use to connect to the -# database. (string value) -# Deprecated group/name - [DEFAULT]/sql_connection -# Deprecated group/name - [DATABASE]/sql_connection -# Deprecated group/name - [sql]/connection -connection={{ ironic_db_connection_string }} - -# The SQLAlchemy connection string to use to connect to the -# slave database. (string value) -#slave_connection= - -# The SQL mode to be used for MySQL sessions. This option, -# including the default, overrides any server-set SQL mode. To -# use whatever SQL mode is set by the server configuration, -# set this to no value. Example: mysql_sql_mode= (string -# value) -#mysql_sql_mode=TRADITIONAL - -# Timeout before idle SQL connections are reaped. (integer -# value) -# Deprecated group/name - [DEFAULT]/sql_idle_timeout -# Deprecated group/name - [DATABASE]/sql_idle_timeout -# Deprecated group/name - [sql]/idle_timeout -#idle_timeout=3600 - -# Minimum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_min_pool_size -# Deprecated group/name - [DATABASE]/sql_min_pool_size -#min_pool_size=1 - -# Maximum number of SQL connections to keep open in a pool. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_pool_size -# Deprecated group/name - [DATABASE]/sql_max_pool_size -#max_pool_size= - -# Maximum number of database connection retries during -# startup. Set to -1 to specify an infinite retry count. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_retries -# Deprecated group/name - [DATABASE]/sql_max_retries -#max_retries=10 - -# Interval between retries of opening a SQL connection. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_retry_interval -# Deprecated group/name - [DATABASE]/reconnect_interval -#retry_interval=10 - -# If set, use this value for max_overflow with SQLAlchemy. -# (integer value) -# Deprecated group/name - [DEFAULT]/sql_max_overflow -# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow -#max_overflow=50 - -# Verbosity of SQL debugging information: 0=None, -# 100=Everything. (integer value) -# Deprecated group/name - [DEFAULT]/sql_connection_debug -#connection_debug=0 - -# Add Python stack traces to SQL as comment strings. (boolean -# value) -# Deprecated group/name - [DEFAULT]/sql_connection_trace -#connection_trace=false - -# If set, use this value for pool_timeout with SQLAlchemy. -# (integer value) -# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout -#pool_timeout= - -# Enable the experimental use of database reconnect on -# connection lost. (boolean value) -#use_db_reconnect=false - -# Seconds between retries of a database transaction. (integer -# value) -#db_retry_interval=1 - -# If True, increases the interval between retries of a -# database operation up to db_max_retry_interval. (boolean -# value) -#db_inc_retry_interval=true - -# If db_inc_retry_interval is set, the maximum seconds between -# retries of a database operation. (integer value) -#db_max_retry_interval=10 - -# Maximum retries in case of connection error or deadlock -# error before error is raised. Set to -1 to specify an -# infinite retry count. (integer value) -#db_max_retries=20 - +connection = {{ ironic_db_connection_string }} +max_overflow = {{ ironic_db_max_overflow }} +max_pool_size = {{ ironic_db_max_pool_size }} +pool_timeout = {{ ironic_db_pool_timeout }} [deploy] -# -# Options defined in ironic.drivers.modules.deploy_utils -# - -# ironic-conductor node's HTTP server URL. Example: -# http://192.1.2.3:8080 (string value) -# Deprecated group/name - [pxe]/http_url -#http_url= - -# ironic-conductor node's HTTP root path. (string value) -# Deprecated group/name - [pxe]/http_root -#http_root=/httpboot - -# Priority to run in-band erase devices via the Ironic Python -# Agent ramdisk. If unset, will use the priority set in the -# ramdisk (defaults to 10 for the GenericHardwareManager). If -# set to 0, will not run during cleaning. (integer value) -# Deprecated group/name - [agent]/agent_erase_devices_priority -#erase_devices_priority= - -# Number of iterations to be run for erasing devices. (integer -# value) -# Deprecated group/name - [agent]/agent_erase_devices_iterations -#erase_devices_iterations=1 - - [dhcp] - -# -# Options defined in ironic.common.dhcp_factory -# - -# DHCP provider to use. "neutron" uses Neutron, and "none" -# uses a no-op provider. (string value) -dhcp_provider={{ ironic_dhcp_provider }} - +dhcp_provider = {{ ironic_dhcp_provider }} [disk_partitioner] -# -# Options defined in ironic_lib.disk_partitioner -# - -# After Ironic has completed creating the partition table, it -# continues to check for activity on the attached iSCSI device -# status at this interval prior to copying the image to the -# node, in seconds (integer value) -#check_device_interval=1 - -# The maximum number of times to check that the device is not -# accessed by another process. If the device is still busy -# after that, the disk partitioning will be treated as having -# failed. (integer value) -#check_device_max_retries=20 - - [disk_utils] -# -# Options defined in ironic_lib.disk_utils -# - -# Size of EFI system partition in MiB when configuring UEFI -# systems for local boot. (integer value) -# Deprecated group/name - [deploy]/efi_system_partition_size -#efi_system_partition_size=200 - -# Block size to use when writing to the nodes disk. (string -# value) -# Deprecated group/name - [deploy]/dd_block_size -#dd_block_size=1M - -# Maximum attempts to verify an iSCSI connection is active, -# sleeping 1 second between attempts. (integer value) -# Deprecated group/name - [deploy]/iscsi_verify_attempts -#iscsi_verify_attempts=3 - - [glance] - -# -# Options defined in ironic.common.glance_service.v2.image_service -# - -# A list of URL schemes that can be downloaded directly via -# the direct_url. Currently supported schemes: [file]. (list -# value) -#allowed_direct_url_schemes= - -# The secret token given to Swift to allow temporary URL -# downloads. Required for temporary URLs. (string value) -#swift_temp_url_key= - -# The length of time in seconds that the temporary URL will be -# valid for. Defaults to 20 minutes. If some deploys get a 401 -# response code when trying to download from the temporary -# URL, try raising this duration. This value must be greater -# than or equal to the value for -# swift_temp_url_expected_download_start_delay (integer value) -#swift_temp_url_duration=1200 - -# Whether to cache generated Swift temporary URLs. Setting it -# to true is only useful when an image caching proxy is used. -# Defaults to False. (boolean value) -#swift_temp_url_cache_enabled=false - -# This is the delay (in seconds) from the time of the deploy -# request (when the Swift temporary URL is generated) to when -# the IPA ramdisk starts up and URL is used for the image -# download. This value is used to check if the Swift temporary -# URL duration is large enough to let the image download -# begin. Also if temporary URL caching is enabled this will -# determine if a cached entry will still be valid when the -# download starts. swift_temp_url_duration value must be -# greater than or equal to this option's value. Defaults to 0. -# (integer value) -# Minimum value: 0 -#swift_temp_url_expected_download_start_delay=0 - -# The "endpoint" (scheme, hostname, optional port) for the -# Swift URL of the form -# "endpoint_url/api_version/[account/]container/object_id". Do -# not include trailing "/". For example, use -# "https://swift.example.com". If using RADOS Gateway, -# endpoint may also contain /swift path; if it does not, it -# will be appended. Required for temporary URLs. (string -# value) -#swift_endpoint_url= - -# The Swift API version to create a temporary URL for. -# Defaults to "v1". Swift temporary URL format: -# "endpoint_url/api_version/[account/]container/object_id" -# (string value) -#swift_api_version=v1 - -# The account that Glance uses to communicate with Swift. The -# format is "AUTH_uuid". "uuid" is the UUID for the account -# configured in the glance-api.conf. Required for temporary -# URLs when Glance backend is Swift. For example: -# "AUTH_a422b2-91f3-2f46-74b7-d7c9e8958f5d30". Swift temporary -# URL format: -# "endpoint_url/api_version/[account/]container/object_id" -# (string value) -#swift_account= - -# The Swift container Glance is configured to store its images -# in. Defaults to "glance", which is the default in glance- -# api.conf. Swift temporary URL format: -# "endpoint_url/api_version/[account/]container/object_id" -# (string value) -#swift_container=glance - -# This should match a config by the same name in the Glance -# configuration file. When set to 0, a single-tenant store -# will only use one container to store all images. When set to -# an integer value between 1 and 32, a single-tenant store -# will use multiple containers to store images, and this value -# will determine how many containers are created. (integer -# value) -#swift_store_multiple_containers_seed=0 - -# Type of endpoint to use for temporary URLs. If the Glance -# backend is Swift, use "swift"; if it is CEPH with RADOS -# gateway, use "radosgw". (string value) -# Possible values: swift, radosgw -#temp_url_endpoint_type=swift - - -# -# Options defined in ironic.common.image_service -# - -# Default glance hostname or IP address. (string value) -{% if ironic_glance_host is defined %} -glance_host={{ ironic_glance_host }} -{% else %} -#glance_host=$my_ip +glance_api_servers = {{ glance_api_servers }} +{% if not ironic_standalone | bool %} +swift_temp_url_key = {{ ironic_swift_temp_url_secret_key }} +swift_container = {{ ironic_swift_image_container }} +swift_endpoint_url = {{ ironic_swift_endpoint }} +swift_account = {{ ironic_swift_auth_account }} +swift_api_version = {{ ironic_swift_api_version }} +temp_url_endpoint_type = swift {% endif %} -# Default glance port. (port value) -# Possible values: 0-65535 -#glance_port=9292 - -# Default protocol to use when connecting to glance. Set to -# https for SSL. (string value) -# Possible values: http, https -#glance_protocol=http - -# A list of the glance api servers available to ironic. Prefix -# with https:// for SSL-based glance API servers. Format is -# [hostname|IP]:port. (list value) -#glance_api_servers= - -# Allow to perform insecure SSL (https) requests to glance. -# (boolean value) -#glance_api_insecure=false - -# Number of retries when downloading an image from glance. -# (integer value) -#glance_num_retries=0 - -# Authentication strategy to use when connecting to glance. -# (string value) -# Possible values: keystone, noauth -auth_strategy={{ ironic_glance_auth_strategy }} - -# Optional path to a CA certificate bundle to be used to -# validate the SSL certificate served by glance. It is used -# when glance_api_insecure is set to False. (string value) -#glance_cafile= - - [iboot] -# -# Options defined in ironic.drivers.modules.iboot -# - -# Maximum retries for iBoot operations (integer value) -#max_retry=3 - -# Time (in seconds) between retry attempts for iBoot -# operations (integer value) -#retry_interval=1 - -# Time (in seconds) to sleep between when rebooting (powering -# off and on again). (integer value) -# Minimum value: 0 -#reboot_delay=5 - - [ilo] -# -# Options defined in ironic.drivers.modules.ilo.common -# - -# Timeout (in seconds) for iLO operations (integer value) -#client_timeout=60 - -# Port to be used for iLO operations (port value) -# Possible values: 0-65535 -#client_port=443 - -# The Swift iLO container to store data. (string value) -#swift_ilo_container=ironic_ilo_container - -# Amount of time in seconds for Swift objects to auto-expire. -# (integer value) -#swift_object_expiry_timeout=900 - -# Set this to True to use http web server to host floppy -# images and generated boot ISO. This requires http_root and -# http_url to be configured in the [deploy] section of the -# config file. If this is set to False, then Ironic will use -# Swift to host the floppy images and generated boot_iso. -# (boolean value) -#use_web_server_for_images=false - - -# -# Options defined in ironic.drivers.modules.ilo.deploy -# - -# Priority for erase devices clean step. If unset, it defaults -# to 10. If set to 0, the step will be disabled and will not -# run during cleaning. (integer value) -#clean_priority_erase_devices= - - -# -# Options defined in ironic.drivers.modules.ilo.management -# - -# Priority for reset_ilo clean step. (integer value) -#clean_priority_reset_ilo=0 - -# Priority for reset_bios_to_default clean step. (integer -# value) -#clean_priority_reset_bios_to_default=10 - -# Priority for reset_secure_boot_keys clean step. This step -# will reset the secure boot keys to manufacturing defaults. -# (integer value) -#clean_priority_reset_secure_boot_keys_to_default=20 - -# Priority for clear_secure_boot_keys clean step. This step is -# not enabled by default. It can be enabled to clear all -# secure boot keys enrolled with iLO. (integer value) -#clean_priority_clear_secure_boot_keys=0 - -# Priority for reset_ilo_credential clean step. This step -# requires "ilo_change_password" parameter to be updated in -# nodes's driver_info with the new password. (integer value) -#clean_priority_reset_ilo_credential=30 - - -# -# Options defined in ironic.drivers.modules.ilo.power -# - -# Number of times a power operation needs to be retried -# (integer value) -#power_retry=6 - -# Amount of time in seconds to wait in between power -# operations (integer value) -#power_wait=2 - - [inspector] -# -# Options defined in ironic.drivers.modules.inspector -# - -# whether to enable inspection using ironic-inspector (boolean -# value) -# Deprecated group/name - [discoverd]/enabled -#enabled=false - -# ironic-inspector HTTP endpoint. If this is not set, the -# ironic-inspector client default (http://127.0.0.1:5050) will -# be used. (string value) -# Deprecated group/name - [discoverd]/service_url -#service_url= - -# period (in seconds) to check status of nodes on inspection -# (integer value) -# Deprecated group/name - [discoverd]/status_check_period -#status_check_period=60 - - [ipmi] -# -# Options defined in ironic.drivers.modules.ipminative -# - -# Maximum time in seconds to retry IPMI operations. There is a -# tradeoff when setting this value. Setting this too low may -# cause older BMCs to crash and require a hard reset. However, -# setting too high can cause the sync power state periodic -# task to hang when there are slow or unresponsive BMCs. -# (integer value) -#retry_timeout=60 - -# Minimum time, in seconds, between IPMI operations sent to a -# server. There is a risk with some hardware that setting this -# too low may cause the BMC to crash. Recommended setting is 5 -# seconds. (integer value) -#min_command_interval=5 - - [irmc] -# -# Options defined in ironic.drivers.modules.irmc.boot -# - -# Ironic conductor node's "NFS" or "CIFS" root path (string -# value) -#remote_image_share_root=/remote_image_share_root - -# IP of remote image server (string value) -#remote_image_server= - -# Share type of virtual media (string value) -# Possible values: CIFS, NFS -#remote_image_share_type=CIFS - -# share name of remote_image_server (string value) -#remote_image_share_name=share - -# User name of remote_image_server (string value) -#remote_image_user_name= - -# Password of remote_image_user_name (string value) -#remote_image_user_password= - -# Domain name of remote_image_user_name (string value) -#remote_image_user_domain= - - -# -# Options defined in ironic.drivers.modules.irmc.common -# - -# Port to be used for iRMC operations (port value) -# Possible values: 443, 80 -#port=443 - -# Authentication method to be used for iRMC operations (string -# value) -# Possible values: basic, digest -#auth_method=basic - -# Timeout (in seconds) for iRMC operations (integer value) -#client_timeout=60 - -# Sensor data retrieval method. (string value) -# Possible values: ipmitool, scci -#sensor_method=ipmitool - -# SNMP protocol version (string value) -# Possible values: v1, v2c, v3 -#snmp_version=v2c - -# SNMP port (port value) -# Possible values: 0-65535 -#snmp_port=161 - -# SNMP community. Required for versions "v1" and "v2c" (string -# value) -#snmp_community=public - -# SNMP security name. Required for version "v3" (string value) -#snmp_security= - - [ironic_lib] -# -# Options defined in ironic_lib.utils -# - -# Command that is prefixed to commands that are run as root. -# If not specified, no commands are run as root. (string -# value) -#root_helper=sudo ironic-rootwrap /etc/ironic/rootwrap.conf - - [keystone] - -# -# Options defined in ironic.common.keystone -# - -# The region used for getting endpoints of OpenStack services. -# (string value) -#region_name= - +region_name = {{ ironic_service_region }} [keystone_authtoken] -auth_url = {{ keystone_service_adminurl }} +insecure = {{ keystone_service_internaluri_insecure | bool }} +auth_type = {{ ironic_keystone_auth_plugin }} +signing_dir = {{ ironic_system_home_folder }}/cache/api +auth_url = {{ keystone_service_adminuri }} +auth_uri = {{ keystone_service_internaluri }} project_domain_id = {{ ironic_service_project_domain_id }} user_domain_id = {{ ironic_service_user_domain_id }} project_name = {{ ironic_service_project_name }} username = {{ ironic_service_user_name }} password = {{ ironic_service_password }} -# -# Options defined in keystonemiddleware.auth_token -# +memcached_servers = {{ memcached_servers }} -# Complete public Identity API endpoint. (string value) -auth_uri={{ keystone_service_internaluri }} +token_cache_time = 300 +revocation_cache_time = 60 -# API version of the admin Identity API endpoint. (string -# value) -auth_version={% if keystone_service_adminurl.endswith('v3') %}3{% else %}2.0{% endif %} - -# Do not handle authorization requests within the middleware, -# but delegate the authorization decision to downstream WSGI -# components. (boolean value) -#delay_auth_decision=false - -# Request timeout value for communicating with Identity API -# server. (integer value) -#http_connect_timeout= - -# How many times are we trying to reconnect when communicating -# with Identity API Server. (integer value) -#http_request_max_retries=3 - -# Env key for the swift cache. (string value) -#cache= - -# Required if identity server requires client certificate -# (string value) -#certfile= - -# Required if identity server requires client certificate -# (string value) -#keyfile= - -# A PEM encoded Certificate Authority to use when verifying -# HTTPs connections. Defaults to system CAs. (string value) -#cafile= - -# Verify HTTPS connections. (boolean value) -insecure={{ keystone_service_adminuri_insecure }} - -# The region in which the identity server can be found. -# (string value) -#region_name= - -# Directory used to cache files related to PKI tokens. (string -# value) -#signing_dir= - -# Optionally specify a list of memcached server(s) to use for -# caching. If left undefined, tokens will instead be cached -# in-process. (list value) -# Deprecated group/name - [keystone_authtoken]/memcache_servers -memcached_servers={{ memcached_servers }} - -# In order to prevent excessive effort spent validating -# tokens, the middleware caches previously-seen tokens for a -# configurable duration (in seconds). Set to -1 to disable -# caching completely. (integer value) -#token_cache_time=300 - -# Determines the frequency at which the list of revoked tokens -# is retrieved from the Identity service (in seconds). A high -# number of revocation events combined with a low cache -# duration may significantly reduce performance. (integer -# value) -#revocation_cache_time=10 - -# (Optional) If defined, indicate whether token data should be -# authenticated or authenticated and encrypted. If MAC, token -# data is authenticated (with HMAC) in the cache. If ENCRYPT, -# token data is encrypted and authenticated in the cache. If -# the value is not one of these options or empty, auth_token -# will raise an exception on initialization. (string value) -# Possible values: None, MAC, ENCRYPT -memcache_security_strategy=ENCRYPT - -# (Optional, mandatory if memcache_security_strategy is -# defined) This string is used for key derivation. (string -# value) -memcache_secret_key={{ memcached_encryption_key }} - -# (Optional) Number of seconds memcached server is considered -# dead before it is tried again. (integer value) -#memcache_pool_dead_retry=300 - -# (Optional) Maximum total number of open connections to every -# memcached server. (integer value) -#memcache_pool_maxsize=10 - -# (Optional) Socket timeout in seconds for communicating with -# a memcached server. (integer value) -#memcache_pool_socket_timeout=3 - -# (Optional) Number of seconds a connection to memcached is -# held unused in the pool before it is closed. (integer value) -#memcache_pool_unused_timeout=60 - -# (Optional) Number of seconds that an operation will wait to -# get a memcached client connection from the pool. (integer -# value) -#memcache_pool_conn_get_timeout=10 - -# (Optional) Use the advanced (eventlet safe) memcached client -# pool. The advanced pool will only work under python 2.x. -# (boolean value) -#memcache_use_advanced_pool=false - -# (Optional) Indicate whether to set the X-Service-Catalog -# header. If False, middleware will not ask for service -# catalog on token validation and will not set the X-Service- -# Catalog header. (boolean value) -#include_service_catalog=true - -# Used to control the use and type of token binding. Can be -# set to: "disabled" to not check token binding. "permissive" -# (default) to validate binding information if the bind type -# is of a form known to the server and ignore it if not. -# "strict" like "permissive" but if the bind type is unknown -# the token will be rejected. "required" any form of token -# binding is needed to be allowed. Finally the name of a -# binding method that must be present in tokens. (string -# value) -#enforce_token_bind=permissive - -# If true, the revocation list will be checked for cached -# tokens. This requires that PKI tokens are configured on the -# identity server. (boolean value) -#check_revocations_for_cached=false - -# Hash algorithms to use for hashing PKI tokens. This may be a -# single algorithm or multiple. The algorithms are those -# supported by Python standard hashlib.new(). The hashes will -# be tried in the order given, so put the preferred one first -# for performance. The result of the first hash will be stored -# in the cache. This will typically be set to multiple values -# only while migrating from a less secure algorithm to a more -# secure one. Once all the old tokens are expired this option -# should be set to a single value for better performance. -# (list value) -#hash_algorithms=md5 - -# Authentication type to load (type of value is unknown) -# Deprecated group/name - [keystone_authtoken]/auth_plugin -auth_type=password - -# Config Section from which to load plugin specific options -# (type of value is unknown) -#auth_section= +# if your memcached server is shared, use these settings to avoid cache poisoning +memcache_security_strategy = ENCRYPT +memcache_secret_key = {{ memcached_encryption_key }} +# if your keystone deployment uses PKI, and you value security over performance: +check_revocations_for_cached = False [matchmaker_redis] -# -# Options defined in oslo.messaging -# - -# Host to locate redis. (string value) -#host=127.0.0.1 - -# Use this port to connect to redis host. (port value) -# Possible values: 0-65535 -#port=6379 - -# Password for Redis server (optional). (string value) -#password= - -# List of Redis Sentinel hosts (fault tolerance mode) e.g. -# [host:port, host1:port ... ] (list value) -#sentinel_hosts= - -# Redis replica set name. (string value) -#sentinel_group_name=oslo-messaging-zeromq - -# Time in ms to wait between connection attempts. (integer -# value) -#wait_timeout=500 - -# Time in ms to wait before the transaction is killed. -# (integer value) -#check_timeout=20000 - -# Timeout in ms on blocking socket operations (integer value) -#socket_timeout=1000 - - [neutron] - -# -# Options defined in ironic.dhcp.neutron -# - -# URL for connecting to neutron. (string value) -{% if neutron_service_adminuri is defined %} -url={{ neutron_service_adminurl }} -{% else %} -#url= -{% endif %} - -# Timeout value for connecting to neutron in seconds. (integer -# value) -#url_timeout=30 - -# Client retries in the case of a failed request. (integer -# value) -#retries=3 - -# Default authentication strategy to use when connecting to -# neutron. Running neutron in noauth mode (related to but not -# affected by this setting) is insecure and should only be -# used for testing. (string value) -# Possible values: keystone, noauth -auth_strategy={{ ironic_neutron_auth_strategy }} - -# UUID of the network to create Neutron ports on, when booting -# to a ramdisk for cleaning using Neutron DHCP. (string value) -#cleaning_network_uuid= - +url = {{ neutron_service_adminurl }} +region_name = {{ neutron_service_region }} +auth_type = password +# Keystone client plugin password option +password = {{ neutron_service_password }} +# Keystone client plugin username option +username = {{ neutron_service_user_name }} +project_name = {{ neutron_service_project_name }} +user_domain_name = {{ neutron_service_domain_name |default("Default") }} +project_domain_name = {{ neutron_service_domain_name |default("Default") }} +# Keystone client plugin authentication URL option +auth_url = {{ keystone_service_adminurl }} +insecure = {{ keystone_service_adminuri_insecure | bool }} [oneview] -# -# Options defined in ironic.drivers.modules.oneview.common -# - -# URL where OneView is available (string value) -#manager_url= - -# OneView username to be used (string value) -#username= - -# OneView password to be used (string value) -#password= - -# Option to allow insecure connection with OneView (boolean -# value) -#allow_insecure_connections=false - -# Path to CA certificate (string value) -#tls_cacert_file= - -# Max connection retries to check changes on OneView (integer -# value) -#max_polling_attempts=12 - - [oslo_concurrency] - -# -# Options defined in oslo.concurrency -# - -# Enables or disables inter-process locks. (boolean value) -# Deprecated group/name - [DEFAULT]/disable_process_locking -#disable_process_locking=false - -# Directory to use for lock files. For security, the -# specified directory should only be writable by the user -# running the processes that need locking. Defaults to -# environment variable OSLO_LOCK_PATH. If external locks are -# used, a lock path must be set. (string value) -# Deprecated group/name - [DEFAULT]/lock_path -#lock_path= - +lock_path = /var/lock/ironic [oslo_messaging_amqp] -# -# Options defined in oslo.messaging -# - -# address prefix used when sending to a specific server -# (string value) -# Deprecated group/name - [amqp1]/server_request_prefix -#server_request_prefix=exclusive - -# address prefix used when broadcasting to all servers (string -# value) -# Deprecated group/name - [amqp1]/broadcast_prefix -#broadcast_prefix=broadcast - -# address prefix when sending to any server in group (string -# value) -# Deprecated group/name - [amqp1]/group_request_prefix -#group_request_prefix=unicast - -# Name for the AMQP container (string value) -# Deprecated group/name - [amqp1]/container_name -#container_name= - -# Timeout for inactive connections (in seconds) (integer -# value) -# Deprecated group/name - [amqp1]/idle_timeout -#idle_timeout=0 - -# Debug: dump AMQP frames to stdout (boolean value) -# Deprecated group/name - [amqp1]/trace -#trace=false - -# CA certificate PEM file to verify server certificate (string -# value) -# Deprecated group/name - [amqp1]/ssl_ca_file -#ssl_ca_file= - -# Identifying certificate PEM file to present to clients -# (string value) -# Deprecated group/name - [amqp1]/ssl_cert_file -#ssl_cert_file= - -# Private key PEM file used to sign cert_file certificate -# (string value) -# Deprecated group/name - [amqp1]/ssl_key_file -#ssl_key_file= - -# Password for decrypting ssl_key_file (if encrypted) (string -# value) -# Deprecated group/name - [amqp1]/ssl_key_password -#ssl_key_password= - -# Accept clients using either SSL or plain TCP (boolean value) -# Deprecated group/name - [amqp1]/allow_insecure_clients -#allow_insecure_clients=false - -# Space separated list of acceptable SASL mechanisms (string -# value) -# Deprecated group/name - [amqp1]/sasl_mechanisms -#sasl_mechanisms= - -# Path to directory that contains the SASL configuration -# (string value) -# Deprecated group/name - [amqp1]/sasl_config_dir -#sasl_config_dir= - -# Name of configuration file (without .conf suffix) (string -# value) -# Deprecated group/name - [amqp1]/sasl_config_name -#sasl_config_name= - -# User name for message broker authentication (string value) -# Deprecated group/name - [amqp1]/username -#username= - -# Password for message broker authentication (string value) -# Deprecated group/name - [amqp1]/password -#password= - - [oslo_messaging_notifications] -# -# Options defined in oslo.messaging -# - -# The Drivers(s) to handle sending notifications. Possible -# values are messaging, messagingv2, routing, log, test, noop -# (multi valued) -# Deprecated group/name - [DEFAULT]/notification_driver -#driver= - -# A URL representing the messaging driver to use for -# notifications. If not set, we fall back to the same -# configuration used for RPC. (string value) -# Deprecated group/name - [DEFAULT]/notification_transport_url -#transport_url= - -# AMQP topic used for OpenStack notifications. (list value) -# Deprecated group/name - [rpc_notifier2]/topics -# Deprecated group/name - [DEFAULT]/notification_topics -#topics=notifications - - [oslo_messaging_rabbit] - -# -# Options defined in oslo.messaging -# - -# Use durable queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_durable_queues -# Deprecated group/name - [DEFAULT]/rabbit_durable_queues -#amqp_durable_queues=false - -# Auto-delete queues in AMQP. (boolean value) -# Deprecated group/name - [DEFAULT]/amqp_auto_delete -#amqp_auto_delete=false - -# SSL version to use (valid only if SSL enabled). Valid values -# are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may -# be available on some distributions. (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_version -#kombu_ssl_version= - -# SSL key file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_keyfile -#kombu_ssl_keyfile= - -# SSL cert file (valid only if SSL enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_certfile -#kombu_ssl_certfile= - -# SSL certification authority file (valid only if SSL -# enabled). (string value) -# Deprecated group/name - [DEFAULT]/kombu_ssl_ca_certs -#kombu_ssl_ca_certs= - -# How long to wait before reconnecting in response to an AMQP -# consumer cancel notification. (floating point value) -# Deprecated group/name - [DEFAULT]/kombu_reconnect_delay -#kombu_reconnect_delay=1.0 - -# EXPERIMENTAL: Possible values are: gzip, bz2. If not set -# compression will not be used. This option may notbe -# available in future versions. (string value) -#kombu_compression= - -# How long to wait a missing client beforce abandoning to send -# it its replies. This value should not be longer than -# rpc_response_timeout. (integer value) -# Deprecated group/name - [oslo_messaging_rabbit]/kombu_reconnect_timeout -#kombu_missing_consumer_retry_timeout=60 - -# Determines how the next RabbitMQ node is chosen in case the -# one we are currently connected to becomes unavailable. Takes -# effect only if more than one RabbitMQ node is provided in -# config. (string value) -# Possible values: round-robin, shuffle -#kombu_failover_strategy=round-robin - -# The RabbitMQ broker address where a single node is used. -# (string value) -# Deprecated group/name - [DEFAULT]/rabbit_host -#rabbit_host=localhost - -# The RabbitMQ broker port where a single node is used. (port -# value) -# Possible values: 0-65535 -# Deprecated group/name - [DEFAULT]/rabbit_port -#rabbit_port=5672 - -# RabbitMQ HA cluster host:port pairs. (list value) -# Deprecated group/name - [DEFAULT]/rabbit_hosts -rabbit_hosts={{ rabbitmq_servers }} - -# Connect over SSL for RabbitMQ. (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_use_ssl -rabbit_use_ssl={{ rabbitmq_use_ssl }} - -# The RabbitMQ userid. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_userid -rabbit_userid={{ ironic_rabbitmq_userid }} - -# The RabbitMQ password. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_password -rabbit_password={{ ironic_rabbitmq_password }} - -# The RabbitMQ login method. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_login_method -#rabbit_login_method=AMQPLAIN - -# The RabbitMQ virtual host. (string value) -# Deprecated group/name - [DEFAULT]/rabbit_virtual_host -rabbit_virtual_host={{ ironic_rabbitmq_vhost }} - -# How frequently to retry connecting with RabbitMQ. (integer -# value) -#rabbit_retry_interval=1 - -# How long to backoff for between retries when connecting to -# RabbitMQ. (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_retry_backoff -#rabbit_retry_backoff=2 - -# Maximum interval of RabbitMQ connection retries. Default is -# 30 seconds. (integer value) -#rabbit_interval_max=30 - -# Maximum number of RabbitMQ connection retries. Default is 0 -# (infinite retry count). (integer value) -# Deprecated group/name - [DEFAULT]/rabbit_max_retries -#rabbit_max_retries=0 - -# Try to use HA queues in RabbitMQ (x-ha-policy: all). If you -# change this option, you must wipe the RabbitMQ database. In -# RabbitMQ 3.0, queue mirroring is no longer controlled by the -# x-ha-policy argument when declaring a queue. If you just -# want to make sure that all queues (except those with auto- -# generated names) are mirrored across all nodes, run: -# "rabbitmqctl set_policy HA '^(?!amq\.).*' '{"ha-mode": -# "all"}' " (boolean value) -# Deprecated group/name - [DEFAULT]/rabbit_ha_queues -#rabbit_ha_queues=false - -# Positive integer representing duration in seconds for queue -# TTL (x-expires). Queues which are unused for the duration of -# the TTL are automatically deleted. The parameter affects -# only reply and fanout queues. (integer value) -# Minimum value: 1 -#rabbit_transient_queues_ttl=1800 - -# Specifies the number of messages to prefetch. Setting to -# zero allows unlimited messages. (integer value) -#rabbit_qos_prefetch_count=0 - -# Number of seconds after which the Rabbit broker is -# considered down if heartbeat's keep-alive fails (0 disable -# the heartbeat). EXPERIMENTAL (integer value) -#heartbeat_timeout_threshold=60 - -# How often times during the heartbeat_timeout_threshold we -# check the heartbeat. (integer value) -#heartbeat_rate=2 - -# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake -# (boolean value) -# Deprecated group/name - [DEFAULT]/fake_rabbit -#fake_rabbit=false - -# Maximum number of channels to allow (integer value) -#channel_max= - -# The maximum byte size for an AMQP frame (integer value) -#frame_max= - -# How often to send heartbeats for consumer's connections -# (integer value) -#heartbeat_interval=1 - -# Enable SSL (boolean value) -#ssl= - -# Arguments passed to ssl.wrap_socket (dict value) -#ssl_options= - -# Set socket timeout in seconds for connection's socket -# (floating point value) -#socket_timeout=0.25 - -# Set TCP_USER_TIMEOUT in seconds for connection's socket -# (floating point value) -#tcp_user_timeout=0.25 - -# Set delay for reconnection to some host which has connection -# error (floating point value) -#host_connection_reconnect_delay=0.25 - -# Maximum number of connections to keep queued. (integer -# value) +rabbit_port = {{ rabbitmq_port }} +rabbit_userid = {{ ironic_rabbitmq_userid }} +rabbit_password = {{ ironic_rabbitmq_password }} +rabbit_virtual_host = {{ ironic_rabbitmq_vhost }} +rabbit_hosts = {{ rabbitmq_servers }} +rabbit_use_ssl = {{ rabbitmq_use_ssl }} pool_max_size = {{ ironic_wsgi_processes }} -# Maximum number of connections to create above -# `pool_max_size`. (integer value) -#pool_max_overflow=0 - -# Default number of seconds to wait for a connections to -# available (integer value) -#pool_timeout=30 - -# Lifetime of a connection (since creation) in seconds or None -# for no recycling. Expired connections are closed on acquire. -# (integer value) -#pool_recycle=600 - -# Threshold at which inactive (since release) connections are -# considered stale in seconds or None for no staleness. Stale -# connections are closed on acquire. (integer value) -#pool_stale=60 - -# Persist notification messages. (boolean value) -#notification_persistence=false - -# Exchange name for for sending notifications (string value) -#default_notification_exchange=${control_exchange}_notification - -# Max number of not acknowledged message which RabbitMQ can -# send to notification listener. (integer value) -#notification_listener_prefetch_count=100 - -# Reconnecting retry count in case of connectivity problem -# during sending notification, -1 means infinite retry. -# (integer value) -#default_notification_retry_attempts=-1 - -# Reconnecting retry delay in case of connectivity problem -# during sending notification message (floating point value) -#notification_retry_delay=0.25 - -# Time to live for rpc queues without consumers in seconds. -# (integer value) -#rpc_queue_expiration=60 - -# Exchange name for sending RPC messages (string value) -#default_rpc_exchange=${control_exchange}_rpc - -# Exchange name for receiving RPC replies (string value) -#rpc_reply_exchange=${control_exchange}_rpc_reply - -# Max number of not acknowledged message which RabbitMQ can -# send to rpc listener. (integer value) -#rpc_listener_prefetch_count=100 - -# Max number of not acknowledged message which RabbitMQ can -# send to rpc reply listener. (integer value) -#rpc_reply_listener_prefetch_count=100 - -# Reconnecting retry count in case of connectivity problem -# during sending reply. -1 means infinite retry during -# rpc_timeout (integer value) -#rpc_reply_retry_attempts=-1 - -# Reconnecting retry delay in case of connectivity problem -# during sending reply. (floating point value) -#rpc_reply_retry_delay=0.25 - -# Reconnecting retry count in case of connectivity problem -# during sending RPC message, -1 means infinite retry. If -# actual retry attempts in not 0 the rpc request could be -# processed more then one time (integer value) -#default_rpc_retry_attempts=-1 - -# Reconnecting retry delay in case of connectivity problem -# during sending RPC message (floating point value) -#rpc_retry_delay=0.25 - [oslo_policy] -# -# Options defined in oslo.policy -# - -# The JSON file that defines policies. (string value) -# Deprecated group/name - [DEFAULT]/policy_file -#policy_file=policy.json - -# Default rule. Enforced when a requested rule is not found. -# (string value) -# Deprecated group/name - [DEFAULT]/policy_default_rule -#policy_default_rule=default - -# Directories where policy configuration files are stored. -# They can be relative to any directory in the search path -# defined by the config_dir option, or absolute paths. The -# file defined by policy_file must exist for these directories -# to be searched. Missing or empty directories are ignored. -# (multi valued) -# Deprecated group/name - [DEFAULT]/policy_dirs -#policy_dirs=policy.d - - [pxe] -# -# Options defined in ironic.drivers.modules.iscsi_deploy -# - -# Additional append parameters for baremetal PXE boot. (string -# value) -#pxe_append_params=nofb nomodeset vga=normal - -# Default file system format for ephemeral partition, if one -# is created. (string value) -#default_ephemeral_format=ext4 - -# On the ironic-conductor node, directory where images are -# stored on disk. (string value) -#images_path=/var/lib/ironic/images/ - -# On the ironic-conductor node, directory where master -# instance images are stored on disk. Setting to -# disables image caching. (string value) -#instance_master_path=/var/lib/ironic/master_images - -# Maximum size (in MiB) of cache for master images, including -# those in use. (integer value) -#image_cache_size=20480 - -# Maximum TTL (in minutes) for old master images in cache. -# (integer value) -#image_cache_ttl=10080 - -# The disk devices to scan while doing the deploy. (string -# value) -#disk_devices=cciss/c0d0,sda,hda,vda - - -# -# Options defined in ironic.drivers.modules.pxe -# - -# On ironic-conductor node, template file for PXE -# configuration. (string value) -#pxe_config_template=$pybasedir/drivers/modules/pxe_config.template - -# On ironic-conductor node, template file for PXE -# configuration for UEFI boot loader. (string value) -#uefi_pxe_config_template=$pybasedir/drivers/modules/elilo_efi_pxe_config.template - -# IP address of ironic-conductor node's TFTP server. (string -# value) -#tftp_server=$my_ip - -# ironic-conductor node's TFTP root path. The ironic-conductor -# must have read/write access to this path. (string value) -#tftp_root=/tftpboot - -# On ironic-conductor node, directory where master TFTP images -# are stored on disk. Setting to disables image -# caching. (string value) -#tftp_master_path=/tftpboot/master_images - -# Bootfile DHCP parameter. (string value) -#pxe_bootfile_name=pxelinux.0 - -# Bootfile DHCP parameter for UEFI boot mode. (string value) -#uefi_pxe_bootfile_name=elilo.efi - -# Enable iPXE boot. (boolean value) -#ipxe_enabled=false - -# On ironic-conductor node, the path to the main iPXE script -# file. (string value) -#ipxe_boot_script=$pybasedir/drivers/modules/boot.ipxe - -# Timeout value (in seconds) for downloading an image via -# iPXE. Defaults to 0 (no timeout) (integer value) -#ipxe_timeout=0 - -# The IP version that will be used for PXE booting. Defaults -# to 4. EXPERIMENTAL (string value) -# Possible values: 4, 6 -#ip_version=4 - - [seamicro] -# -# Options defined in ironic.drivers.modules.seamicro -# - -# Maximum retries for SeaMicro operations (integer value) -#max_retry=3 - -# Seconds to wait for power action to be completed (integer -# value) -#action_timeout=10 - - [snmp] -# -# Options defined in ironic.drivers.modules.snmp -# - -# Seconds to wait for power action to be completed (integer -# value) -#power_timeout=10 - -# Time (in seconds) to sleep between when rebooting (powering -# off and on again) (integer value) -# Minimum value: 0 -#reboot_delay=0 - - [ssh] -# -# Options defined in ironic.drivers.modules.ssh -# - -# libvirt URI. (string value) -#libvirt_uri=qemu:///system - -# Number of attempts to try to get VM name used by the host -# that corresponds to a node's MAC address. (integer value) -#get_vm_name_attempts=3 - -# Number of seconds to wait between attempts to get VM name -# used by the host that corresponds to a node's MAC address. -# (integer value) -#get_vm_name_retry_interval=3 - - [ssl] -# -# Options defined in oslo.service.sslutils -# - -# CA certificate file to use to verify connecting clients. -# (string value) -# Deprecated group/name - [DEFAULT]/ssl_ca_file -#ca_file= - -# Certificate file to use when starting the server securely. -# (string value) -# Deprecated group/name - [DEFAULT]/ssl_cert_file -#cert_file= - -# Private key file to use when starting the server securely. -# (string value) -# Deprecated group/name - [DEFAULT]/ssl_key_file -#key_file= - -# SSL version to use (valid only if SSL enabled). Valid values -# are TLSv1 and SSLv23. SSLv2, SSLv3, TLSv1_1, and TLSv1_2 may -# be available on some distributions. (string value) -#version= - -# Sets the list of available ciphers. value should be a string -# in the OpenSSL cipher list format. (string value) -#ciphers= - - [swift] -# -# Options defined in ironic.common.swift -# - -# Maximum number of times to retry a Swift request, before -# failing. (integer value) -#swift_max_retries=2 - - [virtualbox] - -# -# Options defined in ironic.drivers.modules.virtualbox -# - -# Port on which VirtualBox web service is listening. (port -# value) -# Possible values: 0-65535 -#port=18083 - - diff --git a/tests/test-rest-api.yml b/tests/test-rest-api.yml index 84271799..04018f98 100644 --- a/tests/test-rest-api.yml +++ b/tests/test-rest-api.yml @@ -7,14 +7,26 @@ # needed by the functional test playbook below - name: Install httplib2 so we can use the uri module pip: - name: httplib2 + name: "{{ item }}" + with_items: + - httplib2 + - python-openstackclient + - name: Get auth token + shell: > + . /root/openrc && openstack token issue --format yaml | awk '/^id\:/ {print $2}' + register: get_keystone_token + - name: set token + set_fact: + keystone_token: "{{ get_keystone_token.stdout }}" - name: Check the ironic-api uri: url: "{{ ironic_service_publicuri }}" + HEADER_X-Auth-Token: "{{ keystone_token }}" status_code: 200 - name: list chassis uri: url: "{{ ironic_service_publicuri }}/v1/chassis" + HEADER_X-Auth-Token: "{{ keystone_token }}" status_code: 200 return_content: yes register: chassis_list @@ -22,6 +34,7 @@ assert: that="chassis_list.json.chassis == []" - name: list drivers uri: + HEADER_X-Auth-Token: "{{ keystone_token }}" url: "{{ ironic_service_publicuri }}/v1/drivers" status_code: 200 return_content: yes @@ -31,6 +44,7 @@ - name: list nodes uri: url: "{{ ironic_service_publicuri }}/v1/nodes" + HEADER_X-Auth-Token: "{{ keystone_token }}" status_code: 200 return_content: yes register: node_list @@ -42,6 +56,7 @@ method: POST HEADER_Content-Type: "application/json" HEADER_X-OpenStack-Ironic-API-Version: "1.9" + HEADER_X-Auth-Token: "{{ keystone_token }}" body_format: json body: "{\"name\": \"restnode\", \"driver\": \"agent_ipmitool\", \"driver_info\": {\"ipmi_address\": \"1.2.3.4\"}}" status_code: 201 @@ -58,15 +73,17 @@ method: POST HEADER_Content-Type: "application/json" HEADER_X-OpenStack-Ironic-API-Version: "1.9" + HEADER_X-Auth-Token: "{{ keystone_token }}" body_format: json body: " {\"node_uuid\": \"{{ node_response.json.uuid }}\", \"address\": \"00:00:00:00:00:01\"}" status_code: 201 return_content: yes - name: list ports uri: + url: "{{ ironic_service_publicuri }}/v1/ports" + HEADER_X-Auth-Token: "{{ keystone_token }}" HEADER_Content-Type: "application/json" HEADER_X-OpenStack-Ironic-API-Version: "1.9" - url: "{{ ironic_service_publicuri }}/v1/ports" body: " {\"node\": \"{{ node_response.json.uuid }}\"}" body_format: json return_content: yes @@ -82,15 +99,17 @@ method: POST HEADER_Content-Type: "application/json" HEADER_X-OpenStack-Ironic-API-Version: "1.9" + HEADER_X-Auth-Token: "{{ keystone_token }}" body_format: json body: " {\"node_uuid\": \"{{ node_response.json.uuid }}\", \"address\": \"00:00:00:00:00:02\"}" status_code: 201 return_content: yes - name: list ports again uri: + url: "{{ ironic_service_publicuri }}/v1/ports" + HEADER_X-Auth-Token: "{{ keystone_token }}" HEADER_Content-Type: "application/json" HEADER_X-OpenStack-Ironic-API-Version: "1.9" - url: "{{ ironic_service_publicuri }}/v1/ports" body: " {\"node\": \"{{ node_response.json.uuid }}\"}" body_format: json return_content: yes @@ -104,6 +123,7 @@ url: "{{ ironic_service_publicuri }}/v1/nodes/restnode/validate" method: GET HEADER_X-OpenStack-Ironic-API-Version: "1.9" + HEADER_X-Auth-Token: "{{ keystone_token }}" status_code: 200 return_content: yes register: validate_node @@ -123,6 +143,7 @@ - "validate_node.json.raid.result == true" - name: update a node uri: + HEADER_X-Auth-Token: "{{ keystone_token }}" url: "{{ ironic_service_publicuri }}/v1/nodes/restnode" body: " [{\"path\": \"/name\", \"value\": \"renamednode\", \"op\": \"replace\"}]" method: PATCH @@ -139,6 +160,7 @@ method: DELETE HEADER_Content-Type: "application/json" HEADER_X-OpenStack-Ironic-API-Version: "1.9" + HEADER_X-Auth-Token: "{{ keystone_token }}" status_code: 204 return_content: yes vars_files: diff --git a/tests/test-vars.yml b/tests/test-vars.yml index 5de65d43..9ce83b58 100644 --- a/tests/test-vars.yml +++ b/tests/test-vars.yml @@ -19,6 +19,7 @@ galera_root_user: root galera_root_password: "secrete" rabbitmq_servers: 10.100.100.101:5672 rabbitmq_use_ssl: False +rabbitmq_port: 5672 memcached_servers: 127.0.0.1 memcached_encryption_key: "secrete" keystone_venv_tag: "testing" @@ -29,7 +30,7 @@ keystone_service_password: "secrete" keystone_galera_address: 10.100.100.101 keystone_galera_database: keystone keystone_galera_user: keystone -keystone_container_mysql_password: "SuperSecrete" +keystone_container_mysql_password: "secrete" keystone_auth_admin_token: "SuperSecreteTestToken" keystone_admin_user_name: admin keystone_admin_tenant_name: admin @@ -62,8 +63,20 @@ ironic_service_password: "secrete" ironic_galera_address: 10.100.100.101 ironic_galera_database: ironic ironic_galera_user: ironic -ironic_galera_password: "SuperSecrete" +ironic_galera_password: "secrete" ironic_rabbitmq_password: "secrete" ironic_rabbitmq_userid: ironic ironic_rabbitmq_vhost: /ironic ironic_standalone: True +ironic_swift_endpoint: "http://localhost:8080" +ironic_swift_auth_account: "AUTH_1234567890" +ironic_swift_temp_url_secret_key: secrete +ironic_rabbitmq_userid: ironic +ironic_rabbitmq_password: secrete +ironic_rabbitmq_vhost: /ironic +glance_api_servers: http://localhost:9292 +neutron_service_adminurl: http://localhost:9696 +neutron_service_region: RegionOne +neutron_service_password: secrete +neutron_service_project_name: ironic +neutron_service_user_name: ironic