openstack-ansible-os_ironic/defaults/main.yml

---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Defaults file for openstack-ansible-ironic

# Verbosity Options
debug: False

# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
ironic_package_state: "latest"
ironic_pip_package_state: "latest"

# These variables are used in 'developer mode' in order to allow the role
# to build an environment directly from a git source without the presence
# of an OpenStack-Ansible repo_server.
ironic_git_repo: https://git.openstack.org/openstack/ironic
ironic_git_install_branch: master
ironic_developer_mode: false
ironic_developer_constraints:
  - "git+{{ ironic_git_repo }}@{{ ironic_git_install_branch }}#egg=ironic"

# Name of the virtual env to deploy into
ironic_venv_tag: untagged
ironic_bin: "/openstack/venvs/ironic-{{ ironic_venv_tag }}/bin"

# System info
ironic_system_user_name: ironic
ironic_system_group_name: ironic
ironic_system_shell: /bin/bash
ironic_system_comment: ironic system user
ironic_system_home_folder: "/var/lib/{{ ironic_system_user_name }}"
ironic_system_log_folder: "/var/log/{{ ironic_system_user_name }}"
ironic_lock_path: /var/lock/ironic

# Ironic Program and Service names
python_ironic_client_program_name: ironic
ironic_services:
  ironic-api:
    group: ironic_api
    service_name: ironic-api
    init_config_overrides: "{{ ironic_api_init_config_overrides }}"
    wsgi_overrides: "{{ ironic_api_uwsgi_ini_overrides }}"
    wsgi_app: True
    log_string: "--logto "
    wsgi_name: ironic-api-wsgi
    uwsgi_port: "{{ ironic_service_port }}"
    uwsgi_bind_address: "{{ ironic_uwsgi_bind_address }}"
    program_override: "{{ ironic_bin }}/uwsgi --ini /etc/uwsgi/ironic-api.ini"
  ironic-conductor:
    group: ironic_conductor
    service_name: ironic-conductor
    init_config_overrides: "{{ ironic_conductor_init_config_overrides }}"
  ironic-oneviewd:
    group: ironic_conductor
    service_name: ironic-oneviewd
    service_en: "{{ ironic_oneview_enabled | bool }}"
    init_config_overrides: "{{ ironic_oneviewd_init_config_overrides }}"


ironic_service_name: ironic
ironic_service_type: baremetal
ironic_service_proto: http
ironic_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(ironic_service_proto) }}"
ironic_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(ironic_service_proto) }}"
ironic_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(ironic_service_proto) }}"
ironic_service_port: 6385
ironic_service_description: "Ironic baremetal provisioning service"
ironic_service_publicuri: "{{ ironic_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ ironic_service_port }}"
ironic_service_publicurl: "{{ ironic_service_publicuri }}"
ironic_service_adminuri: "{{ ironic_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_service_port }}"
ironic_service_adminurl: "{{ ironic_service_adminuri }}"
ironic_service_internaluri: "{{ ironic_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_service_port }}"
ironic_service_internalurl: "{{ ironic_service_internaluri }}"
ironic_program_name: ironic-api
ironic_service_region: RegionOne
ironic_service_project_name: "service"
ironic_service_project_domain_id: default
ironic_service_user_domain_id: default
ironic_service_role_name: "admin"
ironic_service_in_ldap: False

# Ironic image store information
ironic_swift_image_container: glance_images
ironic_swift_api_version: v1
ironic_swift_url_endpoint_type: swift
# The ironic swift auth account and swift endpoints will be generated using the
#  known swift data as provided by swift stat. If you wish to set either of these
#  items to something else define these variables.
# ironic_swift_auth_account: AUTH_1234567890
# ironic_swift_endpoint: https://localhost:8080

# Is this Ironic installation working standalone?
# If you're wanting Ironic to work without being integrated to other OpenStack
# services, set this to True, and update the dhcp configuration appropriately
ironic_standalone: False

# Enables or disables automated cleaning. Automated cleaning
# is a configurable set of steps, such as erasing disk drives,
# that are performed on the node to ensure it is in a baseline
# state and ready to be deployed to.
ironic_automated_clean: false
# Set to 0 to disable erase devices on cleaning
ironic_erase_devices_priority: 10

## ironic-oneview
ironic_oneview_enabled: "{% if 'agent_pxe_oneview' in ironic_openstack_driver_list or
                               'agent_pxe_oneview' in ironic_standalone_driver_list or
                               'iscsi_pxe_oneview' in ironic_openstack_driver_list or
                               'iscsi_pxe_oneview' in ironic_standalone_driver_list %}True{% else %}False{% endif %}"
ironic_oneview_manager_url: ""
ironic_oneview_username: ""
ironic_oneview_password: ""
ironic_oneview_allow_insecure_connections: False
ironic_oneview_tls_cacert_file: "None"
ironic_oneview_max_polling_attempts: 12

# ironic-oneviewd
# Polling interval in seconds for daemon to manage the nodes
ironic_oneviewd_retry_interval: 15
# Size the of the RPC thread pool
ironic_oneviewd_rpc_thread_pool_size: 20
# (Optional) Whether to enable the periodic tasks for OneView
# driver be aware when OneView hardware resources are taken
# and released by Ironic or OneView users and proactively
# manage nodes in clean fail state according to Dynamic
# Allocation model of hardware resources allocation in
# OneView
ironic_oneviewd_enable_periodic_tasks: True
# Period (in seconds) for periodic tasks to be executed when
# enable_periodic_tasks is True
ironic_oneviewd_periodic_check_interval: "{{ ironic_oneviewd_retry_interval }}"
# (Optional) Enable auditing of OneView API requests
ironic_oneviewd_audit_enabled: False
# Path to map file for OneView audit cases. Used only when
# OneView API audit is enabled
ironic_oneviewd_audit_map_file: "None"
# Path to OneView audit log file. Created only when Oneview
# API audit is enabled.
ironic_oneviewd_audit_output_file: "None"

# Database
ironic_galera_user: ironic
ironic_galera_database: ironic

## Keystone authentication middleware
ironic_keystone_auth_plugin: password

# Neutron network - Set these in a playbook/task - can be set manually.
# Only "name" or "uuid" is needed, uuid will take preference if both are specified.
# The cleaning network is not required to be set - it will default to the same as
# the provisioning network if not specified.
# ironic_neutron_provisioning_network_uuid: "UUID for provisioning network in neutron"
# ironic_neutron_cleaning_network_uuid: "UUID for cleaning network in neutron"
# ironic_neutron_provisioning_network_name: "Name of provisioning network in neutron"
# ironic_neutron_cleaning_network_name: "Name of cleaning network in neutron"

# Integrated Openstack configuration
ironic_enabled_network_interfaces_list: "flat,noop{{ (ironic_neutron_provisioning_network_uuid is defined) | ternary(',neutron','') }}"
ironic_default_network_interface: "{{ (ironic_neutron_provisioning_network_uuid is defined) | ternary('neutron','flat') }}"
ironic_openstack_driver_list:
  - agent_ipmitool
  - pxe_ipmitool
ironic_openstack_driver_loaded_list: "{% for driver in ironic_openstack_driver_list %}{{ driver }}{% if not loop.last %},{% endif %}{% endfor %}"
ironic_openstack_auth_strategy: keystone
#ironic_openstack_api_url: ''  # Not required when we have keystone
ironic_openstack_dhcp_provider: neutron
ironic_openstack_sync_power_state_interval: 60
ironic_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
ironic_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
ironic_openstack_db_connection_string: "mysql+pymysql://{{ ironic_galera_user }}:{{ ironic_container_mysql_password }}@{{ ironic_galera_address }}/ironic{% if ironic_galera_use_ssl | bool %}&ssl_ca={{ ironic_galera_ssl_ca_cert }}{% endif %}"

# Standalone Ironic configuration
ironic_standalone_driver_list:
  - agent_ipmitool
ironic_standalone_driver_loaded_list: "{% for driver in ironic_standalone_driver_list %}{{ driver }}{% if not loop.last %},{% endif %}{% endfor %}"
ironic_standalone_auth_strategy: noauth
ironic_standalone_api_url: "{{ ironic_service_internaluri }}/"
ironic_standalone_dhcp_provider: none
ironic_standalone_sync_power_state_interval: -1
ironic_standalone_db_connection_string: "{{ ironic_openstack_db_connection_string }}"

# Ironic db tuning
ironic_db_max_overflow: 10
ironic_db_max_pool_size: 120
ironic_db_pool_timeout: 30

# Common configuration
ironic_node_name: ironic

# If you want to regenerate the ironic users SSH keys, on each run, set this
# var to True. Otherwise keys will be generated on the first run and not
# regenerated each run.
ironic_recreate_keys: False

# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
ironic_venv_download: "{{ not ironic_developer_mode | bool }}"
ironic_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/ironic.tgz

ironic_tftp_server_address: "{{ ansible_host }}"

ironic_requires_pip_packages:
  - virtualenv
  - python-keystoneclient # Keystoneclient needed for the OSA keystone lib
  - httplib2 # for Ansible's uri module

ironic_oneview_optional_pip_packages:
  - ironic-oneview-cli
  - ironic-oneviewd

ironic_pip_packages:
  - cryptography
  - ironic
  - PyMySQL
  - python-ironicclient
  - python-memcached
  - python-swiftclient
  - uwsgi

## Oslo Messaging Info
# RPC
ironic_oslomsg_rpc_transport: rabbit
ironic_oslomsg_rpc_servers: 127.0.0.1
ironic_oslomsg_rpc_port: 5672
ironic_oslomsg_rpc_use_ssl: False
ironic_oslomsg_rpc_userid: ironic
ironic_oslomsg_rpc_vhost: /ironic

# Notify
ironic_oslomsg_notify_transport: rabbit
ironic_oslomsg_notify_servers: 127.0.0.1
ironic_oslomsg_notify_port: 5672
ironic_oslomsg_notify_use_ssl: False
ironic_oslomsg_notify_userid: ironic
ironic_oslomsg_notify_vhost: /ironic

# Auth
ironic_service_user_name: "ironic"

# WSGI settings
ironic_wsgi_threads: 1
ironic_wsgi_processes_max: 16
ironic_wsgi_processes: "{{ [[ansible_processor_vcpus|default(4) // 4, 1] | max, ironic_wsgi_processes_max] | min }}"
ironic_wsgi_buffer_size: 65535
ironic_uwsgi_bind_address: 0.0.0.0

### OpenStack Services to integrate with

# Glance
ironic_glance_auth_strategy: "{{ ironic_openstack_auth_strategy }}"

# Neutron
ironic_neutron_auth_strategy: "{{ ironic_openstack_auth_strategy }}"

# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
ironic_role_project_group: ironic_all

### Config Overrides
ironic_ironic_conf_overrides: {}
ironic_ironic_oneviewd_conf_overrides: {}
ironic_rootwrap_conf_overrides: {}
ironic_policy_overrides: {}
ironic_api_uwsgi_ini_overrides: {}

# pxe boot
ironic_pxe_append_params: "ipa-debug=1 systemd.journald.forward_to_console=yes"

ironic_api_init_config_overrides: {}
ironic_conductor_init_config_overrides: {}
ironic_oneviewd_init_config_overrides: {}