main.yml

---
ironic_services:
  ironic-api:
    container_name: ironic_api
    group: ironic-api
    enabled: true
    image: "{{ ironic_api_image_full }}"
    volumes: "{{ ironic_api_default_volumes + ironic_api_extra_volumes }}"
    dimensions: "{{ ironic_api_dimensions }}"
    healthcheck: "{{ ironic_api_healthcheck }}"
    haproxy:
      ironic_api:
        enabled: "{{ enable_ironic }}"
        mode: "http"
        external: false
        port: "{{ ironic_api_port }}"
        listen_port: "{{ ironic_api_listen_port }}"
        tls_backend: "{{ ironic_enable_tls_backend }}"
      ironic_api_external:
        enabled: "{{ enable_ironic }}"
        mode: "http"
        external: true
        external_fqdn: "{{ ironic_external_fqdn }}"
        port: "{{ ironic_api_public_port }}"
        listen_port: "{{ ironic_api_listen_port }}"
        tls_backend: "{{ ironic_enable_tls_backend }}"
  ironic-conductor:
    container_name: ironic_conductor
    group: ironic-conductor
    enabled: true
    image: "{{ ironic_conductor_image_full }}"
    privileged: True
    volumes: "{{ ironic_conductor_default_volumes + ironic_conductor_extra_volumes + lookup('vars', 'run_default_volumes_' + kolla_container_engine) }}"
    dimensions: "{{ ironic_conductor_dimensions }}"
    healthcheck: "{{ ironic_conductor_healthcheck }}"
  ironic-inspector:
    container_name: ironic_inspector
    group: ironic-inspector
    enabled: true
    image: "{{ ironic_inspector_image_full }}"
    privileged: True
    volumes: "{{ ironic_inspector_default_volumes + ironic_inspector_extra_volumes }}"
    dimensions: "{{ ironic_inspector_dimensions }}"
    healthcheck: "{{ ironic_inspector_healthcheck }}"
    haproxy:
      ironic_inspector:
        enabled: "{{ enable_ironic }}"
        mode: "http"
        external: false
        port: "{{ ironic_inspector_port }}"
        listen_port: "{{ ironic_inspector_listen_port }}"
      ironic_inspector_external:
        enabled: "{{ enable_ironic }}"
        mode: "http"
        external: true
        external_fqdn: "{{ ironic_inspector_external_fqdn }}"
        port: "{{ ironic_inspector_public_port }}"
        listen_port: "{{ ironic_inspector_listen_port }}"
  ironic-tftp:
    container_name: ironic_tftp
    group: ironic-tftp
    enabled: true
    image: "{{ ironic_pxe_image_full }}"
    environment:
      TFTPBOOT_PATH: /var/lib/ironic/tftpboot
      HTTPBOOT_PATH: /var/lib/ironic/httpboot
    volumes: "{{ ironic_tftp_default_volumes + ironic_tftp_extra_volumes }}"
    dimensions: "{{ ironic_tftp_dimensions }}"
  ironic-http:
    container_name: ironic_http
    group: ironic-http
    # NOTE(mgoddard): This container is always enabled, since may be used by
    # the direct deploy driver.
    enabled: true
    image: "{{ ironic_pxe_image_full }}"
    volumes: "{{ ironic_http_default_volumes + ironic_http_extra_volumes }}"
    dimensions: "{{ ironic_http_dimensions }}"
    healthcheck: "{{ ironic_http_healthcheck }}"
  ironic-dnsmasq:
    container_name: ironic_dnsmasq
    group: ironic-inspector
    enabled: true
    cap_add:
      - NET_ADMIN
      - NET_RAW
    image: "{{ ironic_dnsmasq_image_full }}"
    volumes: "{{ ironic_dnsmasq_default_volumes + ironic_dnsmasq_extra_volumes }}"
    dimensions: "{{ ironic_dnsmasq_dimensions }}"
  ironic-prometheus-exporter:
    container_name: ironic_prometheus_exporter
    group: ironic-conductor
    enabled: "{{ enable_ironic_prometheus_exporter }}"
    image: "{{ ironic_prometheus_exporter_image_full }}"
    volumes: "{{ ironic_prometheus_exporter_default_volumes + ironic_prometheus_exporter_extra_volumes }}"
    dimensions: "{{ ironic_prometheus_exporter_dimensions }}"

####################
# Config Validate
####################
ironic_config_validation:
  - generator: "/ironic/tools/config/ironic-config-generator.conf"
    config: "/etc/ironic/ironic.conf"

####################
# Database
####################
ironic_database_name: "ironic"
ironic_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic{% endif %}"
ironic_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"

ironic_inspector_database_name: "ironic_inspector"
ironic_inspector_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}ironic_inspector{% endif %}"
ironic_inspector_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"

####################
# Database sharding
####################
ironic_database_shard_root_user: "{% if enable_proxysql | bool %}root_shard_{{ ironic_database_shard_id }}{% else %}{{ database_user }}{% endif %}"
ironic_database_shard_id: "{{ mariadb_default_database_shard_id | int }}"
ironic_database_shard:
  users:
    - user: "{{ ironic_database_user }}"
      password: "{{ ironic_database_password }}"
    - user: "{{ ironic_inspector_database_user }}"
      password: "{{ ironic_inspector_database_password }}"
  rules:
    - schema: "{{ ironic_database_name }}"
      shard_id: "{{ ironic_database_shard_id }}"
    - schema: "{{ ironic_inspector_database_name }}"
      shard_id: "{{ ironic_database_shard_id }}"


####################
# Docker
####################
ironic_tag: "{{ openstack_tag }}"

ironic_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}ironic-api"
ironic_api_tag: "{{ ironic_tag }}"
ironic_api_image_full: "{{ ironic_api_image }}:{{ ironic_api_tag }}"

ironic_conductor_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}ironic-conductor"
ironic_conductor_tag: "{{ ironic_tag }}"
ironic_conductor_image_full: "{{ ironic_conductor_image }}:{{ ironic_conductor_tag }}"

ironic_pxe_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}ironic-pxe"
ironic_pxe_tag: "{{ ironic_tag }}"
ironic_pxe_image_full: "{{ ironic_pxe_image }}:{{ ironic_pxe_tag }}"

ironic_inspector_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}ironic-inspector"
ironic_inspector_tag: "{{ ironic_tag }}"
ironic_inspector_image_full: "{{ ironic_inspector_image }}:{{ ironic_inspector_tag }}"

ironic_dnsmasq_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}dnsmasq"
ironic_dnsmasq_tag: "{{ ironic_tag }}"
ironic_dnsmasq_image_full: "{{ ironic_dnsmasq_image }}:{{ ironic_dnsmasq_tag }}"

ironic_prometheus_exporter_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}ironic-prometheus-exporter"
ironic_prometheus_exporter_tag: "{{ ironic_tag }}"
ironic_prometheus_exporter_image_full: "{{ ironic_prometheus_exporter_image }}:{{ ironic_prometheus_exporter_tag }}"

ironic_api_dimensions: "{{ default_container_dimensions }}"
ironic_conductor_dimensions: "{{ default_container_dimensions }}"
ironic_tftp_dimensions: "{{ default_container_dimensions }}"
ironic_http_dimensions: "{{ default_container_dimensions }}"
ironic_inspector_dimensions: "{{ default_container_dimensions }}"
ironic_dnsmasq_dimensions: "{{ default_container_dimensions }}"
ironic_prometheus_exporter_dimensions: "{{ default_container_dimensions }}"

ironic_api_enable_healthchecks: "{{ enable_container_healthchecks }}"
ironic_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
ironic_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
ironic_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
ironic_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl {{ 'https' if ironic_enable_tls_backend | bool else 'http' }}://{{ api_interface_address | put_address_in_context('url') }}:{{ ironic_api_listen_port }}"]
ironic_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
ironic_api_healthcheck:
  interval: "{{ ironic_api_healthcheck_interval }}"
  retries: "{{ ironic_api_healthcheck_retries }}"
  start_period: "{{ ironic_api_healthcheck_start_period }}"
  test: "{% if ironic_api_enable_healthchecks | bool %}{{ ironic_api_healthcheck_test }}{% else %}NONE{% endif %}"
  timeout: "{{ ironic_api_healthcheck_timeout }}"

ironic_conductor_enable_healthchecks: "{{ enable_container_healthchecks }}"
ironic_conductor_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
ironic_conductor_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
ironic_conductor_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
ironic_conductor_healthcheck_test: ["CMD-SHELL", "healthcheck_port ironic-conductor {{ om_rpc_port }}"]
ironic_conductor_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
ironic_conductor_healthcheck:
  interval: "{{ ironic_conductor_healthcheck_interval }}"
  retries: "{{ ironic_conductor_healthcheck_retries }}"
  start_period: "{{ ironic_conductor_healthcheck_start_period }}"
  test: "{% if ironic_conductor_enable_healthchecks | bool %}{{ ironic_conductor_healthcheck_test }}{% else %}NONE{% endif %}"
  timeout: "{{ ironic_conductor_healthcheck_timeout }}"

ironic_inspector_enable_healthchecks: "{{ enable_container_healthchecks }}"
ironic_inspector_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
ironic_inspector_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
ironic_inspector_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
ironic_inspector_healthcheck_test: ["CMD-SHELL", "healthcheck_port ironic-inspector {{ om_rpc_port }}"]
ironic_inspector_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
ironic_inspector_healthcheck:
  interval: "{{ ironic_inspector_healthcheck_interval }}"
  retries: "{{ ironic_inspector_healthcheck_retries }}"
  start_period: "{{ ironic_inspector_healthcheck_start_period }}"
  test: "{% if ironic_inspector_enable_healthchecks | bool %}{{ ironic_inspector_healthcheck_test }}{% else %}NONE{% endif %}"
  timeout: "{{ ironic_inspector_healthcheck_timeout }}"

ironic_http_enable_healthchecks: "{{ enable_container_healthchecks }}"
ironic_http_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
ironic_http_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
ironic_http_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
ironic_http_healthcheck_test: ["CMD-SHELL", "healthcheck_listen {% if kolla_base_distro in ['debian', 'ubuntu'] %}apache2{% else %}httpd{% endif %} {{ ironic_http_port }}"]
ironic_http_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
ironic_http_healthcheck:
  interval: "{{ ironic_http_healthcheck_interval }}"
  retries: "{{ ironic_http_healthcheck_retries }}"
  start_period: "{{ ironic_http_healthcheck_start_period }}"
  test: "{% if ironic_http_enable_healthchecks | bool %}{{ ironic_http_healthcheck_test }}{% else %}NONE{% endif %}"
  timeout: "{{ ironic_http_healthcheck_timeout }}"

ironic_api_default_volumes:
  - "{{ node_config_directory }}/ironic-api/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
  - "kolla_logs:/var/log/kolla"
  - "{{ kolla_dev_repos_directory ~ '/ironic:/dev-mode/ironic' if ironic_dev_mode | bool else '' }}"
ironic_conductor_default_volumes:
  - "{{ node_config_directory }}/ironic-conductor/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
  - "/lib/modules:/lib/modules:ro"
  - "/sys:/sys"
  - "/dev:/dev"
  - "/run:/run{{ ':shared' if kolla_container_engine == 'docker' else '' }}"
  - "kolla_logs:/var/log/kolla"
  - "ironic:/var/lib/ironic"
  - "{{ kolla_dev_repos_directory ~ '/ironic:/dev-mode/ironic' if ironic_dev_mode | bool else '' }}"
  - "{{ 'ironic_prometheus_exporter_data:/var/lib/ironic-metrics' if enable_ironic_prometheus_exporter | bool else '' }}"
ironic_tftp_default_volumes:
  - "{{ node_config_directory }}/ironic-tftp/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
  - "ironic:/var/lib/ironic"
  - "kolla_logs:/var/log/kolla"
ironic_http_default_volumes:
  - "{{ node_config_directory }}/ironic-http/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
  - "ironic:/var/lib/ironic"
  - "kolla_logs:/var/log/kolla"
ironic_inspector_default_volumes:
  - "{{ node_config_directory }}/ironic-inspector/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
  - "kolla_logs:/var/log/kolla"
  - "ironic_inspector_dhcp_hosts:/var/lib/ironic-inspector/dhcp-hostsdir"
  - "{{ kolla_dev_repos_directory ~ '/ironic-inspector:/dev-mode/ironic-inspector' if ironic_inspector_dev_mode | bool else '' }}"
ironic_dnsmasq_default_volumes:
  - "{{ node_config_directory }}/ironic-dnsmasq/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
  - "kolla_logs:/var/log/kolla"
  - "ironic_inspector_dhcp_hosts:/etc/dnsmasq/dhcp-hostsdir:ro"
ironic_prometheus_exporter_default_volumes:
  - "{{ node_config_directory }}/ironic-prometheus-exporter/:{{ container_config_directory }}/:ro"
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
  - "kolla_logs:/var/log/kolla"
  - "ironic_prometheus_exporter_data:/var/lib/ironic-metrics"

ironic_extra_volumes: "{{ default_extra_volumes }}"
ironic_api_extra_volumes: "{{ ironic_extra_volumes }}"
ironic_conductor_extra_volumes: "{{ ironic_extra_volumes }}"
ironic_tftp_extra_volumes: "{{ ironic_extra_volumes }}"
ironic_http_extra_volumes: "{{ ironic_extra_volumes }}"
ironic_inspector_extra_volumes: "{{ ironic_extra_volumes }}"
ironic_dnsmasq_extra_volumes: "{{ ironic_extra_volumes }}"
ironic_prometheus_exporter_extra_volumes: "{{ ironic_extra_volumes }}"

####################
# OpenStack
####################
ironic_inspector_keystone_user: "ironic-inspector"

ironic_logging_debug: "{{ openstack_logging_debug }}"

openstack_ironic_auth: "{{ openstack_auth }}"

openstack_ironic_inspector_auth: "{{ openstack_auth }}"

ironic_api_workers: "{{ openstack_service_workers }}"

#########
# Ironic
#########
ironic_dnsmasq_interface: "{{ api_interface }}"
ironic_dnsmasq_dhcp_ranges:
ironic_dnsmasq_dhcp_default_lease_time: "10m"
ironic_dnsmasq_serve_ipxe: true
ironic_dnsmasq_boot_file: "{% if ironic_dnsmasq_serve_ipxe | bool %}undionly.kpxe{% else %}pxelinux.0{% endif %}"
ironic_dnsmasq_uefi_ipxe_boot_file: "snponly.efi"
ironic_cleaning_network:
ironic_console_serial_speed: "115200n8"
ironic_http_url: "http://{{ ironic_http_interface_address | put_address_in_context('url') }}:{{ ironic_http_port }}"
ironic_tftp_listen_address: "{{ ironic_tftp_interface_address }}"
ironic_enable_rolling_upgrade: "yes"
ironic_upgrade_skip_wait_check: false
ironic_inspector_kernel_cmdline_extras: []
ironic_inspector_pxe_filter: "{% if enable_neutron | bool %}dnsmasq{% else %}noop{% endif %}"
ironic_prometheus_exporter_data_dir: "/var/lib/ironic-prometheus-exporter/data"
ironic_prometheus_exporter_sensor_data_interval: 30
ironic_prometheus_exporter_sensor_data_undeployed_nodes: "true"


####################
## Kolla
#####################
ironic_inspector_git_repository: "{{ kolla_dev_repos_git }}/ironic-inspector"
ironic_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
ironic_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
ironic_dev_mode: "{{ kolla_dev_mode }}"
ironic_inspector_dev_mode: "{{ ironic_dev_mode }}"
ironic_source_version: "{{ kolla_source_version }}"
ironic_inspector_source_version: "{{ ironic_source_version }}"
ironic_agent_files_directory: "{{ node_custom_config }}"


####################
# Notifications
####################
ironic_notification_topics:
  - name: notifications
    enabled: "{{ enable_ceilometer | bool }}"

ironic_enabled_notification_topics: "{{ ironic_notification_topics | selectattr('enabled', 'equalto', true) | list }}"

####################
# Keystone
####################
ironic_enable_keystone_integration: "{{ enable_keystone | bool }}"
ironic_ks_services:
  - name: "ironic"
    type: "baremetal"
    description: "Ironic baremetal provisioning service"
    endpoints:
      - {'interface': 'internal', 'url': '{{ ironic_internal_endpoint }}'}
      - {'interface': 'public', 'url': '{{ ironic_public_endpoint }}'}
  - name: "ironic-inspector"
    type: "baremetal-introspection"
    description: "Ironic Inspector baremetal introspection service"
    endpoints:
      - {'interface': 'internal', 'url': '{{ ironic_inspector_internal_endpoint }}'}
      - {'interface': 'public', 'url': '{{ ironic_inspector_public_endpoint }}'}

ironic_ks_users:
  - project: "service"
    user: "{{ ironic_keystone_user }}"
    password: "{{ ironic_keystone_password }}"
    role: "admin"
  - project: "service"
    user: "{{ ironic_inspector_keystone_user }}"
    password: "{{ ironic_inspector_keystone_password }}"
    role: "admin"

ironic_ks_user_roles:
  - project: "service"
    user: "{{ ironic_keystone_user }}"
    role: "service"
  - project: "service"
    user: "{{ ironic_inspector_keystone_user }}"
    role: "service"

####################
# TLS
####################
ironic_enable_tls_backend: "{{ kolla_enable_tls_backend }}"