openstack/openstack-ansible-os_ironic
Code Issues Proposed changes
openstack-ansible-os_ironic/templates/inspector.conf.j2
Andrew Bonney 3f7e851b98 Fix quorum queue support for ironic-inspector 
Configuration of RPC for ironic-inspector was a bit of a mixed
bag, with some config fixed at defaults which are only relevant
for HA queues. This conforms it to the way the majority of
variables are managed.

Note that this changes the default for
ironic_inspector_oslomsg_rpc_use_ssl, but this should be set via
oslomsg_rpc_use_ssl anyway.

This also removes various unused inspector notification defaults.

Change-Id: I7edc658f57de5ffc6d4aa158b02d26fa3ad71c9d
2025-01-20 10:51:25 +00:00

137 lines
4.6 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
[DEFAULT]
listen_address = {{ ironic_inspector_service_address }}
listen_port = {{ ironic_inspector_service_port }}
{% if ironic_backend_ssl | bool %}
use_ssl = True
{% endif %}
rootwrap_config = /etc/ironic-inspector/rootwrap.conf
auth_strategy = keystone
debug = {{ debug }}
# RPC Backend
transport_url = {{ ironic_inspector_oslomsg_rpc_transport }}://{% for host in ironic_inspector_oslomsg_rpc_servers.split(',') %}{{ ironic_inspector_oslomsg_rpc_userid }}:{{ ironic_inspector_oslomsg_rpc_password }}@{{ host }}:{{ ironic_inspector_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _ironic_inspector_oslomsg_rpc_vhost_conf }}{% if ironic_inspector_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
{% if ironic_backend_ssl | bool %}
[ssl]
cert_file = {{ ironic_ssl_cert }}
key_file = {{ ironic_ssl_key }}
{% endif %}
[capabilities]
[cors]
[database]
connection = {{ ironic_inspector_openstack_db_connection_string }}
max_overflow = {{ ironic_inspector_db_max_overflow }}
max_pool_size = {{ ironic_inspector_db_max_pool_size }}
pool_timeout = {{ ironic_inspector_db_pool_timeout }}
connection_recycle_time = {{ ironic_inspector_db_connection_recycle_time }}
[discovery]
enroll_node_driver = ipmi
[dnsmasq_pxe_filter]
{% if ironic_inspector_pxe_filter == "dnsmasq" %}
dhcp_hostsdir = /etc/ironic-inspector/dhcp-hostsdir
dnsmasq_start_command = systemctl start ironic-inspector-dnsmasq
dnsmasq_stop_command = systemctl stop ironic-inspector-dnsmasq
{% endif %}
[healthcheck]
enabled = True
[iptables]
{% if ironic_inspector_pxe_filter == "iptables" %}
manage_firewall = True
{% endif %}
dnsmasq_interface = {{ ironic_inspector_dhcp_interface }}
[ironic]
username = ironic
password = {{ ironic_service_password }}
project_name = service
user_domain_name = {{ ironic_service_user_domain_id }}
project_domain_name = {{ ironic_service_project_domain_id }}
auth_url = {{ keystone_service_adminurl }}
insecure = {{ keystone_service_adminuri_insecure | bool }}
auth_type = password
valid_interfaces = internal,public
insecure = {{ keystone_service_internaluri_insecure | bool }}
[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = password
auth_url = {{ keystone_service_adminuri }}
auth_uri = {{ keystone_service_internaluri }}
project_domain_id = default
user_domain_id = default
project_name = "service"
username = ironic_inspector
password = {{ ironic_inspector_service_password }}
region_name = {{ keystone_service_region }}
service_token_roles = {{ ironic_inspector_service_token_roles | join(',') }}
service_token_roles_required = {{ ironic_inspector_service_token_roles_required | bool }}
service_type = {{ ironic_inspector_service_type }}
memcached_servers = {{ memcached_servers }}
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}
[oslo_messaging_rabbit]
ssl = {{ ironic_oslomsg_rpc_use_ssl }}
pool_max_size = {{ ironic_wsgi_processes }}
rabbit_quorum_queue = {{ ironic_oslomsg_rabbit_quorum_queues }}
rabbit_transient_quorum_queue = {{ ironic_oslomsg_rabbit_transient_quorum_queues }}
rabbit_qos_prefetch_count = {{ ironic_oslomsg_rabbit_qos_prefetch_count }}
use_queue_manager = {{ ironic_oslomsg_rabbit_queue_manager }}
{% if ironic_oslomsg_rabbit_queue_manager %}
hostname = {{ [ansible_facts['hostname'], ironic_service_name] | join('-') }}
{% endif %}
rabbit_stream_fanout = {{ ironic_oslomsg_rabbit_stream_fanout }}
rabbit_quorum_delivery_limit = {{ ironic_oslomsg_rabbit_quorum_delivery_limit }}
rabbit_quorum_max_memory_bytes = {{ ironic_oslomsg_rabbit_quorum_max_memory_bytes }}
[oslo_policy]
[pci_devices]
[processing]
add_ports = pxe
keep_ports = present
store_data = database
store_data_location = report_path
ramdisk_logs_dir = {{ ironic_system_home_folder }}/ramdisk-logs
always_store_ramdisk_logs = true
{% if ironic_inspector_processing_hooks is defined %}
processing_hooks = {{ ironic_inspector_processing_hooks }}
{% endif %}
{% if ironic_inspector_enable_discovery == true %}
node_not_found_hook = enroll
{% endif %}
[pxe_filter]
{% if ironic_inspector_dhcp_type == "isc_dhcp" %}
driver = iptables
{% else %}
driver = dnsmasq
{% endif %}
[swift]
username = swift-inspector
password = {{ ironic_inspector_swift_password }}
project_name = ironic-inspector
user_domain_name = default
project_domain_name = default
auth_url = {{ keystone_service_adminurl }}
insecure = {{ keystone_service_adminuri_insecure | bool }}
auth_type = password
valid_interfaces = internal,public
container = ironic-inspector
View Git Blame Copy Permalink