Merge "ironic-inspector: Use non-standalone mode"

2023-11-27 14:16:27 +00:00 · 2023-11-27 14:16:27 +00:00 · 7be1d8eca2
commit 7be1d8eca2
parent 02822cff64 6de4651195
1 changed files with 32 additions and 9 deletions
--- a/manifests/ironic.pp
+++ b/manifests/ironic.pp
@ -12,10 +12,20 @@ class openstack_integration::ironic (
  include openstack_integration::params
  if $::openstack_integration::config::ssl {
    if $facts['os']['family'] != 'RedHat' {
      # TODO(tkajinam): ironic-inspector can enable ssl with use_ssl and
      #                 ssl options from oslo.service
      fail('ssl is supported only in CentOS and RHEL')
    }
    openstack_integration::ssl_key { 'ironic':
      notify  => Service['httpd'],
      require => Package['ironic-common'],
    }
    openstack_integration::ssl_key { 'ironic-inspector':
      notify  => Service['httpd'],
      require => Package['ironic-inspector'],
    }
    Exec['update-ca-certificates'] ~> Service['httpd']
  }
@ -78,13 +88,6 @@ class openstack_integration::ironic (
    memcached_servers            => $::openstack_integration::config::memcached_servers,
    service_token_roles_required => true,
  }
  class { 'ironic::keystone::auth_inspector':
    public_url   => "http://${::openstack_integration::config::ip_for_url}:5050",
    internal_url => "http://${::openstack_integration::config::ip_for_url}:5050",
    admin_url    => "http://${::openstack_integration::config::ip_for_url}:5050",
    roles        => ['admin', 'service'],
    password     => 'a_big_secret',
  }
  class { 'ironic::client': }
  class { 'ironic::api':
    service_name => 'httpd',
@ -107,8 +110,13 @@ class openstack_integration::ironic (
    enabled_vendor_interfaces     => ['fake', 'ipmitool', 'no-vendor'],
  }
  class { 'ironic::drivers::ipmi': }
-
+  class { 'ironic::keystone::auth_inspector':
-  # Ironic inspector resources
+    public_url   => "${::openstack_integration::config::base_url}:5050",
    internal_url => "${::openstack_integration::config::base_url}:5050",
    admin_url    => "${::openstack_integration::config::base_url}:5050",
    roles        => ['admin', 'service'],
    password     => 'a_big_secret',
  }
  class { 'ironic::inspector::db::mysql':
    charset  => $::openstack_integration::params::mysql_charset,
    collate  => $::openstack_integration::params::mysql_collate,
@ -143,6 +151,19 @@ class openstack_integration::ironic (
    password => 'a_big_secret',
    auth_url => "${::openstack_integration::config::keystone_auth_uri}/v3",
  }
  if $facts['os']['family'] == 'RedHat' {
    class { 'ironic::inspector::wsgi::apache':
      bind_host => $::openstack_integration::config::host,
      ssl       => $::openstack_integration::config::ssl,
      ssl_key   => "/etc/ironic-inspector/ssl/private/${facts['networking']['fqdn']}.pem",
      ssl_cert  => $::openstack_integration::params::cert_path,
      workers   => 2,
    }
    $standalone = false
  } else {
    $standalone = true
  }
  class { 'ironic::inspector':
    listen_address        => $::openstack_integration::config::host,
    default_transport_url => os_transport_url({
@ -153,6 +174,8 @@ class openstack_integration::ironic (
      'password'  => 'an_even_bigger_secret',
    }),
    rabbit_use_ssl        => $::openstack_integration::config::ssl,
    standalone            => $standalone,
    dnsmasq_interface     => 'eth0',
  }
  class { 'ironic::inspector::client': }
 }