Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / ironic / 998929c727fb3c6ad8dc33de2acdf9894e3fcf73 / . / README.rst
blob: d37b93f0a8d2c0f7e5d3f1f36e9358496a348c11 [file] [log] [blame]
======
ironic
======
Service ironic description
Sample pillars
==============
Single ironic service
.. code-block:: yaml
ironic:
api:
enabled: true
version: mitaka
bind:
address: 0.0.0.0
port: 6385
database:
engine: mysql
host: localhost
port: 3306
name: ironic
user: ironic
password: password
identity:
engine: keystone
region: RegionOne
host: localhost
port: 35357
user: ironic
password: password
tenant: service
message_queue:
engine: rabbitmq
host: localhost
port: 5672
user: openstack
password: password
virtual_host: '/openstack'
conductor:
enabled: true
version: mitaka
database:
engine: mysql
host: localhost
port: 3306
name: ironic
user: ironic
password: password
message_queue:
engine: rabbitmq
host: localhost
port: 5672
user: openstack
password: password
virtual_host: '/openstack'
Standalone ironic without keystone
.. code-block:: yaml
ironic:
api:
version: mitaka
enabled: true
bind:
address: 0.0.0.0
port: 6385
database:
engine: mysql
host: localhost
port: 3306
name: ironic
user: ironic
password: password
identity:
engine: noauth
message_queue:
engine: rabbitmq
host: localhost
port: 5672
user: openstack
password: password
virtual_host: '/openstack'
conductor:
enabled: true
version: mitaka
database:
engine: mysql
host: localhost
port: 3306
name: ironic
user: ironic
password: password
message_queue:
engine: rabbitmq
host: localhost
port: 5672
user: openstack
password: password
virtual_host: '/openstack'
Enable x509 and ssl communication between Ironic and Galera cluster.
---------------------
By default communication between Ironic and Galera is unsecure.
ironic:
api:
database:
x509:
enabled: True
conductor:
database:
x509:
enabled: True
You able to set custom certificates in pillar:
ironic:
api:
database:
x509:
cacert: (certificate content)
cert: (certificate content)
key: (certificate content)
conductor:
database:
x509:
cacert: (certificate content)
cert: (certificate content)
key: (certificate content)
You can read more about it here:
https://docs.openstack.org/security-guide/databases/database-access-control.html
Enable x509 and ssl communication between Ironic and Rabbitmq.
---------------------
By default communication between Ironic and Rabbitmq is unsecure.
.. code-block:: yaml
ironic:
api:
message_queue:
x509:
enabled: True
conductor:
message_queue:
x509:
enabled: True
You able to set custom certificates in pillar:
.. code-block:: yaml
ironic:
api:
message_queue:
x509:
cacert: (certificate content)
cert: (certificate content)
key: (certificate content)
conductor:
message_queue:
x509:
cacert: (certificate content)
cert: (certificate content)
key: (certificate content)
You can read more about it here:
https://docs.openstack.org/security-guide/messaging/security.html
Ironic service with cache and security enabled
.. code-block:: yaml
ironic:
api:
enabled: true
version: pike
cache:
engine: memcached
members:
- host: 127.0.0.1
port: 11211
- host: 127.0.0.1
port: 11211
security:
enabled: true
strategy: ENCRYPT
secret_key: secret
Change default options using configmap template settings
========================================================
.. code-block:: yaml
ironic:
api:
configmap:
DEFAULT:
enabled_drivers: pxe_ipmitool
enabled_hardware_types: ipmi
enabled_boot_interfaces: pxe
api:
host_ip: 0.0.0.0
port: 6385
max_limit: 1000
conductor:
configmap:
DEFAULT:
enabled_drivers: pxe_ipmitool
enabled_hardware_types: ipmi
enabled_boot_interfaces: pxe
disk_partitioner:
check_device_interval: 1
check_device_max_retries: 20
disk_utils:
efi_system_partition_size: 200
bios_boot_partition_size: 1