blob: 4d76b859369269770c6442faf4b05213ad67dd2b [file] [log] [blame]
Vasyl Saienko8403d172017-04-27 14:21:46 +03001
Pavel Cizinsky2d241f12018-12-12 12:02:03 +01002======
Vasyl Saienko8403d172017-04-27 14:21:46 +03003ironic
Pavel Cizinsky2d241f12018-12-12 12:02:03 +01004======
Vasyl Saienko8403d172017-04-27 14:21:46 +03005
6Service ironic description
7
8Sample pillars
9==============
10
11Single ironic service
12
13.. code-block:: yaml
14
15 ironic:
16 api:
17 enabled: true
18 version: mitaka
19 bind:
20 address: 0.0.0.0
21 port: 6385
22 database:
23 engine: mysql
24 host: localhost
25 port: 3306
26 name: ironic
27 user: ironic
28 password: password
29 identity:
30 engine: keystone
31 region: RegionOne
32 host: localhost
33 port: 35357
34 user: ironic
35 password: password
36 tenant: service
37 message_queue:
38 engine: rabbitmq
39 host: localhost
40 port: 5672
41 user: openstack
42 password: password
43 virtual_host: '/openstack'
44 conductor:
45 enabled: true
46 version: mitaka
47 database:
48 engine: mysql
49 host: localhost
50 port: 3306
51 name: ironic
52 user: ironic
53 password: password
54 message_queue:
55 engine: rabbitmq
56 host: localhost
57 port: 5672
58 user: openstack
59 password: password
60 virtual_host: '/openstack'
61
62Standalone ironic without keystone
63
64.. code-block:: yaml
65
66 ironic:
67 api:
68 version: mitaka
69 enabled: true
70 bind:
71 address: 0.0.0.0
72 port: 6385
73 database:
74 engine: mysql
75 host: localhost
76 port: 3306
77 name: ironic
78 user: ironic
79 password: password
80 identity:
81 engine: noauth
82 message_queue:
83 engine: rabbitmq
84 host: localhost
85 port: 5672
86 user: openstack
87 password: password
88 virtual_host: '/openstack'
89 conductor:
90 enabled: true
91 version: mitaka
92 database:
93 engine: mysql
94 host: localhost
95 port: 3306
96 name: ironic
97 user: ironic
98 password: password
99 message_queue:
100 engine: rabbitmq
101 host: localhost
102 port: 5672
103 user: openstack
104 password: password
105 virtual_host: '/openstack'
Oleksandr Shyshko258bf7c2018-09-13 14:23:29 +0300106
107Enable x509 and ssl communication between Ironic and Galera cluster.
108---------------------
109By default communication between Ironic and Galera is unsecure.
110
111ironic:
112 api:
113 database:
114 x509:
115 enabled: True
116 conductor:
117 database:
118 x509:
119 enabled: True
120
121You able to set custom certificates in pillar:
122
123ironic:
124 api:
125 database:
126 x509:
127 cacert: (certificate content)
128 cert: (certificate content)
129 key: (certificate content)
130 conductor:
131 database:
132 x509:
133 cacert: (certificate content)
134 cert: (certificate content)
135 key: (certificate content)
136
137You can read more about it here:
138 https://docs.openstack.org/security-guide/databases/database-access-control.html
139
Oleksandr Shyshkoc51d28c2018-09-20 12:30:00 +0300140Enable x509 and ssl communication between Ironic and Rabbitmq.
141---------------------
142By default communication between Ironic and Rabbitmq is unsecure.
143
144.. code-block:: yaml
145
146ironic:
147 api:
148 message_queue:
149 x509:
150 enabled: True
151 conductor:
152 message_queue:
153 x509:
154 enabled: True
155
156You able to set custom certificates in pillar:
157
158.. code-block:: yaml
159
160ironic:
161 api:
162 message_queue:
163 x509:
164 cacert: (certificate content)
165 cert: (certificate content)
166 key: (certificate content)
167 conductor:
168 message_queue:
169 x509:
170 cacert: (certificate content)
171 cert: (certificate content)
172 key: (certificate content)
173
174You can read more about it here:
175 https://docs.openstack.org/security-guide/messaging/security.html
Oleksandr Bryndzii69a6d022018-11-07 12:38:16 +0200176
177Ironic service with cache and security enabled
178
179.. code-block:: yaml
180
181 ironic:
182 api:
183 enabled: true
184 version: pike
185 cache:
186 engine: memcached
187 members:
188 - host: 127.0.0.1
189 port: 11211
190 - host: 127.0.0.1
191 port: 11211
192 security:
193 enabled: true
194 strategy: ENCRYPT
195 secret_key: secret
Vasyl Saienkoebaa23c2019-01-19 09:14:36 +0000196
Vasyl Saienko22f94f52019-01-29 10:56:16 +0000197
198Enable serial console for Baremetal Nodes
199-----------------------------------------
200
201.. code-block:: yaml
202
203 ironic:
204 conductor:
205 console:
206 terminal: shellinaboxd
207 terminal_cert_dir: /tmp/ca
208 terminal_timeout: 10
209 subprocess_checking_interval: 1
210 subprocess_timeout: 10
211 socat_address: 127.0.0.1
212
213You can read more info about it here:
214 https://docs.openstack.org/ironic/pike/admin/console.html#node-serial-console
215
216
Vasyl Saienkoebaa23c2019-01-19 09:14:36 +0000217Ensure nodes are in target state (available).
218Starting from 1.11 API microversion newly-created node is moved to `enroll`
219state. To move it to available the following client pillar might be used:
220
221.. code-block:: yaml
222
223 ironic:
224 client:
225 node_state_transition:
226 enabled: true
227 enroll_to_available:
228 provision_state: 'enroll'
229 pool_size: 5
230 sleep_time: 10
231 timeout: 15