Blame - README.rst - salt-formulas/ironic

blob: 17d5c9f1ffbd6016d27e272c14ea3efbad377767 [file] [log] [blame]

Vasyl Saienko	8403d17	2017-04-27 14:21:46 +0300	[diff] [blame]	1
Pavel Cizinsky	2d241f1	2018-12-12 12:02:03 +0100	[diff] [blame]	2	======
Vasyl Saienko	8403d17	2017-04-27 14:21:46 +0300	[diff] [blame]	3	ironic
Pavel Cizinsky	2d241f1	2018-12-12 12:02:03 +0100	[diff] [blame]	4	======
Vasyl Saienko	8403d17	2017-04-27 14:21:46 +0300	[diff] [blame]	5
				6	Service ironic description
				7
				8	Sample pillars
				9	==============
				10
				11	Single ironic service
				12
				13	.. code-block:: yaml
				14
				15	ironic:
				16	api:
				17	enabled: true
				18	version: mitaka
				19	bind:
				20	address: 0.0.0.0
				21	port: 6385
Ivan Berezovskiy	0c6b38c	2019-11-19 15:23:05 +0400	[diff] [blame^]	22	concurrency:
				23	lock_path: '/var/lib/ironic/tmp'
Vasyl Saienko	8403d17	2017-04-27 14:21:46 +0300	[diff] [blame]	24	database:
				25	engine: mysql
				26	host: localhost
				27	port: 3306
				28	name: ironic
				29	user: ironic
				30	password: password
				31	identity:
				32	engine: keystone
				33	region: RegionOne
				34	host: localhost
				35	port: 35357
				36	user: ironic
				37	password: password
				38	tenant: service
				39	message_queue:
				40	engine: rabbitmq
				41	host: localhost
				42	port: 5672
				43	user: openstack
				44	password: password
				45	virtual_host: '/openstack'
				46	conductor:
				47	enabled: true
				48	version: mitaka
Ivan Berezovskiy	0c6b38c	2019-11-19 15:23:05 +0400	[diff] [blame^]	49	concurrency:
				50	lock_path: '/var/lib/ironic/tmp'
Vasyl Saienko	8403d17	2017-04-27 14:21:46 +0300	[diff] [blame]	51	database:
				52	engine: mysql
				53	host: localhost
				54	port: 3306
				55	name: ironic
				56	user: ironic
				57	password: password
				58	message_queue:
				59	engine: rabbitmq
				60	host: localhost
				61	port: 5672
				62	user: openstack
				63	password: password
				64	virtual_host: '/openstack'
				65
				66	Standalone ironic without keystone
				67
				68	.. code-block:: yaml
				69
				70	ironic:
				71	api:
				72	version: mitaka
				73	enabled: true
				74	bind:
				75	address: 0.0.0.0
				76	port: 6385
				77	database:
				78	engine: mysql
				79	host: localhost
				80	port: 3306
				81	name: ironic
				82	user: ironic
				83	password: password
				84	identity:
				85	engine: noauth
				86	message_queue:
				87	engine: rabbitmq
				88	host: localhost
				89	port: 5672
				90	user: openstack
				91	password: password
				92	virtual_host: '/openstack'
				93	conductor:
				94	enabled: true
				95	version: mitaka
				96	database:
				97	engine: mysql
				98	host: localhost
				99	port: 3306
				100	name: ironic
				101	user: ironic
				102	password: password
				103	message_queue:
				104	engine: rabbitmq
				105	host: localhost
				106	port: 5672
				107	user: openstack
				108	password: password
				109	virtual_host: '/openstack'
Oleksandr Shyshko	258bf7c	2018-09-13 14:23:29 +0300	[diff] [blame]	110
				111	Enable x509 and ssl communication between Ironic and Galera cluster.
				112	---------------------
				113	By default communication between Ironic and Galera is unsecure.
				114
				115	ironic:
				116	api:
				117	database:
				118	x509:
				119	enabled: True
				120	conductor:
				121	database:
				122	x509:
				123	enabled: True
				124
				125	You able to set custom certificates in pillar:
				126
				127	ironic:
				128	api:
				129	database:
				130	x509:
				131	cacert: (certificate content)
				132	cert: (certificate content)
				133	key: (certificate content)
				134	conductor:
				135	database:
				136	x509:
				137	cacert: (certificate content)
				138	cert: (certificate content)
				139	key: (certificate content)
				140
				141	You can read more about it here:
				142	https://docs.openstack.org/security-guide/databases/database-access-control.html
				143
Oleksandr Shyshko	c51d28c	2018-09-20 12:30:00 +0300	[diff] [blame]	144	Enable x509 and ssl communication between Ironic and Rabbitmq.
				145	---------------------
				146	By default communication between Ironic and Rabbitmq is unsecure.
				147
				148	.. code-block:: yaml
				149
				150	ironic:
				151	api:
				152	message_queue:
				153	x509:
				154	enabled: True
				155	conductor:
				156	message_queue:
				157	x509:
				158	enabled: True
				159
				160	You able to set custom certificates in pillar:
				161
				162	.. code-block:: yaml
				163
				164	ironic:
				165	api:
				166	message_queue:
				167	x509:
				168	cacert: (certificate content)
				169	cert: (certificate content)
				170	key: (certificate content)
				171	conductor:
				172	message_queue:
				173	x509:
				174	cacert: (certificate content)
				175	cert: (certificate content)
				176	key: (certificate content)
				177
				178	You can read more about it here:
				179	https://docs.openstack.org/security-guide/messaging/security.html
Oleksandr Bryndzii	69a6d02	2018-11-07 12:38:16 +0200	[diff] [blame]	180
				181	Ironic service with cache and security enabled
				182
				183	.. code-block:: yaml
				184
				185	ironic:
				186	api:
				187	enabled: true
				188	version: pike
				189	cache:
				190	engine: memcached
				191	members:
				192	- host: 127.0.0.1
				193	port: 11211
				194	- host: 127.0.0.1
				195	port: 11211
				196	security:
				197	enabled: true
				198	strategy: ENCRYPT
				199	secret_key: secret
Vasyl Saienko	ebaa23c	2019-01-19 09:14:36 +0000	[diff] [blame]	200
Vasyl Saienko	22f94f5	2019-01-29 10:56:16 +0000	[diff] [blame]	201
				202	Enable serial console for Baremetal Nodes
				203	-----------------------------------------
				204
				205	.. code-block:: yaml
				206
				207	ironic:
				208	conductor:
				209	console:
				210	terminal: shellinaboxd
				211	terminal_cert_dir: /tmp/ca
				212	terminal_timeout: 10
				213	subprocess_checking_interval: 1
				214	subprocess_timeout: 10
Kostiantyn Ovchynnykov	878c514	2019-08-22 11:57:46 +0300	[diff] [blame]	215	kill_timeout: 1
Vasyl Saienko	22f94f5	2019-01-29 10:56:16 +0000	[diff] [blame]	216	socat_address: 127.0.0.1
				217
				218	You can read more info about it here:
				219	https://docs.openstack.org/ironic/pike/admin/console.html#node-serial-console
				220
				221
Vasyl Saienko	ebaa23c	2019-01-19 09:14:36 +0000	[diff] [blame]	222	Ensure nodes are in target state (available).
				223	Starting from 1.11 API microversion newly-created node is moved to `enroll`
				224	state. To move it to available the following client pillar might be used:
				225
				226	.. code-block:: yaml
				227
				228	ironic:
				229	client:
				230	node_state_transition:
				231	enabled: true
				232	enroll_to_available:
				233	provision_state: 'enroll'
				234	pool_size: 5
				235	sleep_time: 10
				236	timeout: 15
root	afa89e6	2019-02-05 16:44:43 +0000	[diff] [blame]	237
Oleksandr Pidrepnyi	c2db714	2019-05-13 16:18:47 +0300	[diff] [blame]	238	Change default options using configmap template settings
				239	========================================================
				240
				241	.. code-block:: yaml
				242
				243	ironic:
				244	api:
				245	configmap:
				246	DEFAULT:
				247	enabled_drivers: pxe_ipmitool
				248	enabled_hardware_types: ipmi
				249	enabled_boot_interfaces: pxe
				250	api:
				251	host_ip: 0.0.0.0
				252	port: 6385
				253	max_limit: 1000
				254	conductor:
				255	configmap:
				256	DEFAULT:
				257	enabled_drivers: pxe_ipmitool
				258	enabled_hardware_types: ipmi
				259	enabled_boot_interfaces: pxe
				260	disk_partitioner:
				261	check_device_interval: 1
				262	check_device_max_retries: 20
				263	disk_utils:
				264	efi_system_partition_size: 200
				265	bios_boot_partition_size: 1
				266
Kostiantyn Ovchynnykov	4c3ba1f	2019-08-22 12:26:26 +0300	[diff] [blame]	267	Enable direct http deploy feature
				268	========================================================
				269
				270	.. code-block:: yaml
				271
				272	ironic:
				273	conductor:
				274	image_download_source: http
				275
root	afa89e6	2019-02-05 16:44:43 +0000	[diff] [blame]	276	Upgrades
				277	========
				278
				279	Each openstack formula provide set of phases (logical blocks) that will help to
				280	build flexible upgrade orchestration logic for particular components. The list
				281	of phases and theirs descriptions are listed in table below:
				282
				283	+-------------------------------+------------------------------------------------------+
				284	\| State \| Description \|
				285	+===============================+======================================================+
				286	\| <app>.upgrade.service_running \| Ensure that all services for particular application \|
				287	\| \| are enabled for autostart and running \|
				288	+-------------------------------+------------------------------------------------------+
				289	\| <app>.upgrade.service_stopped \| Ensure that all services for particular application \|
				290	\| \| disabled for autostart and dead \|
				291	+-------------------------------+------------------------------------------------------+
				292	\| <app>.upgrade.pkgs_latest \| Ensure that packages used by particular application \|
				293	\| \| are installed to latest available version. \|
				294	\| \| This will not upgrade data plane packages like qemu \|
				295	\| \| and openvswitch as usually minimal required version \|
				296	\| \| in openstack services is really old. The data plane \|
				297	\| \| packages should be upgraded separately by `apt-get \|
				298	\| \| upgrade` or `apt-get dist-upgrade` \|
				299	\| \| Applying this state will not autostart service. \|
				300	+-------------------------------+------------------------------------------------------+
				301	\| <app>.upgrade.render_config \| Ensure configuration is rendered actual version. +
				302	+-------------------------------+------------------------------------------------------+
				303	\| <app>.upgrade.pre \| We assume this state is applied on all nodes in the \|
				304	\| \| cloud before running upgrade. \|
				305	\| \| Only non destructive actions will be applied during \|
				306	\| \| this phase. Perform service built in service check \|
				307	\| \| like (keystone-manage doctor and nova-status upgrade)\|
				308	+-------------------------------+------------------------------------------------------+
				309	\| <app>.upgrade.upgrade.pre \| Mostly applicable for data plane nodes. During this \|
				310	\| \| phase resources will be gracefully removed from \|
				311	\| \| current node if it is allowed. Services for upgraded \|
				312	\| \| application will be set to admin disabled state to \|
				313	\| \| make sure node will not participate in resources \|
				314	\| \| scheduling. For example on gtw nodes this will set \|
				315	\| \| all agents to admin disable state and will move all \|
				316	\| \| routers to other agents. \|
				317	+-------------------------------+------------------------------------------------------+
				318	\| <app>.upgrade.upgrade \| This state will basically upgrade application on \|
				319	\| \| particular target. Stop services, render \|
				320	\| \| configuration, install new packages, run offline \|
				321	\| \| dbsync (for ctl), start services. Data plane should \|
				322	\| \| not be affected, only OpenStack python services. \|
				323	+-------------------------------+------------------------------------------------------+
				324	\| <app>.upgrade.upgrade.post \| Add services back to scheduling. \|
				325	+-------------------------------+------------------------------------------------------+
				326	\| <app>.upgrade.post \| This phase should be launched only when upgrade of \|
				327	\| \| the cloud is completed. Cleanup temporary files, \|
				328	\| \| perform other post upgrade tasks. \|
				329	+-------------------------------+------------------------------------------------------+
				330	\| <app>.upgrade.verify \| Here we will do basic health checks (API CRUD \|
				331	\| \| operations, verify do not have dead network \|
				332	\| \| agents/compute services) \|
				333	+-------------------------------+------------------------------------------------------+
				334
				335	Upgrade pillar example:
				336	ironic:
				337	upgrade:
				338	enabled: True
				339	old_release: pike
				340	new_release: queens