diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index d7eeba5..0000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,13 +0,0 @@ -cookbook-openstack-bare-metal CHANGELOG -======================================= - -This file is used to list changes made in each version of the cookbook-openstack-bare-metal cookbook. - -11.0.0 ------ -- Initial release of cookbook-openstack-bare-metal for Kilo - -- - - -Check the [Markdown Syntax Guide](http://daringfireball.net/projects/markdown/syntax) for help with Markdown. - -The [Github Flavored Markdown page](http://github.github.com/github-flavored-markdown/) describes the differences between markdown on github and standard markdown. diff --git a/attributes/common-temp.rb b/attributes/common-temp.rb new file mode 100644 index 0000000..61c8052 --- /dev/null +++ b/attributes/common-temp.rb @@ -0,0 +1,101 @@ +# encoding: UTF-8 +# +# Cookbook Name:: openstack-bare-metal +# Attributes:: common-temp +# +# Copyright 2015, IBM, Corp +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# TODO(wenchma) The following attributes are temporary workaround. +# These could be removed and replaced by the following patch once Kilo branch is created. +# https://review.openstack.org/#/c/148458/ + +# Database used by OpenStack Bare Metal (Ironic) +default['openstack']['db']['bare-metal']['service_type'] = node['openstack']['db']['service_type'] +default['openstack']['db']['bare-metal']['host'] = node['openstack']['endpoints']['db']['host'] +default['openstack']['db']['bare-metal']['port'] = node['openstack']['endpoints']['db']['port'] +default['openstack']['db']['bare-metal']['db_name'] = 'ironic' +default['openstack']['db']['bare-metal']['username'] = 'ironic' +default['openstack']['db']['bare-metal']['options'] = node['openstack']['db']['options'] + +# Default attributes when not using data bags (use_databags = false) +%w{user service db token}.each do |type| + default['openstack']['secret']['bare-metal'][type] = "bare-metal-#{type}" +end + +qpid_defaults = { + username: node['openstack']['mq']['user'], + sasl_mechanisms: '', + reconnect: true, + reconnect_timeout: 0, + reconnect_limit: 0, + reconnect_interval_min: 0, + reconnect_interval_max: 0, + reconnect_interval: 0, + heartbeat: 60, + protocol: node['openstack']['mq']['qpid']['protocol'], + tcp_nodelay: true, + host: node['openstack']['endpoints']['mq']['host'], + port: node['openstack']['endpoints']['mq']['port'], + qpid_hosts: ["#{node['openstack']['endpoints']['mq']['host']}:#{node['openstack']['endpoints']['mq']['port']}"], + topology_version: node['openstack']['mq']['qpid']['topology_version'] +} + +rabbit_defaults = { + userid: node['openstack']['mq']['user'], + vhost: node['openstack']['mq']['vhost'], + port: node['openstack']['endpoints']['mq']['port'], + host: node['openstack']['endpoints']['mq']['host'], + ha: node['openstack']['mq']['rabbitmq']['ha'], + use_ssl: node['openstack']['mq']['rabbitmq']['use_ssl'] +} + +default['openstack']['mq']['bare-metal']['service_type'] = node['openstack']['mq']['service_type'] +default['openstack']['mq']['bare-metal']['notification_topic'] = 'notifications' + +default['openstack']['mq']['bare-metal']['durable_queues'] = + node['openstack']['mq']['durable_queues'] +default['openstack']['mq']['bare-metal']['auto_delete'] = + node['openstack']['mq']['auto_delete'] + +case node['openstack']['mq']['bare-metal']['service_type'] +when 'qpid' + qpid_defaults.each do |key, val| + default['openstack']['mq']['bare-metal']['qpid'][key.to_s] = val + end +when 'rabbitmq' + rabbit_defaults.each do |key, val| + default['openstack']['mq']['bare-metal']['rabbit'][key.to_s] = val + end +end + +default['openstack']['mq']['bare-metal']['qpid']['notification_topic'] = + node['openstack']['mq']['bare-metal']['notification_topic'] +default['openstack']['mq']['bare-metal']['rabbit']['notification_topic'] = + node['openstack']['mq']['bare-metal']['notification_topic'] +default['openstack']['mq']['bare-metal']['control_exchange'] = 'ironic' + +# ******************** OpenStack Bare Metal Endpoints ***************************** + +# The OpenStack Bare Metal (Ironic) API endpoint +default['openstack']['endpoints']['bare-metal-api-bind']['host'] = node['openstack']['endpoints']['bind-host'] +default['openstack']['endpoints']['bare-metal-api-bind']['port'] = '6385' +default['openstack']['endpoints']['bare-metal-api-bind']['bind_interface'] = nil + +default['openstack']['endpoints']['bare-metal-api']['host'] = node['openstack']['endpoints']['host'] +default['openstack']['endpoints']['bare-metal-api']['scheme'] = 'http' +default['openstack']['endpoints']['bare-metal-api']['port'] = '6385' +default['openstack']['endpoints']['bare-metal-api']['path'] = '' +default['openstack']['endpoints']['bare-metal-api']['bind_interface'] = nil diff --git a/attributes/default.rb b/attributes/default.rb new file mode 100644 index 0000000..620b0e1 --- /dev/null +++ b/attributes/default.rb @@ -0,0 +1,81 @@ +# encoding: UTF-8 +# +# Cookbook Name:: openstack-bare-metal +# Attributes:: default +# +# Copyright 2015, IBM, Corp +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Set to some text value if you want templated config files +# to contain a custom banner at the top of the written file +default['openstack']['bare-metal']['custom_template_banner'] = " +# This file autogenerated by Chef +# Do not edit, changes will be overwritten +" + +default['openstack']['bare-metal']['verbose'] = 'false' +default['openstack']['bare-metal']['debug'] = 'false' + +# Common rpc definitions +default['openstack']['bare-metal']['rpc_thread_pool_size'] = 64 +default['openstack']['bare-metal']['rpc_conn_pool_size'] = 30 +default['openstack']['bare-metal']['rpc_response_timeout'] = 60 + +# Logging stuff +default['openstack']['bare-metal']['log_dir'] = '/var/log/ironic' + +default['openstack']['bare-metal']['syslog']['use'] = false +default['openstack']['bare-metal']['syslog']['facility'] = 'LOG_LOCAL1' +default['openstack']['bare-metal']['syslog']['config_facility'] = 'local1' + +default['openstack']['bare-metal']['region'] = node['openstack']['region'] + +# Keystone settings +default['openstack']['bare-metal']['api']['auth_strategy'] = 'keystone' + +default['openstack']['bare-metal']['api']['auth']['version'] = node['openstack']['api']['auth']['version'] + +default['openstack']['bare-metal']['service_tenant_name'] = 'service' +default['openstack']['bare-metal']['service_user'] = 'ironic' +default['openstack']['bare-metal']['service_role'] = 'admin' + +default['openstack']['bare-metal']['user'] = 'ironic' +default['openstack']['bare-metal']['group'] = 'ironic' + +# rootwrap.conf +default['openstack']['bare-metal']['rootwrap']['filters_path'] = '/etc/ironic/rootwrap.d,/usr/share/ironic/rootwrap' +default['openstack']['bare-metal']['rootwrap']['exec_dirs'] = '/sbin,/usr/sbin,/bin,/usr/bin' +default['openstack']['bare-metal']['rootwrap']['use_syslog'] = false +default['openstack']['bare-metal']['rootwrap']['syslog_log_facility'] = 'syslog' +default['openstack']['bare-metal']['rootwrap']['syslog_log_level'] = 'ERROR' + +case platform_family +when 'fedora', 'rhel' + default['openstack']['bare-metal']['platform'] = { + 'ironic_api_packages' => ['openstack-ironic-api'], + 'ironic_api_service' => 'openstack-ironic-api', + 'ironic_conductor_packages' => ['openstack-ironic-conductor'], + 'ironic_conductor_service' => 'openstack-ironic-conductor', + 'ironic_common_packages' => ['openstack-ironic-common', 'python-ironicclient'] + } +when 'debian' + default['openstack']['bare-metal']['platform'] = { + 'ironic_api_packages' => ['ironic-api'], + 'ironic_api_service' => 'ironic-api', + 'ironic_conductor_packages' => ['ironic-conductor'], + 'ironic_conductor_service' => 'ironic-conductor', + 'ironic_common_packages' => ['python-ironicclient'] + } +end diff --git a/metadata.rb b/metadata.rb index a3ede60..aaa2321 100644 --- a/metadata.rb +++ b/metadata.rb @@ -6,4 +6,10 @@ description 'Installs/Configures OpenStack Bare Metal service Ironic' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '11.0.0' +recipe 'openstack-bare-metal::api', 'Installs the ironic-api, sets up the ironic database' +recipe 'openstack-bare-metal::conductor', 'Installs the ironic-conductor service' +recipe 'openstack-bare-metal::default', 'Temp workaround to create ironic db with user' +recipe 'openstack-bare-metal::identity_registration', 'Registers ironic service/user/endpoints in keystone' +recipe 'openstack-bare-metal::ironic-common', 'Defines the common pieces of repeated code from the other recipes' + depends 'openstack-common', '~> 10.0' diff --git a/recipes/api.rb b/recipes/api.rb new file mode 100644 index 0000000..506327b --- /dev/null +++ b/recipes/api.rb @@ -0,0 +1,55 @@ +# Encoding: utf-8 +# +# Cookbook Name:: openstack-bare-metal +# Recipe:: api +# +# Copyright 2015, IBM Corp. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe # rubocop:disable Documentation + include ::Openstack +end + +include_recipe 'openstack-bare-metal::ironic-common' + +platform_options = node['openstack']['bare-metal']['platform'] + +platform_options['ironic_api_packages'].each do |pkg| + package pkg do + action :upgrade + + notifies :restart, 'service[ironic-api]' + end +end + +service 'ironic-api' do + service_name platform_options['ironic_api_service'] + supports status: true, restart: true + + action [:enable] + + subscribes :restart, 'template[/etc/ironic/ironic.conf]' + + platform_options['ironic_common_packages'].each do |pkg| + subscribes :restart, "package[#{pkg}]" + end +end + +execute 'ironic db sync' do + command 'ironic-dbsync --config-file /etc/ironic/ironic.conf create_schema' + user node['openstack']['bare-metal']['user'] + group node['openstack']['bare-metal']['group'] + action :run +end diff --git a/recipes/conductor.rb b/recipes/conductor.rb new file mode 100644 index 0000000..e24bfd0 --- /dev/null +++ b/recipes/conductor.rb @@ -0,0 +1,48 @@ +# Encoding: utf-8 +# +# Cookbook Name:: openstack-bare-metal +# Recipe:: conductor +# +# Copyright 2015, IBM Corp. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe # rubocop:disable Documentation + include ::Openstack +end + +include_recipe 'openstack-bare-metal::ironic-common' + +platform_options = node['openstack']['bare-metal']['platform'] + +platform_options['ironic_conductor_packages'].each do |pkg| + package pkg do + action :upgrade + + notifies :restart, 'service[ironic-conductor]' + end +end + +service 'ironic-conductor' do + service_name platform_options['ironic_conductor_service'] + supports status: true, restart: true + + action [:enable] + + subscribes :restart, 'template[/etc/ironic/ironic.conf]' + + platform_options['ironic_common_packages'].each do |pkg| + subscribes :restart, "package[#{pkg}]" + end +end diff --git a/recipes/default.rb b/recipes/default.rb new file mode 100644 index 0000000..dbfc8ef --- /dev/null +++ b/recipes/default.rb @@ -0,0 +1,32 @@ +# Encoding: utf-8 +# +# Cookbook Name:: openstack-bare-metal +# Recipe:: default +# +# Copyright 2015, IBM Corp. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe # rubocop:disable Documentation + include ::Openstack +end + +# TODO(wenchma) A temporary workaround to ironic database with user instead of openstack-ops-database. +# These could be removed and replaced by the following patch once Kilo branch is created. +# https://review.openstack.org/#/c/148463/ +db_create_with_user( + 'bare-metal', + node['openstack']['db']['bare-metal']['username'], + get_password('db', 'ironic') +) diff --git a/recipes/identity_registration.rb b/recipes/identity_registration.rb new file mode 100644 index 0000000..44007fb --- /dev/null +++ b/recipes/identity_registration.rb @@ -0,0 +1,86 @@ +# encoding: UTF-8 +# +# Cookbook Name:: openstack-bare-metal +# Recipe:: identity_registration +# +# Copyright 2015, IBM, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'uri' + +class ::Chef::Recipe # rubocop:disable Documentation + include ::Openstack +end + +identity_admin_endpoint = endpoint 'identity-admin' +bootstrap_token = get_secret 'openstack_identity_bootstrap_token' +auth_uri = ::URI.decode identity_admin_endpoint.to_s +ironic_api_endpoint = endpoint 'bare-metal-api' +service_pass = get_password 'service', 'openstack-bare-metal' +region = node['openstack']['bare-metal']['region'] +service_tenant_name = node['openstack']['bare-metal']['service_tenant_name'] +service_user = node['openstack']['bare-metal']['service_user'] +service_role = node['openstack']['bare-metal']['service_role'] + +openstack_identity_register 'Register Service Tenant' do + auth_uri auth_uri + bootstrap_token bootstrap_token + tenant_name service_tenant_name + tenant_description 'Service Tenant' + + action :create_tenant +end + +openstack_identity_register 'Register Ironic bare metal Service' do + auth_uri auth_uri + bootstrap_token bootstrap_token + service_name 'ironic' + service_type 'baremetal' + service_description 'Ironic bare metal provisioning service' + + action :create_service +end + +openstack_identity_register 'Register Ironic bare metal Endpoint' do + auth_uri auth_uri + bootstrap_token bootstrap_token + service_type 'baremetal' + endpoint_region region + endpoint_adminurl ::URI.decode ironic_api_endpoint.to_s + endpoint_internalurl ::URI.decode ironic_api_endpoint.to_s + endpoint_publicurl ::URI.decode ironic_api_endpoint.to_s + + action :create_endpoint +end + +openstack_identity_register 'Register Ironic bare metal Service User' do + auth_uri auth_uri + bootstrap_token bootstrap_token + tenant_name service_tenant_name + user_name service_user + user_pass service_pass + + action :create_user +end + +openstack_identity_register 'Grant service Role to Ironic Service User for Ironic Service Tenant' do + auth_uri auth_uri + bootstrap_token bootstrap_token + tenant_name service_tenant_name + user_name service_user + role_name service_role + + action :grant_role +end diff --git a/recipes/ironic-common.rb b/recipes/ironic-common.rb new file mode 100644 index 0000000..f408bd9 --- /dev/null +++ b/recipes/ironic-common.rb @@ -0,0 +1,98 @@ +# Encoding: utf-8 +# +# Cookbook Name:: openstack-bare-metal +# Recipe:: ironic-common +# +# Copyright 2015, IBM Corp. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe # rubocop:disable Documentation + include ::Openstack +end + +if node['openstack']['bare-metal']['syslog']['use'] + include_recipe 'openstack-common::logging' +end + +platform_options = node['openstack']['bare-metal']['platform'] + +platform_options['ironic_common_packages'].each do |pkg| + package pkg do + action :upgrade + end +end + +db_type = node['openstack']['db']['bare-metal']['service_type'] +node['openstack']['db']['python_packages'][db_type].each do |pkg| + package pkg do + action :upgrade + end +end + +directory '/etc/ironic' do + owner node['openstack']['bare-metal']['user'] + group node['openstack']['bare-metal']['group'] + mode 00750 + action :create +end + +db_user = node['openstack']['db']['bare-metal']['username'] +db_pass = get_password 'db', 'ironic' +db_connection = db_uri('bare-metal', db_user, db_pass) + +mq_service_type = node['openstack']['mq']['bare-metal']['service_type'] + +if mq_service_type == 'rabbitmq' + node['openstack']['mq']['bare-metal']['rabbit']['ha'] && (rabbit_hosts = rabbit_servers) + mq_password = get_password 'user', node['openstack']['mq']['bare-metal']['rabbit']['userid'] +elsif mq_service_type == 'qpid' + mq_password = get_password 'user', node['openstack']['mq']['bare-metal']['qpid']['username'] +end + +image_endpoint = endpoint 'image-api' + +identity_endpoint = endpoint 'identity-api' +identity_admin_endpoint = endpoint 'identity-admin' +service_pass = get_password 'service', 'openstack-bare-metal' + +auth_uri = auth_uri_transform(identity_endpoint.to_s, node['openstack']['bare-metal']['api']['auth']['version']) + +template '/etc/ironic/ironic.conf' do + source 'ironic.conf.erb' + owner node['openstack']['bare-metal']['user'] + group node['openstack']['bare-metal']['group'] + mode 00640 + variables( + db_connection: db_connection, + mq_service_type: mq_service_type, + mq_password: mq_password, + rabbit_hosts: rabbit_hosts, + identity_endpoint: identity_endpoint, + glance_protocol: image_endpoint.scheme, + glance_host: image_endpoint.host, + glance_port: image_endpoint.port, + auth_uri: auth_uri, + identity_admin_endpoint: identity_admin_endpoint, + service_pass: service_pass + ) +end + +template '/etc/ironic/rootwrap.conf' do + source 'rootwrap.conf.erb' + # Must be root! + owner 'root' + group 'root' + mode 00644 +end diff --git a/spec/api_spec.rb b/spec/api_spec.rb new file mode 100644 index 0000000..c3b91ea --- /dev/null +++ b/spec/api_spec.rb @@ -0,0 +1,67 @@ +# Encoding: utf-8 +# +# Cookbook Name:: openstack-bare-metal +# Spec:: api_spec +# +# Copyright 2015, IBM Corp. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative 'spec_helper' + +describe 'openstack-bare-metal::api' do + describe 'ubuntu' do + let(:runner) { ChefSpec::Runner.new(UBUNTU_OPTS) } + let(:node) { runner.node } + let(:chef_run) { runner.converge(described_recipe) } + + include_context 'bare-metal-stubs' + + it 'includes ironic common recipe' do + expect(chef_run).to include_recipe('openstack-bare-metal::ironic-common') + end + + it 'upgrades ironic api packages' do + expect(chef_run).to upgrade_package('ironic-api') + end + + describe 'ironic-api packages' do + let(:package) { chef_run.package('ironic-api') } + + it 'sends a notification to the service' do + expect(package).to notify('service[ironic-api]').to(:restart) + end + end + + it 'enables ironic api on boot' do + expect(chef_run).to enable_service('ironic-api') + end + + describe 'ironic-api' do + let(:service) { chef_run.service('ironic-api') } + + it 'subscribes to the template creation' do + expect(service).to subscribe_to('template[/etc/ironic/ironic.conf]') + end + + it 'subscribes to the common packages' do + expect(service).to subscribe_to('package[python-ironicclient]') + end + end + + it 'runs db migrations' do + expect(chef_run).to run_execute('ironic db sync').with(user: 'ironic', group: 'ironic') + end + end +end diff --git a/spec/conductor_spec.rb b/spec/conductor_spec.rb new file mode 100644 index 0000000..9eee0bd --- /dev/null +++ b/spec/conductor_spec.rb @@ -0,0 +1,63 @@ +# Encoding: utf-8 +# +# Cookbook Name:: openstack-bare-metal +# Spec:: conductor_spec +# +# Copyright 2015, IBM Corp. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative 'spec_helper' + +describe 'openstack-bare-metal::conductor' do + describe 'ubuntu' do + let(:runner) { ChefSpec::Runner.new(UBUNTU_OPTS) } + let(:node) { runner.node } + let(:chef_run) { runner.converge(described_recipe) } + + include_context 'bare-metal-stubs' + + it 'includes ironic common recipe' do + expect(chef_run).to include_recipe('openstack-bare-metal::ironic-common') + end + + it 'upgrades ironic api packages' do + expect(chef_run).to upgrade_package('ironic-conductor') + end + + describe 'ironic-conductor packages' do + let(:package) { chef_run.package('ironic-conductor') } + + it 'sends a notification to the service' do + expect(package).to notify('service[ironic-conductor]').to(:restart) + end + end + + it 'enables ironic conductor on boot' do + expect(chef_run).to enable_service('ironic-conductor') + end + + describe 'ironic-conductor' do + let(:service) { chef_run.service('ironic-conductor') } + + it 'subscribes to the template creation' do + expect(service).to subscribe_to('template[/etc/ironic/ironic.conf]') + end + + it 'subscribes to the common packages' do + expect(service).to subscribe_to('package[python-ironicclient]') + end + end + end +end diff --git a/spec/ironic-common_spec.rb b/spec/ironic-common_spec.rb new file mode 100644 index 0000000..80af1fc --- /dev/null +++ b/spec/ironic-common_spec.rb @@ -0,0 +1,110 @@ +# Encoding: utf-8 +# +# Cookbook Name:: openstack-bare-metal +# Spec:: ironic_common_spec +# +# Copyright 2015, IBM Corp. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require_relative 'spec_helper' + +describe 'openstack-bare-metal::ironic-common' do + describe 'ubuntu' do + let(:runner) { ChefSpec::Runner.new(UBUNTU_OPTS) } + let(:node) { runner.node } + let(:chef_run) { runner.converge(described_recipe) } + + include_context 'bare-metal-stubs' + + it 'upgrades ironic client packages' do + expect(chef_run).to upgrade_package('python-ironicclient') + end + + it 'upgrades mysql python package' do + expect(chef_run).to upgrade_package('python-mysqldb') + end + + describe '/etc/ironic' do + let(:dir) { chef_run.directory('/etc/ironic') } + + it 'should create the directory' do + expect(chef_run).to create_directory(dir.name) + end + + it 'has proper owner' do + expect(dir.owner).to eq('ironic') + expect(dir.group).to eq('ironic') + end + + it 'has proper modes' do + expect(sprintf('%o', dir.mode)).to eq('750') + end + end + + describe 'ironic.conf' do + let(:file) { chef_run.template('/etc/ironic/ironic.conf') } + + it 'should create the ironic.conf template' do + expect(chef_run).to create_template(file.name) + end + + it 'has proper owner' do + expect(file.owner).to eq('ironic') + expect(file.group).to eq('ironic') + end + + it 'has proper modes' do + expect(sprintf('%o', file.mode)).to eq('640') + end + end + + describe 'rootwrap.conf' do + let(:file) { chef_run.template('/etc/ironic/rootwrap.conf') } + + it 'should create the /etc/ironic/rootwrap.conf file' do + expect(chef_run).to create_template(file.name) + end + + it 'has proper owner' do + expect(file.owner).to eq('root') + expect(file.group).to eq('root') + end + + it 'has proper modes' do + expect(sprintf('%o', file.mode)).to eq('644') + end + + context 'template contents' do + it 'shows the custom banner' do + node.set['openstack']['bare-metal']['custom_template_banner'] = 'banner' + + expect(chef_run).to render_file(file.name).with_content(/^banner$/) + end + + it 'sets the default attributes' do + [ + %r(^filters_path=/etc/ironic/rootwrap.d,/usr/share/ironic/rootwrap$), + %r(^exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin$), + /^use_syslog=false$/, + /^syslog_log_facility=syslog$/, + /^syslog_log_level=ERROR$/ + ].each do |line| + expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line) + end + end + end + end + end +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index a6fcb23..a8843bd 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -20,3 +20,20 @@ UBUNTU_OPTS = { version: '14.04', log_level: ::LOG_LEVEL } + +shared_context 'bare-metal-stubs' do + before do + allow_any_instance_of(Chef::Recipe).to receive(:get_password) + .with('service', anything) + .and_return('') + allow_any_instance_of(Chef::Recipe).to receive(:get_password) + .with('db', anything) + .and_return('') + allow_any_instance_of(Chef::Recipe).to receive(:get_password) + .with('user', anything) + .and_return('') + allow_any_instance_of(Chef::Recipe).to receive(:get_secret) + .with('openstack_identity_bootstrap_token') + .and_return('bootstrap-token') + end +end diff --git a/templates/default/ironic.conf.erb b/templates/default/ironic.conf.erb new file mode 100644 index 0000000..21e4a3a --- /dev/null +++ b/templates/default/ironic.conf.erb @@ -0,0 +1,1310 @@ +<%= node['openstack']['bare-metal']['custom_template_banner'] %> + +[DEFAULT] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +amqp_durable_queues=<%= node['openstack']['mq']['bare-metal']['durable_queues'] %> + +# Auto-delete queues in AMQP. (boolean value) +amqp_auto_delete=<%= node['openstack']['mq']['bare-metal']['auto_delete'] %> + +# Size of RPC connection pool. (integer value) +rpc_conn_pool_size=<%= node['openstack']['bare-metal']['rpc_conn_pool_size'] %> + +<% if @mq_service_type == 'rabbitmq' %> +##### RABBITMQ ##### +# The RabbitMQ userid. (string value) +rabbit_userid=<%= node['openstack']['mq']['bare-metal']['rabbit']['userid'] %> + +# The RabbitMQ password. (string value) +rabbit_password=<%= @mq_password %> + +# The RabbitMQ virtual host. (string value) +rabbit_virtual_host=<%= node['openstack']['mq']['bare-metal']['rabbit']['vhost'] %> +<% if node['openstack']['mq']['bare-metal']['rabbit']['ha'] -%> +# RabbitMQ HA cluster host:port pairs. (list value) +rabbit_hosts=<%= @rabbit_hosts %> + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. (boolean +# value) +rabbit_ha_queues=True + +rabbit_use_ssl=<%= node['openstack']['mq']['bare-metal']['rabbit']['use_ssl'] %> +<% else -%> +# The RabbitMQ broker address where a single node is used. +# (string value) +rabbit_host=<%= node['openstack']['mq']['bare-metal']['rabbit']['host'] %> + +# The RabbitMQ broker port where a single node is used. +# (integer value) +rabbit_port=<%= node['openstack']['mq']['bare-metal']['rabbit']['port'] %> + +# Connect over SSL for RabbitMQ. (boolean value) +rabbit_use_ssl=<%= node['openstack']['mq']['bare-metal']['rabbit']['use_ssl'] %> +<% end -%> +<% end -%> + +<% if @mq_service_type == 'qpid' %> +##### QPID ##### +# Qpid broker hostname. (string value) +qpid_hostname=<%= node['openstack']['mq']['bare-metal']['qpid']['host'] %> + +# Qpid broker port. (integer value) +qpid_port=<%= node['openstack']['mq']['bare-metal']['qpid']['port'] %> + +# Password for Qpid connection. (string value) +qpid_password=<%= @mq_password %> + +# Username for Qpid connection. (string value) +qpid_username=<%= node['openstack']['mq']['bare-metal']['qpid']['username'] %> + +# Space separated list of SASL mechanisms to use for auth. +# (string value) +qpid_sasl_mechanisms=<%= node['openstack']['mq']['bare-metal']['qpid']['sasl_mechanisms'] %> +qpid_reconnect_timeout=<%= node['openstack']['mq']['bare-metal']['qpid']['reconnect_timeout'] %> +qpid_reconnect_limit=<%= node['openstack']['mq']['bare-metal']['qpid']['reconnect_limit'] %> +qpid_reconnect_interval_min=<%= node['openstack']['mq']['bare-metal']['qpid']['reconnect_interval_min'] %> +qpid_reconnect_interval_max=<%= node['openstack']['mq']['bare-metal']['qpid']['reconnect_interval_max'] %> +qpid_reconnect_interval=<%= node['openstack']['mq']['bare-metal']['qpid']['reconnect_interval'] %> + +# Seconds between connection keepalive heartbeats. (integer +# value) +qpid_heartbeat=<%= node['openstack']['mq']['bare-metal']['qpid']['heartbeat'] %> + +# qpid protocol. default 'tcp'. set to 'ssl' to enable SSL +qpid_protocol=<%= node['openstack']['mq']['bare-metal']['qpid']['protocol'] %> + +# Whether to disable the Nagle algorithm. (boolean value) +qpid_tcp_nodelay=<%= node['openstack']['mq']['bare-metal']['qpid']['tcp_nodelay'] %> + +# The qpid topology version to use. Version 1 is what was +# originally used by impl_qpid. Version 2 includes some +# backwards-incompatible changes that allow broker federation +# to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. +# (integer value) +qpid_topology_version=<%= node['openstack']['mq']['bare-metal']['qpid']['topology_version'] %> +<% end %> + + +# Qpid HA cluster host:port pairs. (list value) +#qpid_hosts=$qpid_hostname:$qpid_port + + +# The number of prefetched messages held by receiver. (integer +# value) +#qpid_receiver_capacity=1 + +# SSL version to use (valid only if SSL enabled). valid values +# are TLSv1 and SSLv23. SSLv2 and SSLv3 may be available on +# some distributions. (string value) +#kombu_ssl_version= + +# SSL key file (valid only if SSL enabled). (string value) +#kombu_ssl_keyfile= + +# SSL cert file (valid only if SSL enabled). (string value) +#kombu_ssl_certfile= + +# SSL certification authority file (valid only if SSL +# enabled). (string value) +#kombu_ssl_ca_certs= + +# How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. (floating point value) +#kombu_reconnect_delay=1.0 + + + +# The RabbitMQ login method. (string value) +#rabbit_login_method=AMQPLAIN + + +# How frequently to retry connecting with RabbitMQ. (integer +# value) +#rabbit_retry_interval=1 + +# How long to backoff for between retries when connecting to +# RabbitMQ. (integer value) +#rabbit_retry_backoff=2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +#rabbit_max_retries=0 + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake +# (boolean value) +#fake_rabbit=false + +# ZeroMQ bind address. Should be a wildcard (*), an ethernet +# interface, or IP. The "host" option should point or resolve +# to this address. (string value) +#rpc_zmq_bind_address=* + +# MatchMaker driver. (string value) +#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost + +# ZeroMQ receiver listening port. (integer value) +#rpc_zmq_port=9501 + +# Number of ZeroMQ contexts, defaults to 1. (integer value) +#rpc_zmq_contexts=1 + +# Maximum number of ingress messages to locally buffer per +# topic. Default is unlimited. (integer value) +#rpc_zmq_topic_backlog= + +# Directory for holding IPC sockets. (string value) +#rpc_zmq_ipc_dir=/var/run/openstack + +# Name of this node. Must be a valid hostname, FQDN, or IP +# address. Must match "host" option, if running Nova. (string +# value) +#rpc_zmq_host=ironic + +# Seconds to wait before a cast expires (TTL). Only supported +# by impl_zmq. (integer value) +#rpc_cast_timeout=30 + +# Heartbeat frequency. (integer value) +#matchmaker_heartbeat_freq=300 + +# Heartbeat time-to-live. (integer value) +#matchmaker_heartbeat_ttl=600 + +# Size of RPC greenthread pool. (integer value) +rpc_thread_pool_size=<%= node['openstack']['bare-metal']['rpc_thread_pool_size'] %> + +# Driver or drivers to handle sending notifications. (multi +# valued) +#notification_driver= + +# AMQP topic used for OpenStack notifications. (list value) +# Deprecated group/name - [rpc_notifier2]/topics +#notification_topics=notifications + +# Seconds to wait for a response from a call. (integer value) +rpc_response_timeout=<%= node['openstack']['bare-metal']['rpc_response_timeout'] %> + +# A URL representing the messaging driver to use and its full +# configuration. If not set, we fall back to the rpc_backend +# option and driver specific configuration. (string value) +#transport_url= + +# The messaging driver to use, defaults to rabbit. Other +# drivers include qpid and zmq. (string value) +rpc_backend=<%= node['openstack']['bare-metal']['rpc_backend'] %> + +# The default exchange under which topics are scoped. May be +# overridden by an exchange name specified in the +# transport_url option. (string value) +control_exchange=<%= node['openstack']['bare-metal']['control_exchange'] %> + + +# +# Options defined in ironic.netconf +# + +# IP address of this host. (string value) +#my_ip=10.0.0.1 + + +# +# Options defined in ironic.api.app +# + +# Method to use for authentication: noauth or keystone. +# (string value) +auth_strategy=<%= node['openstack']['bare-metal']['api']['auth_strategy'] %> + + +# +# Options defined in ironic.common.driver_factory +# + +# Specify the list of drivers to load during service +# initialization. Missing drivers, or drivers which fail to +# initialize, will prevent the conductor service from +# starting. The option default is a recommended set of +# production-oriented drivers. A complete list of drivers +# present on your system may be found by enumerating the +# "ironic.drivers" entrypoint. An example may be found in the +# developer documentation online. (list value) +#enabled_drivers=pxe_ipmitool + + +# +# Options defined in ironic.common.exception +# + +# Make exception message format errors fatal. (boolean value) +#fatal_exception_format_errors=false + + +# +# Options defined in ironic.common.hash_ring +# + +# Exponent to determine number of hash partitions to use when +# distributing load across conductors. Larger values will +# result in more even distribution of load and less load when +# rebalancing the ring, but more memory usage. Number of +# partitions per conductor is (2^hash_partition_exponent). +# This determines the granularity of rebalancing: given 10 +# hosts, and an exponent of the 2, there are 40 partitions in +# the ring.A few thousand partitions should make rebalancing +# smooth in most cases. The default is suitable for up to a +# few hundred conductors. Too many partitions has a CPU +# impact. (integer value) +#hash_partition_exponent=5 + +# [Experimental Feature] Number of hosts to map onto each hash +# partition. Setting this to more than one will cause +# additional conductor services to prepare deployment +# environments and potentially allow the Ironic cluster to +# recover more quickly if a conductor instance is terminated. +# (integer value) +#hash_distribution_replicas=1 + + +# +# Options defined in ironic.common.images +# + +# Force backing images to raw format. (boolean value) +#force_raw_images=true + +# Path to isolinux binary file. (string value) +#isolinux_bin=/usr/lib/syslinux/isolinux.bin + +# Template file for isolinux configuration file. (string +# value) +#isolinux_config_template=$pybasedir/common/isolinux_config.template + + +# +# Options defined in ironic.common.paths +# + +# Directory where the ironic python module is installed. +# (string value) +#pybasedir=/usr/lib/python/site-packages/ironic + +# Directory where ironic binaries are installed. (string +# value) +#bindir=$pybasedir/bin + +# Top-level directory for maintaining ironic's state. (string +# value) +#state_path=$pybasedir + + +# +# Options defined in ironic.common.service +# + +# Seconds between running periodic tasks. (integer value) +#periodic_interval=60 + +# Name of this node. This can be an opaque identifier. It is +# not necessarily a hostname, FQDN, or IP address. However, +# the node name must be valid within an AMQP key, and if using +# ZeroMQ, a valid hostname, FQDN, or IP address. (string +# value) +#host=ironic + + +# +# Options defined in ironic.common.utils +# + +# Path to the rootwrap configuration file to use for running +# commands as root. (string value) +#rootwrap_config=/etc/ironic/rootwrap.conf + +# Explicitly specify the temporary working directory. (string +# value) +#tempdir= + + +# +# Options defined in ironic.drivers.modules.image_cache +# + +# Run image downloads and raw format conversions in parallel. +# (boolean value) +#parallel_image_downloads=false + + +# +# Options defined in ironic.openstack.common.eventlet_backdoor +# + +# Enable eventlet backdoor. Acceptable values are 0, , +# and :, where 0 results in listening on a random +# tcp port number; results in listening on the +# specified port number (and not enabling backdoor if that +# port is in use); and : results in listening on +# the smallest unused port number within the specified range +# of port numbers. The chosen port is displayed in the +# service's log file. (string value) +#backdoor_port= + + +# +# Options defined in ironic.openstack.common.log +# + +# Print debugging output (set logging level to DEBUG instead +# of default WARNING level). (boolean value) +debug=<%= node['openstack']['bare-metal']['debug'] %> + +# Print more verbose output (set logging level to INFO instead +# of default WARNING level). (boolean value) +verbose=<%= node['openstack']['bare-metal']['verbose'] %> + +# Log output to standard error. (boolean value) +#use_stderr=true + +# Format string to use for log messages with context. (string +# value) +#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + +# Format string to use for log messages without context. +# (string value) +#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + +# Data to append to log format when level is DEBUG. (string +# value) +#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d + +# Prefix each line of exception output with this format. +# (string value) +#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s + +# List of logger=LEVEL pairs. (list value) +#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN + +# Enables or disables publication of error events. (boolean +# value) +#publish_errors=false + +# Enables or disables fatal status of deprecations. (boolean +# value) +#fatal_deprecations=false + +# The format for an instance that is passed with the log +# message. (string value) +#instance_format="[instance: %(uuid)s] " + +# The format for an instance UUID that is passed with the log +# message. (string value) +#instance_uuid_format="[instance: %(uuid)s] " + +# The name of a logging configuration file. This file is +# appended to any existing logging configuration files. For +# details about logging configuration files, see the Python +# logging module documentation. (string value) +# Deprecated group/name - [DEFAULT]/log_config +<% if node['openstack']['bare-metal']['syslog']['use'] %> +log_config_append=/etc/openstack/logging.conf +<% end %> + +# DEPRECATED. A logging.Formatter log message format string +# which may use any of the available logging.LogRecord +# attributes. This option is deprecated. Please use +# logging_context_format_string and +# logging_default_format_string instead. (string value) +#log_format= + +# Format string for %%(asctime)s in log records. Default: +# %(default)s . (string value) +#log_date_format=%Y-%m-%d %H:%M:%S + +# (Optional) Name of log file to output to. If no default is +# set, logging will go to stdout. (string value) +# Deprecated group/name - [DEFAULT]/logfile +#log_file= + +# (Optional) The base directory used for relative --log-file +# paths. (string value) +# Deprecated group/name - [DEFAULT]/logdir +log_dir=<%= node['openstack']['bare-metal']['log_dir'] %> + +# Use syslog for logging. Existing syslog format is DEPRECATED +# during I, and will change in J to honor RFC5424. (boolean +# value) +#use_syslog=false + +# (Optional) Enables or disables syslog rfc5424 format for +# logging. If enabled, prefixes the MSG part of the syslog +# message with APP-NAME (RFC5424). The format without the APP- +# NAME is deprecated in I, and will be removed in J. (boolean +# value) +#use_syslog_rfc_format=false + +# Syslog facility to receive log lines. (string value) +#syslog_log_facility=LOG_USER + + +# +# Options defined in ironic.openstack.common.periodic_task +# + +# Some periodic tasks can be run in a separate process. Should +# we run them here? (boolean value) +#run_external_periodic_tasks=true + + +# +# Options defined in ironic.openstack.common.policy +# + +# The JSON file that defines policies. (string value) +#policy_file=policy.json + +# Default rule. Enforced when a requested rule is not found. +# (string value) +#policy_default_rule=default + +# Directories where policy configuration files are stored. +# They can be relative to any directory in the search path +# defined by the config_dir option, or absolute paths. The +# file defined by policy_file must exist for these directories +# to be searched. (multi valued) +#policy_dirs=policy.d + + +[agent] + +# +# Options defined in ironic.drivers.modules.agent +# + +# Additional append parameters for baremetal PXE boot. (string +# value) +#agent_pxe_append_params=nofb nomodeset vga=normal + +# Template file for PXE configuration. (string value) +#agent_pxe_config_template=$pybasedir/drivers/modules/agent_config.template + +# Neutron bootfile DHCP parameter. (string value) +#agent_pxe_bootfile_name=pxelinux.0 + +# Maximum interval (in seconds) for agent heartbeats. (integer +# value) +#heartbeat_timeout=300 + + +# +# Options defined in ironic.drivers.modules.agent_client +# + +# API version to use for communicating with the ramdisk agent. +# (string value) +#agent_api_version=v1 + + +[api] + +# +# Options defined in ironic.api +# + +# The listen IP for the Ironic API server. (string value) +#host_ip=0.0.0.0 + +# The port for the Ironic API server. (integer value) +#port=6385 + +# The maximum number of items returned in a single response +# from a collection resource. (integer value) +#max_limit=1000 + + +[conductor] + +# +# Options defined in ironic.conductor.manager +# + +# URL of Ironic API service. If not set ironic can get the +# current value from the keystone service catalog. (string +# value) +#api_url= + +# Seconds between conductor heart beats. (integer value) +#heartbeat_interval=10 + +# Maximum time (in seconds) since the last check-in of a +# conductor. (integer value) +#heartbeat_timeout=60 + +# Interval between syncing the node power state to the +# database, in seconds. (integer value) +#sync_power_state_interval=60 + +# Interval between checks of provision timeouts, in seconds. +# (integer value) +#check_provision_state_interval=60 + +# Timeout (seconds) for waiting callback from deploy ramdisk. +# 0 - unlimited. (integer value) +#deploy_callback_timeout=1800 + +# During sync_power_state, should the hardware power state be +# set to the state recorded in the database (True) or should +# the database be updated based on the hardware state (False). +# (boolean value) +#force_power_state_during_sync=true + +# During sync_power_state failures, limit the number of times +# Ironic should try syncing the hardware node power state with +# the node power state in DB (integer value) +#power_state_sync_max_retries=3 + +# Maximum number of worker threads that can be started +# simultaneously by a periodic task. Should be less than RPC +# thread pool size. (integer value) +#periodic_max_workers=8 + +# The size of the workers greenthread pool. (integer value) +#workers_pool_size=100 + +# Number of attempts to grab a node lock. (integer value) +#node_locked_retry_attempts=3 + +# Seconds to sleep between node lock attempts. (integer value) +#node_locked_retry_interval=1 + +# Enable sending sensor data message via the notification bus +# (boolean value) +#send_sensor_data=false + +# Seconds between conductor sending sensor data message to +# ceilometer via the notification bus. (integer value) +#send_sensor_data_interval=600 + +# List of comma separated metric types which need to be sent +# to Ceilometer. The default value, "ALL", is a special value +# meaning send all the sensor data. (list value) +#send_sensor_data_types=ALL + +# When conductors join or leave the cluster, existing +# conductors may need to update any persistent local state as +# nodes are moved around the cluster. This option controls how +# often, in seconds, each conductor will check for nodes that +# it should "take over". Set it to a negative value to disable +# the check entirely. (integer value) +#sync_local_state_interval=180 + + +[console] + +# +# Options defined in ironic.drivers.modules.console_utils +# + +# Path to serial console terminal program (string value) +#terminal=shellinaboxd + +# Directory containing the terminal SSL cert(PEM) for serial +# console access (string value) +#terminal_cert_dir= + +# Directory for holding terminal pid files. If not specified, +# the temporary directory will be used. (string value) +#terminal_pid_dir= + +# Time interval (in seconds) for checking the status of +# console subprocess. (integer value) +#subprocess_checking_interval=1 + +# Time (in seconds) to wait for the console subprocess to +# start. (integer value) +#subprocess_timeout=10 + + +[database] + +# +# Options defined in oslo.db +# + +# The file name to use with SQLite. (string value) +#sqlite_db=oslo.sqlite + +# If True, SQLite uses synchronous mode. (boolean value) +#sqlite_synchronous=true + +# The back end to use for the database. (string value) +# Deprecated group/name - [DEFAULT]/db_backend +#backend=sqlalchemy + +# The SQLAlchemy connection string to use to connect to the +# database. (string value) +# Deprecated group/name - [DEFAULT]/sql_connection +# Deprecated group/name - [DATABASE]/sql_connection +# Deprecated group/name - [sql]/connection +connection==<%= @db_connection %> + +# The SQLAlchemy connection string to use to connect to the +# slave database. (string value) +#slave_connection= + +# The SQL mode to be used for MySQL sessions. This option, +# including the default, overrides any server-set SQL mode. To +# use whatever SQL mode is set by the server configuration, +# set this to no value. Example: mysql_sql_mode= (string +# value) +#mysql_sql_mode=TRADITIONAL + +# Timeout before idle SQL connections are reaped. (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_idle_timeout +# Deprecated group/name - [DATABASE]/sql_idle_timeout +# Deprecated group/name - [sql]/idle_timeout +#idle_timeout=3600 + +# Minimum number of SQL connections to keep open in a pool. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_min_pool_size +# Deprecated group/name - [DATABASE]/sql_min_pool_size +#min_pool_size=1 + +# Maximum number of SQL connections to keep open in a pool. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_pool_size +# Deprecated group/name - [DATABASE]/sql_max_pool_size +#max_pool_size= + +# Maximum number of database connection retries during +# startup. Set to -1 to specify an infinite retry count. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_retries +# Deprecated group/name - [DATABASE]/sql_max_retries +#max_retries=10 + +# Interval between retries of opening a SQL connection. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_retry_interval +# Deprecated group/name - [DATABASE]/reconnect_interval +#retry_interval=10 + +# If set, use this value for max_overflow with SQLAlchemy. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_overflow +# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow +#max_overflow= + +# Verbosity of SQL debugging information: 0=None, +# 100=Everything. (integer value) +# Deprecated group/name - [DEFAULT]/sql_connection_debug +#connection_debug=0 + +# Add Python stack traces to SQL as comment strings. (boolean +# value) +# Deprecated group/name - [DEFAULT]/sql_connection_trace +#connection_trace=false + +# If set, use this value for pool_timeout with SQLAlchemy. +# (integer value) +# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout +#pool_timeout= + +# Enable the experimental use of database reconnect on +# connection lost. (boolean value) +#use_db_reconnect=false + +# Seconds between database connection retries. (integer value) +#db_retry_interval=1 + +# If True, increases the interval between database connection +# retries up to db_max_retry_interval. (boolean value) +#db_inc_retry_interval=true + +# If db_inc_retry_interval is set, the maximum seconds between +# database connection retries. (integer value) +#db_max_retry_interval=10 + +# Maximum database connection retries before error is raised. +# Set to -1 to specify an infinite retry count. (integer +# value) +#db_max_retries=20 + + +# +# Options defined in ironic.db.sqlalchemy.models +# + +# MySQL engine to use. (string value) +#mysql_engine=InnoDB + + +[deploy] + +# +# Options defined in ironic.drivers.modules.deploy_utils +# + +# Block size to use when writing to the nodes disk. (string +# value) +#dd_block_size=1M + + +[dhcp] + +# +# Options defined in ironic.common.dhcp_factory +# + +# DHCP provider to use. "neutron" uses Neutron, and "none" +# uses a no-op provider. (string value) +#dhcp_provider=neutron + + +[disk_partitioner] + +# +# Options defined in ironic.common.disk_partitioner +# + +# After Ironic has completed creating the partition table, it +# continues to check for activity on the attached iSCSI device +# status at this interval prior to copying the image to the +# node, in seconds (integer value) +#check_device_interval=1 + +# The maximum number of times to check that the device is not +# accessed by another process. If the device is still busy +# after that, the disk partitioning will be treated as having +# failed. (integer value) +#check_device_max_retries=20 + + +[glance] + +# +# Options defined in ironic.common.glance_service.v2.image_service +# + +# A list of URL schemes that can be downloaded directly via +# the direct_url. Currently supported schemes: [file]. (list +# value) +#allowed_direct_url_schemes= + +# The secret token given to Swift to allow temporary URL +# downloads. Required for temporary URLs. (string value) +#swift_temp_url_key= + +# The length of time in seconds that the temporary URL will be +# valid for. Defaults to 20 minutes. If some deploys get a 401 +# response code when trying to download from the temporary +# URL, try raising this duration. (integer value) +#swift_temp_url_duration=1200 + +# The "endpoint" (scheme, hostname, optional port) for the +# Swift URL of the form +# "endpoint_url/api_version/account/container/object_id". Do +# not include trailing "/". For example, use +# "https://swift.example.com". Required for temporary URLs. +# (string value) +#swift_endpoint_url= + +# The Swift API version to create a temporary URL for. +# Defaults to "v1". Swift temporary URL format: +# "endpoint_url/api_version/account/container/object_id" +# (string value) +#swift_api_version=v1 + +# The account that Glance uses to communicate with Swift. The +# format is "AUTH_uuid". "uuid" is the UUID for the account +# configured in the glance-api.conf. Required for temporary +# URLs. For example: +# "AUTH_a422b2-91f3-2f46-74b7-d7c9e8958f5d30". Swift temporary +# URL format: +# "endpoint_url/api_version/account/container/object_id" +# (string value) +#swift_account= + +# The Swift container Glance is configured to store its images +# in. Defaults to "glance", which is the default in glance- +# api.conf. Swift temporary URL format: +# "endpoint_url/api_version/account/container/object_id" +# (string value) +#swift_container=glance + + +# +# Options defined in ironic.common.image_service +# + +# Default glance hostname or IP address. (string value) +glance_host=<%= @glance_host %> + +# Default glance port. (integer value) +glance_port=<%= @glance_port %> + +# Default protocol to use when connecting to glance. Set to +# https for SSL. (string value) +glance_protocol=<%= @glance_scheme %> + +# A list of the glance api servers available to ironic. Prefix +# with https:// for SSL-based glance API servers. Format is +# [hostname|IP]:port. (list value) +#glance_api_servers= + +# Allow to perform insecure SSL (https) requests to glance. +# (boolean value) +#glance_api_insecure=false + +# Number of retries when downloading an image from glance. +# (integer value) +#glance_num_retries=0 + +# Default protocol to use when connecting to glance. Set to +# https for SSL. (string value) +#auth_strategy=keystone + + +[ilo] + +# +# Options defined in ironic.drivers.modules.ilo.common +# + +# Timeout (in seconds) for iLO operations (integer value) +#client_timeout=60 + +# Port to be used for iLO operations (integer value) +#client_port=443 + +# The Swift iLO container to store data. (string value) +#swift_ilo_container=ironic_ilo_container + +# Amount of time in seconds for Swift objects to auto-expire. +# (integer value) +#swift_object_expiry_timeout=900 + + +# +# Options defined in ironic.drivers.modules.ilo.power +# + +# Number of times a power operation needs to be retried +# (integer value) +#power_retry=6 + +# Amount of time in seconds to wait in between power +# operations (integer value) +#power_wait=2 + + +[ipmi] + +# +# Options defined in ironic.drivers.modules.ipminative +# + +# Maximum time in seconds to retry IPMI operations. (integer +# value) +#retry_timeout=60 + +# Minimum time, in seconds, between IPMI operations sent to a +# server. There is a risk with some hardware that setting this +# too low may cause the BMC to crash. Recommended setting is 5 +# seconds. (integer value) +#min_command_interval=5 + + +[keystone_authtoken] + +# +# Options defined in keystonemiddleware.auth_token +# + +# Host providing the admin Identity API endpoint (string +# value) +auth_host=<%= @identity_admin_endpoint.host %> + +# Port of the admin Identity API endpoint (integer value) +auth_port=<%= @identity_admin_endpoint.port %> + +# Protocol of the admin Identity API endpoint(http or https) +# (string value) +auth_protocol=<%= @identity_admin_endpoint.scheme %> + +# Complete public Identity API endpoint. (string value) +auth_uri=<%= @auth_uri %> + +# API version of the admin Identity API endpoint. (string +# value) +auth_version=<%= node['openstack']['bare-metal']['api']['auth']['version'] %> + +# Keystone account username (string value) +admin_user = <%= node['openstack']['block-storage']['service_user'] %> + +# Keystone account password (string value) +admin_password = <%= @service_pass %> + +# Keystone service account tenant name to validate user tokens +# (string value) +admin_tenant_name = <%= node['openstack']['bare-metal']['service_tenant_name'] %> + +# Do not handle authorization requests within the middleware, +# but delegate the authorization decision to downstream WSGI +# components. (boolean value) +#delay_auth_decision=false + +# Request timeout value for communicating with Identity API +# server. (integer value) +#http_connect_timeout= + +# How many times are we trying to reconnect when communicating +# with Identity API Server. (integer value) +#http_request_max_retries=3 + +# Env key for the swift cache. (string value) +#cache= + +# Required if identity server requires client certificate +# (string value) +#certfile= + +# Required if identity server requires client certificate +# (string value) +#keyfile= + +# A PEM encoded Certificate Authority to use when verifying +# HTTPs connections. Defaults to system CAs. (string value) +#cafile= + +# Verify HTTPS connections. (boolean value) +insecure=<%= node['openstack']['bare-metal']['api']['auth']['insecure'] %> + +# Directory used to cache files related to PKI tokens. (string +# value) +signing_dir=<%= node['openstack']['bare-metal']['api']['auth']['cache_dir'] %> + +# Optionally specify a list of memcached server(s) to use for +# caching. If left undefined, tokens will instead be cached +# in-process. (list value) +# Deprecated group/name - [DEFAULT]/memcache_servers +#memcached_servers= + +# In order to prevent excessive effort spent validating +# tokens, the middleware caches previously-seen tokens for a +# configurable duration (in seconds). Set to -1 to disable +# caching completely. (integer value) +#token_cache_time=300 + +# Determines the frequency at which the list of revoked tokens +# is retrieved from the Identity service (in seconds). A high +# number of revocation events combined with a low cache +# duration may significantly reduce performance. (integer +# value) +#revocation_cache_time=10 + +# (Optional) If defined, indicate whether token data should be +# authenticated or authenticated and encrypted. Acceptable +# values are MAC or ENCRYPT. If MAC, token data is +# authenticated (with HMAC) in the cache. If ENCRYPT, token +# data is encrypted and authenticated in the cache. If the +# value is not one of these options or empty, auth_token will +# raise an exception on initialization. (string value) +#memcache_security_strategy= + +# (Optional, mandatory if memcache_security_strategy is +# defined) This string is used for key derivation. (string +# value) +#memcache_secret_key= + +# (Optional) Number of seconds memcached server is considered +# dead before it is tried again. (integer value) +#memcache_pool_dead_retry=300 + +# (Optional) Maximum total number of open connections to every +# memcached server. (integer value) +#memcache_pool_maxsize=10 + +# (Optional) Socket timeout in seconds for communicating with +# a memcache server. (integer value) +#memcache_pool_socket_timeout=3 + +# (Optional) Number of seconds a connection to memcached is +# held unused in the pool before it is closed. (integer value) +#memcache_pool_unused_timeout=60 + +# (Optional) Number of seconds that an operation will wait to +# get a memcache client connection from the pool. (integer +# value) +#memcache_pool_conn_get_timeout=10 + +# (Optional) Use the advanced (eventlet safe) memcache client +# pool. The advanced pool will only work under python 2.x. +# (boolean value) +#memcache_use_advanced_pool=false + +# (Optional) Indicate whether to set the X-Service-Catalog +# header. If False, middleware will not ask for service +# catalog on token validation and will not set the X-Service- +# Catalog header. (boolean value) +#include_service_catalog=true + +# Used to control the use and type of token binding. Can be +# set to: "disabled" to not check token binding. "permissive" +# (default) to validate binding information if the bind type +# is of a form known to the server and ignore it if not. +# "strict" like "permissive" but if the bind type is unknown +# the token will be rejected. "required" any form of token +# binding is needed to be allowed. Finally the name of a +# binding method that must be present in tokens. (string +# value) +#enforce_token_bind=permissive + +# If true, the revocation list will be checked for cached +# tokens. This requires that PKI tokens are configured on the +# identity server. (boolean value) +#check_revocations_for_cached=false + +# Hash algorithms to use for hashing PKI tokens. This may be a +# single algorithm or multiple. The algorithms are those +# supported by Python standard hashlib.new(). The hashes will +# be tried in the order given, so put the preferred one first +# for performance. The result of the first hash will be stored +# in the cache. This will typically be set to multiple values +# only while migrating from a less secure algorithm to a more +# secure one. Once all the old tokens are expired this option +# should be set to a single value for better performance. +# (list value) +#hash_algorithms=md5 + + +[matchmaker_redis] + +# +# Options defined in oslo.messaging +# + +# Host to locate redis. (string value) +#host=127.0.0.1 + +# Use this port to connect to redis host. (integer value) +#port=6379 + +# Password for Redis server (optional). (string value) +#password= + + +[matchmaker_ring] + +# +# Options defined in oslo.messaging +# + +# Matchmaker ring file (JSON). (string value) +# Deprecated group/name - [DEFAULT]/matchmaker_ringfile +#ringfile=/etc/oslo/matchmaker_ring.json + + +[neutron] + +# +# Options defined in ironic.dhcp.neutron +# + +# URL for connecting to neutron. (string value) +#url=http://$my_ip:9696 + +# Timeout value for connecting to neutron in seconds. (integer +# value) +#url_timeout=30 + +# Client retries in the case of a failed request. (integer +# value) +#retries=3 + +# Default authentication strategy to use when connecting to +# neutron. Can be either "keystone" or "noauth". Running +# neutron in noauth mode (related to but not affected by this +# setting) is insecure and should only be used for testing. +# (string value) +#auth_strategy=keystone + + +[oslo_messaging_amqp] + +# +# Options defined in oslo.messaging +# + +# address prefix used when sending to a specific server +# (string value) +#server_request_prefix=exclusive + +# address prefix used when broadcasting to all servers (string +# value) +#broadcast_prefix=broadcast + +# address prefix when sending to any server in group (string +# value) +#group_request_prefix=unicast + +# Name for the AMQP container (string value) +#container_name= + +# Timeout for inactive connections (in seconds) (integer +# value) +#idle_timeout=0 + +# Debug: dump AMQP frames to stdout (boolean value) +#trace=false + +# CA certificate PEM file for verifing server certificate +# (string value) +#ssl_ca_file= + +# Identifying certificate PEM file to present to clients +# (string value) +#ssl_cert_file= + +# Private key PEM file used to sign cert_file certificate +# (string value) +#ssl_key_file= + +# Password for decrypting ssl_key_file (if encrypted) (string +# value) +#ssl_key_password= + +# Accept clients using either SSL or plain TCP (boolean value) +#allow_insecure_clients=false + + +[pxe] + +# +# Options defined in ironic.drivers.modules.iscsi_deploy +# + +# Additional append parameters for baremetal PXE boot. (string +# value) +#pxe_append_params=nofb nomodeset vga=normal + +# Default file system format for ephemeral partition, if one +# is created. (string value) +#default_ephemeral_format=ext4 + +# Directory where images are stored on disk. (string value) +#images_path=/var/lib/ironic/images/ + +# Directory where master instance images are stored on disk. +# (string value) +#instance_master_path=/var/lib/ironic/master_images + +# Maximum size (in MiB) of cache for master images, including +# those in use. (integer value) +#image_cache_size=20480 + +# Maximum TTL (in minutes) for old master images in cache. +# (integer value) +#image_cache_ttl=10080 + +# The disk devices to scan while doing the deploy. (string +# value) +#disk_devices=cciss/c0d0,sda,hda,vda + + +# +# Options defined in ironic.drivers.modules.pxe +# + +# Template file for PXE configuration. (string value) +#pxe_config_template=$pybasedir/drivers/modules/pxe_config.template + +# Template file for PXE configuration for UEFI boot loader. +# (string value) +#uefi_pxe_config_template=$pybasedir/drivers/modules/elilo_efi_pxe_config.template + +# IP address of Ironic compute node's tftp server. (string +# value) +#tftp_server=$my_ip + +# Ironic compute node's tftp root path. (string value) +#tftp_root=/tftpboot + +# Directory where master tftp images are stored on disk. +# (string value) +#tftp_master_path=/tftpboot/master_images + +# Bootfile DHCP parameter. (string value) +#pxe_bootfile_name=pxelinux.0 + +# Bootfile DHCP parameter for UEFI boot mode. (string value) +#uefi_pxe_bootfile_name=elilo.efi + +# Ironic compute node's HTTP server URL. Example: +# http://192.1.2.3:8080 (string value) +#http_url= + +# Ironic compute node's HTTP root path. (string value) +#http_root=/httpboot + +# Enable iPXE boot. (boolean value) +#ipxe_enabled=false + +# The path to the main iPXE script file. (string value) +#ipxe_boot_script=$pybasedir/drivers/modules/boot.ipxe + + +[seamicro] + +# +# Options defined in ironic.drivers.modules.seamicro +# + +# Maximum retries for SeaMicro operations (integer value) +#max_retry=3 + +# Seconds to wait for power action to be completed (integer +# value) +#action_timeout=10 + + +[snmp] + +# +# Options defined in ironic.drivers.modules.snmp +# + +# Seconds to wait for power action to be completed (integer +# value) +#power_timeout=10 + + +[ssh] + +# +# Options defined in ironic.drivers.modules.ssh +# + +# libvirt uri (string value) +#libvirt_uri=qemu:///system + + +[swift] + +# +# Options defined in ironic.common.swift +# + +# Maximum number of times to retry a Swift request, before +# failing. (integer value) +#swift_max_retries=2 + + diff --git a/templates/default/rootwrap.conf.erb b/templates/default/rootwrap.conf.erb new file mode 100644 index 0000000..81a06c9 --- /dev/null +++ b/templates/default/rootwrap.conf.erb @@ -0,0 +1,29 @@ +<%= node['openstack']['bare-metal']['custom_template_banner'] %> + +# Configuration for ironic-rootwrap +# This file should be owned by (and only-writeable by) the root user + +[DEFAULT] +# List of directories to load filter definitions from (separated by ','). +# These directories MUST all be only writeable by root ! +filters_path=<%= node['openstack']['bare-metal']['rootwrap']['filters_path'] %> + +# List of directories to search executables in, in case filters do not +# explicitely specify a full path (separated by ',') +# If not specified, defaults to system PATH environment variable. +# These directories MUST all be only writeable by root ! +exec_dirs=<%= node['openstack']['bare-metal']['rootwrap']['exec_dirs'] %> + +# Enable logging to syslog +# Default value is False +use_syslog=<%= node['openstack']['bare-metal']['rootwrap']['use_syslog'] %> + +# Which syslog facility to use. +# Valid values include auth, authpriv, syslog, local0, local1... +# Default value is 'syslog' +syslog_log_facility=<%= node['openstack']['bare-metal']['rootwrap']['syslog_log_facility'] %> + +# Which messages to log. +# INFO means log all usage +# ERROR means only log unsuccessful attempts +syslog_log_level=<%= node['openstack']['bare-metal']['rootwrap']['syslog_log_level'] %>