openstack/kayobe
Code Issues Proposed changes
kayobe/ansible/roles/kolla-bifrost/templates/kolla/config/bifrost/bifrost.yml
Mark Goddard 32a82ea039 Support authentication in Bifrost 
* Switch from python-ironic-inspector-client to openstacksdk in
  ironic-inspector-rules. This allows us to use clouds.yaml to provide
  credentials.
* Enable authentication in Bifrost. Passwords are auto-generated by
  Bifrost, and stored files in /root/.config/bifrost/. This change
  depends on a Kolla Ansible patch that ensures that these credentials
  are persisted between recreations of the bifrost container.
* Copy clouds.yaml and (if present) a CA certificate from the Bifrost
  container to the seed host, under the Kayobe Ansible user (stack).
  This allows us to use the credentials to register introspection rules.
* This patch is needed by a Kolla Ansible patch that enables TLS in
  Bifrost, since we need the CA certificate on the host to register
  introspection rules when TLS is enabled.

Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/851837
Needed-By: https://review.opendev.org/c/openstack/kolla-ansible/+/851838

Story: 2010206
Task: 45930

Change-Id: I757f1bb72afb01a4f1689bed292f5b71b9048fa0
2022-08-25 11:56:03 +02:00

87 lines
3.3 KiB
YAML
Raw Permalink Blame History

---
# List of enabled Ironic hardware types.
enabled_hardware_types: "{{ kolla_bifrost_enabled_hardware_types | join(',') }}"
{% if kolla_bifrost_extra_kernel_options %}
# List of extra kernel parameters for Bifrost's Ironic PXE configuration.
# Default is empty.
extra_kernel_options: "{{ kolla_bifrost_extra_kernel_options if kolla_bifrost_extra_kernel_options is string else kolla_bifrost_extra_kernel_options | join(' ') }}"
{% endif %}
# IP address range for DHCP.
dhcp_pool_start: "{{ kolla_bifrost_dhcp_pool_start }}"
dhcp_pool_end: "{{ kolla_bifrost_dhcp_pool_end }}"
dhcp_pool_mask: "{{ kolla_bifrost_dhcp_pool_mask }}"
{% if kolla_bifrost_dnsmasq_router %}
# Default route provided to nodes via DHCP.
dnsmasq_router: "{{ kolla_bifrost_dnsmasq_router }}"
{% endif %}
{% if kolla_bifrost_dnsmasq_dns_servers %}
# DNS servers provided to nodes via DHCP.
dnsmasq_dns_servers: "{{ kolla_bifrost_dnsmasq_dns_servers | join(',') }}"
{% endif %}
{% if kolla_bifrost_domain %}
# DNS domain provided to nodes via DHCP.
domain: "{{ kolla_bifrost_domain }}"
{% endif %}
{% if kolla_bifrost_inspector_processing_hooks %}
# Comma-separated list of inspector processing plugins.
inspector_processing_hooks: "{{ kolla_bifrost_inspector_processing_hooks | join(',') }}"
{% endif %}
{% if kolla_bifrost_inspector_port_addition %}
# Which MAC addresses to add as ports during introspection. One of 'all',
# 'active' or 'pxe'.
inspector_port_addition: "{{ kolla_bifrost_inspector_port_addition }}"
{% endif %}
{% if kolla_bifrost_inspector_extra_kernel_options %}
# Extra kernel parameters for the inspector default PXE configuration.
inspector_extra_kernel_options: "{{ kolla_bifrost_inspector_extra_kernel_options if kolla_bifrost_inspector_extra_kernel_options is string else kolla_bifrost_inspector_extra_kernel_options | join(' ') }}"
{% endif %}
# Whether to download Ironic Python Agent (IPA) images.
download_ipa: "{{ kolla_bifrost_download_ipa }}"
# URL of Ironic Python Agent (IPA) kernel image.
ipa_kernel_upstream_url: "{{ kolla_bifrost_ipa_kernel_upstream_url }}"
# URL of checksum of Ironic Python Agent (IPA) kernel image.
ipa_kernel_upstream_checksum_url: "{{ kolla_bifrost_ipa_kernel_checksum_url }}"
# Algorithm of checksum of Ironic Python Agent (IPA) kernel image.
ipa_kernel_upstream_checksum_algo: "{{ kolla_bifrost_ipa_kernel_checksum_algorithm }}"
# URL of Ironic Python Agent (IPA) ramdisk image.
ipa_ramdisk_upstream_url: "{{ kolla_bifrost_ipa_ramdisk_upstream_url }}"
# URL of checksum of Ironic Python Agent (IPA) ramdisk image.
ipa_ramdisk_upstream_checksum_url: "{{ kolla_bifrost_ipa_ramdisk_checksum_url }}"
# Algorithm of checksum of Ironic Python Agent (IPA) ramdisk image.
ipa_ramdisk_upstream_checksum_algo: "{{ kolla_bifrost_ipa_ramdisk_checksum_algorithm }}"
# Whether Bifrost uses firewalld.
use_firewalld: "{{ kolla_bifrost_use_firewalld }}"
# Firewalld zone used by Bifrost.
firewalld_internal_zone: "{{ kolla_bifrost_firewalld_internal_zone }}"
# Enable discovery of nodes in Ironic Inspector.
enable_inspector_discovery: true
# Disable cleaning for backwards compatibility. It is enabled by default in
# Bifrost since the Victoria release.
cleaning: false
{% if kolla_bifrost_extra_globals %}
###############################################################################
# Extra configuration
{{ kolla_bifrost_extra_globals|to_nice_yaml }}
{% endif %}
View Git Blame Copy Permalink