{"id":616,"sha1":"5b1759a87214d849dc7669938f975284d8a49ab4","playbook":{"id":4,"items":{"plays":107,"tasks":2438,"results":2413,"hosts":13,"files":511,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":4,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-openstack.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-14T10:21:40.790759Z","ended":"2025-12-14T11:05:36.775743Z","duration":"00:43:55.984984","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.13.5","server_version":"1.7.4","status":"completed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2015, Rackspace US, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n# Defaults file for openstack-ansible-ironic\n\n# Verbosity Options\ndebug: false\n\n# python venv executable\nironic_venv_python_executable: \"{{ openstack_venv_python_executable | default('python3') }}\"\n\n# Set the host which will execute the shade modules\n# for the service setup. The host must already have\n# clouds.yaml properly configured.\nironic_service_setup_host: \"{{ openstack_service_setup_host | default('localhost') }}\"\nironic_service_setup_host_python_interpreter: >-\n {{\n openstack_service_setup_host_python_interpreter | default(\n (ironic_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))\n }}\n\n# Set the package install state for distribution packages\n# Options are 'present' and 'latest'\nironic_package_state: \"{{ package_state | default('latest') }}\"\n\nironic_git_repo: https://opendev.org/openstack/ironic\nironic_inspector_git_repo: https://opendev.org/openstack/ironic-inspector\nironic_git_install_branch: master\nironic_inspector_git_install_branch: master\nironic_upper_constraints_url: >-\n {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}\nironic_git_constraints:\n - \"--constraint {{ ironic_upper_constraints_url }}\"\n\nironic_pip_install_args: \"{{ pip_install_options | default('') }}\"\n\n# Name of the virtual env to deploy into\nironic_venv_tag: \"{{ venv_tag | default('untagged') }}\"\nironic_bin: \"/openstack/venvs/ironic-{{ ironic_venv_tag }}/bin\"\n\n# System info\nironic_system_user_name: ironic\nironic_system_group_name: ironic\nironic_system_shell: /bin/bash\nironic_system_comment: ironic system user\nironic_system_home_folder: \"/var/lib/{{ ironic_system_user_name }}\"\nironic_system_slice_name: ironic\nironic_lock_dir: \"{{ openstack_lock_dir | default('/run/lock') }}\"\n\n# Ironic Program and Service names\npython_ironic_client_program_name: ironic\nironic_services:\n ironic-api:\n group: ironic_api\n service_name: ironic-api\n init_config_overrides: \"{{ ironic_api_init_config_overrides }}\"\n wsgi_app: true\n wsgi: \"ironic.wsgi:application\"\n uwsgi_overrides: \"{{ ironic_api_uwsgi_ini_overrides }}\"\n uwsgi_port: \"{{ ironic_service_port }}\"\n uwsgi_bind_address: \"{{ ironic_uwsgi_bind_address }}\"\n uwsgi_tls: \"{{ ironic_backend_ssl | ternary(ironic_uwsgi_tls, {}) }}\"\n ironic-conductor:\n group: ironic_conductor\n service_name: ironic-conductor\n init_config_overrides: \"{{ ironic_conductor_init_config_overrides }}\"\n execstarts: \"{{ ironic_bin }}/ironic-conductor\"\n ironic-inspector:\n group: ironic_inspector\n service_name: ironic-inspector\n init_config_overrides: \"{{ ironic_inspector_init_config_overrides }}\"\n execstarts: \"{{ ironic_bin }}/ironic-inspector\"\n ironic-inspector-dnsmasq:\n group: ironic_inspector\n service_name: ironic-inspector-dnsmasq\n service_type: forking\n systemd_user_name: root\n systemd_group_name: root\n init_config_overrides: \"{{ ironic_inspector_dnsmasq_init_config_overrides }}\"\n execstarts: \"/usr/sbin/dnsmasq --conf-file=/etc/ironic-inspector/inspector-dnsmasq.conf\"\n after_targets:\n - openvswitch.service\n - network.target\n state: stopped\n\nironic_service_name: ironic\nironic_service_type: baremetal\nironic_service_proto: http\nironic_service_publicuri_proto: \"{{ openstack_service_publicuri_proto | default(ironic_service_proto) }}\"\nironic_service_adminuri_proto: \"{{ openstack_service_adminuri_proto | default(ironic_service_proto) }}\"\nironic_service_internaluri_proto: \"{{ openstack_service_internaluri_proto | default(ironic_service_proto) }}\"\nironic_service_port: 6385\nironic_service_description: \"Ironic baremetal provisioning service\"\nironic_service_publicuri: \"{{ ironic_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ ironic_service_port }}\"\nironic_service_publicurl: \"{{ ironic_service_publicuri }}\"\nironic_service_adminuri: \"{{ ironic_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_service_port }}\"\nironic_service_adminurl: \"{{ ironic_service_adminuri }}\"\nironic_service_internaluri: \"{{ ironic_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_service_port }}\"\nironic_service_internalurl: \"{{ ironic_service_internaluri }}\"\nironic_program_name: ironic-api\nironic_service_region: \"{{ service_region | default('RegionOne') }}\"\nironic_service_project_name: \"service\"\nironic_service_project_domain_id: default\nironic_service_user_domain_id: default\nironic_service_role_names:\n - admin\n - service\nironic_service_token_roles:\n - service\nironic_service_token_roles_required: \"{{ openstack_service_token_roles_required | default(True) }}\"\nironic_service_in_ldap: \"{{ service_ldap_backend_enabled | default(False) }}\"\n\n# Enable interaction with Nova and Neutron from 2024.1 with default policy\n# If more than one service project name is necessary, then you may need to\n# override Ironic 'service_role' policy.\nironic_service_role_elevated_access: true\n\n# The name of the entry in container_networks for the bmaas network\n# This is the default provisioning / inspection / cleaning network for this role\nironic_container_network_name: \"bmaas_address\"\n\n# The name of the bridge on the host for the bmaas network\nironic_bmaas_bridge: \"{{ container_networks[ironic_container_network_name]['bridge'] | default('bridge_undefined') }}\"\n\n# The address of this host on the bmaas network\nironic_bmaas_address: >-\n {{\n (is_metal | default(False)) | ternary(\n ansible_facts[ironic_bmaas_bridge | replace('-','_')]['ipv4']['address'],\n container_networks[ironic_container_network_name]['address']) | default('address_undefined')\n }}\n# The name of the interface on the bmaas network\n# This is the bmaas bridge name on metal, or the corresponding interface name in a container\nironic_bmaas_interface: >-\n {{\n (is_metal | default(False)) | ternary(\n ironic_bmaas_bridge, container_networks[ironic_container_network_name]['interface']) | default('interface_undefined')\n }}\n\n# Ironic image store information\n#\n### Hosted Web Server\n#\n# Set this to true to use http web server to host floppy\n# images and generated boot ISO. This requires http_root and\n# http_url to be configured in the [deploy] section of the\n# config file. If this is set to false, then Ironic will use\n# Swift to host the floppy images and generated boot_iso.\nironic_enable_web_server_for_images: false\nironic_http_bind_address: \"{{ ironic_bmaas_address }}\"\nironic_http_url: \"{{ ironic_ipxe_proto }}://{{ ironic_http_bind_address }}:{{ ironic_ipxe_port }}\"\nironic_http_root: \"/httpboot\"\n#\n### Swift Config\n#\nironic_swift_image_container: glance_images\nironic_swift_api_version: v1\nironic_swift_url_endpoint_type: swift\n# The ironic swift auth account and swift endpoints will be generated using the\n# known swift data as provided by swift stat. If you wish to set either of these\n# items to something else define these variables.\n# ironic_swift_auth_account: AUTH_1234567890\n# ironic_swift_endpoint: https://localhost:8080\n\n# Is this Ironic installation working standalone?\n# If you're wanting Ironic to work without being integrated to other OpenStack\n# services, set this to True, and update the dhcp configuration appropriately\nironic_standalone: false\n\n# Enables or disables automated cleaning. Automated cleaning\n# is a configurable set of steps, such as erasing disk drives,\n# that are performed on the node to ensure it is in a baseline\n# state and ready to be deployed to.\nironic_automated_clean: false\n# Set to 0 to disable erase devices on cleaning\nironic_erase_devices_priority: 10\n\n# Database\nironic_db_setup_host: \"{{ openstack_db_setup_host | default('localhost') }}\"\nironic_db_setup_python_interpreter: >-\n {{\n openstack_db_setup_python_interpreter | default(\n (ironic_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))\n }}\nironic_galera_address: \"{{ galera_address | default('127.0.0.1') }}\"\nironic_galera_user: ironic\nironic_galera_database: ironic\nironic_galera_use_ssl: \"{{ galera_use_ssl | default(False) }}\"\nironic_galera_ssl_ca_cert: \"{{ galera_ssl_ca_cert | default('') }}\"\nironic_galera_port: \"{{ galera_port | default('3306') }}\"\nironic_db_max_overflow: \"{{ openstack_db_max_overflow | default('50') }}\"\nironic_db_max_pool_size: \"{{ openstack_db_max_pool_size | default('5') }}\"\nironic_db_pool_timeout: \"{{ openstack_db_pool_timeout | default('30') }}\"\nironic_db_connection_recycle_time: \"{{ openstack_db_connection_recycle_time | default('600') }}\"\n\n## Keystone authentication middleware\nironic_keystone_auth_plugin: password\n\n# Neutron network - Set these in a playbook/task - can be set manually.\n# Only \"name\" or \"uuid\" is needed, uuid will take preference if both are specified.\n# The cleaning and inspection network is not required to be set; they will default\n# to the provisioning network if not specified.\n# ironic_neutron_provisioning_network_uuid: \"UUID for provisioning network in neutron\"\n# ironic_neutron_cleaning_network_uuid: \"UUID for cleaning network in neutron\"\n# ironic_neutron_inspection_network_uuid: \"UUID for inspection network in neutron\"\n# ironic_neutron_provisioning_network_name: \"Name of provisioning network in neutron\"\n# ironic_neutron_cleaning_network_name: \"Name of cleaning network in neutron\"\n# ironic_neutron_inspection_network_name: \"Name of inspection network in neutron\"\n\n# Integrated OpenStack configuration\nironic_enabled_network_interfaces_list: \"flat,noop{{ (ironic_neutron_provisioning_network_uuid is defined) | ternary(',neutron', '') }}\"\nironic_default_network_interface: \"{{ (ironic_neutron_provisioning_network_uuid is defined) | ternary('neutron', 'flat') }}\"\nironic_auth_strategy: keystone\nironic_dhcp_provider: \"{{ (ironic_standalone | bool) | ternary('none', 'neutron') }}\"\nironic_sync_power_state_interval: \"{{ (ironic_standalone | bool) | ternary('-1', '60') }}\"\nironic_db_connection_string: >-\n mysql+pymysql://{{ ironic_galera_user }}:{{ ironic_container_mysql_password }}@{{ ironic_galera_address }}:{{ ironic_galera_port\n }}/ironic?charset=utf8{% if ironic_galera_use_ssl | bool %}&ssl_verify_cert=true{%\n if ironic_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ ironic_galera_ssl_ca_cert }}{% endif %}{% endif %}\n\n# Common configuration\nironic_node_name: ironic\n\nironic_tftp_server_address: \"{{ ironic_bmaas_address }}\"\n\n# Use this variable to add extra files into the ironic_tftp_root directory\n# ironic_tftp_extra_content:\n# - path: /some/local/dir/local-file.txt\n# name: local-file.txt\n# - url: http://boot.ipxe.org/arm64-efi/ipxe.efi\n# name: ipxe_aa64.efi\nironic_tftp_extra_content: []\n\nironic_pip_packages:\n - \"git+{{ ironic_git_repo }}@{{ ironic_git_install_branch }}#egg=ironic\"\n - cryptography\n - osprofiler\n - proliantutils\n - PyMySQL\n - pymemcache\n - pysnmp\n - python-dracclient\n - python-ilorest-library\n - python-ironicclient\n - python-memcached\n - python-scciclient\n - python-swiftclient\n - python-xclarityclient\n - sushy\n - systemd-python\n\n# ipmitool-socat console settings\nironic_socat_bind_address: \"{{ openstack_service_bind_address | default('0.0.0.0') }}\"\nironic_socat_port_range: \"10000:10099\"\n\n# Specific pip packages provided by the user for the ironic service\nironic_user_pip_packages: []\n\nironic_inspector_pip_packages:\n - \"git+{{ ironic_inspector_git_repo }}@{{ ironic_inspector_git_install_branch }}#egg=ironic-inspector\"\n - python-ironic-inspector-client\n\n# Specific pip packages provided by the user for the ironic inspector service\nironic_inspector_user_pip_packages: []\n\n# Memcached override\nironic_memcached_servers: \"{{ memcached_servers }}\"\n\n## Oslo Messaging Info\n# RPC\nironic_oslomsg_rpc_host_group: \"{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}\"\nironic_oslomsg_rpc_setup_host: \"{{ (ironic_oslomsg_rpc_host_group in groups) | ternary(groups[ironic_oslomsg_rpc_host_group][0], 'localhost') }}\"\nironic_oslomsg_rpc_transport: \"{{ oslomsg_rpc_transport | default('rabbit') }}\"\nironic_oslomsg_rpc_servers: \"{{ oslomsg_rpc_servers | default('127.0.0.1') }}\"\nironic_oslomsg_rpc_port: \"{{ oslomsg_rpc_port | default('5672') }}\"\nironic_oslomsg_rpc_use_ssl: \"{{ oslomsg_rpc_use_ssl | default(False) }}\"\nironic_oslomsg_rpc_userid: ironic\nironic_oslomsg_rpc_policies: []\n# vhost name depends on value of oslomsg_rabbit_quorum_queues. In case quorum queues\n# are not used - vhost name will be prefixed with leading `/`.\nironic_oslomsg_rpc_vhost:\n - name: /ironic\n state: \"{{ ironic_oslomsg_rabbit_quorum_queues | ternary('absent', 'present') }}\"\n - name: ironic\n state: \"{{ ironic_oslomsg_rabbit_quorum_queues | ternary('present', 'absent') }}\"\n\nironic_oslomsg_rpc_ssl_version: \"{{ oslomsg_rpc_ssl_version | default('TLSv1_2') }}\"\nironic_oslomsg_rpc_ssl_ca_file: \"{{ oslomsg_rpc_ssl_ca_file | default('') }}\"\n\n# Notify\nironic_oslomsg_notify_configure: \"{{ oslomsg_notify_configure | default(False) }}\"\nironic_oslomsg_notify_host_group: \"{{ oslomsg_notify_host_group | default('rabbitmq_all') }}\"\nironic_oslomsg_notify_setup_host: \"{{ (ironic_oslomsg_notify_host_group in groups) | ternary(groups[ironic_oslomsg_notify_host_group][0], 'localhost') }}\"\nironic_oslomsg_notify_transport: \"{{ oslomsg_notify_transport | default('rabbit') }}\"\nironic_oslomsg_notify_servers: \"{{ oslomsg_notify_servers | default('127.0.0.1') }}\"\nironic_oslomsg_notify_port: \"{{ oslomsg_notify_port | default('5672') }}\"\nironic_oslomsg_notify_use_ssl: \"{{ oslomsg_notify_use_ssl | default(False) }}\"\nironic_oslomsg_notify_userid: \"{{ ironic_oslomsg_rpc_userid }}\"\nironic_oslomsg_notify_password: \"{{ ironic_oslomsg_rpc_password }}\"\nironic_oslomsg_notify_vhost: \"{{ ironic_oslomsg_rpc_vhost }}\"\nironic_oslomsg_notify_ssl_version: \"{{ oslomsg_notify_ssl_version | default('TLSv1_2') }}\"\nironic_oslomsg_notify_ssl_ca_file: \"{{ oslomsg_notify_ssl_ca_file | default('') }}\"\nironic_oslomsg_notify_policies: []\n\n## RabbitMQ integration\nironic_oslomsg_rabbit_quorum_queues: \"{{ oslomsg_rabbit_quorum_queues | default(True) }}\"\nironic_oslomsg_rabbit_stream_fanout: \"{{ oslomsg_rabbit_stream_fanout | default(ironic_oslomsg_rabbit_quorum_queues) }}\"\nironic_oslomsg_rabbit_transient_quorum_queues: \"{{ oslomsg_rabbit_transient_quorum_queues | default(ironic_oslomsg_rabbit_stream_fanout) }}\"\nironic_oslomsg_rabbit_qos_prefetch_count: \"{{ oslomsg_rabbit_qos_prefetch_count | default(ironic_oslomsg_rabbit_stream_fanout | ternary(10, 0)) }}\"\nironic_oslomsg_rabbit_queue_manager: \"{{ oslomsg_rabbit_queue_manager | default(ironic_oslomsg_rabbit_quorum_queues) }}\"\nironic_oslomsg_rabbit_quorum_delivery_limit: \"{{ oslomsg_rabbit_quorum_delivery_limit | default(0) }}\"\nironic_oslomsg_rabbit_quorum_max_memory_bytes: \"{{ oslomsg_rabbit_quorum_max_memory_bytes | default(0) }}\"\n\n# Auth\nironic_service_user_name: \"ironic\"\n\n# WSGI settings\nironic_wsgi_threads: 1\nironic_wsgi_processes_max: 16\nironic_wsgi_processes: >-\n {{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, ironic_wsgi_processes_max] | min }}\nironic_uwsgi_bind_address: \"{{ openstack_service_bind_address | default('0.0.0.0') }}\"\nironic_uwsgi_tls:\n crt: \"{{ ironic_ssl_cert }}\"\n key: \"{{ ironic_ssl_key }}\"\n\n### OpenStack Services to integrate with\n\n# Glance\nironic_glance_auth_strategy: \"{{ ironic_auth_strategy }}\"\nironic_glance_service_project_name: \"{{ glance_service_project_name | default('service') }}\"\nironic_glance_service_project_domain_id: \"{{ glance_service_project_domain_id | default('default') }}\"\nironic_glance_keystone_auth_plugin: \"{{ glance_keystone_auth_plugin | default('password') }}\"\nironic_glance_service_user_name: \"{{ glance_service_user_name | default('glance') }}\"\nironic_glance_service_user_domain_id: \"{{ glance_service_user_domain_id | default('default') }}\"\nironic_glance_keystone_auth_url: \"{{ keystone_service_internalurl | default('http://localhost:5000/v3') }}\"\n\n# Neutron\nironic_neutron_auth_strategy: \"{{ ironic_auth_strategy }}\"\n\n### Config Overrides\nironic_ironic_conf_overrides: {}\nironic_rootwrap_conf_overrides: {}\nironic_policy_overrides: {}\nironic_api_uwsgi_ini_overrides: {}\n\n# pxe boot\nironic_kernel_append_params: \"ipa-debug=1 systemd.journald.forward_to_console=yes\"\n\nironic_api_init_config_overrides: {}\nironic_conductor_init_config_overrides: {}\n\n# driver definitions\nironic_drivers_enabled:\n - no_driver\n - agent_ipmitool\n - pxe_ipmitool\n\n# extra driver types defined by user\nironic_user_driver_types: {}\n\nironic_inspector_developer_mode: false\nironic_inspector_venv_python_executable: \"{{ openstack_venv_python_executable | default('python2') }}\"\n\n# System info\nironic_inspector_service_setup_host: \"{{ openstack_service_setup_host | default('localhost') }}\"\nironic_inspector_service_name: ironic-inspector\nironic_inspector_service_type: baremetal-introspection\nironic_inspector_service_description: \"Ironic Baremetal Introspection Service\"\nironic_inspector_service_publicuri_proto: \"{{ openstack_service_publicuri_proto | default(ironic_service_proto) }}\"\nironic_inspector_service_adminuri_proto: \"{{ openstack_service_adminuri_proto | default(ironic_service_proto) }}\"\nironic_inspector_service_internaluri_proto: \"{{ openstack_service_internaluri_proto | default(ironic_service_proto) }}\"\nironic_inspector_service_address: \"{{ openstack_service_bind_address }}\"\nironic_inspector_service_port: 5050\nironic_inspector_service_publicuri: \"{{ ironic_inspector_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ ironic_inspector_service_port }}\"\nironic_inspector_service_publicurl: \"{{ ironic_inspector_service_publicuri }}\"\nironic_inspector_service_adminuri: \"{{ ironic_inspector_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}\"\nironic_inspector_service_adminurl: \"{{ ironic_inspector_service_adminuri }}\"\nironic_inspector_service_internaluri: \"{{ ironic_inspector_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}\"\nironic_inspector_service_internalurl: \"{{ ironic_inspector_service_internaluri }}\"\nironic_inspector_service_role_names:\n - admin\n - service\nironic_inspector_service_token_roles:\n - service\nironic_inspector_service_token_roles_required: \"{{ openstack_service_token_roles_required | default(True) }}\"\nironic_inspector_service_project_name: \"service\"\nironic_inspector_service_in_ldap: \"{{ service_ldap_backend_enabled | default(False) }}\"\nironic_inspector_service_domain_id: default\nironic_inspector_callback_url: >-\n {{ ironic_inspector_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}/v1/continue\n\n# Database\nironic_inspector_db_setup_host: \"{{ openstack_db_setup_host | default('localhost') }}\"\nironic_inspector_db_setup_python_interpreter: >-\n {{\n openstack_db_setup_python_interpreter | default(\n (ironic_inspector_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))\n }}\nironic_inspector_galera_address: \"{{ galera_address | default('127.0.0.1') }}\"\nironic_inspector_galera_user: ironic-inspector\nironic_inspector_galera_database: ironic_inspector\nironic_inspector_galera_port: 3306\nironic_inspector_galera_use_ssl: \"{{ galera_use_ssl | default(False) }}\"\nironic_inspector_galera_ssl_ca_cert: \"{{ galera_ssl_ca_cert | default('') }}\"\nironic_inspector_db_max_overflow: \"{{ openstack_db_max_overflow | default('50') }}\"\nironic_inspector_db_max_pool_size: \"{{ openstack_db_max_pool_size | default('5') }}\"\nironic_inspector_db_pool_timeout: \"{{ openstack_db_pool_timeout | default('30') }}\"\nironic_inspector_db_connection_recycle_time: \"{{ openstack_db_connection_recycle_time | default('600') }}\"\n\nironic_inspector_pip_install_args: \"{{ pip_install_options | default('') }}\"\n\n# Ironic iPXE support\nironic_ipxe_enabled: false\nironic_ipxe_port: 8051\nironic_ipxe_proto: \"http\"\n\n# Auth\nironic_inspector_service_user_name: \"ironic_inspector\"\n\n### OpenStack Services to integrate with\n# Ironic swift store information\nironic_inspector_swift_user_name: swift-inspector\nironic_inspector_swift_role_names:\n - member\n - swiftoperator\n\n# Ironic deploy images need to be uploaded to glance.\nironic_deploy_image_glance_upload: true\n\n# Set the directory where the downloaded image will be stored\n# on the ironic_service_setup_host host. If the host is localhost,\n# then the user running the playbook must have access to it.\nironic_deploy_image_path: \"/root/openstack-ansible/ironic\"\nironic_deploy_image_path_owner: \"root\"\n\n# The default download URL is like https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs\n# Allow various parts of this to be overidden to local mirrors, or replaced completely with custom settings\nironic_deploy_image_server: \"https://tarballs.opendev.org/\"\nironic_deploy_image_server_path: \"openstack/ironic-python-agent/dib/files/\"\nironic_deploy_image_base_name: \"ipa-centos9-stable-2024.2\"\nironic_deploy_image_kernel_name: \"{{ ironic_deploy_image_base_name + '.kernel' }}\"\nironic_deploy_image_initramfs_name: \"{{ ironic_deploy_image_base_name + '.initramfs' }}\"\nironic_deploy_image_list:\n - url: \"{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_kernel_name }}\"\n sha_url: \"{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_kernel_name ~ '.sha256' }}\"\n container_format: \"bare\"\n disk_format: \"raw\"\n name: \"{{ ironic_deploy_image_kernel_name }}\"\n - url: \"{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_initramfs_name }}\"\n sha_url: \"{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_initramfs_name ~ '.sha256' }}\"\n container_format: \"bare\"\n disk_format: \"raw\"\n name: \"{{ ironic_deploy_image_initramfs_name }}\"\n\n# allow user defined extra images to upload\nironic_extra_deploy_image_list: []\n\n# Ironic inspector\nironic_inspector_enable_discovery: true\nironic_inspector_openstack_db_connection_string: >-\n mysql+pymysql://{{ ironic_inspector_galera_user }}:{{ ironic_inspector_container_mysql_password }}@{{ ironic_inspector_galera_address -}}:{{\n ironic_inspector_galera_port }}/{{ ironic_inspector_galera_database }}?charset=utf8{%\n if ironic_inspector_galera_use_ssl | bool %}&ssl_verify_cert=true{%\n if ironic_inspector_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ ironic_inspector_galera_ssl_ca_cert }}{% endif %}{% endif %}\n\n# define this to adjust the inspector processing hooks\n# Example:\n# ironic_inspector_processing_hooks: \"$default_processing_hooks,lldp_basic,local_link_connection\"\n\n# pass additional kernel paramters to the deploy image\nironic_inspector_extra_callback_parameters: \"\"\n\n# Ironic inspector dhcp\nironic_inspector_dhcp_address: \"{{ ironic_bmaas_address }}\"\nironic_inspector_dhcp_pool_range: 192.168.0.51 192.168.0.150\nironic_inspector_dhcp_subnet: 192.168.0.0/22\nironic_inspector_dhcp_subnet_mask: 255.255.252.0\nironic_insepctor_dhcp_enable_gateway: true\nironic_inspector_dhcp_gateway: 192.168.0.1\nironic_inspector_dhcp_enable_nameservers: true\nironic_inspector_dhcp_nameservers: 192.168.0.1\nironic_inspector_dhcp_lease_time: 600\n\nironic_inspector_dhcp_type: dnsmasq # isc_dhcp\nironic_inspector_boot_mode: http # tftp\nironic_inspector_pxe_boot_mode: \"{{ ironic_inspector_boot_mode }}\"\nironic_inspector_httpboot_dir: \"{{ ironic_http_root }}\"\nironic_inspector_tftpboot_dir: \"{{ ironic_tftpd_root }}\"\n\nironic_inspector_dhcp_interface: \"{{ ironic_bmaas_interface }}\"\nironic_inspector_valid_interfaces: internal,public\n\n### Config Overrides\nironic_inspector_conf_overrides: {}\nironic_inspector_rootwrap_conf_overrides: {}\nironic_inspector_init_config_overrides: {}\nironic_inspector_dnsmasq_init_config_overrides: {}\n# pxe boot\nironic_inspector_pxe_append_params: \"ipa-debug=1 systemd.journald.forward_to_console=yes\" # ipa-inspection-collectors=default,logs,extra_hardware\n\nironic_inspector_pxe_filter: dnsmasq # iptables\n\nironic_inspector_oslomsg_rpc_host_group: \"{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}\"\nironic_inspector_oslomsg_rpc_setup_host: \"{{ (ironic_oslomsg_rpc_host_group in groups) | ternary(groups[ironic_oslomsg_rpc_host_group][0], 'localhost') }}\"\nironic_inspector_oslomsg_rpc_transport: \"{{ oslomsg_rpc_transport | default('rabbit') }}\"\nironic_inspector_oslomsg_rpc_servers: \"{{ oslomsg_rpc_servers | default('127.0.0.1') }}\"\nironic_inspector_oslomsg_rpc_port: \"{{ oslomsg_rpc_port | default('5672') }}\"\nironic_inspector_oslomsg_rpc_use_ssl: \"{{ oslomsg_rpc_use_ssl | default(False) }}\"\nironic_inspector_oslomsg_rpc_userid: \"{{ ironic_oslomsg_rpc_userid }}\"\nironic_inspector_oslomsg_rpc_password: \"{{ ironic_oslomsg_rpc_password }}\"\nironic_inspector_oslomsg_rpc_vhost: \"{{ ironic_oslomsg_rpc_vhost }}\"\nironic_inspector_oslomsg_rpc_ssl_version: \"{{ oslomsg_rpc_ssl_version | default('TLSv1_2') }}\"\nironic_inspector_oslomsg_rpc_ssl_ca_file: \"{{ oslomsg_rpc_ssl_ca_file | default('') }}\"\n\n###\n### Backend TLS\n###\n\n# Define if communication between haproxy and service backends should be\n# encrypted with TLS.\nironic_backend_ssl: \"{{ openstack_service_backend_ssl | default(False) }}\"\n\n# Storage location for SSL certificate authority\nironic_pki_dir: \"{{ openstack_pki_dir | default('/etc/openstack_deploy/pki') }}\"\n\n# Delegated host for operating the certificate authority\nironic_pki_setup_host: \"{{ openstack_pki_setup_host | default('localhost') }}\"\n\n# ironic server certificate\nironic_pki_keys_path: \"{{ ironic_pki_dir ~ '/certs/private/' }}\"\nironic_pki_certs_path: \"{{ ironic_pki_dir ~ '/certs/certs/' }}\"\nironic_pki_intermediate_cert_name: \"{{ openstack_pki_service_intermediate_cert_name | default('ExampleCorpIntermediate') }}\"\nironic_pki_regen_cert: \"\"\nironic_pki_san: \"{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}\"\nironic_pki_certificates:\n - name: \"ironic_{{ ansible_facts['hostname'] }}\"\n provider: ownca\n cn: \"{{ ansible_facts['hostname'] }}\"\n san: \"{{ ironic_pki_san }}\"\n signed_by: \"{{ ironic_pki_intermediate_cert_name }}\"\n\n# ironic destination files for SSL certificates\nironic_ssl_cert: /etc/ironic/ironic.pem\nironic_ssl_key: /etc/ironic/ironic.key\n\n# Installation details for SSL certificates\nironic_pki_install_certificates:\n - src: \"{{ ironic_user_ssl_cert | default(ironic_pki_certs_path ~ 'ironic_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}\"\n dest: \"{{ ironic_ssl_cert }}\"\n owner: \"{{ ironic_system_user_name }}\"\n group: \"{{ ironic_system_user_name }}\"\n mode: \"0644\"\n - src: \"{{ ironic_user_ssl_key | default(ironic_pki_keys_path ~ 'ironic_' ~ ansible_facts['hostname'] ~ '.key.pem') }}\"\n dest: \"{{ ironic_ssl_key }}\"\n owner: \"{{ ironic_system_user_name }}\"\n group: \"{{ ironic_system_user_name }}\"\n mode: \"0600\"\n\n# Define user-provided SSL certificates\n# ironic_user_ssl_cert: \n# ironic_user_ssl_key: \n","created":"2025-12-14T10:21:51.307637Z","updated":"2025-12-14T10:21:51.307649Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible-os_ironic/defaults/main.yml"}