Playbook #5
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml
Execution
Date 15 Dec 2025 10:19:13 +0000
Duration 00:23:12.82
Controller aio1.openstack.local
User root
Versions
Ansible 2.18.6
ara 1.7.4 / 1.7.4
Python 3.12.3
Summary
9 Hosts
618 Tasks
960 Results
108 Plays
456 Files
0 Records
check:False tags:all

File: /home/zuul/src/opendev.org/openstack/openstack-ansible-os_ironic/defaults/main.yml

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Defaults file for openstack-ansible-ironic

# Verbosity Options
debug: false

# python venv executable
ironic_venv_python_executable: "{{ openstack_venv_python_executable | default('python3') }}"

# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
ironic_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
ironic_service_setup_host_python_interpreter: >-
  {{
    openstack_service_setup_host_python_interpreter | default(
      (ironic_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))
  }}

# Set the package install state for distribution packages
# Options are 'present' and 'latest'
ironic_package_state: "{{ package_state | default('latest') }}"

ironic_git_repo: https://opendev.org/openstack/ironic
ironic_inspector_git_repo: https://opendev.org/openstack/ironic-inspector
ironic_git_install_branch: master
ironic_inspector_git_install_branch: master
ironic_upper_constraints_url: >-
  {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}
ironic_git_constraints:
  - "--constraint {{ ironic_upper_constraints_url }}"

ironic_pip_install_args: "{{ pip_install_options | default('') }}"

# Name of the virtual env to deploy into
ironic_venv_tag: "{{ venv_tag | default('untagged') }}"
ironic_bin: "/openstack/venvs/ironic-{{ ironic_venv_tag }}/bin"

# System info
ironic_system_user_name: ironic
ironic_system_group_name: ironic
ironic_system_shell: /bin/bash
ironic_system_comment: ironic system user
ironic_system_home_folder: "/var/lib/{{ ironic_system_user_name }}"
ironic_system_slice_name: ironic
ironic_lock_dir: "{{ openstack_lock_dir | default('/run/lock') }}"

# Ironic Program and Service names
python_ironic_client_program_name: ironic
ironic_services:
  ironic-api:
    group: ironic_api
    service_name: ironic-api
    init_config_overrides: "{{ ironic_api_init_config_overrides }}"
    wsgi_app: true
    wsgi: "ironic.wsgi:application"
    uwsgi_overrides: "{{ ironic_api_uwsgi_ini_overrides }}"
    uwsgi_port: "{{ ironic_service_port }}"
    uwsgi_bind_address: "{{ ironic_uwsgi_bind_address }}"
    uwsgi_tls: "{{ ironic_backend_ssl | ternary(ironic_uwsgi_tls, {}) }}"
  ironic-conductor:
    group: ironic_conductor
    service_name: ironic-conductor
    init_config_overrides: "{{ ironic_conductor_init_config_overrides }}"
    execstarts: "{{ ironic_bin }}/ironic-conductor"
  ironic-inspector:
    group: ironic_inspector
    service_name: ironic-inspector
    init_config_overrides: "{{ ironic_inspector_init_config_overrides }}"
    execstarts: "{{ ironic_bin }}/ironic-inspector"
  ironic-inspector-dnsmasq:
    group: ironic_inspector
    service_name: ironic-inspector-dnsmasq
    service_type: forking
    systemd_user_name: root
    systemd_group_name: root
    init_config_overrides: "{{ ironic_inspector_dnsmasq_init_config_overrides }}"
    execstarts: "/usr/sbin/dnsmasq --conf-file=/etc/ironic-inspector/inspector-dnsmasq.conf"
    after_targets:
      - openvswitch.service
      - network.target
    state: stopped

ironic_service_name: ironic
ironic_service_type: baremetal
ironic_service_proto: http
ironic_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(ironic_service_proto) }}"
ironic_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(ironic_service_proto) }}"
ironic_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(ironic_service_proto) }}"
ironic_service_port: 6385
ironic_service_description: "Ironic baremetal provisioning service"
ironic_service_publicuri: "{{ ironic_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ ironic_service_port }}"
ironic_service_publicurl: "{{ ironic_service_publicuri }}"
ironic_service_adminuri: "{{ ironic_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_service_port }}"
ironic_service_adminurl: "{{ ironic_service_adminuri }}"
ironic_service_internaluri: "{{ ironic_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_service_port }}"
ironic_service_internalurl: "{{ ironic_service_internaluri }}"
ironic_program_name: ironic-api
ironic_service_region: "{{ service_region | default('RegionOne') }}"
ironic_service_project_name: "service"
ironic_service_project_domain_id: default
ironic_service_user_domain_id: default
ironic_service_role_names:
  - admin
  - service
ironic_service_token_roles:
  - service
ironic_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
ironic_service_in_ldap: "{{ service_ldap_backend_enabled | default(False) }}"

# Enable interaction with Nova and Neutron from 2024.1 with default policy
# If more than one service project name is necessary, then you may need to
# override Ironic 'service_role' policy.
ironic_service_role_elevated_access: true

# The name of the entry in container_networks for the bmaas network
# This is the default provisioning / inspection / cleaning network for this role
ironic_container_network_name: "bmaas_address"

# The name of the bridge on the host for the bmaas network
ironic_bmaas_bridge: "{{ container_networks[ironic_container_network_name]['bridge'] | default('bridge_undefined') }}"

# The address of this host on the bmaas network
ironic_bmaas_address: >-
  {{
    (is_metal | default(False)) | ternary(
      ansible_facts[ironic_bmaas_bridge | replace('-','_')]['ipv4']['address'],
      container_networks[ironic_container_network_name]['address']) | default('address_undefined')
  }}
# The name of the interface on the bmaas network
# This is the bmaas bridge name on metal, or the corresponding interface name in a container
ironic_bmaas_interface: >-
  {{
    (is_metal | default(False)) | ternary(
      ironic_bmaas_bridge, container_networks[ironic_container_network_name]['interface']) | default('interface_undefined')
  }}

# Ironic image store information
#
### Hosted Web Server
#
# Set this to True to use http web server to host floppy
# images and generated boot ISO. This requires http_root and
# http_url to be configured in the [deploy] section of the
# config file. If this is set to False, then Ironic will use
# Swift to host the floppy images and generated boot_iso.
ironic_enable_web_server_for_images: false
ironic_http_bind_address: "{{ ironic_bmaas_address }}"
ironic_http_url: "{{ ironic_ipxe_proto }}://{{ ironic_http_bind_address }}:{{ ironic_ipxe_port }}"
ironic_http_root: "/httpboot"
#
### Swift Config
#
ironic_swift_image_container: glance_images
ironic_swift_api_version: v1
ironic_swift_url_endpoint_type: swift
# The ironic swift auth account and swift endpoints will be generated using the
#  known swift data as provided by swift stat. If you wish to set either of these
#  items to something else define these variables.
# ironic_swift_auth_account: AUTH_1234567890
# ironic_swift_endpoint: https://localhost:8080

# Is this Ironic installation working standalone?
# If you're wanting Ironic to work without being integrated to other OpenStack
# services, set this to True, and update the dhcp configuration appropriately
ironic_standalone: false

# Enables or disables automated cleaning. Automated cleaning
# is a configurable set of steps, such as erasing disk drives,
# that are performed on the node to ensure it is in a baseline
# state and ready to be deployed to.
ironic_automated_clean: false
# Set to 0 to disable erase devices on cleaning
ironic_erase_devices_priority: 10

# Database
ironic_db_setup_host: "{{ openstack_db_setup_host | default('localhost') }}"
ironic_db_setup_python_interpreter: >-
  {{
    openstack_db_setup_python_interpreter | default(
      (ironic_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))
  }}
ironic_galera_address: "{{ galera_address | default('127.0.0.1') }}"
ironic_galera_user: ironic
ironic_galera_database: ironic
ironic_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
ironic_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('') }}"
ironic_galera_port: "{{ galera_port | default('3306') }}"
ironic_db_max_overflow: "{{ openstack_db_max_overflow | default('50') }}"
ironic_db_max_pool_size: "{{ openstack_db_max_pool_size | default('5') }}"
ironic_db_pool_timeout: "{{ openstack_db_pool_timeout | default('30') }}"
ironic_db_connection_recycle_time: "{{ openstack_db_connection_recycle_time | default('600') }}"

## Keystone authentication middleware
ironic_keystone_auth_plugin: password

# Neutron network - Set these in a playbook/task - can be set manually.
# Only "name" or "uuid" is needed, uuid will take preference if both are specified.
# The cleaning and inspection network is not required to be set; they will default
# to the provisioning network if not specified.
# ironic_neutron_provisioning_network_uuid: "UUID for provisioning network in neutron"
# ironic_neutron_cleaning_network_uuid: "UUID for cleaning network in neutron"
# ironic_neutron_inspection_network_uuid: "UUID for inspection network in neutron"
# ironic_neutron_provisioning_network_name: "Name of provisioning network in neutron"
# ironic_neutron_cleaning_network_name: "Name of cleaning network in neutron"
# ironic_neutron_inspection_network_name: "Name of inspection network in neutron"

# Integrated Openstack configuration
ironic_enabled_network_interfaces_list: "flat,noop{{ (ironic_neutron_provisioning_network_uuid is defined) | ternary(',neutron', '') }}"
ironic_default_network_interface: "{{ (ironic_neutron_provisioning_network_uuid is defined) | ternary('neutron', 'flat') }}"
ironic_auth_strategy: keystone
ironic_dhcp_provider: "{{ (ironic_standalone | bool) | ternary('none', 'neutron') }}"
ironic_sync_power_state_interval: "{{ (ironic_standalone | bool) | ternary('-1', '60') }}"
ironic_db_connection_string: >-
  mysql+pymysql://{{ ironic_galera_user }}:{{ ironic_container_mysql_password }}@{{ ironic_galera_address }}:{{ ironic_galera_port
    }}/ironic?charset=utf8{% if ironic_galera_use_ssl | bool %}&ssl_verify_cert=true{%
      if ironic_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ ironic_galera_ssl_ca_cert }}{% endif %}{% endif %}

# Common configuration
ironic_node_name: ironic

ironic_tftp_server_address: "{{ ironic_bmaas_address }}"

# Use this variable to add extra files into the ironic_tftp_root directory
# ironic_tftp_extra_content:
#   - path: /some/local/dir/local-file.txt
#     name: local-file.txt
#   - url: http://boot.ipxe.org/arm64-efi/ipxe.efi
#     name: ipxe_aa64.efi
ironic_tftp_extra_content: []

ironic_pip_packages:
  - "git+{{ ironic_git_repo }}@{{ ironic_git_install_branch }}#egg=ironic"
  - cryptography
  - osprofiler
  - proliantutils
  - PyMySQL
  - pymemcache
  - pysnmp
  - python-dracclient
  - python-ilorest-library
  - python-ironicclient
  - python-memcached
  - python-scciclient
  - python-swiftclient
  - python-xclarityclient
  - sushy
  - systemd-python

# ipmitool-socat console settings
ironic_socat_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
ironic_socat_port_range: "10000:10099"

# Specific pip packages provided by the user for the ironic service
ironic_user_pip_packages: []

ironic_inspector_pip_packages:
  - "git+{{ ironic_inspector_git_repo }}@{{ ironic_inspector_git_install_branch }}#egg=ironic-inspector"
  - python-ironic-inspector-client

# Specific pip packages provided by the user for the ironic inspector service
ironic_inspector_user_pip_packages: []

# Memcached override
ironic_memcached_servers: "{{ memcached_servers }}"

## Oslo Messaging Info
# RPC
ironic_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
ironic_oslomsg_rpc_setup_host: "{{ (ironic_oslomsg_rpc_host_group in groups) | ternary(groups[ironic_oslomsg_rpc_host_group][0], 'localhost') }}"
ironic_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}"
ironic_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}"
ironic_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}"
ironic_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}"
ironic_oslomsg_rpc_userid: ironic
ironic_oslomsg_rpc_policies: []
# vhost name depends on value of oslomsg_rabbit_quorum_queues. In case quorum queues
# are not used - vhost name will be prefixed with leading `/`.
ironic_oslomsg_rpc_vhost:
  - name: /ironic
    state: "{{ ironic_oslomsg_rabbit_quorum_queues | ternary('absent', 'present') }}"
  - name: ironic
    state: "{{ ironic_oslomsg_rabbit_quorum_queues | ternary('present', 'absent') }}"

ironic_oslomsg_rpc_ssl_version: "{{ oslomsg_rpc_ssl_version | default('TLSv1_2') }}"
ironic_oslomsg_rpc_ssl_ca_file: "{{ oslomsg_rpc_ssl_ca_file | default('') }}"

# Notify
ironic_oslomsg_notify_configure: "{{ oslomsg_notify_configure | default(False) }}"
ironic_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
ironic_oslomsg_notify_setup_host: "{{ (ironic_oslomsg_notify_host_group in groups) | ternary(groups[ironic_oslomsg_notify_host_group][0], 'localhost') }}"
ironic_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
ironic_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
ironic_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
ironic_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}"
ironic_oslomsg_notify_userid: "{{ ironic_oslomsg_rpc_userid }}"
ironic_oslomsg_notify_password: "{{ ironic_oslomsg_rpc_password }}"
ironic_oslomsg_notify_vhost: "{{ ironic_oslomsg_rpc_vhost }}"
ironic_oslomsg_notify_ssl_version: "{{ oslomsg_notify_ssl_version | default('TLSv1_2') }}"
ironic_oslomsg_notify_ssl_ca_file: "{{ oslomsg_notify_ssl_ca_file | default('') }}"
ironic_oslomsg_notify_policies: []

## RabbitMQ integration
ironic_oslomsg_rabbit_quorum_queues: "{{ oslomsg_rabbit_quorum_queues | default(True) }}"
ironic_oslomsg_rabbit_stream_fanout: "{{ oslomsg_rabbit_stream_fanout | default(ironic_oslomsg_rabbit_quorum_queues) }}"
ironic_oslomsg_rabbit_transient_quorum_queues: "{{ oslomsg_rabbit_transient_quorum_queues | default(ironic_oslomsg_rabbit_stream_fanout) }}"
ironic_oslomsg_rabbit_qos_prefetch_count: "{{ oslomsg_rabbit_qos_prefetch_count | default(ironic_oslomsg_rabbit_stream_fanout | ternary(10, 0)) }}"
ironic_oslomsg_rabbit_queue_manager: "{{ oslomsg_rabbit_queue_manager | default(ironic_oslomsg_rabbit_quorum_queues) }}"
ironic_oslomsg_rabbit_quorum_delivery_limit: "{{ oslomsg_rabbit_quorum_delivery_limit | default(0) }}"
ironic_oslomsg_rabbit_quorum_max_memory_bytes: "{{ oslomsg_rabbit_quorum_max_memory_bytes | default(0) }}"

# Auth
ironic_service_user_name: "ironic"

# WSGI settings
ironic_wsgi_threads: 1
ironic_wsgi_processes_max: 16
ironic_wsgi_processes: >-
  {{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, ironic_wsgi_processes_max] | min }}
ironic_uwsgi_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
ironic_uwsgi_tls:
  crt: "{{ ironic_ssl_cert }}"
  key: "{{ ironic_ssl_key }}"

### OpenStack Services to integrate with

# Glance
ironic_glance_auth_strategy: "{{ ironic_auth_strategy }}"
ironic_glance_service_project_name: "{{ glance_service_project_name | default('service') }}"
ironic_glance_service_project_domain_id: "{{ glance_service_project_domain_id | default('default') }}"
ironic_glance_keystone_auth_plugin: "{{ glance_keystone_auth_plugin | default('password') }}"
ironic_glance_service_user_name: "{{ glance_service_user_name | default('glance') }}"
ironic_glance_service_user_domain_id: "{{ glance_service_user_domain_id | default('default') }}"
ironic_glance_keystone_auth_url: "{{ keystone_service_internalurl | default('http://localhost:5000/v3') }}"

# Neutron
ironic_neutron_auth_strategy: "{{ ironic_auth_strategy }}"

### Config Overrides
ironic_ironic_conf_overrides: {}
ironic_rootwrap_conf_overrides: {}
ironic_policy_overrides: {}
ironic_api_uwsgi_ini_overrides: {}

# pxe boot
ironic_kernel_append_params: "ipa-debug=1 systemd.journald.forward_to_console=yes"

ironic_api_init_config_overrides: {}
ironic_conductor_init_config_overrides: {}

# driver definitions
ironic_drivers_enabled:
  - no_driver
  - agent_ipmitool
  - pxe_ipmitool

# extra driver types defined by user
ironic_user_driver_types: {}

ironic_inspector_developer_mode: false
ironic_inspector_venv_python_executable: "{{ openstack_venv_python_executable | default('python2') }}"

# System info
ironic_inspector_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
ironic_inspector_service_name: ironic-inspector
ironic_inspector_service_type: baremetal-introspection
ironic_inspector_service_description: "Ironic Baremetal Introspection Service"
ironic_inspector_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(ironic_service_proto) }}"
ironic_inspector_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(ironic_service_proto) }}"
ironic_inspector_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(ironic_service_proto) }}"
ironic_inspector_service_address: "{{ openstack_service_bind_address }}"
ironic_inspector_service_port: 5050
ironic_inspector_service_publicuri: "{{ ironic_inspector_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ ironic_inspector_service_port }}"
ironic_inspector_service_publicurl: "{{ ironic_inspector_service_publicuri }}"
ironic_inspector_service_adminuri: "{{ ironic_inspector_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}"
ironic_inspector_service_adminurl: "{{ ironic_inspector_service_adminuri }}"
ironic_inspector_service_internaluri: "{{ ironic_inspector_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}"
ironic_inspector_service_internalurl: "{{ ironic_inspector_service_internaluri }}"
ironic_inspector_service_role_names:
  - admin
  - service
ironic_inspector_service_token_roles:
  - service
ironic_inspector_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
ironic_inspector_service_project_name: "service"
ironic_inspector_service_in_ldap: "{{ service_ldap_backend_enabled | default(False) }}"
ironic_inspector_service_domain_id: default
ironic_inspector_callback_url: >-
  {{ ironic_inspector_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_inspector_service_port }}/v1/continue

# Database
ironic_inspector_db_setup_host: "{{ openstack_db_setup_host | default('localhost') }}"
ironic_inspector_db_setup_python_interpreter: >-
  {{
    openstack_db_setup_python_interpreter | default(
      (ironic_inspector_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))
  }}
ironic_inspector_galera_address: "{{ galera_address | default('127.0.0.1') }}"
ironic_inspector_galera_user: ironic-inspector
ironic_inspector_galera_database: ironic_inspector
ironic_inspector_galera_port: 3306
ironic_inspector_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
ironic_inspector_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('') }}"
ironic_inspector_db_max_overflow: "{{ openstack_db_max_overflow | default('50') }}"
ironic_inspector_db_max_pool_size: "{{ openstack_db_max_pool_size | default('5') }}"
ironic_inspector_db_pool_timeout: "{{ openstack_db_pool_timeout | default('30') }}"
ironic_inspector_db_connection_recycle_time: "{{ openstack_db_connection_recycle_time | default('600') }}"

ironic_inspector_pip_install_args: "{{ pip_install_options | default('') }}"

# Ironic iPXE support
ironic_ipxe_enabled: false
ironic_ipxe_port: 8051
ironic_ipxe_proto: "http"

# Auth
ironic_inspector_service_user_name: "ironic_inspector"

### OpenStack Services to integrate with
# Ironic swift store information
ironic_inspector_swift_user_name: swift-inspector
ironic_inspector_swift_role_names:
  - member
  - swiftoperator

# Ironic deploy images need to be uploaded to glance.
ironic_deploy_image_glance_upload: true

# Set the directory where the downloaded image will be stored
# on the ironic_service_setup_host host. If the host is localhost,
# then the user running the playbook must have access to it.
ironic_deploy_image_path: "/root/openstack-ansible/ironic"
ironic_deploy_image_path_owner: "root"

# The default download URL is like https://tarballs.opendev.org/openstack/ironic-python-agent/dib/files/ipa-centos8-stable-xena.initramfs
# Allow various parts of this to be overidden to local mirrors, or replaced completely with custom settings
ironic_deploy_image_server: "https://tarballs.opendev.org/"
ironic_deploy_image_server_path: "openstack/ironic-python-agent/dib/files/"
ironic_deploy_image_base_name: "ipa-centos9-stable-2024.2"
ironic_deploy_image_kernel_name: "{{ ironic_deploy_image_base_name + '.kernel' }}"
ironic_deploy_image_initramfs_name: "{{ ironic_deploy_image_base_name + '.initramfs' }}"
ironic_deploy_image_list:
  - url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_kernel_name }}"
    sha_url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_kernel_name ~ '.sha256' }}"
    container_format: "bare"
    disk_format: "raw"
    name: "{{ ironic_deploy_image_kernel_name }}"
  - url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_initramfs_name }}"
    sha_url: "{{ ironic_deploy_image_server ~ ironic_deploy_image_server_path ~ ironic_deploy_image_initramfs_name ~ '.sha256' }}"
    container_format: "bare"
    disk_format: "raw"
    name: "{{ ironic_deploy_image_initramfs_name }}"

# allow user defined extra images to upload
ironic_extra_deploy_image_list: []

# Ironic inspector
ironic_inspector_enable_discovery: true
ironic_inspector_openstack_db_connection_string: >-
  mysql+pymysql://{{ ironic_inspector_galera_user }}:{{ ironic_inspector_container_mysql_password }}@{{ ironic_inspector_galera_address -}}:{{
    ironic_inspector_galera_port }}/{{ ironic_inspector_galera_database }}?charset=utf8{%
     if ironic_inspector_galera_use_ssl | bool %}&ssl_verify_cert=true{%
       if ironic_inspector_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ ironic_inspector_galera_ssl_ca_cert }}{% endif %}{% endif %}

# define this to adjust the inspector processing hooks
# Example:
# ironic_inspector_processing_hooks: "$default_processing_hooks,lldp_basic,local_link_connection"

# pass additional kernel paramters to the deploy image
ironic_inspector_extra_callback_parameters: ""

# Ironic inspector dhcp
ironic_inspector_dhcp_address: "{{ ironic_bmaas_address }}"
ironic_inspector_dhcp_pool_range: 192.168.0.51 192.168.0.150
ironic_inspector_dhcp_subnet: 192.168.0.0/22
ironic_inspector_dhcp_subnet_mask: 255.255.252.0
ironic_insepctor_dhcp_enable_gateway: true
ironic_inspector_dhcp_gateway: 192.168.0.1
ironic_inspector_dhcp_enable_nameservers: true
ironic_inspector_dhcp_nameservers: 192.168.0.1
ironic_inspector_dhcp_lease_time: 600

ironic_inspector_dhcp_type: dnsmasq # isc_dhcp
ironic_inspector_boot_mode: http # tftp
ironic_inspector_pxe_boot_mode: "{{ ironic_inspector_boot_mode }}"
ironic_inspector_httpboot_dir: "{{ ironic_http_root }}"
ironic_inspector_tftpboot_dir: "{{ ironic_tftpd_root }}"

ironic_inspector_dhcp_interface: "{{ ironic_bmaas_interface }}"
ironic_inspector_valid_interfaces: internal,public

### Config Overrides
ironic_inspector_conf_overrides: {}
ironic_inspector_rootwrap_conf_overrides: {}
ironic_inspector_init_config_overrides: {}
ironic_inspector_dnsmasq_init_config_overrides: {}
# pxe boot
ironic_inspector_pxe_append_params: "ipa-debug=1 systemd.journald.forward_to_console=yes" # ipa-inspection-collectors=default,logs,extra_hardware

ironic_inspector_pxe_filter: dnsmasq # iptables

ironic_inspector_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
ironic_inspector_oslomsg_rpc_setup_host: "{{ (ironic_oslomsg_rpc_host_group in groups) | ternary(groups[ironic_oslomsg_rpc_host_group][0], 'localhost') }}"
ironic_inspector_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}"
ironic_inspector_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}"
ironic_inspector_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}"
ironic_inspector_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}"
ironic_inspector_oslomsg_rpc_userid: "{{ ironic_oslomsg_rpc_userid }}"
ironic_inspector_oslomsg_rpc_password: "{{ ironic_oslomsg_rpc_password }}"
ironic_inspector_oslomsg_rpc_vhost: "{{ ironic_oslomsg_rpc_vhost }}"
ironic_inspector_oslomsg_rpc_ssl_version: "{{ oslomsg_rpc_ssl_version | default('TLSv1_2') }}"
ironic_inspector_oslomsg_rpc_ssl_ca_file: "{{ oslomsg_rpc_ssl_ca_file | default('') }}"

###
### Backend TLS
###

# Define if communication between haproxy and service backends should be
# encrypted with TLS.
ironic_backend_ssl: "{{ openstack_service_backend_ssl | default(False) }}"

# Storage location for SSL certificate authority
ironic_pki_dir: "{{ openstack_pki_dir | default('/etc/openstack_deploy/pki') }}"

# Delegated host for operating the certificate authority
ironic_pki_setup_host: "{{ openstack_pki_setup_host | default('localhost') }}"

# ironic server certificate
ironic_pki_keys_path: "{{ ironic_pki_dir ~ '/certs/private/' }}"
ironic_pki_certs_path: "{{ ironic_pki_dir ~ '/certs/certs/' }}"
ironic_pki_intermediate_cert_name: "{{ openstack_pki_service_intermediate_cert_name | default('ExampleCorpIntermediate') }}"
ironic_pki_regen_cert: ""
ironic_pki_san: "{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}"
ironic_pki_certificates:
  - name: "ironic_{{ ansible_facts['hostname'] }}"
    provider: ownca
    cn: "{{ ansible_facts['hostname'] }}"
    san: "{{ ironic_pki_san }}"
    signed_by: "{{ ironic_pki_intermediate_cert_name }}"

# ironic destination files for SSL certificates
ironic_ssl_cert: /etc/ironic/ironic.pem
ironic_ssl_key: /etc/ironic/ironic.key

# Installation details for SSL certificates
ironic_pki_install_certificates:
  - src: "{{ ironic_user_ssl_cert | default(ironic_pki_certs_path ~ 'ironic_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}"
    dest: "{{ ironic_ssl_cert }}"
    owner: "{{ ironic_system_user_name }}"
    group: "{{ ironic_system_user_name }}"
    mode: "0644"
  - src: "{{ ironic_user_ssl_key | default(ironic_pki_keys_path ~ 'ironic_' ~ ansible_facts['hostname'] ~ '.key.pem') }}"
    dest: "{{ ironic_ssl_key }}"
    owner: "{{ ironic_system_user_name }}"
    group: "{{ ironic_system_user_name }}"
    mode: "0600"

# Define user-provided SSL certificates
# ironic_user_ssl_cert: <path to cert on ansible deployment host>
# ironic_user_ssl_key: <path to cert on ansible deployment host>