blob: bc4b0349558978cb9e4636628b1a11aa7fad127b [file] [log] [blame]
Mohammed Naser298f0272024-07-29 18:43:25 -04001# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13# Default values for ironic.
14# This is a YAML-formatted file.
15# Declare name/value pairs to be passed into your templates.
16# name: value
17
18---
19release_group: null
20
21helm3_hook: true
22
23labels:
24 api:
25 node_selector_key: openstack-control-plane
26 node_selector_value: enabled
27 conductor:
28 node_selector_key: openstack-control-plane
29 node_selector_value: enabled
30 job:
31 node_selector_key: openstack-control-plane
32 node_selector_value: enabled
33
34images:
35 tags:
36 ironic_manage_cleaning_network: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
37 ironic_retrive_cleaning_network: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
38 ironic_retrive_swift_config: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
39 # Bootstrap image requires curl
40 bootstrap: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
41 db_drop: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
42 db_init: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
43 ironic_db_sync: docker.io/openstackhelm/ironic:2024.1-ubuntu_jammy
44 ks_user: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
45 ks_service: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
46 ks_endpoints: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
47 rabbit_init: docker.io/rabbitmq:3.13-management
48 ironic_api: docker.io/openstackhelm/ironic:2024.1-ubuntu_jammy
49 ironic_conductor: docker.io/openstackhelm/ironic:2024.1-ubuntu_jammy
50 ironic_pxe: docker.io/openstackhelm/ironic:2024.1-ubuntu_jammy
51 ironic_pxe_init: docker.io/openstackhelm/ironic:2024.1-ubuntu_jammy
52 ironic_pxe_http: docker.io/nginx:1.13.3
Oleksandr K.ae821ee2024-08-08 20:00:26 +020053 dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
Mohammed Naser298f0272024-07-29 18:43:25 -040054 image_repo_sync: docker.io/docker:17.07.0
55 pull_policy: "IfNotPresent"
56 local_registry:
57 active: false
58 exclude:
59 - dep_check
60 - image_repo_sync
61
62conf:
63 paste:
64 override:
65 append:
66 policy: {}
67 tftp_map_file: |
68 re ^(/tftpboot/) /tftpboot/\2
69 re ^/tftpboot/ /tftpboot/
70 re ^(^/) /tftpboot/\1
71 re ^([^/]) /tftpboot/\1
72 nginx: |
73 user nginx;
74 worker_processes 1;
75 error_log /var/log/nginx/error.log warn;
76 pid /var/run/nginx.pid;
77 events {
78 worker_connections 1024;
79 }
80 http {
81 include /etc/nginx/mime.types;
82 default_type application/octet-stream;
83 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
84 '$status $body_bytes_sent "$http_referer" '
85 '"$http_user_agent" "$http_x_forwarded_for"';
86 access_log /var/log/nginx/access.log main;
87 sendfile on;
88 #tcp_nopush on;
89 keepalive_timeout 65;
90 #gzip on;
91 server {
92 listen OSH_PXE_IP:{{ tuple "baremetal" "internal" "pxe_http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }};
93 server_name localhost;
94 #charset koi8-r;
95 #access_log /var/log/nginx/host.access.log main;
96 location / {
97 root /var/lib/openstack-helm/httpboot;
98 }
99 }
100 }
101 ironic:
102 DEFAULT:
103 log_config_append: /etc/ironic/logging.conf
104 api:
105 port: null
106 conductor:
107 api_url: null
108 database:
109 connection: null
Dong Ma36b89222025-02-13 16:15:52 +0000110 max_retries: -1
Mohammed Naser298f0272024-07-29 18:43:25 -0400111 deploy:
112 http_root: /var/lib/openstack-helm/httpboot
113 glance:
114 auth_type: password
115 swift_temp_url_duration: 86400
116 temp_url_endpoint_type: swift
117 swift_container: glance
118 swift_api_version: v1
119 auth_section: glance
120 inspector:
121 auth_type: password
122 keystone_authtoken:
Oleksandr K.ae821ee2024-08-08 20:00:26 +0200123 service_token_roles: service
124 service_token_roles_required: true
Mohammed Naser298f0272024-07-29 18:43:25 -0400125 auth_type: password
126 auth_version: v3
127 neutron:
128 auth_type: password
129 pxe:
130 pxe_append_params: "nofb nomodeset vga=normal ipa-debug=1"
131 images_path: /var/lib/openstack-helm/ironic/images
132 instance_master_path: /var/lib/openstack-helm/ironic/master_images
133 pxe_config_template: $pybasedir/drivers/modules/ipxe_config.template
134 uefi_pxe_config_template: $pybasedir/drivers/modules/ipxe_config.template
135 tftp_root: /var/lib/openstack-helm/tftpboot
136 tftp_master_path: /var/lib/openstack-helm/tftpboot/master_images
137 pxe_bootfile_name: undionly.kpxe
138 uefi_pxe_bootfile_name: ipxe.efi
139 ipxe_enabled: true
140 service_catalog:
141 auth_type: password
Oleksandr K.ae821ee2024-08-08 20:00:26 +0200142 service_user:
143 auth_type: password
144 send_service_user_token: true
Mohammed Naser298f0272024-07-29 18:43:25 -0400145 swift:
146 auth_url: null
147 oslo_policy:
148 policy_file: /etc/ironic/policy.yaml
149 logging:
150 loggers:
151 keys:
152 - root
153 - ironic
154 handlers:
155 keys:
156 - stdout
157 - stderr
158 - "null"
159 formatters:
160 keys:
161 - context
162 - default
163 logger_root:
164 level: WARNING
165 handlers: 'null'
166 logger_ironic:
167 level: INFO
168 handlers:
169 - stdout
170 qualname: ironic
171 logger_amqp:
172 level: WARNING
173 handlers: stderr
174 qualname: amqp
175 logger_amqplib:
176 level: WARNING
177 handlers: stderr
178 qualname: amqplib
179 logger_eventletwsgi:
180 level: WARNING
181 handlers: stderr
182 qualname: eventlet.wsgi.server
183 logger_sqlalchemy:
184 level: WARNING
185 handlers: stderr
186 qualname: sqlalchemy
187 logger_boto:
188 level: WARNING
189 handlers: stderr
190 qualname: boto
191 handler_null:
192 class: logging.NullHandler
193 formatter: default
194 args: ()
195 handler_stdout:
196 class: StreamHandler
197 args: (sys.stdout,)
198 formatter: context
199 handler_stderr:
200 class: StreamHandler
201 args: (sys.stderr,)
202 formatter: context
203 formatter_context:
204 class: oslo_log.formatters.ContextFormatter
205 datefmt: "%Y-%m-%d %H:%M:%S"
206 formatter_default:
207 format: "%(message)s"
208 datefmt: "%Y-%m-%d %H:%M:%S"
209
Oleksandr K.ae821ee2024-08-08 20:00:26 +0200210conductor:
211 http:
212 enabled: true
213 init_script: |
214 #!/bin/bash
215 set -ex
216 if [ "x" == "x${PROVISIONER_INTERFACE}" ]; then
217 echo "Provisioner interface is not set"
218 exit 1
219 fi
220
221 function net_pxe_addr {
222 ip addr | awk "/inet / && /${PROVISIONER_INTERFACE}/{print \$2; exit }"
223 }
224 function net_pxe_ip {
225 echo $(net_pxe_addr) | awk -F '/' '{ print $1; exit }'
226 }
227 PXE_IP=$(net_pxe_ip)
228
229 if [ "x" == "x${PXE_IP}" ]; then
230 echo "Could not find IP for pxe to bind to"
231 exit 1
232 fi
233
234 sed "s|OSH_PXE_IP|${PXE_IP}|g" /etc/nginx/nginx.conf > /tmp/pod-shared/nginx.conf
235 script: |
236 #!/bin/bash
237 set -ex
238 mkdir -p /var/lib/openstack-helm/httpboot
239 cp -v /tmp/pod-shared/nginx.conf /etc/nginx/nginx.conf
240 exec nginx -g 'daemon off;'
241 pxe:
242 enabled: true
243 init_script: |
244 #!/bin/bash
245 set -ex
246 # default to Ubuntu path
247 FILEPATH=${FILEPATH:-/usr/lib/ipxe}
248
249 mkdir -p /var/lib/openstack-helm/tftpboot
250 mkdir -p /var/lib/openstack-helm/tftpboot/master_images
251
252 for FILE in undionly.kpxe ipxe.efi pxelinux.0 snponly.efi; do
253 # copy in default file
254 if [ -f $FILEPATH/$FILE ]; then
255 cp -v $FILEPATH/$FILE /var/lib/openstack-helm/tftpboot
256 fi
257
258 done
259 script: |
260 #!/bin/bash
261 set -ex
262 function net_pxe_addr {
263 ip addr | awk "/inet / && /${PROVISIONER_INTERFACE}/{print \$2; exit }"
264 }
265 function net_pxe_ip {
266 echo $(net_pxe_addr) | awk -F '/' '{ print $1; exit }'
267 }
268 PXE_IP=$(net_pxe_ip)
269
270 if [ "x" == "x${PXE_IP}" ]; then
271 echo "Could not find IP for pxe to bind to"
272 exit 1
273 fi
274
275 ln -s /var/lib/openstack-helm/tftpboot /tftpboot
276 exec /usr/sbin/in.tftpd \
277 --verbose \
278 --foreground \
279 --user root \
280 --address ${PXE_IP}:69 \
281 --map-file /tftp-map-file /tftpboot
282
Mohammed Naser298f0272024-07-29 18:43:25 -0400283network:
284 pxe:
285 device: ironic-pxe
286 neutron_network_name: baremetal
287 neutron_subnet_name: baremetal
288 neutron_provider_network: ironic
289 neutron_subnet_gateway: 172.24.6.1/24
290 neutron_subnet_cidr: 172.24.6.0/24
291 neutron_subnet_alloc_start: 172.24.6.100
292 neutron_subnet_alloc_end: 172.24.6.200
293 neutron_subnet_dns_nameserver: 10.96.0.10
294 api:
295 ingress:
296 public: true
297 classes:
298 namespace: "nginx"
299 cluster: "nginx-cluster"
300 annotations:
301 nginx.ingress.kubernetes.io/rewrite-target: /
302 node_port:
303 enabled: false
304 port: 30511
305
306bootstrap:
307 image:
308 enabled: true
309 openstack:
310 enabled: true
311 ks_user: ironic
312 # NOTE: if source_base is null the source will be used as is
313 source_base: http://tarballs.openstack.org/ironic-python-agent/tinyipa/files
314 structured:
315 ironic-agent.initramfs:
316 source: tinyipa-stable-wallaby.gz
317 disk_format: ari
318 container_format: ari
319 ironic-agent.kernel:
320 source: tinyipa-stable-wallaby.vmlinuz
321 disk_format: aki
322 container_format: aki
323 network:
324 enabled: true
325 openstack:
326 enabled: true
327 object_store:
328 enabled: true
329 openstack:
330 enabled: true
331
332dependencies:
333 dynamic:
334 common:
335 local_image_registry:
336 jobs:
337 - ironic-image-repo-sync
338 services:
339 - endpoint: node
340 service: local_image_registry
341 static:
342 api:
343 jobs:
344 - ironic-db-sync
345 - ironic-ks-user
346 - ironic-ks-endpoints
347 - ironic-manage-cleaning-network
348 - ironic-rabbit-init
349 services:
350 - endpoint: internal
351 service: oslo_db
352 - endpoint: internal
353 service: identity
354 - endpoint: internal
355 service: oslo_messaging
356 bootstrap:
357 jobs: null
358 services:
359 - endpoint: internal
360 service: identity
361 - endpoint: internal
362 service: image
363 - endpoint: internal
364 service: baremetal
365 conductor:
366 jobs:
367 - ironic-db-sync
368 - ironic-ks-user
369 - ironic-ks-endpoints
370 - ironic-manage-cleaning-network
371 - ironic-rabbit-init
372 services:
373 - endpoint: internal
374 service: oslo_db
375 - endpoint: internal
376 service: identity
377 - endpoint: internal
378 service: baremetal
379 - endpoint: internal
380 service: oslo_messaging
381 db_drop:
382 services:
383 - endpoint: internal
384 service: oslo_db
385 db_init:
386 services:
387 - endpoint: internal
388 service: oslo_db
389 db_sync:
390 jobs:
391 - ironic-db-init
392 services:
393 - endpoint: internal
394 service: oslo_db
395 ks_endpoints:
396 jobs:
397 - ironic-ks-service
398 services:
399 - endpoint: internal
400 service: identity
401 ks_service:
402 services:
403 - endpoint: internal
404 service: identity
405 ks_user:
406 services:
407 - endpoint: internal
408 service: identity
409 rabbit_init:
410 services:
411 - endpoint: internal
412 service: oslo_messaging
413 manage_cleaning_network:
414 services:
415 - endpoint: internal
416 service: network
417 image_repo_sync:
418 services:
419 - endpoint: internal
420 service: local_image_registry
421
422# Names of secrets used by bootstrap and environmental checks
423secrets:
424 identity:
425 admin: ironic-keystone-admin
426 ironic: ironic-keystone-user
427 glance: ironic-glance-keystone-user
428 oslo_db:
429 admin: ironic-db-admin
430 ironic: ironic-db-user
431 oslo_messaging:
432 admin: ironic-rabbitmq-admin
433 ironic: ironic-rabbitmq-user
434 oci_image_registry:
435 ironic: ironic-oci-image-registry
436
437# typically overridden by environmental
438# values, but should include all endpoints
439# required by this chart
440endpoints:
441 cluster_domain_suffix: cluster.local
442 local_image_registry:
443 name: docker-registry
444 namespace: docker-registry
445 hosts:
446 default: localhost
447 internal: docker-registry
448 node: localhost
449 host_fqdn_override:
450 default: null
451 port:
452 registry:
453 node: 5000
454 oci_image_registry:
455 name: oci-image-registry
456 namespace: oci-image-registry
457 auth:
458 enabled: false
459 ironic:
460 username: ironic
461 password: password
462 hosts:
463 default: localhost
464 host_fqdn_override:
465 default: null
466 port:
467 registry:
468 default: null
469 identity:
470 name: keystone
471 auth:
472 admin:
473 region_name: RegionOne
474 username: admin
475 password: password
476 project_name: admin
477 user_domain_name: default
478 project_domain_name: default
479 glance:
Oleksandr K.ae821ee2024-08-08 20:00:26 +0200480 role: admin,service
Mohammed Naser298f0272024-07-29 18:43:25 -0400481 region_name: RegionOne
482 username: glance
483 password: password
484 project_name: service
485 user_domain_name: service
486 project_domain_name: service
487 ironic:
488 role: admin,service
489 region_name: RegionOne
490 username: ironic
491 password: password
492 project_name: service
493 user_domain_name: service
494 project_domain_name: service
495 hosts:
496 default: keystone
497 internal: keystone-api
498 host_fqdn_override:
499 default: null
500 path:
501 default: /v3
502 scheme:
503 default: http
504 port:
505 api:
506 default: 80
507 internal: 5000
508 baremetal:
509 name: ironic
510 hosts:
511 default: ironic-api
512 public: ironic
513 host_fqdn_override:
514 default: null
515 path:
516 default: null
517 scheme:
518 default: http
519 port:
520 api:
521 default: 6385
522 public: 80
523 pxe_http:
524 default: 8080
525 image:
526 name: glance
527 hosts:
528 default: glance-api
529 public: glance
530 host_fqdn_override:
531 default: null
532 path:
533 default: null
534 scheme:
535 default: http
536 port:
537 api:
538 default: 9292
539 public: 80
540 oslo_db:
541 auth:
542 admin:
543 username: root
544 password: password
545 ironic:
546 username: ironic
547 password: password
548 hosts:
549 default: mariadb
550 host_fqdn_override:
551 default: null
552 path: /ironic
553 scheme: mysql+pymysql
554 port:
555 mysql:
556 default: 3306
557 oslo_cache:
558 auth:
559 # NOTE(portdirect): this is used to define the value for keystone
560 # authtoken cache encryption key, if not set it will be populated
561 # automatically with a random value, but to take advantage of
562 # this feature all services should be set to use the same key,
563 # and memcache service.
564 memcache_secret_key: null
565 hosts:
566 default: memcached
567 host_fqdn_override:
568 default: null
569 port:
570 memcache:
571 default: 11211
572 oslo_messaging:
573 auth:
574 admin:
575 username: rabbitmq
576 password: password
577 ironic:
578 username: ironic
579 password: password
580 statefulset:
581 replicas: 2
582 name: rabbitmq-rabbitmq
583 hosts:
584 default: rabbitmq
585 host_fqdn_override:
586 default: null
587 path: /ironic
588 scheme: rabbit
589 port:
590 amqp:
591 default: 5672
592 http:
593 default: 15672
594 network:
595 name: neutron
596 hosts:
597 default: neutron-server
598 public: neutron
599 host_fqdn_override:
600 default: null
601 path:
602 default: null
603 scheme:
604 default: 'http'
605 port:
606 api:
607 default: 9696
608 public: 80
609 object_store:
610 name: swift
611 namespace: ceph
612 auth:
613 glance:
614 tmpurlkey: supersecret
615 hosts:
616 default: ceph-rgw
617 host_fqdn_override:
618 default: null
619 path:
620 default: /swift/v1/KEY_$(tenant_id)s
621 scheme:
622 default: http
623 port:
624 api:
625 default: 8088
626 fluentd:
627 namespace: null
628 name: fluentd
629 hosts:
630 default: fluentd-logging
631 host_fqdn_override:
632 default: null
633 path:
634 default: null
635 scheme: 'http'
636 port:
637 service:
638 default: 24224
639 metrics:
640 default: 24220
641
642pod:
Dong Ma16a956a2025-02-10 13:28:41 +0000643 priorityClassName:
644 ironic_api: null
Dong Ma36b89222025-02-13 16:15:52 +0000645 ironic_conductor: null
646 bootstrap: null
Dong Ma16a956a2025-02-10 13:28:41 +0000647 db_sync: null
648 runtimeClassName:
649 ironic_api: null
Dong Ma36b89222025-02-13 16:15:52 +0000650 ironic_conductor: null
651 bootstrap: null
Dong Ma16a956a2025-02-10 13:28:41 +0000652 db_sync: null
Mohammed Naser298f0272024-07-29 18:43:25 -0400653 affinity:
654 anti:
655 type:
656 default: preferredDuringSchedulingIgnoredDuringExecution
657 topologyKey:
658 default: kubernetes.io/hostname
659 weight:
660 default: 10
661 tolerations:
662 ironic:
663 enabled: false
664 tolerations:
665 - key: node-role.kubernetes.io/master
666 operator: Exists
667 effect: NoSchedule
668 - key: node-role.kubernetes.io/control-plane
669 operator: Exists
670 effect: NoSchedule
671 mounts:
672 ironic_api:
673 init_container: null
674 ironic_api:
675 volumeMounts:
676 volumes:
677 ironic_conductor:
678 init_container: null
679 ironic_conductor:
680 volumeMounts:
681 volumes:
682 ironic_bootstrap:
683 init_container: null
684 ironic_bootstrap:
685 volumeMounts:
686 volumes:
687 ironic_db_sync:
688 ironic_db_sync:
689 volumeMounts:
690 volumes:
691 replicas:
692 api: 1
693 conductor: 1
694 lifecycle:
695 upgrades:
696 deployments:
697 revision_history: 3
698 pod_replacement_strategy: RollingUpdate
699 rolling_update:
700 max_unavailable: 1
701 max_surge: 3
702 disruption_budget:
703 api:
704 min_available: 0
705 termination_grace_period:
706 api:
707 timeout: 30
708 resources:
709 enabled: false
710 api:
711 requests:
712 memory: "128Mi"
713 cpu: "100m"
714 limits:
715 memory: "1024Mi"
716 cpu: "2000m"
717 conductor:
718 requests:
719 memory: "128Mi"
720 cpu: "100m"
721 limits:
722 memory: "1024Mi"
723 cpu: "2000m"
724 jobs:
725 bootstrap:
726 requests:
727 memory: "128Mi"
728 cpu: "100m"
729 limits:
730 memory: "1024Mi"
731 cpu: "2000m"
732 db_drop:
733 requests:
734 memory: "128Mi"
735 cpu: "100m"
736 limits:
737 memory: "1024Mi"
738 cpu: "2000m"
739 db_init:
740 requests:
741 memory: "128Mi"
742 cpu: "100m"
743 limits:
744 memory: "1024Mi"
745 cpu: "2000m"
746 db_sync:
747 requests:
748 memory: "128Mi"
749 cpu: "100m"
750 limits:
751 memory: "1024Mi"
752 cpu: "2000m"
753 ks_endpoints:
754 requests:
755 memory: "128Mi"
756 cpu: "100m"
757 limits:
758 memory: "1024Mi"
759 cpu: "2000m"
760 ks_service:
761 requests:
762 memory: "128Mi"
763 cpu: "100m"
764 limits:
765 memory: "1024Mi"
766 cpu: "2000m"
767 ks_user:
768 requests:
769 memory: "128Mi"
770 cpu: "100m"
771 limits:
772 memory: "1024Mi"
773 cpu: "2000m"
774 rabbit_init:
775 requests:
776 memory: "128Mi"
777 cpu: "100m"
778 limits:
779 memory: "1024Mi"
780 cpu: "2000m"
781 tests:
782 requests:
783 memory: "128Mi"
784 cpu: "100m"
785 limits:
786 memory: "1024Mi"
787 cpu: "2000m"
788 image_repo_sync:
789 requests:
790 memory: "128Mi"
791 cpu: "100m"
792 limits:
793 memory: "1024Mi"
794 cpu: "2000m"
Oleksandr K.ae821ee2024-08-08 20:00:26 +0200795 useHostNetwork:
796 conductor: true
797 useHostIPC:
798 conductor: true
Mohammed Naser298f0272024-07-29 18:43:25 -0400799
800network_policy:
801 ironic:
802 ingress:
803 - {}
804 egress:
805 - {}
806
807manifests:
808 configmap_bin: true
809 configmap_etc: true
810 deployment_api: true
811 ingress_api: true
812 job_bootstrap: true
813 job_db_drop: false
814 job_db_init: true
815 job_db_sync: true
816 job_image_repo_sync: true
817 job_ks_endpoints: true
818 job_ks_service: true
819 job_ks_user: true
820 job_manage_cleaning_network: true
821 job_rabbit_init: true
822 pdb_api: true
823 network_policy: false
824 secret_db: true
825 secret_keystone: true
826 secret_rabbitmq: true
827 secret_registry: true
828 service_api: true
829 service_ingress_api: true
830 statefulset_conductor: true
831...