Chapter 2. Bare Metal


The Bare metal service is capable of managing and provisioning physical machines. The configuration file of this module is /etc/ironic/ironic.conf.

2.1. Bare Metal Configuration Options

2.1.1. Description of Configuration Options

The following tables provide a comprehensive list of the Bare metal service configuration options.
Table 2.1. Description of agent configuration options
Configuration option = Default value
Description
[agent]
 
agent_api_version = v1
(String) API version to use for communicating with the ramdisk agent.
deploy_logs_collect = on_failure
(String) Whether Ironic should collect the deployment logs on deployment failure (on_failure), always or never.
deploy_logs_local_path = /var/log/ironic/deploy
(String) The path to the directory where the logs should be stored, used when the deploy_logs_storage_backend is configured to "local".
deploy_logs_storage_backend = local
(String) The name of the storage backend where the logs will be stored.
deploy_logs_swift_container = ironic_deploy_logs_container
(String) The name of the Swift container to store the logs, used when the deploy_logs_storage_backend is configured to "swift".
deploy_logs_swift_days_to_expire = 30
(Integer) Number of days before a log object is marked as expired in Swift. If None, the logs will be kept forever or until manually deleted. Used when the deploy_logs_storage_backend is configured to "swift".
manage_agent_boot = True
(Boolean) Whether Ironic will manage booting of the agent ramdisk. If set to False, you will need to configure your mechanism to allow booting the agent ramdisk.
memory_consumed_by_agent = 0
(Integer) The memory size in MiB consumed by agent when it is booted on a bare metal node. This is used for checking if the image can be downloaded and deployed on the bare metal node after booting agent ramdisk. This may be set according to the memory consumed by the agent ramdisk image.
post_deploy_get_power_state_retries = 6
(Integer) Number of times to retry getting power state to check if bare metal node has been powered off after a soft power off.
post_deploy_get_power_state_retry_interval = 5
(Integer) Amount of time (in seconds) to wait between polling power state after trigger soft poweroff.
stream_raw_images = True
(Boolean) Whether the agent ramdisk should stream raw images directly onto the disk or not. By streaming raw images directly onto the disk the agent ramdisk will not spend time copying the image to a tmpfs partition (therefore consuming less memory) prior to writing it to the disk. Unless the disk where the image will be copied to is really slow, this option should be set to True. Defaults to True.
Table 2.2. Description of AMT configuration options
Configuration option = Default value
Description
[amt]
 
action_wait = 10
(Integer) Amount of time (in seconds) to wait, before retrying an AMT operation
awake_interval = 60
(Integer) Time interval (in seconds) for successive awake call to AMT interface, this depends on the IdleTimeout setting on AMT interface. AMT Interface will go to sleep after 60 seconds of inactivity by default. IdleTimeout=0 means AMT will not go to sleep at all. Setting awake_interval=0 will disable awake call.
max_attempts = 3
(Integer) Maximum number of times to attempt an AMT operation, before failing
protocol = http
(String) Protocol used for AMT endpoint
Table 2.3. Description of API configuration options
Configuration option = Default value
Description
[api]
 
api_workers = None
(Integer) Number of workers for OpenStack Ironic API service. The default is equal to the number of CPUs available if that can be determined, else a default worker count of 1 is returned.
enable_ssl_api = False
(Boolean) Enable the integrated stand-alone API to service requests via HTTPS instead of HTTP. If there is a front-end service performing HTTPS offloading from the service, this option should be False; note, you will want to change public API endpoint to represent SSL termination URL with 'public_endpoint' option.
host_ip = 0.0.0.0
(String) The IP address on which ironic-api listens.
max_limit = 1000
(Integer) The maximum number of items returned in a single response from a collection resource.
port = 6385
(Port number) The TCP port on which ironic-api listens.
public_endpoint = None
(String) Public URL to use when building the links to the API resources (for example, "https://ironic.rocks:6384"). If None the links will be built using the request's host URL. If the API is operating behind a proxy, you will want to change this to represent the proxy's URL. Defaults to None.
ramdisk_heartbeat_timeout = 300
(Integer) Maximum interval (in seconds) for agent heartbeats.
restrict_lookup = True
(Boolean) Whether to restrict the lookup API to only nodes in certain states.
[oslo_middleware]
 
enable_proxy_headers_parsing = False
(Boolean) Whether the application is behind a proxy or not. This determines if the middleware should parse the headers or not.
max_request_body_size = 114688
(Integer) The maximum body size for each request, in bytes.
secure_proxy_ssl_header = X-Forwarded-Proto
(String) DEPRECATED: The HTTP Header that will be used to determine what the original request protocol scheme was, even if it was hidden by a SSL termination proxy.
[oslo_versionedobjects]
 
fatal_exception_format_errors = False
(Boolean) Make exception message format errors fatal
Table 2.4. Description of audit configuration options
Configuration option = Default value
Description
[audit]
 
audit_map_file = /etc/ironic/ironic_api_audit_map.conf
(String) Path to audit map file for ironic-api service. Used only when API audit is enabled.
enabled = False
(Boolean) Enable auditing of API requests (for ironic-api service).
ignore_req_list = None
(String) Comma separated list of Ironic REST API HTTP methods to be ignored during audit. For example: auditing will not be done on any GET or POST requests if this is set to "GET,POST". It is used only when API audit is enabled.
namespace = openstack
(String) namespace prefix for generated id
[audit_middleware_notifications]
 
driver = None
(String) The Driver to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop. If not specified, then value from oslo_messaging_notifications conf section is used.
topics = None
(List) List of AMQP topics used for OpenStack notifications. If not specified, then value from oslo_messaging_notifications conf section is used.
transport_url = None
(String) A URL representing messaging driver to use for notification. If not specified, we fall back to the same configuration used for RPC.
Table 2.5. Description of Cisco UCS configuration options
Configuration option = Default value
Description
[cimc]
 
action_interval = 10
(Integer) Amount of time in seconds to wait in between power operations
max_retry = 6
(Integer) Number of times a power operation needs to be retried
[cisco_ucs]
 
action_interval = 5
(Integer) Amount of time in seconds to wait in between power operations
max_retry = 6
(Integer) Number of times a power operation needs to be retried
Table 2.6. Description of common configuration options
Configuration option = Default value
Description
[DEFAULT]
 
bindir = /usr/local/bin
(String) Directory where ironic binaries are installed.
debug_tracebacks_in_api = False
(Boolean) Return server tracebacks in the API response for any error responses. WARNING: this is insecure and should not be used in a production environment.
default_network_interface = None
(String) Default network interface to be used for nodes that do not have network_interface field set. A complete list of network interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.network" entrypoint.
enabled_drivers = pxe_ipmitool
(List) Specify the list of drivers to load during service initialization. Missing drivers, or drivers which fail to initialize, will prevent the conductor service from starting. The option default is a recommended set of production-oriented drivers. A complete list of drivers present on your system may be found by enumerating the "ironic.drivers" entrypoint. An example may be found in the developer documentation online.
enabled_network_interfaces = flat, noop
(List) Specify the list of network interfaces to load during service initialization. Missing network interfaces, or network interfaces which fail to initialize, will prevent the conductor service from starting. The option default is a recommended set of production-oriented network interfaces. A complete list of network interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.network" entrypoint. This value must be the same on all ironic-conductor and ironic-api services, because it is used by ironic-api service to validate a new or updated node's network_interface value.
executor_thread_pool_size = 64
(Integer) Size of executor thread pool.
fatal_exception_format_errors = False
(Boolean) Used if there is a formatting error when generating an exception message (a programming error). If True, raise an exception; if False, use the unformatted message.
force_raw_images = True
(Boolean) If True, convert backing images to "raw" disk image format.
grub_config_template = $pybasedir/common/grub_conf.template
(String) Template file for grub configuration file.
hash_distribution_replicas = 1
(Integer) [Experimental Feature] Number of hosts to map onto each hash partition. Setting this to more than one will cause additional conductor services to prepare deployment environments and potentially allow the Ironic cluster to recover more quickly if a conductor instance is terminated.
hash_partition_exponent = 5
(Integer) Exponent to determine number of hash partitions to use when distributing load across conductors. Larger values will result in more even distribution of load and less load when rebalancing the ring, but more memory usage. Number of partitions per conductor is (2^hash_partition_exponent). This determines the granularity of rebalancing: given 10 hosts, and an exponent of the 2, there are 40 partitions in the ring.A few thousand partitions should make rebalancing smooth in most cases. The default is suitable for up to a few hundred conductors. Too many partitions has a CPU impact.
hash_ring_reset_interval = 180
(Integer) Interval (in seconds) between hash ring resets.
host = localhost
(String) Name of this node. This can be an opaque identifier. It is not necessarily a hostname, FQDN, or IP address. However, the node name must be valid within an AMQP key.
isolinux_bin = /usr/lib/syslinux/isolinux.bin
(String) Path to isolinux binary file.
isolinux_config_template = $pybasedir/common/isolinux_config.template
(String) Template file for isolinux configuration file.
my_ip = 127.0.0.1
(String) IP address of this host. If unset, will determine the IP programmatically. If unable to do so, will use "127.0.0.1".
notification_level = None
(String) Specifies the minimum level for which to send notifications. If not set, no notifications will be sent. The default is for this option to be unset.
parallel_image_downloads = False
(Boolean) Run image downloads and raw format conversions in parallel.
pybasedir = /usr/lib/python/site-packages/ironic/ironic
(String) Directory where the ironic python module is installed.
rootwrap_config = /etc/ironic/rootwrap.conf
(String) Path to the rootwrap configuration file to use for running commands as root.
state_path = $pybasedir
(String) Top-level directory for maintaining ironic's state.
tempdir = /tmp
(String) Temporary working directory, default is Python temp dir.
[ironic_lib]
 
fatal_exception_format_errors = False
(Boolean) Make exception message format errors fatal.
root_helper = sudo ironic-rootwrap /etc/ironic/rootwrap.conf
(String) Command that is prefixed to commands that are run as root. If not specified, no commands are run as root.
Table 2.7. Description of conductor configuration options
Configuration option = Default value
Description
[conductor]
 
api_url = None
(String) URL of Ironic API service. If not set ironic can get the current value from the keystone service catalog.
automated_clean = True
(Boolean) Enables or disables automated cleaning. Automated cleaning is a configurable set of steps, such as erasing disk drives, that are performed on the node to ensure it is in a baseline state and ready to be deployed to. This is done after instance deletion as well as during the transition from a "manageable" to "available" state. When enabled, the particular steps performed to clean a node depend on which driver that node is managed by; see the individual driver's documentation for details. NOTE: The introduction of the cleaning operation causes instance deletion to take significantly longer. In an environment where all tenants are trusted (eg, because there is only one tenant), this option could be safely disabled.
check_provision_state_interval = 60
(Integer) Interval between checks of provision timeouts, in seconds.
clean_callback_timeout = 1800
(Integer) Timeout (seconds) to wait for a callback from the ramdisk doing the cleaning. If the timeout is reached the node will be put in the "clean failed" provision state. Set to 0 to disable timeout.
configdrive_swift_container = ironic_configdrive_container
(String) Name of the Swift container to store config drive data. Used when configdrive_use_swift is True.
configdrive_use_swift = False
(Boolean) Whether to upload the config drive to Swift.
deploy_callback_timeout = 1800
(Integer) Timeout (seconds) to wait for a callback from a deploy ramdisk. Set to 0 to disable timeout.
force_power_state_during_sync = True
(Boolean) During sync_power_state, should the hardware power state be set to the state recorded in the database (True) or should the database be updated based on the hardware state (False).
heartbeat_interval = 10
(Integer) Seconds between conductor heart beats.
heartbeat_timeout = 60
(Integer) Maximum time (in seconds) since the last check-in of a conductor. A conductor is considered inactive when this time has been exceeded.
inspect_timeout = 1800
(Integer) Timeout (seconds) for waiting for node inspection. 0 - unlimited.
node_locked_retry_attempts = 3
(Integer) Number of attempts to grab a node lock.
node_locked_retry_interval = 1
(Integer) Seconds to sleep between node lock attempts.
periodic_max_workers = 8
(Integer) Maximum number of worker threads that can be started simultaneously by a periodic task. Should be less than RPC thread pool size.
power_state_sync_max_retries = 3
(Integer) During sync_power_state failures, limit the number of times Ironic should try syncing the hardware node power state with the node power state in DB
send_sensor_data = False
(Boolean) Enable sending sensor data message via the notification bus
send_sensor_data_interval = 600
(Integer) Seconds between conductor sending sensor data message to ceilometer via the notification bus.
send_sensor_data_types = ALL
(List) List of comma separated meter types which need to be sent to Ceilometer. The default value, "ALL", is a special value meaning send all the sensor data.
sync_local_state_interval = 180
(Integer) When conductors join or leave the cluster, existing conductors may need to update any persistent local state as nodes are moved around the cluster. This option controls how often, in seconds, each conductor will check for nodes that it should "take over". Set it to a negative value to disable the check entirely.
sync_power_state_interval = 60
(Integer) Interval between syncing the node power state to the database, in seconds.
workers_pool_size = 100
(Integer) The size of the workers greenthread pool. Note that 2 threads will be reserved by the conductor itself for handling heart beats and periodic tasks.
Table 2.8. Description of console configuration options
Configuration option = Default value
Description
[console]
 
subprocess_checking_interval = 1
(Integer) Time interval (in seconds) for checking the status of console subprocess.
subprocess_timeout = 10
(Integer) Time (in seconds) to wait for the console subprocess to start.
terminal = shellinaboxd
(String) Path to serial console terminal program. Used only by Shell In A Box console.
terminal_cert_dir = None
(String) Directory containing the terminal SSL cert (PEM) for serial console access. Used only by Shell In A Box console.
terminal_pid_dir = None
(String) Directory for holding terminal pid files. If not specified, the temporary directory will be used.
Table 2.9. Description of logging configuration options
Configuration option = Default value
Description
[DEFAULT]
 
pecan_debug = False
(Boolean) Enable pecan debug mode. WARNING: this is insecure and should not be used in a production environment.
Table 2.10. Description of deploy configuration options
Configuration option = Default value
Description
[deploy]
 
continue_if_disk_secure_erase_fails = False
(Boolean) Defines what to do if an ATA secure erase operation fails during cleaning in the Ironic Python Agent. If False, the cleaning operation will fail and the node will be put in clean failed state. If True, shred will be invoked and cleaning will continue.
erase_devices_metadata_priority = None
(Integer) Priority to run in-band clean step that erases metadata from devices, via the Ironic Python Agent ramdisk. If unset, will use the priority set in the ramdisk (defaults to 99 for the GenericHardwareManager). If set to 0, will not run during cleaning.
erase_devices_priority = None
(Integer) Priority to run in-band erase devices via the Ironic Python Agent ramdisk. If unset, will use the priority set in the ramdisk (defaults to 10 for the GenericHardwareManager). If set to 0, will not run during cleaning.
http_root = /httpboot
(String) ironic-conductor node's HTTP root path.
http_url = None
(String) ironic-conductor node's HTTP server URL. Example: http://192.1.2.3:8080
power_off_after_deploy_failure = True
(Boolean) Whether to power off a node after deploy failure. Defaults to True.
shred_final_overwrite_with_zeros = True
(Boolean) Whether to write zeros to a node's block devices after writing random data. This will write zeros to the device even when deploy.shred_random_overwrite_iterations is 0. This option is only used if a device could not be ATA Secure Erased. Defaults to True.
shred_random_overwrite_iterations = 1
(Integer) During shred, overwrite all block devices N times with random data. This is only used if a device could not be ATA Secure Erased. Defaults to 1.
Table 2.11. Description of DHCP configuration options
Configuration option = Default value
Description
[dhcp]
 
dhcp_provider = neutron
(String) DHCP provider to use. "neutron" uses Neutron, and "none" uses a no-op provider.
Table 2.12. Description of disk partitioner configuration options
Configuration option = Default value
Description
[disk_partitioner]
 
check_device_interval = 1
(Integer) After Ironic has completed creating the partition table, it continues to check for activity on the attached iSCSI device status at this interval prior to copying the image to the node, in seconds
check_device_max_retries = 20
(Integer) The maximum number of times to check that the device is not accessed by another process. If the device is still busy after that, the disk partitioning will be treated as having failed.
[disk_utils]
 
bios_boot_partition_size = 1
(Integer) Size of BIOS Boot partition in MiB when configuring GPT partitioned systems for local boot in BIOS.
dd_block_size = 1M
(String) Block size to use when writing to the nodes disk.
efi_system_partition_size = 200
(Integer) Size of EFI system partition in MiB when configuring UEFI systems for local boot.
iscsi_verify_attempts = 3
(Integer) Maximum attempts to verify an iSCSI connection is active, sleeping 1 second between attempts.
Table 2.13. Description of DRAC configuration options
Configuration option = Default value
Description
[drac]
 
query_raid_config_job_status_interval = 120
(Integer) Interval (in seconds) between periodic RAID job status checks to determine whether the asynchronous RAID configuration was successfully finished or not.
Table 2.14. Description of glance configuration options
Configuration option = Default value
Description
[glance]
 
allowed_direct_url_schemes =
(List) A list of URL schemes that can be downloaded directly via the direct_url. Currently supported schemes: [file].
auth_section = None
(Unknown) Config Section from which to load plugin specific options
auth_strategy = keystone
(String) Authentication strategy to use when connecting to glance.
auth_type = None
(Unknown) Authentication type to load
cafile = None
(String) PEM encoded Certificate Authority to use when verifying HTTPs connections.
certfile = None
(String) PEM encoded client certificate cert file
glance_api_insecure = False
(Boolean) Allow to perform insecure SSL (https) requests to glance.
glance_api_servers = None
(List) A list of the glance api servers available to ironic. Prefix with https:// for SSL-based glance API servers. Format is [hostname|IP]:port.
glance_cafile = None
(String) Optional path to a CA certificate bundle to be used to validate the SSL certificate served by glance. It is used when glance_api_insecure is set to False.
glance_host = $my_ip
(String) Default glance hostname or IP address.
glance_num_retries = 0
(Integer) Number of retries when downloading an image from glance.
glance_port = 9292
(Port number) Default glance port.
glance_protocol = http
(String) Default protocol to use when connecting to glance. Set to https for SSL.
insecure = False
(Boolean) Verify HTTPS connections.
keyfile = None
(String) PEM encoded client certificate key file
swift_account = None
(String) The account that Glance uses to communicate with Swift. The format is "AUTH_uuid". "uuid" is the UUID for the account configured in the glance-api.conf. Required for temporary URLs when Glance backend is Swift. For example: "AUTH_a422b2-91f3-2f46-74b7-d7c9e8958f5d30". Swift temporary URL format: "endpoint_url/api_version/[account/]container/object_id"
swift_api_version = v1
(String) The Swift API version to create a temporary URL for. Defaults to "v1". Swift temporary URL format: "endpoint_url/api_version/[account/]container/object_id"
swift_container = glance
(String) The Swift container Glance is configured to store its images in. Defaults to "glance", which is the default in glance-api.conf. Swift temporary URL format: "endpoint_url/api_version/[account/]container/object_id"
swift_endpoint_url = None
(String) The "endpoint" (scheme, hostname, optional port) for the Swift URL of the form "endpoint_url/api_version/[account/]container/object_id". Do not include trailing "/". For example, use "https://swift.example.com". If using RADOS Gateway, endpoint may also contain /swift path; if it does not, it will be appended. Required for temporary URLs.
swift_store_multiple_containers_seed = 0
(Integer) This should match a config by the same name in the Glance configuration file. When set to 0, a single-tenant store will only use one container to store all images. When set to an integer value between 1 and 32, a single-tenant store will use multiple containers to store images, and this value will determine how many containers are created.
swift_temp_url_cache_enabled = False
(Boolean) Whether to cache generated Swift temporary URLs. Setting it to true is only useful when an image caching proxy is used. Defaults to False.
swift_temp_url_duration = 1200
(Integer) The length of time in seconds that the temporary URL will be valid for. Defaults to 20 minutes. If some deploys get a 401 response code when trying to download from the temporary URL, try raising this duration. This value must be greater than or equal to the value for swift_temp_url_expected_download_start_delay
swift_temp_url_expected_download_start_delay = 0
(Integer) This is the delay (in seconds) from the time of the deploy request (when the Swift temporary URL is generated) to when the IPA ramdisk starts up and URL is used for the image download. This value is used to check if the Swift temporary URL duration is large enough to let the image download begin. Also if temporary URL caching is enabled this will determine if a cached entry will still be valid when the download starts. swift_temp_url_duration value must be greater than or equal to this option's value. Defaults to 0.
swift_temp_url_key = None
(String) The secret token given to Swift to allow temporary URL downloads. Required for temporary URLs.
temp_url_endpoint_type = swift
(String) Type of endpoint to use for temporary URLs. If the Glance backend is Swift, use "swift"; if it is CEPH with RADOS gateway, use "radosgw".
timeout = None
(Integer) Timeout value for http requests
Table 2.15. Description of iLO configuration options
Configuration option = Default value
Description
[ilo]
 
ca_file = None
(String) CA certificate file to validate iLO.
clean_priority_clear_secure_boot_keys = 0
(Integer) Priority for clear_secure_boot_keys clean step. This step is not enabled by default. It can be enabled to clear all secure boot keys enrolled with iLO.
clean_priority_erase_devices = None
(Integer) DEPRECATED: Priority for erase devices clean step. If unset, it defaults to 10. If set to 0, the step will be disabled and will not run during cleaning. This configuration option is duplicated by [deploy] erase_devices_priority, please use that instead.
clean_priority_reset_bios_to_default = 10
(Integer) Priority for reset_bios_to_default clean step.
clean_priority_reset_ilo = 0
(Integer) Priority for reset_ilo clean step.
clean_priority_reset_ilo_credential = 30
(Integer) Priority for reset_ilo_credential clean step. This step requires "ilo_change_password" parameter to be updated in nodes's driver_info with the new password.
clean_priority_reset_secure_boot_keys_to_default = 20
(Integer) Priority for reset_secure_boot_keys clean step. This step will reset the secure boot keys to manufacturing defaults.
client_port = 443
(Port number) Port to be used for iLO operations
client_timeout = 60
(Integer) Timeout (in seconds) for iLO operations
default_boot_mode = auto
(String) Default boot mode to be used in provisioning when "boot_mode" capability is not provided in the "properties/capabilities" of the node. The default is "auto" for backward compatibility. When "auto" is specified, default boot mode will be selected based on boot mode settings on the system.
power_retry = 6
(Integer) Number of times a power operation needs to be retried
power_wait = 2
(Integer) Amount of time in seconds to wait in between power operations
swift_ilo_container = ironic_ilo_container
(String) The Swift iLO container to store data.
swift_object_expiry_timeout = 900
(Integer) Amount of time in seconds for Swift objects to auto-expire.
use_web_server_for_images = False
(Boolean) Set this to True to use http web server to host floppy images and generated boot ISO. This requires http_root and http_url to be configured in the [deploy] section of the config file. If this is set to False, then Ironic will use Swift to host the floppy images and generated boot_iso.
Table 2.16. Description of inspector configuration options
Configuration option = Default value
Description
[inspector]
 
auth_section = None
(Unknown) Config Section from which to load plugin specific options
auth_type = None
(Unknown) Authentication type to load
cafile = None
(String) PEM encoded Certificate Authority to use when verifying HTTPs connections.
certfile = None
(String) PEM encoded client certificate cert file
enabled = False
(Boolean) whether to enable inspection using ironic-inspector
insecure = False
(Boolean) Verify HTTPS connections.
keyfile = None
(String) PEM encoded client certificate key file
service_url = None
(String) ironic-inspector HTTP endpoint. If this is not set, the service catalog will be used.
status_check_period = 60
(Integer) period (in seconds) to check status of nodes on inspection
timeout = None
(Integer) Timeout value for http requests
Table 2.17. Description of IPMI configuration options
Configuration option = Default value
Description
[ipmi]
 
min_command_interval = 5
(Integer) Minimum time, in seconds, between IPMI operations sent to a server. There is a risk with some hardware that setting this too low may cause the BMC to crash. Recommended setting is 5 seconds.
retry_timeout = 60
(Integer) Maximum time in seconds to retry IPMI operations. There is a tradeoff when setting this value. Setting this too low may cause older BMCs to crash and require a hard reset. However, setting too high can cause the sync power state periodic task to hang when there are slow or unresponsive BMCs.
Table 2.18. Description of iRMC configuration options
Configuration option = Default value
Description
[irmc]
 
auth_method = basic
(String) Authentication method to be used for iRMC operations
client_timeout = 60
(Integer) Timeout (in seconds) for iRMC operations
port = 443
(Port number) Port to be used for iRMC operations
remote_image_server = None
(String) IP of remote image server
remote_image_share_name = share
(String) share name of remote_image_server
remote_image_share_root = /remote_image_share_root
(String) Ironic conductor node's "NFS" or "CIFS" root path
remote_image_share_type = CIFS
(String) Share type of virtual media
remote_image_user_domain =
(String) Domain name of remote_image_user_name
remote_image_user_name = None
(String) User name of remote_image_server
remote_image_user_password = None
(String) Password of remote_image_user_name
sensor_method = ipmitool
(String) Sensor data retrieval method.
snmp_community = public
(String) SNMP community. Required for versions "v1" and "v2c"
snmp_port = 161
(Port number) SNMP port
snmp_security = None
(String) SNMP security name. Required for version "v3"
snmp_version = v2c
(String) SNMP protocol version
Table 2.19. Description of iSCSI configuration options
Configuration option = Default value
Description
[iscsi]
 
portal_port = 3260
(Port number) The port number on which the iSCSI portal listens for incoming connections.
Table 2.20. Description of keystone configuration options
Configuration option = Default value
Description
[keystone]
 
region_name = None
(String) The region used for getting endpoints of OpenStack services.
Table 2.21. Description of metrics statsd configuration options
Configuration option = Default value
Description
[metrics_statsd]
 
agent_statsd_host = localhost
(String) Host for the agent ramdisk to use with the statsd backend. This must be accessible from networks the agent is booted on.
agent_statsd_port = 8125
(Port number) Port for the agent ramdisk to use with the statsd backend.
statsd_host = localhost
(String) Host for use with the statsd backend.
statsd_port = 8125
(Port number) Port to use with the statsd backend.
Table 2.22. Description of metrics configuration options specific to statsd backend
Configuration option = Default value
Description
[metrics]
 
agent_backend = noop
(String) Backend for the agent ramdisk to use for metrics. Default possible backends are "noop" and "statsd".
agent_global_prefix = None
(String) Prefix all metric names sent by the agent ramdisk with this value. The format of metric names is [global_prefix.][uuid.][host_name.]prefix.metric_name.
agent_prepend_host = False
(Boolean) Prepend the hostname to all metric names sent by the agent ramdisk. The format of metric names is [global_prefix.][uuid.][host_name.]prefix.metric_name.
agent_prepend_host_reverse = True
(Boolean) Split the prepended host value by "." and reverse it for metrics sent by the agent ramdisk (to better match the reverse hierarchical form of domain names).
agent_prepend_uuid = False
(Boolean) Prepend the node's Ironic uuid to all metric names sent by the agent ramdisk. The format of metric names is [global_prefix.][uuid.][host_name.]prefix.metric_name.
backend = noop
(String) Backend to use for the metrics system.
global_prefix = None
(String) Prefix all metric names with this value. By default, there is no global prefix. The format of metric names is [global_prefix.][host_name.]prefix.metric_name.
prepend_host = False
(Boolean) Prepend the hostname to all metric names. The format of metric names is [global_prefix.][host_name.]prefix.metric_name.
prepend_host_reverse = True
(Boolean) Split the prepended host value by "." and reverse it (to better match the reverse hierarchical form of domain names).
Table 2.23. Description of neutron configuration options
Configuration option = Default value
Description
[neutron]
 
auth_section = None
(Unknown) Config Section from which to load plugin specific options
auth_strategy = keystone
(String) Authentication strategy to use when connecting to neutron. Running neutron in noauth mode (related to but not affected by this setting) is insecure and should only be used for testing.
auth_type = None
(Unknown) Authentication type to load
cafile = None
(String) PEM encoded Certificate Authority to use when verifying HTTPs connections.
certfile = None
(String) PEM encoded client certificate cert file
cleaning_network_uuid = None
(String) Neutron network UUID for the ramdisk to be booted into for cleaning nodes. Required for "neutron" network interface. It is also required if cleaning nodes when using "flat" network interface or "neutron" DHCP provider.
insecure = False
(Boolean) Verify HTTPS connections.
keyfile = None
(String) PEM encoded client certificate key file
port_setup_delay = 0
(Integer) Delay value to wait for Neutron agents to setup sufficient DHCP configuration for port.
provisioning_network_uuid = None
(String) Neutron network UUID for the ramdisk to be booted into for provisioning nodes. Required for "neutron" network interface.
retries = 3
(Integer) Client retries in the case of a failed request.
timeout = None
(Integer) Timeout value for http requests
url = None
(String) URL for connecting to neutron. Default value translates to 'http://$my_ip:9696' when auth_strategy is 'noauth', and to discovery from Keystone catalog when auth_strategy is 'keystone'.
url_timeout = 30
(Integer) Timeout value for connecting to neutron in seconds.
Table 2.24. Description of OneView configuration options
Configuration option = Default value
Description
[oneview]
 
allow_insecure_connections = False
(Boolean) Option to allow insecure connection with OneView.
enable_periodic_tasks = True
(Boolean) Whether to enable the periodic tasks for OneView driver be aware when OneView hardware resources are taken and released by Ironic or OneView users and proactively manage nodes in clean fail state according to Dynamic Allocation model of hardware resources allocation in OneView.
manager_url = None
(String) URL where OneView is available.
max_polling_attempts = 12
(Integer) Max connection retries to check changes on OneView.
password = None
(String) OneView password to be used.
periodic_check_interval = 300
(Integer) Period (in seconds) for periodic tasks to be executed when enable_periodic_tasks=True.
tls_cacert_file = None
(String) Path to CA certificate.
username = None
(String) OneView username to be used.
Table 2.25. Description of PXE configuration options
Configuration option = Default value
Description
[pxe]
 
default_ephemeral_format = ext4
(String) Default file system format for ephemeral partition, if one is created.
image_cache_size = 20480
(Integer) Maximum size (in MiB) of cache for master images, including those in use.
image_cache_ttl = 10080
(Integer) Maximum TTL (in minutes) for old master images in cache.
images_path = /var/lib/ironic/images/
(String) On the ironic-conductor node, directory where images are stored on disk.
instance_master_path = /var/lib/ironic/master_images
(String) On the ironic-conductor node, directory where master instance images are stored on disk. Setting to <None> disables image caching.
ip_version = 4
(String) The IP version that will be used for PXE booting. Defaults to 4. EXPERIMENTAL
ipxe_boot_script = $pybasedir/drivers/modules/boot.ipxe
(String) On ironic-conductor node, the path to the main iPXE script file.
ipxe_enabled = False
(Boolean) Enable iPXE boot.
ipxe_timeout = 0
(Integer) Timeout value (in seconds) for downloading an image via iPXE. Defaults to 0 (no timeout)
ipxe_use_swift = False
(Boolean) Download deploy images directly from swift using temporary URLs. If set to false (default), images are downloaded to the ironic-conductor node and served over its local HTTP server. Applicable only when 'ipxe_enabled' option is set to true.
pxe_append_params = nofb nomodeset vga=normal
(String) Additional append parameters for baremetal PXE boot.
pxe_bootfile_name = pxelinux.0
(String) Bootfile DHCP parameter.
pxe_config_template = $pybasedir/drivers/modules/pxe_config.template
(String) On ironic-conductor node, template file for PXE configuration.
tftp_master_path = /tftpboot/master_images
(String) On ironic-conductor node, directory where master TFTP images are stored on disk. Setting to <None> disables image caching.
tftp_root = /tftpboot
(String) ironic-conductor node's TFTP root path. The ironic-conductor must have read/write access to this path.
tftp_server = $my_ip
(String) IP address of ironic-conductor node's TFTP server.
uefi_pxe_bootfile_name = bootx64.efi
(String) Bootfile DHCP parameter for UEFI boot mode.
uefi_pxe_config_template = $pybasedir/drivers/modules/pxe_grub_config.template
(String) On ironic-conductor node, template file for PXE configuration for UEFI boot loader.
Table 2.26. Description of Redis configuration options
Configuration option = Default value
Description
[matchmaker_redis]
 
check_timeout = 20000
(Integer) Time in ms to wait before the transaction is killed.
host = 127.0.0.1
(String) DEPRECATED: Host to locate redis. Replaced by [DEFAULT]/transport_url
password =
(String) DEPRECATED: Password for Redis server (optional). Replaced by [DEFAULT]/transport_url
port = 6379
(Port number) DEPRECATED: Use this port to connect to redis host. Replaced by [DEFAULT]/transport_url
sentinel_hosts =
(List) DEPRECATED: List of Redis Sentinel hosts (fault tolerance mode) e.g. [host:port, host1:port ... ] Replaced by [DEFAULT]/transport_url
socket_timeout = 10000
(Integer) Timeout in ms on blocking socket operations
wait_timeout = 2000
(Integer) Time in ms to wait between connection attempts.
Table 2.27. Description of SeaMicro configuration options
Configuration option = Default value
Description
[seamicro]
 
action_timeout = 10
(Integer) Seconds to wait for power action to be completed
max_retry = 3
(Integer) Maximum retries for SeaMicro operations
Table 2.28. Description of service catalog configuration options
Configuration option = Default value
Description
[service_catalog]
 
auth_section = None
(Unknown) Config Section from which to load plugin specific options
auth_type = None
(Unknown) Authentication type to load
cafile = None
(String) PEM encoded Certificate Authority to use when verifying HTTPs connections.
certfile = None
(String) PEM encoded client certificate cert file
insecure = False
(Boolean) Verify HTTPS connections.
keyfile = None
(String) PEM encoded client certificate key file
timeout = None
(Integer) Timeout value for http requests
Table 2.29. Description of SNMP configuration options
Configuration option = Default value
Description
[snmp]
 
power_timeout = 10
(Integer) Seconds to wait for power action to be completed
reboot_delay = 0
(Integer) Time (in seconds) to sleep between when rebooting (powering off and on again)
Table 2.30. Description of SSH configuration options
Configuration option = Default value
Description
[ssh]
 
get_vm_name_attempts = 3
(Integer) Number of attempts to try to get VM name used by the host that corresponds to a node's MAC address.
get_vm_name_retry_interval = 3
(Integer) Number of seconds to wait between attempts to get VM name used by the host that corresponds to a node's MAC address.
libvirt_uri = qemu:///system
(String) libvirt URI.
Table 2.31. Description of swift configuration options
Configuration option = Default value
Description
[swift]
 
auth_section = None
(Unknown) Config Section from which to load plugin specific options
auth_type = None
(Unknown) Authentication type to load
cafile = None
(String) PEM encoded Certificate Authority to use when verifying HTTPs connections.
certfile = None
(String) PEM encoded client certificate cert file
insecure = False
(Boolean) Verify HTTPS connections.
keyfile = None
(String) PEM encoded client certificate key file
swift_max_retries = 2
(Integer) Maximum number of times to retry a Swift request, before failing.
timeout = None
(Integer) Timeout value for http requests
Table 2.32. Description of VirtualBox configuration options
Configuration option = Default value
Description
[virtualbox]
 
port = 18083
(Port number) Port on which VirtualBox web service is listening.

2.1.2. New, Updated, and Deprecated Options in Newton for Bare Metal Service

Table 2.33. New options
Option = default value
(Type) Help string
[DEFAULT] default_network_interface = None
(StrOpt) Default network interface to be used for nodes that do not have network_interface field set. A complete list of network interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.network" entrypoint.
[DEFAULT] enabled_network_interfaces = flat, noop
(ListOpt) Specify the list of network interfaces to load during service initialization. Missing network interfaces, or network interfaces which fail to initialize, will prevent the conductor service from starting. The option default is a recommended set of production-oriented network interfaces. A complete list of network interfaces present on your system may be found by enumerating the "ironic.hardware.interfaces.network" entrypoint. This value must be the same on all ironic-conductor and ironic-api services, because it is used by ironic-api service to validate a new or updated node's network_interface value.
[DEFAULT] notification_level = None
(StrOpt) Specifies the minimum level for which to send notifications. If not set, no notifications will be sent. The default is for this option to be unset.
[agent] deploy_logs_collect = on_failure
(StrOpt) Whether Ironic should collect the deployment logs on deployment failure (on_failure), always or never.
[agent] deploy_logs_local_path = /var/log/ironic/deploy
(StrOpt) The path to the directory where the logs should be stored, used when the deploy_logs_storage_backend is configured to "local".
[agent] deploy_logs_storage_backend = local
(StrOpt) The name of the storage backend where the logs will be stored.
[agent] deploy_logs_swift_container = ironic_deploy_logs_container
(StrOpt) The name of the Swift container to store the logs, used when the deploy_logs_storage_backend is configured to "swift".
[agent] deploy_logs_swift_days_to_expire = 30
(IntOpt) Number of days before a log object is marked as expired in Swift. If None, the logs will be kept forever or until manually deleted. Used when the deploy_logs_storage_backend is configured to "swift".
[api] ramdisk_heartbeat_timeout = 300
(IntOpt) Maximum interval (in seconds) for agent heartbeats.
[api] restrict_lookup = True
(BoolOpt) Whether to restrict the lookup API to only nodes in certain states.
[audit] audit_map_file = /etc/ironic/ironic_api_audit_map.conf
(StrOpt) Path to audit map file for ironic-api service. Used only when API audit is enabled.
[audit] enabled = False
(BoolOpt) Enable auditing of API requests (for ironic-api service).
[audit] ignore_req_list = None
(StrOpt) Comma separated list of Ironic REST API HTTP methods to be ignored during audit. For example: auditing will not be done on any GET or POST requests if this is set to "GET,POST". It is used only when API audit is enabled.
[audit] namespace = openstack
(StrOpt) namespace prefix for generated id
[audit_middleware_notifications] driver = None
(StrOpt) The Driver to handle sending notifications. Possible values are messaging, messagingv2, routing, log, test, noop. If not specified, then value from oslo_messaging_notifications conf section is used.
[audit_middleware_notifications] topics = None
(ListOpt) List of AMQP topics used for OpenStack notifications. If not specified, then value from oslo_messaging_notifications conf section is used.
[audit_middleware_notifications] transport_url = None
(StrOpt) A URL representing messaging driver to use for notification. If not specified, we fall back to the same configuration used for RPC.
[deploy] continue_if_disk_secure_erase_fails = False
(BoolOpt) Defines what to do if an ATA secure erase operation fails during cleaning in the Ironic Python Agent. If False, the cleaning operation will fail and the node will be put in clean failed state. If True, shred will be invoked and cleaning will continue.
[deploy] erase_devices_metadata_priority = None
(IntOpt) Priority to run in-band clean step that erases metadata from devices, via the Ironic Python Agent ramdisk. If unset, will use the priority set in the ramdisk (defaults to 99 for the GenericHardwareManager). If set to 0, will not run during cleaning.
[deploy] power_off_after_deploy_failure = True
(BoolOpt) Whether to power off a node after deploy failure. Defaults to True.
[deploy] shred_final_overwrite_with_zeros = True
(BoolOpt) Whether to write zeros to a node's block devices after writing random data. This will write zeros to the device even when deploy.shred_random_overwrite_iterations is 0. This option is only used if a device could not be ATA Secure Erased. Defaults to True.
[deploy] shred_random_overwrite_iterations = 1
(IntOpt) During shred, overwrite all block devices N times with random data. This is only used if a device could not be ATA Secure Erased. Defaults to 1.
[drac] query_raid_config_job_status_interval = 120
(IntOpt) Interval (in seconds) between periodic RAID job status checks to determine whether the asynchronous RAID configuration was successfully finished or not.
[glance] auth_section = None
(Opt) Config Section from which to load plugin specific options
[glance] auth_type = None
(Opt) Authentication type to load
[glance] cafile = None
(StrOpt) PEM encoded Certificate Authority to use when verifying HTTPs connections.
[glance] certfile = None
(StrOpt) PEM encoded client certificate cert file
[glance] insecure = False
(BoolOpt) Verify HTTPS connections.
[glance] keyfile = None
(StrOpt) PEM encoded client certificate key file
[glance] timeout = None
(IntOpt) Timeout value for http requests
[ilo] ca_file = None
(StrOpt) CA certificate file to validate iLO.
[ilo] default_boot_mode = auto
(StrOpt) Default boot mode to be used in provisioning when "boot_mode" capability is not provided in the "properties/capabilities" of the node. The default is "auto" for backward compatibility. When "auto" is specified, default boot mode will be selected based on boot mode settings on the system.
[inspector] auth_section = None
(Opt) Config Section from which to load plugin specific options
[inspector] auth_type = None
(Opt) Authentication type to load
[inspector] cafile = None
(StrOpt) PEM encoded Certificate Authority to use when verifying HTTPs connections.
[inspector] certfile = None
(StrOpt) PEM encoded client certificate cert file
[inspector] insecure = False
(BoolOpt) Verify HTTPS connections.
[inspector] keyfile = None
(StrOpt) PEM encoded client certificate key file
[inspector] timeout = None
(IntOpt) Timeout value for http requests
[iscsi] portal_port = 3260
(PortOpt) The port number on which the iSCSI portal listens for incoming connections.
[metrics] agent_backend = noop
(StrOpt) Backend for the agent ramdisk to use for metrics. Default possible backends are "noop" and "statsd".
[metrics] agent_global_prefix = None
(StrOpt) Prefix all metric names sent by the agent ramdisk with this value. The format of metric names is [global_prefix.][uuid.][host_name.]prefix.metric_name.
[metrics] agent_prepend_host = False
(BoolOpt) Prepend the hostname to all metric names sent by the agent ramdisk. The format of metric names is [global_prefix.][uuid.][host_name.]prefix.metric_name.
[metrics] agent_prepend_host_reverse = True
(BoolOpt) Split the prepended host value by "." and reverse it for metrics sent by the agent ramdisk (to better match the reverse hierarchical form of domain names).
[metrics] agent_prepend_uuid = False
(BoolOpt) Prepend the node's Ironic uuid to all metric names sent by the agent ramdisk. The format of metric names is [global_prefix.][uuid.][host_name.]prefix.metric_name.
[metrics] backend = noop
(StrOpt) Backend to use for the metrics system.
[metrics] global_prefix = None
(StrOpt) Prefix all metric names with this value. By default, there is no global prefix. The format of metric names is [global_prefix.][host_name.]prefix.metric_name.
[metrics] prepend_host = False
(BoolOpt) Prepend the hostname to all metric names. The format of metric names is [global_prefix.][host_name.]prefix.metric_name.
[metrics] prepend_host_reverse = True
(BoolOpt) Split the prepended host value by "." and reverse it (to better match the reverse hierarchical form of domain names).
[metrics_statsd] agent_statsd_host = localhost
(StrOpt) Host for the agent ramdisk to use with the statsd backend. This must be accessible from networks the agent is booted on.
[metrics_statsd] agent_statsd_port = 8125
(PortOpt) Port for the agent ramdisk to use with the statsd backend.
[metrics_statsd] statsd_host = localhost
(StrOpt) Host for use with the statsd backend.
[metrics_statsd] statsd_port = 8125
(PortOpt) Port to use with the statsd backend.
[neutron] auth_section = None
(Opt) Config Section from which to load plugin specific options
[neutron] auth_type = None
(Opt) Authentication type to load
[neutron] cafile = None
(StrOpt) PEM encoded Certificate Authority to use when verifying HTTPs connections.
[neutron] certfile = None
(StrOpt) PEM encoded client certificate cert file
[neutron] insecure = False
(BoolOpt) Verify HTTPS connections.
[neutron] keyfile = None
(StrOpt) PEM encoded client certificate key file
[neutron] port_setup_delay = 0
(IntOpt) Delay value to wait for Neutron agents to setup sufficient DHCP configuration for port.
[neutron] provisioning_network_uuid = None
(StrOpt) Neutron network UUID for the ramdisk to be booted into for provisioning nodes. Required for "neutron" network interface.
[neutron] timeout = None
(IntOpt) Timeout value for http requests
[oneview] enable_periodic_tasks = True
(BoolOpt) Whether to enable the periodic tasks for OneView driver be aware when OneView hardware resources are taken and released by Ironic or OneView users and proactively manage nodes in clean fail state according to Dynamic Allocation model of hardware resources allocation in OneView.
[oneview] periodic_check_interval = 300
(IntOpt) Period (in seconds) for periodic tasks to be executed when enable_periodic_tasks=True.
[pxe] ipxe_use_swift = False
(BoolOpt) Download deploy images directly from swift using temporary URLs. If set to false (default), images are downloaded to the ironic-conductor node and served over its local HTTP server. Applicable only when 'ipxe_enabled' option is set to true.
[service_catalog] auth_section = None
(Opt) Config Section from which to load plugin specific options
[service_catalog] auth_type = None
(Opt) Authentication type to load
[service_catalog] cafile = None
(StrOpt) PEM encoded Certificate Authority to use when verifying HTTPs connections.
[service_catalog] certfile = None
(StrOpt) PEM encoded client certificate cert file
[service_catalog] insecure = False
(BoolOpt) Verify HTTPS connections.
[service_catalog] keyfile = None
(StrOpt) PEM encoded client certificate key file
[service_catalog] timeout = None
(IntOpt) Timeout value for http requests
[swift] auth_section = None
(Opt) Config Section from which to load plugin specific options
[swift] auth_type = None
(Opt) Authentication type to load
[swift] cafile = None
(StrOpt) PEM encoded Certificate Authority to use when verifying HTTPs connections.
[swift] certfile = None
(StrOpt) PEM encoded client certificate cert file
[swift] insecure = False
(BoolOpt) Verify HTTPS connections.
[swift] keyfile = None
(StrOpt) PEM encoded client certificate key file
[swift] timeout = None
(IntOpt) Timeout value for http requests
Table 2.34. New default values
Option
Previous default value
New default value
[neutron] url
http://$my_ip:9696
None
[pxe] uefi_pxe_bootfile_name
elilo.efi
bootx64.efi
[pxe] uefi_pxe_config_template
$pybasedir/drivers/modules/elilo_efi_pxe_config.template
$pybasedir/drivers/modules/pxe_grub_config.template
Table 2.35. Deprecated options
Deprecated option
New Option
[DEFAULT] use_syslog
None
[agent] heartbeat_timeout
[api] ramdisk_heartbeat_timeout
[deploy] erase_devices_iterations
[deploy] shred_random_overwrite_iterations
[keystone_authtoken] cafile
[glance] cafile
[keystone_authtoken] cafile
[neutron] cafile
[keystone_authtoken] cafile
[service_catalog] cafile
[keystone_authtoken] cafile
[swift] cafile
[keystone_authtoken] cafile
[inspector] cafile
[keystone_authtoken] certfile
[service_catalog] certfile
[keystone_authtoken] certfile
[neutron] certfile
[keystone_authtoken] certfile
[glance] certfile
[keystone_authtoken] certfile
[inspector] certfile
[keystone_authtoken] certfile
[swift] certfile
[keystone_authtoken] insecure
[glance] insecure
[keystone_authtoken] insecure
[inspector] insecure
[keystone_authtoken] insecure
[swift] insecure
[keystone_authtoken] insecure
[service_catalog] insecure
[keystone_authtoken] insecure
[neutron] insecure
[keystone_authtoken] keyfile
[inspector] keyfile
[keystone_authtoken] keyfile
[swift] keyfile
[keystone_authtoken] keyfile
[neutron] keyfile
[keystone_authtoken] keyfile
[glance] keyfile
[keystone_authtoken] keyfile
[service_catalog] keyfile
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.