Factory/ironic-image/ironic-inspector.conf.j2

[DEFAULT]
auth_strategy = noauth
debug = true
transport_url = fake://
use_stderr = true
{% if env.INSPECTOR_REVERSE_PROXY_SETUP == "true" %}
{% if env.IRONIC_INSPECTOR_PRIVATE_PORT == "unix" %}
listen_unix_socket = /shared/inspector.sock
# NOTE(dtantsur): this is not ideal, but since the socket is accessed from
# another container, we need to make it world-writeable.
listen_unix_socket_mode = 0666
{% else %}
listen_port = {{ env.IRONIC_INSPECTOR_PRIVATE_PORT }}
listen_address = 127.0.0.1
{% endif %}
{% elif env.LISTEN_ALL_INTERFACES | lower == "true" %}
listen_port = {{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
listen_address = ::
{% else %}
listen_port = {{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
listen_address = {{ env.IRONIC_IP }}
{% endif %}
host = {{ env.IRONIC_IP }}
{% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" and env.INSPECTOR_REVERSE_PROXY_SETUP == "false" %}
use_ssl = true
{% endif %}

[database]
connection = sqlite:////var/lib/ironic-inspector/ironic-inspector.db

{% if env.IRONIC_INSPECTOR_ENABLE_DISCOVERY == "true" %}
[discovery]
enroll_node_driver = ipmi
{% endif %}

[ironic]
auth_type = none
endpoint_override = {{ env.IRONIC_BASE_URL }}
{% if env.IRONIC_TLS_SETUP == "true" %}
cafile = {{ env.IRONIC_CACERT_FILE }}
insecure = {{ env.IRONIC_INSECURE }}
{% endif %}

[processing]
add_ports = all
always_store_ramdisk_logs = true
keep_ports = present
{% if env.IRONIC_INSPECTOR_ENABLE_DISCOVERY == "true" %}
node_not_found_hook = enroll
{% endif %}
permit_active_introspection = true
power_off = false
processing_hooks = $default_processing_hooks,lldp_basic
ramdisk_logs_dir = /shared/log/ironic-inspector/ramdisk
store_data = database

[pxe_filter]
driver = noop

[service_catalog]
auth_type = none
endpoint_override = {{ env.IRONIC_INSPECTOR_BASE_URL }}

{% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" and env.INSPECTOR_REVERSE_PROXY_SETUP == "false" %}
[ssl]
cert_file = {{ env.IRONIC_INSPECTOR_CERT_FILE }}
key_file = {{ env.IRONIC_INSPECTOR_KEY_FILE }}
{% endif %}