[DEFAULT]
enabled_hardware_types=ipmi,idrac,irmc,fake-hardware,redfish,manual-management,ilo,ilo5
enabled_bios_interfaces=no-bios,redfish,idrac-redfish,irmc,ilo
enabled_boot_interfaces=ipxe,ilo-ipxe,pxe,ilo-pxe,fake,redfish-virtual-media,idrac-redfish-virtual-media,ilo-virtual-media
enabled_console_interfaces=ipmitool-socat,ilo,no-console,fake
enabled_deploy_interfaces=direct,fake,ramdisk,custom-agent
default_deploy_interface=direct
enabled_inspect_interfaces=inspector,no-inspect,irmc,fake,redfish,ilo
default_inspect_interface=inspector
enabled_management_interfaces=ipmitool,irmc,fake,redfish,idrac-redfish,ilo,ilo5,noop
enabled_network_interfaces=flat,neutron,noop
enabled_power_interfaces=ipmitool,irmc,fake,redfish,idrac-redfish,ilo
enabled_raid_interfaces=no-raid,irmc,agent,fake,ilo5
enabled_rescue_interfaces=no-rescue,agent
default_rescue_interface=agent
enabled_storage_interfaces=noop,fake
enabled_vendor_interfaces=no-vendor,ipmitool,idrac-redfish,redfish,ilo,fake
# This is a knob to allow service role users from the service project
# to have "elevated" API access to see the whole of the API surface.
# https://review.opendev.org/c/openstack/ironic/+/907269
rbac_service_role_elevated_access=true



default_resource_class=baremetal
hash_ring_algorithm=sha256
rpc_transport = oslo
transport_url = **********

use_stderr=false
log_file=/dev/stdout
tempdir=/var/lib/ironic/tmp

auth_strategy=keystone

grub_config_path=EFI/BOOT/grub.cfg
isolinux_bin=/usr/share/syslinux/isolinux.bin


[agent]
deploy_logs_local_path=/var/lib/ironic/ramdisk-logs


[keystone_authtoken]
project_domain_name=Default
user_domain_name=Default
project_name=service
username=**********
password = **********
www_authenticate_uri=https://keystone-public-openstack.apps.ocp.openstack.lab
auth_url=https://keystone-internal.openstack.svc:5000
auth_type=password
# This is part of hardening related to CVE-2023-2088
# https://docs.openstack.org/nova/latest/configuration/config.html#keystone_authtoken.service_token_roles_required
# when enabled the service token user must have the service role to be considered valid.
service_token_roles_required = true

[service_catalog]
auth_type=password
auth_url=https://keystone-internal.openstack.svc:5000
username=**********
password = **********
user_domain_name=Default
project_name=service
project_domain_name=Default

[cinder]
auth_type=password
auth_url=https://keystone-internal.openstack.svc:5000
username=**********
password = **********
user_domain_name=Default
project_name=service
project_domain_name=Default

[glance]
auth_type=password
auth_url=https://keystone-internal.openstack.svc:5000
username=**********
password = **********
user_domain_name=Default
project_name=service
project_domain_name=Default

[neutron]
auth_type=password
auth_url=https://keystone-internal.openstack.svc:5000
username=**********
password = **********
user_domain_name=Default
project_name=service
project_domain_name=Default

[nova]
auth_type=password
auth_url=https://keystone-internal.openstack.svc:5000
username=**********
password = **********
user_domain_name=Default
project_name=service
project_domain_name=Default

[swift]
auth_type=password
auth_url=https://keystone-internal.openstack.svc:5000
username=**********
password = **********
user_domain_name=Default
project_name=service
project_domain_name=Default

[inspector]
auth_type=password
auth_url=https://keystone-internal.openstack.svc:5000
username=**********
password = **********
user_domain_name=Default
project_name=service
project_domain_name=Default

[oslo_policy]
enforce_scope=True
enforce_new_defaults=True


[database]
connection=**********
max_retries=-1
db_max_retries=-1

[deploy]
http_root=/var/lib/ironic/httpboot
erase_devices_priority=0
erase_devices_metadata_priority=10

[json_rpc]
auth_strategy=noauth

[pxe]
tftp_root=/var/lib/ironic/tftpboot
tftp_master_path=/var/lib/ironic/tftpboot/master_images
uefi_pxe_bootfile_name=shimx64.efi
ipxe_timeout=60

[redfish]
use_swift=false

[oslo_middleware]
enable_proxy_headers_parsing=true


[oslo_messaging_rabbit]
rabbit_quorum_queue=true
rabbit_transient_quorum_queue=true
amqp_durable_queues=true