Imtiaz Chowdhury 987e0e1338 Making gpgcheck configurable for RDO repo
Currently, gpgcheck flag is not configurable and is always enabled by
default. For certain use cases, for example, using these cookbooks in
production where internet access is restricted, we need to disable
gpgcheck.

This commit makes the gpgcheck configurable so that users can override
it if needed.

Change-Id: I10620f2d5adc240fda6273680638d0429260b9cc
Related-Bug: #1417119
2015-02-02 06:43:18 -08:00

644 lines
31 KiB
Ruby

# encoding: UTF-8
#
# Cookbook Name:: openstack-common
# Attributes:: default
#
# Copyright 2012-2013, AT&T Services, Inc.
# Copyright 2013-2014, SUSE Linux GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Set to some text value if you want templated config files
# to contain a custom banner at the top of the written file
default['openstack']['common']['custom_template_banner'] = '
# This file autogenerated by Chef
# Do not edit, changes will be overwritten
'
# Setting this to True means that database passwords and service user
# passwords for Keystone will be easy-to-remember values -- they will be
# the same value as the key. For instance, if a cookbook calls the
# ::Openstack::secret routine like so:
#
# pass = secret "passwords", "nova"
#
# The value of pass will be "nova"
#
# This attribute is now DEPRECATED and will be removed. Use the default
# attributes below instead.
default['openstack']['developer_mode'] = false
# Use data bags for storing passwords
# Set this to false in order to get the passwords from attributes like:
# node['openstack']['secret'][key][type]
default['openstack']['use_databags'] = true
# Set databag type
# acceptable values 'encrypted', 'standard', 'vault'
# Set this to 'standard' in order to use regular databags.
# this is not recommended for anything other than dev/CI
# type environments. Storing real secrets in plaintext = craycray.
# In addition to the encrypted data_bags which are an included
# feature of the official chef project, you can use 'vault' to
# encrypt your secrets with the method provided in the chef-vault gem.
default['openstack']['databag_type'] = 'encrypted'
default['openstack']['vault_gem_version'] = '~> 2.3'
# Default attributes when not using data bags (use_databags = false)
%w{block-storage object-storage compute database dashboard image identity
telemetry network object-storage orchestration}.each do |service|
%w{user service db token}.each do |type|
default['openstack']['secret'][service][type] = "#{service}-#{type}"
end
end
# The type of token signing to use (uuid or pki)
default['openstack']['auth']['strategy'] = 'pki'
# Set to true where using self-signed certs (in testing environments)
default['openstack']['auth']['validate_certs'] = true
# ========================= Encrypted Databag Setup ===========================
#
# The openstack-common cookbook's default library contains a `secret`
# routine that looks up the value of encrypted databag values. This routine
# uses the secret key file located at the following location to decrypt the
# values in the data bag.
default['openstack']['secret']['key_path'] = '/etc/chef/openstack_data_bag_secret'
# The name of the encrypted data bag that stores openstack secrets
default['openstack']['secret']['secrets_data_bag'] = 'secrets'
# The name of the encrypted data bag that stores service user passwords, with
# each key in the data bag corresponding to a named OpenStack service, like
# "nova", "cinder", etc.
default['openstack']['secret']['service_passwords_data_bag'] = 'service_passwords'
# The name of the encrypted data bag that stores DB passwords, with
# each key in the data bag corresponding to a named OpenStack database, like
# "nova", "cinder", etc.
default['openstack']['secret']['db_passwords_data_bag'] = 'db_passwords'
# The name of the encrypted data bag that stores Keystone user passwords, with
# each key in the data bag corresponding to a user (Keystone or otherwise).
default['openstack']['secret']['user_passwords_data_bag'] = 'user_passwords'
# ========================= Package and Repository Setup ======================
#
# Various Linux distributions provide OpenStack packages and repositories.
# The provide some sensible defaults, but feel free to override per your
# needs.
# The coordinated release of OpenStack codename
default['openstack']['release'] = 'juno'
# The Ubuntu Cloud Archive has packages for multiple Ubuntu releases. For
# more information, see: https://wiki.ubuntu.com/ServerTeam/CloudArchive.
# In the component strings, %codename% will be replaced by the value of
# the node['lsb']['codename'] Ohai value and %release% will be replaced
# by the value of node['openstack']['release']
#
# Change ['openstack']['apt']['update_apt_cache'] to true if you would like
# have the cache automaticly updated
default['openstack']['apt']['update_apt_cache'] = false
default['openstack']['apt']['live_updates_enabled'] = true
default['openstack']['apt']['uri'] = 'http://ubuntu-cloud.archive.canonical.com/ubuntu'
default['openstack']['apt']['components'] = ["#{node['lsb']['codename']}-updates/#{node['openstack']['release']}", 'main']
# For the SRU packaging, use this:
# default['openstack']['apt']['components'] = [ '%codename%-proposed/%release%', 'main' ]
default['openstack']['zypp']['repo-key'] = 'd85f9316' # 32 bit key ID
default['openstack']['zypp']['uri'] = 'http://download.opensuse.org/repositories/Cloud:/OpenStack:/%release%/%suse-release%/'
default['openstack']['yum']['rdo_enabled'] = true
default['openstack']['yum']['uri'] = 'http://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-7'
default['openstack']['yum']['repo-key'] = 'https://raw.githubusercontent.com/redhat-openstack/rdo-release/master/RPM-GPG-KEY-RDO-Juno'
# Enforcing GnuPG signature check for RDO repo. Set this to false if you want to disable the check.
default['openstack']['yum']['gpgcheck'] = true
# ======================== OpenStack Endpoints ================================
#
# OpenStack recipes often need information about the various service
# endpoints in the deployment. For instance, the cookbook that deploys
# the Nova API service will need to set the glance_api_servers configuration
# option in the nova.conf, and the cookbook setting up the Glance image
# service might need information on the Swift proxy endpoint, etc. Having
# all of this related OpenStack endpoint information in a single set of
# common attributes in the openstack-common cookbook attributes means that
# instead of doing funky role-based lookups, a deployment zone's OpenStack
# endpoint information can simply be accessed by having the
# openstack-common::default recipe added to some base role definition file
# that all OpenStack nodes add to their run list.
#
# node['openstack']['endpoints'] is a hash of hashes, where each value hash
# contains one of more of the following keys:
#
# - scheme
# - uri
# - host
# - port
# - path
# - bind_interface
#
# If the uri key is set, its value is used as the full URI for the endpoint.
# If the uri key is not set, the endpoint's full URI is constructed from the
# component parts. This allows setups that use some standardized DNS names for
# OpenStack service endpoints in a deployment zone as well as setups that
# instead assign IP addresses (for an actual node or a load balanced virtual
# IP) in a network to a particular OpenStack service endpoint. If the
# bind_interface is set, it will set the host IP in the
# set_endpoints_by_interface recipe.
#
# If you wish to use different values for the admin, public, and internal
# URIs for a service, you can easily do so by putting that service's
# information within the node['openstack']['endpoints'][type][service] hash
# (where type is one of 'admin', 'public', or 'internal').
# For example, to use a special public URI for compute-api, it could be
# specified within...
# node['openstack']['endpoints']['public']['compute-api'] = ...
#
# If you have no need for separate URIs for any of the admin, public, or
# internal endpoints for compute-api, then you could just set the general
# service endpoint within...
# node['openstack']['endpoints']['compute-api'] = ...
# ******************** OpenStack Identity Endpoints ***************************
default['openstack']['endpoints']['host'] = '127.0.0.1'
default['openstack']['endpoints']['family'] = 'inet'
# Note: The ['<service-name>-bind'] for each service exist so that a user can
# have a service bind to a local IP per API node, that is different to the
# actual endpoint for that service, which may be a load balanced IP
default['openstack']['endpoints']['bind-host'] = '127.0.0.1'
# The OpenStack Identity (Keystone) API endpoint. This is commonly called
# the Keystone Service endpoint...
# NOTE(mancdaz): There is a single 'identity-bind' mash that is used
# by the identity cookbook, for both service and admin endpoint binds.
# This is because keystone presents two ports but only a single service,
# that can only be bound to a single IP.
default['openstack']['endpoints']['identity-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['identity-bind']['bind_interface'] = nil
default['openstack']['endpoints']['identity-api']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['identity-api']['scheme'] = 'http'
default['openstack']['endpoints']['identity-api']['port'] = '5000'
default['openstack']['endpoints']['identity-api']['path'] = '/v2.0'
default['openstack']['endpoints']['identity-api']['bind_interface'] = nil
# The OpenStack Identity (Keystone) Internal API endpoint
# For a reference architecture this is a sensable default, however with a more
# complex network setup the public endpoint may not be reachable by internal
# systems, thus the ability to set this to something different must be present.
# Even if the public endpoint is reachable there may be other reasons to send
# interal communications to a different endpoint, for security or auditing
# purposes for example.
# Generally this listens on the same IP as the admin interface, but with the
# public pipeline(5000) instead of the admin pipeline(35357).
default['openstack']['endpoints']['identity-internal']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['identity-internal']['scheme'] = 'http'
default['openstack']['endpoints']['identity-internal']['port'] = '5000'
default['openstack']['endpoints']['identity-internal']['path'] = '/v2.0'
default['openstack']['endpoints']['identity-internal']['bind_interface'] = nil
# The OpenStack Identity (Keystone) Admin API endpoint
default['openstack']['endpoints']['identity-admin-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['identity-admin-bind']['port'] = '35357'
default['openstack']['endpoints']['identity-admin-bind']['bind_interface'] = nil
default['openstack']['endpoints']['identity-admin']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['identity-admin']['scheme'] = 'http'
default['openstack']['endpoints']['identity-admin']['port'] = '35357'
default['openstack']['endpoints']['identity-admin']['path'] = '/v2.0'
default['openstack']['endpoints']['identity-admin']['bind_interface'] = nil
# ****************** OpenStack Compute Endpoints ******************************
# The OpenStack Compute (Nova) Native API endpoint
default['openstack']['endpoints']['compute-api-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['compute-api-bind']['port'] = '8774'
default['openstack']['endpoints']['compute-api-bind']['bind_interface'] = nil
default['openstack']['endpoints']['compute-api']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['compute-api']['scheme'] = 'http'
default['openstack']['endpoints']['compute-api']['port'] = '8774'
default['openstack']['endpoints']['compute-api']['path'] = '/v2/%(tenant_id)s'
default['openstack']['endpoints']['compute-api']['bind_interface'] = nil
# The OpenStack Compute (Nova) EC2 API endpoint
default['openstack']['endpoints']['compute-ec2-api-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['compute-ec2-api-bind']['port'] = '8773'
default['openstack']['endpoints']['compute-ec2-api-bind']['bind_interface'] = nil
default['openstack']['endpoints']['compute-ec2-api']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['compute-ec2-api']['scheme'] = 'http'
default['openstack']['endpoints']['compute-ec2-api']['port'] = '8773'
default['openstack']['endpoints']['compute-ec2-api']['path'] = '/services/Cloud'
default['openstack']['endpoints']['compute-ec2-api']['bind_interface'] = nil
# The OpenStack Compute (Nova) EC2 Admin API endpoint
default['openstack']['endpoints']['compute-ec2-admin-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['compute-ec2-admin-bind']['port'] = '8773'
default['openstack']['endpoints']['compute-ec2-admin-bind']['bind_interface'] = nil
default['openstack']['endpoints']['compute-ec2-admin']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['compute-ec2-admin']['scheme'] = 'http'
default['openstack']['endpoints']['compute-ec2-admin']['port'] = '8773'
default['openstack']['endpoints']['compute-ec2-admin']['path'] = '/services/Admin'
default['openstack']['endpoints']['compute-ec2-admin']['bind_interface'] = nil
# The OpenStack Compute (Nova) XVPvnc endpoint
default['openstack']['endpoints']['compute-xvpvnc-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['compute-xvpvnc-bind']['port'] = '6081'
default['openstack']['endpoints']['compute-xvpvnc-bind']['bind_interface'] = nil
default['openstack']['endpoints']['compute-xvpvnc']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['compute-xvpvnc']['scheme'] = 'http'
default['openstack']['endpoints']['compute-xvpvnc']['port'] = '6081'
default['openstack']['endpoints']['compute-xvpvnc']['path'] = '/console'
default['openstack']['endpoints']['compute-xvpvnc']['bind_interface'] = nil
# The OpenStack Compute (Nova) novnc endpoint
default['openstack']['endpoints']['compute-novnc-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['compute-novnc-bind']['port'] = '6080'
default['openstack']['endpoints']['compute-novnc-bind']['bind_interface'] = nil
default['openstack']['endpoints']['compute-novnc']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['compute-novnc']['scheme'] = 'http'
default['openstack']['endpoints']['compute-novnc']['port'] = '6080'
default['openstack']['endpoints']['compute-novnc']['path'] = '/vnc_auto.html'
default['openstack']['endpoints']['compute-novnc']['bind_interface'] = nil
# The OpenStack Compute (Nova) vnc endpoint
default['openstack']['endpoints']['compute-vnc-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['compute-vnc-bind']['bind_interface'] = nil
default['openstack']['endpoints']['compute-vnc']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['compute-vnc']['scheme'] = nil
default['openstack']['endpoints']['compute-vnc']['port'] = nil
default['openstack']['endpoints']['compute-vnc']['path'] = nil
default['openstack']['endpoints']['compute-vnc']['bind_interface'] = nil
# The OpenStack Compute (Nova) vnc proxy endpoint
default['openstack']['endpoints']['compute-vnc-proxy-bind']['host'] = node['openstack']['endpoints']['compute-vnc-bind']['host']
default['openstack']['endpoints']['compute-vnc-proxy-bind']['bind_interface'] = node['openstack']['endpoints']['compute-vnc-bind']['bind_interface']
# ******************** OpenStack Network Endpoints ****************************
# The OpenStack Network (Neutron) API endpoint.
default['openstack']['endpoints']['network-api-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['network-api-bind']['port'] = '9696'
default['openstack']['endpoints']['network-api-bind']['bind_interface'] = nil
default['openstack']['endpoints']['network-api']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['network-api']['scheme'] = 'http'
default['openstack']['endpoints']['network-api']['port'] = '9696'
# neutronclient appends the protocol version to the endpoint URL, so the
# path needs to be empty
default['openstack']['endpoints']['network-api']['path'] = ''
default['openstack']['endpoints']['network-api']['bind_interface'] = nil
# The OpenStack Network Linux Bridge endpoint
default['openstack']['endpoints']['network-linuxbridge']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['network-linuxbridge']['scheme'] = nil
default['openstack']['endpoints']['network-linuxbridge']['port'] = nil
default['openstack']['endpoints']['network-linuxbridge']['path'] = nil
default['openstack']['endpoints']['network-linuxbridge']['bind_interface'] = nil
# The OpenStack Network Open vSwitch endpoint
default['openstack']['endpoints']['network-openvswitch']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['network-openvswitch']['scheme'] = nil
default['openstack']['endpoints']['network-openvswitch']['port'] = nil
default['openstack']['endpoints']['network-openvswitch']['path'] = nil
default['openstack']['endpoints']['network-openvswitch']['bind_interface'] = nil
# ******************** OpenStack Image Endpoints ******************************
# The OpenStack Image (Glance) API endpoint
default['openstack']['endpoints']['image-api-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['image-api-bind']['port'] = '9292'
default['openstack']['endpoints']['image-api-bind']['bind_interface'] = nil
default['openstack']['endpoints']['image-api']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['image-api']['scheme'] = 'http'
default['openstack']['endpoints']['image-api']['port'] = '9292'
# The glance client appends the protocol version to the endpoint URL,
# so the path needs to be empty
default['openstack']['endpoints']['image-api']['path'] = ''
default['openstack']['endpoints']['image-api']['bind_interface'] = nil
# The OpenStack Image (Glance) Registry API endpoint
default['openstack']['endpoints']['image-registry-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['image-registry-bind']['port'] = '9191'
default['openstack']['endpoints']['image-registry-bind']['bind_interface'] = nil
default['openstack']['endpoints']['image-registry']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['image-registry']['scheme'] = 'http'
default['openstack']['endpoints']['image-registry']['port'] = '9191'
default['openstack']['endpoints']['image-registry']['path'] = '/v2'
default['openstack']['endpoints']['image-registry']['bind_interface'] = nil
# ******************** OpenStack Volume Endpoints *****************************
# The OpenStack Volume (Cinder) API endpoint
default['openstack']['endpoints']['block-storage-api-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['block-storage-api-bind']['port'] = '8776'
default['openstack']['endpoints']['block-storage-api-bind']['bind_interface'] = nil
default['openstack']['endpoints']['block-storage-api']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['block-storage-api']['scheme'] = 'http'
default['openstack']['endpoints']['block-storage-api']['port'] = '8776'
default['openstack']['endpoints']['block-storage-api']['path'] = '/v2/%(tenant_id)s'
default['openstack']['endpoints']['block-storage-api']['bind_interface'] = nil
# ******************** OpenStack Object Storage Endpoint *****************************
# The OpenStack Object Storage (Swift) API endpoint
default['openstack']['endpoints']['object-storage-api-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['object-storage-api-bind']['port'] = '8080'
default['openstack']['endpoints']['object-storage-api-bind']['bind_interface'] = nil
default['openstack']['endpoints']['object-storage-api']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['object-storage-api']['scheme'] = 'http'
default['openstack']['endpoints']['object-storage-api']['port'] = '8080'
default['openstack']['endpoints']['object-storage-api']['path'] = '/v1/'
default['openstack']['endpoints']['object-storage-api']['bind_interface'] = nil
# ******************** OpenStack Metering Endpoints ***************************
# The OpenStack Metering (Ceilometer) API endpoint
default['openstack']['endpoints']['telemetry-api-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['telemetry-api-bind']['port'] = '8777'
default['openstack']['endpoints']['telemetry-api-bind']['bind_interface'] = nil
default['openstack']['endpoints']['telemetry-api']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['telemetry-api']['scheme'] = 'http'
default['openstack']['endpoints']['telemetry-api']['port'] = '8777'
# The ceilometer client appends the protocol version to the endpoint URL,
# so the path needs to be empty
default['openstack']['endpoints']['telemetry-api']['path'] = ''
default['openstack']['endpoints']['telemetry-api']['bind_interface'] = nil
# ******************** OpenStack Orchestration Endpoints ***************************
# The OpenStack Orchestration (Heat) API endpoint
default['openstack']['endpoints']['orchestration-api-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['orchestration-api-bind']['port'] = '8004'
default['openstack']['endpoints']['orchestration-api-bind']['bind_interface'] = nil
default['openstack']['endpoints']['orchestration-api']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['orchestration-api']['scheme'] = 'http'
default['openstack']['endpoints']['orchestration-api']['port'] = '8004'
default['openstack']['endpoints']['orchestration-api']['path'] = '/v1/%(tenant_id)s'
default['openstack']['endpoints']['orchestration-api']['bind_interface'] = nil
# The OpenStack Orchestration (Heat) CloudFormation API endpoint
default['openstack']['endpoints']['orchestration-api-cfn-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['orchestration-api-cfn-bind']['port'] = '8000'
default['openstack']['endpoints']['orchestration-api-cfn-bind']['bind_interface'] = nil
default['openstack']['endpoints']['orchestration-api-cfn']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['orchestration-api-cfn']['scheme'] = 'http'
default['openstack']['endpoints']['orchestration-api-cfn']['port'] = '8000'
default['openstack']['endpoints']['orchestration-api-cfn']['path'] = '/v1'
default['openstack']['endpoints']['orchestration-api-cfn']['bind_interface'] = nil
# The OpenStack Orchestration (Heat) CloudWatch API endpoint
default['openstack']['endpoints']['orchestration-api-cloudwatch-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['orchestration-api-cloudwatch-bind']['port'] = '8003'
default['openstack']['endpoints']['orchestration-api-cloudwatch-bind']['bind_interface'] = nil
default['openstack']['endpoints']['orchestration-api-cloudwatch']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['orchestration-api-cloudwatch']['scheme'] = 'http'
default['openstack']['endpoints']['orchestration-api-cloudwatch']['port'] = '8003'
default['openstack']['endpoints']['orchestration-api-cloudwatch']['path'] = '/v1'
default['openstack']['endpoints']['orchestration-api-cloudwatch']['bind_interface'] = nil
# The OpenStack Database (Trove) API endpoint
default['openstack']['endpoints']['database-api-bind']['host'] = node['openstack']['endpoints']['bind-host']
default['openstack']['endpoints']['database-api-bind']['port'] = '8779'
default['openstack']['endpoints']['database-api-bind']['bind_interface'] = nil
default['openstack']['endpoints']['database-api']['host'] = node['openstack']['endpoints']['host']
default['openstack']['endpoints']['database-api']['scheme'] = 'http'
default['openstack']['endpoints']['database-api']['port'] = '8779'
default['openstack']['endpoints']['database-api']['path'] = '/v1.0/%(tenant_id)s'
default['openstack']['endpoints']['database-api']['bind_interface'] = nil
# Alternately, if you used some standardized DNS naming scheme, you could
# do something like this, which would override any part-wise specifications above.
#
# default['openstack']['endpoints']['identity-api']['uri'] = 'https://identity.example.com:35357/v2.0'
# default['openstack']['endpoints']['identity-admin']['uri'] = 'https://identity.example.com:5000/v2.0'
# default['openstack']['endpoints']['compute-api']['uri'] = 'https://compute.example.com:8774/v2/%(tenant_id)s'
# default['openstack']['endpoints']['compute-ec2-api']['uri'] = 'https://ec2.example.com:8773/services/Cloud'
# default['openstack']['endpoints']['compute-ec2-admin']['uri'] = 'https://ec2.example.com:8773/services/Admin'
# default['openstack']['endpoints']['compute-xvpvnc']['uri'] = 'https://xvpvnc.example.com:6081/console'
# default['openstack']['endpoints']['compute-novnc']['uri'] = 'https://novnc.example.com:6080/vnc_auto.html'
# default['openstack']['endpoints']['image-api']['uri'] = 'https://image.example.com:9292/v2'
# default['openstack']['endpoints']['image-registry']['uri'] = 'https://image.example.com:9191/v2'
# default['openstack']['endpoints']['block-storage-api']['uri'] = 'https://volume.example.com:8776/v1/%(tenant_id)s'
# default['openstack']['endpoints']['telemetry-api']['uri'] = 'https://telemetry.example.com:9000/v1'
# default['openstack']['endpoints']['orchestration-api']['uri'] = 'https://orchestration.example.com:8004//v1/%(tenant_id)s'
# default['openstack']['endpoints']['orchestration-api-cfn']['uri'] = 'https://orchestration.example.com:8000/v1'
# default['openstack']['endpoints']['orchestration-api-cloudwatch']['uri'] = 'https://orchestration.example.com:8003/v1'
# Set a default region that other regions are set to - such that changing the region for all services can be done in one place
default['openstack']['region'] = 'RegionOne'
# Set a default auth api version that other components use to interact with identity service.
# Allowed auth API versions: v2.0 or v3.0. By default, it is set to v2.0.
default['openstack']['api']['auth']['version'] = 'v2.0'
# logging.conf list keypairs module_name => log level to write
# DEPRECATED, use new loggers attributes below.
# TODO(MRV) remove in Juno
# The old defaults have been incorporated below:
# { 'nova.api.openstack.wsgi' => 'WARNING',
# 'nova.osapi_compute.wsgi.server' => 'WARNING' }
default['openstack']['logging']['ignore'] = {}
# Allow configured loggers in logging.conf
default['openstack']['logging']['loggers'] = {
'root' => {
'level' => 'NOTSET',
'handlers' => 'devel'
},
'ceilometer' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'ceilometer'
},
'cinder' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'cinder'
},
'glance' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'glance'
},
'horizon' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'horizon'
},
'keystone' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'keystone'
},
'nova' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'nova'
},
'neutron' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'neutron'
},
'swift' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'swift'
},
'trove' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'trove'
},
'amqplib' => {
'level' => 'WARNING',
'handlers' => 'stderr',
'qualname' => 'amqplib'
},
'sqlalchemy' => {
'level' => 'WARNING',
# "level' => 'INFO" logs SQL queries.
# "level' => 'DEBUG" logs SQL queries and results.
# "level' => 'WARNING" logs neither. (Recommended for production systems.)
'handlers' => 'stderr',
'qualname' => 'sqlalchemy'
},
'boto' => {
'level' => 'WARNING',
'handlers' => 'stderr',
'qualname' => 'boto'
},
'suds' => {
'level' => 'INFO',
'handlers' => 'stderr',
'qualname' => 'suds'
},
'eventletwsgi' => {
'level' => 'WARNING',
'handlers' => 'stderr',
'qualname' => 'eventlet.wsgi.server'
},
'nova_api_openstack_wsgi' => {
'level' => 'WARNING',
'handlers' => 'prod,debug',
'qualname' => 'nova.api.openstack.wsgi'
},
'nova_osapi_compute_wsgi_server' => {
'level' => 'WARNING',
'handlers' => 'prod,debug',
'qualname' => 'nova.osapi_compute.wsgi.server'
}
}
# Allow configured formatters in logging.conf
default['openstack']['logging']['formatters'] = {
'normal' => {
'format' => '%(asctime)s %(levelname)s %(message)s'
},
'normal_with_name' => {
'format' => '[%(name)s]: %(asctime)s %(levelname)s %(message)s'
},
'debug' => {
'format' => '[%(name)s]: %(asctime)s %(levelname)s %(module)s.%(funcName)s %(message)s'
},
'syslog_with_name' => {
'format' => '%(name)s: %(levelname)s %(message)s'
},
'syslog_debug' => {
'format' => '%(name)s: %(levelname)s %(module)s.%(funcName)s %(message)s'
}
}
# Allow configured logging handlers in logging.conf
default['openstack']['logging']['handlers'] = {
'stderr' => {
'args' => '(sys.stderr,)',
'class' => 'StreamHandler',
'formatter' => 'debug'
},
'devel' => {
'args' => '(sys.stdout,)',
'class' => 'StreamHandler',
'formatter' => 'debug',
'level' => 'NOTSET'
},
'prod' => {
'args' => '((\'/dev/log\'), handlers.SysLogHandler.LOG_LOCAL0)',
'class' => 'handlers.SysLogHandler',
'formatter' => 'syslog_with_name',
'level' => 'INFO'
},
'debug' => {
'args' => '((\'/dev/log\'), handlers.SysLogHandler.LOG_LOCAL1)',
'class' => 'handlers.SysLogHandler',
'formatter' => 'syslog_debug',
'level' => 'DEBUG'
}
}
default['openstack']['memcached_servers'] = nil
# Default sysctl settings
default['openstack']['sysctl']['net.ipv4.conf.all.rp_filter'] = 0
default['openstack']['sysctl']['net.ipv4.conf.default.rp_filter'] = 0
# Default OpenStack Network Type: nova (optional: neutron)
default['openstack']['compute']['network']['service_type'] = 'nova'
case node['platform_family']
when 'rhel', 'suse'
default['openstack']['common']['platform'] = {
'common_client_packages' => ['python-openstackclient'],
'package_overrides' => ''
}
when 'debian'
default['openstack']['common']['platform'] = {
'common_client_packages' => ['python-openstackclient'],
'package_overrides' => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'"
}
end
# The name of the Chef role that installs the Keystone Service API
default['openstack']['identity_service_chef_role'] = 'os-identity'
# Array of bare options for openrc (e.g. 'option=value')
default['openstack']['misc_openrc'] = nil
# openrc location and owner
default['openstack']['openrc']['path'] = '/root'
default['openstack']['openrc']['file'] = 'openrc'
default['openstack']['openrc']['user'] = 'root'
default['openstack']['openrc']['group'] = 'root'
default['openstack']['openrc']['file_mode'] = '0600'
default['openstack']['openrc']['path_mode'] = '0700'