keystone_identity_uri: {{UNDERCLOUD_ENDPOINT_KEYSTONE_ADMIN}} keystone_auth_uri: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}/v3 keystone_region: 'regionOne' keystone_default_domain: 'Default' debug: {{UNDERCLOUD_DEBUG}} controller_host: {{LOCAL_IP}} #local-ipv4 controller_admin_host: {{UNDERCLOUD_ADMIN_HOST}} controller_public_host: {{UNDERCLOUD_PUBLIC_HOST}} ntp::servers: {{UNDERCLOUD_NTP_SERVERS}} sysctl_settings: {{SYSCTL_SETTINGS}} # SSL tripleo::haproxy::service_certificate: {{UNDERCLOUD_SERVICE_CERTIFICATE}} generate_service_certificates: {{GENERATE_SERVICE_CERTIFICATE}} tripleo::profile::base::haproxy::certificates_specs: undercloud-haproxy-public: service_pem: {{UNDERCLOUD_SERVICE_CERTIFICATE}} service_certificate: '/etc/pki/tls/certs/undercloud-front.crt' service_key: '/etc/pki/tls/private/undercloud-front.key' hostname: "%{hiera('controller_public_host')}" postsave_cmd: "/usr/bin/instack-haproxy-cert-update '/etc/pki/tls/certs/undercloud-front.crt' '/etc/pki/tls/private/undercloud-front.key' {{UNDERCLOUD_SERVICE_CERTIFICATE}} undercloud-haproxy-public-cert" principal: {{SERVICE_PRINCIPAL}} # CA defaults certmonger_ca: {{CERTIFICATE_GENERATION_CA}} # Common Hiera data gets applied to all nodes ssh::server::storeconfigs_enabled: false # memcached memcached::max_memory: '50%' # Apache apache::server_signature: 'Off' apache::server_tokens: 'Prod' # ceilometer settings used by compute and controller ceilo auth settings ceilometer::agent::auth::auth_region: "%{hiera('keystone_region')}" aodh::auth::auth_region: "%{hiera('keystone_region')}" ceilometer::agent::auth::auth_tenant_name: 'service' aodh::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}} aodh::auth::auth_url: "%{hiera('keystone_auth_uri')}" # Swift swift::proxy::proxy_local_net_ip: {{LOCAL_IP}} swift::proxy::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" swift::proxy::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" swift::proxy::node_timeout: 60 swift::proxy::workers: "%{::os_workers}" swift::proxy::log_facility: LOG_LOCAL2 swift::storage::all::storage_local_net_ip: {{LOCAL_IP}} swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' swift::swift_hash_path_suffix: {{UNDERCLOUD_SWIFT_HASH_SUFFIX}} swift::proxy::account_autocreate: true swift::proxy::authtoken::password: {{UNDERCLOUD_SWIFT_PASSWORD}} swift::keystone::auth::tenant: 'service' swift::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_SWIFT_PUBLIC}} swift::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_SWIFT_INTERNAL}} swift::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_SWIFT_ADMIN}} swift::keystone::auth::password: {{UNDERCLOUD_SWIFT_PASSWORD}} swift::keystone::auth::region: "%{hiera('keystone_region')}" swift::keystone::auth::configure_s3_endpoint: false swift::keystone::auth::operator_roles: - admin - swiftoperator swift_mount_check: false swift::ringbuilder::replicas: 1 swift::ringbuilder::part_power: 10 swift::ringbuilder::min_part_hours: 1 swift::proxy::pipeline: - 'catch_errors' - 'healthcheck' - 'proxy-logging' - 'cache' - 'ratelimit' - 'bulk' - 'tempurl' - 'formpost' - 'authtoken' - 'keystone' - 'staticweb' - 'proxy-logging' - 'proxy-server' # Glance glance::api::debug: "%{hiera('debug')}" glance::api::bind_port: 9292 glance::api::bind_host: {{LOCAL_IP}} glance::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" glance::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" glance::api::registry_host: {{LOCAL_IP}} glance::api::authtoken::password: {{UNDERCLOUD_GLANCE_PASSWORD}} glance::api::workers: "%{::os_workers}" glance::api::stores: - glance.store.filesystem.Store - glance.store.swift.Store glance::api::default_store: 'glance.store.swift.Store' glance::api::pipeline: 'keystone' # used to construct glance_api_servers glance_log_file: '' glance::api::database_connection: mysql+pymysql://glance:{{UNDERCLOUD_GLANCE_PASSWORD}}@{{LOCAL_IP}}/glance glance::api::enable_v1_api: false glance::api::enable_v2_api: true glance::keystone::auth::tenant: 'service' glance::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_GLANCE_PUBLIC}} glance::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}} glance::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_GLANCE_ADMIN}} glance::keystone::auth::password: {{UNDERCLOUD_GLANCE_PASSWORD}} glance::keystone::auth::region: "%{hiera('keystone_region')}" glance::backend::swift::swift_store_auth_address: "%{hiera('keystone_auth_uri')}" glance::backend::swift::swift_store_auth_version: 3 glance::backend::swift::swift_store_user: service:glance glance::backend::swift::swift_store_key: {{UNDERCLOUD_GLANCE_PASSWORD}} glance::backend::swift::swift_store_create_container_on_put: true glance::notify::rabbitmq::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}} glance::notify::rabbitmq::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}} glance::notify::rabbitmq::rabbit_host: {{LOCAL_IP}} glance::registry::debug: "%{hiera('debug')}" # Heat heat::debug: "%{hiera('debug')}" heat_stack_domain_admin_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}} heat::engine::configure_delegated_roles: false heat::engine::heat_stack_user_role: 'heat_stack_user' heat::engine::heat_watch_server_url: http://{{LOCAL_IP}}:8003 heat::engine::heat_metadata_server_url: http://{{LOCAL_IP}}:8000 heat::engine::heat_waitcondition_server_url: http://{{LOCAL_IP}}:8000/v1/waitcondition heat::engine::reauthentication_auth_method: 'trusts' heat::engine::trusts_delegated_roles: [] heat::engine::auth_encryption_key: {{UNDERCLOUD_HEAT_ENCRYPTION_KEY}} heat::engine::max_resources_per_stack: -1 heat::engine::convergence_engine: false # NOTE(trown): We need to give heat engine more workers because we are throwing huge # nested stacks at it for the deploy. By not setting this, we get the heat default, # which is max(#CPUs,4). #heat::engine::num_engine_workers: heat::engine::max_nested_stack_depth: 7 heat::instance_user: heat-admin heat::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}} heat::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}} heat::rabbit_host: {{LOCAL_IP}} heat::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" heat::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" heat::keystone::authtoken::password: {{UNDERCLOUD_HEAT_PASSWORD}} heat::keystone::domain::domain_name: 'heat_stack' heat::keystone::domain::domain_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}} heat::api::bind_host: {{LOCAL_IP}} heat::api::workers: "%{::os_workers}" heat::api::service_name: 'httpd' heat::api_cfn::bind_host: {{LOCAL_IP}} heat::api_cfn::workers: "%{::os_workers}" heat::api_cfn::service_name: 'httpd' heat::wsgi::apache_api::ssl: false heat::wsgi::apache_api::bind_host: {{LOCAL_IP}} heat::wsgi::apache_api::workers: "%{hiera('heat::api::workers')}" heat::wsgi::apache_api_cfn::ssl: false heat::wsgi::apache_api_cfn::bind_host: {{LOCAL_IP}} heat::wsgi::apache_api_cfn::workers: "%{hiera('heat::api_cfn::workers')}" heat::database_connection: mysql+pymysql://heat:{{UNDERCLOUD_HEAT_PASSWORD}}@{{LOCAL_IP}}/heat heat_dsn: mysql+pymysql://heat:{{UNDERCLOUD_HEAT_PASSWORD}}@{{LOCAL_IP}}/heat heat::rpc_response_timeout: 600 heat::keystone::auth::tenant: 'service' heat::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_PUBLIC}} heat::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_INTERNAL}} heat::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_ADMIN}} heat::keystone::auth::password: {{UNDERCLOUD_HEAT_PASSWORD}} heat::keystone::auth::region: "%{hiera('keystone_region')}" heat::keystone::auth_cfn::tenant: 'service' heat::keystone::auth_cfn::region: "%{hiera('keystone_region')}" heat::keystone::auth_cfn::password: {{UNDERCLOUD_HEAT_CFN_PASSWORD}} heat::keystone::auth_cfn::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_PUBLIC}} heat::keystone::auth_cfn::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_INTERNAL}} heat::keystone::auth_cfn::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_ADMIN}} heat::cron::purge_deleted::age: 1 heat::cron::purge_deleted::age_type: 'days' heat::cron::purge_deleted::destination: '/dev/null' heat::notification_driver: 'messaging' heat::yaql_memory_quota: 100000 heat::yaql_limit_iterators: 1000 heat::max_json_body_size: 2097152 # Keystone keystone::debug: "%{hiera('debug')}" keystone::admin_token: {{UNDERCLOUD_ADMIN_TOKEN}} keystone::admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}} keystone::admin_workers: "%{::os_workers}" keystone::public_workers: "%{::os_workers}" keystone::public_bind_host: {{LOCAL_IP}} keystone::admin_bind_host: {{LOCAL_IP}} keystone::public_endpoint: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}} keystone::service_name: 'httpd' keystone_ca_certificate: '{{KEYSTONE_CA_CERTIFICATE}}' keystone_signing_key: '{{KEYSTONE_SIGNING_KEY}}' keystone_signing_certificate: '{{KEYSTONE_SIGNING_CERTIFICATE}}' keystone::database_connection: mysql+pymysql://keystone:{{UNDERCLOUD_ADMIN_TOKEN}}@{{LOCAL_IP}}/keystone keystone::cron::token_flush::destination: '/dev/null' keystone::roles::admin::password: {{UNDERCLOUD_ADMIN_PASSWORD}} keystone::roles::admin::email: 'root@localhost' keystone::roles::admin::admin_tenant: 'admin' keystone::roles::admin::service_tenant: 'service' keystone::token_expiration: 14400 keystone::endpoint::public_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}} keystone::endpoint::internal_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_INTERNAL}} keystone::endpoint::admin_url: "%{hiera('keystone_identity_uri')}" keystone::endpoint::region: "%{hiera('keystone_region')}" keystone::endpoint::version: '' keystone::wsgi::apache::ssl: false keystone::wsgi::apache::bind_host: {{LOCAL_IP}} keystone::notification_driver: messaging keystone::notification_topics: notifications keystone::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}} keystone::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}} keystone::rabbit_host: {{LOCAL_IP}} keystone::enable_credential_setup: true keystone::fernet_max_active_keys: 2 # MySQL admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}} enable_galera: true mysql_max_connections: '4096' tripleo::profile::base::database::mysql::step: 2 tripleo::profile::base::database::mysql::manage_resources: true tripleo::profile::base::database::mysql::remove_default_accounts: true tripleo::profile::base::database::mysql::mysql_server_options: 'mysqld': bind-address: "%{hiera('controller_host')}" innodb_file_per_table: 'ON' mysql::server::restart: true # Neutron neutron::debug: "%{hiera('debug')}" neutron::bind_host: {{LOCAL_IP}} neutron::core_plugin: ml2 neutron::dhcp_agents_per_network: 2 neutron::dns_domain: '' neutron::server::api_workers: "%{::os_workers}" neutron::server::rpc_workers: "%{::os_workers}" neutron::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}} neutron::rabbit_user: {{UNDERCLOUD_RABBIT_USERNAME}} neutron::keystone::authtoken::project_name: "%{hiera('neutron::keystone::auth::tenant')}" neutron::server::notifications::project_name: "%{hiera('neutron::keystone::auth::tenant')}" neutron::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" neutron::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" neutron::server::database_connection: mysql+pymysql://neutron:{{UNDERCLOUD_NEUTRON_PASSWORD}}@{{LOCAL_IP}}/neutron neutron::server::sync_db: true neutron::agents::ml2::ovs::local_ip: {{LOCAL_IP}} neutron::plugins::ml2::mechanism_drivers: ['openvswitch'] neutron_bridge_mappings: ctlplane:br-ctlplane neutron_public_interface: {{LOCAL_INTERFACE}} neutron_physical_bridge: br-ctlplane neutron::keystone::authtoken::password: {{UNDERCLOUD_NEUTRON_PASSWORD}} neutron::agents::metadata::auth_password: {{UNDERCLOUD_NEUTRON_PASSWORD}} neutron::agents::metadata::metadata_workers: "%{::os_workers}" neutron::quota::quota_port: -1 neutron::server::notifications::auth_url: "%{hiera('keystone_auth_uri')}" neutron::server::notifications::tenant_name: service neutron::server::notifications::password: {{UNDERCLOUD_NOVA_PASSWORD}} neutron::keystone::auth::tenant: 'service' neutron::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}} neutron::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_INTERNAL}} neutron::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_ADMIN}} neutron::keystone::auth::password: {{UNDERCLOUD_NEUTRON_PASSWORD}} neutron::keystone::auth::region: "%{hiera('keystone_region')}" neutron::plugins::ml2::extension_drivers: 'port_security' # Ceilometer ceilometer::debug: "%{hiera('debug')}" ceilometer::expirer::time_to_live: undef ceilometer::metering_secret: {{UNDERCLOUD_CEILOMETER_METERING_SECRET}} ceilometer::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}} ceilometer::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}} ceilometer::rabbit_host: {{LOCAL_IP}} ceilometer::api::host: {{LOCAL_IP}} ceilometer::api::service_name: 'httpd' ceilometer::wsgi::apache::ssl: false ceilometer::wsgi::apache::bind_host: {{LOCAL_IP}} ceilometer::keystone::authtoken::password: {{UNDERCLOUD_CEILOMETER_PASSWORD}} ceilometer::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" ceilometer::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" ceilometer::db::database_connection: mysql+pymysql://ceilometer:{{UNDERCLOUD_CEILOMETER_PASSWORD}}@{{LOCAL_IP}}/ceilometer ceilometer::agent::auth::auth_password: {{UNDERCLOUD_CEILOMETER_PASSWORD}} ceilometer_compute_agent: '' ceilometer::snmpd_readonly_username: {{UNDERCLOUD_CEILOMETER_SNMPD_USER}} ceilometer::snmpd_readonly_user_password: {{UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD}} ceilometer::keystone::auth::tenant: 'service' ceilometer::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_PUBLIC}} ceilometer::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_INTERNAL}} ceilometer::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_ADMIN}} ceilometer::keystone::auth::password: {{UNDERCLOUD_CEILOMETER_PASSWORD}} ceilometer::keystone::auth::region: "%{hiera('keystone_region')}" # gnocchi dispatcher config ceilometer::collector::meter_dispatcher: 'gnocchi' ceilometer::dispatcher::gnocchi::url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_INTERNAL}} ceilometer::dispatcher::gnocchi::filter_project: 'service' ceilometer::dispatcher::gnocchi::archive_policy: 'low' ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' # events dispatcher config ceilometer::collector::event_dispatcher: ['panko', 'gnocchi'] # Aodh aodh::debug: "%{hiera('debug')}" aodh::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}} aodh::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}} aodh::rabbit_host: {{LOCAL_IP}} aodh::api::host: {{LOCAL_IP}} aodh::keystone::authtoken::password: {{UNDERCLOUD_AODH_PASSWORD}} aodh::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" aodh::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" aodh::api::service_name: 'httpd' aodh::wsgi::apache::ssl: false aodh::wsgi::apache::bind_host: {{LOCAL_IP}} aodh::db::database_connection: mysql+pymysql://aodh:{{UNDERCLOUD_AODH_PASSWORD}}@{{LOCAL_IP}}/aodh aodh::auth::auth_password: {{UNDERCLOUD_AODH_PASSWORD}} aodh::keystone::auth::tenant: 'service' aodh::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_AODH_PUBLIC}} aodh::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_AODH_INTERNAL}} aodh::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_AODH_ADMIN}} aodh::keystone::auth::password: {{UNDERCLOUD_AODH_PASSWORD}} aodh::keystone::auth::region: "%{hiera('keystone_region')}" # Gnocchi gnocchi::debug: "%{hiera('debug')}" gnocchi_backend: 'file' gnocchi::wsgi::apache::ssl: false gnocchi::wsgi::apache::bind_host: {{LOCAL_IP}} gnocchi::api::service_name: 'httpd' gnocchi::api::host: {{LOCAL_IP}} gnocchi::keystone::authtoken::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}} gnocchi::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" gnocchi::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" gnocchi::keystone::auth::tenant: 'service' gnocchi::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_PUBLIC}} gnocchi::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_INTERNAL}} gnocchi::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_ADMIN}} gnocchi::keystone::auth::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}} gnocchi::keystone::auth::region: "%{hiera('keystone_region')}" gnocchi::db::mysql::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}} gnocchi::db::database_connection: mysql+pymysql://gnocchi:{{UNDERCLOUD_GNOCCHI_PASSWORD}}@{{LOCAL_IP}}/gnocchi gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 gnocchi::storage::swift::swift_authurl: "%{hiera('keystone_auth_uri')}" gnocchi::storage::swift::swift_key: {{UNDERCLOUD_GNOCCHI_PASSWORD}} #Gnocchi statsd gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26' gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3' gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616' gnocchi::statsd::flush_delay: 10 gnocchi::statsd::archive_policy_name: 'low' gnocchi_healthcheck_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_PUBLIC}}/healthcheck # Panko panko::logging::debug: "%{hiera('debug')}" panko::wsgi::apache::ssl: false panko::wsgi::apache::bind_host: {{LOCAL_IP}} panko::api::service_name: 'httpd' panko::api::host: {{LOCAL_IP}} panko::db::mysql::password: {{UNDERCLOUD_PANKO_PASSWORD}} panko::db::database_connection: mysql+pymysql://panko:{{UNDERCLOUD_PANKO_PASSWORD}}@{{LOCAL_IP}}/panko panko::keystone::authtoken::password: {{UNDERCLOUD_PANKO_PASSWORD}} panko::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" panko::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" panko::keystone::auth::tenant: 'service' panko::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_PANKO_PUBLIC}} panko::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_PANKO_INTERNAL}} panko::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_PANKO_ADMIN}} panko::keystone::auth::password: {{UNDERCLOUD_PANKO_PASSWORD}} panko::keystone::auth::region: "%{hiera('keystone_region')}" panko::keystone::authtoken::project_name: 'service' # Nova nova::debug: "%{hiera('debug')}" nova::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//" nova::notification_driver: messaging nova::rpc_response_timeout: '600' nova::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" nova::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" nova::api::api_bind_address: {{LOCAL_IP}} nova::api::enabled: true nova::api::metadata_listen: {{LOCAL_IP}} nova::keystone::authtoken::password: {{UNDERCLOUD_NOVA_PASSWORD}} nova::api::enabled_apis: - osapi_compute - metadata nova::api::sync_db_api: true nova::api::osapi_compute_workers: "%{::os_workers}" nova::api::metadata_workers: "%{::os_workers}" nova::wsgi::apache_placement::ssl: false nova::wsgi::apache_placement::bind_host: {{LOCAL_IP}} nova::wsgi::apache_placement::api_port: '8778' nova::placement::auth_url: "%{hiera('keystone_identity_uri')}" nova::placement::password: {{UNDERCLOUD_NOVA_PASSWORD}} nova::placement::project_name: 'service' nova::placement::os_region_name: "%{hiera('keystone_region')}" nova::conductor::enabled: true nova::conductor::workers: "%{::os_workers}" nova::database_connection: mysql+pymysql://nova:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP}}/nova nova::api_database_connection: mysql+pymysql://nova_api:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP}}/nova_api nova::placement_database_connection: mysql+pymysql://nova_placement:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP}}/nova_placement nova::notify_on_state_change: 'vm_and_task_state' nova::scheduler::enabled: true nova::network::neutron::dhcp_domain: '' nova::compute::force_config_drive: true nova::compute::reserved_host_memory: '0' nova::compute::vnc_enabled: false nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' nova::cron::archive_deleted_rows::destination: '/dev/null' nova_sync_power_state_interval: -1 nova::ironic::common::username: 'ironic' nova::ironic::common::password: {{UNDERCLOUD_IRONIC_PASSWORD}} nova::ironic::common::project_name: 'service' nova::ironic::common::api_endpoint: "{{UNDERCLOUD_ENDPOINT_IRONIC_PUBLIC}}/v1" nova::ironic::common::auth_url: "%{hiera('keystone_identity_uri')}" nova::network::neutron::neutron_auth_url: "%{hiera('keystone_auth_uri')}" nova::network::neutron::neutron_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}} nova::network::neutron::neutron_password: "%{hiera('neutron::keystone::authtoken::password')}" nova::network::neutron::neutron_project_name: "%{hiera('neutron::keystone::auth::tenant')}" nova::network::neutron::neutron_region_name: '' nova::ram_allocation_ratio: '1.0' nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager' nova::scheduler::filter::scheduler_max_attempts: {{SCHEDULER_MAX_ATTEMPTS}} nova::scheduler::filter::scheduler_available_filters: ['tripleo_common.filters.list.tripleo_filters'] nova::scheduler::filter::scheduler_default_filters: ['RetryFilter', 'TripleOCapabilitiesFilter', 'ComputeCapabilitiesFilter', 'AvailabilityZoneFilter', 'RamFilter', 'DiskFilter', 'ComputeFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter'] nova::keystone::auth::tenant: 'service' nova::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_NOVA_PUBLIC}} nova::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_NOVA_INTERNAL}} nova::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_NOVA_ADMIN}} nova::keystone::auth::password: {{UNDERCLOUD_NOVA_PASSWORD}} nova::keystone::auth::region: "%{hiera('keystone_region')}" nova::keystone::auth::configure_ec2_endpoint: false nova::keystone::auth_placement::tenant: 'service' nova::keystone::auth_placement::public_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_PUBLIC}} nova::keystone::auth_placement::internal_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_INTERNAL}} nova::keystone::auth_placement::admin_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_ADMIN}} nova::keystone::auth_placement::password: {{UNDERCLOUD_NOVA_PASSWORD}} nova::keystone::auth_placement::region: "%{hiera('keystone_region')}" nova::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}} # NOTE(aschultz): raise upper limit on nova DB syncs for undercloud only. # There is no way this should take 15 minutes and if it does we now have way # different problems. But rather than block undercloud installs let's increase # the timeout for these actions. See LP#1661396 for more details. nova::db::sync::db_sync_timeout: 900 nova::db::sync_api::db_sync_timeout: 900 # Ironic ironic::debug: "%{hiera('debug')}" ironic::my_ip: {{LOCAL_IP}} ironic::rpc_response_timeout: 600 ironic::api::authtoken::password: {{UNDERCLOUD_IRONIC_PASSWORD}} ironic::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" ironic::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" ironic::api::host_ip: {{LOCAL_IP}} ironic::api::service_name: 'httpd' ironic::api::workers: "%{::os_workers}" ironic::wsgi::apache::ssl: false ironic::wsgi::apache::bind_host: {{LOCAL_IP}} ironic::database_connection: mysql+pymysql://ironic:{{UNDERCLOUD_IRONIC_PASSWORD}}@{{LOCAL_IP}}/ironic ironic::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//" ironic::drivers::inspector::enabled: true ironic::drivers::inspector::password: {{UNDERCLOUD_IRONIC_PASSWORD}} ironic::drivers::inspector::auth_url: "%{hiera('keystone_identity_uri')}" ironic::glance::password: {{UNDERCLOUD_IRONIC_PASSWORD}} ironic::glance::auth_url: "%{hiera('keystone_identity_uri')}" ironic::neutron::password: {{UNDERCLOUD_IRONIC_PASSWORD}} ironic::neutron::auth_url: "%{hiera('keystone_identity_uri')}" ironic::service_catalog::password: {{UNDERCLOUD_IRONIC_PASSWORD}} ironic::service_catalog::auth_url: "%{hiera('keystone_identity_uri')}" ironic::swift::password: {{UNDERCLOUD_IRONIC_PASSWORD}} ironic::swift::auth_url: "%{hiera('keystone_identity_uri')}" # Ironic conductor forces deployments to use http # https://bugs.launchpad.net/tripleo/+bug/1613088 ironic::conductor::api_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}} ironic::conductor::force_power_state_during_sync: false ironic::conductor::automated_clean: {{CLEAN_NODES}} ironic::conductor::cleaning_disk_erase: 'metadata' ironic::conductor::cleaning_network: 'ctlplane' ironic::conductor::provisioning_network: 'ctlplane' ironic::conductor::default_boot_option: 'local' ironic::conductor::enabled_drivers: {{ENABLED_DRIVERS}} ironic::conductor::enabled_hardware_types: {{ENABLED_HARDWARE_TYPES}} ironic::drivers::interfaces::default_inspect_interface: inspector ironic::drivers::interfaces::enabled_console_interfaces: ['no-console', 'ipmitool-socat'] ironic::drivers::interfaces::enabled_inspect_interfaces: ['no-inspect', 'inspector'] ironic::drivers::interfaces::enabled_management_interfaces: {{ENABLED_MANAGEMENT_INTERFACES}} ironic::drivers::interfaces::enabled_power_interfaces: {{ENABLED_POWER_INTERFACES}} ironic::keystone::auth::tenant: 'service' ironic::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_IRONIC_PUBLIC}} ironic::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}} ironic::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_IRONIC_ADMIN}} ironic::keystone::auth::password: {{UNDERCLOUD_IRONIC_PASSWORD}} ironic::keystone::auth::region: "%{hiera('keystone_region')}" ironic::keystone::auth_inspector::tenant: 'service' ironic::keystone::auth_inspector::public_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_PUBLIC}} ironic::keystone::auth_inspector::internal_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_INTERNAL}} ironic::keystone::auth_inspector::admin_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_ADMIN}} ironic::keystone::auth_inspector::password: {{UNDERCLOUD_IRONIC_PASSWORD}} ironic::keystone::auth_inspector::region: "%{hiera('keystone_region')}" # Ironic Inspector ironic::inspector::listen_address: {{LOCAL_IP}} ironic::inspector::debug: "%{hiera('debug')}" {{#IPXE_ENABLED}} ironic::inspector::pxe_transfer_protocol: 'http' {{/IPXE_ENABLED}} ironic::inspector::enable_uefi: {{INSPECTION_ENABLE_UEFI}} ironic::inspector::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" ironic::inspector::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" ironic::inspector::authtoken::username: 'ironic' ironic::inspector::authtoken::password: "%{hiera('ironic::api::authtoken::password')}" ironic::inspector::authtoken::project_name: 'service' ironic::inspector::db::database_connection: mysql+pymysql://ironic-inspector:{{UNDERCLOUD_IRONIC_PASSWORD}}@{{LOCAL_IP}}/ironic-inspector ironic::inspector::keep_ports: 'added' ironic::inspector::ironic_username: 'ironic' ironic::inspector::ironic_password: "%{hiera('ironic::api::authtoken::password')}" ironic::inspector::ironic_tenant_name: 'service' ironic::inspector::ironic_project_domain_name: 'Default' ironic::inspector::ironic_user_domain_name: 'Default' ironic::inspector::ironic_auth_url: "%{hiera('keystone_auth_uri')}" ironic::inspector::ironic_max_retries: 6 ironic::inspector::ironic_retry_interval: 10 ironic::inspector::store_data: 'swift' ironic::inspector::swift_username: 'ironic' ironic::inspector::swift_password: "%{hiera('ironic::api::authtoken::password')}" ironic::inspector::swift_tenant_name: 'service' ironic::inspector::swift_project_domain_name: 'Default' ironic::inspector::swift_user_domain_name: 'Default' ironic::inspector::swift_auth_url: "%{hiera('keystone_auth_uri')}" ironic::inspector::dnsmasq_local_ip: {{LOCAL_IP}} ironic::inspector::dnsmasq_ip_range: {{INSPECTION_IPRANGE}} ironic::inspector::dnsmasq_interface: {{INSPECTION_INTERFACE}} ironic::inspector::ramdisk_collectors: {{INSPECTION_COLLECTORS}} ironic::inspector::additional_processing_hooks: 'extra_hardware,lldp_basic,local_link_connection' ironic::inspector::ramdisk_kernel_args: {{INSPECTION_KERNEL_ARGS}} ironic::inspector::ipxe_timeout: 60 ironic::inspector::node_not_found_hook: {{INSPECTION_NODE_NOT_FOUND_HOOK}} ironic::inspector::discovery_default_driver: {{DISCOVERY_DEFAULT_DRIVER}} ironic::inspector::detect_boot_mode: true # Ironic PXE driver ironic::drivers::pxe::ipxe_timeout: 60 # Ironic deploy utils ironic_ipxe_port: 8088 ironic::conductor::http_url: "http://{{LOCAL_IP}}:%{hiera('ironic_ipxe_port')}" ironic::conductor::http_boot: '/httpboot' ironic::inspector::http_port: "%{hiera('ironic_ipxe_port')}" # Ironic pxe ironic::drivers::pxe::ipxe_enabled: {{IPXE_ENABLED}} # NOTE(dtantsur): UEFI only works with iPXE currently for us ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template' ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi' # Ironic agent ironic::drivers::agent::deploy_logs_collect: 'always' ironic::drivers::agent::deploy_logs_storage_backend: 'local' ironic::drivers::agent::deploy_logs_local_path: '/var/log/ironic/deploy/' # Ironic power and management drivers tuning ironic::drivers::ipmi::retry_timeout: 15 ironic::drivers::ilo::default_boot_mode: 'bios' # Rabbit rabbit_cookie: {{UNDERCLOUD_RABBIT_COOKIE}} rabbitmq::delete_guest_user: false rabbitmq::node_ip_address: {{LOCAL_IP}} rabbitmq::package_source: undef rabbitmq::port: '5672' rabbitmq::repos_ensure: false rabbitmq::wipe_db_on_cookie_change: true rabbitmq::default_user: {{UNDERCLOUD_RABBIT_USERNAME}} rabbitmq::default_pass: {{UNDERCLOUD_RABBIT_PASSWORD}} # Horizon horizon::django_debug: "%{hiera('debug')}" horizon_secret_key: {{UNDERCLOUD_HORIZON_SECRET_KEY}} horizon::allowed_hosts: - "%{::fqdn}" - "{{LOCAL_IP}}" horizon::wsgi::apache::priority: 10 horizon::openstack_endpoint_type: internalURL # Mistral mistral::debug: "%{hiera('debug')}" mistral::api::bind_host: {{LOCAL_IP}} mistral::api::api_workers: "%{::os_workers}" mistral::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}} mistral::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}} mistral::rabbit_host: {{LOCAL_IP}} mistral::auth_uri: "%{hiera('keystone_auth_uri')}" mistral::identity_uri: "%{hiera('keystone_identity_uri')}" mistral::database_connection: mysql+pymysql://mistral:{{UNDERCLOUD_MISTRAL_PASSWORD}}@{{LOCAL_IP}}/mistral mistral::rpc_backend: rabbit mistral::keystone_password: {{UNDERCLOUD_MISTRAL_PASSWORD}} mistral::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_PUBLIC}} mistral::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_INTERNAL}} mistral::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_ADMIN}} mistral::keystone::auth::region: "%{hiera('keystone_region')}" mistral::keystone::auth::password: {{UNDERCLOUD_MISTRAL_PASSWORD}} mistral::keystone::auth::tenant: 'service' mistral::engine::older_than: 2880 mistral::engine::evaluation_interval: 120 mistral::engine::execution_field_size_limit_kb: 4096 # Zaqar zaqar::keystone::authtoken::project_name: 'service' zaqar::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" zaqar::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" zaqar::keystone::authtoken::password: {{UNDERCLOUD_ZAQAR_PASSWORD}} zaqar::keystone::auth::tenant: 'service' zaqar::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_PUBLIC}} zaqar::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_INTERNAL}} zaqar::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_ADMIN}} zaqar::keystone::auth::region: "%{hiera('keystone_region')}" zaqar::keystone::auth::password: {{UNDERCLOUD_ZAQAR_PASSWORD}} zaqar::keystone::auth::roles: - admin - ResellerAdmin zaqar::keystone::auth_websocket::tenant: 'service' zaqar::keystone::auth_websocket::public_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_PUBLIC}} zaqar::keystone::auth_websocket::internal_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_INTERNAL}} zaqar::keystone::auth_websocket::admin_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_ADMIN}} zaqar::keystone::auth_websocket::region: "%{hiera('keystone_region')}" zaqar::keystone::auth_websocket::password: {{UNDERCLOUD_ZAQAR_PASSWORD}} zaqar::server::service_name: 'httpd' zaqar::unreliable: true zaqar::transport::websocket::bind: {{LOCAL_IP}} zaqar::wsgi::apache::bind_host: {{LOCAL_IP}} zaqar::wsgi::apache::ssl: false zaqar::message_store: swift zaqar::management_store: sqlalchemy zaqar::management::sqlalchemy::uri: mysql+pymysql://zaqar:{{UNDERCLOUD_ZAQAR_PASSWORD}}@{{LOCAL_IP}}/zaqar zaqar::messaging::swift::uri: swift://zaqar:{{UNDERCLOUD_ZAQAR_PASSWORD}}@/service zaqar::messaging::swift::auth_url: "%{hiera('keystone_auth_uri')}" zaqar::message_pipeline: 'zaqar.notification.notifier' zaqar::max_messages_post_size: 1048576 # Cinder cinder::debug: "%{hiera('debug')}" cinder_backend_name: 'undercloud_iscsi' cinder_enable_test_volume: false cinder_iscsi_address: {{LOCAL_IP}} cinder::api::enable_proxy_headers_parsing: true cinder::api::service_name: 'httpd' cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' cinder::backends::enabled_backends: ["%{hiera('cinder_backend_name')}"] cinder::cron::db_purge::destination: "/dev/null" cinder::database_connection: mysql+pymysql://cinder:{{UNDERCLOUD_CINDER_PASSWORD}}@{{LOCAL_IP}}/cinder cinder::db::database_db_max_retries: -1 cinder::db::database_max_retries: -1 cinder::debug: "%{hiera('debug')}" cinder::glance::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}} cinder::keystone::auth::tenant: 'service' cinder::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CINDER_PUBLIC}} cinder::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CINDER_INTERNAL}} cinder::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CINDER_ADMIN}} cinder::keystone::auth::public_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_PUBLIC}} cinder::keystone::auth::internal_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_INTERNAL}} cinder::keystone::auth::admin_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_ADMIN}} cinder::keystone::auth::public_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_PUBLIC}} cinder::keystone::auth::internal_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_INTERNAL}} cinder::keystone::auth::admin_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_ADMIN}} cinder::keystone::auth::region: "%{hiera('keystone_region')}" cinder::keystone::auth::password: {{UNDERCLOUD_CINDER_PASSWORD}} cinder::keystone::authtoken::project_name: 'service' cinder::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" cinder::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" cinder::keystone::authtoken::password: {{UNDERCLOUD_CINDER_PASSWORD}} cinder::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}} cinder::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}} cinder::rabbit_host: {{LOCAL_IP}} cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler cinder::setup_test_volume::size: '10280M' cinder::wsgi::apache::bind_host: {{LOCAL_IP}} cinder::wsgi::apache::ssl: false cinder::wsgi::apache::workers: "%{::os_workers}" # HAproxy tripleo::profile::base::haproxy::step: 1 tripleo::haproxy::haproxy_stats_password: {{UNDERCLOUD_HAPROXY_STATS_PASSWORD}} tripleo::haproxy::controller_virtual_ip: "%{hiera('controller_admin_host')}" tripleo::haproxy::controller_hosts: "%{hiera('controller_host')}" tripleo::haproxy::public_virtual_ip: "%{hiera('controller_public_host')}" tripleo::haproxy::public_virtual_interface: 'br-ctlplane' tripleo::haproxy::keystone_admin: true tripleo::haproxy::keystone_public: true tripleo::haproxy::neutron: true tripleo::haproxy::glance_api: true tripleo::haproxy::glance_registry: true tripleo::haproxy::nova_osapi: true tripleo::haproxy::nova_placement: true tripleo::haproxy::nova_metadata: true tripleo::haproxy::swift_proxy_server: true tripleo::haproxy::heat_api: true tripleo::haproxy::ceilometer: "%{hiera('enable_telemetry')}" tripleo::haproxy::aodh: "%{hiera('enable_telemetry')}" tripleo::haproxy::gnocchi: "%{hiera('enable_telemetry')}" tripleo::haproxy::panko: "%{hiera('enable_telemetry')}" tripleo::haproxy::ironic: true tripleo::haproxy::ironic_inspector: true tripleo::haproxy::rabbitmq: true tripleo::haproxy::mistral: true tripleo::haproxy::zaqar_api: true tripleo::haproxy::zaqar_ws: true tripleo::haproxy::docker_registry: true # Docker tripleo::profile::base::docker::step: 1 {{#DOCKER_REGISTRY_MIRROR}} tripleo::profile::base::docker::registry_mirror: {{DOCKER_REGISTRY_MIRROR}} {{/DOCKER_REGISTRY_MIRROR}} # Keepalived tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}" tripleo::keepalived::control_virtual_interface: 'br-ctlplane' tripleo::keepalived::public_virtual_ip: "%{hiera('controller_public_host')}" tripleo::keepalived::public_virtual_interface: 'br-ctlplane' tripleo::keepalived::virtual_router_id_base: 40 # UI keystone::cors::allowed_origin: '*' ironic::cors::allowed_origin: '*' ironic::cors::max_age: 3600 ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS' ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' ironic::inspector::cors::allowed_origin: '*' ironic::inspector::cors::max_age: 3600 ironic::inspector::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS' ironic::inspector::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' ironic::inspector::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' heat::cors::allowed_origin: '*' heat::cors::max_age: 3600 heat::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' heat::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' mistral::cors::allowed_origin: '*' mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' swift::proxy::cors_allow_origin: '*' tripleo::ui::endpoint_proxy_zaqar: {{UNDERCLOUD_ENDPOINT_ZAQAR_UI_PROXY_INTERNAL}} tripleo::ui::endpoint_proxy_keystone: {{UNDERCLOUD_ENDPOINT_KEYSTONE_INTERNAL}} tripleo::ui::endpoint_proxy_heat: {{UNDERCLOUD_ENDPOINT_HEAT_UI_PROXY_INTERNAL}} tripleo::ui::endpoint_proxy_ironic: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}} tripleo::ui::endpoint_proxy_ironic_inspector: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_INTERNAL}} tripleo::ui::endpoint_proxy_mistral: {{UNDERCLOUD_ENDPOINT_MISTRAL_UI_PROXY_INTERNAL}} tripleo::ui::endpoint_proxy_swift: {{UNDERCLOUD_ENDPOINT_SWIFT_UI_PROXY_INTERNAL}} tripleo::ui::endpoint_config_zaqar: {{UNDERCLOUD_ENDPOINT_ZAQAR_UI_CONFIG_PUBLIC}} tripleo::ui::endpoint_config_keystone: {{UNDERCLOUD_ENDPOINT_KEYSTONE_UI_CONFIG_PUBLIC}} tripleo::ui::endpoint_config_heat: {{UNDERCLOUD_ENDPOINT_HEAT_UI_CONFIG_PUBLIC}} tripleo::ui::endpoint_config_ironic: {{UNDERCLOUD_ENDPOINT_IRONIC_UI_CONFIG_PUBLIC}} tripleo::ui::endpoint_config_ironic_inspector: {{UNDERCLOUD_ENDPOINT_IRONIC_UI_CONFIG_PUBLIC}} tripleo::ui::endpoint_config_mistral: {{UNDERCLOUD_ENDPOINT_MISTRAL_UI_CONFIG_PUBLIC}} tripleo::ui::endpoint_config_swift: {{UNDERCLOUD_ENDPOINT_SWIFT_UI_CONFIG_PUBLIC}} # service tenant ceilometer::keystone::authtoken::project_name: 'service' aodh::keystone::authtoken::project_name: 'service' gnocchi::keystone::authtoken::project_name: 'service' cinder::keystone::authtoken::project_name: 'service' heat::keystone::authtoken::project_name: 'service' glance::api::authtoken::project_name: 'service' glance::registry::authtoken::project_name: 'service' ironic::api::authtoken::project_name: 'service' ironic::drivers::inspector::project_name: 'service' ironic::glance::project_name: 'service' ironic::neutron::project_name: 'service' ironic::service_catalog::project_name: 'service' ironic::swift::project_name: 'service' nova::keystone::authtoken::project_name: 'service' swift::proxy::authtoken::project_name: 'service' mistral::keystone_tenant: 'service' swift::proxy::workers: "%{::os_workers}" # Options enable_tempest: {{ENABLE_TEMPEST}} enable_validations: {{ENABLE_VALIDATIONS}} enable_telemetry: {{ENABLE_TELEMETRY}} enable_legacy_ceilometer_api: {{ENABLE_LEGACY_CEILOMETER_API}} enable_legacy_ceilometer_collector: {{ENABLE_LEGACY_CEILOMETER_COLLECTOR}} enable_ui: {{ENABLE_UI}} enable_cinder: {{ENABLE_CINDER}} enable_container_images_build: {{ENABLE_CONTAINER_IMAGES_BUILD}} # Path to install configuration files tripleo_install_user: {{TRIPLEO_INSTALL_USER}} tripleo_undercloud_conf_file: {{TRIPLEO_UNDERCLOUD_CONF_FILE}} tripleo_undercloud_password_file: {{TRIPLEO_UNDERCLOUD_PASSWORD_FILE}} # Novajoin {{#ENABLE_NOVAJOIN}} novajoin_listen_port: 9090 nova::metadata::novajoin::api::bind_address: "{{LOCAL_IP}}" nova::metadata::novajoin::api::join_listen_port: "%{hiera('novajoin_listen_port')}" nova::metadata::novajoin::api::keystone_auth_url: "%{hiera('keystone_auth_uri')}" nova::metadata::novajoin::api::service_password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}} nova::metadata::novajoin::api::transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//" nova::metadata::novajoin::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" nova::metadata::novajoin::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" nova::metadata::novajoin::authtoken::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}} nova::metadata::novajoin::authtoken::project_name: 'service' nova::metadata::novajoin::auth::tenant: 'service' nova::metadata::novajoin::auth::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}} nova::metadata::novajoin::auth::region: "%{hiera('keystone_region')}" ipaclient::password: {{IPA_OTP}} ipaclient::hostname: {{UNDERCLOUD_HOSTNAME}} enable_novajoin: true nova::api::vendordata_jsonfile_path: '/etc/novajoin/cloud-config-novajoin.json' nova::api::vendordata_providers: ['StaticJSON', 'DynamicJSON'] nova::api::vendordata_dynamic_targets: ["join@http://{{LOCAL_IP}}:%{hiera('novajoin_listen_port')}/v1/"] nova::api::vendordata_dynamic_failure_fatal: true nova::api::vendordata_dynamic_auth_auth_type: 'password' nova::api::vendordata_dynamic_auth_auth_url: "%{hiera('keystone_auth_uri')}" nova::api::vendordata_dynamic_auth_os_region_name: "%{hiera('keystone_region')}" nova::api::vendordata_dynamic_auth_username: 'nova' nova::api::vendordata_dynamic_auth_project_name: 'service' nova::api::vendordata_dynamic_auth_project_domain_name: 'Default' nova::api::vendordata_dynamic_auth_user_domain_name: 'Default' nova::api::vendordata_dynamic_auth_password: {{UNDERCLOUD_NOVA_PASSWORD}} nova::notification_topics: ['notifications', 'novajoin_notifications'] nova::notify_on_state_change: 'vm_state' {{/ENABLE_NOVAJOIN}} # Firewall tripleo::firewall::manage_firewall: true tripleo::firewall::firewall_rules: '105 ntp': dport: 123 proto: udp '106 vrrp': proto: vrrp '107 haproxy stats': dport: 1993 '108 redis': dport: - 6379 - 26379 '110 ceph': dport: - 6789 - '6800-6810' '111 keystone': dport: - 5000 - 13000 - 35357 - 13357 '112 glance': dport: - 9292 - 9191 - 13292 '113 nova': dport: - 6080 - 13080 - 8773 - 13773 - 8774 - 13774 - 8778 - 13778 - 8775 - 13775 '114 neutron server': dport: - 9696 - 13696 '115 neutron dhcp input': proto: 'udp' dport: 67 '116 neutron dhcp output': proto: 'udp' chain: 'OUTPUT' dport: 68 '118 neutron vxlan networks': proto: 'udp' dport: 4789 '119 cinder': dport: - 8776 - 13776 '120 iscsi initiator': dport: 3260 '121 memcached': dport: 11211 '122 swift proxy': dport: - 8080 - 13808 '123 swift storage': dport: - 873 - 6000 - 6001 - 6002 '124 ceilometer': dport: - 8777 - 13777 '125 heat': dport: - 8000 - 13800 - 8003 - 13003 - 8004 - 13004 '126 horizon': dport: - 80 - 443 '127 snmp': dport: 161 proto: 'udp' '128 aodh': dport: - 8042 - 13042 '129 gnocchi-api': dport: - 8041 - 13041 '130 tftp': dport: 69 proto: udp '131 novnc': dport: 5900-5999 proto: tcp '132 mistral': dport: - 8989 - 13989 '133 zaqar': dport: - 8888 - 13888 '134 zaqar websockets': dport: 9000 '135 ironic': dport: - 6385 - 13385 '136 trove': dport: - 8779 - 13779 '137 ironic-inspector': dport: 5050 '138 docker registry': dport: - 8787 - 13787 '139 apache vhost': dport: "%{hiera('ironic_ipxe_port')}" '140 network cidr nat': chain: FORWARD destination: {{NETWORK_CIDR}} '142 tripleo-ui': dport: - 3000 - 443 '143 panko-api': dport: - 8779 - 13779