A utility to run diskimage-builder undercloud elements on a running host
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

puppet-stack-config.yaml.template 44KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980
  1. keystone_identity_uri: {{UNDERCLOUD_ENDPOINT_KEYSTONE_ADMIN}}
  2. keystone_auth_uri: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}/v3
  3. keystone_region: 'regionOne'
  4. keystone_default_domain: 'Default'
  5. debug: {{UNDERCLOUD_DEBUG}}
  6. controller_host: {{LOCAL_IP}} #local-ipv4
  7. controller_admin_host: {{UNDERCLOUD_ADMIN_HOST}}
  8. controller_public_host: {{UNDERCLOUD_PUBLIC_HOST}}
  9. ntp::servers: {{UNDERCLOUD_NTP_SERVERS}}
  10. sysctl_settings: {{SYSCTL_SETTINGS}}
  11. # SSL
  12. tripleo::haproxy::service_certificate: {{UNDERCLOUD_SERVICE_CERTIFICATE}}
  13. generate_service_certificates: {{GENERATE_SERVICE_CERTIFICATE}}
  14. tripleo::profile::base::haproxy::certificates_specs:
  15. undercloud-haproxy-public:
  16. service_pem: {{UNDERCLOUD_SERVICE_CERTIFICATE}}
  17. service_certificate: '/etc/pki/tls/certs/undercloud-front.crt'
  18. service_key: '/etc/pki/tls/private/undercloud-front.key'
  19. hostname: "%{hiera('controller_public_host')}"
  20. postsave_cmd: "/usr/bin/instack-haproxy-cert-update '/etc/pki/tls/certs/undercloud-front.crt' '/etc/pki/tls/private/undercloud-front.key' {{UNDERCLOUD_SERVICE_CERTIFICATE}} undercloud-haproxy-public-cert"
  21. principal: {{SERVICE_PRINCIPAL}}
  22. # CA defaults
  23. certmonger_ca: {{CERTIFICATE_GENERATION_CA}}
  24. # Common Hiera data gets applied to all nodes
  25. ssh::server::storeconfigs_enabled: false
  26. # memcached
  27. memcached::max_memory: '50%'
  28. # Apache
  29. apache::server_signature: 'Off'
  30. apache::server_tokens: 'Prod'
  31. # ceilometer settings used by compute and controller ceilo auth settings
  32. ceilometer::agent::auth::auth_region: "%{hiera('keystone_region')}"
  33. aodh::auth::auth_region: "%{hiera('keystone_region')}"
  34. ceilometer::agent::auth::auth_tenant_name: 'service'
  35. aodh::auth::auth_tenant_name: 'service'
  36. ceilometer::agent::auth::auth_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
  37. aodh::auth::auth_url: "%{hiera('keystone_auth_uri')}"
  38. # Swift
  39. swift::proxy::proxy_local_net_ip: {{LOCAL_IP}}
  40. swift::proxy::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  41. swift::proxy::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  42. swift::proxy::node_timeout: 60
  43. swift::proxy::workers: "%{::os_workers}"
  44. swift::proxy::log_facility: LOG_LOCAL2
  45. swift::storage::all::storage_local_net_ip: {{LOCAL_IP}}
  46. swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
  47. swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
  48. swift::swift_hash_path_suffix: {{UNDERCLOUD_SWIFT_HASH_SUFFIX}}
  49. swift::proxy::account_autocreate: true
  50. swift::proxy::authtoken::password: {{UNDERCLOUD_SWIFT_PASSWORD}}
  51. swift::keystone::auth::tenant: 'service'
  52. swift::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_SWIFT_PUBLIC}}
  53. swift::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_SWIFT_INTERNAL}}
  54. swift::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_SWIFT_ADMIN}}
  55. swift::keystone::auth::password: {{UNDERCLOUD_SWIFT_PASSWORD}}
  56. swift::keystone::auth::region: "%{hiera('keystone_region')}"
  57. swift::keystone::auth::configure_s3_endpoint: false
  58. swift::keystone::auth::operator_roles:
  59. - admin
  60. - swiftoperator
  61. swift_mount_check: false
  62. swift::ringbuilder::replicas: 1
  63. swift::ringbuilder::part_power: 10
  64. swift::ringbuilder::min_part_hours: 1
  65. swift::proxy::pipeline:
  66. - 'catch_errors'
  67. - 'healthcheck'
  68. - 'proxy-logging'
  69. - 'cache'
  70. - 'ratelimit'
  71. - 'bulk'
  72. - 'tempurl'
  73. - 'formpost'
  74. - 'authtoken'
  75. - 'keystone'
  76. - 'staticweb'
  77. - 'proxy-logging'
  78. - 'proxy-server'
  79. # Glance
  80. glance::api::debug: "%{hiera('debug')}"
  81. glance::api::bind_port: 9292
  82. glance::api::bind_host: {{LOCAL_IP}}
  83. glance::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  84. glance::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  85. glance::api::registry_host: {{LOCAL_IP}}
  86. glance::api::authtoken::password: {{UNDERCLOUD_GLANCE_PASSWORD}}
  87. glance::api::workers: "%{::os_workers}"
  88. glance::api::stores:
  89. - glance.store.filesystem.Store
  90. - glance.store.swift.Store
  91. glance::api::default_store: 'glance.store.swift.Store'
  92. glance::api::pipeline: 'keystone'
  93. # used to construct glance_api_servers
  94. glance_log_file: ''
  95. glance::api::database_connection: mysql+pymysql://glance:{{UNDERCLOUD_GLANCE_PASSWORD}}@{{LOCAL_IP}}/glance
  96. glance::api::enable_v1_api: false
  97. glance::api::enable_v2_api: true
  98. glance::keystone::auth::tenant: 'service'
  99. glance::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_GLANCE_PUBLIC}}
  100. glance::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
  101. glance::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_GLANCE_ADMIN}}
  102. glance::keystone::auth::password: {{UNDERCLOUD_GLANCE_PASSWORD}}
  103. glance::keystone::auth::region: "%{hiera('keystone_region')}"
  104. glance::backend::swift::swift_store_auth_address: "%{hiera('keystone_auth_uri')}"
  105. glance::backend::swift::swift_store_auth_version: 3
  106. glance::backend::swift::swift_store_user: service:glance
  107. glance::backend::swift::swift_store_key: {{UNDERCLOUD_GLANCE_PASSWORD}}
  108. glance::backend::swift::swift_store_create_container_on_put: true
  109. glance::notify::rabbitmq::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  110. glance::notify::rabbitmq::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  111. glance::notify::rabbitmq::rabbit_host: {{LOCAL_IP}}
  112. glance::registry::debug: "%{hiera('debug')}"
  113. # Heat
  114. heat::debug: "%{hiera('debug')}"
  115. heat_stack_domain_admin_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}}
  116. heat::engine::configure_delegated_roles: false
  117. heat::engine::heat_stack_user_role: 'heat_stack_user'
  118. heat::engine::heat_watch_server_url: http://{{LOCAL_IP}}:8003
  119. heat::engine::heat_metadata_server_url: http://{{LOCAL_IP}}:8000
  120. heat::engine::heat_waitcondition_server_url: http://{{LOCAL_IP}}:8000/v1/waitcondition
  121. heat::engine::reauthentication_auth_method: 'trusts'
  122. heat::engine::trusts_delegated_roles: []
  123. heat::engine::auth_encryption_key: {{UNDERCLOUD_HEAT_ENCRYPTION_KEY}}
  124. heat::engine::max_resources_per_stack: -1
  125. heat::engine::convergence_engine: false
  126. # NOTE(trown): We need to give heat engine more workers because we are throwing huge
  127. # nested stacks at it for the deploy. By not setting this, we get the heat default,
  128. # which is max(#CPUs,4).
  129. #heat::engine::num_engine_workers:
  130. heat::engine::max_nested_stack_depth: 7
  131. heat::instance_user: heat-admin
  132. heat::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  133. heat::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  134. heat::rabbit_host: {{LOCAL_IP}}
  135. heat::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  136. heat::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  137. heat::keystone::authtoken::password: {{UNDERCLOUD_HEAT_PASSWORD}}
  138. heat::keystone::domain::domain_name: 'heat_stack'
  139. heat::keystone::domain::domain_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}}
  140. heat::api::bind_host: {{LOCAL_IP}}
  141. heat::api::workers: "%{::os_workers}"
  142. heat::api::service_name: 'httpd'
  143. heat::api_cfn::bind_host: {{LOCAL_IP}}
  144. heat::api_cfn::workers: "%{::os_workers}"
  145. heat::api_cfn::service_name: 'httpd'
  146. heat::wsgi::apache_api::ssl: false
  147. heat::wsgi::apache_api::bind_host: {{LOCAL_IP}}
  148. heat::wsgi::apache_api::workers: "%{hiera('heat::api::workers')}"
  149. heat::wsgi::apache_api_cfn::ssl: false
  150. heat::wsgi::apache_api_cfn::bind_host: {{LOCAL_IP}}
  151. heat::wsgi::apache_api_cfn::workers: "%{hiera('heat::api_cfn::workers')}"
  152. heat::database_connection: mysql+pymysql://heat:{{UNDERCLOUD_HEAT_PASSWORD}}@{{LOCAL_IP}}/heat
  153. heat_dsn: mysql+pymysql://heat:{{UNDERCLOUD_HEAT_PASSWORD}}@{{LOCAL_IP}}/heat
  154. heat::rpc_response_timeout: 600
  155. heat::keystone::auth::tenant: 'service'
  156. heat::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_PUBLIC}}
  157. heat::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_INTERNAL}}
  158. heat::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_ADMIN}}
  159. heat::keystone::auth::password: {{UNDERCLOUD_HEAT_PASSWORD}}
  160. heat::keystone::auth::region: "%{hiera('keystone_region')}"
  161. heat::keystone::auth_cfn::tenant: 'service'
  162. heat::keystone::auth_cfn::region: "%{hiera('keystone_region')}"
  163. heat::keystone::auth_cfn::password: {{UNDERCLOUD_HEAT_CFN_PASSWORD}}
  164. heat::keystone::auth_cfn::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_PUBLIC}}
  165. heat::keystone::auth_cfn::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_INTERNAL}}
  166. heat::keystone::auth_cfn::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_ADMIN}}
  167. heat::cron::purge_deleted::age: 1
  168. heat::cron::purge_deleted::age_type: 'days'
  169. heat::cron::purge_deleted::destination: '/dev/null'
  170. heat::notification_driver: 'messaging'
  171. heat::yaql_memory_quota: 100000
  172. heat::yaql_limit_iterators: 1000
  173. heat::max_json_body_size: 2097152
  174. # Keystone
  175. keystone::debug: "%{hiera('debug')}"
  176. keystone::admin_token: {{UNDERCLOUD_ADMIN_TOKEN}}
  177. keystone::admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}}
  178. keystone::admin_workers: "%{::os_workers}"
  179. keystone::public_workers: "%{::os_workers}"
  180. keystone::public_bind_host: {{LOCAL_IP}}
  181. keystone::admin_bind_host: {{LOCAL_IP}}
  182. keystone::public_endpoint: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
  183. keystone::service_name: 'httpd'
  184. keystone_ca_certificate: '{{KEYSTONE_CA_CERTIFICATE}}'
  185. keystone_signing_key: '{{KEYSTONE_SIGNING_KEY}}'
  186. keystone_signing_certificate: '{{KEYSTONE_SIGNING_CERTIFICATE}}'
  187. keystone::database_connection: mysql+pymysql://keystone:{{UNDERCLOUD_ADMIN_TOKEN}}@{{LOCAL_IP}}/keystone
  188. keystone::cron::token_flush::destination: '/dev/null'
  189. keystone::roles::admin::password: {{UNDERCLOUD_ADMIN_PASSWORD}}
  190. keystone::roles::admin::email: 'root@localhost'
  191. keystone::roles::admin::admin_tenant: 'admin'
  192. keystone::roles::admin::service_tenant: 'service'
  193. keystone::token_expiration: 14400
  194. keystone::endpoint::public_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
  195. keystone::endpoint::internal_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_INTERNAL}}
  196. keystone::endpoint::admin_url: "%{hiera('keystone_identity_uri')}"
  197. keystone::endpoint::region: "%{hiera('keystone_region')}"
  198. keystone::endpoint::version: ''
  199. keystone::wsgi::apache::ssl: false
  200. keystone::wsgi::apache::bind_host: {{LOCAL_IP}}
  201. keystone::notification_driver: messaging
  202. keystone::notification_topics: notifications
  203. keystone::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  204. keystone::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  205. keystone::rabbit_host: {{LOCAL_IP}}
  206. keystone::enable_credential_setup: true
  207. keystone::fernet_max_active_keys: 2
  208. # MySQL
  209. admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}}
  210. enable_galera: true
  211. mysql_max_connections: '4096'
  212. tripleo::profile::base::database::mysql::step: 2
  213. tripleo::profile::base::database::mysql::manage_resources: true
  214. tripleo::profile::base::database::mysql::remove_default_accounts: true
  215. tripleo::profile::base::database::mysql::mysql_server_options:
  216. 'mysqld':
  217. bind-address: "%{hiera('controller_host')}"
  218. innodb_file_per_table: 'ON'
  219. mysql::server::restart: true
  220. # Neutron
  221. neutron::debug: "%{hiera('debug')}"
  222. neutron::bind_host: {{LOCAL_IP}}
  223. neutron::core_plugin: ml2
  224. neutron::dhcp_agents_per_network: 2
  225. neutron::dns_domain: ''
  226. neutron::server::api_workers: "%{::os_workers}"
  227. neutron::server::rpc_workers: "%{::os_workers}"
  228. neutron::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  229. neutron::rabbit_user: {{UNDERCLOUD_RABBIT_USERNAME}}
  230. neutron::keystone::authtoken::project_name: "%{hiera('neutron::keystone::auth::tenant')}"
  231. neutron::server::notifications::project_name: "%{hiera('neutron::keystone::auth::tenant')}"
  232. neutron::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  233. neutron::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  234. neutron::server::database_connection: mysql+pymysql://neutron:{{UNDERCLOUD_NEUTRON_PASSWORD}}@{{LOCAL_IP}}/neutron
  235. neutron::server::sync_db: true
  236. neutron::agents::ml2::ovs::local_ip: {{LOCAL_IP}}
  237. neutron::plugins::ml2::mechanism_drivers: ['openvswitch']
  238. neutron_bridge_mappings: ctlplane:br-ctlplane
  239. neutron_public_interface: {{LOCAL_INTERFACE}}
  240. neutron_physical_bridge: br-ctlplane
  241. neutron::keystone::authtoken::password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
  242. neutron::agents::metadata::auth_password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
  243. neutron::agents::metadata::metadata_workers: "%{::os_workers}"
  244. neutron::quota::quota_port: -1
  245. neutron::server::notifications::auth_url: "%{hiera('keystone_auth_uri')}"
  246. neutron::server::notifications::tenant_name: service
  247. neutron::server::notifications::password: {{UNDERCLOUD_NOVA_PASSWORD}}
  248. neutron::keystone::auth::tenant: 'service'
  249. neutron::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}}
  250. neutron::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_INTERNAL}}
  251. neutron::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_ADMIN}}
  252. neutron::keystone::auth::password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
  253. neutron::keystone::auth::region: "%{hiera('keystone_region')}"
  254. neutron::plugins::ml2::extension_drivers: 'port_security'
  255. # Ceilometer
  256. ceilometer::debug: "%{hiera('debug')}"
  257. ceilometer::expirer::time_to_live: undef
  258. ceilometer::metering_secret: {{UNDERCLOUD_CEILOMETER_METERING_SECRET}}
  259. ceilometer::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  260. ceilometer::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  261. ceilometer::rabbit_host: {{LOCAL_IP}}
  262. ceilometer::api::host: {{LOCAL_IP}}
  263. ceilometer::api::service_name: 'httpd'
  264. ceilometer::wsgi::apache::ssl: false
  265. ceilometer::wsgi::apache::bind_host: {{LOCAL_IP}}
  266. ceilometer::keystone::authtoken::password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
  267. ceilometer::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  268. ceilometer::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  269. ceilometer::db::database_connection: mysql+pymysql://ceilometer:{{UNDERCLOUD_CEILOMETER_PASSWORD}}@{{LOCAL_IP}}/ceilometer
  270. ceilometer::agent::auth::auth_password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
  271. ceilometer_compute_agent: ''
  272. ceilometer::snmpd_readonly_username: {{UNDERCLOUD_CEILOMETER_SNMPD_USER}}
  273. ceilometer::snmpd_readonly_user_password: {{UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD}}
  274. ceilometer::keystone::auth::tenant: 'service'
  275. ceilometer::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_PUBLIC}}
  276. ceilometer::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_INTERNAL}}
  277. ceilometer::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_ADMIN}}
  278. ceilometer::keystone::auth::password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
  279. ceilometer::keystone::auth::region: "%{hiera('keystone_region')}"
  280. # gnocchi dispatcher config
  281. ceilometer::collector::meter_dispatcher: 'gnocchi'
  282. ceilometer::dispatcher::gnocchi::url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_INTERNAL}}
  283. ceilometer::dispatcher::gnocchi::filter_project: 'service'
  284. ceilometer::dispatcher::gnocchi::archive_policy: 'low'
  285. ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
  286. # events dispatcher config
  287. ceilometer::collector::event_dispatcher: ['panko', 'gnocchi']
  288. # Aodh
  289. aodh::debug: "%{hiera('debug')}"
  290. aodh::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  291. aodh::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  292. aodh::rabbit_host: {{LOCAL_IP}}
  293. aodh::api::host: {{LOCAL_IP}}
  294. aodh::keystone::authtoken::password: {{UNDERCLOUD_AODH_PASSWORD}}
  295. aodh::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  296. aodh::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  297. aodh::api::service_name: 'httpd'
  298. aodh::wsgi::apache::ssl: false
  299. aodh::wsgi::apache::bind_host: {{LOCAL_IP}}
  300. aodh::db::database_connection: mysql+pymysql://aodh:{{UNDERCLOUD_AODH_PASSWORD}}@{{LOCAL_IP}}/aodh
  301. aodh::auth::auth_password: {{UNDERCLOUD_AODH_PASSWORD}}
  302. aodh::keystone::auth::tenant: 'service'
  303. aodh::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_AODH_PUBLIC}}
  304. aodh::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_AODH_INTERNAL}}
  305. aodh::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_AODH_ADMIN}}
  306. aodh::keystone::auth::password: {{UNDERCLOUD_AODH_PASSWORD}}
  307. aodh::keystone::auth::region: "%{hiera('keystone_region')}"
  308. # Gnocchi
  309. gnocchi::debug: "%{hiera('debug')}"
  310. gnocchi_backend: 'file'
  311. gnocchi::wsgi::apache::ssl: false
  312. gnocchi::wsgi::apache::bind_host: {{LOCAL_IP}}
  313. gnocchi::api::service_name: 'httpd'
  314. gnocchi::api::host: {{LOCAL_IP}}
  315. gnocchi::keystone::authtoken::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
  316. gnocchi::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  317. gnocchi::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  318. gnocchi::keystone::auth::tenant: 'service'
  319. gnocchi::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_PUBLIC}}
  320. gnocchi::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_INTERNAL}}
  321. gnocchi::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_ADMIN}}
  322. gnocchi::keystone::auth::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
  323. gnocchi::keystone::auth::region: "%{hiera('keystone_region')}"
  324. gnocchi::db::mysql::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
  325. gnocchi::db::database_connection: mysql+pymysql://gnocchi:{{UNDERCLOUD_GNOCCHI_PASSWORD}}@{{LOCAL_IP}}/gnocchi
  326. gnocchi::storage::swift::swift_user: 'service:gnocchi'
  327. gnocchi::storage::swift::swift_auth_version: 2
  328. gnocchi::storage::swift::swift_authurl: "%{hiera('keystone_auth_uri')}"
  329. gnocchi::storage::swift::swift_key: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
  330. #Gnocchi statsd
  331. gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26'
  332. gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3'
  333. gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
  334. gnocchi::statsd::flush_delay: 10
  335. gnocchi::statsd::archive_policy_name: 'low'
  336. gnocchi_healthcheck_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_PUBLIC}}/healthcheck
  337. # Panko
  338. panko::logging::debug: "%{hiera('debug')}"
  339. panko::wsgi::apache::ssl: false
  340. panko::wsgi::apache::bind_host: {{LOCAL_IP}}
  341. panko::api::service_name: 'httpd'
  342. panko::api::host: {{LOCAL_IP}}
  343. panko::db::mysql::password: {{UNDERCLOUD_PANKO_PASSWORD}}
  344. panko::db::database_connection: mysql+pymysql://panko:{{UNDERCLOUD_PANKO_PASSWORD}}@{{LOCAL_IP}}/panko
  345. panko::keystone::authtoken::password: {{UNDERCLOUD_PANKO_PASSWORD}}
  346. panko::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  347. panko::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  348. panko::keystone::auth::tenant: 'service'
  349. panko::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_PANKO_PUBLIC}}
  350. panko::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_PANKO_INTERNAL}}
  351. panko::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_PANKO_ADMIN}}
  352. panko::keystone::auth::password: {{UNDERCLOUD_PANKO_PASSWORD}}
  353. panko::keystone::auth::region: "%{hiera('keystone_region')}"
  354. panko::keystone::authtoken::project_name: 'service'
  355. # Nova
  356. nova::debug: "%{hiera('debug')}"
  357. nova::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
  358. nova::notification_driver: messaging
  359. nova::rpc_response_timeout: '600'
  360. nova::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  361. nova::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  362. nova::api::api_bind_address: {{LOCAL_IP}}
  363. nova::api::enabled: true
  364. nova::api::metadata_listen: {{LOCAL_IP}}
  365. nova::keystone::authtoken::password: {{UNDERCLOUD_NOVA_PASSWORD}}
  366. nova::api::enabled_apis:
  367. - osapi_compute
  368. - metadata
  369. nova::api::sync_db_api: true
  370. nova::api::osapi_compute_workers: "%{::os_workers}"
  371. nova::api::metadata_workers: "%{::os_workers}"
  372. nova::wsgi::apache_placement::ssl: false
  373. nova::wsgi::apache_placement::bind_host: {{LOCAL_IP}}
  374. nova::wsgi::apache_placement::api_port: '8778'
  375. nova::placement::auth_url: "%{hiera('keystone_identity_uri')}"
  376. nova::placement::password: {{UNDERCLOUD_NOVA_PASSWORD}}
  377. nova::placement::project_name: 'service'
  378. nova::placement::os_region_name: "%{hiera('keystone_region')}"
  379. nova::conductor::enabled: true
  380. nova::conductor::workers: "%{::os_workers}"
  381. nova::database_connection: mysql+pymysql://nova:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP}}/nova
  382. nova::api_database_connection: mysql+pymysql://nova_api:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP}}/nova_api
  383. nova::placement_database_connection: mysql+pymysql://nova_placement:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP}}/nova_placement
  384. nova::notify_on_state_change: 'vm_and_task_state'
  385. nova::scheduler::enabled: true
  386. nova::network::neutron::dhcp_domain: ''
  387. nova::compute::force_config_drive: true
  388. nova::compute::reserved_host_memory: '0'
  389. nova::compute::vnc_enabled: false
  390. nova::compute::instance_usage_audit: true
  391. nova::compute::instance_usage_audit_period: 'hour'
  392. nova::cron::archive_deleted_rows::destination: '/dev/null'
  393. nova_sync_power_state_interval: -1
  394. nova::ironic::common::username: 'ironic'
  395. nova::ironic::common::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  396. nova::ironic::common::project_name: 'service'
  397. nova::ironic::common::api_endpoint: "{{UNDERCLOUD_ENDPOINT_IRONIC_PUBLIC}}/v1"
  398. nova::ironic::common::auth_url: "%{hiera('keystone_identity_uri')}"
  399. nova::network::neutron::neutron_auth_url: "%{hiera('keystone_auth_uri')}"
  400. nova::network::neutron::neutron_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}}
  401. nova::network::neutron::neutron_password: "%{hiera('neutron::keystone::authtoken::password')}"
  402. nova::network::neutron::neutron_project_name: "%{hiera('neutron::keystone::auth::tenant')}"
  403. nova::network::neutron::neutron_region_name: ''
  404. nova::ram_allocation_ratio: '1.0'
  405. nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager'
  406. nova::scheduler::filter::scheduler_max_attempts: {{SCHEDULER_MAX_ATTEMPTS}}
  407. nova::scheduler::filter::scheduler_available_filters: ['tripleo_common.filters.list.tripleo_filters']
  408. nova::scheduler::filter::scheduler_default_filters: ['RetryFilter', 'TripleOCapabilitiesFilter', 'ComputeCapabilitiesFilter', 'AvailabilityZoneFilter', 'RamFilter', 'DiskFilter', 'ComputeFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter']
  409. nova::keystone::auth::tenant: 'service'
  410. nova::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_NOVA_PUBLIC}}
  411. nova::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_NOVA_INTERNAL}}
  412. nova::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_NOVA_ADMIN}}
  413. nova::keystone::auth::password: {{UNDERCLOUD_NOVA_PASSWORD}}
  414. nova::keystone::auth::region: "%{hiera('keystone_region')}"
  415. nova::keystone::auth::configure_ec2_endpoint: false
  416. nova::keystone::auth_placement::tenant: 'service'
  417. nova::keystone::auth_placement::public_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_PUBLIC}}
  418. nova::keystone::auth_placement::internal_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_INTERNAL}}
  419. nova::keystone::auth_placement::admin_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_ADMIN}}
  420. nova::keystone::auth_placement::password: {{UNDERCLOUD_NOVA_PASSWORD}}
  421. nova::keystone::auth_placement::region: "%{hiera('keystone_region')}"
  422. nova::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
  423. # NOTE(aschultz): raise upper limit on nova DB syncs for undercloud only.
  424. # There is no way this should take 15 minutes and if it does we now have way
  425. # different problems. But rather than block undercloud installs let's increase
  426. # the timeout for these actions. See LP#1661396 for more details.
  427. nova::db::sync::db_sync_timeout: 900
  428. nova::db::sync_api::db_sync_timeout: 900
  429. # Ironic
  430. ironic::debug: "%{hiera('debug')}"
  431. ironic::my_ip: {{LOCAL_IP}}
  432. ironic::rpc_response_timeout: 600
  433. ironic::api::authtoken::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  434. ironic::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  435. ironic::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  436. ironic::api::host_ip: {{LOCAL_IP}}
  437. ironic::api::service_name: 'httpd'
  438. ironic::api::workers: "%{::os_workers}"
  439. ironic::wsgi::apache::ssl: false
  440. ironic::wsgi::apache::bind_host: {{LOCAL_IP}}
  441. ironic::database_connection: mysql+pymysql://ironic:{{UNDERCLOUD_IRONIC_PASSWORD}}@{{LOCAL_IP}}/ironic
  442. ironic::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
  443. ironic::drivers::inspector::enabled: true
  444. ironic::drivers::inspector::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  445. ironic::drivers::inspector::auth_url: "%{hiera('keystone_identity_uri')}"
  446. ironic::glance::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  447. ironic::glance::auth_url: "%{hiera('keystone_identity_uri')}"
  448. ironic::neutron::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  449. ironic::neutron::auth_url: "%{hiera('keystone_identity_uri')}"
  450. ironic::service_catalog::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  451. ironic::service_catalog::auth_url: "%{hiera('keystone_identity_uri')}"
  452. ironic::swift::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  453. ironic::swift::auth_url: "%{hiera('keystone_identity_uri')}"
  454. # Ironic conductor forces deployments to use http
  455. # https://bugs.launchpad.net/tripleo/+bug/1613088
  456. ironic::conductor::api_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
  457. ironic::conductor::force_power_state_during_sync: false
  458. ironic::conductor::automated_clean: {{CLEAN_NODES}}
  459. ironic::conductor::cleaning_disk_erase: 'metadata'
  460. ironic::conductor::cleaning_network: 'ctlplane'
  461. ironic::conductor::provisioning_network: 'ctlplane'
  462. ironic::conductor::default_boot_option: 'local'
  463. ironic::conductor::enabled_drivers: {{ENABLED_DRIVERS}}
  464. ironic::conductor::enabled_hardware_types: {{ENABLED_HARDWARE_TYPES}}
  465. ironic::drivers::interfaces::default_inspect_interface: inspector
  466. ironic::drivers::interfaces::enabled_console_interfaces: ['no-console', 'ipmitool-socat']
  467. ironic::drivers::interfaces::enabled_inspect_interfaces: ['no-inspect', 'inspector']
  468. ironic::drivers::interfaces::enabled_management_interfaces: {{ENABLED_MANAGEMENT_INTERFACES}}
  469. ironic::drivers::interfaces::enabled_power_interfaces: {{ENABLED_POWER_INTERFACES}}
  470. ironic::keystone::auth::tenant: 'service'
  471. ironic::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_IRONIC_PUBLIC}}
  472. ironic::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
  473. ironic::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_IRONIC_ADMIN}}
  474. ironic::keystone::auth::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  475. ironic::keystone::auth::region: "%{hiera('keystone_region')}"
  476. ironic::keystone::auth_inspector::tenant: 'service'
  477. ironic::keystone::auth_inspector::public_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_PUBLIC}}
  478. ironic::keystone::auth_inspector::internal_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_INTERNAL}}
  479. ironic::keystone::auth_inspector::admin_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_ADMIN}}
  480. ironic::keystone::auth_inspector::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  481. ironic::keystone::auth_inspector::region: "%{hiera('keystone_region')}"
  482. # Ironic Inspector
  483. ironic::inspector::listen_address: {{LOCAL_IP}}
  484. ironic::inspector::debug: "%{hiera('debug')}"
  485. {{#IPXE_ENABLED}}
  486. ironic::inspector::pxe_transfer_protocol: 'http'
  487. {{/IPXE_ENABLED}}
  488. ironic::inspector::enable_uefi: {{INSPECTION_ENABLE_UEFI}}
  489. ironic::inspector::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  490. ironic::inspector::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  491. ironic::inspector::authtoken::username: 'ironic'
  492. ironic::inspector::authtoken::password: "%{hiera('ironic::api::authtoken::password')}"
  493. ironic::inspector::authtoken::project_name: 'service'
  494. ironic::inspector::db::database_connection: mysql+pymysql://ironic-inspector:{{UNDERCLOUD_IRONIC_PASSWORD}}@{{LOCAL_IP}}/ironic-inspector
  495. ironic::inspector::keep_ports: 'added'
  496. ironic::inspector::ironic_username: 'ironic'
  497. ironic::inspector::ironic_password: "%{hiera('ironic::api::authtoken::password')}"
  498. ironic::inspector::ironic_tenant_name: 'service'
  499. ironic::inspector::ironic_project_domain_name: 'Default'
  500. ironic::inspector::ironic_user_domain_name: 'Default'
  501. ironic::inspector::ironic_auth_url: "%{hiera('keystone_auth_uri')}"
  502. ironic::inspector::ironic_max_retries: 6
  503. ironic::inspector::ironic_retry_interval: 10
  504. ironic::inspector::store_data: 'swift'
  505. ironic::inspector::swift_username: 'ironic'
  506. ironic::inspector::swift_password: "%{hiera('ironic::api::authtoken::password')}"
  507. ironic::inspector::swift_tenant_name: 'service'
  508. ironic::inspector::swift_project_domain_name: 'Default'
  509. ironic::inspector::swift_user_domain_name: 'Default'
  510. ironic::inspector::swift_auth_url: "%{hiera('keystone_auth_uri')}"
  511. ironic::inspector::dnsmasq_local_ip: {{LOCAL_IP}}
  512. ironic::inspector::dnsmasq_ip_range: {{INSPECTION_IPRANGE}}
  513. ironic::inspector::dnsmasq_interface: {{INSPECTION_INTERFACE}}
  514. ironic::inspector::ramdisk_collectors: {{INSPECTION_COLLECTORS}}
  515. ironic::inspector::additional_processing_hooks: 'extra_hardware,lldp_basic,local_link_connection'
  516. ironic::inspector::ramdisk_kernel_args: {{INSPECTION_KERNEL_ARGS}}
  517. ironic::inspector::ipxe_timeout: 60
  518. ironic::inspector::node_not_found_hook: {{INSPECTION_NODE_NOT_FOUND_HOOK}}
  519. ironic::inspector::discovery_default_driver: {{DISCOVERY_DEFAULT_DRIVER}}
  520. ironic::inspector::detect_boot_mode: true
  521. # Ironic PXE driver
  522. ironic::drivers::pxe::ipxe_timeout: 60
  523. # Ironic deploy utils
  524. ironic_ipxe_port: 8088
  525. ironic::conductor::http_url: "http://{{LOCAL_IP}}:%{hiera('ironic_ipxe_port')}"
  526. ironic::conductor::http_boot: '/httpboot'
  527. ironic::inspector::http_port: "%{hiera('ironic_ipxe_port')}"
  528. # Ironic pxe
  529. ironic::drivers::pxe::ipxe_enabled: {{IPXE_ENABLED}}
  530. # NOTE(dtantsur): UEFI only works with iPXE currently for us
  531. ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
  532. ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
  533. # Ironic agent
  534. ironic::drivers::agent::deploy_logs_collect: 'always'
  535. ironic::drivers::agent::deploy_logs_storage_backend: 'local'
  536. ironic::drivers::agent::deploy_logs_local_path: '/var/log/ironic/deploy/'
  537. # Ironic power and management drivers tuning
  538. ironic::drivers::ipmi::retry_timeout: 15
  539. ironic::drivers::ilo::default_boot_mode: 'bios'
  540. # Rabbit
  541. rabbit_cookie: {{UNDERCLOUD_RABBIT_COOKIE}}
  542. rabbitmq::delete_guest_user: false
  543. rabbitmq::node_ip_address: {{LOCAL_IP}}
  544. rabbitmq::package_source: undef
  545. rabbitmq::port: '5672'
  546. rabbitmq::repos_ensure: false
  547. rabbitmq::wipe_db_on_cookie_change: true
  548. rabbitmq::default_user: {{UNDERCLOUD_RABBIT_USERNAME}}
  549. rabbitmq::default_pass: {{UNDERCLOUD_RABBIT_PASSWORD}}
  550. # Horizon
  551. horizon::django_debug: "%{hiera('debug')}"
  552. horizon_secret_key: {{UNDERCLOUD_HORIZON_SECRET_KEY}}
  553. horizon::allowed_hosts:
  554. - "%{::fqdn}"
  555. - "{{LOCAL_IP}}"
  556. horizon::wsgi::apache::priority: 10
  557. horizon::openstack_endpoint_type: internalURL
  558. # Mistral
  559. mistral::debug: "%{hiera('debug')}"
  560. mistral::api::bind_host: {{LOCAL_IP}}
  561. mistral::api::api_workers: "%{::os_workers}"
  562. mistral::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  563. mistral::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  564. mistral::rabbit_host: {{LOCAL_IP}}
  565. mistral::auth_uri: "%{hiera('keystone_auth_uri')}"
  566. mistral::identity_uri: "%{hiera('keystone_identity_uri')}"
  567. mistral::database_connection: mysql+pymysql://mistral:{{UNDERCLOUD_MISTRAL_PASSWORD}}@{{LOCAL_IP}}/mistral
  568. mistral::rpc_backend: rabbit
  569. mistral::keystone_password: {{UNDERCLOUD_MISTRAL_PASSWORD}}
  570. mistral::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_PUBLIC}}
  571. mistral::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_INTERNAL}}
  572. mistral::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_ADMIN}}
  573. mistral::keystone::auth::region: "%{hiera('keystone_region')}"
  574. mistral::keystone::auth::password: {{UNDERCLOUD_MISTRAL_PASSWORD}}
  575. mistral::keystone::auth::tenant: 'service'
  576. mistral::engine::older_than: 2880
  577. mistral::engine::evaluation_interval: 120
  578. mistral::engine::execution_field_size_limit_kb: 4096
  579. # Zaqar
  580. zaqar::keystone::authtoken::project_name: 'service'
  581. zaqar::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  582. zaqar::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  583. zaqar::keystone::authtoken::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
  584. zaqar::keystone::auth::tenant: 'service'
  585. zaqar::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_PUBLIC}}
  586. zaqar::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_INTERNAL}}
  587. zaqar::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_ADMIN}}
  588. zaqar::keystone::auth::region: "%{hiera('keystone_region')}"
  589. zaqar::keystone::auth::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
  590. zaqar::keystone::auth::roles:
  591. - admin
  592. - ResellerAdmin
  593. zaqar::keystone::auth_websocket::tenant: 'service'
  594. zaqar::keystone::auth_websocket::public_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_PUBLIC}}
  595. zaqar::keystone::auth_websocket::internal_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_INTERNAL}}
  596. zaqar::keystone::auth_websocket::admin_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_ADMIN}}
  597. zaqar::keystone::auth_websocket::region: "%{hiera('keystone_region')}"
  598. zaqar::keystone::auth_websocket::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
  599. zaqar::server::service_name: 'httpd'
  600. zaqar::unreliable: true
  601. zaqar::transport::websocket::bind: {{LOCAL_IP}}
  602. zaqar::wsgi::apache::bind_host: {{LOCAL_IP}}
  603. zaqar::wsgi::apache::ssl: false
  604. zaqar::message_store: swift
  605. zaqar::management_store: sqlalchemy
  606. zaqar::management::sqlalchemy::uri: mysql+pymysql://zaqar:{{UNDERCLOUD_ZAQAR_PASSWORD}}@{{LOCAL_IP}}/zaqar
  607. zaqar::messaging::swift::uri: swift://zaqar:{{UNDERCLOUD_ZAQAR_PASSWORD}}@/service
  608. zaqar::messaging::swift::auth_url: "%{hiera('keystone_auth_uri')}"
  609. zaqar::message_pipeline: 'zaqar.notification.notifier'
  610. zaqar::max_messages_post_size: 1048576
  611. # Cinder
  612. cinder::debug: "%{hiera('debug')}"
  613. cinder_backend_name: 'undercloud_iscsi'
  614. cinder_enable_test_volume: false
  615. cinder_iscsi_address: {{LOCAL_IP}}
  616. cinder::api::enable_proxy_headers_parsing: true
  617. cinder::api::service_name: 'httpd'
  618. cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL'
  619. cinder::backends::enabled_backends: ["%{hiera('cinder_backend_name')}"]
  620. cinder::cron::db_purge::destination: "/dev/null"
  621. cinder::database_connection: mysql+pymysql://cinder:{{UNDERCLOUD_CINDER_PASSWORD}}@{{LOCAL_IP}}/cinder
  622. cinder::db::database_db_max_retries: -1
  623. cinder::db::database_max_retries: -1
  624. cinder::debug: "%{hiera('debug')}"
  625. cinder::glance::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
  626. cinder::keystone::auth::tenant: 'service'
  627. cinder::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CINDER_PUBLIC}}
  628. cinder::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CINDER_INTERNAL}}
  629. cinder::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CINDER_ADMIN}}
  630. cinder::keystone::auth::public_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_PUBLIC}}
  631. cinder::keystone::auth::internal_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_INTERNAL}}
  632. cinder::keystone::auth::admin_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_ADMIN}}
  633. cinder::keystone::auth::public_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_PUBLIC}}
  634. cinder::keystone::auth::internal_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_INTERNAL}}
  635. cinder::keystone::auth::admin_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_ADMIN}}
  636. cinder::keystone::auth::region: "%{hiera('keystone_region')}"
  637. cinder::keystone::auth::password: {{UNDERCLOUD_CINDER_PASSWORD}}
  638. cinder::keystone::authtoken::project_name: 'service'
  639. cinder::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  640. cinder::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  641. cinder::keystone::authtoken::password: {{UNDERCLOUD_CINDER_PASSWORD}}
  642. cinder::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  643. cinder::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  644. cinder::rabbit_host: {{LOCAL_IP}}
  645. cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
  646. cinder::setup_test_volume::size: '10280M'
  647. cinder::wsgi::apache::bind_host: {{LOCAL_IP}}
  648. cinder::wsgi::apache::ssl: false
  649. cinder::wsgi::apache::workers: "%{::os_workers}"
  650. # HAproxy
  651. tripleo::profile::base::haproxy::step: 1
  652. tripleo::haproxy::haproxy_stats_password: {{UNDERCLOUD_HAPROXY_STATS_PASSWORD}}
  653. tripleo::haproxy::controller_virtual_ip: "%{hiera('controller_admin_host')}"
  654. tripleo::haproxy::controller_hosts: "%{hiera('controller_host')}"
  655. tripleo::haproxy::public_virtual_ip: "%{hiera('controller_public_host')}"
  656. tripleo::haproxy::public_virtual_interface: 'br-ctlplane'
  657. tripleo::haproxy::keystone_admin: true
  658. tripleo::haproxy::keystone_public: true
  659. tripleo::haproxy::neutron: true
  660. tripleo::haproxy::glance_api: true
  661. tripleo::haproxy::glance_registry: true
  662. tripleo::haproxy::nova_osapi: true
  663. tripleo::haproxy::nova_placement: true
  664. tripleo::haproxy::nova_metadata: true
  665. tripleo::haproxy::swift_proxy_server: true
  666. tripleo::haproxy::heat_api: true
  667. tripleo::haproxy::ceilometer: "%{hiera('enable_telemetry')}"
  668. tripleo::haproxy::aodh: "%{hiera('enable_telemetry')}"
  669. tripleo::haproxy::gnocchi: "%{hiera('enable_telemetry')}"
  670. tripleo::haproxy::panko: "%{hiera('enable_telemetry')}"
  671. tripleo::haproxy::ironic: true
  672. tripleo::haproxy::ironic_inspector: true
  673. tripleo::haproxy::rabbitmq: true
  674. tripleo::haproxy::mistral: true
  675. tripleo::haproxy::zaqar_api: true
  676. tripleo::haproxy::zaqar_ws: true
  677. tripleo::haproxy::docker_registry: true
  678. # Docker
  679. tripleo::profile::base::docker::step: 1
  680. {{#DOCKER_REGISTRY_MIRROR}}
  681. tripleo::profile::base::docker::registry_mirror: {{DOCKER_REGISTRY_MIRROR}}
  682. {{/DOCKER_REGISTRY_MIRROR}}
  683. # Keepalived
  684. tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}"
  685. tripleo::keepalived::control_virtual_interface: 'br-ctlplane'
  686. tripleo::keepalived::public_virtual_ip: "%{hiera('controller_public_host')}"
  687. tripleo::keepalived::public_virtual_interface: 'br-ctlplane'
  688. tripleo::keepalived::virtual_router_id_base: 40
  689. # UI
  690. keystone::cors::allowed_origin: '*'
  691. ironic::cors::allowed_origin: '*'
  692. ironic::cors::max_age: 3600
  693. ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS'
  694. ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
  695. ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
  696. ironic::inspector::cors::allowed_origin: '*'
  697. ironic::inspector::cors::max_age: 3600
  698. ironic::inspector::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS'
  699. ironic::inspector::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
  700. ironic::inspector::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
  701. heat::cors::allowed_origin: '*'
  702. heat::cors::max_age: 3600
  703. heat::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
  704. heat::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
  705. mistral::cors::allowed_origin: '*'
  706. mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
  707. mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
  708. swift::proxy::cors_allow_origin: '*'
  709. tripleo::ui::endpoint_proxy_zaqar: {{UNDERCLOUD_ENDPOINT_ZAQAR_UI_PROXY_INTERNAL}}
  710. tripleo::ui::endpoint_proxy_keystone: {{UNDERCLOUD_ENDPOINT_KEYSTONE_INTERNAL}}
  711. tripleo::ui::endpoint_proxy_heat: {{UNDERCLOUD_ENDPOINT_HEAT_UI_PROXY_INTERNAL}}
  712. tripleo::ui::endpoint_proxy_ironic: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
  713. tripleo::ui::endpoint_proxy_ironic_inspector: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_INTERNAL}}
  714. tripleo::ui::endpoint_proxy_mistral: {{UNDERCLOUD_ENDPOINT_MISTRAL_UI_PROXY_INTERNAL}}
  715. tripleo::ui::endpoint_proxy_swift: {{UNDERCLOUD_ENDPOINT_SWIFT_UI_PROXY_INTERNAL}}
  716. tripleo::ui::endpoint_config_zaqar: {{UNDERCLOUD_ENDPOINT_ZAQAR_UI_CONFIG_PUBLIC}}
  717. tripleo::ui::endpoint_config_keystone: {{UNDERCLOUD_ENDPOINT_KEYSTONE_UI_CONFIG_PUBLIC}}
  718. tripleo::ui::endpoint_config_heat: {{UNDERCLOUD_ENDPOINT_HEAT_UI_CONFIG_PUBLIC}}
  719. tripleo::ui::endpoint_config_ironic: {{UNDERCLOUD_ENDPOINT_IRONIC_UI_CONFIG_PUBLIC}}
  720. tripleo::ui::endpoint_config_ironic_inspector: {{UNDERCLOUD_ENDPOINT_IRONIC_UI_CONFIG_PUBLIC}}
  721. tripleo::ui::endpoint_config_mistral: {{UNDERCLOUD_ENDPOINT_MISTRAL_UI_CONFIG_PUBLIC}}
  722. tripleo::ui::endpoint_config_swift: {{UNDERCLOUD_ENDPOINT_SWIFT_UI_CONFIG_PUBLIC}}
  723. # service tenant
  724. ceilometer::keystone::authtoken::project_name: 'service'
  725. aodh::keystone::authtoken::project_name: 'service'
  726. gnocchi::keystone::authtoken::project_name: 'service'
  727. cinder::keystone::authtoken::project_name: 'service'
  728. heat::keystone::authtoken::project_name: 'service'
  729. glance::api::authtoken::project_name: 'service'
  730. glance::registry::authtoken::project_name: 'service'
  731. ironic::api::authtoken::project_name: 'service'
  732. ironic::drivers::inspector::project_name: 'service'
  733. ironic::glance::project_name: 'service'
  734. ironic::neutron::project_name: 'service'
  735. ironic::service_catalog::project_name: 'service'
  736. ironic::swift::project_name: 'service'
  737. nova::keystone::authtoken::project_name: 'service'
  738. swift::proxy::authtoken::project_name: 'service'
  739. mistral::keystone_tenant: 'service'
  740. swift::proxy::workers: "%{::os_workers}"
  741. # Options
  742. enable_tempest: {{ENABLE_TEMPEST}}
  743. enable_validations: {{ENABLE_VALIDATIONS}}
  744. enable_telemetry: {{ENABLE_TELEMETRY}}
  745. enable_legacy_ceilometer_api: {{ENABLE_LEGACY_CEILOMETER_API}}
  746. enable_legacy_ceilometer_collector: {{ENABLE_LEGACY_CEILOMETER_COLLECTOR}}
  747. enable_ui: {{ENABLE_UI}}
  748. enable_cinder: {{ENABLE_CINDER}}
  749. enable_container_images_build: {{ENABLE_CONTAINER_IMAGES_BUILD}}
  750. # Path to install configuration files
  751. tripleo_install_user: {{TRIPLEO_INSTALL_USER}}
  752. tripleo_undercloud_conf_file: {{TRIPLEO_UNDERCLOUD_CONF_FILE}}
  753. tripleo_undercloud_password_file: {{TRIPLEO_UNDERCLOUD_PASSWORD_FILE}}
  754. # Novajoin
  755. {{#ENABLE_NOVAJOIN}}
  756. novajoin_listen_port: 9090
  757. nova::metadata::novajoin::api::bind_address: "{{LOCAL_IP}}"
  758. nova::metadata::novajoin::api::join_listen_port: "%{hiera('novajoin_listen_port')}"
  759. nova::metadata::novajoin::api::keystone_auth_url: "%{hiera('keystone_auth_uri')}"
  760. nova::metadata::novajoin::api::service_password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
  761. nova::metadata::novajoin::api::transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
  762. nova::metadata::novajoin::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  763. nova::metadata::novajoin::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  764. nova::metadata::novajoin::authtoken::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
  765. nova::metadata::novajoin::authtoken::project_name: 'service'
  766. nova::metadata::novajoin::auth::tenant: 'service'
  767. nova::metadata::novajoin::auth::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
  768. nova::metadata::novajoin::auth::region: "%{hiera('keystone_region')}"
  769. ipaclient::password: {{IPA_OTP}}
  770. ipaclient::hostname: {{UNDERCLOUD_HOSTNAME}}
  771. enable_novajoin: true
  772. nova::api::vendordata_jsonfile_path: '/etc/novajoin/cloud-config-novajoin.json'
  773. nova::api::vendordata_providers: ['StaticJSON', 'DynamicJSON']
  774. nova::api::vendordata_dynamic_targets: ["join@http://{{LOCAL_IP}}:%{hiera('novajoin_listen_port')}/v1/"]
  775. nova::api::vendordata_dynamic_failure_fatal: true
  776. nova::api::vendordata_dynamic_auth_auth_type: 'password'
  777. nova::api::vendordata_dynamic_auth_auth_url: "%{hiera('keystone_auth_uri')}"
  778. nova::api::vendordata_dynamic_auth_os_region_name: "%{hiera('keystone_region')}"
  779. nova::api::vendordata_dynamic_auth_username: 'nova'
  780. nova::api::vendordata_dynamic_auth_project_name: 'service'
  781. nova::api::vendordata_dynamic_auth_project_domain_name: 'Default'
  782. nova::api::vendordata_dynamic_auth_user_domain_name: 'Default'
  783. nova::api::vendordata_dynamic_auth_password: {{UNDERCLOUD_NOVA_PASSWORD}}
  784. nova::notification_topics: ['notifications', 'novajoin_notifications']
  785. nova::notify_on_state_change: 'vm_state'
  786. {{/ENABLE_NOVAJOIN}}
  787. # Firewall
  788. tripleo::firewall::manage_firewall: true
  789. tripleo::firewall::firewall_rules:
  790. '105 ntp':
  791. dport: 123
  792. proto: udp
  793. '106 vrrp':
  794. proto: vrrp
  795. '107 haproxy stats':
  796. dport: 1993
  797. '108 redis':
  798. dport:
  799. - 6379
  800. - 26379
  801. '110 ceph':
  802. dport:
  803. - 6789
  804. - '6800-6810'
  805. '111 keystone':
  806. dport:
  807. - 5000
  808. - 13000
  809. - 35357
  810. - 13357
  811. '112 glance':
  812. dport:
  813. - 9292
  814. - 9191
  815. - 13292
  816. '113 nova':
  817. dport:
  818. - 6080
  819. - 13080
  820. - 8773
  821. - 13773
  822. - 8774
  823. - 13774
  824. - 8778
  825. - 13778
  826. - 8775
  827. - 13775
  828. '114 neutron server':
  829. dport:
  830. - 9696
  831. - 13696
  832. '115 neutron dhcp input':
  833. proto: 'udp'
  834. dport: 67
  835. '116 neutron dhcp output':
  836. proto: 'udp'
  837. chain: 'OUTPUT'
  838. dport: 68
  839. '118 neutron vxlan networks':
  840. proto: 'udp'
  841. dport: 4789
  842. '119 cinder':
  843. dport:
  844. - 8776
  845. - 13776
  846. '120 iscsi initiator':
  847. dport: 3260
  848. '121 memcached':
  849. dport: 11211
  850. '122 swift proxy':
  851. dport:
  852. - 8080
  853. - 13808
  854. '123 swift storage':
  855. dport:
  856. - 873
  857. - 6000
  858. - 6001
  859. - 6002
  860. '124 ceilometer':
  861. dport:
  862. - 8777
  863. - 13777
  864. '125 heat':
  865. dport:
  866. - 8000
  867. - 13800
  868. - 8003
  869. - 13003
  870. - 8004
  871. - 13004
  872. '126 horizon':
  873. dport:
  874. - 80
  875. - 443
  876. '127 snmp':
  877. dport: 161
  878. proto: 'udp'
  879. '128 aodh':
  880. dport:
  881. - 8042
  882. - 13042
  883. '129 gnocchi-api':
  884. dport:
  885. - 8041
  886. - 13041
  887. '130 tftp':
  888. dport: 69
  889. proto: udp
  890. '131 novnc':
  891. dport: 5900-5999
  892. proto: tcp
  893. '132 mistral':
  894. dport:
  895. - 8989
  896. - 13989
  897. '133 zaqar':
  898. dport:
  899. - 8888
  900. - 13888
  901. '134 zaqar websockets':
  902. dport: 9000
  903. '135 ironic':
  904. dport:
  905. - 6385
  906. - 13385
  907. '136 trove':
  908. dport:
  909. - 8779
  910. - 13779
  911. '137 ironic-inspector':
  912. dport: 5050
  913. '138 docker registry':
  914. dport:
  915. - 8787
  916. - 13787
  917. '139 apache vhost':
  918. dport: "%{hiera('ironic_ipxe_port')}"
  919. '140 network cidr nat':
  920. chain: FORWARD
  921. destination: {{NETWORK_CIDR}}
  922. '142 tripleo-ui':
  923. dport:
  924. - 3000
  925. - 443
  926. '143 panko-api':
  927. dport:
  928. - 8779
  929. - 13779