instack-undercloud/elements/puppet-stack-config/puppet-stack-config.yaml.te...

977 lines
43 KiB
Plaintext

keystone_identity_uri: {{UNDERCLOUD_ENDPOINT_KEYSTONE_ADMIN}}
keystone_auth_uri: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}/v3
keystone_region: 'regionOne'
keystone_default_domain: 'Default'
debug: {{UNDERCLOUD_DEBUG}}
controller_host: {{LOCAL_IP}} #local-ipv4
controller_admin_host: {{UNDERCLOUD_ADMIN_HOST}}
controller_public_host: {{UNDERCLOUD_PUBLIC_HOST}}
ntp::servers: {{UNDERCLOUD_NTP_SERVERS}}
sysctl_settings:
net.ipv4.ip_nonlocal_bind:
value: 1
net.ipv6.ip_nonlocal_bind:
value: 1
# SSL
tripleo::haproxy::service_certificate: {{UNDERCLOUD_SERVICE_CERTIFICATE}}
generate_service_certificates: {{GENERATE_SERVICE_CERTIFICATE}}
tripleo::profile::base::haproxy::certificates_specs:
undercloud-haproxy-public:
service_pem: {{UNDERCLOUD_SERVICE_CERTIFICATE}}
service_certificate: '/etc/pki/tls/certs/undercloud-front.crt'
service_key: '/etc/pki/tls/private/undercloud-front.key'
hostname: "%{hiera('controller_public_host')}"
postsave_cmd: "/usr/bin/instack-haproxy-cert-update '/etc/pki/tls/certs/undercloud-front.crt' '/etc/pki/tls/private/undercloud-front.key' {{UNDERCLOUD_SERVICE_CERTIFICATE}} undercloud-haproxy-public-cert"
principal: {{SERVICE_PRINCIPAL}}
# CA defaults
certmonger_ca: {{CERTIFICATE_GENERATION_CA}}
# Common Hiera data gets applied to all nodes
ssh::server::storeconfigs_enabled: false
# memcached
memcached::max_memory: '50%'
# Apache
apache::server_signature: 'Off'
apache::server_tokens: 'Prod'
# ceilometer settings used by compute and controller ceilo auth settings
ceilometer::agent::auth::auth_region: "%{hiera('keystone_region')}"
aodh::auth::auth_region: "%{hiera('keystone_region')}"
ceilometer::agent::auth::auth_tenant_name: 'service'
aodh::auth::auth_tenant_name: 'service'
ceilometer::agent::auth::auth_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
aodh::auth::auth_url: "%{hiera('keystone_auth_uri')}"
# Swift
swift::proxy::proxy_local_net_ip: {{LOCAL_IP}}
swift::proxy::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
swift::proxy::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
swift::proxy::node_timeout: 60
swift::proxy::workers: "%{::os_workers}"
swift::proxy::log_facility: LOG_LOCAL2
swift::storage::all::storage_local_net_ip: {{LOCAL_IP}}
swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
swift::swift_hash_path_suffix: {{UNDERCLOUD_SWIFT_HASH_SUFFIX}}
swift::proxy::account_autocreate: true
swift::proxy::authtoken::password: {{UNDERCLOUD_SWIFT_PASSWORD}}
swift::keystone::auth::tenant: 'service'
swift::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_SWIFT_PUBLIC}}
swift::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_SWIFT_INTERNAL}}
swift::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_SWIFT_ADMIN}}
swift::keystone::auth::password: {{UNDERCLOUD_SWIFT_PASSWORD}}
swift::keystone::auth::region: "%{hiera('keystone_region')}"
swift::keystone::auth::configure_s3_endpoint: false
swift::keystone::auth::operator_roles:
- admin
- swiftoperator
swift_mount_check: false
swift::ringbuilder::replicas: 1
swift::ringbuilder::part_power: 10
swift::ringbuilder::min_part_hours: 1
swift::proxy::pipeline:
- 'catch_errors'
- 'healthcheck'
- 'proxy-logging'
- 'cache'
- 'ratelimit'
- 'bulk'
- 'tempurl'
- 'formpost'
- 'authtoken'
- 'keystone'
- 'staticweb'
- 'proxy-logging'
- 'proxy-server'
# Glance
glance::api::debug: "%{hiera('debug')}"
glance::api::bind_port: 9292
glance::api::bind_host: {{LOCAL_IP}}
glance::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
glance::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
glance::api::registry_host: {{LOCAL_IP}}
glance::api::authtoken::password: {{UNDERCLOUD_GLANCE_PASSWORD}}
glance::api::workers: "%{::os_workers}"
glance::api::stores:
- glance.store.filesystem.Store
- glance.store.swift.Store
glance::api::default_store: 'glance.store.swift.Store'
glance::api::pipeline: 'keystone'
# used to construct glance_api_servers
glance_log_file: ''
glance::api::database_connection: mysql+pymysql://glance:{{UNDERCLOUD_GLANCE_PASSWORD}}@{{LOCAL_IP}}/glance
glance::api::enable_v1_api: false
glance::api::enable_v2_api: true
glance::keystone::auth::tenant: 'service'
glance::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_GLANCE_PUBLIC}}
glance::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
glance::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_GLANCE_ADMIN}}
glance::keystone::auth::password: {{UNDERCLOUD_GLANCE_PASSWORD}}
glance::keystone::auth::region: "%{hiera('keystone_region')}"
glance::backend::swift::swift_store_auth_address: "%{hiera('keystone_auth_uri')}"
glance::backend::swift::swift_store_auth_version: 3
glance::backend::swift::swift_store_user: service:glance
glance::backend::swift::swift_store_key: {{UNDERCLOUD_GLANCE_PASSWORD}}
glance::backend::swift::swift_store_create_container_on_put: true
glance::notify::rabbitmq::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
glance::notify::rabbitmq::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
glance::notify::rabbitmq::rabbit_host: {{LOCAL_IP}}
glance::registry::debug: "%{hiera('debug')}"
# Heat
heat::debug: "%{hiera('debug')}"
heat_stack_domain_admin_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}}
heat::engine::configure_delegated_roles: false
heat::engine::heat_stack_user_role: 'heat_stack_user'
heat::engine::heat_watch_server_url: http://{{LOCAL_IP}}:8003
heat::engine::heat_metadata_server_url: http://{{LOCAL_IP}}:8000
heat::engine::heat_waitcondition_server_url: http://{{LOCAL_IP}}:8000/v1/waitcondition
heat::engine::reauthentication_auth_method: 'trusts'
heat::engine::trusts_delegated_roles: []
heat::engine::auth_encryption_key: {{UNDERCLOUD_HEAT_ENCRYPTION_KEY}}
heat::engine::max_resources_per_stack: -1
heat::engine::convergence_engine: false
# NOTE(trown): We need to give heat engine more workers because we are throwing huge
# nested stacks at it for the deploy. By not setting this, we get the heat default,
# which is max(#CPUs,4).
#heat::engine::num_engine_workers:
heat::engine::max_nested_stack_depth: 6
heat::instance_user: heat-admin
heat::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
heat::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
heat::rabbit_host: {{LOCAL_IP}}
heat::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
heat::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
heat::keystone::authtoken::password: {{UNDERCLOUD_HEAT_PASSWORD}}
heat::keystone::domain::domain_name: 'heat_stack'
heat::keystone::domain::domain_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}}
heat::api::bind_host: {{LOCAL_IP}}
heat::api::workers: "%{::os_workers}"
heat::api::service_name: 'httpd'
heat::api_cfn::bind_host: {{LOCAL_IP}}
heat::api_cfn::workers: "%{::os_workers}"
heat::api_cfn::service_name: 'httpd'
heat::wsgi::apache_api::ssl: false
heat::wsgi::apache_api::bind_host: {{LOCAL_IP}}
heat::wsgi::apache_api::workers: "%{hiera('heat::api::workers')}"
heat::wsgi::apache_api_cfn::ssl: false
heat::wsgi::apache_api_cfn::bind_host: {{LOCAL_IP}}
heat::wsgi::apache_api_cfn::workers: "%{hiera('heat::api_cfn::workers')}"
heat::database_connection: mysql+pymysql://heat:{{UNDERCLOUD_HEAT_PASSWORD}}@{{LOCAL_IP}}/heat
heat_dsn: mysql+pymysql://heat:{{UNDERCLOUD_HEAT_PASSWORD}}@{{LOCAL_IP}}/heat
heat::rpc_response_timeout: 600
heat::keystone::auth::tenant: 'service'
heat::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_PUBLIC}}
heat::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_INTERNAL}}
heat::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_ADMIN}}
heat::keystone::auth::password: {{UNDERCLOUD_HEAT_PASSWORD}}
heat::keystone::auth::region: "%{hiera('keystone_region')}"
heat::keystone::auth_cfn::tenant: 'service'
heat::keystone::auth_cfn::region: "%{hiera('keystone_region')}"
heat::keystone::auth_cfn::password: {{UNDERCLOUD_HEAT_CFN_PASSWORD}}
heat::keystone::auth_cfn::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_PUBLIC}}
heat::keystone::auth_cfn::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_INTERNAL}}
heat::keystone::auth_cfn::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_ADMIN}}
heat::cron::purge_deleted::age: 1
heat::cron::purge_deleted::age_type: 'days'
heat::cron::purge_deleted::destination: '/dev/null'
heat::notification_driver: 'messaging'
heat::yaql_memory_quota: 100000
heat::yaql_limit_iterators: 1000
heat::max_json_body_size: 2097152
# Keystone
keystone::debug: "%{hiera('debug')}"
keystone::admin_token: {{UNDERCLOUD_ADMIN_TOKEN}}
keystone::admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}}
keystone::admin_workers: "%{::os_workers}"
keystone::public_workers: "%{::os_workers}"
keystone::public_bind_host: {{LOCAL_IP}}
keystone::admin_bind_host: {{LOCAL_IP}}
keystone::public_endpoint: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
keystone::service_name: 'httpd'
keystone_ca_certificate: '{{KEYSTONE_CA_CERTIFICATE}}'
keystone_signing_key: '{{KEYSTONE_SIGNING_KEY}}'
keystone_signing_certificate: '{{KEYSTONE_SIGNING_CERTIFICATE}}'
keystone::database_connection: mysql+pymysql://keystone:{{UNDERCLOUD_ADMIN_TOKEN}}@{{LOCAL_IP}}/keystone
keystone::cron::token_flush::destination: '/dev/null'
keystone::roles::admin::password: {{UNDERCLOUD_ADMIN_PASSWORD}}
keystone::roles::admin::email: 'root@localhost'
keystone::roles::admin::admin_tenant: 'admin'
keystone::roles::admin::service_tenant: 'service'
keystone::token_expiration: 14400
keystone::endpoint::public_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
keystone::endpoint::internal_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_INTERNAL}}
keystone::endpoint::admin_url: "%{hiera('keystone_identity_uri')}"
keystone::endpoint::region: "%{hiera('keystone_region')}"
keystone::endpoint::version: ''
keystone::wsgi::apache::ssl: false
keystone::wsgi::apache::bind_host: {{LOCAL_IP}}
keystone::notification_driver: messaging
keystone::notification_topics: notifications
keystone::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
keystone::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
keystone::rabbit_host: {{LOCAL_IP}}
keystone::enable_credential_setup: true
keystone::fernet_max_active_keys: 2
# MySQL
admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}}
enable_galera: true
mysql_max_connections: '4096'
tripleo::profile::base::database::mysql::step: 2
tripleo::profile::base::database::mysql::manage_resources: true
tripleo::profile::base::database::mysql::remove_default_accounts: true
tripleo::profile::base::database::mysql::mysql_server_options:
'mysqld':
bind-address: "%{hiera('controller_host')}"
innodb_file_per_table: 'ON'
mysql::server::restart: true
# Neutron
neutron::debug: "%{hiera('debug')}"
neutron::bind_host: {{LOCAL_IP}}
neutron::core_plugin: ml2
neutron::dhcp_agents_per_network: 2
neutron::dns_domain: {{OVERCLOUD_DOMAIN_NAME}}
neutron::server::api_workers: "%{::os_workers}"
neutron::server::rpc_workers: "%{::os_workers}"
neutron::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
neutron::rabbit_user: {{UNDERCLOUD_RABBIT_USERNAME}}
neutron::keystone::authtoken::project_name: "%{hiera('neutron::keystone::auth::tenant')}"
neutron::server::notifications::project_name: "%{hiera('neutron::keystone::auth::tenant')}"
neutron::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
neutron::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
neutron::server::database_connection: mysql+pymysql://neutron:{{UNDERCLOUD_NEUTRON_PASSWORD}}@{{LOCAL_IP}}/neutron
neutron::server::sync_db: true
neutron::agents::ml2::ovs::local_ip: {{LOCAL_IP}}
neutron_mechanism_drivers: openvswitch
neutron_bridge_mappings: ctlplane:br-ctlplane
neutron_public_interface: {{LOCAL_INTERFACE}}
neutron_physical_bridge: br-ctlplane
neutron::keystone::authtoken::password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
neutron::agents::metadata::auth_password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
neutron::agents::metadata::metadata_workers: "%{::os_workers}"
neutron::quota::quota_port: -1
neutron::server::notifications::auth_url: "%{hiera('keystone_auth_uri')}"
neutron::server::notifications::tenant_name: service
neutron::server::notifications::password: {{UNDERCLOUD_NOVA_PASSWORD}}
neutron::keystone::auth::tenant: 'service'
neutron::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}}
neutron::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_INTERNAL}}
neutron::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_ADMIN}}
neutron::keystone::auth::password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
neutron::keystone::auth::region: "%{hiera('keystone_region')}"
# Ceilometer
ceilometer::debug: "%{hiera('debug')}"
ceilometer::expirer::time_to_live: undef
ceilometer::metering_secret: {{UNDERCLOUD_CEILOMETER_METERING_SECRET}}
ceilometer::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
ceilometer::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
ceilometer::rabbit_host: {{LOCAL_IP}}
ceilometer::api::host: {{LOCAL_IP}}
ceilometer::api::service_name: 'httpd'
ceilometer::wsgi::apache::ssl: false
ceilometer::wsgi::apache::bind_host: {{LOCAL_IP}}
ceilometer::keystone::authtoken::password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
ceilometer::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
ceilometer::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
ceilometer::db::database_connection: mysql+pymysql://ceilometer:{{UNDERCLOUD_CEILOMETER_PASSWORD}}@{{LOCAL_IP}}/ceilometer
ceilometer::agent::auth::auth_password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
ceilometer_compute_agent: ''
ceilometer::snmpd_readonly_username: {{UNDERCLOUD_CEILOMETER_SNMPD_USER}}
ceilometer::snmpd_readonly_user_password: {{UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD}}
ceilometer::keystone::auth::tenant: 'service'
ceilometer::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_PUBLIC}}
ceilometer::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_INTERNAL}}
ceilometer::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_ADMIN}}
ceilometer::keystone::auth::password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
ceilometer::keystone::auth::region: "%{hiera('keystone_region')}"
# gnocchi dispatcher config
ceilometer::collector::meter_dispatcher: 'gnocchi'
ceilometer::dispatcher::gnocchi::url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_INTERNAL}}
ceilometer::dispatcher::gnocchi::filter_project: 'service'
ceilometer::dispatcher::gnocchi::archive_policy: 'low'
ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
# events dispatcher config
ceilometer::collector::event_dispatcher: ['panko', 'gnocchi']
# Aodh
aodh::debug: "%{hiera('debug')}"
aodh::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
aodh::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
aodh::rabbit_host: {{LOCAL_IP}}
aodh::api::host: {{LOCAL_IP}}
aodh::keystone::authtoken::password: {{UNDERCLOUD_AODH_PASSWORD}}
aodh::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
aodh::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
aodh::api::service_name: 'httpd'
aodh::wsgi::apache::ssl: false
aodh::wsgi::apache::bind_host: {{LOCAL_IP}}
aodh::db::database_connection: mysql+pymysql://aodh:{{UNDERCLOUD_AODH_PASSWORD}}@{{LOCAL_IP}}/aodh
aodh::auth::auth_password: {{UNDERCLOUD_AODH_PASSWORD}}
aodh::keystone::auth::tenant: 'service'
aodh::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_AODH_PUBLIC}}
aodh::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_AODH_INTERNAL}}
aodh::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_AODH_ADMIN}}
aodh::keystone::auth::password: {{UNDERCLOUD_AODH_PASSWORD}}
aodh::keystone::auth::region: "%{hiera('keystone_region')}"
# Gnocchi
gnocchi::debug: "%{hiera('debug')}"
gnocchi_backend: 'file'
gnocchi::wsgi::apache::ssl: false
gnocchi::wsgi::apache::bind_host: {{LOCAL_IP}}
gnocchi::api::service_name: 'httpd'
gnocchi::api::host: {{LOCAL_IP}}
gnocchi::keystone::authtoken::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
gnocchi::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
gnocchi::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
gnocchi::keystone::auth::tenant: 'service'
gnocchi::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_PUBLIC}}
gnocchi::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_INTERNAL}}
gnocchi::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_ADMIN}}
gnocchi::keystone::auth::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
gnocchi::keystone::auth::region: "%{hiera('keystone_region')}"
gnocchi::db::mysql::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
gnocchi::db::database_connection: mysql+pymysql://gnocchi:{{UNDERCLOUD_GNOCCHI_PASSWORD}}@{{LOCAL_IP}}/gnocchi
gnocchi::storage::swift::swift_user: 'service:gnocchi'
gnocchi::storage::swift::swift_auth_version: 2
gnocchi::storage::swift::swift_authurl: "%{hiera('keystone_auth_uri')}"
gnocchi::storage::swift::swift_key: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
#Gnocchi statsd
gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26'
gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3'
gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
gnocchi::statsd::flush_delay: 10
gnocchi::statsd::archive_policy_name: 'low'
gnocchi_healthcheck_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_PUBLIC}}/healthcheck
# Panko
panko::logging::debug: "%{hiera('debug')}"
panko::wsgi::apache::ssl: false
panko::wsgi::apache::bind_host: {{LOCAL_IP}}
panko::api::service_name: 'httpd'
panko::api::host: {{LOCAL_IP}}
panko::db::mysql::password: {{UNDERCLOUD_PANKO_PASSWORD}}
panko::db::database_connection: mysql+pymysql://panko:{{UNDERCLOUD_PANKO_PASSWORD}}@{{LOCAL_IP}}/panko
panko::keystone::authtoken::password: {{UNDERCLOUD_PANKO_PASSWORD}}
panko::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
panko::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
panko::keystone::auth::tenant: 'service'
panko::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_PANKO_PUBLIC}}
panko::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_PANKO_INTERNAL}}
panko::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_PANKO_ADMIN}}
panko::keystone::auth::password: {{UNDERCLOUD_PANKO_PASSWORD}}
panko::keystone::auth::region: "%{hiera('keystone_region')}"
panko::keystone::authtoken::project_name: 'service'
# Nova
nova::debug: "%{hiera('debug')}"
nova::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
nova::notification_driver: messaging
nova::rpc_response_timeout: '600'
nova::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
nova::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
nova::api::api_bind_address: {{LOCAL_IP}}
nova::api::enabled: true
nova::api::metadata_listen: {{LOCAL_IP}}
nova::keystone::authtoken::password: {{UNDERCLOUD_NOVA_PASSWORD}}
nova::api::enabled_apis:
- osapi_compute
- metadata
nova::api::sync_db_api: true
nova::api::osapi_compute_workers: "%{::os_workers}"
nova::api::metadata_workers: "%{::os_workers}"
nova::wsgi::apache_placement::ssl: false
nova::wsgi::apache_placement::bind_host: {{LOCAL_IP}}
nova::wsgi::apache_placement::api_port: '8778'
nova::placement::auth_url: "%{hiera('keystone_identity_uri')}"
nova::placement::password: {{UNDERCLOUD_NOVA_PASSWORD}}
nova::placement::project_name: 'service'
nova::placement::os_region_name: "%{hiera('keystone_region')}"
nova::conductor::enabled: true
nova::conductor::workers: "%{::os_workers}"
nova::database_connection: mysql+pymysql://nova:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP}}/nova
nova::api_database_connection: mysql+pymysql://nova_api:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP}}/nova_api
nova::placement_database_connection: mysql+pymysql://nova_placement:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP}}/nova_placement
nova::notify_on_state_change: 'vm_and_task_state'
nova::scheduler::enabled: true
nova::network::neutron::dhcp_domain: {{OVERCLOUD_DOMAIN_NAME}}
nova::compute::force_config_drive: true
nova::compute::reserved_host_memory: '0'
nova::compute::vnc_enabled: false
nova::compute::instance_usage_audit: true
nova::compute::instance_usage_audit_period: 'hour'
nova::cron::archive_deleted_rows::destination: '/dev/null'
nova_sync_power_state_interval: -1
nova::ironic::common::username: 'ironic'
nova::ironic::common::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
nova::ironic::common::project_name: 'service'
nova::ironic::common::api_endpoint: "{{UNDERCLOUD_ENDPOINT_IRONIC_PUBLIC}}/v1"
nova::ironic::common::auth_url: "%{hiera('keystone_identity_uri')}"
nova::network::neutron::neutron_auth_url: "%{hiera('keystone_auth_uri')}"
nova::network::neutron::neutron_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}}
nova::network::neutron::neutron_password: "%{hiera('neutron::keystone::authtoken::password')}"
nova::network::neutron::neutron_project_name: "%{hiera('neutron::keystone::auth::tenant')}"
nova::network::neutron::neutron_region_name: ''
nova::ram_allocation_ratio: '1.0'
nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager'
nova::scheduler::filter::scheduler_max_attempts: {{SCHEDULER_MAX_ATTEMPTS}}
nova::scheduler::filter::scheduler_available_filters: ['tripleo_common.filters.list.tripleo_filters']
nova::scheduler::filter::scheduler_default_filters: ['RetryFilter', 'TripleOCapabilitiesFilter', 'ComputeCapabilitiesFilter', 'AvailabilityZoneFilter', 'RamFilter', 'DiskFilter', 'ComputeFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter']
nova::keystone::auth::tenant: 'service'
nova::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_NOVA_PUBLIC}}
nova::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_NOVA_INTERNAL}}
nova::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_NOVA_ADMIN}}
nova::keystone::auth::password: {{UNDERCLOUD_NOVA_PASSWORD}}
nova::keystone::auth::region: "%{hiera('keystone_region')}"
nova::keystone::auth::configure_ec2_endpoint: false
nova::keystone::auth_placement::tenant: 'service'
nova::keystone::auth_placement::public_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_PUBLIC}}
nova::keystone::auth_placement::internal_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_INTERNAL}}
nova::keystone::auth_placement::admin_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_ADMIN}}
nova::keystone::auth_placement::password: {{UNDERCLOUD_NOVA_PASSWORD}}
nova::keystone::auth_placement::region: "%{hiera('keystone_region')}"
nova::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
# NOTE(aschultz): raise upper limit on nova DB syncs for undercloud only.
# There is no way this should take 15 minutes and if it does we now have way
# different problems. But rather than block undercloud installs let's increase
# the timeout for these actions. See LP#1661396 for more details.
nova::db::sync::db_sync_timeout: 900
nova::db::sync_api::db_sync_timeout: 900
# Ironic
ironic::debug: "%{hiera('debug')}"
ironic::my_ip: {{LOCAL_IP}}
ironic::rpc_response_timeout: 600
ironic::api::authtoken::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
ironic::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
ironic::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
ironic::api::host_ip: {{LOCAL_IP}}
ironic::api::service_name: 'httpd'
ironic::api::workers: "%{::os_workers}"
ironic::wsgi::apache::ssl: false
ironic::wsgi::apache::bind_host: {{LOCAL_IP}}
ironic::database_connection: mysql+pymysql://ironic:{{UNDERCLOUD_IRONIC_PASSWORD}}@{{LOCAL_IP}}/ironic
ironic::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
ironic::drivers::inspector::enabled: true
ironic::drivers::inspector::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
ironic::drivers::inspector::auth_url: "%{hiera('keystone_identity_uri')}"
ironic::glance::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
ironic::glance::auth_url: "%{hiera('keystone_identity_uri')}"
ironic::neutron::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
ironic::neutron::auth_url: "%{hiera('keystone_identity_uri')}"
ironic::service_catalog::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
ironic::service_catalog::auth_url: "%{hiera('keystone_identity_uri')}"
ironic::swift::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
ironic::swift::auth_url: "%{hiera('keystone_identity_uri')}"
# Ironic conductor forces deployments to use http
# https://bugs.launchpad.net/tripleo/+bug/1613088
ironic::conductor::api_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
ironic::conductor::force_power_state_during_sync: false
ironic::conductor::automated_clean: {{CLEAN_NODES}}
ironic::conductor::cleaning_disk_erase: 'metadata'
ironic::conductor::cleaning_network: 'ctlplane'
ironic::conductor::provisioning_network: 'ctlplane'
ironic::conductor::default_boot_option: 'local'
ironic::conductor::enabled_drivers: {{ENABLED_DRIVERS}}
ironic::conductor::enabled_hardware_types: {{ENABLED_HARDWARE_TYPES}}
ironic::drivers::interfaces::default_inspect_interface: inspector
ironic::drivers::interfaces::enabled_console_interfaces: ['no-console', 'ipmitool-socat']
ironic::drivers::interfaces::enabled_inspect_interfaces: ['no-inspect', 'inspector']
ironic::drivers::interfaces::enabled_management_interfaces: {{ENABLED_MANAGEMENT_INTERFACES}}
ironic::drivers::interfaces::enabled_power_interfaces: {{ENABLED_POWER_INTERFACES}}
ironic::keystone::auth::tenant: 'service'
ironic::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_IRONIC_PUBLIC}}
ironic::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
ironic::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_IRONIC_ADMIN}}
ironic::keystone::auth::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
ironic::keystone::auth::region: "%{hiera('keystone_region')}"
ironic::keystone::auth_inspector::tenant: 'service'
ironic::keystone::auth_inspector::public_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_PUBLIC}}
ironic::keystone::auth_inspector::internal_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_INTERNAL}}
ironic::keystone::auth_inspector::admin_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_ADMIN}}
ironic::keystone::auth_inspector::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
ironic::keystone::auth_inspector::region: "%{hiera('keystone_region')}"
# Ironic Inspector
ironic::inspector::listen_address: {{LOCAL_IP}}
ironic::inspector::debug: "%{hiera('debug')}"
{{#IPXE_ENABLED}}
ironic::inspector::pxe_transfer_protocol: 'http'
{{/IPXE_ENABLED}}
ironic::inspector::enable_uefi: {{INSPECTION_ENABLE_UEFI}}
ironic::inspector::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
ironic::inspector::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
ironic::inspector::authtoken::username: 'ironic'
ironic::inspector::authtoken::password: "%{hiera('ironic::api::authtoken::password')}"
ironic::inspector::authtoken::project_name: 'service'
ironic::inspector::db::database_connection: mysql+pymysql://ironic-inspector:{{UNDERCLOUD_IRONIC_PASSWORD}}@{{LOCAL_IP}}/ironic-inspector
ironic::inspector::keep_ports: 'added'
ironic::inspector::ironic_username: 'ironic'
ironic::inspector::ironic_password: "%{hiera('ironic::api::authtoken::password')}"
ironic::inspector::ironic_tenant_name: 'service'
ironic::inspector::ironic_project_domain_name: 'Default'
ironic::inspector::ironic_user_domain_name: 'Default'
ironic::inspector::ironic_auth_url: "%{hiera('keystone_auth_uri')}"
ironic::inspector::ironic_max_retries: 6
ironic::inspector::ironic_retry_interval: 10
ironic::inspector::store_data: 'swift'
ironic::inspector::swift_username: 'ironic'
ironic::inspector::swift_password: "%{hiera('ironic::api::authtoken::password')}"
ironic::inspector::swift_tenant_name: 'service'
ironic::inspector::swift_project_domain_name: 'Default'
ironic::inspector::swift_user_domain_name: 'Default'
ironic::inspector::swift_auth_url: "%{hiera('keystone_auth_uri')}"
ironic::inspector::dnsmasq_local_ip: {{LOCAL_IP}}
ironic::inspector::dnsmasq_ip_range: {{INSPECTION_IPRANGE}}
ironic::inspector::dnsmasq_interface: {{INSPECTION_INTERFACE}}
ironic::inspector::ramdisk_collectors: {{INSPECTION_COLLECTORS}}
ironic::inspector::additional_processing_hooks: 'extra_hardware,lldp_basic,local_link_connection'
ironic::inspector::ramdisk_kernel_args: {{INSPECTION_KERNEL_ARGS}}
ironic::inspector::ipxe_timeout: 60
ironic::inspector::node_not_found_hook: {{INSPECTION_NODE_NOT_FOUND_HOOK}}
ironic::inspector::discovery_default_driver: {{DISCOVERY_DEFAULT_DRIVER}}
ironic::inspector::detect_boot_mode: true
# Ironic PXE driver
ironic::drivers::pxe::ipxe_timeout: 60
# Ironic deploy utils
ironic_ipxe_port: 8088
ironic::conductor::http_url: "http://{{LOCAL_IP}}:%{hiera('ironic_ipxe_port')}"
ironic::conductor::http_boot: '/httpboot'
ironic::inspector::http_port: "%{hiera('ironic_ipxe_port')}"
# Ironic pxe
ironic::drivers::pxe::ipxe_enabled: {{IPXE_ENABLED}}
# NOTE(dtantsur): UEFI only works with iPXE currently for us
ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
# Ironic agent
ironic::drivers::agent::deploy_logs_collect: 'always'
ironic::drivers::agent::deploy_logs_storage_backend: 'local'
ironic::drivers::agent::deploy_logs_local_path: '/var/log/ironic/deploy/'
# Ironic power and management drivers tuning
ironic::drivers::ipmi::retry_timeout: 15
ironic::drivers::ilo::default_boot_mode: 'bios'
# Rabbit
rabbit_cookie: {{UNDERCLOUD_RABBIT_COOKIE}}
rabbitmq::delete_guest_user: false
rabbitmq::node_ip_address: {{LOCAL_IP}}
rabbitmq::package_source: undef
rabbitmq::port: '5672'
rabbitmq::repos_ensure: false
rabbitmq::wipe_db_on_cookie_change: true
rabbitmq::default_user: {{UNDERCLOUD_RABBIT_USERNAME}}
rabbitmq::default_pass: {{UNDERCLOUD_RABBIT_PASSWORD}}
# Horizon
horizon::django_debug: "%{hiera('debug')}"
horizon_secret_key: {{UNDERCLOUD_HORIZON_SECRET_KEY}}
horizon::allowed_hosts:
- "%{::fqdn}"
- "{{LOCAL_IP}}"
horizon::wsgi::apache::priority: 10
horizon::openstack_endpoint_type: internalURL
# Mistral
mistral::debug: "%{hiera('debug')}"
mistral::api::bind_host: {{LOCAL_IP}}
mistral::api::api_workers: "%{::os_workers}"
mistral::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
mistral::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
mistral::rabbit_host: {{LOCAL_IP}}
mistral::auth_uri: "%{hiera('keystone_auth_uri')}"
mistral::identity_uri: "%{hiera('keystone_identity_uri')}"
mistral::database_connection: mysql+pymysql://mistral:{{UNDERCLOUD_MISTRAL_PASSWORD}}@{{LOCAL_IP}}/mistral
mistral::rpc_backend: rabbit
mistral::keystone_password: {{UNDERCLOUD_MISTRAL_PASSWORD}}
mistral::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_PUBLIC}}
mistral::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_INTERNAL}}
mistral::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_ADMIN}}
mistral::keystone::auth::region: "%{hiera('keystone_region')}"
mistral::keystone::auth::password: {{UNDERCLOUD_MISTRAL_PASSWORD}}
mistral::keystone::auth::tenant: 'service'
mistral::engine::older_than: 2880
mistral::engine::evaluation_interval: 120
mistral::engine::execution_field_size_limit_kb: 4096
# Zaqar
zaqar::keystone::authtoken::project_name: 'service'
zaqar::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
zaqar::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
zaqar::keystone::authtoken::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
zaqar::keystone::auth::tenant: 'service'
zaqar::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_PUBLIC}}
zaqar::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_INTERNAL}}
zaqar::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_ADMIN}}
zaqar::keystone::auth::region: "%{hiera('keystone_region')}"
zaqar::keystone::auth::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
zaqar::keystone::auth::roles:
- admin
- ResellerAdmin
zaqar::keystone::auth_websocket::tenant: 'service'
zaqar::keystone::auth_websocket::public_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_PUBLIC}}
zaqar::keystone::auth_websocket::internal_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_INTERNAL}}
zaqar::keystone::auth_websocket::admin_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_ADMIN}}
zaqar::keystone::auth_websocket::region: "%{hiera('keystone_region')}"
zaqar::keystone::auth_websocket::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
zaqar::server::service_name: 'httpd'
zaqar::unreliable: true
zaqar::transport::websocket::bind: {{LOCAL_IP}}
zaqar::wsgi::apache::bind_host: {{LOCAL_IP}}
zaqar::wsgi::apache::ssl: false
zaqar::message_store: swift
zaqar::management_store: sqlalchemy
zaqar::management::sqlalchemy::uri: mysql+pymysql://zaqar:{{UNDERCLOUD_ZAQAR_PASSWORD}}@{{LOCAL_IP}}/zaqar
zaqar::messaging::swift::uri: swift://zaqar:{{UNDERCLOUD_ZAQAR_PASSWORD}}@/service
zaqar::messaging::swift::auth_url: "%{hiera('keystone_auth_uri')}"
zaqar::message_pipeline: 'zaqar.notification.notifier'
zaqar::max_messages_post_size: 1048576
# Cinder
cinder::debug: "%{hiera('debug')}"
cinder_backend_name: 'undercloud_iscsi'
cinder_enable_test_volume: false
cinder_iscsi_address: {{LOCAL_IP}}
cinder::api::enable_proxy_headers_parsing: true
cinder::api::service_name: 'httpd'
cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL'
cinder::backends::enabled_backends: ["%{hiera('cinder_backend_name')}"]
cinder::cron::db_purge::destination: "/dev/null"
cinder::database_connection: mysql+pymysql://cinder:{{UNDERCLOUD_CINDER_PASSWORD}}@{{LOCAL_IP}}/cinder
cinder::db::database_db_max_retries: -1
cinder::db::database_max_retries: -1
cinder::debug: "%{hiera('debug')}"
cinder::glance::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
cinder::keystone::auth::tenant: 'service'
cinder::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CINDER_PUBLIC}}
cinder::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CINDER_INTERNAL}}
cinder::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CINDER_ADMIN}}
cinder::keystone::auth::public_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_PUBLIC}}
cinder::keystone::auth::internal_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_INTERNAL}}
cinder::keystone::auth::admin_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_ADMIN}}
cinder::keystone::auth::public_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_PUBLIC}}
cinder::keystone::auth::internal_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_INTERNAL}}
cinder::keystone::auth::admin_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_ADMIN}}
cinder::keystone::auth::region: "%{hiera('keystone_region')}"
cinder::keystone::auth::password: {{UNDERCLOUD_CINDER_PASSWORD}}
cinder::keystone::authtoken::project_name: 'service'
cinder::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
cinder::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
cinder::keystone::authtoken::password: {{UNDERCLOUD_CINDER_PASSWORD}}
cinder::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
cinder::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
cinder::rabbit_host: {{LOCAL_IP}}
cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
cinder::setup_test_volume::size: '10280M'
cinder::wsgi::apache::bind_host: {{LOCAL_IP}}
cinder::wsgi::apache::ssl: false
cinder::wsgi::apache::workers: "%{::os_workers}"
# HAproxy
tripleo::profile::base::haproxy::step: 1
tripleo::haproxy::haproxy_stats_password: {{UNDERCLOUD_HAPROXY_STATS_PASSWORD}}
tripleo::haproxy::controller_virtual_ip: "%{hiera('controller_admin_host')}"
tripleo::haproxy::controller_hosts: "%{hiera('controller_host')}"
tripleo::haproxy::public_virtual_ip: "%{hiera('controller_public_host')}"
tripleo::haproxy::public_virtual_interface: 'br-ctlplane'
tripleo::haproxy::keystone_admin: true
tripleo::haproxy::keystone_public: true
tripleo::haproxy::neutron: true
tripleo::haproxy::glance_api: true
tripleo::haproxy::glance_registry: true
tripleo::haproxy::nova_osapi: true
tripleo::haproxy::nova_placement: true
tripleo::haproxy::nova_metadata: true
tripleo::haproxy::swift_proxy_server: true
tripleo::haproxy::heat_api: true
tripleo::haproxy::ceilometer: "%{hiera('enable_telemetry')}"
tripleo::haproxy::aodh: "%{hiera('enable_telemetry')}"
tripleo::haproxy::gnocchi: "%{hiera('enable_telemetry')}"
tripleo::haproxy::panko: "%{hiera('enable_telemetry')}"
tripleo::haproxy::ironic: true
tripleo::haproxy::ironic_inspector: true
tripleo::haproxy::rabbitmq: true
tripleo::haproxy::mistral: true
tripleo::haproxy::zaqar_api: true
tripleo::haproxy::zaqar_ws: true
tripleo::haproxy::docker_registry: true
# Docker
tripleo::profile::base::docker::step: 1
{{#DOCKER_REGISTRY_MIRROR}}
tripleo::profile::base::docker::registry_mirror: {{DOCKER_REGISTRY_MIRROR}}
{{/DOCKER_REGISTRY_MIRROR}}
# Keepalived
tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}"
tripleo::keepalived::control_virtual_interface: 'br-ctlplane'
tripleo::keepalived::public_virtual_ip: "%{hiera('controller_public_host')}"
tripleo::keepalived::public_virtual_interface: 'br-ctlplane'
tripleo::keepalived::virtual_router_id_base: 40
# UI
keystone::cors::allowed_origin: '*'
ironic::cors::allowed_origin: '*'
ironic::cors::max_age: 3600
ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS'
ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
heat::cors::allowed_origin: '*'
heat::cors::max_age: 3600
heat::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
heat::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
mistral::cors::allowed_origin: '*'
mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
swift::proxy::cors_allow_origin: '*'
tripleo::ui::endpoint_proxy_zaqar: {{UNDERCLOUD_ENDPOINT_ZAQAR_UI_PROXY_INTERNAL}}
tripleo::ui::endpoint_proxy_keystone: {{UNDERCLOUD_ENDPOINT_KEYSTONE_INTERNAL}}
tripleo::ui::endpoint_proxy_heat: {{UNDERCLOUD_ENDPOINT_HEAT_UI_PROXY_INTERNAL}}
tripleo::ui::endpoint_proxy_ironic: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
tripleo::ui::endpoint_proxy_mistral: {{UNDERCLOUD_ENDPOINT_MISTRAL_UI_PROXY_INTERNAL}}
tripleo::ui::endpoint_proxy_swift: {{UNDERCLOUD_ENDPOINT_SWIFT_UI_PROXY_INTERNAL}}
tripleo::ui::endpoint_config_zaqar: {{UNDERCLOUD_ENDPOINT_ZAQAR_UI_CONFIG_PUBLIC}}
tripleo::ui::endpoint_config_keystone: {{UNDERCLOUD_ENDPOINT_KEYSTONE_UI_CONFIG_PUBLIC}}
tripleo::ui::endpoint_config_heat: {{UNDERCLOUD_ENDPOINT_HEAT_UI_CONFIG_PUBLIC}}
tripleo::ui::endpoint_config_ironic: {{UNDERCLOUD_ENDPOINT_IRONIC_UI_CONFIG_PUBLIC}}
tripleo::ui::endpoint_config_mistral: {{UNDERCLOUD_ENDPOINT_MISTRAL_UI_CONFIG_PUBLIC}}
tripleo::ui::endpoint_config_swift: {{UNDERCLOUD_ENDPOINT_SWIFT_UI_CONFIG_PUBLIC}}
# service tenant
ceilometer::keystone::authtoken::project_name: 'service'
aodh::keystone::authtoken::project_name: 'service'
gnocchi::keystone::authtoken::project_name: 'service'
cinder::keystone::authtoken::project_name: 'service'
heat::keystone::authtoken::project_name: 'service'
glance::api::authtoken::project_name: 'service'
glance::registry::authtoken::project_name: 'service'
ironic::api::authtoken::project_name: 'service'
ironic::drivers::inspector::project_name: 'service'
ironic::glance::project_name: 'service'
ironic::neutron::project_name: 'service'
ironic::service_catalog::project_name: 'service'
ironic::swift::project_name: 'service'
nova::keystone::authtoken::project_name: 'service'
swift::proxy::authtoken::project_name: 'service'
mistral::keystone_tenant: 'service'
swift::proxy::workers: "%{::os_workers}"
# Options
enable_tempest: {{ENABLE_TEMPEST}}
enable_validations: {{ENABLE_VALIDATIONS}}
enable_telemetry: {{ENABLE_TELEMETRY}}
enable_legacy_ceilometer_api: {{ENABLE_LEGACY_CEILOMETER_API}}
enable_legacy_ceilometer_collector: {{ENABLE_LEGACY_CEILOMETER_COLLECTOR}}
enable_ui: {{ENABLE_UI}}
enable_cinder: {{ENABLE_CINDER}}
enable_container_images_build: {{ENABLE_CONTAINER_IMAGES_BUILD}}
# Path to install configuration files
tripleo_install_user: {{TRIPLEO_INSTALL_USER}}
tripleo_undercloud_conf_file: {{TRIPLEO_UNDERCLOUD_CONF_FILE}}
tripleo_undercloud_password_file: {{TRIPLEO_UNDERCLOUD_PASSWORD_FILE}}
# Novajoin
{{#ENABLE_NOVAJOIN}}
novajoin_listen_port: 9090
nova::metadata::novajoin::api::bind_address: "{{LOCAL_IP}}"
nova::metadata::novajoin::api::join_listen_port: "%{hiera('novajoin_listen_port')}"
nova::metadata::novajoin::api::keystone_auth_url: "%{hiera('keystone_auth_uri')}"
nova::metadata::novajoin::api::nova_password: {{UNDERCLOUD_NOVA_PASSWORD}}
nova::metadata::novajoin::api::transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
nova::metadata::novajoin::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
nova::metadata::novajoin::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
nova::metadata::novajoin::authtoken::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
nova::metadata::novajoin::authtoken::project_name: 'service'
nova::metadata::novajoin::auth::tenant: 'service'
nova::metadata::novajoin::auth::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
nova::metadata::novajoin::auth::region: "%{hiera('keystone_region')}"
ipaclient::password: {{IPA_OTP}}
ipaclient::hostname: {{UNDERCLOUD_HOSTNAME}}
enable_novajoin: true
nova::api::vendordata_jsonfile_path: '/etc/nova/cloud-config-novajoin.json'
nova::api::vendordata_providers: ['StaticJSON', 'DynamicJSON']
nova::api::vendordata_dynamic_targets: ["join@http://{{LOCAL_IP}}:%{hiera('novajoin_listen_port')}/v1/"]
nova::api::vendordata_dynamic_failure_fatal: true
nova::api::vendordata_dynamic_auth_auth_type: 'password'
nova::api::vendordata_dynamic_auth_auth_url: "%{hiera('keystone_auth_uri')}"
nova::api::vendordata_dynamic_auth_os_region_name: "%{hiera('keystone_region')}"
nova::api::vendordata_dynamic_auth_username: 'nova'
nova::api::vendordata_dynamic_auth_project_name: 'service'
nova::api::vendordata_dynamic_auth_project_domain_name: 'Default'
nova::api::vendordata_dynamic_auth_user_domain_name: 'Default'
nova::api::vendordata_dynamic_auth_password: {{UNDERCLOUD_NOVA_PASSWORD}}
nova::notification_topics: ['notifications', 'novajoin_notifications']
nova::notify_on_state_change: 'vm_state'
{{/ENABLE_NOVAJOIN}}
# Firewall
tripleo::firewall::manage_firewall: true
tripleo::firewall::firewall_rules:
'105 ntp':
dport: 123
proto: udp
'106 vrrp':
proto: vrrp
'107 haproxy stats':
dport: 1993
'108 redis':
dport:
- 6379
- 26379
'110 ceph':
dport:
- 6789
- '6800-6810'
'111 keystone':
dport:
- 5000
- 13000
- 35357
- 13357
'112 glance':
dport:
- 9292
- 9191
- 13292
'113 nova':
dport:
- 6080
- 13080
- 8773
- 13773
- 8774
- 13774
- 8778
- 13778
- 8775
- 13775
'114 neutron server':
dport:
- 9696
- 13696
'115 neutron dhcp input':
proto: 'udp'
dport: 67
'116 neutron dhcp output':
proto: 'udp'
chain: 'OUTPUT'
dport: 68
'118 neutron vxlan networks':
proto: 'udp'
dport: 4789
'119 cinder':
dport:
- 8776
- 13776
'120 iscsi initiator':
dport: 3260
'121 memcached':
dport: 11211
'122 swift proxy':
dport:
- 8080
- 13808
'123 swift storage':
dport:
- 873
- 6000
- 6001
- 6002
'124 ceilometer':
dport:
- 8777
- 13777
'125 heat':
dport:
- 8000
- 13800
- 8003
- 13003
- 8004
- 13004
'126 horizon':
dport:
- 80
- 443
'127 snmp':
dport: 161
proto: 'udp'
'128 aodh':
dport:
- 8042
- 13042
'129 gnocchi-api':
dport:
- 8041
- 13041
'130 tftp':
dport: 69
proto: udp
'131 novnc':
dport: 5900-5999
proto: tcp
'132 mistral':
dport:
- 8989
- 13989
'133 zaqar':
dport:
- 8888
- 13888
'134 zaqar websockets':
dport: 9000
'135 ironic':
dport:
- 6385
- 13385
'136 trove':
dport:
- 8779
- 13779
'137 ironic-inspector':
dport: 5050
'138 docker registry':
dport:
- 8787
- 13787
'139 apache vhost':
dport: "%{hiera('ironic_ipxe_port')}"
'140 network cidr nat':
chain: FORWARD
destination: {{NETWORK_CIDR}}
'142 tripleo-ui':
dport:
- 3000
- 443
'143 panko-api':
dport:
- 8779
- 13779