A utility to run diskimage-builder undercloud elements on a running host
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1074 lines
51 KiB

  1. keystone_identity_uri: {{UNDERCLOUD_ENDPOINT_KEYSTONE_ADMIN}}
  2. keystone_auth_uri: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}/v3
  3. keystone_region: 'regionOne'
  4. keystone_default_domain: 'Default'
  5. notification_driver: {{NOTIFICATION_DRIVER}}
  6. debug: {{UNDERCLOUD_DEBUG}}
  7. controller_host: {{LOCAL_IP}} #local-ipv4
  8. #local-ipv4 similar to the same hiera key in the overcloud
  9. ctlplane: {{LOCAL_IP}}
  10. controller_host_wrapped: "{{LOCAL_IP_WRAPPED}}"
  11. controller_admin_host: {{UNDERCLOUD_ADMIN_HOST}}
  12. controller_public_host: {{UNDERCLOUD_PUBLIC_HOST}}
  13. controller_public_host_wrapped: "{{UNDERCLOUD_PUBLIC_HOST_WRAPPED}}"
  14. {{#UNDERCLOUD_NTP_SERVERS}}
  15. ntp::servers: {{{UNDERCLOUD_NTP_SERVERS}}}
  16. {{/UNDERCLOUD_NTP_SERVERS}}
  17. sysctl_settings: {{SYSCTL_SETTINGS}}
  18. # SSL
  19. tripleo::haproxy::service_certificate: {{UNDERCLOUD_SERVICE_CERTIFICATE}}
  20. generate_service_certificates: {{GENERATE_SERVICE_CERTIFICATE}}
  21. tripleo::profile::base::haproxy::certificates_specs:
  22. undercloud-haproxy-public:
  23. service_pem: {{UNDERCLOUD_SERVICE_CERTIFICATE}}
  24. service_certificate: '/etc/pki/tls/certs/undercloud-front.crt'
  25. service_key: '/etc/pki/tls/private/undercloud-front.key'
  26. hostname: "%{hiera('controller_public_host')}"
  27. postsave_cmd: "/usr/bin/instack-haproxy-cert-update '/etc/pki/tls/certs/undercloud-front.crt' '/etc/pki/tls/private/undercloud-front.key' {{UNDERCLOUD_SERVICE_CERTIFICATE}} undercloud-haproxy-public-cert"
  28. principal: {{SERVICE_PRINCIPAL}}
  29. # CA defaults
  30. certmonger_ca: {{CERTIFICATE_GENERATION_CA}}
  31. # Common Hiera data gets applied to all nodes
  32. ssh::server::storeconfigs_enabled: false
  33. # memcached
  34. memcached::max_memory: '50%'
  35. memcached::verbosity: 'v'
  36. memcached::disable_cachedump: true
  37. memcached::listen_ip: '127.0.0.1'
  38. memcached::udp_port: 0
  39. # Apache
  40. apache::server_signature: 'Off'
  41. apache::server_tokens: 'Prod'
  42. # ceilometer settings used by compute and controller ceilo auth settings
  43. ceilometer::agent::auth::auth_region: "%{hiera('keystone_region')}"
  44. aodh::auth::auth_region: "%{hiera('keystone_region')}"
  45. ceilometer::agent::auth::auth_tenant_name: 'service'
  46. aodh::auth::auth_tenant_name: 'service'
  47. ceilometer::agent::auth::auth_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
  48. aodh::auth::auth_url: "%{hiera('keystone_auth_uri')}"
  49. # Swift
  50. swift::proxy::proxy_local_net_ip: {{LOCAL_IP}}
  51. swift::proxy::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  52. swift::proxy::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  53. swift::proxy::node_timeout: 60
  54. swift::proxy::workers: "%{::os_workers}"
  55. swift::proxy::log_facility: LOG_LOCAL2
  56. swift::storage::all::storage_local_net_ip: {{LOCAL_IP}}
  57. swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
  58. swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
  59. swift::swift_hash_path_suffix: {{UNDERCLOUD_SWIFT_HASH_SUFFIX}}
  60. swift::proxy::account_autocreate: true
  61. swift::proxy::authtoken::password: {{UNDERCLOUD_SWIFT_PASSWORD}}
  62. swift::keystone::auth::tenant: 'service'
  63. swift::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_SWIFT_PUBLIC}}
  64. swift::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_SWIFT_INTERNAL}}
  65. swift::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_SWIFT_ADMIN}}
  66. swift::keystone::auth::password: {{UNDERCLOUD_SWIFT_PASSWORD}}
  67. swift::keystone::auth::region: "%{hiera('keystone_region')}"
  68. swift::keystone::auth::configure_s3_endpoint: false
  69. swift::keystone::auth::operator_roles:
  70. - admin
  71. - swiftoperator
  72. swift_mount_check: false
  73. swift::ringbuilder::replicas: 1
  74. swift::ringbuilder::part_power: 10
  75. swift::ringbuilder::min_part_hours: 1
  76. swift::proxy::pipeline:
  77. - 'catch_errors'
  78. - 'healthcheck'
  79. - 'proxy-logging'
  80. - 'cache'
  81. - 'ratelimit'
  82. - 'bulk'
  83. - 'tempurl'
  84. - 'formpost'
  85. - 'authtoken'
  86. - 'keystone'
  87. - 'staticweb'
  88. - 'copy'
  89. - 'slo'
  90. - 'dlo'
  91. - 'versioned_writes'
  92. - 'proxy-logging'
  93. - 'proxy-server'
  94. # Glance
  95. glance::api::debug: "%{hiera('debug')}"
  96. glance::api::bind_port: 9292
  97. glance::api::bind_host: {{LOCAL_IP}}
  98. glance::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  99. glance::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  100. glance::api::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  101. glance::api::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  102. glance::api::registry_host: {{LOCAL_IP}}
  103. glance::api::authtoken::password: {{UNDERCLOUD_GLANCE_PASSWORD}}
  104. glance::api::workers: "%{::os_workers}"
  105. glance::api::stores:
  106. - glance.store.filesystem.Store
  107. - glance.store.swift.Store
  108. glance::api::default_store: 'glance.store.swift.Store'
  109. glance::api::pipeline: 'keystone'
  110. # used to construct glance_api_servers
  111. glance_log_file: ''
  112. glance::api::database_connection: mysql+pymysql://glance:{{UNDERCLOUD_GLANCE_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/glance
  113. glance::api::enable_v1_api: false
  114. glance::api::enable_v2_api: true
  115. glance::keystone::auth::tenant: 'service'
  116. glance::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_GLANCE_PUBLIC}}
  117. glance::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
  118. glance::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_GLANCE_ADMIN}}
  119. glance::keystone::auth::password: {{UNDERCLOUD_GLANCE_PASSWORD}}
  120. glance::keystone::auth::region: "%{hiera('keystone_region')}"
  121. glance::backend::swift::swift_store_auth_address: "%{hiera('keystone_auth_uri')}"
  122. glance::backend::swift::swift_store_auth_version: 3
  123. glance::backend::swift::swift_store_user: service:glance
  124. glance::backend::swift::swift_store_key: {{UNDERCLOUD_GLANCE_PASSWORD}}
  125. glance::backend::swift::swift_store_create_container_on_put: true
  126. glance::notify::rabbitmq::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  127. glance::notify::rabbitmq::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  128. glance::notify::rabbitmq::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
  129. glance::registry::debug: "%{hiera('debug')}"
  130. # Heat
  131. heat::debug: "%{hiera('debug')}"
  132. heat_stack_domain_admin_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}}
  133. heat::engine::configure_delegated_roles: false
  134. heat::engine::heat_stack_user_role: 'heat_stack_user'
  135. heat::engine::heat_watch_server_url: http://{{LOCAL_IP}}:8003
  136. heat::engine::heat_metadata_server_url: http://{{LOCAL_IP}}:8000
  137. heat::engine::heat_waitcondition_server_url: http://{{LOCAL_IP}}:8000/v1/waitcondition
  138. heat::engine::reauthentication_auth_method: 'trusts'
  139. heat::engine::trusts_delegated_roles: []
  140. heat::engine::auth_encryption_key: {{UNDERCLOUD_HEAT_ENCRYPTION_KEY}}
  141. heat::engine::max_resources_per_stack: -1
  142. heat::engine::convergence_engine: true
  143. heat::engine::num_engine_workers: "%{::os_workers_heat_engine}"
  144. heat::engine::max_nested_stack_depth: 7
  145. heat::instance_user: heat-admin
  146. heat::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
  147. heat::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  148. heat::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  149. heat::keystone::authtoken::password: {{UNDERCLOUD_HEAT_PASSWORD}}
  150. heat::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  151. heat::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  152. heat::keystone::domain::domain_name: 'heat_stack'
  153. heat::keystone::domain::domain_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}}
  154. heat::policy::policies:
  155. heat-deny-action:
  156. key: 'actions:action'
  157. value: 'rule:deny_everybody'
  158. heat::api::bind_host: {{LOCAL_IP}}
  159. heat::api::workers: "%{::os_workers}"
  160. heat::api::service_name: 'httpd'
  161. heat::api_cfn::bind_host: {{LOCAL_IP}}
  162. heat::api_cfn::workers: "%{::os_workers}"
  163. heat::api_cfn::service_name: 'httpd'
  164. heat::wsgi::apache_api::ssl: false
  165. heat::wsgi::apache_api::bind_host: {{LOCAL_IP}}
  166. heat::wsgi::apache_api::workers: "%{hiera('heat::api::workers')}"
  167. heat::wsgi::apache_api_cfn::ssl: false
  168. heat::wsgi::apache_api_cfn::bind_host: {{LOCAL_IP}}
  169. heat::wsgi::apache_api_cfn::workers: "%{hiera('heat::api_cfn::workers')}"
  170. heat::database_connection: mysql+pymysql://heat:{{UNDERCLOUD_HEAT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/heat
  171. heat_dsn: mysql+pymysql://heat:{{UNDERCLOUD_HEAT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/heat
  172. heat::rpc_response_timeout: 600
  173. heat::keystone::auth::tenant: 'service'
  174. heat::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_PUBLIC}}
  175. heat::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_INTERNAL}}
  176. heat::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_ADMIN}}
  177. heat::keystone::auth::password: {{UNDERCLOUD_HEAT_PASSWORD}}
  178. heat::keystone::auth::region: "%{hiera('keystone_region')}"
  179. heat::keystone::auth_cfn::tenant: 'service'
  180. heat::keystone::auth_cfn::region: "%{hiera('keystone_region')}"
  181. heat::keystone::auth_cfn::password: {{UNDERCLOUD_HEAT_CFN_PASSWORD}}
  182. heat::keystone::auth_cfn::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_PUBLIC}}
  183. heat::keystone::auth_cfn::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_INTERNAL}}
  184. heat::keystone::auth_cfn::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_ADMIN}}
  185. heat::cron::purge_deleted::age: 1
  186. heat::cron::purge_deleted::age_type: 'days'
  187. heat::cron::purge_deleted::destination: '/dev/null'
  188. heat::notification_driver: "%{hiera('notification_driver')}"
  189. heat::yaql_memory_quota: 100000
  190. heat::yaql_limit_iterators: 1000
  191. heat::max_json_body_size: 4194304
  192. # Keystone
  193. keystone::debug: "%{hiera('debug')}"
  194. keystone::admin_token: {{UNDERCLOUD_ADMIN_TOKEN}}
  195. keystone::admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}}
  196. keystone::admin_workers: "%{::os_workers}"
  197. keystone::public_workers: "%{::os_workers}"
  198. keystone::public_bind_host: {{LOCAL_IP}}
  199. keystone::admin_bind_host: {{LOCAL_IP}}
  200. keystone::public_endpoint: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
  201. keystone::service_name: 'httpd'
  202. keystone_ca_certificate: '{{KEYSTONE_CA_CERTIFICATE}}'
  203. keystone_signing_key: '{{KEYSTONE_SIGNING_KEY}}'
  204. keystone_signing_certificate: '{{KEYSTONE_SIGNING_CERTIFICATE}}'
  205. keystone::database_connection: mysql+pymysql://keystone:{{UNDERCLOUD_ADMIN_TOKEN}}@{{LOCAL_IP_WRAPPED}}/keystone
  206. keystone::cron::token_flush::destination: '/dev/null'
  207. keystone::roles::admin::password: {{UNDERCLOUD_ADMIN_PASSWORD}}
  208. keystone::roles::admin::email: 'root@localhost'
  209. keystone::roles::admin::admin_tenant: 'admin'
  210. keystone::roles::admin::service_tenant: 'service'
  211. keystone::token_expiration: 14400
  212. keystone::endpoint::public_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
  213. keystone::endpoint::internal_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_INTERNAL}}
  214. keystone::endpoint::admin_url: "%{hiera('keystone_identity_uri')}"
  215. keystone::endpoint::region: "%{hiera('keystone_region')}"
  216. keystone::endpoint::version: ''
  217. keystone::wsgi::apache::ssl: false
  218. keystone::wsgi::apache::bind_host: {{LOCAL_IP}}
  219. keystone::notification_driver: "%{hiera('notification_driver')}"
  220. keystone::notification_topics: notifications
  221. keystone::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  222. keystone::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  223. keystone::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
  224. keystone::enable_credential_setup: true
  225. keystone::fernet_max_active_keys: 2
  226. keystone::cache_memcache_servers: "%{hiera('memcached::listen_ip')}:11211"
  227. keystone::cache_backend: "dogpile.cache.memcached"
  228. # MySQL
  229. admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}}
  230. enable_galera: true
  231. mysql_max_connections: '4096'
  232. tripleo::profile::base::database::mysql::step: 2
  233. tripleo::profile::base::database::mysql::manage_resources: true
  234. tripleo::profile::base::database::mysql::remove_default_accounts: true
  235. tripleo::profile::base::database::mysql::innodb_log_file_size: 256M
  236. tripleo::profile::base::database::mysql::mysql_server_options:
  237. 'mysqld':
  238. bind-address: "%{hiera('controller_host')}"
  239. innodb_file_per_table: 'ON'
  240. connect_timeout: 60
  241. mysql::server::restart: true
  242. mysql::server::root_password: {{UNDERCLOUD_DB_PASSWORD}}
  243. # Neutron
  244. neutron::debug: "%{hiera('debug')}"
  245. neutron::bind_host: {{LOCAL_IP}}
  246. neutron::core_plugin: ml2
  247. neutron::service_plugins: ['router']
  248. neutron::dhcp_agents_per_network: 2
  249. neutron::dns_domain: {{OVERCLOUD_DOMAIN_NAME}}
  250. neutron::notification_driver: "%{hiera('notification_driver')}"
  251. neutron::server::api_workers: "%{::os_workers}"
  252. neutron::server::rpc_workers: "%{::os_workers}"
  253. neutron::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  254. neutron::rabbit_user: {{UNDERCLOUD_RABBIT_USERNAME}}
  255. neutron::keystone::authtoken::project_name: "%{hiera('neutron::keystone::auth::tenant')}"
  256. neutron::server::notifications::project_name: "%{hiera('neutron::keystone::auth::tenant')}"
  257. neutron::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  258. neutron::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  259. neutron::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  260. neutron::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  261. neutron::server::database_connection: mysql+pymysql://neutron:{{UNDERCLOUD_NEUTRON_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/neutron
  262. neutron::server::sync_db: true
  263. neutron::agents::ml2::ovs::local_ip: {{LOCAL_IP}}
  264. neutron::plugins::ml2::mechanism_drivers: ['openvswitch', 'baremetal']
  265. neutron_bridge_mappings: ctlplane:br-ctlplane
  266. neutron_public_interface: {{LOCAL_INTERFACE}}
  267. neutron_physical_bridge: br-ctlplane
  268. neutron::global_physnet_mtu: {{LOCAL_MTU}}
  269. neutron::keystone::authtoken::password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
  270. neutron::agents::metadata::auth_password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
  271. neutron::agents::metadata::metadata_workers: "%{::os_workers}"
  272. neutron::quota::quota_port: -1
  273. neutron::server::notifications::auth_url: "%{hiera('keystone_auth_uri')}"
  274. neutron::server::notifications::tenant_name: service
  275. neutron::server::notifications::password: {{UNDERCLOUD_NOVA_PASSWORD}}
  276. neutron::keystone::auth::tenant: 'service'
  277. neutron::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}}
  278. neutron::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_INTERNAL}}
  279. neutron::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_ADMIN}}
  280. neutron::keystone::auth::password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
  281. neutron::keystone::auth::region: "%{hiera('keystone_region')}"
  282. neutron::plugins::ml2::extension_drivers: 'port_security'
  283. neutron::service_plugins: ['segments']
  284. neutron::agents::ml2::networking_baremetal::user: 'ironic'
  285. neutron::agents::ml2::networking_baremetal::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  286. neutron::agents::ml2::networking_baremetal::auth_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
  287. neutron::agents::ml2::networking_baremetal::project_name: "%{hiera('neutron::keystone::auth::tenant')}"
  288. neutron::agents::ml2::networking_baremetal::user_domain_name: "%{hiera('keystone_default_domain')}"
  289. neutron::agents::ml2::networking_baremetal::project_domain_name: "%{hiera('keystone_default_domain')}"
  290. neutron::agents::ml2::networking_baremetal::region_name: "%{hiera('keystone_region')}"
  291. # Ceilometer
  292. ceilometer::debug: "%{hiera('debug')}"
  293. ceilometer::metering_secret: {{UNDERCLOUD_CEILOMETER_METERING_SECRET}}
  294. ceilometer::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  295. ceilometer::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  296. ceilometer::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
  297. ceilometer::notification_driver: "%{hiera('notification_driver')}"
  298. ceilometer::keystone::authtoken::password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
  299. ceilometer::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  300. ceilometer::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  301. ceilometer::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  302. ceilometer::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  303. ceilometer::db::database_connection: mysql+pymysql://ceilometer:{{UNDERCLOUD_CEILOMETER_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/ceilometer
  304. ceilometer::agent::auth::auth_password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
  305. ceilometer_compute_agent: ''
  306. ceilometer::snmpd_readonly_username: {{UNDERCLOUD_CEILOMETER_SNMPD_USER}}
  307. ceilometer::snmpd_readonly_user_password: {{UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD}}
  308. ceilometer::keystone::auth::tenant: 'service'
  309. ceilometer::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_PUBLIC}}
  310. ceilometer::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_INTERNAL}}
  311. ceilometer::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_ADMIN}}
  312. ceilometer::keystone::auth::password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
  313. ceilometer::keystone::auth::region: "%{hiera('keystone_region')}"
  314. ceilometer::dispatcher::gnocchi::url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_INTERNAL}}
  315. ceilometer::dispatcher::gnocchi::filter_project: 'service'
  316. ceilometer::dispatcher::gnocchi::archive_policy: 'low'
  317. ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
  318. # events dispatcher config
  319. ceilometer::agent::notification::event_pipeline_publishers: ['gnocchi://', 'panko://']
  320. ceilometer::agent::notification::manage_event_pipeline: true
  321. # Aodh
  322. aodh::debug: "%{hiera('debug')}"
  323. aodh::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  324. aodh::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  325. aodh::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
  326. aodh::notification_driver: "%{hiera('notification_driver')}"
  327. aodh::api::host: {{LOCAL_IP}}
  328. aodh::keystone::authtoken::password: {{UNDERCLOUD_AODH_PASSWORD}}
  329. aodh::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  330. aodh::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  331. ceilometer::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  332. ceilometer::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  333. aodh::api::service_name: 'httpd'
  334. aodh::wsgi::apache::ssl: false
  335. aodh::wsgi::apache::bind_host: {{LOCAL_IP}}
  336. aodh::db::database_connection: mysql+pymysql://aodh:{{UNDERCLOUD_AODH_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/aodh
  337. aodh::auth::auth_password: {{UNDERCLOUD_AODH_PASSWORD}}
  338. aodh::keystone::auth::tenant: 'service'
  339. aodh::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_AODH_PUBLIC}}
  340. aodh::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_AODH_INTERNAL}}
  341. aodh::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_AODH_ADMIN}}
  342. aodh::keystone::auth::password: {{UNDERCLOUD_AODH_PASSWORD}}
  343. aodh::keystone::auth::region: "%{hiera('keystone_region')}"
  344. # Gnocchi
  345. gnocchi::debug: "%{hiera('debug')}"
  346. gnocchi_backend: 'file'
  347. gnocchi::wsgi::apache::ssl: false
  348. gnocchi::wsgi::apache::bind_host: {{LOCAL_IP}}
  349. gnocchi::api::service_name: 'httpd'
  350. gnocchi::api::host: {{LOCAL_IP}}
  351. gnocchi::keystone::authtoken::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
  352. gnocchi::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  353. gnocchi::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  354. gnocchi::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  355. gnocchi::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  356. gnocchi::keystone::auth::tenant: 'service'
  357. gnocchi::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_PUBLIC}}
  358. gnocchi::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_INTERNAL}}
  359. gnocchi::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_ADMIN}}
  360. gnocchi::keystone::auth::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
  361. gnocchi::keystone::auth::region: "%{hiera('keystone_region')}"
  362. gnocchi::db::mysql::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
  363. gnocchi::db::database_connection: mysql+pymysql://gnocchi:{{UNDERCLOUD_GNOCCHI_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/gnocchi
  364. gnocchi::storage::swift::swift_user: 'service:gnocchi'
  365. gnocchi::storage::swift::swift_auth_version: 2
  366. gnocchi::storage::swift::swift_authurl: "%{hiera('keystone_auth_uri')}"
  367. gnocchi::storage::swift::swift_key: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
  368. #Gnocchi statsd
  369. gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26'
  370. gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3'
  371. gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
  372. gnocchi::statsd::flush_delay: 10
  373. gnocchi::statsd::archive_policy_name: 'low'
  374. gnocchi_healthcheck_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_PUBLIC}}/healthcheck
  375. # Panko
  376. panko::logging::debug: "%{hiera('debug')}"
  377. panko::wsgi::apache::ssl: false
  378. panko::wsgi::apache::bind_host: {{LOCAL_IP}}
  379. panko::api::service_name: 'httpd'
  380. panko::api::host: {{LOCAL_IP}}
  381. panko::db::mysql::password: {{UNDERCLOUD_PANKO_PASSWORD}}
  382. panko::db::database_connection: mysql+pymysql://panko:{{UNDERCLOUD_PANKO_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/panko
  383. panko::keystone::authtoken::password: {{UNDERCLOUD_PANKO_PASSWORD}}
  384. panko::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  385. panko::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  386. panko::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  387. panko::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  388. panko::keystone::auth::tenant: 'service'
  389. panko::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_PANKO_PUBLIC}}
  390. panko::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_PANKO_INTERNAL}}
  391. panko::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_PANKO_ADMIN}}
  392. panko::keystone::auth::password: {{UNDERCLOUD_PANKO_PASSWORD}}
  393. panko::keystone::auth::region: "%{hiera('keystone_region')}"
  394. panko::keystone::authtoken::project_name: 'service'
  395. # Nova
  396. nova::debug: "%{hiera('debug')}"
  397. nova::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
  398. {{#ENABLE_NOVAJOIN}}
  399. nova::notification_driver: messagingv2
  400. {{/ENABLE_NOVAJOIN}}
  401. {{^ENABLE_NOVAJOIN}}
  402. nova::notification_driver: "%{hiera('notification_driver')}"
  403. {{/ENABLE_NOVAJOIN}}
  404. nova::rpc_response_timeout: '600'
  405. nova::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  406. nova::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  407. nova::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  408. nova::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  409. nova::api::service_name: 'httpd'
  410. nova::api::api_bind_address: {{LOCAL_IP}}
  411. nova::api::enabled: true
  412. nova::api::metadata_listen: {{LOCAL_IP}}
  413. nova::keystone::authtoken::password: {{UNDERCLOUD_NOVA_PASSWORD}}
  414. nova::api::enabled_apis:
  415. - metadata
  416. nova::api::sync_db_api: true
  417. nova::api::osapi_compute_workers: "%{::os_workers}"
  418. nova::api::metadata_workers: "%{::os_workers}"
  419. nova::wsgi::apache_api::ssl: false
  420. nova::wsgi::apache_api::bind_host: {{LOCAL_IP}}
  421. nova::wsgi::apache_placement::ssl: false
  422. nova::wsgi::apache_placement::bind_host: {{LOCAL_IP}}
  423. nova::wsgi::apache_placement::api_port: '8778'
  424. nova::placement::auth_url: "%{hiera('keystone_identity_uri')}"
  425. nova::placement::password: {{UNDERCLOUD_NOVA_PASSWORD}}
  426. nova::placement::project_name: 'service'
  427. nova::placement::os_region_name: "%{hiera('keystone_region')}"
  428. nova::conductor::enabled: true
  429. nova::conductor::workers: "%{::os_workers}"
  430. nova::database_connection: mysql+pymysql://nova:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/nova
  431. nova::api_database_connection: mysql+pymysql://nova_api:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/nova_api
  432. nova::placement_database_connection: mysql+pymysql://nova_placement:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/nova_placement
  433. nova::notify_on_state_change: 'vm_and_task_state'
  434. nova::scheduler::enabled: true
  435. nova::network::neutron::dhcp_domain: ''
  436. nova::compute::force_config_drive: true
  437. nova::compute::reserved_host_memory: '0'
  438. nova::compute::vnc_enabled: false
  439. nova::compute::instance_usage_audit: true
  440. nova::compute::instance_usage_audit_period: 'hour'
  441. nova::compute::consecutive_build_service_disable_threshold: 0
  442. nova::cron::archive_deleted_rows::destination: '/dev/null'
  443. nova_sync_power_state_interval: -1
  444. nova::ironic::common::username: 'ironic'
  445. nova::ironic::common::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  446. nova::ironic::common::project_name: 'service'
  447. nova::ironic::common::api_endpoint: "{{UNDERCLOUD_ENDPOINT_IRONIC_PUBLIC}}/v1"
  448. nova::ironic::common::auth_url: "%{hiera('keystone_identity_uri')}"
  449. nova::network::neutron::neutron_auth_url: "%{hiera('keystone_auth_uri')}"
  450. nova::network::neutron::neutron_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}}
  451. nova::network::neutron::neutron_password: "%{hiera('neutron::keystone::authtoken::password')}"
  452. nova::network::neutron::neutron_project_name: "%{hiera('neutron::keystone::auth::tenant')}"
  453. nova::network::neutron::neutron_region_name: ''
  454. nova::ram_allocation_ratio: '1.0'
  455. nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager'
  456. nova::scheduler::filter::scheduler_max_attempts: {{SCHEDULER_MAX_ATTEMPTS}}
  457. nova::scheduler::filter::scheduler_available_filters: ['tripleo_common.filters.list.tripleo_filters']
  458. nova::scheduler::filter::scheduler_default_filters: ['RetryFilter', 'TripleOCapabilitiesFilter', 'ComputeCapabilitiesFilter', 'AvailabilityZoneFilter', 'ComputeFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter']
  459. nova::keystone::auth::tenant: 'service'
  460. nova::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_NOVA_PUBLIC}}
  461. nova::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_NOVA_INTERNAL}}
  462. nova::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_NOVA_ADMIN}}
  463. nova::keystone::auth::password: {{UNDERCLOUD_NOVA_PASSWORD}}
  464. nova::keystone::auth::region: "%{hiera('keystone_region')}"
  465. nova::keystone::auth::configure_ec2_endpoint: false
  466. nova::keystone::auth_placement::tenant: 'service'
  467. nova::keystone::auth_placement::public_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_PUBLIC}}
  468. nova::keystone::auth_placement::internal_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_INTERNAL}}
  469. nova::keystone::auth_placement::admin_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_ADMIN}}
  470. nova::keystone::auth_placement::password: {{UNDERCLOUD_NOVA_PASSWORD}}
  471. nova::keystone::auth_placement::region: "%{hiera('keystone_region')}"
  472. nova::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
  473. # NOTE(aschultz): raise upper limit on nova DB syncs for undercloud only.
  474. # There is no way this should take 15 minutes and if it does we now have way
  475. # different problems. But rather than block undercloud installs let's increase
  476. # the timeout for these actions. See LP#1661396 for more details.
  477. nova::db::sync::db_sync_timeout: 900
  478. nova::db::sync_api::db_sync_timeout: 900
  479. # Ironic
  480. ironic::debug: "%{hiera('debug')}"
  481. ironic::my_ip: {{LOCAL_IP}}
  482. ironic::db_online_data_migrations: true
  483. ironic::notification_driver: "%{hiera('notification_driver')}"
  484. # TODO(dtantsur): remove when support for classic drivers is removed
  485. ironic::db::online_data_migrations::migration_params: "--option migrate_to_hardware_types.reset_unsupported_interfaces=true"
  486. ironic::rpc_response_timeout: 600
  487. ironic::api::authtoken::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  488. ironic::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  489. ironic::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  490. ironic::api::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  491. ironic::api::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  492. ironic::api::host_ip: {{LOCAL_IP}}
  493. ironic::api::service_name: 'httpd'
  494. ironic::api::workers: "%{::os_workers}"
  495. ironic::wsgi::apache::ssl: false
  496. ironic::wsgi::apache::bind_host: {{LOCAL_IP}}
  497. ironic::pxe::tftp_bind_host: {{LOCAL_IP}}
  498. ironic::database_connection: mysql+pymysql://ironic:{{UNDERCLOUD_IRONIC_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/ironic
  499. ironic::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
  500. ironic::drivers::inspector::enabled: true
  501. ironic::drivers::inspector::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  502. ironic::drivers::inspector::auth_url: "%{hiera('keystone_identity_uri')}"
  503. ironic::drivers::inspector::user_domain_name: "%{hiera('keystone_default_domain')}"
  504. ironic::drivers::inspector::project_domain_name: "%{hiera('keystone_default_domain')}"
  505. ironic::glance::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  506. ironic::glance::auth_url: "%{hiera('keystone_identity_uri')}"
  507. ironic::neutron::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  508. ironic::neutron::auth_url: "%{hiera('keystone_identity_uri')}"
  509. ironic::service_catalog::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  510. ironic::service_catalog::auth_url: "%{hiera('keystone_identity_uri')}"
  511. ironic::swift::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  512. ironic::swift::auth_url: "%{hiera('keystone_identity_uri')}"
  513. # Ironic conductor forces deployments to use http
  514. # https://bugs.launchpad.net/tripleo/+bug/1613088
  515. ironic::conductor::api_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
  516. ironic::conductor::force_power_state_during_sync: false
  517. ironic::conductor::automated_clean: {{CLEAN_NODES}}
  518. ironic::conductor::cleaning_disk_erase: 'metadata'
  519. ironic::conductor::cleaning_network: 'ctlplane'
  520. ironic::conductor::provisioning_network: 'ctlplane'
  521. ironic::conductor::default_boot_option: 'local'
  522. ironic::conductor::enabled_drivers: {{ENABLED_DRIVERS}}
  523. ironic::conductor::enabled_hardware_types: {{ENABLED_HARDWARE_TYPES}}
  524. ironic::drivers::interfaces::default_inspect_interface: inspector
  525. ironic::drivers::interfaces::enabled_boot_interfaces: {{ENABLED_BOOT_INTERFACES}}
  526. ironic::drivers::interfaces::enabled_console_interfaces: ['no-console', 'ipmitool-socat']
  527. ironic::drivers::interfaces::enabled_deploy_interfaces: ['iscsi', 'direct', 'ansible']
  528. ironic::drivers::interfaces::enabled_inspect_interfaces: ['no-inspect', 'inspector']
  529. ironic::drivers::interfaces::enabled_management_interfaces: {{ENABLED_MANAGEMENT_INTERFACES}}
  530. ironic::drivers::interfaces::enabled_power_interfaces: {{ENABLED_POWER_INTERFACES}}
  531. ironic::drivers::interfaces::enabled_raid_interfaces: {{ENABLED_RAID_INTERFACES}}
  532. ironic::drivers::interfaces::enabled_vendor_interfaces: {{ENABLED_VENDOR_INTERFACES}}
  533. # Make sure new nodes default to 'baremetal' resource class
  534. ironic::default_resource_class: 'baremetal'
  535. ironic::keystone::auth::tenant: 'service'
  536. ironic::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_IRONIC_PUBLIC}}
  537. ironic::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
  538. ironic::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_IRONIC_ADMIN}}
  539. ironic::keystone::auth::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  540. ironic::keystone::auth::region: "%{hiera('keystone_region')}"
  541. ironic::keystone::auth_inspector::tenant: 'service'
  542. ironic::keystone::auth_inspector::public_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_PUBLIC}}
  543. ironic::keystone::auth_inspector::internal_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_INTERNAL}}
  544. ironic::keystone::auth_inspector::admin_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_ADMIN}}
  545. ironic::keystone::auth_inspector::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  546. ironic::keystone::auth_inspector::region: "%{hiera('keystone_region')}"
  547. # Ironic Inspector
  548. ironic::inspector::listen_address: {{LOCAL_IP}}
  549. ironic::inspector::debug: "%{hiera('debug')}"
  550. {{#IPXE_ENABLED}}
  551. ironic::inspector::pxe_transfer_protocol: 'http'
  552. {{/IPXE_ENABLED}}
  553. ironic::inspector::enable_uefi: {{INSPECTION_ENABLE_UEFI}}
  554. ironic::inspector::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  555. ironic::inspector::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  556. ironic::inspector::authtoken::username: 'ironic'
  557. ironic::inspector::authtoken::password: "%{hiera('ironic::api::authtoken::password')}"
  558. ironic::inspector::authtoken::project_name: 'service'
  559. ironic::inspector::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  560. ironic::inspector::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  561. ironic::inspector::db::database_connection: mysql+pymysql://ironic-inspector:{{UNDERCLOUD_IRONIC_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/ironic-inspector
  562. ironic::inspector::keep_ports: 'added'
  563. ironic::inspector::ironic_username: 'ironic'
  564. ironic::inspector::ironic_password: "%{hiera('ironic::api::authtoken::password')}"
  565. ironic::inspector::ironic_tenant_name: 'service'
  566. ironic::inspector::ironic_project_domain_name: 'Default'
  567. ironic::inspector::ironic_user_domain_name: 'Default'
  568. ironic::inspector::ironic_auth_url: "%{hiera('keystone_auth_uri')}"
  569. ironic::inspector::ironic_max_retries: 6
  570. ironic::inspector::ironic_retry_interval: 10
  571. ironic::inspector::store_data: 'swift'
  572. ironic::inspector::swift_username: 'ironic'
  573. ironic::inspector::swift_password: "%{hiera('ironic::api::authtoken::password')}"
  574. ironic::inspector::swift_tenant_name: 'service'
  575. ironic::inspector::swift_project_domain_name: 'Default'
  576. ironic::inspector::swift_user_domain_name: 'Default'
  577. ironic::inspector::swift_auth_url: "%{hiera('keystone_auth_uri')}"
  578. ironic::inspector::dnsmasq_local_ip: {{LOCAL_IP}}
  579. ironic::inspector::dnsmasq_interface: {{INSPECTION_INTERFACE}}
  580. ironic::inspector::dnsmasq_ip_subnets: {{{INSPECTION_SUBNETS}}}
  581. ironic::inspector::pxe_filter::driver: dnsmasq
  582. ironic::inspector::pxe_filter::dnsmasq::dnsmasq_start_command: 'systemctl start openstack-ironic-inspector-dnsmasq.service'
  583. ironic::inspector::pxe_filter::dnsmasq::dnsmasq_stop_command: 'systemctl stop openstack-ironic-inspector-dnsmasq.service'
  584. ironic::inspector::dnsmasq_dhcp_hostsdir: '/var/lib/ironic-inspector/dhcp-hostsdir'
  585. ironic::inspector::ramdisk_collectors: {{INSPECTION_COLLECTORS}}
  586. ironic::inspector::additional_processing_hooks: 'extra_hardware,lldp_basic,local_link_connection'
  587. ironic::inspector::ramdisk_kernel_args: {{INSPECTION_KERNEL_ARGS}}
  588. ironic::inspector::ipxe_timeout: 60
  589. ironic::inspector::node_not_found_hook: {{INSPECTION_NODE_NOT_FOUND_HOOK}}
  590. ironic::inspector::discovery_default_driver: {{DISCOVERY_DEFAULT_DRIVER}}
  591. ironic::inspector::detect_boot_mode: true
  592. # Ironic PXE driver
  593. ironic::drivers::pxe::ipxe_timeout: 60
  594. # Ironic deploy utils
  595. ironic_ipxe_port: 8088
  596. ironic::conductor::http_url: "http://{{LOCAL_IP_WRAPPED}}:%{hiera('ironic_ipxe_port')}"
  597. ironic::conductor::http_boot: '/httpboot'
  598. ironic::inspector::http_port: "%{hiera('ironic_ipxe_port')}"
  599. # Ironic pxe
  600. ironic::drivers::pxe::ipxe_enabled: {{IPXE_ENABLED}}
  601. # NOTE(dtantsur): UEFI only works with iPXE currently for us
  602. ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
  603. ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
  604. # Ironic agent
  605. ironic::drivers::agent::deploy_logs_collect: 'always'
  606. ironic::drivers::agent::deploy_logs_storage_backend: 'local'
  607. ironic::drivers::agent::deploy_logs_local_path: '/var/log/ironic/deploy/'
  608. # Ironic power and management drivers tuning
  609. ironic::drivers::ilo::default_boot_mode: 'bios'
  610. # Customisations for ppc64le
  611. {{#ENABLE_ARCHITECTURE_PPC64LE}}
  612. ironic::pxe::enable_ppc64le: true
  613. ironic::inspector::enable_ppc64le: true
  614. ironic::conductor::power_state_change_timeout: 60
  615. ironic::drivers::ipmi::command_retry_timeout: 120
  616. ironic::drivers::ipmi::min_command_interval: 15
  617. {{/ENABLE_ARCHITECTURE_PPC64LE}}
  618. # Rabbit
  619. rabbit_cookie: {{UNDERCLOUD_RABBIT_COOKIE}}
  620. rabbitmq::delete_guest_user: false
  621. rabbitmq::node_ip_address: {{LOCAL_IP}}
  622. rabbitmq::management_ip_address: {{LOCAL_IP}}
  623. rabbitmq::package_source: undef
  624. rabbitmq::port: 5672
  625. rabbitmq::repos_ensure: false
  626. rabbitmq::wipe_db_on_cookie_change: true
  627. rabbitmq::default_user: {{UNDERCLOUD_RABBIT_USERNAME}}
  628. rabbitmq::default_pass: {{UNDERCLOUD_RABBIT_PASSWORD}}
  629. # Mistral
  630. mistral::debug: "%{hiera('debug')}"
  631. mistral::notification_driver: "%{hiera('notification_driver')}"
  632. mistral::api::bind_host: {{LOCAL_IP}}
  633. mistral::api::api_workers: "%{::os_workers}"
  634. mistral::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  635. mistral::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  636. mistral::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
  637. mistral::database_connection: mysql+pymysql://mistral:{{UNDERCLOUD_MISTRAL_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/mistral
  638. mistral::rpc_backend: rabbit
  639. mistral::rpc_response_timeout: 120
  640. mistral::cron_trigger::execution_interval: 600
  641. mistral::keystone::authtoken::password: {{UNDERCLOUD_MISTRAL_PASSWORD}}
  642. mistral::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  643. mistral::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  644. mistral::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  645. mistral::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  646. mistral::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_PUBLIC}}
  647. mistral::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_INTERNAL}}
  648. mistral::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_ADMIN}}
  649. mistral::keystone::auth::region: "%{hiera('keystone_region')}"
  650. mistral::keystone::auth::password: {{UNDERCLOUD_MISTRAL_PASSWORD}}
  651. mistral::keystone::auth::tenant: 'service'
  652. mistral::engine::older_than: 2880
  653. mistral::engine::evaluation_interval: 120
  654. mistral::engine::execution_field_size_limit_kb: 16384
  655. # Zaqar
  656. zaqar::keystone::authtoken::project_name: 'service'
  657. zaqar::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  658. zaqar::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  659. zaqar::keystone::authtoken::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
  660. zaqar::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  661. zaqar::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  662. zaqar::keystone::auth::tenant: 'service'
  663. zaqar::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_PUBLIC}}
  664. zaqar::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_INTERNAL}}
  665. zaqar::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_ADMIN}}
  666. zaqar::keystone::auth::region: "%{hiera('keystone_region')}"
  667. zaqar::keystone::auth::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
  668. zaqar::keystone::auth::roles:
  669. - admin
  670. - ResellerAdmin
  671. zaqar::keystone::auth_websocket::tenant: 'service'
  672. zaqar::keystone::auth_websocket::public_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_PUBLIC}}
  673. zaqar::keystone::auth_websocket::internal_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_INTERNAL}}
  674. zaqar::keystone::auth_websocket::admin_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_ADMIN}}
  675. zaqar::keystone::auth_websocket::region: "%{hiera('keystone_region')}"
  676. zaqar::keystone::auth_websocket::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
  677. zaqar::server::service_name: 'httpd'
  678. zaqar::unreliable: true
  679. zaqar::transport::websocket::bind: {{LOCAL_IP}}
  680. zaqar::transport::websocket::notification_bind: {{LOCAL_IP}}
  681. zaqar::wsgi::apache::bind_host: {{LOCAL_IP}}
  682. zaqar::wsgi::apache::ssl: false
  683. zaqar::message_store: swift
  684. zaqar::management_store: sqlalchemy
  685. zaqar::management::sqlalchemy::uri: mysql+pymysql://zaqar:{{UNDERCLOUD_ZAQAR_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/zaqar
  686. zaqar::messaging::swift::uri: swift://zaqar:{{UNDERCLOUD_ZAQAR_PASSWORD}}@/service
  687. zaqar::messaging::swift::auth_url: "%{hiera('keystone_auth_uri')}"
  688. zaqar::message_pipeline: 'zaqar.notification.notifier'
  689. zaqar::max_messages_post_size: 1048576
  690. # Cinder
  691. cinder::debug: "%{hiera('debug')}"
  692. cinder_backend_name: 'undercloud_iscsi'
  693. cinder_enable_test_volume: false
  694. cinder_iscsi_address: {{LOCAL_IP}}
  695. cinder::api::enable_proxy_headers_parsing: true
  696. cinder::api::service_name: 'httpd'
  697. cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL'
  698. cinder::backends::enabled_backends: ["%{hiera('cinder_backend_name')}"]
  699. cinder::cron::db_purge::destination: "/dev/null"
  700. cinder::database_connection: mysql+pymysql://cinder:{{UNDERCLOUD_CINDER_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/cinder
  701. cinder::db::database_db_max_retries: -1
  702. cinder::db::database_max_retries: -1
  703. cinder::debug: "%{hiera('debug')}"
  704. cinder::glance::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
  705. cinder::keystone::auth::tenant: 'service'
  706. cinder::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CINDER_PUBLIC}}
  707. cinder::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CINDER_INTERNAL}}
  708. cinder::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CINDER_ADMIN}}
  709. cinder::keystone::auth::public_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_PUBLIC}}
  710. cinder::keystone::auth::internal_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_INTERNAL}}
  711. cinder::keystone::auth::admin_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_ADMIN}}
  712. cinder::keystone::auth::public_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_PUBLIC}}
  713. cinder::keystone::auth::internal_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_INTERNAL}}
  714. cinder::keystone::auth::admin_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_ADMIN}}
  715. cinder::keystone::auth::region: "%{hiera('keystone_region')}"
  716. cinder::keystone::auth::password: {{UNDERCLOUD_CINDER_PASSWORD}}
  717. cinder::keystone::authtoken::project_name: 'service'
  718. cinder::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  719. cinder::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  720. cinder::keystone::authtoken::password: {{UNDERCLOUD_CINDER_PASSWORD}}
  721. cinder::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  722. cinder::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  723. cinder::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  724. cinder::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  725. cinder::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
  726. cinder::notification_driver: "%{hiera('notification_driver')}"
  727. cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
  728. cinder::setup_test_volume::size: '10280M'
  729. cinder::wsgi::apache::bind_host: {{LOCAL_IP}}
  730. cinder::wsgi::apache::ssl: false
  731. cinder::wsgi::apache::workers: "%{::os_workers}"
  732. # HAproxy
  733. tripleo::profile::base::haproxy::step: 1
  734. tripleo::haproxy::haproxy_stats_password: {{UNDERCLOUD_HAPROXY_STATS_PASSWORD}}
  735. tripleo::haproxy::controller_virtual_ip: "%{hiera('controller_admin_host')}"
  736. tripleo::haproxy::controller_hosts: "%{hiera('controller_host')}"
  737. tripleo::haproxy::public_virtual_ip: "%{hiera('controller_public_host')}"
  738. tripleo::haproxy::public_virtual_interface: 'br-ctlplane'
  739. tripleo::haproxy::keystone_admin: true
  740. tripleo::haproxy::keystone_public: true
  741. tripleo::haproxy::neutron: true
  742. tripleo::haproxy::glance_api: true
  743. tripleo::haproxy::glance_registry: true
  744. tripleo::haproxy::nova_osapi: true
  745. tripleo::haproxy::nova_placement: true
  746. tripleo::haproxy::nova_metadata: true
  747. tripleo::haproxy::swift_proxy_server: true
  748. tripleo::haproxy::heat_api: true
  749. tripleo::haproxy::ceilometer: "%{hiera('enable_telemetry')}"
  750. tripleo::haproxy::aodh: "%{hiera('enable_telemetry')}"
  751. tripleo::haproxy::gnocchi: "%{hiera('enable_telemetry')}"
  752. tripleo::haproxy::panko: "%{hiera('enable_telemetry')}"
  753. tripleo::haproxy::ironic: true
  754. tripleo::haproxy::ironic_inspector: true
  755. tripleo::haproxy::rabbitmq: true
  756. tripleo::haproxy::mistral: true
  757. tripleo::haproxy::zaqar_api: true
  758. tripleo::haproxy::zaqar_ws: true
  759. tripleo::haproxy::docker_registry: true
  760. # Docker
  761. tripleo::profile::base::docker::step: 1
  762. # Undercloud should not have --iptables=false by default hence this override (LP#1709325)
  763. tripleo::profile::base::docker::docker_options: '--log-driver=journald --signature-verification=false'
  764. {{#DOCKER_REGISTRY_MIRROR}}
  765. tripleo::profile::base::docker::registry_mirror: {{DOCKER_REGISTRY_MIRROR}}
  766. {{/DOCKER_REGISTRY_MIRROR}}
  767. tripleo::profile::base::docker::debug: "%{hiera('debug')}"
  768. tripleo::profile::base::docker::insecure_registries: {{DOCKER_INSECURE_REGISTRIES}}
  769. # Keepalived
  770. tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}"
  771. tripleo::keepalived::control_virtual_interface: 'br-ctlplane'
  772. tripleo::keepalived::public_virtual_ip: "%{hiera('controller_public_host')}"
  773. tripleo::keepalived::public_virtual_interface: 'br-ctlplane'
  774. tripleo::keepalived::virtual_router_id_base: 40
  775. # UI
  776. keystone::cors::allowed_origin: '*'
  777. nova::cors::allowed_origin: '*'
  778. nova::cors::max_age: 3600
  779. nova::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
  780. nova::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
  781. nova::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
  782. ironic::cors::allowed_origin: '*'
  783. ironic::cors::max_age: 3600
  784. ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
  785. ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
  786. ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
  787. ironic::inspector::cors::allowed_origin: '*'
  788. ironic::inspector::cors::max_age: 3600
  789. ironic::inspector::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
  790. ironic::inspector::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
  791. ironic::inspector::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
  792. heat::cors::allowed_origin: '*'
  793. heat::cors::max_age: 3600
  794. heat::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
  795. heat::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
  796. mistral::cors::allowed_origin: '*'
  797. mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
  798. mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
  799. swift::proxy::cors_allow_origin: '*'
  800. tripleo::ui::endpoint_proxy_zaqar: {{UNDERCLOUD_ENDPOINT_ZAQAR_UI_PROXY_INTERNAL}}
  801. tripleo::ui::endpoint_proxy_keystone: {{UNDERCLOUD_ENDPOINT_KEYSTONE_INTERNAL}}
  802. tripleo::ui::endpoint_proxy_heat: {{UNDERCLOUD_ENDPOINT_HEAT_UI_PROXY_INTERNAL}}
  803. tripleo::ui::endpoint_proxy_ironic: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
  804. tripleo::ui::endpoint_proxy_ironic_inspector: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_INTERNAL}}
  805. tripleo::ui::endpoint_proxy_mistral: {{UNDERCLOUD_ENDPOINT_MISTRAL_UI_PROXY_INTERNAL}}
  806. tripleo::ui::endpoint_proxy_nova: {{UNDERCLOUD_ENDPOINT_NOVA_UI_PROXY_INTERNAL}}
  807. tripleo::ui::endpoint_proxy_swift: {{UNDERCLOUD_ENDPOINT_SWIFT_UI_PROXY_INTERNAL}}
  808. tripleo::ui::endpoint_config_zaqar: {{UNDERCLOUD_ENDPOINT_ZAQAR_UI_CONFIG_PUBLIC}}
  809. tripleo::ui::endpoint_config_keystone: {{UNDERCLOUD_ENDPOINT_KEYSTONE_UI_CONFIG_PUBLIC}}
  810. tripleo::ui::endpoint_config_heat: {{UNDERCLOUD_ENDPOINT_HEAT_UI_CONFIG_PUBLIC}}
  811. tripleo::ui::endpoint_config_ironic: {{UNDERCLOUD_ENDPOINT_IRONIC_UI_CONFIG_PUBLIC}}
  812. tripleo::ui::endpoint_config_ironic_inspector: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_UI_CONFIG_PUBLIC}}
  813. tripleo::ui::endpoint_config_mistral: {{UNDERCLOUD_ENDPOINT_MISTRAL_UI_CONFIG_PUBLIC}}
  814. tripleo::ui::endpoint_config_nova: {{UNDERCLOUD_ENDPOINT_NOVA_UI_CONFIG_PUBLIC}}
  815. tripleo::ui::endpoint_config_swift: {{UNDERCLOUD_ENDPOINT_SWIFT_UI_CONFIG_PUBLIC}}
  816. # service tenant
  817. ceilometer::keystone::authtoken::project_name: 'service'
  818. aodh::keystone::authtoken::project_name: 'service'
  819. gnocchi::keystone::authtoken::project_name: 'service'
  820. cinder::keystone::authtoken::project_name: 'service'
  821. heat::keystone::authtoken::project_name: 'service'
  822. glance::api::authtoken::project_name: 'service'
  823. glance::registry::authtoken::project_name: 'service'
  824. ironic::api::authtoken::project_name: 'service'
  825. ironic::drivers::inspector::project_name: 'service'
  826. ironic::glance::project_name: 'service'
  827. ironic::neutron::project_name: 'service'
  828. ironic::service_catalog::project_name: 'service'
  829. ironic::swift::project_name: 'service'
  830. nova::keystone::authtoken::project_name: 'service'
  831. swift::proxy::authtoken::project_name: 'service'
  832. mistral::keystone::authtoken::project_name: 'service'
  833. swift::proxy::workers: "%{::os_workers}"
  834. # Options
  835. enable_tempest: {{ENABLE_TEMPEST}}
  836. enable_validations: {{ENABLE_VALIDATIONS}}
  837. enable_telemetry: {{ENABLE_TELEMETRY}}
  838. enable_ui: {{ENABLE_UI}}
  839. enable_cinder: {{ENABLE_CINDER}}
  840. enable_container_images_build: {{ENABLE_CONTAINER_IMAGES_BUILD}}
  841. # Path to install configuration files
  842. tripleo_install_user: {{TRIPLEO_INSTALL_USER}}
  843. tripleo_undercloud_conf_file: {{TRIPLEO_UNDERCLOUD_CONF_FILE}}
  844. tripleo_undercloud_password_file: {{TRIPLEO_UNDERCLOUD_PASSWORD_FILE}}
  845. # Novajoin
  846. {{#ENABLE_NOVAJOIN}}
  847. novajoin_listen_port: 9090
  848. nova::metadata::novajoin::api::bind_address: "{{LOCAL_IP}}"
  849. nova::metadata::novajoin::api::join_listen_port: "%{hiera('novajoin_listen_port')}"
  850. nova::metadata::novajoin::api::keystone_auth_url: "%{hiera('keystone_auth_uri')}"
  851. nova::metadata::novajoin::api::service_password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
  852. nova::metadata::novajoin::api::transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
  853. nova::metadata::novajoin::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  854. nova::metadata::novajoin::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  855. nova::metadata::novajoin::authtoken::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
  856. nova::metadata::novajoin::authtoken::project_name: 'service'
  857. nova::metadata::novajoin::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  858. nova::metadata::novajoin::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  859. nova::metadata::novajoin::auth::tenant: 'service'
  860. nova::metadata::novajoin::auth::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
  861. nova::metadata::novajoin::auth::region: "%{hiera('keystone_region')}"
  862. ipaclient::password: {{IPA_OTP}}
  863. ipaclient::hostname: {{UNDERCLOUD_HOSTNAME}}
  864. enable_novajoin: true
  865. nova::api::vendordata_jsonfile_path: '/etc/novajoin/cloud-config-novajoin.json'
  866. nova::api::vendordata_providers: ['StaticJSON', 'DynamicJSON']
  867. nova::api::vendordata_dynamic_targets: ["join@http://{{LOCAL_IP}}:%{hiera('novajoin_listen_port')}/v1/"]
  868. nova::api::vendordata_dynamic_failure_fatal: true
  869. nova::api::vendordata_dynamic_auth_auth_type: 'password'
  870. nova::api::vendordata_dynamic_auth_auth_url: "%{hiera('keystone_auth_uri')}"
  871. nova::api::vendordata_dynamic_auth_os_region_name: "%{hiera('keystone_region')}"
  872. nova::api::vendordata_dynamic_auth_username: 'nova'
  873. nova::api::vendordata_dynamic_auth_project_name: 'service'
  874. nova::api::vendordata_dynamic_auth_project_domain_name: 'Default'
  875. nova::api::vendordata_dynamic_auth_user_domain_name: 'Default'
  876. nova::api::vendordata_dynamic_auth_password: {{UNDERCLOUD_NOVA_PASSWORD}}
  877. nova::api::vendordata_dynamic_connect_timeout: 30
  878. nova::api::vendordata_dynamic_read_timeout: 30
  879. nova::notification_topics: ['notifications', 'novajoin_notifications']
  880. nova::notify_on_state_change: 'vm_state'
  881. {{/ENABLE_NOVAJOIN}}
  882. # Firewall
  883. tripleo::firewall::manage_firewall: true
  884. tripleo::firewall::firewall_rules:
  885. '003 ssh':
  886. dport:
  887. - 22
  888. '105 ntp':
  889. dport: 123
  890. proto: udp
  891. '106 vrrp':
  892. proto: vrrp
  893. '107 haproxy stats':
  894. dport: 1993
  895. '108 redis':
  896. dport:
  897. - 6379
  898. - 26379
  899. '110 ceph':
  900. dport:
  901. - 6789
  902. - '6800-6810'
  903. '111 keystone':
  904. dport:
  905. - 5000
  906. - 13000
  907. - 35357
  908. - 13357
  909. '112 glance':
  910. dport:
  911. - 9292
  912. - 9191
  913. - 13292
  914. '113 nova':
  915. dport:
  916. - 6080
  917. - 13080
  918. - 8773
  919. - 13773
  920. - 8774
  921. - 13774
  922. - 8778
  923. - 13778
  924. - 8775
  925. - 13775
  926. '114 neutron server':
  927. dport:
  928. - 9696
  929. - 13696
  930. '115 neutron dhcp input':
  931. proto: 'udp'
  932. dport: 67
  933. '116 neutron dhcp output':
  934. proto: 'udp'
  935. chain: 'OUTPUT'
  936. dport: 68
  937. '118 neutron vxlan networks':
  938. proto: 'udp'
  939. dport: 4789
  940. '119 cinder':
  941. dport:
  942. - 8776
  943. - 13776
  944. '120 iscsi initiator':
  945. dport: 3260
  946. '121 memcached':
  947. dport: 11211
  948. proto: tcp
  949. source: '127.0.0.1'
  950. '122 swift proxy':
  951. dport:
  952. - 8080
  953. - 13808
  954. '123 swift storage':
  955. dport:
  956. - 873
  957. - 6000
  958. - 6001
  959. - 6002
  960. '125 heat':
  961. dport:
  962. - 8000
  963. - 13800
  964. - 8003
  965. - 13003
  966. - 8004
  967. - 13004
  968. '127 snmp':
  969. dport: 161
  970. proto: 'udp'
  971. '128 aodh':
  972. dport:
  973. - 8042
  974. - 13042
  975. '129 gnocchi-api':
  976. dport:
  977. - 8041
  978. - 13041
  979. '130 tftp':
  980. dport: 69
  981. proto: udp
  982. '131 novnc':
  983. dport: 5900-5999
  984. proto: tcp
  985. '132 mistral':
  986. dport:
  987. - 8989
  988. - 13989
  989. '133 zaqar':
  990. dport:
  991. - 8888
  992. - 13888
  993. '134 zaqar websockets':
  994. dport: 9000
  995. '135 ironic':
  996. dport:
  997. - 6385
  998. - 13385
  999. '137 ironic-inspector':
  1000. dport: 5050
  1001. '138 docker registry':
  1002. dport:
  1003. - 8787
  1004. - 13787
  1005. '139 apache vhost':
  1006. dport: "%{hiera('ironic_ipxe_port')}"
  1007. # 140 network cidr nat rules
  1008. {{SUBNETS_CIDR_NAT_RULES}}
  1009. {{#ENABLE_UI}}
  1010. '142 tripleo-ui':
  1011. dport:
  1012. - 3000
  1013. - 443
  1014. {{/ENABLE_UI}}
  1015. '143 panko-api':
  1016. dport:
  1017. - 8977
  1018. - 13977