A utility to run diskimage-builder undercloud elements on a running host
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1036 lines
48KB

  1. keystone_identity_uri: {{UNDERCLOUD_ENDPOINT_KEYSTONE_ADMIN}}
  2. keystone_auth_uri: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}/v3
  3. keystone_region: 'regionOne'
  4. keystone_default_domain: 'Default'
  5. debug: {{UNDERCLOUD_DEBUG}}
  6. controller_host: {{LOCAL_IP}} #local-ipv4
  7. #local-ipv4 similar to the same hiera key in the overcloud
  8. ctlplane: {{LOCAL_IP}}
  9. controller_host_wrapped: "{{LOCAL_IP_WRAPPED}}"
  10. controller_admin_host: {{UNDERCLOUD_ADMIN_HOST}}
  11. controller_public_host: {{UNDERCLOUD_PUBLIC_HOST}}
  12. ntp::servers: {{UNDERCLOUD_NTP_SERVERS}}
  13. sysctl_settings: {{SYSCTL_SETTINGS}}
  14. # SSL
  15. tripleo::haproxy::service_certificate: {{UNDERCLOUD_SERVICE_CERTIFICATE}}
  16. generate_service_certificates: {{GENERATE_SERVICE_CERTIFICATE}}
  17. tripleo::profile::base::haproxy::certificates_specs:
  18. undercloud-haproxy-public:
  19. service_pem: {{UNDERCLOUD_SERVICE_CERTIFICATE}}
  20. service_certificate: '/etc/pki/tls/certs/undercloud-front.crt'
  21. service_key: '/etc/pki/tls/private/undercloud-front.key'
  22. hostname: "%{hiera('controller_public_host')}"
  23. postsave_cmd: "/usr/bin/instack-haproxy-cert-update '/etc/pki/tls/certs/undercloud-front.crt' '/etc/pki/tls/private/undercloud-front.key' {{UNDERCLOUD_SERVICE_CERTIFICATE}} undercloud-haproxy-public-cert"
  24. principal: {{SERVICE_PRINCIPAL}}
  25. # CA defaults
  26. certmonger_ca: {{CERTIFICATE_GENERATION_CA}}
  27. # Common Hiera data gets applied to all nodes
  28. ssh::server::storeconfigs_enabled: false
  29. # memcached
  30. memcached::max_memory: '50%'
  31. memcached::verbosity: 'v'
  32. memcached::disable_cachedump: true
  33. # Apache
  34. apache::server_signature: 'Off'
  35. apache::server_tokens: 'Prod'
  36. # ceilometer settings used by compute and controller ceilo auth settings
  37. ceilometer::agent::auth::auth_region: "%{hiera('keystone_region')}"
  38. aodh::auth::auth_region: "%{hiera('keystone_region')}"
  39. ceilometer::agent::auth::auth_tenant_name: 'service'
  40. aodh::auth::auth_tenant_name: 'service'
  41. ceilometer::agent::auth::auth_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
  42. aodh::auth::auth_url: "%{hiera('keystone_auth_uri')}"
  43. # Swift
  44. swift::proxy::proxy_local_net_ip: {{LOCAL_IP}}
  45. swift::proxy::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  46. swift::proxy::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  47. swift::proxy::node_timeout: 60
  48. swift::proxy::workers: "%{::os_workers}"
  49. swift::proxy::log_facility: LOG_LOCAL2
  50. swift::storage::all::storage_local_net_ip: {{LOCAL_IP}}
  51. swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
  52. swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
  53. swift::swift_hash_path_suffix: {{UNDERCLOUD_SWIFT_HASH_SUFFIX}}
  54. swift::proxy::account_autocreate: true
  55. swift::proxy::authtoken::password: {{UNDERCLOUD_SWIFT_PASSWORD}}
  56. swift::keystone::auth::tenant: 'service'
  57. swift::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_SWIFT_PUBLIC}}
  58. swift::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_SWIFT_INTERNAL}}
  59. swift::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_SWIFT_ADMIN}}
  60. swift::keystone::auth::password: {{UNDERCLOUD_SWIFT_PASSWORD}}
  61. swift::keystone::auth::region: "%{hiera('keystone_region')}"
  62. swift::keystone::auth::configure_s3_endpoint: false
  63. swift::keystone::auth::operator_roles:
  64. - admin
  65. - swiftoperator
  66. swift_mount_check: false
  67. swift::ringbuilder::replicas: 1
  68. swift::ringbuilder::part_power: 10
  69. swift::ringbuilder::min_part_hours: 1
  70. swift::proxy::pipeline:
  71. - 'catch_errors'
  72. - 'healthcheck'
  73. - 'proxy-logging'
  74. - 'cache'
  75. - 'ratelimit'
  76. - 'bulk'
  77. - 'tempurl'
  78. - 'formpost'
  79. - 'authtoken'
  80. - 'keystone'
  81. - 'staticweb'
  82. - 'proxy-logging'
  83. - 'proxy-server'
  84. # Glance
  85. glance::api::debug: "%{hiera('debug')}"
  86. glance::api::bind_port: 9292
  87. glance::api::bind_host: {{LOCAL_IP}}
  88. glance::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  89. glance::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  90. glance::api::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  91. glance::api::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  92. glance::api::registry_host: {{LOCAL_IP}}
  93. glance::api::authtoken::password: {{UNDERCLOUD_GLANCE_PASSWORD}}
  94. glance::api::workers: "%{::os_workers}"
  95. glance::api::stores:
  96. - glance.store.filesystem.Store
  97. - glance.store.swift.Store
  98. glance::api::default_store: 'glance.store.swift.Store'
  99. glance::api::pipeline: 'keystone'
  100. # used to construct glance_api_servers
  101. glance_log_file: ''
  102. glance::api::database_connection: mysql+pymysql://glance:{{UNDERCLOUD_GLANCE_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/glance
  103. glance::api::enable_v1_api: false
  104. glance::api::enable_v2_api: true
  105. glance::keystone::auth::tenant: 'service'
  106. glance::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_GLANCE_PUBLIC}}
  107. glance::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
  108. glance::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_GLANCE_ADMIN}}
  109. glance::keystone::auth::password: {{UNDERCLOUD_GLANCE_PASSWORD}}
  110. glance::keystone::auth::region: "%{hiera('keystone_region')}"
  111. glance::backend::swift::swift_store_auth_address: "%{hiera('keystone_auth_uri')}"
  112. glance::backend::swift::swift_store_auth_version: 3
  113. glance::backend::swift::swift_store_user: service:glance
  114. glance::backend::swift::swift_store_key: {{UNDERCLOUD_GLANCE_PASSWORD}}
  115. glance::backend::swift::swift_store_create_container_on_put: true
  116. glance::notify::rabbitmq::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  117. glance::notify::rabbitmq::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  118. glance::notify::rabbitmq::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
  119. glance::registry::debug: "%{hiera('debug')}"
  120. # Heat
  121. heat::debug: "%{hiera('debug')}"
  122. heat_stack_domain_admin_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}}
  123. heat::engine::configure_delegated_roles: false
  124. heat::engine::heat_stack_user_role: 'heat_stack_user'
  125. heat::engine::heat_watch_server_url: http://{{LOCAL_IP}}:8003
  126. heat::engine::heat_metadata_server_url: http://{{LOCAL_IP}}:8000
  127. heat::engine::heat_waitcondition_server_url: http://{{LOCAL_IP}}:8000/v1/waitcondition
  128. heat::engine::reauthentication_auth_method: 'trusts'
  129. heat::engine::trusts_delegated_roles: []
  130. heat::engine::auth_encryption_key: {{UNDERCLOUD_HEAT_ENCRYPTION_KEY}}
  131. heat::engine::max_resources_per_stack: -1
  132. heat::engine::convergence_engine: true
  133. heat::engine::num_engine_workers: "%{::os_workers_heat_engine}"
  134. heat::engine::max_nested_stack_depth: 7
  135. heat::instance_user: heat-admin
  136. heat::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
  137. heat::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  138. heat::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  139. heat::keystone::authtoken::password: {{UNDERCLOUD_HEAT_PASSWORD}}
  140. heat::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  141. heat::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  142. heat::keystone::domain::domain_name: 'heat_stack'
  143. heat::keystone::domain::domain_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}}
  144. heat::api::bind_host: {{LOCAL_IP}}
  145. heat::api::workers: "%{::os_workers}"
  146. heat::api::service_name: 'httpd'
  147. heat::api_cfn::bind_host: {{LOCAL_IP}}
  148. heat::api_cfn::workers: "%{::os_workers}"
  149. heat::api_cfn::service_name: 'httpd'
  150. heat::wsgi::apache_api::ssl: false
  151. heat::wsgi::apache_api::bind_host: {{LOCAL_IP}}
  152. heat::wsgi::apache_api::workers: "%{hiera('heat::api::workers')}"
  153. heat::wsgi::apache_api_cfn::ssl: false
  154. heat::wsgi::apache_api_cfn::bind_host: {{LOCAL_IP}}
  155. heat::wsgi::apache_api_cfn::workers: "%{hiera('heat::api_cfn::workers')}"
  156. heat::database_connection: mysql+pymysql://heat:{{UNDERCLOUD_HEAT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/heat
  157. heat_dsn: mysql+pymysql://heat:{{UNDERCLOUD_HEAT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/heat
  158. heat::rpc_response_timeout: 600
  159. heat::keystone::auth::tenant: 'service'
  160. heat::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_PUBLIC}}
  161. heat::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_INTERNAL}}
  162. heat::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_ADMIN}}
  163. heat::keystone::auth::password: {{UNDERCLOUD_HEAT_PASSWORD}}
  164. heat::keystone::auth::region: "%{hiera('keystone_region')}"
  165. heat::keystone::auth_cfn::tenant: 'service'
  166. heat::keystone::auth_cfn::region: "%{hiera('keystone_region')}"
  167. heat::keystone::auth_cfn::password: {{UNDERCLOUD_HEAT_CFN_PASSWORD}}
  168. heat::keystone::auth_cfn::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_PUBLIC}}
  169. heat::keystone::auth_cfn::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_INTERNAL}}
  170. heat::keystone::auth_cfn::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_ADMIN}}
  171. heat::cron::purge_deleted::age: 1
  172. heat::cron::purge_deleted::age_type: 'days'
  173. heat::cron::purge_deleted::destination: '/dev/null'
  174. heat::notification_driver: 'messaging'
  175. heat::yaql_memory_quota: 100000
  176. heat::yaql_limit_iterators: 1000
  177. heat::max_json_body_size: 2097152
  178. # Keystone
  179. keystone::debug: "%{hiera('debug')}"
  180. keystone::admin_token: {{UNDERCLOUD_ADMIN_TOKEN}}
  181. keystone::admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}}
  182. keystone::admin_workers: "%{::os_workers}"
  183. keystone::public_workers: "%{::os_workers}"
  184. keystone::public_bind_host: {{LOCAL_IP}}
  185. keystone::admin_bind_host: {{LOCAL_IP}}
  186. keystone::public_endpoint: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
  187. keystone::service_name: 'httpd'
  188. keystone_ca_certificate: '{{KEYSTONE_CA_CERTIFICATE}}'
  189. keystone_signing_key: '{{KEYSTONE_SIGNING_KEY}}'
  190. keystone_signing_certificate: '{{KEYSTONE_SIGNING_CERTIFICATE}}'
  191. keystone::database_connection: mysql+pymysql://keystone:{{UNDERCLOUD_ADMIN_TOKEN}}@{{LOCAL_IP_WRAPPED}}/keystone
  192. keystone::cron::token_flush::destination: '/dev/null'
  193. keystone::roles::admin::password: {{UNDERCLOUD_ADMIN_PASSWORD}}
  194. keystone::roles::admin::email: 'root@localhost'
  195. keystone::roles::admin::admin_tenant: 'admin'
  196. keystone::roles::admin::service_tenant: 'service'
  197. keystone::token_expiration: 14400
  198. keystone::endpoint::public_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
  199. keystone::endpoint::internal_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_INTERNAL}}
  200. keystone::endpoint::admin_url: "%{hiera('keystone_identity_uri')}"
  201. keystone::endpoint::region: "%{hiera('keystone_region')}"
  202. keystone::endpoint::version: ''
  203. keystone::wsgi::apache::ssl: false
  204. keystone::wsgi::apache::bind_host: {{LOCAL_IP}}
  205. keystone::notification_driver: messaging
  206. keystone::notification_topics: notifications
  207. keystone::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  208. keystone::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  209. keystone::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
  210. keystone::enable_credential_setup: true
  211. keystone::fernet_max_active_keys: 2
  212. # MySQL
  213. admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}}
  214. enable_galera: true
  215. mysql_max_connections: '4096'
  216. tripleo::profile::base::database::mysql::step: 2
  217. tripleo::profile::base::database::mysql::manage_resources: true
  218. tripleo::profile::base::database::mysql::remove_default_accounts: true
  219. tripleo::profile::base::database::mysql::mysql_server_options:
  220. 'mysqld':
  221. bind-address: "%{hiera('controller_host')}"
  222. innodb_file_per_table: 'ON'
  223. mysql::server::restart: true
  224. mysql::server::root_password: {{UNDERCLOUD_DB_PASSWORD}}
  225. # Neutron
  226. neutron::debug: "%{hiera('debug')}"
  227. neutron::bind_host: {{LOCAL_IP}}
  228. neutron::core_plugin: ml2
  229. neutron::service_plugins: ['router']
  230. neutron::dhcp_agents_per_network: 2
  231. neutron::dns_domain: {{OVERCLOUD_DOMAIN_NAME}}
  232. neutron::server::api_workers: "%{::os_workers}"
  233. neutron::server::rpc_workers: "%{::os_workers}"
  234. neutron::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  235. neutron::rabbit_user: {{UNDERCLOUD_RABBIT_USERNAME}}
  236. neutron::keystone::authtoken::project_name: "%{hiera('neutron::keystone::auth::tenant')}"
  237. neutron::server::notifications::project_name: "%{hiera('neutron::keystone::auth::tenant')}"
  238. neutron::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  239. neutron::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  240. neutron::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  241. neutron::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  242. neutron::server::database_connection: mysql+pymysql://neutron:{{UNDERCLOUD_NEUTRON_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/neutron
  243. neutron::server::sync_db: true
  244. neutron::agents::ml2::ovs::local_ip: {{LOCAL_IP}}
  245. neutron::plugins::ml2::mechanism_drivers: ['openvswitch']
  246. neutron_bridge_mappings: ctlplane:br-ctlplane
  247. neutron_public_interface: {{LOCAL_INTERFACE}}
  248. neutron_physical_bridge: br-ctlplane
  249. neutron::keystone::authtoken::password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
  250. neutron::agents::metadata::auth_password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
  251. neutron::agents::metadata::metadata_workers: "%{::os_workers}"
  252. neutron::quota::quota_port: -1
  253. neutron::server::notifications::auth_url: "%{hiera('keystone_auth_uri')}"
  254. neutron::server::notifications::tenant_name: service
  255. neutron::server::notifications::password: {{UNDERCLOUD_NOVA_PASSWORD}}
  256. neutron::keystone::auth::tenant: 'service'
  257. neutron::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}}
  258. neutron::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_INTERNAL}}
  259. neutron::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_ADMIN}}
  260. neutron::keystone::auth::password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
  261. neutron::keystone::auth::region: "%{hiera('keystone_region')}"
  262. neutron::plugins::ml2::extension_drivers: 'port_security'
  263. neutron::service_plugins: ['segments']
  264. # Ceilometer
  265. ceilometer::debug: "%{hiera('debug')}"
  266. ceilometer::expirer::time_to_live: undef
  267. ceilometer::metering_secret: {{UNDERCLOUD_CEILOMETER_METERING_SECRET}}
  268. ceilometer::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  269. ceilometer::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  270. ceilometer::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
  271. ceilometer::keystone::authtoken::password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
  272. ceilometer::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  273. ceilometer::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  274. ceilometer::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  275. ceilometer::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  276. ceilometer::db::database_connection: mysql+pymysql://ceilometer:{{UNDERCLOUD_CEILOMETER_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/ceilometer
  277. ceilometer::agent::auth::auth_password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
  278. ceilometer_compute_agent: ''
  279. ceilometer::snmpd_readonly_username: {{UNDERCLOUD_CEILOMETER_SNMPD_USER}}
  280. ceilometer::snmpd_readonly_user_password: {{UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD}}
  281. ceilometer::keystone::auth::tenant: 'service'
  282. ceilometer::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_PUBLIC}}
  283. ceilometer::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_INTERNAL}}
  284. ceilometer::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_ADMIN}}
  285. ceilometer::keystone::auth::password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
  286. ceilometer::keystone::auth::region: "%{hiera('keystone_region')}"
  287. ceilometer::dispatcher::gnocchi::url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_INTERNAL}}
  288. ceilometer::dispatcher::gnocchi::filter_project: 'service'
  289. ceilometer::dispatcher::gnocchi::archive_policy: 'low'
  290. ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
  291. # events dispatcher config
  292. ceilometer::agent::notification::event_pipeline_publishers: ['gnocchi://', 'panko://']
  293. ceilometer::agent::notification::manage_event_pipeline: true
  294. # Aodh
  295. aodh::debug: "%{hiera('debug')}"
  296. aodh::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  297. aodh::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  298. aodh::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
  299. aodh::api::host: {{LOCAL_IP}}
  300. aodh::keystone::authtoken::password: {{UNDERCLOUD_AODH_PASSWORD}}
  301. aodh::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  302. aodh::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  303. ceilometer::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  304. ceilometer::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  305. aodh::api::service_name: 'httpd'
  306. aodh::wsgi::apache::ssl: false
  307. aodh::wsgi::apache::bind_host: {{LOCAL_IP}}
  308. aodh::db::database_connection: mysql+pymysql://aodh:{{UNDERCLOUD_AODH_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/aodh
  309. aodh::auth::auth_password: {{UNDERCLOUD_AODH_PASSWORD}}
  310. aodh::keystone::auth::tenant: 'service'
  311. aodh::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_AODH_PUBLIC}}
  312. aodh::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_AODH_INTERNAL}}
  313. aodh::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_AODH_ADMIN}}
  314. aodh::keystone::auth::password: {{UNDERCLOUD_AODH_PASSWORD}}
  315. aodh::keystone::auth::region: "%{hiera('keystone_region')}"
  316. # Gnocchi
  317. gnocchi::debug: "%{hiera('debug')}"
  318. gnocchi_backend: 'file'
  319. gnocchi::wsgi::apache::ssl: false
  320. gnocchi::wsgi::apache::bind_host: {{LOCAL_IP}}
  321. gnocchi::api::service_name: 'httpd'
  322. gnocchi::api::host: {{LOCAL_IP}}
  323. gnocchi::keystone::authtoken::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
  324. gnocchi::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  325. gnocchi::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  326. gnocchi::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  327. gnocchi::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  328. gnocchi::keystone::auth::tenant: 'service'
  329. gnocchi::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_PUBLIC}}
  330. gnocchi::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_INTERNAL}}
  331. gnocchi::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_ADMIN}}
  332. gnocchi::keystone::auth::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
  333. gnocchi::keystone::auth::region: "%{hiera('keystone_region')}"
  334. gnocchi::db::mysql::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
  335. gnocchi::db::database_connection: mysql+pymysql://gnocchi:{{UNDERCLOUD_GNOCCHI_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/gnocchi
  336. gnocchi::storage::swift::swift_user: 'service:gnocchi'
  337. gnocchi::storage::swift::swift_auth_version: 2
  338. gnocchi::storage::swift::swift_authurl: "%{hiera('keystone_auth_uri')}"
  339. gnocchi::storage::swift::swift_key: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
  340. #Gnocchi statsd
  341. gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26'
  342. gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3'
  343. gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
  344. gnocchi::statsd::flush_delay: 10
  345. gnocchi::statsd::archive_policy_name: 'low'
  346. gnocchi_healthcheck_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_PUBLIC}}/healthcheck
  347. # Panko
  348. panko::logging::debug: "%{hiera('debug')}"
  349. panko::wsgi::apache::ssl: false
  350. panko::wsgi::apache::bind_host: {{LOCAL_IP}}
  351. panko::api::service_name: 'httpd'
  352. panko::api::host: {{LOCAL_IP}}
  353. panko::db::mysql::password: {{UNDERCLOUD_PANKO_PASSWORD}}
  354. panko::db::database_connection: mysql+pymysql://panko:{{UNDERCLOUD_PANKO_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/panko
  355. panko::keystone::authtoken::password: {{UNDERCLOUD_PANKO_PASSWORD}}
  356. panko::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  357. panko::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  358. panko::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  359. panko::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  360. panko::keystone::auth::tenant: 'service'
  361. panko::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_PANKO_PUBLIC}}
  362. panko::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_PANKO_INTERNAL}}
  363. panko::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_PANKO_ADMIN}}
  364. panko::keystone::auth::password: {{UNDERCLOUD_PANKO_PASSWORD}}
  365. panko::keystone::auth::region: "%{hiera('keystone_region')}"
  366. panko::keystone::authtoken::project_name: 'service'
  367. # Nova
  368. nova::debug: "%{hiera('debug')}"
  369. nova::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
  370. nova::notification_driver: messaging
  371. nova::rpc_response_timeout: '600'
  372. nova::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  373. nova::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  374. nova::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  375. nova::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  376. nova::api::service_name: 'httpd'
  377. nova::api::api_bind_address: {{LOCAL_IP}}
  378. nova::api::enabled: true
  379. nova::api::metadata_listen: {{LOCAL_IP}}
  380. nova::keystone::authtoken::password: {{UNDERCLOUD_NOVA_PASSWORD}}
  381. nova::api::enabled_apis:
  382. - metadata
  383. nova::api::sync_db_api: true
  384. nova::api::osapi_compute_workers: "%{::os_workers}"
  385. nova::api::metadata_workers: "%{::os_workers}"
  386. nova::wsgi::apache_api::ssl: false
  387. nova::wsgi::apache_api::bind_host: {{LOCAL_IP}}
  388. nova::wsgi::apache_placement::ssl: false
  389. nova::wsgi::apache_placement::bind_host: {{LOCAL_IP}}
  390. nova::wsgi::apache_placement::api_port: '8778'
  391. nova::placement::auth_url: "%{hiera('keystone_identity_uri')}"
  392. nova::placement::password: {{UNDERCLOUD_NOVA_PASSWORD}}
  393. nova::placement::project_name: 'service'
  394. nova::placement::os_region_name: "%{hiera('keystone_region')}"
  395. nova::conductor::enabled: true
  396. nova::conductor::workers: "%{::os_workers}"
  397. nova::database_connection: mysql+pymysql://nova:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/nova
  398. nova::api_database_connection: mysql+pymysql://nova_api:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/nova_api
  399. nova::placement_database_connection: mysql+pymysql://nova_placement:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/nova_placement
  400. nova::notify_on_state_change: 'vm_and_task_state'
  401. nova::scheduler::enabled: true
  402. nova::network::neutron::dhcp_domain: ''
  403. nova::compute::force_config_drive: true
  404. nova::compute::reserved_host_memory: '0'
  405. nova::compute::vnc_enabled: false
  406. nova::compute::instance_usage_audit: true
  407. nova::compute::instance_usage_audit_period: 'hour'
  408. nova::compute::consecutive_build_service_disable_threshold: 0
  409. nova::cron::archive_deleted_rows::destination: '/dev/null'
  410. nova_sync_power_state_interval: -1
  411. nova::ironic::common::username: 'ironic'
  412. nova::ironic::common::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  413. nova::ironic::common::project_name: 'service'
  414. nova::ironic::common::api_endpoint: "{{UNDERCLOUD_ENDPOINT_IRONIC_PUBLIC}}/v1"
  415. nova::ironic::common::auth_url: "%{hiera('keystone_identity_uri')}"
  416. nova::network::neutron::neutron_auth_url: "%{hiera('keystone_auth_uri')}"
  417. nova::network::neutron::neutron_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}}
  418. nova::network::neutron::neutron_password: "%{hiera('neutron::keystone::authtoken::password')}"
  419. nova::network::neutron::neutron_project_name: "%{hiera('neutron::keystone::auth::tenant')}"
  420. nova::network::neutron::neutron_region_name: ''
  421. nova::ram_allocation_ratio: '1.0'
  422. nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager'
  423. nova::scheduler::filter::scheduler_max_attempts: {{SCHEDULER_MAX_ATTEMPTS}}
  424. nova::scheduler::filter::scheduler_available_filters: ['tripleo_common.filters.list.tripleo_filters']
  425. nova::scheduler::filter::scheduler_default_filters: ['RetryFilter', 'TripleOCapabilitiesFilter', 'ComputeCapabilitiesFilter', 'AvailabilityZoneFilter', 'RamFilter', 'DiskFilter', 'ComputeFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter']
  426. nova::keystone::auth::tenant: 'service'
  427. nova::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_NOVA_PUBLIC}}
  428. nova::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_NOVA_INTERNAL}}
  429. nova::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_NOVA_ADMIN}}
  430. nova::keystone::auth::password: {{UNDERCLOUD_NOVA_PASSWORD}}
  431. nova::keystone::auth::region: "%{hiera('keystone_region')}"
  432. nova::keystone::auth::configure_ec2_endpoint: false
  433. nova::keystone::auth_placement::tenant: 'service'
  434. nova::keystone::auth_placement::public_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_PUBLIC}}
  435. nova::keystone::auth_placement::internal_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_INTERNAL}}
  436. nova::keystone::auth_placement::admin_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_ADMIN}}
  437. nova::keystone::auth_placement::password: {{UNDERCLOUD_NOVA_PASSWORD}}
  438. nova::keystone::auth_placement::region: "%{hiera('keystone_region')}"
  439. nova::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
  440. # NOTE(aschultz): raise upper limit on nova DB syncs for undercloud only.
  441. # There is no way this should take 15 minutes and if it does we now have way
  442. # different problems. But rather than block undercloud installs let's increase
  443. # the timeout for these actions. See LP#1661396 for more details.
  444. nova::db::sync::db_sync_timeout: 900
  445. nova::db::sync_api::db_sync_timeout: 900
  446. # Ironic
  447. ironic::debug: "%{hiera('debug')}"
  448. ironic::my_ip: {{LOCAL_IP}}
  449. ironic::db_online_data_migrations: true
  450. ironic::rpc_response_timeout: 600
  451. ironic::api::authtoken::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  452. ironic::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  453. ironic::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  454. ironic::api::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  455. ironic::api::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  456. ironic::api::host_ip: {{LOCAL_IP}}
  457. ironic::api::service_name: 'httpd'
  458. ironic::api::workers: "%{::os_workers}"
  459. ironic::wsgi::apache::ssl: false
  460. ironic::wsgi::apache::bind_host: {{LOCAL_IP}}
  461. ironic::pxe::tftp_bind_host: {{LOCAL_IP}}
  462. ironic::database_connection: mysql+pymysql://ironic:{{UNDERCLOUD_IRONIC_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/ironic
  463. ironic::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
  464. ironic::drivers::inspector::enabled: true
  465. ironic::drivers::inspector::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  466. ironic::drivers::inspector::auth_url: "%{hiera('keystone_identity_uri')}"
  467. ironic::drivers::inspector::user_domain_name: "%{hiera('keystone_default_domain')}"
  468. ironic::drivers::inspector::project_domain_name: "%{hiera('keystone_default_domain')}"
  469. ironic::glance::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  470. ironic::glance::auth_url: "%{hiera('keystone_identity_uri')}"
  471. ironic::neutron::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  472. ironic::neutron::auth_url: "%{hiera('keystone_identity_uri')}"
  473. ironic::service_catalog::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  474. ironic::service_catalog::auth_url: "%{hiera('keystone_identity_uri')}"
  475. ironic::swift::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  476. ironic::swift::auth_url: "%{hiera('keystone_identity_uri')}"
  477. # Ironic conductor forces deployments to use http
  478. # https://bugs.launchpad.net/tripleo/+bug/1613088
  479. ironic::conductor::api_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
  480. ironic::conductor::force_power_state_during_sync: false
  481. ironic::conductor::automated_clean: {{CLEAN_NODES}}
  482. ironic::conductor::cleaning_disk_erase: 'metadata'
  483. ironic::conductor::cleaning_network: 'ctlplane'
  484. ironic::conductor::provisioning_network: 'ctlplane'
  485. ironic::conductor::default_boot_option: 'local'
  486. ironic::conductor::enabled_drivers: {{ENABLED_DRIVERS}}
  487. ironic::conductor::enabled_hardware_types: {{ENABLED_HARDWARE_TYPES}}
  488. ironic::drivers::interfaces::default_inspect_interface: inspector
  489. ironic::drivers::interfaces::enabled_boot_interfaces: {{ENABLED_BOOT_INTERFACES}}
  490. ironic::drivers::interfaces::enabled_console_interfaces: ['no-console', 'ipmitool-socat']
  491. ironic::drivers::interfaces::enabled_deploy_interfaces: ['iscsi', 'direct', 'ansible']
  492. ironic::drivers::interfaces::enabled_inspect_interfaces: ['no-inspect', 'inspector']
  493. ironic::drivers::interfaces::enabled_management_interfaces: {{ENABLED_MANAGEMENT_INTERFACES}}
  494. ironic::drivers::interfaces::enabled_power_interfaces: {{ENABLED_POWER_INTERFACES}}
  495. ironic::drivers::interfaces::enabled_raid_interfaces: {{ENABLED_RAID_INTERFACES}}
  496. ironic::drivers::interfaces::enabled_vendor_interfaces: {{ENABLED_VENDOR_INTERFACES}}
  497. # Make sure new nodes default to 'baremetal' resource class
  498. ironic::default_resource_class: 'baremetal'
  499. ironic::keystone::auth::tenant: 'service'
  500. ironic::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_IRONIC_PUBLIC}}
  501. ironic::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
  502. ironic::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_IRONIC_ADMIN}}
  503. ironic::keystone::auth::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  504. ironic::keystone::auth::region: "%{hiera('keystone_region')}"
  505. ironic::keystone::auth_inspector::tenant: 'service'
  506. ironic::keystone::auth_inspector::public_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_PUBLIC}}
  507. ironic::keystone::auth_inspector::internal_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_INTERNAL}}
  508. ironic::keystone::auth_inspector::admin_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_ADMIN}}
  509. ironic::keystone::auth_inspector::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
  510. ironic::keystone::auth_inspector::region: "%{hiera('keystone_region')}"
  511. # Ironic Inspector
  512. ironic::inspector::listen_address: {{LOCAL_IP}}
  513. ironic::inspector::debug: "%{hiera('debug')}"
  514. {{#IPXE_ENABLED}}
  515. ironic::inspector::pxe_transfer_protocol: 'http'
  516. {{/IPXE_ENABLED}}
  517. ironic::inspector::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  518. ironic::inspector::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  519. ironic::inspector::authtoken::username: 'ironic'
  520. ironic::inspector::authtoken::password: "%{hiera('ironic::api::authtoken::password')}"
  521. ironic::inspector::authtoken::project_name: 'service'
  522. ironic::inspector::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  523. ironic::inspector::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  524. ironic::inspector::db::database_connection: mysql+pymysql://ironic-inspector:{{UNDERCLOUD_IRONIC_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/ironic-inspector
  525. ironic::inspector::keep_ports: 'added'
  526. ironic::inspector::ironic_username: 'ironic'
  527. ironic::inspector::ironic_password: "%{hiera('ironic::api::authtoken::password')}"
  528. ironic::inspector::ironic_tenant_name: 'service'
  529. ironic::inspector::ironic_project_domain_name: 'Default'
  530. ironic::inspector::ironic_user_domain_name: 'Default'
  531. ironic::inspector::ironic_auth_url: "%{hiera('keystone_auth_uri')}"
  532. ironic::inspector::ironic_max_retries: 6
  533. ironic::inspector::ironic_retry_interval: 10
  534. ironic::inspector::store_data: 'swift'
  535. ironic::inspector::swift_username: 'ironic'
  536. ironic::inspector::swift_password: "%{hiera('ironic::api::authtoken::password')}"
  537. ironic::inspector::swift_tenant_name: 'service'
  538. ironic::inspector::swift_project_domain_name: 'Default'
  539. ironic::inspector::swift_user_domain_name: 'Default'
  540. ironic::inspector::swift_auth_url: "%{hiera('keystone_auth_uri')}"
  541. ironic::inspector::dnsmasq_local_ip: {{LOCAL_IP}}
  542. ironic::inspector::dnsmasq_interface: {{INSPECTION_INTERFACE}}
  543. ironic::inspector::dnsmasq_ip_subnets: {{{INSPECTION_SUBNETS}}}
  544. ironic::inspector::ramdisk_collectors: {{INSPECTION_COLLECTORS}}
  545. ironic::inspector::additional_processing_hooks: 'extra_hardware,lldp_basic,local_link_connection'
  546. ironic::inspector::ramdisk_kernel_args: {{INSPECTION_KERNEL_ARGS}}
  547. ironic::inspector::ipxe_timeout: 60
  548. ironic::inspector::node_not_found_hook: {{INSPECTION_NODE_NOT_FOUND_HOOK}}
  549. ironic::inspector::discovery_default_driver: {{DISCOVERY_DEFAULT_DRIVER}}
  550. ironic::inspector::detect_boot_mode: true
  551. # Ironic PXE driver
  552. ironic::drivers::pxe::ipxe_timeout: 60
  553. # Ironic deploy utils
  554. ironic_ipxe_port: 8088
  555. ironic::conductor::http_url: "http://{{LOCAL_IP_WRAPPED}}:%{hiera('ironic_ipxe_port')}"
  556. ironic::conductor::http_boot: '/httpboot'
  557. ironic::inspector::http_port: "%{hiera('ironic_ipxe_port')}"
  558. # Ironic pxe
  559. ironic::drivers::pxe::ipxe_enabled: {{IPXE_ENABLED}}
  560. # NOTE(dtantsur): UEFI only works with iPXE currently for us
  561. ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
  562. ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
  563. # Ironic agent
  564. ironic::drivers::agent::deploy_logs_collect: 'always'
  565. ironic::drivers::agent::deploy_logs_storage_backend: 'local'
  566. ironic::drivers::agent::deploy_logs_local_path: '/var/log/ironic/deploy/'
  567. # Ironic power and management drivers tuning
  568. ironic::drivers::ilo::default_boot_mode: 'bios'
  569. # Customisations for ppc64le
  570. {{#ENABLE_ARCHITECTURE_PPC64LE}}
  571. ironic::pxe::enable_ppc64le: true
  572. ironic::inspector::enable_ppc64le: true
  573. ironic::conductor::power_state_change_timeout: 60
  574. ironic::drivers::ipmi::command_retry_timeout: 120
  575. ironic::drivers::ipmi::min_command_interval: 15
  576. {{/ENABLE_ARCHITECTURE_PPC64LE}}
  577. # Rabbit
  578. rabbit_cookie: {{UNDERCLOUD_RABBIT_COOKIE}}
  579. rabbitmq::delete_guest_user: false
  580. rabbitmq::node_ip_address: {{LOCAL_IP}}
  581. rabbitmq::management_ip_address: {{LOCAL_IP}}
  582. rabbitmq::package_source: undef
  583. rabbitmq::port: 5672
  584. rabbitmq::repos_ensure: false
  585. rabbitmq::wipe_db_on_cookie_change: true
  586. rabbitmq::default_user: {{UNDERCLOUD_RABBIT_USERNAME}}
  587. rabbitmq::default_pass: {{UNDERCLOUD_RABBIT_PASSWORD}}
  588. # Horizon
  589. horizon::django_debug: "%{hiera('debug')}"
  590. horizon_secret_key: {{UNDERCLOUD_HORIZON_SECRET_KEY}}
  591. horizon::allowed_hosts:
  592. - "%{::fqdn}"
  593. - "{{LOCAL_IP}}"
  594. horizon::wsgi::apache::priority: 10
  595. horizon::openstack_endpoint_type: internalURL
  596. # Mistral
  597. mistral::debug: "%{hiera('debug')}"
  598. mistral::api::bind_host: {{LOCAL_IP}}
  599. mistral::api::api_workers: "%{::os_workers}"
  600. mistral::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  601. mistral::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  602. mistral::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
  603. mistral::database_connection: mysql+pymysql://mistral:{{UNDERCLOUD_MISTRAL_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/mistral
  604. mistral::rpc_backend: rabbit
  605. mistral::rpc_response_timeout: 120
  606. mistral::cron_trigger::execution_interval: 600
  607. mistral::keystone::authtoken::password: {{UNDERCLOUD_MISTRAL_PASSWORD}}
  608. mistral::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  609. mistral::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  610. mistral::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  611. mistral::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  612. mistral::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_PUBLIC}}
  613. mistral::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_INTERNAL}}
  614. mistral::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_ADMIN}}
  615. mistral::keystone::auth::region: "%{hiera('keystone_region')}"
  616. mistral::keystone::auth::password: {{UNDERCLOUD_MISTRAL_PASSWORD}}
  617. mistral::keystone::auth::tenant: 'service'
  618. mistral::engine::older_than: 2880
  619. mistral::engine::evaluation_interval: 120
  620. mistral::engine::execution_field_size_limit_kb: 16384
  621. # Zaqar
  622. zaqar::keystone::authtoken::project_name: 'service'
  623. zaqar::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  624. zaqar::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  625. zaqar::keystone::authtoken::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
  626. zaqar::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  627. zaqar::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  628. zaqar::keystone::auth::tenant: 'service'
  629. zaqar::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_PUBLIC}}
  630. zaqar::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_INTERNAL}}
  631. zaqar::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_ADMIN}}
  632. zaqar::keystone::auth::region: "%{hiera('keystone_region')}"
  633. zaqar::keystone::auth::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
  634. zaqar::keystone::auth::roles:
  635. - admin
  636. - ResellerAdmin
  637. zaqar::keystone::auth_websocket::tenant: 'service'
  638. zaqar::keystone::auth_websocket::public_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_PUBLIC}}
  639. zaqar::keystone::auth_websocket::internal_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_INTERNAL}}
  640. zaqar::keystone::auth_websocket::admin_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_ADMIN}}
  641. zaqar::keystone::auth_websocket::region: "%{hiera('keystone_region')}"
  642. zaqar::keystone::auth_websocket::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
  643. zaqar::server::service_name: 'httpd'
  644. zaqar::unreliable: true
  645. zaqar::transport::websocket::bind: {{LOCAL_IP}}
  646. zaqar::transport::websocket::notification_bind: {{LOCAL_IP}}
  647. zaqar::wsgi::apache::bind_host: {{LOCAL_IP}}
  648. zaqar::wsgi::apache::ssl: false
  649. zaqar::message_store: swift
  650. zaqar::management_store: sqlalchemy
  651. zaqar::management::sqlalchemy::uri: mysql+pymysql://zaqar:{{UNDERCLOUD_ZAQAR_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/zaqar
  652. zaqar::messaging::swift::uri: swift://zaqar:{{UNDERCLOUD_ZAQAR_PASSWORD}}@/service
  653. zaqar::messaging::swift::auth_url: "%{hiera('keystone_auth_uri')}"
  654. zaqar::message_pipeline: 'zaqar.notification.notifier'
  655. zaqar::max_messages_post_size: 1048576
  656. # Cinder
  657. cinder::debug: "%{hiera('debug')}"
  658. cinder_backend_name: 'undercloud_iscsi'
  659. cinder_enable_test_volume: false
  660. cinder_iscsi_address: {{LOCAL_IP}}
  661. cinder::api::enable_proxy_headers_parsing: true
  662. cinder::api::service_name: 'httpd'
  663. cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL'
  664. cinder::backends::enabled_backends: ["%{hiera('cinder_backend_name')}"]
  665. cinder::cron::db_purge::destination: "/dev/null"
  666. cinder::database_connection: mysql+pymysql://cinder:{{UNDERCLOUD_CINDER_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/cinder
  667. cinder::db::database_db_max_retries: -1
  668. cinder::db::database_max_retries: -1
  669. cinder::debug: "%{hiera('debug')}"
  670. cinder::glance::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
  671. cinder::keystone::auth::tenant: 'service'
  672. cinder::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CINDER_PUBLIC}}
  673. cinder::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CINDER_INTERNAL}}
  674. cinder::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CINDER_ADMIN}}
  675. cinder::keystone::auth::public_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_PUBLIC}}
  676. cinder::keystone::auth::internal_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_INTERNAL}}
  677. cinder::keystone::auth::admin_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_ADMIN}}
  678. cinder::keystone::auth::public_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_PUBLIC}}
  679. cinder::keystone::auth::internal_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_INTERNAL}}
  680. cinder::keystone::auth::admin_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_ADMIN}}
  681. cinder::keystone::auth::region: "%{hiera('keystone_region')}"
  682. cinder::keystone::auth::password: {{UNDERCLOUD_CINDER_PASSWORD}}
  683. cinder::keystone::authtoken::project_name: 'service'
  684. cinder::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  685. cinder::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  686. cinder::keystone::authtoken::password: {{UNDERCLOUD_CINDER_PASSWORD}}
  687. cinder::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  688. cinder::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  689. cinder::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
  690. cinder::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
  691. cinder::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
  692. cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
  693. cinder::setup_test_volume::size: '10280M'
  694. cinder::wsgi::apache::bind_host: {{LOCAL_IP}}
  695. cinder::wsgi::apache::ssl: false
  696. cinder::wsgi::apache::workers: "%{::os_workers}"
  697. # HAproxy
  698. tripleo::profile::base::haproxy::step: 1
  699. tripleo::haproxy::haproxy_stats_password: {{UNDERCLOUD_HAPROXY_STATS_PASSWORD}}
  700. tripleo::haproxy::controller_virtual_ip: "%{hiera('controller_admin_host')}"
  701. tripleo::haproxy::controller_hosts: "%{hiera('controller_host')}"
  702. tripleo::haproxy::public_virtual_ip: "%{hiera('controller_public_host')}"
  703. tripleo::haproxy::public_virtual_interface: 'br-ctlplane'
  704. tripleo::haproxy::keystone_admin: true
  705. tripleo::haproxy::keystone_public: true
  706. tripleo::haproxy::neutron: true
  707. tripleo::haproxy::glance_api: true
  708. tripleo::haproxy::glance_registry: true
  709. tripleo::haproxy::nova_osapi: true
  710. tripleo::haproxy::nova_placement: true
  711. tripleo::haproxy::nova_metadata: true
  712. tripleo::haproxy::swift_proxy_server: true
  713. tripleo::haproxy::heat_api: true
  714. tripleo::haproxy::ceilometer: "%{hiera('enable_telemetry')}"
  715. tripleo::haproxy::aodh: "%{hiera('enable_telemetry')}"
  716. tripleo::haproxy::gnocchi: "%{hiera('enable_telemetry')}"
  717. tripleo::haproxy::panko: "%{hiera('enable_telemetry')}"
  718. tripleo::haproxy::ironic: true
  719. tripleo::haproxy::ironic_inspector: true
  720. tripleo::haproxy::rabbitmq: true
  721. tripleo::haproxy::mistral: true
  722. tripleo::haproxy::zaqar_api: true
  723. tripleo::haproxy::zaqar_ws: true
  724. tripleo::haproxy::docker_registry: true
  725. # Docker
  726. tripleo::profile::base::docker::step: 1
  727. # Undercloud should not have --iptables=false by default hence this override (LP#1709325)
  728. tripleo::profile::base::docker::docker_options: '--log-driver=journald --signature-verification=false'
  729. {{#DOCKER_REGISTRY_MIRROR}}
  730. tripleo::profile::base::docker::registry_mirror: {{DOCKER_REGISTRY_MIRROR}}
  731. {{/DOCKER_REGISTRY_MIRROR}}
  732. tripleo::profile::base::docker::debug: "%{hiera('debug')}"
  733. tripleo::profile::base::docker::insecure_registries: ['{{LOCAL_IP}}:8787','{{UNDERCLOUD_ADMIN_HOST}}:8787']
  734. # Keepalived
  735. tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}"
  736. tripleo::keepalived::control_virtual_interface: 'br-ctlplane'
  737. tripleo::keepalived::public_virtual_ip: "%{hiera('controller_public_host')}"
  738. tripleo::keepalived::public_virtual_interface: 'br-ctlplane'
  739. tripleo::keepalived::virtual_router_id_base: 40
  740. # UI
  741. keystone::cors::allowed_origin: '*'
  742. nova::cors::allowed_origin: '*'
  743. nova::cors::max_age: 3600
  744. nova::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
  745. nova::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
  746. nova::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
  747. ironic::cors::allowed_origin: '*'
  748. ironic::cors::max_age: 3600
  749. ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
  750. ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
  751. ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
  752. ironic::inspector::cors::allowed_origin: '*'
  753. ironic::inspector::cors::max_age: 3600
  754. ironic::inspector::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
  755. ironic::inspector::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
  756. ironic::inspector::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
  757. heat::cors::allowed_origin: '*'
  758. heat::cors::max_age: 3600
  759. heat::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
  760. heat::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
  761. mistral::cors::allowed_origin: '*'
  762. mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
  763. mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
  764. swift::proxy::cors_allow_origin: '*'
  765. tripleo::ui::endpoint_proxy_zaqar: {{UNDERCLOUD_ENDPOINT_ZAQAR_UI_PROXY_INTERNAL}}
  766. tripleo::ui::endpoint_proxy_keystone: {{UNDERCLOUD_ENDPOINT_KEYSTONE_INTERNAL}}
  767. tripleo::ui::endpoint_proxy_heat: {{UNDERCLOUD_ENDPOINT_HEAT_UI_PROXY_INTERNAL}}
  768. tripleo::ui::endpoint_proxy_ironic: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
  769. tripleo::ui::endpoint_proxy_ironic_inspector: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_INTERNAL}}
  770. tripleo::ui::endpoint_proxy_mistral: {{UNDERCLOUD_ENDPOINT_MISTRAL_UI_PROXY_INTERNAL}}
  771. tripleo::ui::endpoint_proxy_swift: {{UNDERCLOUD_ENDPOINT_SWIFT_UI_PROXY_INTERNAL}}
  772. tripleo::ui::endpoint_config_zaqar: {{UNDERCLOUD_ENDPOINT_ZAQAR_UI_CONFIG_PUBLIC}}
  773. tripleo::ui::endpoint_config_keystone: {{UNDERCLOUD_ENDPOINT_KEYSTONE_UI_CONFIG_PUBLIC}}
  774. tripleo::ui::endpoint_config_heat: {{UNDERCLOUD_ENDPOINT_HEAT_UI_CONFIG_PUBLIC}}
  775. tripleo::ui::endpoint_config_ironic: {{UNDERCLOUD_ENDPOINT_IRONIC_UI_CONFIG_PUBLIC}}
  776. tripleo::ui::endpoint_config_ironic_inspector: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_UI_CONFIG_PUBLIC}}
  777. tripleo::ui::endpoint_config_mistral: {{UNDERCLOUD_ENDPOINT_MISTRAL_UI_CONFIG_PUBLIC}}
  778. tripleo::ui::endpoint_config_swift: {{UNDERCLOUD_ENDPOINT_SWIFT_UI_CONFIG_PUBLIC}}
  779. # service tenant
  780. ceilometer::keystone::authtoken::project_name: 'service'
  781. aodh::keystone::authtoken::project_name: 'service'
  782. gnocchi::keystone::authtoken::project_name: 'service'
  783. cinder::keystone::authtoken::project_name: 'service'
  784. heat::keystone::authtoken::project_name: 'service'
  785. glance::api::authtoken::project_name: 'service'
  786. glance::registry::authtoken::project_name: 'service'
  787. ironic::api::authtoken::project_name: 'service'
  788. ironic::drivers::inspector::project_name: 'service'
  789. ironic::glance::project_name: 'service'
  790. ironic::neutron::project_name: 'service'
  791. ironic::service_catalog::project_name: 'service'
  792. ironic::swift::project_name: 'service'
  793. nova::keystone::authtoken::project_name: 'service'
  794. swift::proxy::authtoken::project_name: 'service'
  795. mistral::keystone::authtoken::project_name: 'service'
  796. swift::proxy::workers: "%{::os_workers}"
  797. # Options
  798. enable_tempest: {{ENABLE_TEMPEST}}
  799. enable_validations: {{ENABLE_VALIDATIONS}}
  800. enable_telemetry: {{ENABLE_TELEMETRY}}
  801. enable_ui: {{ENABLE_UI}}
  802. enable_cinder: {{ENABLE_CINDER}}
  803. enable_container_images_build: {{ENABLE_CONTAINER_IMAGES_BUILD}}
  804. # Path to install configuration files
  805. tripleo_install_user: {{TRIPLEO_INSTALL_USER}}
  806. tripleo_undercloud_conf_file: {{TRIPLEO_UNDERCLOUD_CONF_FILE}}
  807. tripleo_undercloud_password_file: {{TRIPLEO_UNDERCLOUD_PASSWORD_FILE}}
  808. # Novajoin
  809. {{#ENABLE_NOVAJOIN}}
  810. novajoin_listen_port: 9090
  811. nova::metadata::novajoin::api::bind_address: "{{LOCAL_IP}}"
  812. nova::metadata::novajoin::api::join_listen_port: "%{hiera('novajoin_listen_port')}"
  813. nova::metadata::novajoin::api::keystone_auth_url: "%{hiera('keystone_auth_uri')}"
  814. nova::metadata::novajoin::api::service_password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
  815. nova::metadata::novajoin::api::transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
  816. nova::metadata::novajoin::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
  817. nova::metadata::novajoin::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
  818. nova::metadata::novajoin::authtoken::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
  819. nova::metadata::novajoin::authtoken::project_name: 'service'
  820. nova::metadata::novajoin::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
  821. nova::metadata::novajoin::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
  822. nova::metadata::novajoin::auth::tenant: 'service'
  823. nova::metadata::novajoin::auth::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
  824. nova::metadata::novajoin::auth::region: "%{hiera('keystone_region')}"
  825. ipaclient::password: {{IPA_OTP}}
  826. ipaclient::hostname: {{UNDERCLOUD_HOSTNAME}}
  827. enable_novajoin: true
  828. nova::api::vendordata_jsonfile_path: '/etc/novajoin/cloud-config-novajoin.json'
  829. nova::api::vendordata_providers: ['StaticJSON', 'DynamicJSON']
  830. nova::api::vendordata_dynamic_targets: ["join@http://{{LOCAL_IP}}:%{hiera('novajoin_listen_port')}/v1/"]
  831. nova::api::vendordata_dynamic_failure_fatal: true
  832. nova::api::vendordata_dynamic_auth_auth_type: 'password'
  833. nova::api::vendordata_dynamic_auth_auth_url: "%{hiera('keystone_auth_uri')}"
  834. nova::api::vendordata_dynamic_auth_os_region_name: "%{hiera('keystone_region')}"
  835. nova::api::vendordata_dynamic_auth_username: 'nova'
  836. nova::api::vendordata_dynamic_auth_project_name: 'service'
  837. nova::api::vendordata_dynamic_auth_project_domain_name: 'Default'
  838. nova::api::vendordata_dynamic_auth_user_domain_name: 'Default'
  839. nova::api::vendordata_dynamic_auth_password: {{UNDERCLOUD_NOVA_PASSWORD}}
  840. nova::notification_topics: ['notifications', 'novajoin_notifications']
  841. nova::notify_on_state_change: 'vm_state'
  842. {{/ENABLE_NOVAJOIN}}
  843. # Firewall
  844. tripleo::firewall::manage_firewall: true
  845. tripleo::firewall::firewall_rules:
  846. '105 ntp':
  847. dport: 123
  848. proto: udp
  849. '106 vrrp':
  850. proto: vrrp
  851. '107 haproxy stats':
  852. dport: 1993
  853. '108 redis':
  854. dport:
  855. - 6379
  856. - 26379
  857. '110 ceph':
  858. dport:
  859. - 6789
  860. - '6800-6810'
  861. '111 keystone':
  862. dport:
  863. - 5000
  864. - 13000
  865. - 35357
  866. - 13357
  867. '112 glance':
  868. dport:
  869. - 9292
  870. - 9191
  871. - 13292
  872. '113 nova':
  873. dport:
  874. - 6080
  875. - 13080
  876. - 8773
  877. - 13773
  878. - 8774
  879. - 13774
  880. - 8778
  881. - 13778
  882. - 8775
  883. - 13775
  884. '114 neutron server':
  885. dport:
  886. - 9696
  887. - 13696
  888. '115 neutron dhcp input':
  889. proto: 'udp'
  890. dport: 67
  891. '116 neutron dhcp output':
  892. proto: 'udp'
  893. chain: 'OUTPUT'
  894. dport: 68
  895. '118 neutron vxlan networks':
  896. proto: 'udp'
  897. dport: 4789
  898. '119 cinder':
  899. dport:
  900. - 8776
  901. - 13776
  902. '120 iscsi initiator':
  903. dport: 3260
  904. '121 memcached':
  905. dport: 11211
  906. '122 swift proxy':
  907. dport:
  908. - 8080
  909. - 13808
  910. '123 swift storage':
  911. dport:
  912. - 873
  913. - 6000
  914. - 6001
  915. - 6002
  916. '125 heat':
  917. dport:
  918. - 8000
  919. - 13800
  920. - 8003
  921. - 13003
  922. - 8004
  923. - 13004
  924. '126 horizon':
  925. dport:
  926. - 80
  927. - 443
  928. '127 snmp':
  929. dport: 161
  930. proto: 'udp'
  931. '128 aodh':
  932. dport:
  933. - 8042
  934. - 13042
  935. '129 gnocchi-api':
  936. dport:
  937. - 8041
  938. - 13041
  939. '130 tftp':
  940. dport: 69
  941. proto: udp
  942. '131 novnc':
  943. dport: 5900-5999
  944. proto: tcp
  945. '132 mistral':
  946. dport:
  947. - 8989
  948. - 13989
  949. '133 zaqar':
  950. dport:
  951. - 8888
  952. - 13888
  953. '134 zaqar websockets':
  954. dport: 9000
  955. '135 ironic':
  956. dport:
  957. - 6385
  958. - 13385
  959. '136 trove':
  960. dport:
  961. - 8779
  962. - 13779
  963. '137 ironic-inspector':
  964. dport: 5050
  965. '138 docker registry':
  966. dport:
  967. - 8787
  968. - 13787
  969. '139 apache vhost':
  970. dport: "%{hiera('ironic_ipxe_port')}"
  971. # 140 network cidr nat rules
  972. {{SUBNETS_CIDR_NAT_RULES}}
  973. '142 tripleo-ui':
  974. dport:
  975. - 3000
  976. - 443
  977. '143 panko-api':
  978. dport:
  979. - 8977
  980. - 13977