openstack/instack-undercloud
Code Issues Proposed changes
Files
6.1.5
instack-undercloud/elements/puppet-stack-config/puppet-stack-config.yaml.template
Michele Baldessari 7e65c96ece Set password for mysql root user on undercloud 
The port is firewalled off by default so mysql is not reachable except
to localhost users. In any case it is good to set a password for the
mysql root user.

We are 'reusing' the user_db_password parameter, because it is actually
unused, instead of adding yet another parameter.

Tested this change against an existing undercloud and observed that
the mysql root user got a correct password and that the /root/.my.cnf
file got generated.

Closes-Bug: #1742191

Change-Id: I408ce3a0fe2ab8e86bcc280256cdb51688efde75
(cherry picked from commit 955c339af3)
2018-01-11 13:37:02 +01:00

913 lines
40 KiB
Plaintext
Raw Permalink Blame History

keystone_identity_uri: {{UNDERCLOUD_ENDPOINT_KEYSTONE_ADMIN}}
keystone_auth_uri: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}/v3
keystone_auth_uri_v2: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}/v2.0
keystone_region: 'regionOne'
keystone_default_domain: 'Default'
debug: {{UNDERCLOUD_DEBUG}}
controller_host: {{LOCAL_IP}} #local-ipv4
controller_admin_host: {{UNDERCLOUD_ADMIN_HOST}}
controller_public_host: {{UNDERCLOUD_PUBLIC_HOST}}
ntp::servers: {{UNDERCLOUD_NTP_SERVERS}}
sysctl_settings:
net.ipv4.ip_nonlocal_bind:
value: 1
net.ipv6.ip_nonlocal_bind:
value: 1
# SSL
tripleo::haproxy::service_certificate: {{UNDERCLOUD_SERVICE_CERTIFICATE}}
generate_service_certificates: {{GENERATE_SERVICE_CERTIFICATE}}
tripleo::profile::base::haproxy::certificates_specs:
undercloud-haproxy-public:
service_pem: {{UNDERCLOUD_SERVICE_CERTIFICATE}}
service_certificate: '/etc/pki/tls/certs/undercloud-front.crt'
service_key: '/etc/pki/tls/private/undercloud-front.key'
hostname: "%{hiera('controller_public_host')}"
postsave_cmd: "/usr/bin/instack-haproxy-cert-update '/etc/pki/tls/certs/undercloud-front.crt' '/etc/pki/tls/private/undercloud-front.key' {{UNDERCLOUD_SERVICE_CERTIFICATE}} undercloud-haproxy-public-cert"
principal: {{SERVICE_PRINCIPAL}}
# CA defaults
certmonger_ca: {{CERTIFICATE_GENERATION_CA}}
# Workaround for puppet deleting _member_ role assignment on old deployments
member_role_exists: {{MEMBER_ROLE_EXISTS}}
# Common Hiera data gets applied to all nodes
ssh::server::storeconfigs_enabled: false
# memcached
memcached::max_memory: '50%'
# Apache
apache::server_signature: 'Off'
apache::server_tokens: 'Prod'
# ceilometer settings used by compute and controller ceilo auth settings
ceilometer::agent::auth::auth_region: "%{hiera('keystone_region')}"
aodh::auth::auth_region: "%{hiera('keystone_region')}"
ceilometer::agent::auth::auth_tenant_name: 'service'
aodh::auth::auth_tenant_name: 'service'
ceilometer::agent::auth::auth_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
aodh::auth::auth_url: "%{hiera('keystone_auth_uri_v2')}"
# Swift
swift::proxy::proxy_local_net_ip: {{LOCAL_IP}}
swift::proxy::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
swift::proxy::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
swift::proxy::node_timeout: 60
swift::proxy::workers: "%{::os_workers}"
swift::storage::all::storage_local_net_ip: {{LOCAL_IP}}
swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
swift::swift_hash_path_suffix: {{UNDERCLOUD_SWIFT_HASH_SUFFIX}}
swift::proxy::account_autocreate: true
swift::proxy::authtoken::password: {{UNDERCLOUD_SWIFT_PASSWORD}}
swift::keystone::auth::tenant: 'service'
swift::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_SWIFT_PUBLIC}}
swift::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_SWIFT_INTERNAL}}
swift::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_SWIFT_ADMIN}}
swift::keystone::auth::password: {{UNDERCLOUD_SWIFT_PASSWORD}}
swift::keystone::auth::region: "%{hiera('keystone_region')}"
swift::keystone::auth::configure_s3_endpoint: false
swift::keystone::auth::operator_roles:
- admin
- swiftoperator
swift_mount_check: false
swift::ringbuilder::replicas: 1
swift::ringbuilder::part_power: 10
swift::ringbuilder::min_part_hours: 1
swift::proxy::pipeline:
- 'catch_errors'
- 'healthcheck'
- 'proxy-logging'
- 'cache'
- 'ratelimit'
- 'bulk'
- 'tempurl'
- 'formpost'
- 'authtoken'
- 'keystone'
- 'staticweb'
- 'proxy-logging'
- 'proxy-server'
# Glance
glance::api::debug: "%{hiera('debug')}"
glance::api::bind_port: 9292
glance::api::bind_host: {{LOCAL_IP}}
glance::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
glance::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
glance::api::registry_host: {{LOCAL_IP}}
glance::api::authtoken::password: {{UNDERCLOUD_GLANCE_PASSWORD}}
glance::api::workers: "%{::os_workers}"
glance::api::stores:
- glance.store.filesystem.Store
- glance.store.swift.Store
glance::api::default_store: 'glance.store.swift.Store'
glance::api::pipeline: 'keystone'
# used to construct glance_api_servers
glance_log_file: ''
glance::api::database_connection: mysql+pymysql://glance:{{UNDERCLOUD_GLANCE_PASSWORD}}@{{LOCAL_IP}}/glance
glance::api::enable_v1_api: false
glance::api::enable_v2_api: true
glance::keystone::auth::tenant: 'service'
glance::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_GLANCE_PUBLIC}}
glance::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
glance::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_GLANCE_ADMIN}}
glance::keystone::auth::password: {{UNDERCLOUD_GLANCE_PASSWORD}}
glance::keystone::auth::region: "%{hiera('keystone_region')}"
glance::backend::swift::swift_store_auth_address: "%{hiera('keystone_auth_uri')}"
glance::backend::swift::swift_store_auth_version: 3
glance::backend::swift::swift_store_user: service:glance
glance::backend::swift::swift_store_key: {{UNDERCLOUD_GLANCE_PASSWORD}}
glance::backend::swift::swift_store_create_container_on_put: true
glance::notify::rabbitmq::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
glance::notify::rabbitmq::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
glance::notify::rabbitmq::rabbit_host: {{LOCAL_IP}}
# Heat
heat_stack_domain_admin_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}}
heat::engine::configure_delegated_roles: false
heat::engine::heat_stack_user_role: 'heat_stack_user'
heat::engine::heat_watch_server_url: http://{{LOCAL_IP}}:8003
heat::engine::heat_metadata_server_url: http://{{LOCAL_IP}}:8000
heat::engine::heat_waitcondition_server_url: http://{{LOCAL_IP}}:8000/v1/waitcondition
heat::engine::trusts_delegated_roles: []
heat::engine::auth_encryption_key: {{UNDERCLOUD_HEAT_ENCRYPTION_KEY}}
heat::engine::max_resources_per_stack: -1
heat::engine::convergence_engine: false
# NOTE(trown): We need to give heat engine more workers because we are throwing huge
# nested stacks at it for the deploy. By not setting this, we get the heat default,
# which is max(#CPUs,4).
#heat::engine::num_engine_workers:
heat::engine::max_nested_stack_depth: 6
heat::instance_user: heat-admin
heat::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
heat::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
heat::rabbit_host: {{LOCAL_IP}}
heat::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
heat::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
heat::keystone::authtoken::password: {{UNDERCLOUD_HEAT_PASSWORD}}
heat::keystone::domain::domain_name: 'heat_stack'
heat::keystone::domain::domain_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}}
heat::api::bind_host: {{LOCAL_IP}}
heat::api::workers: "%{::os_workers}"
heat::api_cfn::bind_host: {{LOCAL_IP}}
heat::api_cfn::workers: "%{::os_workers}"
heat::database_connection: mysql+pymysql://heat:{{UNDERCLOUD_HEAT_PASSWORD}}@{{LOCAL_IP}}/heat
heat_dsn: mysql+pymysql://heat:{{UNDERCLOUD_HEAT_PASSWORD}}@{{LOCAL_IP}}/heat
heat::rpc_response_timeout: 600
heat::keystone::auth::tenant: 'service'
heat::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_PUBLIC}}
heat::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_INTERNAL}}
heat::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_ADMIN}}
heat::keystone::auth::password: {{UNDERCLOUD_HEAT_PASSWORD}}
heat::keystone::auth::region: "%{hiera('keystone_region')}"
heat::keystone::auth_cfn::tenant: 'service'
heat::keystone::auth_cfn::region: "%{hiera('keystone_region')}"
heat::keystone::auth_cfn::password: {{UNDERCLOUD_HEAT_CFN_PASSWORD}}
heat::keystone::auth_cfn::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_PUBLIC}}
heat::keystone::auth_cfn::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_INTERNAL}}
heat::keystone::auth_cfn::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_ADMIN}}
heat::cron::purge_deleted::age: 1
heat::cron::purge_deleted::age_type: 'days'
heat::cron::purge_deleted::destination: '/dev/null'
heat::notification_driver: 'messaging'
heat::yaql_memory_quota: 100000
heat::yaql_limit_iterators: 1000
heat::max_json_body_size: 2097152
# Keystone
keystone::debug: "%{hiera('debug')}"
keystone::admin_token: {{UNDERCLOUD_ADMIN_TOKEN}}
keystone::admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}}
keystone::admin_workers: "%{::os_workers}"
keystone::public_workers: "%{::os_workers}"
keystone::public_bind_host: {{LOCAL_IP}}
keystone::admin_bind_host: {{LOCAL_IP}}
keystone::public_endpoint: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
keystone::service_name: 'httpd'
keystone_ca_certificate: '{{KEYSTONE_CA_CERTIFICATE}}'
keystone_signing_key: '{{KEYSTONE_SIGNING_KEY}}'
keystone_signing_certificate: '{{KEYSTONE_SIGNING_CERTIFICATE}}'
keystone::database_connection: mysql+pymysql://keystone:{{UNDERCLOUD_ADMIN_TOKEN}}@{{LOCAL_IP}}/keystone
keystone::cron::token_flush::destination: '/dev/null'
keystone::roles::admin::password: {{UNDERCLOUD_ADMIN_PASSWORD}}
keystone::roles::admin::email: 'root@localhost'
keystone::roles::admin::admin_tenant: 'admin'
keystone::roles::admin::service_tenant: 'service'
keystone::token_expiration: 14400
keystone::endpoint::public_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
keystone::endpoint::internal_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_INTERNAL}}
keystone::endpoint::admin_url: "%{hiera('keystone_identity_uri')}"
keystone::endpoint::region: "%{hiera('keystone_region')}"
keystone::wsgi::apache::ssl: false
keystone::wsgi::apache::bind_host: {{LOCAL_IP}}
keystone::notification_driver: messaging
keystone::notification_topics: notifications
keystone::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
keystone::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
keystone::rabbit_host: {{LOCAL_IP}}
keystone::enable_credential_setup: true
keystone::fernet_max_active_keys: 2
# MySQL
admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}}
enable_galera: true
mysql_max_connections: '4096'
tripleo::profile::base::database::mysql::step: 2
tripleo::profile::base::database::mysql::manage_resources: true
tripleo::profile::base::database::mysql::remove_default_accounts: true
tripleo::profile::base::database::mysql::mysql_server_options:
'mysqld':
bind-address: "%{hiera('controller_host')}"
innodb_file_per_table: 'ON'
mysql::server::restart: true
mysql::server::root_password: {{UNDERCLOUD_DB_PASSWORD}}
# Neutron
neutron::bind_host: {{LOCAL_IP}}
neutron::core_plugin: ml2
neutron::dhcp_agents_per_network: 2
neutron::dns_domain: ''
neutron::server::api_workers: "%{::os_workers}"
neutron::server::rpc_workers: "%{::os_workers}"
neutron::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
neutron::rabbit_user: {{UNDERCLOUD_RABBIT_USERNAME}}
neutron::keystone::authtoken::project_name: "%{hiera('neutron::keystone::auth::tenant')}"
neutron::server::notifications::project_name: "%{hiera('neutron::keystone::auth::tenant')}"
neutron::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
neutron::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
neutron::server::database_connection: mysql+pymysql://neutron:{{UNDERCLOUD_NEUTRON_PASSWORD}}@{{LOCAL_IP}}/neutron
neutron::server::sync_db: true
neutron::agents::ml2::ovs::local_ip: {{LOCAL_IP}}
neutron_mechanism_drivers: openvswitch
neutron_bridge_mappings: ctlplane:br-ctlplane
neutron_public_interface: {{LOCAL_INTERFACE}}
neutron_physical_bridge: br-ctlplane
neutron::keystone::authtoken::password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
neutron::agents::metadata::auth_password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
neutron::agents::metadata::metadata_workers: "%{::os_workers}"
neutron::quota::quota_port: -1
neutron::server::notifications::auth_url: "%{hiera('keystone_auth_uri')}"
neutron::server::notifications::tenant_name: service
neutron::server::notifications::password: {{UNDERCLOUD_NOVA_PASSWORD}}
neutron::keystone::auth::tenant: 'service'
neutron::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}}
neutron::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_INTERNAL}}
neutron::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_ADMIN}}
neutron::keystone::auth::password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
neutron::keystone::auth::region: "%{hiera('keystone_region')}"
# Ceilometer
ceilometer::expirer::time_to_live: undef
ceilometer::metering_secret: {{UNDERCLOUD_CEILOMETER_METERING_SECRET}}
ceilometer::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
ceilometer::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
ceilometer::rabbit_host: {{LOCAL_IP}}
ceilometer::api::host: {{LOCAL_IP}}
ceilometer::api::service_name: 'httpd'
ceilometer::wsgi::apache::ssl: false
ceilometer::wsgi::apache::bind_host: {{LOCAL_IP}}
ceilometer::keystone::authtoken::password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
ceilometer::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
ceilometer::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
ceilometer::db::database_connection: mysql+pymysql://ceilometer:{{UNDERCLOUD_CEILOMETER_PASSWORD}}@{{LOCAL_IP}}/ceilometer
ceilometer::agent::auth::auth_password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
ceilometer_compute_agent: ''
snmpd_readonly_user_name: {{UNDERCLOUD_CEILOMETER_SNMPD_USER}}
snmpd_readonly_user_password: {{UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD}}
ceilometer::keystone::auth::tenant: 'service'
ceilometer::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_PUBLIC}}
ceilometer::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_INTERNAL}}
ceilometer::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_ADMIN}}
ceilometer::keystone::auth::password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
ceilometer::keystone::auth::region: "%{hiera('keystone_region')}"
# gnocchi dispatcher config
ceilometer::collector::meter_dispatcher: 'gnocchi'
ceilometer::dispatcher::gnocchi::url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_INTERNAL}}
ceilometer::dispatcher::gnocchi::filter_project: 'service'
ceilometer::dispatcher::gnocchi::archive_policy: 'low'
ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
# events dispatcher config
ceilometer::collector::event_dispatcher: ['panko', 'gnocchi']
# Aodh
aodh::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
aodh::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
aodh::rabbit_host: {{LOCAL_IP}}
aodh::api::host: {{LOCAL_IP}}
aodh::keystone::authtoken::password: {{UNDERCLOUD_AODH_PASSWORD}}
aodh::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
aodh::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
aodh::api::service_name: 'httpd'
aodh::wsgi::apache::ssl: false
aodh::wsgi::apache::bind_host: {{LOCAL_IP}}
aodh::db::database_connection: mysql+pymysql://aodh:{{UNDERCLOUD_AODH_PASSWORD}}@{{LOCAL_IP}}/aodh
aodh::auth::auth_password: {{UNDERCLOUD_AODH_PASSWORD}}
aodh::keystone::auth::tenant: 'service'
aodh::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_AODH_PUBLIC}}
aodh::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_AODH_INTERNAL}}
aodh::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_AODH_ADMIN}}
aodh::keystone::auth::password: {{UNDERCLOUD_AODH_PASSWORD}}
aodh::keystone::auth::region: "%{hiera('keystone_region')}"
# Gnocchi
gnocchi_backend: 'file'
gnocchi::wsgi::apache::ssl: false
gnocchi::wsgi::apache::bind_host: {{LOCAL_IP}}
gnocchi::api::service_name: 'httpd'
gnocchi::api::host: {{LOCAL_IP}}
gnocchi::keystone::authtoken::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
gnocchi::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
gnocchi::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
gnocchi::keystone::auth::tenant: 'service'
gnocchi::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_PUBLIC}}
gnocchi::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_INTERNAL}}
gnocchi::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_ADMIN}}
gnocchi::keystone::auth::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
gnocchi::keystone::auth::region: "%{hiera('keystone_region')}"
gnocchi::db::mysql::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
gnocchi::db::database_connection: mysql+pymysql://gnocchi:{{UNDERCLOUD_GNOCCHI_PASSWORD}}@{{LOCAL_IP}}/gnocchi
gnocchi::storage::swift::swift_user: 'service:gnocchi'
gnocchi::storage::swift::swift_auth_version: 2
gnocchi::storage::swift::swift_authurl: "%{hiera('keystone_auth_uri')}"
gnocchi::storage::swift::swift_key: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
#Gnocchi statsd
gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26'
gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3'
gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
gnocchi::statsd::flush_delay: 10
gnocchi::statsd::archive_policy_name: 'low'
gnocchi_healthcheck_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_PUBLIC}}/healthcheck
# Panko
panko::wsgi::apache::ssl: false
panko::wsgi::apache::bind_host: {{LOCAL_IP}}
panko::api::service_name: 'httpd'
panko::api::host: {{LOCAL_IP}}
panko::db::mysql::password: {{UNDERCLOUD_PANKO_PASSWORD}}
panko::db::database_connection: mysql+pymysql://panko:{{UNDERCLOUD_PANKO_PASSWORD}}@{{LOCAL_IP}}/panko
panko::keystone::authtoken::password: {{UNDERCLOUD_PANKO_PASSWORD}}
panko::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
panko::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
panko::keystone::auth::tenant: 'service'
panko::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_PANKO_PUBLIC}}
panko::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_PANKO_INTERNAL}}
panko::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_PANKO_ADMIN}}
panko::keystone::auth::password: {{UNDERCLOUD_PANKO_PASSWORD}}
panko::keystone::auth::region: "%{hiera('keystone_region')}"
panko::keystone::authtoken::project_name: 'service'
# Nova
nova::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
nova::notification_driver: messaging
nova::rpc_response_timeout: '600'
nova::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
nova::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
nova::api::api_bind_address: {{LOCAL_IP}}
nova::api::enabled: true
nova::api::metadata_listen: {{LOCAL_IP}}
nova::keystone::authtoken::password: {{UNDERCLOUD_NOVA_PASSWORD}}
nova::api::enabled_apis:
- osapi_compute
- metadata
nova::api::sync_db_api: true
nova::api::osapi_compute_workers: "%{::os_workers}"
nova::api::metadata_workers: "%{::os_workers}"
nova::wsgi::apache_placement::ssl: false
nova::wsgi::apache_placement::bind_host: {{LOCAL_IP}}
nova::wsgi::apache_placement::api_port: '8778'
nova::placement::auth_url: "%{hiera('keystone_identity_uri')}"
nova::placement::password: {{UNDERCLOUD_NOVA_PASSWORD}}
nova::placement::project_name: 'service'
nova::placement::os_region_name: "%{hiera('keystone_region')}"
nova::conductor::enabled: true
nova::conductor::workers: "%{::os_workers}"
nova::database_connection: mysql+pymysql://nova:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP}}/nova
nova::api_database_connection: mysql+pymysql://nova_api:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP}}/nova_api
nova::placement_database_connection: mysql+pymysql://nova_placement:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP}}/nova_placement
nova::notify_on_state_change: 'vm_and_task_state'
nova::scheduler::enabled: true
nova::network::neutron::dhcp_domain: ''
nova::compute::force_config_drive: true
nova::compute::compute_manager: 'ironic.nova.compute.manager.ClusteredComputeManager'
nova::compute::reserved_host_memory: '0'
nova::compute::vnc_enabled: false
nova::compute::instance_usage_audit: true
nova::compute::instance_usage_audit_period: 'hour'
nova::cron::archive_deleted_rows::destination: '/dev/null'
nova_sync_power_state_interval: -1
nova::ironic::common::username: 'ironic'
nova::ironic::common::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
nova::ironic::common::project_name: 'service'
nova::ironic::common::api_endpoint: "{{UNDERCLOUD_ENDPOINT_IRONIC_PUBLIC}}/v1"
nova::ironic::common::auth_url: "%{hiera('keystone_identity_uri')}/v2.0"
nova::network::neutron::neutron_auth_url: "%{hiera('keystone_auth_uri')}"
nova::network::neutron::neutron_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}}
nova::network::neutron::neutron_password: "%{hiera('neutron::keystone::authtoken::password')}"
nova::network::neutron::neutron_project_name: "%{hiera('neutron::keystone::auth::tenant')}"
nova::network::neutron::neutron_region_name: ''
nova::ram_allocation_ratio: '1.0'
nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager'
nova::scheduler::filter::scheduler_max_attempts: {{SCHEDULER_MAX_ATTEMPTS}}
nova::scheduler::filter::scheduler_available_filters: ['tripleo_common.filters.list.tripleo_filters']
nova::scheduler::filter::scheduler_default_filters: ['RetryFilter', 'TripleOCapabilitiesFilter', 'ComputeCapabilitiesFilter', 'AvailabilityZoneFilter', 'RamFilter', 'DiskFilter', 'ComputeFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter']
nova::keystone::auth::tenant: 'service'
nova::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_NOVA_PUBLIC}}
nova::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_NOVA_INTERNAL}}
nova::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_NOVA_ADMIN}}
nova::keystone::auth::password: {{UNDERCLOUD_NOVA_PASSWORD}}
nova::keystone::auth::region: "%{hiera('keystone_region')}"
nova::keystone::auth::configure_ec2_endpoint: false
nova::keystone::auth_placement::tenant: 'service'
nova::keystone::auth_placement::public_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_PUBLIC}}
nova::keystone::auth_placement::internal_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_INTERNAL}}
nova::keystone::auth_placement::admin_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_ADMIN}}
nova::keystone::auth_placement::password: {{UNDERCLOUD_NOVA_PASSWORD}}
nova::keystone::auth_placement::region: "%{hiera('keystone_region')}"
nova::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
# NOTE(aschultz): raise upper limit on nova DB syncs for undercloud only.
# There is no way this should take 15 minutes and if it does we now have way
# different problems. But rather than block undercloud installs let's increase
# the timeout for these actions. See LP#1661396 for more details.
nova::db::sync::db_sync_timeout: 900
nova::db::sync_api::db_sync_timeout: 900
# Ironic
ironic::debug: "%{hiera('debug')}"
ironic::my_ip: {{LOCAL_IP}}
ironic::enabled_drivers: {{ENABLED_DRIVERS}}
ironic::rpc_response_timeout: 600
ironic::api::authtoken::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
ironic::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
ironic::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
ironic::api::neutron_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}}
ironic::api::host_ip: {{LOCAL_IP}}
ironic::api::workers: "%{::os_workers}"
ironic::database_connection: mysql+pymysql://ironic:{{UNDERCLOUD_IRONIC_PASSWORD}}@{{LOCAL_IP}}/ironic
ironic::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
ironic::glance::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
ironic::glance::auth_url: "%{hiera('keystone_identity_uri')}"
# Ironic conductor forces deployments to use http
# https://bugs.launchpad.net/tripleo/+bug/1613088
ironic::conductor::api_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
ironic::conductor::force_power_state_during_sync: false
ironic::conductor::automated_clean: {{CLEAN_NODES}}
ironic::conductor::cleaning_disk_erase: 'metadata'
ironic::conductor::cleaning_network: 'ctlplane'
ironic::conductor::provisioning_network: 'ctlplane'
ironic::conductor::default_boot_option: 'local'
ironic::keystone::auth::tenant: 'service'
ironic::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_IRONIC_PUBLIC}}
ironic::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
ironic::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_IRONIC_ADMIN}}
ironic::keystone::auth::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
ironic::keystone::auth::region: "%{hiera('keystone_region')}"
ironic::keystone::auth_inspector::tenant: 'service'
ironic::keystone::auth_inspector::public_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_PUBLIC}}
ironic::keystone::auth_inspector::internal_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_INTERNAL}}
ironic::keystone::auth_inspector::admin_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_ADMIN}}
ironic::keystone::auth_inspector::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
ironic::keystone::auth_inspector::region: "%{hiera('keystone_region')}"
# Ironic Inspector
ironic::inspector::listen_address: {{LOCAL_IP}}
ironic::inspector::debug: "%{hiera('debug')}"
{{#IPXE_ENABLED}}
ironic::inspector::pxe_transfer_protocol: 'http'
{{/IPXE_ENABLED}}
ironic::inspector::enable_uefi: {{INSPECTION_ENABLE_UEFI}}
ironic::inspector::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
ironic::inspector::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
ironic::inspector::authtoken::username: 'ironic'
ironic::inspector::authtoken::password: "%{hiera('ironic::api::authtoken::password')}"
ironic::inspector::authtoken::project_name: 'service'
ironic::inspector::db::database_connection: mysql+pymysql://ironic-inspector:{{UNDERCLOUD_IRONIC_PASSWORD}}@{{LOCAL_IP}}/ironic-inspector
ironic::inspector::keep_ports: 'added'
ironic::inspector::ironic_username: 'ironic'
ironic::inspector::ironic_password: "%{hiera('ironic::api::authtoken::password')}"
ironic::inspector::ironic_tenant_name: 'service'
ironic::inspector::ironic_auth_url: "%{hiera('keystone_auth_uri_v2')}"
ironic::inspector::ironic_max_retries: 6
ironic::inspector::ironic_retry_interval: 10
ironic::inspector::store_data: 'swift'
ironic::inspector::swift_username: 'ironic'
ironic::inspector::swift_password: "%{hiera('ironic::api::authtoken::password')}"
ironic::inspector::swift_tenant_name: 'service'
ironic::inspector::swift_auth_url: "%{hiera('keystone_auth_uri_v2')}"
ironic::inspector::dnsmasq_local_ip: {{LOCAL_IP}}
ironic::inspector::dnsmasq_ip_range: {{INSPECTION_IPRANGE}}
ironic::inspector::dnsmasq_interface: {{INSPECTION_INTERFACE}}
ironic::inspector::ramdisk_collectors: {{INSPECTION_COLLECTORS}}
ironic::inspector::additional_processing_hooks: 'extra_hardware,lldp_basic,local_link_connection'
ironic::inspector::ramdisk_kernel_args: {{INSPECTION_KERNEL_ARGS}}
ironic::inspector::ipxe_timeout: 60
ironic::inspector::node_not_found_hook: {{INSPECTION_NODE_NOT_FOUND_HOOK}}
ironic::inspector::discovery_default_driver: {{DISCOVERY_DEFAULT_DRIVER}}
# Ironic PXE driver
ironic::drivers::pxe::ipxe_timeout: 60
# Ironic deploy utils
ironic_ipxe_port: 8088
ironic::conductor::http_url: "http://{{LOCAL_IP}}:%{hiera('ironic_ipxe_port')}"
ironic::conductor::http_boot: '/httpboot'
ironic::inspector::http_port: "%{hiera('ironic_ipxe_port')}"
# Ironic pxe
ironic::drivers::pxe::ipxe_enabled: {{IPXE_ENABLED}}
# NOTE(dtantsur): UEFI only works with iPXE currently for us
ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
# Ironic agent
ironic::drivers::agent::deploy_logs_collect: 'always'
ironic::drivers::agent::deploy_logs_storage_backend: 'local'
ironic::drivers::agent::deploy_logs_local_path: '/var/log/ironic/deploy/'
# Ironic power and management drivers tuning
ironic::drivers::ipmi::retry_timeout: 15
ironic::drivers::ilo::default_boot_mode: 'bios'
# Rabbit
rabbit_cookie: {{UNDERCLOUD_RABBIT_COOKIE}}
rabbitmq::delete_guest_user: false
rabbitmq::node_ip_address: {{LOCAL_IP}}
rabbitmq::package_source: undef
rabbitmq::port: '5672'
rabbitmq::repos_ensure: false
rabbitmq::wipe_db_on_cookie_change: true
rabbitmq::default_user: {{UNDERCLOUD_RABBIT_USERNAME}}
rabbitmq::default_pass: {{UNDERCLOUD_RABBIT_PASSWORD}}
# Horizon
horizon_secret_key: {{UNDERCLOUD_HORIZON_SECRET_KEY}}
horizon::allowed_hosts:
- "%{::fqdn}"
- "{{LOCAL_IP}}"
horizon::wsgi::apache::priority: 10
horizon::openstack_endpoint_type: internalURL
# Mistral
mistral::api::bind_host: {{LOCAL_IP}}
mistral::api::api_workers: "%{::os_workers}"
mistral::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
mistral::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
mistral::rabbit_host: {{LOCAL_IP}}
mistral::auth_uri: "%{hiera('keystone_auth_uri')}"
mistral::identity_uri: "%{hiera('keystone_identity_uri')}"
mistral::database_connection: mysql+pymysql://mistral:{{UNDERCLOUD_MISTRAL_PASSWORD}}@{{LOCAL_IP}}/mistral
mistral::rpc_backend: rabbit
mistral::keystone_password: {{UNDERCLOUD_MISTRAL_PASSWORD}}
mistral::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_PUBLIC}}
mistral::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_INTERNAL}}
mistral::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_ADMIN}}
mistral::keystone::auth::region: "%{hiera('keystone_region')}"
mistral::keystone::auth::password: {{UNDERCLOUD_MISTRAL_PASSWORD}}
mistral::keystone::auth::tenant: 'service'
mistral::engine::older_than: 2880
mistral::engine::evaluation_interval: 120
mistral::engine::execution_field_size_limit_kb: 4096
# Zaqar
zaqar::keystone::authtoken::project_name: 'service'
zaqar::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
zaqar::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
zaqar::keystone::authtoken::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
zaqar::keystone::auth::tenant: 'service'
zaqar::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_PUBLIC}}
zaqar::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_INTERNAL}}
zaqar::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_ADMIN}}
zaqar::keystone::auth::region: "%{hiera('keystone_region')}"
zaqar::keystone::auth::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
zaqar::keystone::auth_websocket::tenant: 'service'
zaqar::keystone::auth_websocket::public_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_PUBLIC}}
zaqar::keystone::auth_websocket::internal_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_INTERNAL}}
zaqar::keystone::auth_websocket::admin_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_ADMIN}}
zaqar::keystone::auth_websocket::region: "%{hiera('keystone_region')}"
zaqar::keystone::auth_websocket::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
zaqar::unreliable: true
zaqar::transport::websocket::bind: {{LOCAL_IP}}
zaqar::transport::wsgi::bind: {{LOCAL_IP}}
zaqar::management::mongodb::uri: mongodb://127.0.0.1:27017
zaqar::messaging::mongodb::uri: mongodb://127.0.0.1:27017
zaqar::message_pipeline: 'zaqar.notification.notifier'
zaqar::max_messages_post_size: 1048576
# Cinder
cinder_backend_name: 'undercloud_iscsi'
cinder_enable_test_volume: false
cinder_iscsi_address: {{LOCAL_IP}}
cinder::api::enable_proxy_headers_parsing: true
cinder::api::service_name: 'httpd'
cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL'
cinder::backends::enabled_backends: ["%{hiera('cinder_backend_name')}"]
cinder::cron::db_purge::destination: "/dev/null"
cinder::database_connection: mysql+pymysql://cinder:{{UNDERCLOUD_CINDER_PASSWORD}}@{{LOCAL_IP}}/cinder
cinder::db::database_db_max_retries: -1
cinder::db::database_max_retries: -1
cinder::debug: "%{hiera('debug')}"
cinder::glance::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
cinder::keystone::auth::tenant: 'service'
cinder::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CINDER_PUBLIC}}
cinder::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CINDER_INTERNAL}}
cinder::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CINDER_ADMIN}}
cinder::keystone::auth::public_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_PUBLIC}}
cinder::keystone::auth::internal_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_INTERNAL}}
cinder::keystone::auth::admin_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_ADMIN}}
cinder::keystone::auth::public_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_PUBLIC}}
cinder::keystone::auth::internal_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_INTERNAL}}
cinder::keystone::auth::admin_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_ADMIN}}
cinder::keystone::auth::region: "%{hiera('keystone_region')}"
cinder::keystone::auth::password: {{UNDERCLOUD_CINDER_PASSWORD}}
cinder::keystone::authtoken::project_name: 'service'
cinder::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
cinder::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
cinder::keystone::authtoken::password: {{UNDERCLOUD_CINDER_PASSWORD}}
cinder::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
cinder::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
cinder::rabbit_host: {{LOCAL_IP}}
cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
cinder::setup_test_volume::size: '10280M'
cinder::wsgi::apache::bind_host: {{LOCAL_IP}}
cinder::wsgi::apache::ssl: false
cinder::wsgi::apache::workers: "%{::os_workers}"
# HAproxy
tripleo::profile::base::haproxy::step: 1
tripleo::haproxy::haproxy_stats_password: {{UNDERCLOUD_HAPROXY_STATS_PASSWORD}}
tripleo::haproxy::controller_virtual_ip: "%{hiera('controller_admin_host')}"
tripleo::haproxy::controller_hosts: "%{hiera('controller_host')}"
tripleo::haproxy::public_virtual_ip: "%{hiera('controller_public_host')}"
tripleo::haproxy::public_virtual_interface: 'br-ctlplane'
tripleo::haproxy::keystone_admin: true
tripleo::haproxy::keystone_public: true
tripleo::haproxy::neutron: true
tripleo::haproxy::glance_api: true
tripleo::haproxy::glance_registry: true
tripleo::haproxy::nova_osapi: true
tripleo::haproxy::nova_placement: true
tripleo::haproxy::nova_metadata: true
tripleo::haproxy::swift_proxy_server: true
tripleo::haproxy::heat_api: true
tripleo::haproxy::ceilometer: "%{hiera('enable_telemetry')}"
tripleo::haproxy::aodh: "%{hiera('enable_telemetry')}"
tripleo::haproxy::gnocchi: "%{hiera('enable_telemetry')}"
tripleo::haproxy::panko: "%{hiera('enable_telemetry')}"
tripleo::haproxy::ironic: true
tripleo::haproxy::ironic_inspector: true
tripleo::haproxy::rabbitmq: true
tripleo::haproxy::mistral: true
tripleo::haproxy::zaqar_api: true
tripleo::haproxy::zaqar_ws: true
tripleo::haproxy::docker_registry: true
# Keepalived
tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}"
tripleo::keepalived::control_virtual_interface: 'br-ctlplane'
tripleo::keepalived::public_virtual_ip: "%{hiera('controller_public_host')}"
tripleo::keepalived::public_virtual_interface: 'br-ctlplane'
# UI
keystone::cors::allowed_origin: '*'
ironic::cors::allowed_origin: '*'
ironic::cors::max_age: 3600
ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS'
ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
heat::cors::allowed_origin: '*'
heat::cors::max_age: 3600
heat::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
heat::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
mistral::cors::allowed_origin: '*'
mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
swift::proxy::cors_allow_origin: '*'
tripleo::ui::endpoint_proxy_zaqar: {{UNDERCLOUD_ENDPOINT_ZAQAR_UI_PROXY_INTERNAL}}
tripleo::ui::endpoint_proxy_keystone: {{UNDERCLOUD_ENDPOINT_KEYSTONE_INTERNAL}}
tripleo::ui::endpoint_proxy_heat: {{UNDERCLOUD_ENDPOINT_HEAT_UI_PROXY_INTERNAL}}
tripleo::ui::endpoint_proxy_ironic: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
tripleo::ui::endpoint_proxy_mistral: {{UNDERCLOUD_ENDPOINT_MISTRAL_UI_PROXY_INTERNAL}}
tripleo::ui::endpoint_proxy_swift: {{UNDERCLOUD_ENDPOINT_SWIFT_UI_PROXY_INTERNAL}}
tripleo::ui::endpoint_config_zaqar: {{UNDERCLOUD_ENDPOINT_ZAQAR_UI_CONFIG_PUBLIC}}
tripleo::ui::endpoint_config_keystone: {{UNDERCLOUD_ENDPOINT_KEYSTONE_UI_CONFIG_PUBLIC}}
tripleo::ui::endpoint_config_heat: {{UNDERCLOUD_ENDPOINT_HEAT_UI_CONFIG_PUBLIC}}
tripleo::ui::endpoint_config_ironic: {{UNDERCLOUD_ENDPOINT_IRONIC_UI_CONFIG_PUBLIC}}
tripleo::ui::endpoint_config_mistral: {{UNDERCLOUD_ENDPOINT_MISTRAL_UI_CONFIG_PUBLIC}}
tripleo::ui::endpoint_config_swift: {{UNDERCLOUD_ENDPOINT_SWIFT_UI_CONFIG_PUBLIC}}
# service tenant
ceilometer::keystone::authtoken::project_name: 'service'
aodh::keystone::authtoken::project_name: 'service'
gnocchi::keystone::authtoken::project_name: 'service'
cinder::keystone::authtoken::project_name: 'service'
heat::keystone::authtoken::project_name: 'service'
glance::api::authtoken::project_name: 'service'
glance::registry::authtoken::project_name: 'service'
ironic::api::authtoken::project_name: 'service'
ironic::glance::project_name: 'service'
nova::keystone::authtoken::project_name: 'service'
swift::proxy::authtoken::project_name: 'service'
mistral::keystone_tenant: 'service'
swift::proxy::workers: "%{::os_workers}"
# Options
enable_tempest: {{ENABLE_TEMPEST}}
enable_validations: {{ENABLE_VALIDATIONS}}
enable_telemetry: {{ENABLE_TELEMETRY}}
enable_legacy_ceilometer_api: {{ENABLE_LEGACY_CEILOMETER_API}}
enable_ui: {{ENABLE_UI}}
enable_cinder: {{ENABLE_CINDER}}
# Path to install configuration files
tripleo_install_user: {{TRIPLEO_INSTALL_USER}}
tripleo_undercloud_conf_file: {{TRIPLEO_UNDERCLOUD_CONF_FILE}}
tripleo_undercloud_password_file: {{TRIPLEO_UNDERCLOUD_PASSWORD_FILE}}
# Novajoin
{{#ENABLE_NOVAJOIN}}
novajoin_listen_port: 9090
nova::metadata::novajoin::api::bind_address: "{{LOCAL_IP}}"
nova::metadata::novajoin::api::join_listen_port: "%{hiera('novajoin_listen_port')}"
nova::metadata::novajoin::api::keystone_auth_url: "%{hiera('keystone_auth_uri')}"
nova::metadata::novajoin::api::nova_password: {{UNDERCLOUD_NOVA_PASSWORD}}
nova::metadata::novajoin::api::transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP}}//"
ipaclient::password: {{IPA_OTP}}
ipaclient::hostname: {{UNDERCLOUD_HOSTNAME}}
enable_novajoin: true
nova::api::vendordata_jsonfile_path: '/etc/nova/cloud-config-novajoin.json'
nova::api::vendordata_providers: ['StaticJSON', 'DynamicJSON']
nova::api::vendordata_dynamic_targets: ["join@http://{{LOCAL_IP}}:%{hiera('novajoin_listen_port')}/v1/"]
nova::notification_topics: 'notifications'
nova::notify_on_state_change: 'vm_state'
{{/ENABLE_NOVAJOIN}}
# Firewall
tripleo::firewall::manage_firewall: true
tripleo::firewall::firewall_rules:
'101 mongodb_config':
dport: 27019
'102 mongodb_sharding':
dport: 27018
'103 mongod':
dport: 27017
'105 ntp':
dport: 123
proto: udp
'106 vrrp':
proto: vrrp
'107 haproxy stats':
dport: 1993
'108 redis':
dport:
- 6379
- 26379
'110 ceph':
dport:
- 6789
- '6800-6810'
'111 keystone':
dport:
- 5000
- 13000
- 35357
- 13357
'112 glance':
dport:
- 9292
- 9191
- 13292
'113 nova':
dport:
- 6080
- 13080
- 8773
- 13773
- 8774
- 13774
- 8778
- 13778
- 8775
- 13775
'114 neutron server':
dport:
- 9696
- 13696
'115 neutron dhcp input':
proto: 'udp'
dport: 67
'116 neutron dhcp output':
proto: 'udp'
chain: 'OUTPUT'
dport: 68
'118 neutron vxlan networks':
proto: 'udp'
dport: 4789
'119 cinder':
dport:
- 8776
- 13776
'120 iscsi initiator':
dport: 3260
'121 memcached':
dport: 11211
'122 swift proxy':
dport:
- 8080
- 13808
'123 swift storage':
dport:
- 873
- 6000
- 6001
- 6002
'124 ceilometer':
dport:
- 8777
- 13777
'125 heat':
dport:
- 8000
- 13800
- 8003
- 13003
- 8004
- 13004
'126 horizon':
dport:
- 80
- 443
'127 snmp':
dport: 161
proto: 'udp'
'128 aodh':
dport:
- 8042
- 13042
'129 gnocchi-api':
dport:
- 8041
- 13041
'130 tftp':
dport: 69
proto: udp
'131 novnc':
dport: 5900-5999
proto: tcp
'132 mistral':
dport:
- 8989
- 13989
'133 zaqar':
dport:
- 8888
- 13888
'134 zaqar websockets':
dport: 9000
'135 ironic':
dport:
- 6385
- 13385
'136 trove':
dport:
- 8779
- 13779
'137 ironic-inspector':
dport: 5050
'138 docker registry':
dport:
- 8787
- 13787
'139 apache vhost':
dport: "%{hiera('ironic_ipxe_port')}"
'140 network cidr nat':
chain: FORWARD
destination: {{NETWORK_CIDR}}
# TODO: Do we still want this?
'141 libvirt network nat':
chain: FORWARD
destination: 192.168.122.0/24
'142 tripleo-ui':
dport:
- 3000
- 443
'143 panko-api':
dport:
- 8779
- 13779
View Git Blame Copy Permalink