--- ############################################################################### # Kolla installation. # Type of Kolla control installation. One of 'binary' or 'source'. kolla_ctl_install_type: source # Path to directory for kolla source code checkout. kolla_source_path: "{{ source_checkout_path ~ '/kolla' }}" # URL of Kolla source code repository if type is 'source'. kolla_source_url: "https://opendev.org/openstack/kolla" # Version (branch, tag, etc.) of Kolla source code repository if type is # 'source'. Default is {{ openstack_branch }}. kolla_source_version: "{{ openstack_branch }}" # Path to virtualenv in which to install kolla. kolla_venv: "{{ virtualenv_path ~ '/kolla' }}" # Path in which to generate kolla configuration. kolla_build_config_path: "{{ config_path ~ '/kolla' }}" ############################################################################### # Kolla-ansible installation. # Type of Kolla-ansible control installation. One of 'binary' or 'source'. kolla_ansible_ctl_install_type: source # Path to directory for kolla-ansible source code checkout. kolla_ansible_source_path: "{{ lookup('env', 'KOLLA_SOURCE_PATH') | default(lookup('env', 'PWD') ~ '/src/kolla-ansible', true) }}" # URL of Kolla Ansible source code repository if type is 'source'. kolla_ansible_source_url: "https://opendev.org/openstack/kolla-ansible" # Version (branch, tag, etc.) of Kolla Ansible source code repository if type # is 'source'. Default is {{ openstack_branch }}. kolla_ansible_source_version: "{{ openstack_branch }}" # Path to virtualenv in which to install kolla-ansible. kolla_ansible_venv: "{{ lookup('env', 'KOLLA_VENV_PATH') | default(lookup('env', 'PWD') ~ '/venvs/kolla-ansible', true) }}" # Extra requirements to install inside the kolla-ansible virtualenv. kolla_ansible_venv_extra_requirements: [] # Path to Kolla-ansible configuration directory. kolla_config_path: "{{ lookup('env', 'KOLLA_CONFIG_PATH') | default('/etc/kolla', true) }}" # Path to Kolla-ansible node custom configuration directory. kolla_node_custom_config_path: "{{ kolla_config_path }}/config" ############################################################################### # Kolla configuration. # Kolla base container image distribution. kolla_base_distro: "centos" # Kolla container image type: binary or source. kolla_install_type: "binary" # Docker namespace to use for Kolla images. kolla_docker_namespace: "kolla" # Url of docker registry to use for Kolla images. kolla_docker_registry: "{{ docker_registry }}" # Username to use to access a docker registry. kolla_docker_registry_username: # Password to use to access a docker registry. kolla_docker_registry_password: # Kolla OpenStack release version. This should be a Docker image tag. # Default is {{ openstack_release }}. kolla_openstack_release: "{{ openstack_release }}" # Dict mapping names of sources to their definitions for # kolla_install_type=source. See kolla.common.config for details. # Example: # kolla_sources: # ironic-base: # type: git # location: https://github.com/openstack/ironic # reference: master kolla_sources: bifrost-base: type: "git" location: "{{ kolla_bifrost_source_url }}" reference: "{{ kolla_bifrost_source_version }}" ############################################################################### # Kolla image build configuration. # List of regular expressions matching names of container images to build for # the seed. seed_container_image_regex_map: - regex: bifrost enabled: True # List of regular expressions matching names of container images to build for # the seed. seed_container_image_regexes: "{{ seed_container_image_regex_map | selectattr('enabled') | map(attribute='regex') | list }}" # List of container image sets for the seed. This is used when building # container images to determine which images to build. seed_container_image_sets: - type: source regexes: "{{ seed_container_image_regexes | join(' ') }}" # List of regular expressions matching names of container images to build for # overcloud hosts. overcloud_container_image_regex_map: - regex: aodh enabled: "{{ kolla_enable_aodh | bool }}" - regex: barbican enabled: "{{ kolla_enable_barbican | bool }}" - regex: blazar enabled: "{{ kolla_enable_blazar | bool }}" - regex: ceilometer enabled: "{{ kolla_enable_ceilometer | bool }}" - regex: cinder enabled: "{{ kolla_enable_cinder | bool }}" - regex: cloudkitty enabled: "{{ kolla_enable_cloudkitty | bool }}" - regex: collectd enabled: "{{ kolla_enable_collectd | bool }}" - regex: cron enabled: True - regex: designate enabled: "{{ kolla_enable_designate | bool }}" - regex: dnsmasq enabled: "{{ kolla_enable_ironic | bool }}" - regex: elasticsearch enabled: "{{ kolla_enable_elasticsearch | bool }}" - regex: etcd enabled: "{{ kolla_enable_etcd | bool }}" - regex: fluentd enabled: True - regex: glance enabled: "{{ kolla_enable_glance | bool }}" - regex: grafana enabled: "{{ kolla_enable_grafana | bool }}" - regex: gnocchi enabled: "{{ kolla_enable_gnocchi | bool }}" - regex: ^haproxy$ enabled: "{{ kolla_enable_haproxy | bool }}" - regex: heat enabled: "{{ kolla_enable_heat | bool }}" - regex: horizon enabled: "{{ kolla_enable_horizon | bool }}" - regex: influxdb enabled: "{{ kolla_enable_influxdb | bool }}" - regex: ironic enabled: "{{ kolla_enable_ironic | bool }}" - regex: ironic-neutron-agent enabled: "{{ kolla_enable_ironic_neutron_agent | bool }}" - regex: iscsid enabled: "{{ kolla_enable_cinder | bool or kolla_enable_ironic | bool }}" - regex: kafka enabled: "{{ kolla_enable_kafka | bool }}" - regex: keepalived enabled: "{{ kolla_enable_haproxy | bool }}" - regex: keystone enabled: "{{ kolla_enable_keystone | bool }}" - regex: kibana enabled: "{{ kolla_enable_kibana | bool }}" - regex: kolla-toolbox enabled: True - regex: logstash enabled: "{{ kolla_enable_monasca | bool }}" - regex: magnum enabled: "{{ kolla_enable_magnum | bool }}" - regex: manila enabled: "{{ kolla_enable_manila | bool }}" - regex: mariadb enabled: "{{ kolla_enable_mariadb | bool }}" - regex: memcached enabled: True - regex: murano enabled: "{{ kolla_enable_murano | bool }}" - regex: neutron-server enabled: "{{ kolla_enable_neutron | bool }}" # Neutron SFC agent not currently supported on CentOS binary builds. - regex: "neutron-\\(dhcp\\|l3\\|metadata\\|openvswitch\\)-agent" enabled: "{{ kolla_enable_neutron | bool }}" - regex: neutron-lbaas-agent enabled: "{{ kolla_enable_neutron_lbaas | bool }}" - regex: nova enabled: "{{ kolla_enable_nova | bool }}" - regex: octavia enabled: "{{ kolla_enable_octavia | bool }}" - regex: openvswitch enabled: "{{ kolla_enable_neutron | bool }}" - regex: rabbitmq enabled: True - regex: placement enabled: "{{ kolla_enable_nova | bool }}" - regex: prometheus enabled: "{{ kolla_enable_prometheus | bool }}" - regex: sahara enabled: "{{ kolla_enable_sahara | bool }}" - regex: skydive enabled: "{{ kolla_enable_skydive | bool }}" - regex: storm enabled: "{{ kolla_enable_storm | bool }}" - regex: swift enabled: "{{ kolla_enable_swift | bool }}" - regex: telegraf enabled: "{{ kolla_enable_telegraf | bool }}" - regex: tgtd enabled: "{{ kolla_enable_cinder | bool or kolla_enable_ironic | bool }}" - regex: zookeeper enabled: "{{ kolla_enable_zookeeper | bool }}" # List of regular expressions matching names of container images to build for # overcloud hosts. overcloud_container_image_regexes: "{{ overcloud_container_image_regex_map | selectattr('enabled') | map(attribute='regex') | list }}" # List of regular expressions matching names of container images to build for # overcloud hosts. These images only support source builds. overcloud_container_image_regex_map_source: - regex: freezer enabled: "{{ kolla_enable_freezer | bool }}" - regex: monasca enabled: "{{ kolla_enable_monasca | bool }}" # List of regular expressions matching names of container images to build for # overcloud hosts. These images onlt support source builds. overcloud_container_image_regexes_source: "{{ overcloud_container_image_regex_map_source | selectattr('enabled') | map(attribute='regex') | list }}" # List of container image sets for overcloud hosts. This is used when building # container images to determine which images to build. overcloud_container_image_sets: # Default image type. - regexes: "{{ overcloud_container_image_regexes | join(' ') }}" # Source-only images. - regexes: "{{ overcloud_container_image_regexes_source | join(' ') }}" type: source # Dict mapping Jinja2 block names in kolla's Docker images to their contents. kolla_build_blocks: {} # Dict mapping image customization variable names to their values. # Each variable takes the form: # __ # Hyphens in the image name are replaced with underscores. The customization is # most commonly packages. The operation should be one of override, append or # remove. The value should be a list. kolla_build_customizations: {} ############################################################################### # Kolla-ansible inventory configuration. # Full custom seed inventory contents. kolla_seed_inventory_custom: # Custom overcloud inventory containing a mapping from top level groups to # hosts. kolla_overcloud_inventory_custom_top_level: # Custom overcloud inventory containing a mapping from components to top level # groups. kolla_overcloud_inventory_custom_components: # Custom overcloud inventory containing a mapping from services to components. kolla_overcloud_inventory_custom_services: # Full custom overcloud inventory contents. By default this will be the # concatenation of the top level, component, and service inventories. kolla_overcloud_inventory_custom: # List of groups mapped to kolla storage group. kolla_overcloud_inventory_storage_groups: - "storage" # Dict mapping from kolla-ansible groups to kayobe groups and variables. Each # item is a dict with the following items: # * groups: A list of kayobe ansible groups to map to this kolla-ansible group. # * vars: A dict mapping variable names to values for hosts in this # kolla-ansible group. kolla_overcloud_inventory_top_level_group_map: control: groups: - controllers network: groups: - network compute: groups: - compute monitoring: groups: - monitoring storage: groups: "{{ kolla_overcloud_inventory_storage_groups }}" # List of names of top level kolla-ansible groups. Any of these groups which # have no hosts mapped to them will be provided with an empty group definition. kolla_overcloud_inventory_kolla_top_level_groups: - "control" - "network" - "compute" - "monitoring" - "storage" - "deployment" ############################################################################### # Kolla-ansible configuration. # Virtualenv directory where Kolla-ansible's ansible modules will execute # remotely on the target nodes. If None, no virtualenv will be used. kolla_ansible_target_venv: "{{ virtualenv_path ~ '/kolla-ansible' }}" # Password to use to encrypt the kolla-ansible passwords.yml file. kolla_ansible_vault_password: "{{ lookup('env', 'KAYOBE_VAULT_PASSWORD') | default }}" # Whether TLS is enabled for the external API endpoints. kolla_enable_tls_external: "{{ kolla_enable_tls_internal if public_net_name == internal_net_name else 'no' }}" # Whether TLS is enabled for the internal API endpoints. kolla_enable_tls_internal: "no" # Whether debug logging is enabled. kolla_openstack_logging_debug: "False" # Upper constraints file for installation of Kolla. kolla_upper_constraints_file: "{{ pip_upper_constraints_file }}" # User account to use for Kolla SSH access. kolla_ansible_user: kolla # Primary group of Kolla SSH user. kolla_ansible_group: kolla # Whether to use privilege escalation for all operations performed via Kolla # Ansible. kolla_ansible_become: true ############################################################################### # Kolla feature flag configuration. kolla_enable_aodh: "no" kolla_enable_barbican: "no" kolla_enable_blazar: "no" kolla_enable_central_logging: "no" kolla_enable_ceilometer: "no" # The chrony container is disabled by default on CentOS 7 because we enable an # NTP daemon on the host. On CentOS 8 the chrony container is enabled by # default because the NTP daemon is not supported. Setting this to true will # disable NTP on the host. kolla_enable_chrony: "{{ ansible_os_family != 'RedHat' or ansible_distribution_major_version | int >= 8 }}" kolla_enable_cinder: "no" kolla_enable_cloudkitty: "no" kolla_enable_collectd: "no" kolla_enable_designate: "no" kolla_enable_elasticsearch: "{{ 'yes' if kolla_enable_central_logging | bool or kolla_enable_freezer | bool or kolla_enable_osprofiler | bool or kolla_enable_skydive | bool or kolla_enable_monasca | bool else 'no' }}" kolla_enable_etcd: "no" kolla_enable_freezer: "no" kolla_enable_glance: "yes" kolla_enable_grafana: "no" kolla_enable_gnocchi: "no" kolla_enable_haproxy: "yes" kolla_enable_heat: "yes" kolla_enable_horizon: "yes" kolla_enable_influxdb: "{{ 'yes' if kolla_enable_monasca | bool else 'no' }}" kolla_enable_ironic: "yes" kolla_enable_ironic_ipxe: "no" kolla_enable_ironic_neutron_agent: "{{ 'yes' if kolla_enable_neutron | bool and kolla_enable_ironic | bool else 'no' }}" kolla_enable_kafka: "{{ 'yes' if kolla_enable_monasca | bool else 'no' }}" kolla_enable_keystone: "yes" kolla_enable_kibana: "{{ 'yes' if kolla_enable_central_logging | bool or kolla_enable_monasca | bool else 'no' }}" kolla_enable_magnum: "no" kolla_enable_manila: "no" # TODO(mgoddard): Change this to a plain "no" when support for # kolla_enable_xtrabackup has been removed. kolla_enable_mariabackup: "{{ kolla_enable_xtrabackup | default('no') }}" kolla_enable_mariadb: "yes" kolla_enable_monasca: "no" kolla_enable_murano: "no" kolla_enable_neutron: "yes" kolla_enable_neutron_lbaas: "no" kolla_enable_neutron_provider_networks: "no" kolla_enable_nova: "yes" kolla_enable_octavia: "no" kolla_enable_osprofiler: "no" kolla_enable_prometheus: "no" kolla_enable_sahara: "no" kolla_enable_skydive: "no" kolla_enable_storm: "{{ 'yes' if kolla_enable_monasca | bool else 'no' }}" kolla_enable_swift: "no" kolla_enable_telegraf: "no" kolla_enable_zookeeper: "{{ 'yes' if kolla_enable_kafka | bool or kolla_enable_storm | bool else 'no' }}" ############################################################################### # Passwords and credentials. # Dictionary containing default custom passwords to add or override in the # Kolla passwords file. kolla_ansible_default_custom_passwords: # SSH key authorized in hosts deployed by Bifrost. bifrost_ssh_key: private_key: "{{ lookup('file', ssh_private_key_path) }}" public_key: "{{ lookup('file', ssh_public_key_path) }}" # SSH key authorized by kolla user on Kolla hosts during # kolla-ansible bootstrap-servers. kolla_ssh_key: private_key: "{{ lookup('file', ssh_private_key_path) }}" public_key: "{{ lookup('file', ssh_public_key_path) }}" # Dictionary containing custom passwords to add or override in the Kolla # passwords file. kolla_ansible_custom_passwords: "{{ kolla_ansible_default_custom_passwords }}" ############################################################################### # TLS certificate bundle management # External API certificate bundle. # # When kolla_enable_tls_external is true, this should contain an X.509 # certificate bundle for the external API. # # Note that this should be formatted as a literal style block scalar. # TODO(mgoddard): Remove the deprecated support for kolla_tls_cert in the # Ussuri cycle. kolla_external_tls_cert: "{{ kolla_tls_cert | default }}" # Path to a CA certificate file to use for the OS_CACERT environment variable # in public-openrc.sh file when TLS is enabled, instead of Kolla-Ansible's # default. kolla_external_fqdn_cacert: # Internal API certificate bundle. # # When kolla_enable_tls_internal is true, this should contain an X.509 # certificate bundle for the internal API. # # Note that this should be formatted as a literal style block scalar. kolla_internal_tls_cert: # Path to a CA certificate file to use for the OS_CACERT environment variable # in admin-openrc.sh file when TLS is enabled, instead of Kolla-Ansible's # default. kolla_internal_fqdn_cacert: