openstack/kayobe
Code Issues Proposed changes
Files
650919f52736b297de50bc48bb7fc71e19cb64a9
kayobe/ansible/group_vars/all/kolla
Mark Goddard 650919f527 Disable chrony container by default 
Fixes an issue where multiple NTP daemons could be running on the
overcloud hosts, due to Kolla Ansible deploying a chrony container by
default starting with the Rocky release.

Kayobe now overrides this default, to ensure that chrony does not conflict
with the NTP daemon deployed on the host. To use the containerised chrony
daemon instead, set ``kolla_enable_chrony`` to ``true`` in
``${KAYOBE_CONFIG_PATH}/kolla.yml``. This will also disable the host NTP
daemon.

To ensure that chrony is not running, Kayobe removes the chrony container
if ``kolla_enable_chrony`` is ``false`` in the following commands:

* ``kayobe overcloud service deploy``
* ``kayobe overcloud service reconfigure``
* ``kayobe overcloud service upgrade``

The play in Kayobe is tagged with ``stop-chrony``.

Change-Id: I89a973c0b600abece79bddcba5a46cc28a4f1df9
Story: 2005272
Task: 30122
2019-07-15 09:29:25 +01:00

418 lines
15 KiB
Plaintext
Raw Blame History

---
###############################################################################
# Kolla installation.
# Type of Kolla control installation. One of 'binary' or 'source'.
kolla_ctl_install_type: source
# Path to directory for kolla source code checkout.
kolla_source_path: "{{ source_checkout_path ~ '/kolla' }}"
# URL of Kolla source code repository if type is 'source'.
kolla_source_url: "https://opendev.org/openstack/kolla"
# Version (branch, tag, etc.) of Kolla source code repository if type is
# 'source'. Default is {{ openstack_branch }}.
kolla_source_version: "{{ openstack_branch }}"
# Path to virtualenv in which to install kolla.
kolla_venv: "{{ virtualenv_path ~ '/kolla' }}"
# Path in which to generate kolla configuration.
kolla_build_config_path: "{{ config_path ~ '/kolla' }}"
###############################################################################
# Kolla-ansible installation.
# Type of Kolla-ansible control installation. One of 'binary' or 'source'.
kolla_ansible_ctl_install_type: source
# Path to directory for kolla-ansible source code checkout.
kolla_ansible_source_path: "{{ lookup('env', 'KOLLA_SOURCE_PATH') | default(lookup('env', 'PWD') ~ '/src/kolla-ansible', true) }}"
# URL of Kolla Ansible source code repository if type is 'source'.
kolla_ansible_source_url: "https://opendev.org/openstack/kolla-ansible"
# Version (branch, tag, etc.) of Kolla Ansible source code repository if type
# is 'source'. Default is {{ openstack_branch }}.
kolla_ansible_source_version: "{{ openstack_branch }}"
# Path to virtualenv in which to install kolla-ansible.
kolla_ansible_venv: "{{ lookup('env', 'KOLLA_VENV_PATH') | default(lookup('env', 'PWD') ~ '/venvs/kolla-ansible', true) }}"
# Extra requirements to install inside the kolla-ansible virtualenv.
kolla_ansible_venv_extra_requirements: []
# Path to Kolla-ansible configuration directory.
kolla_config_path: "{{ lookup('env', 'KOLLA_CONFIG_PATH') | default('/etc/kolla', true) }}"
# Path to Kolla-ansible node custom configuration directory.
kolla_node_custom_config_path: "{{ kolla_config_path }}/config"
###############################################################################
# Kolla configuration.
# Kolla base container image distribution.
kolla_base_distro: "centos"
# Kolla container image type: binary or source.
kolla_install_type: "binary"
# Docker namespace to use for Kolla images.
kolla_docker_namespace: "kolla"
# Url of docker registry to use for Kolla images.
kolla_docker_registry: "{{ docker_registry }}"
# Username to use to access a docker registry.
kolla_docker_registry_username:
# Password to use to access a docker registry.
kolla_docker_registry_password:
# Kolla OpenStack release version. This should be a Docker image tag.
# Default is {{ openstack_release }}.
kolla_openstack_release: "{{ openstack_release }}"
# Dict mapping names of sources to their definitions for
# kolla_install_type=source. See kolla.common.config for details.
# Example:
# kolla_sources:
# ironic_base:
# type: git
# location: https://github.com/openstack/ironic
# reference: master
kolla_sources:
bifrost-base:
type: "git"
location: "{{ kolla_bifrost_source_url }}"
reference: "{{ kolla_bifrost_source_version }}"
###############################################################################
# Kolla image build configuration.
# List of regular expressions matching names of container images to build for
# the seed.
seed_container_image_regex_map:
- regex: bifrost
enabled: True
# List of regular expressions matching names of container images to build for
# the seed.
seed_container_image_regexes: "{{ seed_container_image_regex_map | selectattr('enabled') | map(attribute='regex') | list }}"
# List of container image sets for the seed. This is used when building
# container images to determine which images to build.
seed_container_image_sets:
- type: source
regexes: "{{ seed_container_image_regexes | join(' ') }}"
# List of regular expressions matching names of container images to build for
# overcloud hosts.
overcloud_container_image_regex_map:
- regex: aodh
enabled: "{{ kolla_enable_aodh | bool }}"
- regex: barbican
enabled: "{{ kolla_enable_barbican | bool }}"
- regex: blazar
enabled: "{{ kolla_enable_blazar | bool }}"
- regex: ceilometer
enabled: "{{ kolla_enable_ceilometer | bool }}"
- regex: ceph
enabled: "{{ kolla_enable_ceph | bool }}"
- regex: cinder
enabled: "{{ kolla_enable_cinder | bool }}"
- regex: collectd
enabled: "{{ kolla_enable_collectd | bool }}"
- regex: cron
enabled: True
- regex: designate
enabled: "{{ kolla_enable_designate | bool }}"
- regex: dnsmasq
enabled: "{{ kolla_enable_ironic | bool }}"
- regex: elasticsearch
enabled: "{{ kolla_enable_elasticsearch | bool }}"
- regex: etcd
enabled: "{{ kolla_enable_etcd | bool }}"
- regex: fluentd
enabled: True
- regex: glance
enabled: "{{ kolla_enable_glance | bool }}"
- regex: grafana
enabled: "{{ kolla_enable_grafana | bool }}"
- regex: gnocchi
enabled: "{{ kolla_enable_gnocchi | bool }}"
- regex: ^haproxy$
enabled: "{{ kolla_enable_haproxy | bool }}"
- regex: heat
enabled: "{{ kolla_enable_heat | bool }}"
- regex: horizon
enabled: "{{ kolla_enable_horizon | bool }}"
- regex: influxdb
enabled: "{{ kolla_enable_influxdb | bool }}"
- regex: ironic
enabled: "{{ kolla_enable_ironic | bool }}"
- regex: ironic-neutron-agent
enabled: "{{ kolla_enable_ironic_neutron_agent | bool }}"
- regex: iscsid
enabled: "{{ kolla_enable_cinder | bool or kolla_enable_ironic | bool }}"
- regex: kafka
enabled: "{{ kolla_enable_kafka | bool }}"
- regex: keepalived
enabled: "{{ kolla_enable_haproxy | bool }}"
- regex: keystone
enabled: "{{ kolla_enable_keystone | bool }}"
- regex: kibana
enabled: "{{ kolla_enable_kibana | bool }}"
- regex: kolla-toolbox
enabled: True
- regex: logstash
enabled: "{{ kolla_enable_monasca | bool }}"
- regex: magnum
enabled: "{{ kolla_enable_magnum | bool }}"
- regex: manila
enabled: "{{ kolla_enable_manila | bool }}"
- regex: mariadb
enabled: "{{ kolla_enable_mariadb | bool }}"
- regex: memcached
enabled: True
- regex: murano
enabled: "{{ kolla_enable_murano | bool }}"
- regex: neutron-server
enabled: "{{ kolla_enable_neutron | bool }}"
# Neutron SFC agent not currently supported on CentOS binary builds.
- regex: "neutron-\\(dhcp\\|l3\\|metadata\\|openvswitch\\)-agent"
enabled: "{{ kolla_enable_neutron | bool }}"
- regex: neutron-lbaas-agent
enabled: "{{ kolla_enable_neutron_lbaas | bool }}"
- regex: nova
enabled: "{{ kolla_enable_nova | bool }}"
- regex: octavia
enabled: "{{ kolla_enable_octavia | bool }}"
- regex: openvswitch
enabled: "{{ kolla_enable_neutron | bool }}"
- regex: rabbitmq
enabled: True
- regex: prometheus
enabled: "{{ kolla_enable_prometheus | bool }}"
- regex: sahara
enabled: "{{ kolla_enable_sahara | bool }}"
- regex: skydive
enabled: "{{ kolla_enable_skydive | bool }}"
- regex: storm
enabled: "{{ kolla_enable_storm | bool }}"
- regex: swift
enabled: "{{ kolla_enable_swift | bool }}"
- regex: telegraf
enabled: "{{ kolla_enable_telegraf | bool }}"
- regex: tgtd
enabled: "{{ kolla_enable_cinder | bool or kolla_enable_ironic | bool }}"
- regex: zookeeper
enabled: "{{ kolla_enable_zookeeper | bool }}"
# List of regular expressions matching names of container images to build for
# overcloud hosts.
overcloud_container_image_regexes: "{{ overcloud_container_image_regex_map | selectattr('enabled') | map(attribute='regex') | list }}"
# List of regular expressions matching names of container images to build for
# overcloud hosts. These images only support source builds.
overcloud_container_image_regex_map_source:
- regex: monasca
enabled: "{{ kolla_enable_monasca | bool }}"
# List of regular expressions matching names of container images to build for
# overcloud hosts. These images onlt support source builds.
overcloud_container_image_regexes_source: "{{ overcloud_container_image_regex_map_source | selectattr('enabled') | map(attribute='regex') | list }}"
# List of container image sets for overcloud hosts. This is used when building
# container images to determine which images to build.
overcloud_container_image_sets:
# Default image type.
- regexes: "{{ overcloud_container_image_regexes | join(' ') }}"
# Source-only images.
- regexes: "{{ overcloud_container_image_regexes_source | join(' ') }}"
type: source
# Dict mapping Jinja2 block names in kolla's Docker images to their contents.
kolla_build_blocks: {}
# Dict mapping image customization variable names to their values.
# Each variable takes the form:
# <image name>_<customization>_<operation>
# Hyphens in the image name are replaced with underscores. The customization is
# most commonly packages. The operation should be one of override, append or
# remove. The value should be a list.
kolla_build_customizations: {}
###############################################################################
# Kolla-ansible inventory configuration.
# Full custom seed inventory contents.
kolla_seed_inventory_custom:
# Custom overcloud inventory containing a mapping from top level groups to
# hosts.
kolla_overcloud_inventory_custom_top_level:
# Custom overcloud inventory containing a mapping from components to top level
# groups.
kolla_overcloud_inventory_custom_components:
# Custom overcloud inventory containing a mapping from services to components.
kolla_overcloud_inventory_custom_services:
# Full custom overcloud inventory contents. By default this will be the
# concatenation of the top level, component, and service inventories.
kolla_overcloud_inventory_custom:
# List of groups mapped to kolla storage group.
kolla_overcloud_inventory_storage_groups:
- "storage"
# Dict mapping from kolla-ansible groups to kayobe groups and variables. Each
# item is a dict with the following items:
# * groups: A list of kayobe ansible groups to map to this kolla-ansible group.
# * vars: A dict mapping variable names to values for hosts in this
# kolla-ansible group.
kolla_overcloud_inventory_top_level_group_map:
control:
groups:
- controllers
network:
groups:
- network
compute:
groups:
- compute
monitoring:
groups:
- monitoring
storage:
groups:
"{{ kolla_overcloud_inventory_storage_groups }}"
# List of names of top level kolla-ansible groups. Any of these groups which
# have no hosts mapped to them will be provided with an empty group definition.
kolla_overcloud_inventory_kolla_top_level_groups:
- "control"
- "network"
- "compute"
- "monitoring"
- "storage"
- "deployment"
###############################################################################
# Kolla-ansible configuration.
# Virtualenv directory where Kolla-ansible's ansible modules will execute
# remotely on the target nodes. If None, no virtualenv will be used.
kolla_ansible_target_venv: "{{ virtualenv_path ~ '/kolla-ansible' }}"
# Password to use to encrypt the kolla-ansible passwords.yml file.
kolla_ansible_vault_password: "{{ lookup('env', 'KAYOBE_VAULT_PASSWORD') | default }}"
# Whether TLS is enabled for the external API endpoints.
kolla_enable_tls_external: "no"
# Whether debug logging is enabled.
kolla_openstack_logging_debug: "False"
# Upper constraints file for installation of Kolla.
kolla_upper_constraints_file: "https://opendev.org/openstack/requirements/raw/branch/{{ openstack_branch }}/upper-constraints.txt"
# User account to use for Kolla SSH access.
kolla_ansible_user: kolla
# Primary group of Kolla SSH user.
kolla_ansible_group: kolla
# Whether to use privilege escalation for all operations performed via Kolla
# Ansible.
kolla_ansible_become: true
###############################################################################
# Kolla feature flag configuration.
kolla_enable_aodh: "no"
kolla_enable_barbican: "no"
kolla_enable_blazar: "no"
kolla_enable_central_logging: "no"
kolla_enable_ceph: "no"
kolla_enable_ceilometer: "no"
# The chrony container is disabled by default because we enable an NTP daemon
# on the host. Setting this to true will disable NTP on the host.
kolla_enable_chrony: "no"
kolla_enable_cinder: "no"
kolla_enable_collectd: "no"
kolla_enable_designate: "no"
kolla_enable_elasticsearch: "{{ 'yes' if kolla_enable_central_logging | bool or kolla_enable_freezer | bool or kolla_enable_osprofiler | bool or kolla_enable_skydive | bool or kolla_enable_monasca | bool else 'no' }}"
kolla_enable_etcd: "no"
kolla_enable_freezer: "no"
kolla_enable_glance: "yes"
kolla_enable_grafana: "no"
kolla_enable_gnocchi: "no"
kolla_enable_haproxy: "yes"
kolla_enable_heat: "yes"
kolla_enable_horizon: "yes"
kolla_enable_influxdb: "{{ 'yes' if kolla_enable_monasca | bool else 'no' }}"
kolla_enable_ironic: "yes"
kolla_enable_ironic_ipxe: "no"
kolla_enable_ironic_neutron_agent: "{{ 'yes' if kolla_enable_neutron | bool and kolla_enable_ironic | bool else 'no' }}"
kolla_enable_kafka: "{{ 'yes' if kolla_enable_monasca | bool else 'no' }}"
kolla_enable_keystone: "yes"
kolla_enable_kibana: "{{ 'yes' if kolla_enable_central_logging | bool or kolla_enable_monasca | bool else 'no' }}"
kolla_enable_magnum: "no"
kolla_enable_manila: "no"
kolla_enable_mariadb: "yes"
kolla_enable_monasca: "no"
kolla_enable_murano: "no"
kolla_enable_neutron: "yes"
kolla_enable_neutron_lbaas: "no"
kolla_enable_neutron_provider_networks: "no"
kolla_enable_nova: "yes"
kolla_enable_octavia: "no"
kolla_enable_osprofiler: "no"
kolla_enable_prometheus: "no"
kolla_enable_sahara: "no"
kolla_enable_skydive: "no"
kolla_enable_storm: "{{ 'yes' if kolla_enable_monasca | bool else 'no' }}"
kolla_enable_swift: "no"
kolla_enable_telegraf: "no"
kolla_enable_xtrabackup: "no"
kolla_enable_zookeeper: "{{ 'yes' if kolla_enable_kafka | bool or kolla_enable_storm | bool else 'no' }}"
###############################################################################
# Passwords and credentials.
# Dictionary containing default custom passwords to add or override in the
# Kolla passwords file.
kolla_ansible_default_custom_passwords:
# SSH key authorized in hosts deployed by Bifrost.
bifrost_ssh_key:
private_key: "{{ lookup('file', ssh_private_key_path) }}"
public_key: "{{ lookup('file', ssh_public_key_path) }}"
# SSH key authorized by kolla user on Kolla hosts during
# kolla-ansible bootstrap-servers.
kolla_ssh_key:
private_key: "{{ lookup('file', ssh_private_key_path) }}"
public_key: "{{ lookup('file', ssh_public_key_path) }}"
# Dictionary containing custom passwords to add or override in the Kolla
# passwords file.
kolla_ansible_custom_passwords: "{{ kolla_ansible_default_custom_passwords }}"
###############################################################################
# TLS certificate bundle management
# Optionally copy a TLS certificate bundle into place.
#
# When enabled, this will copy the contents of kolla_tls_cert into place for
# use by HAProxy
#
# Note that this should be formatted as a literal style block scalar.
kolla_tls_cert:
# Path to a CA certificate file to use for the OS_CACERT environment variable in
# openrc files when TLS is enabled, instead of Kolla-Ansible's default.
kolla_external_fqdn_cacert:
View Git Blame Copy Permalink