openstack/kayobe
Code Issues Proposed changes
kayobe/playbooks/kayobe-overcloud-base/overrides.yml.j2
Mark Goddard a0665cd9c6 CI: stop using zuul as kayobe_ansible_user in TLS jobs 
Previously we were using the zuul user in the TLS jobs. This was due to
a permissions issue when accessing the CA certificate in kayobe-config
in the zuul user's home directory.

This change reverts to the default of using the stack user for the TLS
jobs. In order to make this work, the generated CA cert chain is added
to the trust store.

Change-Id: I875f8976df75dee68ba00842fe624c29cc1b123c
2022-03-02 13:34:12 +00:00

51 lines
1.9 KiB
Django/Jinja
Raw Blame History

---
# NOTE(mgoddard): Don't reboot after disabling SELinux during CI testing, as
# Ansible is run directly on the controller.
disable_selinux_do_reboot: false
# Use the OpenStack infra's Dockerhub mirror.
docker_registry_mirrors:
- "http://{{ zuul_site_mirror_fqdn }}:8082/"
kolla_docker_namespace: "openstack.kolla"
# use the published images from a site mirror of quay.io
kolla_docker_registry: "{{ zuul_site_mirror_fqdn }}:4447"
kolla_source_url: "{{ ansible_env.PWD ~ '/' ~ zuul.projects['opendev.org/openstack/kolla'].src_dir }}"
kolla_source_version: "{{ zuul.projects['opendev.org/openstack/kolla'].checkout }}"
kolla_ansible_source_url: "{{ ansible_env.PWD ~ '/' ~ zuul.projects['opendev.org/openstack/kolla-ansible'].src_dir }}"
kolla_ansible_source_version: "{{ zuul.projects['opendev.org/openstack/kolla-ansible'].checkout }}"
kolla_ansible_requirements_yml: "/tmp/kolla-ansible-requirements.yml"
kolla_openstack_logging_debug: True
pip_upper_constraints_file: "/tmp/upper-constraints.txt"
# Use the CI infra's PyPI mirror.
pip_local_mirror: true
pip_index_url: "http://{{ zuul_site_mirror_fqdn }}/pypi/simple"
pip_trusted_hosts:
- "{{ zuul_site_mirror_fqdn }}"
# NOTE(mgoddard): CentOS 8 removes interfaces from their bridge during ifdown,
# and removes the bridge if there are no interfaces left. When Kayobe bounces
# veth links plugged into the bridge, it causes the bridge which has the IP we
# are using for SSH to be removed. Use a dummy interface.
aio_bridge_ports:
- dummy1
# Enable ironic for testing baremetal compute.
kolla_enable_ironic: true
{% if ironic_boot_mode == 'uefi' %}
# iPXE is currently required for UEFI boot mode in Kolla Ansible.
kolla_enable_ironic_ipxe: true
kolla_ironic_enabled_boot_interfaces: [ipxe]
kolla_ironic_default_boot_interface: ipxe
{% endif %}
{% if tls_enabled %}
kolla_enable_tls_external: "yes"
kolla_enable_tls_internal: "yes"
kolla_ironic_pxe_append_params_extra:
- ipa-insecure=1
{% endif %}
View Git Blame Copy Permalink