openstack/kolla-ansible
Code Issues Proposed changes

ansible-lint: Remove yaml[truthy] from excludes

Browse Source 
Normalize quotes and some other easy fixes done by
ansible-lint --fix

Also drop etc from excludes and ignore comment check in
etc/kolla/globals.yml

Pinning to ansible-lint<25.11.0 because 25.11.1 is breaking
without any messages

Change-Id: I7dee3866191cef84cd12b1816cdab0a02380ec7f
Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>
This commit is contained in:
Michal Nasiadka
2025-11-12 15:24:01 +01:00
parent 3bd221a988
commit 78f3c2b5de
74 changed files with 445 additions and 494 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.ansible-lint
View File

@@ -1,10 +1,12 @@
---
exclude_paths:
- etc
- releasenotes
- roles
- tests
- zuul.d
strict: true
# NOTE(mnasiadka): Switched to false due to rules skipped via .ansible-lint-ignore causing
# failures
strict: false
use_default_rules: true
skip_list:
# [E301] Commands should not change things if nothing needs doing
@@ -37,5 +39,4 @@ skip_list:
- risky-shell-pipe
- command-instead-of-shell
- command-instead-of-module
- yaml[truthy]
- yaml[line-length]

1
.ansible-lint-ignore Normal file
View File

@@ -0,0 +1 @@
etc/kolla/globals.yml yaml[comments] skip

1
.gitignore vendored
View File

@@ -53,6 +53,7 @@ releasenotes/build
# Files generated by Ansible
ansible/*.retry
.ansible/
# Others
.DS_Store

4
ansible/bifrost.yml
View File

@@ -2,5 +2,5 @@
- name: Apply role bifrost
hosts: bifrost
roles:
- { role: bifrost,
tags: bifrost}
- role: bifrost
tags: bifrost

2
ansible/gather-facts.yml
View File

@@ -50,7 +50,7 @@
setup:
filter: "{{ kolla_ansible_setup_filter }}"
gather_subset: "{{ kolla_ansible_setup_gather_subset }}"
delegate_facts: True
delegate_facts: true
delegate_to: "{{ item }}"
with_items: "{{ delegate_hosts }}"
when:

2
ansible/group_vars/all/aodh.yml
View File

@@ -1,5 +1,5 @@
---
enable_aodh: "no"
enable_aodh: false
# Ports
aodh_internal_fqdn: "{{ kolla_internal_fqdn }}"

2
ansible/group_vars/all/barbican.yml
View File

@@ -1,5 +1,5 @@
---
enable_barbican: "no"
enable_barbican: false
#######################
# Barbican options

2
ansible/group_vars/all/blazar.yml
View File

@@ -1,5 +1,5 @@
---
enable_blazar: "no"
enable_blazar: false
# Ports
blazar_internal_fqdn: "{{ kolla_internal_fqdn }}"

6
ansible/group_vars/all/ceilometer.yml
View File

@@ -1,4 +1,4 @@
---
enable_ceilometer: "no"
enable_ceilometer_ipmi: "no"
enable_ceilometer_prometheus_pushgateway: "no"
enable_ceilometer: false
enable_ceilometer_ipmi: false
enable_ceilometer_prometheus_pushgateway: false

2
ansible/group_vars/all/ceph-rgw.yml
View File

@@ -1,5 +1,5 @@
---
enable_ceph_rgw: "no"
enable_ceph_rgw: false
enable_ceph_rgw_loadbalancer: "{{ enable_ceph_rgw | bool }}"
ceph_rgw_internal_fqdn: "{{ kolla_internal_fqdn }}"

2
ansible/group_vars/all/ceph.yml
View File

@@ -3,7 +3,7 @@
# External Ceph options
###################
# External Ceph - cephx auth enabled (this is the standard nowadays, defaults to yes)
external_ceph_cephx_enabled: "yes"
external_ceph_cephx_enabled: true
ceph_cluster: "ceph"

24
ansible/group_vars/all/cinder.yml
View File

@@ -1,21 +1,21 @@
---
enable_cinder: "no"
enable_cinder_backup: "yes"
enable_cinder: false
enable_cinder_backup: true
enable_cinder_backend_iscsi: "{{ enable_cinder_backend_lvm | bool }}"
enable_cinder_backend_lvm: "no"
enable_cinder_backend_nfs: "no"
enable_cinder_backend_quobyte: "no"
enable_cinder_backend_pure_iscsi: "no"
enable_cinder_backend_pure_fc: "no"
enable_cinder_backend_pure_roce: "no"
enable_cinder_backend_pure_nvme_tcp: "no"
enable_cinder_backend_lightbits: "no"
enable_cinder_backend_lvm: false
enable_cinder_backend_nfs: false
enable_cinder_backend_quobyte: false
enable_cinder_backend_pure_iscsi: false
enable_cinder_backend_pure_fc: false
enable_cinder_backend_pure_roce: false
enable_cinder_backend_pure_nvme_tcp: false
enable_cinder_backend_lightbits: false
#################################
# Cinder options
#################################
cinder_backend_ceph: "no"
cinder_backend_huawei: "no"
cinder_backend_ceph: false
cinder_backend_huawei: false
cinder_backend_huawei_xml_files: []
cinder_volume_group: "cinder-volumes"
cinder_target_helper: "{{ 'lioadm' if ansible_facts.os_family == 'RedHat' else 'tgtadm' }}"

2
ansible/group_vars/all/cloudkitty.yml
View File

@@ -1,5 +1,5 @@
---
enable_cloudkitty: "no"
enable_cloudkitty: false
#######################
# Cloudkitty options

2
ansible/group_vars/all/collectd.yml
View File

@@ -1,4 +1,4 @@
---
enable_collectd: "no"
enable_collectd: false
collectd_udp_port: "25826"

32
ansible/group_vars/all/common.yml
View File

@@ -31,13 +31,13 @@ docker_image_name_prefix: ""
docker_image_url: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}"
docker_registry_username:
# Please read the docs carefully before applying docker_registry_insecure.
docker_registry_insecure: "no"
docker_registry_insecure: false
docker_runtime_directory: ""
# Docker client timeout in seconds.
docker_client_timeout: 120
# Docker networking options
docker_disable_default_iptables_rules: "yes"
docker_disable_default_iptables_rules: true
docker_disable_default_network: "{{ docker_disable_default_iptables_rules }}"
docker_disable_ip_forward: "{{ docker_disable_default_iptables_rules }}"
@@ -79,14 +79,13 @@ container_engine_volumes_path: "{{ docker_volumes_path if kolla_container_engine
# Podman has problem with mounting whole /run directory
# described here: https://github.com/containers/podman/issues/16305
run_default_volumes_podman:
- '/run/netns:/run/netns:shared'
- '/run/lock/nova:/run/lock/nova:shared'
- "/run/netns:/run/netns:shared"
- "/run/lock/nova:/run/lock/nova:shared"
- "/run/libvirt:/run/libvirt:shared"
- "/run/nova:/run/nova:shared"
- "/run/openvswitch:/run/openvswitch:shared"
run_default_volumes_docker: []
####################
# Dimensions options
####################
@@ -112,7 +111,7 @@ default_podman_dimensions_el9:
#####################
# Healthcheck options
#####################
enable_container_healthchecks: "yes"
enable_container_healthchecks: true
# Healthcheck options for Docker containers
# interval/timeout/start_period are in seconds
default_container_healthcheck_interval: 30
@@ -125,7 +124,6 @@ default_container_healthcheck_start_period: 5
#######################
# Extra volumes for Docker Containers
default_extra_volumes: []
##################
# Firewall options
##################
@@ -174,8 +172,8 @@ kolla_external_fqdn: "{{ kolla_internal_fqdn if kolla_same_external_internal_vip
kolla_dev_repos_directory: "/opt/stack/"
kolla_dev_repos_git: "https://opendev.org/openstack"
kolla_dev_repos_pull: "no"
kolla_dev_mode: "no"
kolla_dev_repos_pull: false
kolla_dev_mode: false
kolla_source_version: "{% if openstack_release == 'master' %}master{% else %}stable/{{ openstack_release }}{% endif %}"
# Proxy settings for containers such as magnum that need internet access
@@ -202,7 +200,6 @@ api_interface_address: "{{ 'api' | kolla_address }}"
####################
kolla_container_engine: "docker"
#########################
# Internal Image options
#########################
@@ -231,10 +228,10 @@ public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}"
internal_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}"
# Additional optional OpenStack features and services are specified here
enable_central_logging: "no"
enable_central_logging: false
# Clean images options are specified here
enable_destroy_images: "no"
enable_destroy_images: false
####################
# Global Options
@@ -244,7 +241,6 @@ enable_destroy_images: "no"
# - container1
# - container2
skip_stop_containers: []
###################
# Messaging options
###################
@@ -319,9 +315,9 @@ openstack_cacert: ""
# Enable core OpenStack services. This includes:
# glance, keystone, neutron, nova, heat, and horizon.
enable_openstack_core: "yes"
enable_openstack_core: true
enable_osprofiler: "no"
enable_osprofiler: false
####################
# Osprofiler options
@@ -334,8 +330,8 @@ osprofiler_backend_connection_string: "{{ valkey_connection_string if osprofiler
######################
# Backend TLS options
######################
kolla_enable_tls_backend: "no"
kolla_verify_tls_backend: "yes"
kolla_enable_tls_backend: false
kolla_verify_tls_backend: true
kolla_tls_backend_cert: "{{ kolla_certificates_dir }}/backend-cert.pem"
kolla_tls_backend_key: "{{ kolla_certificates_dir }}/backend-key.pem"
@@ -351,7 +347,7 @@ database_enable_tls_backend: "{{ 'yes' if ((kolla_enable_tls_backend | bool) and
database_enable_tls_internal: "{{ 'yes' if ((kolla_enable_tls_internal | bool) and (enable_proxysql | bool)) else 'no' }}"
# Optionally allow Kolla to set sysctl values
set_sysctl: "yes"
set_sysctl: true
# Optionally change the path to sysctl.conf modified by Kolla Ansible plays.
kolla_sysctl_conf_path: /etc/sysctl.conf

2
ansible/group_vars/all/cyborg.yml
View File

@@ -1,5 +1,5 @@
---
enable_cyborg: "no"
enable_cyborg: false
cyborg_internal_fqdn: "{{ kolla_internal_fqdn }}"
cyborg_external_fqdn: "{{ kolla_external_fqdn }}"

6
ansible/group_vars/all/designate.yml
View File

@@ -1,5 +1,5 @@
---
enable_designate: "no"
enable_designate: false
designate_keystone_user: "designate"
@@ -10,12 +10,12 @@ designate_keystone_user: "designate"
designate_backend: "bind9"
designate_ns_record:
- "ns1.example.org"
designate_backend_external: "no"
designate_backend_external: false
designate_backend_external_bind9_nameservers: ""
# Valid options are [ '', valkey ]
designate_coordination_backend: "{{ 'valkey' if enable_valkey | bool else '' }}"
designate_enable_notifications_sink: "no"
designate_enable_notifications_sink: false
designate_notifications_topic_name: "notifications_designate"
dns_interface: "{{ network_interface }}"

2
ansible/group_vars/all/etcd.yml
View File

@@ -1,5 +1,5 @@
---
enable_etcd: "no"
enable_etcd: false
etcd_client_port: "2379"
etcd_peer_port: "2380"

2
ansible/group_vars/all/fluentd.yml
View File

@@ -1,5 +1,5 @@
---
enable_fluentd: "yes"
enable_fluentd: true
enable_fluentd_systemd: "{{ (enable_fluentd | bool) and (enable_central_logging | bool) }}"
fluentd_syslog_port: "5140"

12
ansible/group_vars/all/glance.yml
View File

@@ -7,13 +7,13 @@ glance_keystone_user: "glance"
# Glance options
#######################
glance_backend_file: "{{ not (glance_backend_ceph | bool or glance_backend_s3 | bool) }}"
glance_backend_ceph: "no"
glance_backend_s3: "no"
enable_glance_image_cache: "no"
glance_backend_ceph: false
glance_backend_s3: false
enable_glance_image_cache: false
glance_file_datadir_volume: "glance"
glance_enable_rolling_upgrade: "no"
glance_enable_property_protection: "no"
glance_enable_interoperable_image_import: "no"
glance_enable_rolling_upgrade: false
glance_enable_property_protection: false
glance_enable_interoperable_image_import: false
glance_api_hosts: "{{ [groups['glance-api'] | first] if glance_backend_file | bool and glance_file_datadir_volume == 'glance' else groups['glance-api'] }}"
# NOTE(mnasiadka): For use in common role
glance_enable_tls_backend: "{{ kolla_enable_tls_backend }}"

4
ansible/group_vars/all/gnocchi.yml
View File

@@ -1,6 +1,6 @@
---
enable_gnocchi: "no"
enable_gnocchi_statsd: "no"
enable_gnocchi: false
enable_gnocchi_statsd: false
#################
# Gnocchi options

2
ansible/group_vars/all/grafana.yml
View File

@@ -1,5 +1,5 @@
---
enable_grafana: "no"
enable_grafana: false
enable_grafana_external: "{{ enable_grafana | bool }}"
grafana_internal_fqdn: "{{ kolla_internal_fqdn }}"

35
ansible/group_vars/all/haproxy.yml
View File

@@ -1,20 +1,20 @@
---
enable_haproxy: "yes"
enable_haproxy: true
####################
# HAProxy options
####################
haproxy_user: "openstack"
haproxy_enable_external_vip: "{{ 'no' if kolla_same_external_internal_vip | bool else 'yes' }}"
haproxy_enable_http2: "yes"
haproxy_enable_http2: true
haproxy_http2_protocol: "alpn h2,http/1.1"
kolla_enable_tls_internal: "no"
kolla_enable_tls_internal: false
kolla_enable_tls_external: "{{ kolla_enable_tls_internal if kolla_same_external_internal_vip | bool else 'no' }}"
kolla_certificates_dir: "{{ node_config }}/certificates"
kolla_external_fqdn_cert: "{{ kolla_certificates_dir }}/haproxy.pem"
kolla_internal_fqdn_cert: "{{ kolla_certificates_dir }}/haproxy-internal.pem"
kolla_admin_openrc_cacert: ""
kolla_copy_ca_into_containers: "no"
kolla_copy_ca_into_containers: false
haproxy_backend_cacert: "{{ 'ca-certificates.crt' if kolla_base_distro in ['debian', 'ubuntu'] else 'ca-bundle.crt' }}"
haproxy_backend_cacert_dir: "/etc/ssl/certs"
haproxy_single_external_frontend: false
@@ -23,25 +23,26 @@ haproxy_single_external_frontend_public_port: "{{ '443' if kolla_enable_tls_exte
# configure SSL/TLS settings for haproxy config, one of [modern, intermediate, legacy]:
kolla_haproxy_ssl_settings: "modern"
haproxy_ssl_settings: "{{ ssl_legacy_settings if kolla_haproxy_ssl_settings == 'legacy' else ssl_intermediate_settings if kolla_haproxy_ssl_settings == 'intermediate' else ssl_modern_settings | default(ssl_modern_settings) }}"
haproxy_ssl_settings: "{{ ssl_legacy_settings if kolla_haproxy_ssl_settings == 'legacy' else ssl_intermediate_settings if kolla_haproxy_ssl_settings == 'intermediate'
else ssl_modern_settings | default(ssl_modern_settings) }}"
ssl_legacy_settings: |
ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
ssl-default-bind-ciphers DEFAULT:!MEDIUM:!3DES
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
ssl_intermediate_settings: |
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl_modern_settings: |
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
haproxy_stats_port: "1984"
haproxy_monitor_port: "61313"

6
ansible/group_vars/all/ironic.yml
View File

@@ -1,9 +1,9 @@
---
enable_ironic: "no"
enable_ironic: false
enable_ironic_dnsmasq: "{{ enable_ironic | bool }}"
enable_ironic_neutron_agent: "no"
enable_ironic_neutron_agent: false
enable_ironic_prometheus_exporter: "{{ enable_ironic | bool and enable_prometheus | bool }}"
enable_ironic_pxe_filter: "no"
enable_ironic_pxe_filter: false
# Keystone user
ironic_keystone_user: "ironic"

1
ansible/group_vars/all/keystone.yml
View File

@@ -77,7 +77,6 @@ keystone_default_user_role: "member"
# file: "/full/qualified/path/to/mapping/json/file/to/mappingId3"
keystone_identity_providers: []
keystone_identity_mappings: []
keystone_public_port: "{{ haproxy_single_external_frontend_public_port if haproxy_single_external_frontend | bool else keystone_public_listen_port }}"
keystone_public_listen_port: "5000"
keystone_internal_port: "5000"

2
ansible/group_vars/all/kuryr.yml
View File

@@ -1,4 +1,4 @@
---
enable_kuryr: "no"
enable_kuryr: false
kuryr_port: "23750"

2
ansible/group_vars/all/letsencrypt.yml
View File

@@ -1,5 +1,5 @@
---
enable_letsencrypt: "no"
enable_letsencrypt: false
#####################
# ACME client options

2
ansible/group_vars/all/magnum.yml
View File

@@ -1,5 +1,5 @@
---
enable_magnum: "no"
enable_magnum: false
magnum_internal_fqdn: "{{ kolla_internal_fqdn }}"
magnum_external_fqdn: "{{ kolla_external_fqdn }}"

14
ansible/group_vars/all/manila.yml
View File

@@ -1,11 +1,11 @@
---
enable_manila: "no"
enable_manila_backend_generic: "no"
enable_manila_backend_hnas: "no"
enable_manila_backend_cephfs_native: "no"
enable_manila_backend_cephfs_nfs: "no"
enable_manila_backend_glusterfs_nfs: "no"
enable_manila_backend_flashblade: "no"
enable_manila: false
enable_manila_backend_generic: false
enable_manila_backend_hnas: false
enable_manila_backend_cephfs_native: false
enable_manila_backend_cephfs_nfs: false
enable_manila_backend_glusterfs_nfs: false
enable_manila_backend_flashblade: false
ceph_manila_user: "manila"

10
ansible/group_vars/all/mariadb.yml
View File

@@ -1,18 +1,18 @@
---
enable_mariadb: "yes"
enable_mariabackup: "no"
enable_mariadb: true
enable_mariabackup: false
#############################################
# MariaDB component-specific database details
#############################################
# Whether to configure haproxy to load balance
# the external MariaDB server(s)
enable_external_mariadb_load_balancer: "no"
enable_external_mariadb_load_balancer: false
# Whether to use pre-configured databases / users
use_preconfigured_databases: "no"
use_preconfigured_databases: false
# whether to use a common, preconfigured user
# for all component databases
use_common_mariadb_user: "no"
use_common_mariadb_user: false
mariadb_port: "{{ database_port }}"
mariadb_wsrep_port: "4567"

2
ansible/group_vars/all/masakari.yml
View File

@@ -1,5 +1,5 @@
---
enable_masakari: "no"
enable_masakari: false
enable_masakari_instancemonitor: "{{ enable_masakari | bool }}"
enable_masakari_hostmonitor: "{{ enable_masakari | bool }}"

4
ansible/group_vars/all/memcached.yml
View File

@@ -1,10 +1,10 @@
---
enable_memcached: "yes"
enable_memcached: true
# NOTE: Most memcached clients handle load-balancing via client side
# hashing (consistent or not) logic, so going under the covers and messing
# with things that the clients are not aware of is generally wrong
enable_haproxy_memcached: "no"
enable_haproxy_memcached: false
memcached_port: "11211"
memcache_security_strategy: "ENCRYPT"

2
ansible/group_vars/all/mistral.yml
View File

@@ -1,5 +1,5 @@
---
enable_mistral: "no"
enable_mistral: false
mistral_internal_fqdn: "{{ kolla_internal_fqdn }}"
mistral_external_fqdn: "{{ kolla_external_fqdn }}"

2
ansible/group_vars/all/multipathd.yml
View File

@@ -1,2 +1,2 @@
---
enable_multipathd: "no"
enable_multipathd: false

39
ansible/group_vars/all/neutron.yml
View File

@@ -1,24 +1,24 @@
---
enable_neutron: "{{ enable_openstack_core | bool }}"
enable_neutron_vpnaas: "no"
enable_neutron_sriov: "no"
enable_neutron_mlnx: "no"
enable_neutron_dvr: "no"
enable_neutron_fwaas: "no"
enable_neutron_qos: "no"
enable_neutron_agent_ha: "no"
enable_neutron_bgp_dragent: "no"
enable_neutron_provider_networks: "no"
enable_neutron_segments: "no"
enable_neutron_packet_logging: "no"
enable_neutron_sfc: "no"
enable_neutron_taas: "no"
enable_neutron_trunk: "no"
enable_neutron_metering: "no"
enable_neutron_infoblox_ipam_agent: "no"
enable_neutron_port_forwarding: "no"
neutron_enable_ovn_agent: "no"
enable_neutron_vpnaas: false
enable_neutron_sriov: false
enable_neutron_mlnx: false
enable_neutron_dvr: false
enable_neutron_fwaas: false
enable_neutron_qos: false
enable_neutron_agent_ha: false
enable_neutron_bgp_dragent: false
enable_neutron_provider_networks: false
enable_neutron_segments: false
enable_neutron_packet_logging: false
enable_neutron_sfc: false
enable_neutron_taas: false
enable_neutron_trunk: false
enable_neutron_metering: false
enable_neutron_infoblox_ipam_agent: false
enable_neutron_port_forwarding: false
neutron_enable_ovn_agent: false
neutron_keystone_user: "neutron"
@@ -50,7 +50,7 @@ computes_need_external_bridge: "{{ (enable_neutron_dvr | bool and neutron_comput
neutron_dnsmasq_dns_servers: "1.1.1.1,8.8.8.8,8.8.4.4"
# Enable distributed floating ip for OVN deployments
neutron_ovn_distributed_fip: "no"
neutron_ovn_distributed_fip: false
# SRIOV physnet:interface mappings when SRIOV is enabled
# "sriovnet1" and tunnel_interface used here as placeholders
@@ -60,7 +60,6 @@ neutron_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
# Set OVN network availability zones
neutron_ovn_availability_zones: []
neutron_internal_fqdn: "{{ kolla_internal_fqdn }}"
neutron_external_fqdn: "{{ kolla_external_fqdn }}"
neutron_internal_endpoint: "{{ neutron_internal_fqdn | kolla_url(internal_protocol, neutron_server_port) }}"

12
ansible/group_vars/all/nova.yml
View File

@@ -1,19 +1,19 @@
---
enable_cells: "no"
enable_cells: false
enable_nova: "{{ enable_openstack_core | bool }}"
enable_nova_libvirt_container: "{{ nova_compute_virt_type in ['kvm', 'qemu'] }}"
enable_nova_serialconsole_proxy: "no"
enable_nova_ssh: "yes"
enable_nova_serialconsole_proxy: false
enable_nova_ssh: true
#######################
# Nova options
#######################
nova_backend_ceph: "no"
nova_backend_ceph: false
nova_backend: "{{ 'rbd' if nova_backend_ceph | bool else 'default' }}"
# Valid options are [ kvm, qemu ]
nova_compute_virt_type: "kvm"
nova_instance_datadir_volume: "{{ 'nova_compute' if enable_nova_libvirt_container | bool else '/var/lib/nova' }}"
nova_safety_upgrade: "no"
nova_safety_upgrade: false
# Valid options are [ none, novnc, spice ]
nova_console: "novnc"
@@ -34,7 +34,7 @@ nova_cell0_database_address: "{{ nova_database_address }}"
nova_cell0_database_password: "{{ nova_database_password }}"
# Nova fake driver and the number of fake driver per compute node
enable_nova_fake: "no"
enable_nova_fake: false
num_nova_fake_per_node: 5
migration_interface: "{{ api_interface }}"

2
ansible/group_vars/all/octavia.yml
View File

@@ -1,5 +1,5 @@
---
enable_octavia: "no"
enable_octavia: false
enable_octavia_driver_agent: "{{ enable_octavia | bool and neutron_plugin_agent == 'ovn' }}"
enable_octavia_jobboard: "{{ enable_octavia | bool and 'amphora' in octavia_provider_drivers }}"

2
ansible/group_vars/all/openvswitch.yml
View File

@@ -1,6 +1,6 @@
---
enable_openvswitch: "{{ enable_neutron | bool }}"
enable_ovs_dpdk: "no"
enable_ovs_dpdk: false
ovs_datapath: "{{ 'netdev' if enable_ovs_dpdk | bool else 'system' }}"

6
ansible/group_vars/all/prometheus.yml
View File

@@ -1,5 +1,5 @@
---
enable_prometheus: "no"
enable_prometheus: false
############
# Prometheus
@@ -13,9 +13,9 @@ enable_prometheus_cadvisor: "{{ enable_prometheus | bool }}"
enable_prometheus_fluentd_integration: "{{ enable_prometheus | bool and enable_fluentd | bool }}"
enable_prometheus_alertmanager: "{{ enable_prometheus | bool }}"
enable_prometheus_alertmanager_external: "{{ enable_prometheus_alertmanager | bool }}"
enable_prometheus_ceph_mgr_exporter: "no"
enable_prometheus_ceph_mgr_exporter: false
enable_prometheus_openstack_exporter: "{{ enable_prometheus | bool }}"
enable_prometheus_openstack_exporter_external: "no"
enable_prometheus_openstack_exporter_external: false
enable_prometheus_elasticsearch_exporter: "{{ enable_prometheus | bool and enable_opensearch | bool }}"
enable_prometheus_blackbox_exporter: "{{ enable_prometheus | bool }}"
enable_prometheus_rabbitmq_exporter: "{{ enable_prometheus | bool and enable_rabbitmq | bool }}"

2
ansible/group_vars/all/rabbitmq.yml
View File

@@ -7,7 +7,7 @@ enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transpor
rabbitmq_user: "openstack"
rabbitmq_monitoring_user: ""
# Whether to enable TLS encryption for RabbitMQ client-server communication.
rabbitmq_enable_tls: "no"
rabbitmq_enable_tls: false
# CA certificate bundle in RabbitMQ container.
rabbitmq_cacert: "/etc/ssl/certs/{{ 'ca-certificates.crt' if kolla_base_distro in ['debian', 'ubuntu'] else 'ca-bundle.crt' }}"
rabbitmq_datadir_volume: "rabbitmq"

2
ansible/group_vars/all/skyline.yml
View File

@@ -1,5 +1,5 @@
---
enable_skyline: "no"
enable_skyline: false
skyline_apiserver_internal_fqdn: "{{ kolla_internal_fqdn }}"
skyline_apiserver_external_fqdn: "{{ kolla_external_fqdn }}"

2
ansible/group_vars/all/tacker.yml
View File

@@ -1,5 +1,5 @@
---
enable_tacker: "no"
enable_tacker: false
tacker_internal_fqdn: "{{ kolla_internal_fqdn }}"
tacker_external_fqdn: "{{ kolla_external_fqdn }}"

4
ansible/group_vars/all/telegraf.yml
View File

@@ -1,9 +1,9 @@
---
enable_telegraf: "no"
enable_telegraf: false
##########
# Telegraf
##########
# Configure telegraf to use the docker daemon itself as an input for
# telemetry data.
telegraf_enable_docker_input: "no"
telegraf_enable_docker_input: false

4
ansible/group_vars/all/trove.yml
View File

@@ -1,6 +1,6 @@
---
enable_trove: "no"
enable_trove_singletenant: "no"
enable_trove: false
enable_trove_singletenant: false
trove_internal_fqdn: "{{ kolla_internal_fqdn }}"
trove_external_fqdn: "{{ kolla_external_fqdn }}"

2
ansible/group_vars/all/valkey.yml
View File

@@ -1,5 +1,5 @@
---
enable_valkey: "no"
enable_valkey: false
valkey_connection_string: >-
redis://{%-

2
ansible/group_vars/all/watcher.yml
View File

@@ -1,5 +1,5 @@
---
enable_watcher: "no"
enable_watcher: false
watcher_internal_fqdn: "{{ kolla_internal_fqdn }}"
watcher_external_fqdn: "{{ kolla_external_fqdn }}"

9
ansible/group_vars/all/zun.yml
View File

@@ -1,16 +1,15 @@
---
enable_zun: "no"
enable_zun: false
# Extra docker options for Zun
docker_configure_for_zun: "no"
docker_configure_for_zun: false
docker_zun_options: -H tcp://{{ api_interface_address | put_address_in_context('url') }}:2375
docker_zun_config: {}
# Extra containerd options for Zun
containerd_configure_for_zun: "no"
containerd_configure_for_zun: false
# Enable Ceph backed Cinder Volumes for zun
zun_configure_for_cinder_ceph: "no"
zun_configure_for_cinder_ceph: false
# 42463 is the static group id of the zun user in the Zun image.
# If users customize this value on building the Zun images,

4
ansible/kolla-host.yml
View File

@@ -10,5 +10,5 @@
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: openstack.kolla.baremetal,
tags: baremetal }
- role: openstack.kolla.baremetal
tags: baremetal

10
ansible/mariadb.yml
View File

@@ -4,7 +4,7 @@
gather_facts: false
hosts:
- mariadb
- '&enable_mariadb_True'
- "&enable_mariadb_True"
max_fail_percentage: >-
{{ mariadb_max_fail_percentage |
default(kolla_max_fail_percentage) |
@@ -19,7 +19,7 @@
gather_facts: false
hosts:
- mariadb_restart
- '&enable_mariadb_True'
- "&enable_mariadb_True"
# Restart in batches
serial: "33%"
max_fail_percentage: >-
@@ -37,7 +37,7 @@
gather_facts: false
hosts:
- mariadb_start
- '&enable_mariadb_True'
- "&enable_mariadb_True"
# Start in batches
serial: "33%"
max_fail_percentage: >-
@@ -55,7 +55,7 @@
gather_facts: false
hosts:
- mariadb_bootstrap_restart
- '&enable_mariadb_True'
- "&enable_mariadb_True"
max_fail_percentage: >-
{{ mariadb_max_fail_percentage |
default(kolla_max_fail_percentage) |
@@ -71,7 +71,7 @@
gather_facts: false
hosts:
- mariadb
- '&enable_mariadb_True'
- "&enable_mariadb_True"
max_fail_percentage: >-
{{ mariadb_max_fail_percentage |
default(kolla_max_fail_percentage) |

6
ansible/mariadb_backup.yml
View File

@@ -6,6 +6,6 @@
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: mariadb,
tags: mariadb,
when: enable_mariabackup | bool }
- role: mariadb
tags: mariadb
when: enable_mariabackup | bool

6
ansible/mariadb_recovery.yml
View File

@@ -6,8 +6,8 @@
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: mariadb,
tags: mariadb,
when: enable_mariadb | bool }
- role: mariadb
tags: mariadb
when: enable_mariadb | bool
vars:
mariadb_recover: true

20
ansible/nova.yml
View File

@@ -30,7 +30,7 @@
gather_facts: false
hosts:
- nova-api
- '&enable_nova_True'
- "&enable_nova_True"
tags:
- nova
- nova-bootstrap
@@ -68,7 +68,7 @@
gather_facts: false
hosts:
- nova-conductor
- '&enable_nova_True'
- "&enable_nova_True"
tags:
- nova
- nova-bootstrap
@@ -106,7 +106,7 @@
- nova-api
- nova-scheduler
- nova-super-conductor
- '&enable_nova_True'
- "&enable_nova_True"
tags:
- nova
- nova-api
@@ -131,7 +131,7 @@
- nova-novncproxy
- nova-serialproxy
- nova-spicehtml5proxy
- '&enable_nova_True'
- "&enable_nova_True"
tags:
- nova
- nova-cell
@@ -153,7 +153,7 @@
gather_facts: false
hosts:
- nova-scheduler
- '&enable_nova_True'
- "&enable_nova_True"
tags:
- nova
- nova-api
@@ -181,7 +181,7 @@
gather_facts: false
hosts:
- nova-super-conductor
- '&enable_nova_True'
- "&enable_nova_True"
tags:
- nova
- nova-reload
@@ -209,7 +209,7 @@
- nova-novncproxy
- nova-serialproxy
- nova-spicehtml5proxy
- '&enable_nova_True'
- "&enable_nova_True"
tags:
- nova
- nova-reload
@@ -233,7 +233,7 @@
hosts:
- nova-api
- nova-scheduler
- '&enable_nova_True'
- "&enable_nova_True"
tags:
- nova
- nova-reload
@@ -259,7 +259,7 @@
gather_facts: false
hosts:
- nova-api
- '&enable_nova_True'
- "&enable_nova_True"
tags:
- nova
- nova-api
@@ -284,7 +284,7 @@
gather_facts: false
hosts:
- nova-conductor
- '&enable_nova_True'
- "&enable_nova_True"
tags:
- nova
- nova-cell

2
ansible/post-deploy.yml
View File

@@ -1,7 +1,7 @@
---
- name: Determining whether we need become=true
hosts: localhost
gather_facts: no
gather_facts: false
tasks:
- name: Get stats of {{ node_config }}
stat:

30
ansible/rabbitmq.yml
View File

@@ -4,7 +4,7 @@
gather_facts: false
hosts:
- rabbitmq
- '&enable_rabbitmq_True'
- "&enable_rabbitmq_True"
max_fail_percentage: >-
{{ rabbitmq_max_fail_percentage |
default(kolla_max_fail_percentage) |
@@ -15,23 +15,23 @@
- import_role:
name: rabbitmq
vars:
role_rabbitmq_cluster_cookie: '{{ rabbitmq_cluster_cookie }}'
role_rabbitmq_cluster_port: '{{ rabbitmq_cluster_port }}'
role_rabbitmq_epmd_port: '{{ rabbitmq_epmd_port }}'
role_rabbitmq_cluster_cookie: "{{ rabbitmq_cluster_cookie }}"
role_rabbitmq_cluster_port: "{{ rabbitmq_cluster_port }}"
role_rabbitmq_epmd_port: "{{ rabbitmq_epmd_port }}"
role_rabbitmq_groups: rabbitmq
role_rabbitmq_management_port: '{{ rabbitmq_management_port }}'
role_rabbitmq_monitoring_password: '{{ rabbitmq_monitoring_password }}'
role_rabbitmq_monitoring_user: '{{ rabbitmq_monitoring_user }}'
role_rabbitmq_password: '{{ rabbitmq_password }}'
role_rabbitmq_port: '{{ rabbitmq_port }}'
role_rabbitmq_prometheus_port: '{{ rabbitmq_prometheus_port }}'
role_rabbitmq_user: '{{ rabbitmq_user }}'
role_rabbitmq_management_port: "{{ rabbitmq_management_port }}"
role_rabbitmq_monitoring_password: "{{ rabbitmq_monitoring_password }}"
role_rabbitmq_monitoring_user: "{{ rabbitmq_monitoring_user }}"
role_rabbitmq_password: "{{ rabbitmq_password }}"
role_rabbitmq_port: "{{ rabbitmq_port }}"
role_rabbitmq_prometheus_port: "{{ rabbitmq_prometheus_port }}"
role_rabbitmq_user: "{{ rabbitmq_user }}"
- name: Restart rabbitmq services
gather_facts: false
hosts:
- rabbitmq_restart
- '&enable_rabbitmq_True'
- "&enable_rabbitmq_True"
# Restart in batches
serial: "33%"
max_fail_percentage: >-
@@ -45,14 +45,14 @@
name: rabbitmq
tasks_from: restart_services.yml
vars:
role_rabbitmq_cluster_cookie: '{{ rabbitmq_cluster_cookie }}'
role_rabbitmq_cluster_cookie: "{{ rabbitmq_cluster_cookie }}"
role_rabbitmq_groups: rabbitmq
- name: Apply rabbitmq post-configuration
gather_facts: false
hosts:
- rabbitmq
- '&enable_rabbitmq_True'
- "&enable_rabbitmq_True"
max_fail_percentage: >-
{{ rabbitmq_max_fail_percentage |
default(kolla_max_fail_percentage) |
@@ -66,5 +66,5 @@
tasks_from: post-deploy.yml
when: kolla_action in ['deploy', 'reconfigure', 'upgrade']
vars:
role_rabbitmq_cluster_cookie: '{{ rabbitmq_cluster_cookie }}'
role_rabbitmq_cluster_cookie: "{{ rabbitmq_cluster_cookie }}"
role_rabbitmq_groups: rabbitmq

2
ansible/roles/cinder/defaults/main.yml
View File

@@ -42,7 +42,7 @@ cinder_services:
group: cinder-volume
enabled: true
image: "{{ cinder_volume_image_full }}"
privileged: True
privileged: true
ipc_mode: "host"
tmpfs: "{{ cinder_volume_tmpfs }}"
volumes: "{{ cinder_volume_default_volumes + cinder_volume_extra_volumes + lookup('vars', 'run_default_volumes_' + kolla_container_engine) }}"

6
ansible/roles/common/defaults/main.yml
View File

@@ -3,13 +3,13 @@ common_services:
kolla-toolbox:
container_name: kolla_toolbox
group: kolla-toolbox
enabled: True
enabled: true
image: "{{ kolla_toolbox_image_full }}"
environment:
ANSIBLE_NOCOLOR: "1"
ANSIBLE_LIBRARY: "/usr/share/ansible"
REQUESTS_CA_BUNDLE: "{{ openstack_cacert }}"
privileged: True
privileged: true
volumes: "{{ kolla_toolbox_default_volumes + kolla_toolbox_extra_volumes + lookup('vars', 'run_default_volumes_' + kolla_container_engine) }}"
dimensions: "{{ kolla_toolbox_dimensions }}"
@@ -29,7 +29,7 @@ kolla_toolbox_default_volumes:
- "/etc/localtime:/etc/localtime:ro"
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
- "/dev/:/dev/"
- "/run/:/run/{{ ':shared' if kolla_container_engine == 'docker' else '' }}" # see: https://github.com/containers/podman/issues/16305
- "/run/:/run/{{ ':shared' if kolla_container_engine == 'docker' else '' }}" # see: https://github.com/containers/podman/issues/16305
- "kolla_logs:/var/log/kolla/"
kolla_toolbox_extra_volumes: "{{ default_extra_volumes }}"

14
ansible/roles/etcd/handlers/main.yml
View File

@@ -1,13 +1,13 @@
---
- name: Bootstrap etcd on new cluster
include_tasks: 'bootstrap_cluster.yml'
include_tasks: "bootstrap_cluster.yml"
when:
- kolla_action != "config"
listen:
- Bootstrap etcd cluster
- name: Look up the cluster leader
include_tasks: 'lookup_leader.yml'
include_tasks: "lookup_leader.yml"
listen:
- Restart etcd container
- Bootstrap etcd services
@@ -15,7 +15,7 @@
- Check for deleted members
- name: Bootstrap etcd on new services
include_tasks: 'bootstrap_services.yml'
include_tasks: "bootstrap_services.yml"
when:
- groups.etcd_had_volume_False is defined
- inventory_hostname in groups.etcd_had_volume_False
@@ -25,7 +25,7 @@
# When upgrading an etcd cluster we have to do it one by one
- name: Upgrade etcd non-leaders
include_tasks: 'restart_services.yml'
include_tasks: "restart_services.yml"
when:
- inventory_hostname not in (groups.etcd_is_leader_True | default([]))
- kolla_action == "upgrade"
@@ -36,7 +36,7 @@
# When there is no upgrade we can restart 25% of the services without
# losing quorum.
- name: Rolling restart of etcd non-leaders
include_tasks: 'restart_services.yml'
include_tasks: "restart_services.yml"
when:
- inventory_hostname not in (groups.etcd_is_leader_True | default([]))
- groups.etcd.index(inventory_hostname) % 4 == item
@@ -52,7 +52,7 @@
- 3
- name: Restart etcd leader
include_tasks: 'restart_services.yml'
include_tasks: "restart_services.yml"
when:
- inventory_hostname in (groups.etcd_is_leader_True | default([]))
listen:
@@ -61,7 +61,7 @@
- Bootstrap etcd cluster
- name: Remove deleted members
include_tasks: 'remove_deleted_members.yml'
include_tasks: "remove_deleted_members.yml"
when:
- kolla_action != "config"
listen:

2
ansible/roles/horizon/defaults/main.yml
View File

@@ -162,7 +162,7 @@ horizon_source_version: "{{ kolla_source_version }}"
# In some cases, such as when using OIDC, horizon will need to be configured with Keystone's public URL.
# Therefore, instead of overriding the whole "horizon_keystone_url", this change allows an easier integration because
# the Keystone public URL is already defined with variable "keystone_public_url".
horizon_use_keystone_public_url: False
horizon_use_keystone_public_url: false
###################
# Copy certificates

2
ansible/roles/ironic/tasks/precheck.yml
View File

@@ -72,7 +72,7 @@
msg: >
ironic_dnsmasq_dhcp_ranges must be a list
connection: local
run_once: True
run_once: true
when:
- enable_ironic_dnsmasq | bool
- not ironic_dnsmasq_dhcp_ranges is sequence

4
ansible/roles/keystone/defaults/main.yml
View File

@@ -274,8 +274,8 @@ horizon_trusted_dashboards: "{{ ['%s://%s/auth/websso/' % (public_protocol, koll
skyline_trusted_dashboards: "{{ ['%s/api/openstack/skyline/api/v1/websso' % (skyline_console_public_endpoint)] if enable_skyline | bool else [] }}"
keystone_trusted_dashboards: "{{ horizon_trusted_dashboards + skyline_trusted_dashboards }}"
keystone_enable_federation_openid: "{{ enable_keystone_federation | bool and keystone_identity_providers | selectattr('protocol', 'equalto', 'openid') | list | count > 0 }}"
keystone_should_remove_attribute_mappings: False
keystone_should_remove_identity_providers: False
keystone_should_remove_attribute_mappings: false
keystone_should_remove_identity_providers: false
keystone_federation_oidc_response_type: "id_token"
# can be set to any supported headers, according to
# https://github.com/OpenIDC/mod_auth_openidc/blob/ea3af872dcdbb4634a7e541c5e8c7326dafbb090/auth_openidc.conf

1
ansible/roles/letsencrypt/defaults/main.yml
View File

@@ -15,7 +15,6 @@ letsencrypt_services:
volumes: "{{ letsencrypt_webserver_default_volumes + letsencrypt_webserver_extra_volumes }}"
dimensions: "{{ letsencrypt_webserver_dimensions }}"
##############
# LetsEncrypt
##############

2
ansible/roles/magnum/defaults/main.yml
View File

@@ -72,7 +72,7 @@ magnum_database_shard:
####################
# Magnum
####################
enable_cluster_user_trust: False
enable_cluster_user_trust: false
# The default cinder volume type to be used for container storage volume in clusters
# that specify the docker-volume-size option. For example gp1, io1 etc
default_docker_volume_type: ""

4
ansible/roles/nova-cell/tasks/create_cells.yml
View File

@@ -11,7 +11,7 @@
action: "start_container"
command: bash -c 'sudo -E kolla_set_configs && sudo kolla_copy_cacerts && nova-manage cell_v2 create_cell{% if nova_cell_name %} --name {{ nova_cell_name }}{% endif %}'
common_options: "{{ docker_common_options }}"
detach: False
detach: false
image: "{{ nova_conductor.image }}"
labels:
BOOTSTRAP:
@@ -37,7 +37,7 @@
action: "start_container"
command: "bash -c 'sudo -E kolla_set_configs && sudo kolla_copy_cacerts && nova-manage cell_v2 update_cell --cell_uuid {{ nova_cell_settings.cell_uuid }}'"
common_options: "{{ docker_common_options }}"
detach: False
detach: false
image: "{{ nova_conductor.image }}"
labels:
BOOTSTRAP:

2
ansible/roles/nova-cell/tasks/discover_computes.yml
View File

@@ -19,4 +19,4 @@
become: true
command: >
{{ kolla_container_engine }} exec -t nova_conductor nova-manage cell_v2 discover_hosts --by-service --cell_uuid {{ nova_cell_settings.cell_uuid }}
changed_when: False
changed_when: false

2
ansible/roles/nova-cell/tasks/external_ceph.yml
View File

@@ -202,4 +202,4 @@
result: "{{ cinder_cephx_raw_key | default }}"
enabled: "{{ cinder_backend_ceph }}"
notify: "{{ libvirt_restart_handlers }}"
no_log: True
no_log: true

6
ansible/roles/nova/tasks/map_cell0.yml
View File

@@ -1,5 +1,5 @@
---
- run_once: True
- run_once: true
delegate_to: "{{ groups[nova_api.group][0] }}"
block:
- name: Create cell0 mappings
@@ -11,7 +11,7 @@
action: "start_container"
command: bash -c 'sudo -E kolla_set_configs && sudo -E kolla_copy_cacerts && nova-manage cell_v2 map_cell0 --database_connection {{ nova_cell0_connection }}'
common_options: "{{ docker_common_options }}"
detach: False
detach: false
image: "{{ nova_api.image }}"
labels:
BOOTSTRAP:
@@ -48,7 +48,7 @@
--database_connection {{ nova_cell0_connection }}
--transport-url {{ nova_cell0_transport_url }}'
common_options: "{{ docker_common_options }}"
detach: False
detach: false
image: "{{ nova_api.image }}"
labels:
BOOTSTRAP:

6
ansible/roles/octavia/defaults/main.yml
View File

@@ -326,7 +326,7 @@ octavia_user_auth:
# - vcpus
octavia_amp_flavor:
name: "amphora"
is_public: no
is_public: false
vcpus: 1
ram: 1024
disk: 5
@@ -380,8 +380,8 @@ octavia_amp_network:
subnet:
name: lb-mgmt-subnet
cidr: "{{ octavia_amp_network_cidr }}"
no_gateway_ip: yes
enable_dhcp: yes
no_gateway_ip: true
enable_dhcp: true
# Octavia management network subnet CIDR.
octavia_amp_network_cidr: 10.1.0.0/24

2
ansible/roles/opensearch/defaults/main.yml
View File

@@ -58,7 +58,7 @@ opensearch_services:
####################
# Register Opensearch internal endpoint in the Keystone service catalogue
opensearch_enable_keystone_registration: False
opensearch_enable_keystone_registration: false
opensearch_cluster_name: "kolla_logging"
opensearch_heap_size: "1g"

2
ansible/roles/openvswitch/tasks/config-host.yml
View File

@@ -10,7 +10,7 @@
# as a error, so it has to be created beforehand.
# See: https://github.com/containers/podman/issues/14781
- name: Create /run/openvswitch directory on host
become: True
become: true
file:
path: /run/openvswitch
state: directory

14
ansible/roles/ovn-controller/tasks/setup-ovs.yml
View File

@@ -15,13 +15,15 @@
# Format: physnet1:br1,physnet2:br2
ovn_mappings: "{{ neutron_physical_networks.split(',') | zip(neutron_bridge_name.split(',')) | map('join', ':') | join(',') }}"
# Format: physnet1:00:11:22:33:44:55,physnet2:00:11:22:33:44:56
ovn_macs: "{% for physnet, bridge in neutron_physical_networks.split(',') | zip(neutron_bridge_name.split(',')) %}{{ physnet }}:{{ ovn_base_mac | random_mac(seed=inventory_hostname + bridge) }}{% if not loop.last %},{% endif %}{% endfor %}"
ovn_macs: "{% for physnet, bridge in neutron_physical_networks.split(',') | zip(neutron_bridge_name.split(',')) %}{{ physnet }}:{{ ovn_base_mac | random_mac(seed=inventory_hostname
+ bridge) }}{% if not loop.last %},{% endif %}{% endfor %}"
ovn_cms_opts: >-
{{
(
[]
+ ( ['enable-chassis-as-gw'] if inventory_hostname in groups['ovn-controller-network'] else [] )
+ ( ['availability-zones=' + neutron_ovn_availability_zones | join(':')] if inventory_hostname in groups['ovn-controller-network'] and neutron_ovn_availability_zones else [] )
+ ( ['availability-zones=' + neutron_ovn_availability_zones | join(':')] if inventory_hostname in groups['ovn-controller-network'] and neutron_ovn_availability_zones
else [] )
) | join(',')
}}
become: true
@@ -43,7 +45,11 @@
- { name: ovn-remote-probe-interval, value: "{{ ovn_remote_probe_interval }}" }
- { name: ovn-openflow-probe-interval, value: "{{ ovn_openflow_probe_interval }}" }
- { name: ovn-monitor-all, value: "{{ ovn_monitor_all | bool }}" }
- { name: ovn-bridge-mappings, value: "{{ ovn_mappings }}", state: "{{ 'present' if (inventory_hostname in groups['ovn-controller-network'] or computes_need_external_bridge | bool) else 'absent' }}" }
- { name: ovn-chassis-mac-mappings, value: "{{ ovn_macs }}", state: "{{ 'present' if inventory_hostname in groups['ovn-controller-compute'] else 'absent' }}" }
- name: ovn-bridge-mappings
value: "{{ ovn_mappings }}"
state: "{{ 'present' if (inventory_hostname in groups['ovn-controller-network'] or computes_need_external_bridge | bool) else 'absent' }}"
- name: ovn-chassis-mac-mappings
value: "{{ ovn_macs }}"
state: "{{ 'present' if inventory_hostname in groups['ovn-controller-compute'] else 'absent' }}"
- { name: ovn-cms-options, value: "{{ ovn_cms_opts }}", state: "{{ 'present' if ovn_cms_opts != '' else 'absent' }}" }
when: inventory_hostname in groups.get('ovn-controller', [])

2
ansible/roles/valkey/tasks/upgrade.yml
View File

@@ -17,7 +17,6 @@
- name: Perform Redis to Valkey migration steps
when: redis_container_facts.containers['redis'] is defined
block:
- name: Set temporary Valkey migration vars
set_fact:
valkey_server_port: "6380"
@@ -120,7 +119,6 @@
valkey_sentinel_monitor_name: "kolla"
_valkey_migration: false
- name: Reconfigure/Redeploy Valkey on default ports
import_tasks: reconfigure.yml

235
ansible/site.yml
View File

@@ -132,7 +132,7 @@
gather_facts: false
hosts:
- loadbalancer
- '&enable_loadbalancer_True'
- "&enable_loadbalancer_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ loadbalancer_max_fail_percentage |
@@ -351,85 +351,79 @@
gather_facts: false
hosts:
- opensearch
- '&enable_opensearch_True'
- "&enable_opensearch_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ opensearch_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: opensearch,
tags: opensearch }
- { role: opensearch, tags: opensearch }
- name: Apply role letsencrypt
gather_facts: false
hosts:
- letsencrypt
- '&enable_letsencrypt_True'
- "&enable_letsencrypt_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ letsencrypt_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: letsencrypt,
tags: letsencrypt }
- { role: letsencrypt, tags: letsencrypt }
- name: Apply role collectd
gather_facts: false
hosts:
- collectd
- '&enable_collectd_True'
- "&enable_collectd_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ collectd_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: collectd,
tags: collectd }
- { role: collectd, tags: collectd }
- name: Apply role influxdb
gather_facts: false
hosts:
- influxdb
- '&enable_influxdb_True'
- "&enable_influxdb_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ influxdb_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: influxdb,
tags: influxdb }
- { role: influxdb, tags: influxdb }
- name: Apply role telegraf
gather_facts: false
hosts:
- telegraf
- '&enable_telegraf_True'
- "&enable_telegraf_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ telegraf_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: telegraf,
tags: telegraf }
- { role: telegraf, tags: telegraf }
- name: Apply role valkey
gather_facts: false
hosts:
- valkey
- '&enable_valkey_True'
- "&enable_valkey_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ valkey_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: valkey,
tags: valkey }
- { role: valkey, tags: valkey }
# MariaDB deployment is more complicated than other services, so is covered in
# its own playbook.
@@ -439,15 +433,14 @@
gather_facts: false
hosts:
- memcached
- '&enable_memcached_True'
- "&enable_memcached_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ memcached_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: memcached,
tags: [memcache, memcached] }
- { role: memcached, tags: [memcache, memcached] }
- name: Apply role prometheus
gather_facts: false
@@ -460,60 +453,55 @@
- prometheus-elasticsearch-exporter
- prometheus-blackbox-exporter
- prometheus-libvirt-exporter
- '&enable_prometheus_True'
- "&enable_prometheus_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ prometheus_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: prometheus,
tags: prometheus }
- { role: prometheus, tags: prometheus }
- name: Apply role prometheus-node-exporters
gather_facts: false
hosts:
- prometheus-node-exporter
- prometheus-cadvisor
- '&enable_prometheus_True'
- "&enable_prometheus_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ prometheus_node_exporters_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: prometheus-node-exporters,
tags: [prometheus, prometheus-node-exporters],
when: enable_prometheus | bool }
- { role: prometheus-node-exporters, tags: [prometheus, prometheus-node-exporters], when: enable_prometheus | bool }
- name: Apply role iscsi
gather_facts: false
hosts:
- iscsid
- tgtd
- '&enable_iscsid_True'
- "&enable_iscsid_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ iscsid_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: iscsi,
tags: iscsi }
- { role: iscsi, tags: iscsi }
- name: Apply role multipathd
gather_facts: false
hosts:
- multipathd
- '&enable_multipathd_True'
- "&enable_multipathd_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ multipathd_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: multipathd,
tags: multipathd }
- { role: multipathd, tags: multipathd }
- import_playbook: rabbitmq.yml
@@ -521,28 +509,26 @@
gather_facts: false
hosts:
- etcd
- '&enable_etcd_True'
- "&enable_etcd_True"
max_fail_percentage: >-
{{ etcd_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: etcd,
tags: etcd }
- { role: etcd, tags: etcd }
- name: Apply role keystone
gather_facts: false
hosts:
- keystone
- '&enable_keystone_True'
- "&enable_keystone_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ keystone_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: keystone,
tags: keystone }
- { role: keystone, tags: keystone }
- name: Apply role ceph-rgw
gather_facts: false
@@ -550,29 +536,27 @@
# NOTE(mgoddard): This is only used to register Keystone services, and
# can run on any host running kolla-toolbox.
- kolla-toolbox
- '&enable_ceph_rgw_True'
- "&enable_ceph_rgw_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ ceph_rgw_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: ceph-rgw,
tags: ceph-rgw }
- { role: ceph-rgw, tags: ceph-rgw }
- name: Apply role glance
gather_facts: false
hosts:
- glance-api
- '&enable_glance_True'
- "&enable_glance_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ glance_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: glance,
tags: glance }
- { role: glance, tags: glance }
- name: Apply role ironic
gather_facts: false
@@ -581,15 +565,14 @@
- ironic-conductor
- ironic-tftp
- ironic-http
- '&enable_ironic_True'
- "&enable_ironic_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ ironic_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: ironic,
tags: ironic }
- { role: ironic, tags: ironic }
- name: Apply role cinder
gather_facts: false
@@ -598,73 +581,66 @@
- cinder-backup
- cinder-scheduler
- cinder-volume
- '&enable_cinder_True'
- "&enable_cinder_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ cinder_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: cinder,
tags: cinder }
- { role: cinder, tags: cinder }
- name: Apply role placement
gather_facts: false
hosts:
- placement-api
- '&enable_placement_True'
- "&enable_placement_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ placement_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: placement,
tags: placement }
- { role: placement, tags: placement }
- name: Apply role openvswitch
gather_facts: false
hosts:
- openvswitch
- '&enable_openvswitch_True_enable_ovs_dpdk_False'
- "&enable_openvswitch_True_enable_ovs_dpdk_False"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ openvswitch_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: openvswitch,
tags: openvswitch,
when: "(enable_openvswitch | bool) and not (enable_ovs_dpdk | bool)"}
- { role: openvswitch, tags: openvswitch, when: "(enable_openvswitch | bool) and not (enable_ovs_dpdk | bool)" }
- name: Apply role ovs-dpdk
gather_facts: false
hosts:
- openvswitch
- '&enable_openvswitch_True_enable_ovs_dpdk_True'
- "&enable_openvswitch_True_enable_ovs_dpdk_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ ovs_dpdk_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: ovs-dpdk,
tags: ovs-dpdk,
when: "(enable_openvswitch | bool) and (enable_ovs_dpdk | bool)"}
- { role: ovs-dpdk, tags: ovs-dpdk, when: "(enable_openvswitch | bool) and (enable_ovs_dpdk | bool)" }
- name: Apply role ovn-controller
gather_facts: false
hosts:
- ovn-controller
- '&enable_ovn_True'
- "&enable_ovn_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ ovn_controller_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: ovn-controller,
tags: [ovn, ovn-controller] }
- { role: ovn-controller, tags: [ovn, ovn-controller] }
- name: Apply role ovn-db
gather_facts: false
@@ -672,15 +648,14 @@
- ovn-nb-db
- ovn-northd
- ovn-sb-db
- '&enable_ovn_True'
- "&enable_ovn_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ ovn_db_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: ovn-db,
tags: [ovn, ovn-db] }
- { role: ovn-db, tags: [ovn, ovn-db] }
# Nova deployment is more complicated than other services, so is covered in its
# own playbook.
@@ -700,44 +675,41 @@
- neutron-infoblox-ipam-agent
- compute
- manila-share
- '&enable_neutron_True'
- "&enable_neutron_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ neutron_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: neutron,
tags: neutron }
- { role: neutron, tags: neutron }
- name: Apply role kuryr
gather_facts: false
hosts:
- compute
- '&enable_kuryr_True'
- "&enable_kuryr_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ kuryr_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: kuryr,
tags: kuryr }
- { role: kuryr, tags: kuryr }
- name: Apply role hacluster
gather_facts: false
hosts:
- hacluster
- hacluster-remote
- '&enable_hacluster_True'
- "&enable_hacluster_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ hacluster_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: hacluster,
tags: hacluster }
- { role: hacluster, tags: hacluster }
- name: Apply role heat
gather_facts: false
@@ -745,44 +717,41 @@
- heat-api
- heat-api-cfn
- heat-engine
- '&enable_heat_True'
- "&enable_heat_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ heat_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: heat,
tags: heat }
- { role: heat, tags: heat }
- name: Apply role horizon
gather_facts: false
hosts:
- horizon
- '&enable_horizon_True'
- "&enable_horizon_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ horizon_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: horizon,
tags: horizon }
- { role: horizon, tags: horizon }
- name: Apply role magnum
gather_facts: false
hosts:
- magnum-api
- magnum-conductor
- '&enable_magnum_True'
- "&enable_magnum_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ magnum_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: magnum,
tags: magnum }
- { role: magnum, tags: magnum }
- name: Apply role mistral
gather_facts: false
@@ -791,15 +760,14 @@
- mistral-engine
- mistral-executor
- mistral-event-engine
- '&enable_mistral_True'
- "&enable_mistral_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ mistral_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: mistral,
tags: mistral }
- { role: mistral, tags: mistral }
- name: Apply role manila
gather_facts: false
@@ -808,15 +776,14 @@
- manila-data
- manila-share
- manila-scheduler
- '&enable_manila_True'
- "&enable_manila_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ manila_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: manila,
tags: manila }
- { role: manila, tags: manila }
- name: Apply role gnocchi
gather_facts: false
@@ -824,15 +791,14 @@
- gnocchi-api
- gnocchi-metricd
- gnocchi-statsd
- '&enable_gnocchi_True'
- "&enable_gnocchi_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ gnocchi_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: gnocchi,
tags: gnocchi }
- { role: gnocchi, tags: gnocchi }
- name: Apply role ceilometer
gather_facts: false
@@ -841,15 +807,14 @@
- ceilometer-notification
- ceilometer-compute
- ceilometer-ipmi
- '&enable_ceilometer_True'
- "&enable_ceilometer_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ ceilometer_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: ceilometer,
tags: ceilometer }
- { role: ceilometer, tags: ceilometer }
- name: Apply role aodh
gather_facts: false
@@ -858,15 +823,14 @@
- aodh-evaluator
- aodh-listener
- aodh-notifier
- '&enable_aodh_True'
- "&enable_aodh_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ aodh_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: aodh,
tags: aodh }
- { role: aodh, tags: aodh }
- name: Apply role barbican
gather_facts: false
@@ -874,15 +838,14 @@
- barbican-api
- barbican-keystone-listener
- barbican-worker
- '&enable_barbican_True'
- "&enable_barbican_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ barbican_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: barbican,
tags: barbican }
- { role: barbican, tags: barbican }
- name: Apply role cyborg
gather_facts: false
@@ -890,15 +853,14 @@
- cyborg-api
- cyborg-agent
- cyborg-conductor
- '&enable_cyborg_True'
- "&enable_cyborg_True"
serial: '{{ serial|default("0") }}'
max_fail_percentage: >-
{{ cyborg_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: cyborg,
tags: cyborg }
- { role: cyborg, tags: cyborg }
- name: Apply role designate
gather_facts: false
@@ -910,15 +872,14 @@
- designate-worker
- designate-sink
- designate-backend-bind9
- '&enable_designate_True'
- "&enable_designate_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ designate_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: designate,
tags: designate }
- { role: designate, tags: designate }
- name: Apply role trove
gather_facts: false
@@ -926,15 +887,14 @@
- trove-api
- trove-conductor
- trove-taskmanager
- '&enable_trove_True'
- "&enable_trove_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ trove_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: trove,
tags: trove }
- { role: trove, tags: trove }
- name: Apply role watcher
gather_facts: false
@@ -942,59 +902,55 @@
- watcher-api
- watcher-engine
- watcher-applier
- '&enable_watcher_True'
- "&enable_watcher_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ watcher_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: watcher,
tags: watcher }
- { role: watcher, tags: watcher }
- name: Apply role grafana
gather_facts: false
hosts:
- grafana
- '&enable_grafana_True'
- "&enable_grafana_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ grafana_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: grafana,
tags: grafana }
- { role: grafana, tags: grafana }
- name: Apply role cloudkitty
gather_facts: false
hosts:
- cloudkitty-api
- cloudkitty-processor
- '&enable_cloudkitty_True'
- "&enable_cloudkitty_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ cloudkitty_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: cloudkitty,
tags: cloudkitty }
- { role: cloudkitty, tags: cloudkitty }
- name: Apply role tacker
gather_facts: false
hosts:
- tacker-server
- tacker-conductor
- '&enable_tacker_True'
- "&enable_tacker_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ tacker_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: tacker,
tags: tacker }
- { role: tacker, tags: tacker }
- name: Apply role octavia
gather_facts: false
@@ -1003,15 +959,14 @@
- octavia-health-manager
- octavia-housekeeping
- octavia-worker
- '&enable_octavia_True'
- "&enable_octavia_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ octavia_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: octavia,
tags: octavia }
- { role: octavia, tags: octavia }
- name: Apply role zun
gather_facts: false
@@ -1020,30 +975,28 @@
- zun-wsproxy
- zun-compute
- zun-cni-daemon
- '&enable_zun_True'
- "&enable_zun_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ zun_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: zun,
tags: zun }
- { role: zun, tags: zun }
- name: Apply role blazar
gather_facts: false
hosts:
- blazar-api
- blazar-manager
- '&enable_blazar_True'
- "&enable_blazar_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ blazar_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: blazar,
tags: blazar }
- { role: blazar, tags: blazar }
- name: Apply role masakari
gather_facts: false
@@ -1052,26 +1005,24 @@
- masakari-engine
- masakari-hostmonitor
- masakari-instancemonitor
- '&enable_masakari_True'
- "&enable_masakari_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ masakari_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: masakari,
tags: masakari }
- { role: masakari, tags: masakari }
- name: Apply role skyline
gather_facts: false
hosts:
- skyline
- '&enable_skyline_True'
- "&enable_skyline_True"
serial: '{{ kolla_serial|default("0") }}'
max_fail_percentage: >-
{{ skyline_max_fail_percentage |
default(kolla_max_fail_percentage) |
default(100) }}
roles:
- { role: skyline,
tags: skyline }
- { role: skyline, tags: skyline }

260
etc/kolla/globals.yml
View File

@@ -6,7 +6,7 @@
# the parameter and change its value.
# Dummy variable to allow Ansible to accept this file.
workaround_ansible_issue_8743: yes
workaround_ansible_issue_8743: true
###################
# Ansible options
@@ -99,7 +99,7 @@ workaround_ansible_issue_8743: yes
# Custom docker registry settings:
#docker_registry:
# Please read the docs carefully before applying docker_registry_insecure.
#docker_registry_insecure: "no"
#docker_registry_insecure: false
#docker_registry_username:
# docker_registry_password is set in the passwords.yml file.
@@ -109,15 +109,15 @@ workaround_ansible_issue_8743: yes
# Docker client timeout in seconds.
#docker_client_timeout: 120
#docker_configure_for_zun: "no"
#containerd_configure_for_zun: "no"
#docker_configure_for_zun: false
#containerd_configure_for_zun: false
#containerd_grpc_gid: 42463
###################
# Messaging options
###################
# Whether to enable TLS for oslo.messaging communication with RabbitMQ.
#om_enable_rabbitmq_tls: "{{ rabbitmq_enable_tls | bool }}"
# om_enable_rabbitmq_tls: "{{ rabbitmq_enable_tls | bool }}"
# CA certificate bundle in containers using oslo.messaging with RabbitMQ TLS.
#om_rabbitmq_cacert: "{{ rabbitmq_cacert }}"
@@ -168,18 +168,18 @@ workaround_ansible_issue_8743: yes
# Configure Neutron upgrade option, currently Kolla support
# two upgrade ways for Neutron: legacy_upgrade and rolling_upgrade
# The variable "neutron_enable_rolling_upgrade: yes" is meaning rolling_upgrade
# The variable "neutron_enable_rolling_upgrade: true" is meaning rolling_upgrade
# were enabled and opposite
# Neutron rolling upgrade were enable by default
#neutron_enable_rolling_upgrade: "yes"
#neutron_enable_rolling_upgrade: true
# Enable wrapper containers to keep Neutron agent restarts isolated from the main service containers
#neutron_agents_wrappers: "yes"
#neutron_agents_wrappers: true
# Configure neutron logging framework to log ingress/egress connections to instances
# for security groups rules. More information can be found here:
# https://docs.openstack.org/neutron/latest/admin/config-logging.html
#enable_neutron_packet_logging: "no"
#enable_neutron_packet_logging: false
####################
# keepalived options
@@ -215,7 +215,7 @@ workaround_ansible_issue_8743: yes
#####################
# Healthcheck options
#####################
#enable_container_healthchecks: "yes"
#enable_container_healthchecks: true
# Healthcheck options for Docker containers
# interval/timeout/start_period are in seconds
#default_container_healthcheck_interval: 30
@@ -229,9 +229,9 @@ workaround_ansible_issue_8743: yes
# Configures firewalld on both ubuntu and centos systems
# for enabled services.
# firewalld should be installed beforehand.
# disable_firewall: "true"
# enable_external_api_firewalld: "false"
# external_api_firewalld_zone: "public"
#disable_firewall: "true"
#enable_external_api_firewalld: "false"
#external_api_firewalld_zone: "public"
#############
# TLS options
@@ -239,16 +239,16 @@ workaround_ansible_issue_8743: yes
# To provide encryption and authentication on the kolla_external_vip_interface,
# TLS can be enabled. When TLS is enabled, certificates must be provided to
# allow clients to perform authentication.
#kolla_enable_tls_internal: "no"
#kolla_enable_tls_internal: false
#kolla_enable_tls_external: "{{ kolla_enable_tls_internal if kolla_same_external_internal_vip | bool else 'no' }}"
#kolla_certificates_dir: "{{ node_config }}/certificates"
#kolla_external_fqdn_cert: "{{ kolla_certificates_dir }}/haproxy.pem"
#kolla_internal_fqdn_cert: "{{ kolla_certificates_dir }}/haproxy-internal.pem"
#kolla_admin_openrc_cacert: ""
#kolla_copy_ca_into_containers: "no"
#kolla_copy_ca_into_containers: false
#haproxy_backend_cacert: "{{ 'ca-certificates.crt' if kolla_base_distro in ['debian', 'ubuntu'] else 'ca-bundle.trust.crt' }}"
#haproxy_backend_cacert_dir: "/etc/ssl/certs"
#database_enable_tls_backend: "{{ 'yes' if kolla_enable_tls_backend | bool and enable_proxysql | bool else 'no' }}"
#database_enable_tls_backend: "{{ 'true' if kolla_enable_tls_backend | bool and enable_proxysql | bool else 'false' }}"
##################
# Backend options
##################
@@ -258,8 +258,8 @@ workaround_ansible_issue_8743: yes
#####################
# Backend TLS options
#####################
#kolla_enable_tls_backend: "no"
#kolla_verify_tls_backend: "yes"
#kolla_enable_tls_backend: false
#kolla_verify_tls_backend: true
#kolla_tls_backend_cert: "{{ kolla_certificates_dir }}/backend-cert.pem"
#kolla_tls_backend_key: "{{ kolla_certificates_dir }}/backend-key.pem"
@@ -286,13 +286,13 @@ workaround_ansible_issue_8743: yes
# LetsEncrypt certificate server options
####################
#letsencrypt_cert_server: "https://acme-v02.api.letsencrypt.org/directory"
# attempt to renew Let's Encrypt certificate every 12 hours
# Attempt to renew Let's Encrypt certificate every 12 hours
#letsencrypt_cron_renew_schedule: "0 */12 * * *"
####################
# LetsEncrypt external account binding options
####################
#letsencrypt_external_account_binding: "no"
#letsencrypt_external_account_binding: false
#letsencrypt_eab_hmac: ""
#letsencrypt_eab_key_id: ""
@@ -315,53 +315,53 @@ workaround_ansible_issue_8743: yes
# Enable core OpenStack services. This includes:
# glance, keystone, neutron, nova, heat, and horizon.
#enable_openstack_core: "yes"
#enable_openstack_core: true
# These roles are required for Kolla to be operation, however a savvy deployer
# could disable some of these required roles and run their own services.
#enable_glance: "{{ enable_openstack_core | bool }}"
#enable_hacluster: "no"
#enable_haproxy: "yes"
#enable_hacluster: false
#enable_haproxy: true
#enable_keepalived: "{{ enable_haproxy | bool }}"
#enable_keystone: "{{ enable_openstack_core | bool }}"
#enable_mariadb: "yes"
#enable_memcached: "yes"
#enable_mariadb: true
#enable_memcached: true
#enable_neutron: "{{ enable_openstack_core | bool }}"
#enable_nova: "{{ enable_openstack_core | bool }}"
#enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}"
#enable_rabbitmq: "{{ 'true' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'false' }}"
# OpenStack services can be enabled or disabled with these options
#enable_aodh: "no"
#enable_barbican: "no"
#enable_blazar: "no"
#enable_ceilometer: "no"
#enable_ceilometer_ipmi: "no"
#enable_cells: "no"
#enable_central_logging: "no"
#enable_ceph_rgw: "no"
#enable_aodh: false
#enable_barbican: false
#enable_blazar: false
#enable_ceilometer: false
#enable_ceilometer_ipmi: false
#enable_cells: false
#enable_central_logging: false
#enable_ceph_rgw: false
#enable_ceph_rgw_loadbalancer: "{{ enable_ceph_rgw | bool }}"
#enable_cinder: "no"
#enable_cinder_backup: "yes"
#enable_cinder: false
#enable_cinder_backup: true
#enable_cinder_backend_iscsi: "{{ enable_cinder_backend_lvm | bool }}"
#enable_cinder_backend_lvm: "no"
#enable_cinder_backend_nfs: "no"
#enable_cinder_backend_quobyte: "no"
#enable_cinder_backend_pure_iscsi: "no"
#enable_cinder_backend_pure_fc: "no"
#enable_cinder_backend_pure_roce: "no"
#enable_cinder_backend_pure_nvme_tcp: "no"
#enable_cinder_backend_lightbits: "no"
#enable_cloudkitty: "no"
#enable_collectd: "no"
#enable_cyborg: "no"
#enable_designate: "no"
#enable_destroy_images: "no"
#enable_etcd: "no"
#enable_fluentd: "yes"
#enable_cinder_backend_lvm: false
#enable_cinder_backend_nfs: false
#enable_cinder_backend_quobyte: false
#enable_cinder_backend_pure_iscsi: false
#enable_cinder_backend_pure_fc: false
#enable_cinder_backend_pure_roce: false
#enable_cinder_backend_pure_nvme_tcp: false
#enable_cinder_backend_lightbits: false
#enable_cloudkitty: false
#enable_collectd: false
#enable_cyborg: false
#enable_designate: false
#enable_destroy_images: false
#enable_etcd: false
#enable_fluentd: true
#enable_fluentd_systemd: "{{ (enable_fluentd | bool) and (enable_central_logging | bool) }}"
#enable_gnocchi: "no"
#enable_gnocchi_statsd: "no"
#enable_grafana: "no"
#enable_gnocchi: false
#enable_gnocchi_statsd: false
#enable_grafana: false
#enable_grafana_external: "{{ enable_grafana | bool }}"
#enable_heat: "{{ enable_openstack_core | bool }}"
#enable_horizon: "{{ enable_openstack_core | bool }}"
@@ -382,41 +382,41 @@ workaround_ansible_issue_8743: yes
#enable_horizon_watcher: "{{ enable_watcher | bool }}"
#enable_horizon_zun: "{{ enable_zun | bool }}"
#enable_influxdb: "{{ enable_cloudkitty | bool and cloudkitty_storage_backend == 'influxdb' }}"
#enable_ironic: "no"
#enable_ironic_neutron_agent: "no"
#enable_ironic: false
#enable_ironic_neutron_agent: false
#enable_ironic_prometheus_exporter: "{{ enable_ironic | bool and enable_prometheus | bool }}"
#enable_ironic_pxe_filter: "no"
#enable_ironic_pxe_filter: false
#enable_iscsid: "{{ enable_cinder | bool and enable_cinder_backend_iscsi | bool }}"
#enable_kuryr: "no"
#enable_magnum: "no"
#enable_manila: "no"
#enable_manila_backend_generic: "no"
#enable_manila_backend_hnas: "no"
#enable_manila_backend_cephfs_native: "no"
#enable_manila_backend_cephfs_nfs: "no"
#enable_manila_backend_glusterfs_nfs: "no"
#enable_manila_backend_flashblade: "no"
#enable_mariabackup: "no"
#enable_masakari: "no"
#enable_mistral: "no"
#enable_multipathd: "no"
#enable_neutron_vpnaas: "no"
#enable_neutron_sriov: "no"
#enable_neutron_dvr: "no"
#enable_neutron_fwaas: "no"
#enable_neutron_qos: "no"
#enable_neutron_agent_ha: "no"
#enable_neutron_bgp_dragent: "no"
#enable_neutron_provider_networks: "no"
#enable_neutron_segments: "no"
#enable_neutron_sfc: "no"
#enable_neutron_trunk: "no"
#enable_neutron_metering: "no"
#enable_neutron_infoblox_ipam_agent: "no"
#enable_neutron_port_forwarding: "no"
#enable_nova_serialconsole_proxy: "no"
#enable_nova_ssh: "yes"
#enable_octavia: "no"
#enable_kuryr: false
#enable_magnum: false
#enable_manila: false
#enable_manila_backend_generic: false
#enable_manila_backend_hnas: false
#enable_manila_backend_cephfs_native: false
#enable_manila_backend_cephfs_nfs: false
#enable_manila_backend_glusterfs_nfs: false
#enable_manila_backend_flashblade: false
#enable_mariabackup: false
#enable_masakari: false
#enable_mistral: false
#enable_multipathd: false
#enable_neutron_vpnaas: false
#enable_neutron_sriov: false
#enable_neutron_dvr: false
#enable_neutron_fwaas: false
#enable_neutron_qos: false
#enable_neutron_agent_ha: false
#enable_neutron_bgp_dragent: false
#enable_neutron_provider_networks: false
#enable_neutron_segments: false
#enable_neutron_sfc: false
#enable_neutron_trunk: false
#enable_neutron_metering: false
#enable_neutron_infoblox_ipam_agent: false
#enable_neutron_port_forwarding: false
#enable_nova_serialconsole_proxy: false
#enable_nova_ssh: true
#enable_octavia: false
#enable_octavia_driver_agent: "{{ enable_octavia | bool and neutron_plugin_agent == 'ovn' }}"
#enable_octavia_jobboard: "{{ enable_octavia | bool and 'amphora' in octavia_provider_drivers }}"
#enable_opensearch: "{{ enable_central_logging | bool or enable_osprofiler | bool or (enable_cloudkitty | bool and cloudkitty_storage_backend == 'opensearch') }}"
@@ -424,19 +424,19 @@ workaround_ansible_issue_8743: yes
#enable_opensearch_dashboards_external: "{{ enable_opensearch_dashboards | bool }}"
#enable_openvswitch: "{{ enable_neutron }}"
#enable_ovn: "{{ enable_neutron | bool and neutron_plugin_agent == 'ovn' }}"
#enable_ovs_dpdk: "no"
#enable_osprofiler: "no"
#enable_ovs_dpdk: false
#enable_osprofiler: false
#enable_placement: "{{ enable_nova | bool or enable_zun | bool }}"
#enable_prometheus: "no"
#enable_proxysql: "yes"
#enable_valkey: "no"
#enable_skyline: "no"
#enable_tacker: "no"
#enable_telegraf: "no"
#enable_trove: "no"
#enable_trove_singletenant: "no"
#enable_watcher: "no"
#enable_zun: "no"
#enable_prometheus: false
#enable_proxysql: true
#enable_valkey: false
#enable_skyline: false
#enable_tacker: false
#enable_telegraf: false
#enable_trove: false
#enable_trove_singletenant: false
#enable_watcher: false
#enable_zun: false
#############
# S3 options
@@ -462,7 +462,7 @@ workaround_ansible_issue_8743: yes
# and not to busy wait (+sbwt none +sbwtdcpu none +sbwtdio none):
#rabbitmq_server_additional_erl_args: "+S 2:2 +sbwt none +sbwtdcpu none +sbwtdio none"
# Whether to enable TLS encryption for RabbitMQ client-server communication.
#rabbitmq_enable_tls: "no"
#rabbitmq_enable_tls: false
# CA certificate bundle in RabbitMQ container.
#rabbitmq_cacert: "/etc/ssl/certs/{{ 'ca-certificates.crt' if kolla_base_distro in ['debian', 'ubuntu'] else 'ca-bundle.trust.crt' }}"
@@ -476,7 +476,7 @@ workaround_ansible_issue_8743: yes
# External Ceph options
#######################
# External Ceph - cephx auth enabled (this is the standard nowadays, defaults to yes)
#external_ceph_cephx_enabled: "yes"
#external_ceph_cephx_enabled: true
# Glance
#ceph_glance_user: "glance"
@@ -518,16 +518,16 @@ workaround_ansible_issue_8743: yes
# Glance - Image Options
########################
# Configure image backend.
#glance_backend_ceph: "no"
#glance_backend_file: "yes"
#glance_backend_s3: "no"
#enable_glance_image_cache: "no"
#glance_enable_property_protection: "no"
#glance_enable_interoperable_image_import: "no"
#glance_backend_ceph: false
#glance_backend_file: true
#glance_backend_s3: false
#enable_glance_image_cache: false
#glance_enable_property_protection: false
#glance_enable_interoperable_image_import: false
# Configure glance upgrade option.
# Due to this feature being experimental in glance,
# the default value is "no".
#glance_enable_rolling_upgrade: "no"
# the default value is false.
#glance_enable_rolling_upgrade: false
####################
# Glance S3 Backend
@@ -563,7 +563,7 @@ workaround_ansible_issue_8743: yes
# Cinder - Block Storage Options
################################
# Enable / disable Cinder backends
#cinder_backend_ceph: "no"
#cinder_backend_ceph: false
#cinder_volume_group: "cinder-volumes"
# Valid options are [ '', valkey, etcd ]
#cinder_coordination_backend: "{{ 'valkey' if enable_valkey | bool else 'etcd' if enable_etcd | bool else '' }}"
@@ -604,7 +604,7 @@ workaround_ansible_issue_8743: yes
########################
# Nova - Compute Options
########################
#nova_backend_ceph: "no"
#nova_backend_ceph: false
# Valid options are [ qemu, kvm ]
#nova_compute_virt_type: "kvm"
@@ -614,10 +614,10 @@ workaround_ansible_issue_8743: yes
# The "nova_safety_upgrade" controls whether the nova services
# are all stopped before rolling upgrade to the new version,
# for the safety and availability. If "nova_safety_upgrade" is "yes",
# for the safety and availability. If "nova_safety_upgrade" is true,
# that will stop all nova services (except nova-compute) for no failed
# API operations before upgrade to the new version. And opposite.
#nova_safety_upgrade: "no"
#nova_safety_upgrade: false
# Valid options are [ none, novnc, spice ]
#nova_console: "novnc"
@@ -626,10 +626,10 @@ workaround_ansible_issue_8743: yes
# Neutron - networking options
##############################
# Enable distributed floating ip for OVN deployments
#neutron_ovn_distributed_fip: "no"
#neutron_ovn_distributed_fip: false
# Enable DHCP agent(s) to use with OVN
#neutron_ovn_dhcp_agent: "no"
#neutron_ovn_dhcp_agent: false
#############################
# Horizon - Dashboard Options
@@ -645,7 +645,7 @@ workaround_ansible_issue_8743: yes
# list of ranges - at least one must be configured, for example:
# - range: 192.168.0.10,192.168.0.100
# See Kolla Ansible docs on Ironic for details.
#ironic_dnsmasq_dhcp_ranges:
# ironic_dnsmasq_dhcp_ranges:
# PXE bootloader file for Ironic inspection, relative to /var/lib/ironic/tftpboot.
#ironic_dnsmasq_boot_file: "pxelinux.0"
@@ -654,7 +654,7 @@ workaround_ansible_issue_8743: yes
# The variable "ironic_enable_rolling_upgrade: yes" is meaning rolling_upgrade
# were enabled and opposite
# Rolling upgrade were enable by default
#ironic_enable_rolling_upgrade: "yes"
#ironic_enable_rolling_upgrade: true
# List of extra kernel parameters passed to the kernel used during inspection
#ironic_kernel_cmdline_extras: []
@@ -726,7 +726,7 @@ workaround_ansible_issue_8743: yes
#enable_prometheus_memcached_exporter: "{{ enable_prometheus | bool }}"
#enable_prometheus_alertmanager: "{{ enable_prometheus | bool }}"
#enable_prometheus_alertmanager_external: "{{ enable_prometheus_alertmanager | bool }}"
#enable_prometheus_ceph_mgr_exporter: "no"
#enable_prometheus_ceph_mgr_exporter: false
#enable_prometheus_openstack_exporter: "{{ enable_prometheus | bool }}"
#enable_prometheus_elasticsearch_exporter: "{{ enable_prometheus | bool and enable_elasticsearch | bool }}"
#enable_prometheus_blackbox_exporter: "{{ enable_prometheus | bool }}"
@@ -765,7 +765,7 @@ workaround_ansible_issue_8743: yes
##########
# Configure telegraf to use the docker daemon itself as an input for
# telemetry data.
#telegraf_enable_docker_input: "no"
#telegraf_enable_docker_input: false
##########################################
# Octavia - openstack loadbalancer Options
@@ -795,16 +795,16 @@ workaround_ansible_issue_8743: yes
# Octavia security groups. lb-mgmt-sec-grp is for amphorae.
#octavia_amp_security_groups:
# mgmt-sec-grp:
# name: "lb-mgmt-sec-grp"
# rules:
# - protocol: icmp
# - protocol: tcp
# src_port: 22
# dst_port: 22
# - protocol: tcp
# src_port: "{{ octavia_amp_listen_port }}"
# dst_port: "{{ octavia_amp_listen_port }}"
# mgmt-sec-grp:
# name: "lb-mgmt-sec-grp"
# rules:
# - protocol: icmp
# - protocol: tcp
# src_port: 22
# dst_port: 22
# - protocol: tcp
# src_port: "{{ octavia_amp_listen_port }}"
# dst_port: "{{ octavia_amp_listen_port }}"
# Octavia management network.
# See os_network and os_subnet for details. Supported parameters:
@@ -862,4 +862,4 @@ workaround_ansible_issue_8743: yes
##############
# If `etcd_remove_deleted_members` is enabled, Kolla Ansible will automatically
# remove etcd members from the cluster that are no longer in the inventory.
#etcd_remove_deleted_members: "no"
#etcd_remove_deleted_members: false

2
tools/setup-compute-libvirt.yml
View File

@@ -18,7 +18,7 @@
- name: Enable/start systemd artifacts
systemd:
enabled: yes
enabled: true
state: started
name: "{{ item }}"
with_items: "{{ systemd_artifacts }}"