--- {% if ansible_os_family == 'Debian' or ansible_facts.distribution == "openEuler" %} # Force the use of python3 on Debian, Ubuntu and openEuler remote hosts. These distros # typically have an unversioned Python interpreter which links to python2.7. ansible_python_interpreter: /usr/bin/python3 {% endif %} # NOTE(yoctozepto): In CI it makes sense to always try to fail # as early as possible. kolla_ansible_setup_any_errors_fatal: true kolla_base_distro: "{{ base_distro }}" network_interface: "{{ api_interface_name }}" network_address_family: "{{ address_family }}" kolla_container_engine: "{{ container_engine }}" docker_restart_policy: "no" {% if container_engine == 'podman' %} podman_debug: true podman_registry_mirrors: - {{ infra_dockerhub_mirror }} podman_sdk_pip_packages: - "podman>=4.7.0" - rich {% if need_build_image and is_previous_release %} podman_registry: "primary:4000" podman_registry_insecure: true {% endif %} {% else %} docker_debug: true docker_registry_mirrors: - {{ infra_dockerhub_mirror }} # NOTE(bbezak): In Kolla CI K-A upgrade job needs following override # as docker_registry var is being used both for docker daemon config # - for kolla images build, and kolla-ansible container images sources. # docker_custom_config gets precedence in docker daemon configuration. {% if need_build_image and is_previous_release %} docker_custom_config: insecure-registries: - primary:4000 {% endif %} {% if ansible_facts.distribution == "openEuler" %} docker_custom_config: exec-opts: ["native.umask=normal"] {% endif %} {% endif %} {% if kolla_python_version is defined and not is_previous_release %} distro_python_version: "{{ kolla_python_version }}" {% endif %} # MariaDB/Galera - fine tune gmcast.peer_timeout mariadb_wsrep_extra_provider_options: - "gmcast.peer_timeout=PT15S" nova_compute_virt_type: "{{ virt_type }}" enable_openstack_core: "{{ openstack_core_enabled }}" enable_horizon: "{{ dashboard_enabled }}" enable_heat: "{{ openstack_core_tested }}" {% if scenario != 'bifrost' %} kolla_internal_vip_address: "{{ kolla_internal_vip_address }}" neutron_external_interface: "{{ neutron_external_interface_name }}" openstack_logging_debug: "True" nova_libvirt_logging_debug: "False" openstack_service_workers: "1" openstack_service_rpc_workers: "1" {% endif %} {% if need_build_image and not is_previous_release %} # NOTE(Jeffrey4l): use different a docker namespace name in case it pull image from hub.docker.io when deplying docker_namespace: "lokolla" # NOTE(yoctozepto): use hostname or FQDN to be compatible between IPv4 and IPv6 # docker does not support referencing registry via an IPv6 address # see: https://github.com/moby/moby/issues/39033 docker_registry: "primary:4000" docker_registry_insecure: yes {% if container_engine == 'podman' %} podman_registry: "primary:4000" podman_registry_insecure: yes {% endif %} openstack_tag: "{{ build_image_tag }}" {% else %} # use the published images from a site mirror of quay.io docker_registry: "{{ zuul_site_mirror_fqdn }}:4447" docker_registry_insecure: no {% if container_engine == 'podman' %} podman_registry: "{{ zuul_site_mirror_fqdn }}:4447" podman_registry_insecure: no {% endif %} docker_namespace: openstack.kolla {% if docker_image_tag_suffix %} openstack_tag_suffix: "{{ docker_image_tag_suffix }}" {% endif %} {% endif %} {% if scenario == "zun" %} enable_zun: "yes" enable_kuryr: "yes" enable_etcd: "yes" etcd_remove_deleted_members: "yes" docker_configure_for_zun: "yes" containerd_configure_for_zun: "yes" enable_cinder: "yes" # lvm backup driver for cinder-backup does not exist enable_cinder_backup: "no" enable_cinder_backend_lvm: "yes" # pin Docker to 20 - https://bugs.launchpad.net/zun/+bug/2007142 docker_apt_package_pin: "5:20.*" docker_yum_package_pin: "20.*" {% endif %} {% if scenario == "swift" %} enable_swift: "yes" {% endif %} {% if scenario == "scenario_nfv" %} enable_tacker: "yes" enable_neutron_sfc: "yes" enable_mistral: "yes" enable_redis: "yes" enable_barbican: "yes" enable_heat: "yes" # NOTE(yoctozepto): see https://bugs.launchpad.net/kolla-ansible/+bug/1906299 enable_aodh: "yes" {% endif %} {% if scenario == "ironic" %} enable_ironic: "yes" ironic_dnsmasq_dhcp_ranges: - range: "10.42.0.2,10.42.0.254,255.255.255.0" {% endif %} {% if scenario == "masakari" %} enable_masakari: "yes" {% endif %} {% if scenario == "cells" %} enable_cells: "yes" enable_proxysql: "yes" {% endif %} {% if scenario == "mariadb" %} enable_fluentd: "yes" enable_mariadb: "yes" enable_memcached: "no" enable_rabbitmq: "no" {% endif %} {% if scenario == "cephadm" %} # kolla-ansible vars enable_cinder: "yes" # External Ceph glance_backend_ceph: "yes" cinder_backend_ceph: "yes" nova_backend_ceph: "yes" # Redis for coordination enable_redis: "yes" enable_ceph_rgw: "yes" ceph_rgw_hosts: {% for host in hostvars %} - host: {{ host }} ip: {{ hostvars[host]['ansible_host'] }} port: 6780 {% endfor %} {% endif %} {% if tls_enabled %} kolla_enable_tls_external: "yes" kolla_enable_tls_internal: "yes" kolla_copy_ca_into_containers: "yes" kolla_enable_tls_backend: "yes" {% if base_distro in ["debian", "ubuntu"] %} openstack_cacert: "/etc/ssl/certs/ca-certificates.crt" {% endif %} {% if base_distro in ["centos", "rocky"] %} openstack_cacert: "/etc/pki/tls/certs/ca-bundle.crt" {% endif %} kolla_admin_openrc_cacert: "{% raw %}{{ kolla_certificates_dir }}{% endraw %}/ca/root.crt" rabbitmq_enable_tls: "yes" libvirt_tls: "yes" {% endif %} {% if scenario == "ovn" %} neutron_plugin_agent: "ovn" neutron_ovn_distributed_fip: "yes" neutron_enable_ovn_agent: "yes" enable_octavia: "yes" octavia_provider_drivers: "ovn:OVN provider" octavia_provider_agents: "ovn" enable_redis: "yes" {% endif %} {% if scenario == "prometheus-opensearch" %} enable_central_logging: "yes" enable_grafana: "yes" enable_prometheus: "yes" enable_prometheus_openstack_exporter: "no" {% endif %} {% if scenario == "magnum" %} enable_designate: "yes" designate_ns_record: - "ns.example.org" enable_magnum: "yes" enable_trove: "yes" neutron_dns_domain: "example.org." {% endif %} {% if scenario == "octavia" %} neutron_dns_integration: "yes" neutron_dns_domain: "example.org." enable_octavia: "yes" # NOTE(wuchunyang): work around for qemu-kvm 5.1 can not attach second NIC. # more: http://lists.openstack.org/pipermail/openstack-discuss/2021-February/020218.html octavia_amp_flavor: name: "amphora" is_public: no vcpus: 2 ram: 1024 disk: 5 octavia_network_type: "tenant" enable_redis: "yes" {% endif %} {% if scenario == "venus" %} enable_opensearch: "yes" enable_keystone: "yes" enable_venus: "yes" {% endif %} {% if groups['all'] | length == 1 %} keepalived_track_script_enabled: "no" {% endif %} neutron_modules_extra: - name: 'nf_conntrack_tftp' - name: 'nf_nat_tftp' {% if scenario == "haproxy" %} kolla_external_vip_address: "{{ kolla_external_vip_address }}" haproxy_single_external_frontend: "yes" glance_external_fqdn: "glance.external" horizon_external_fqdn: "horizon.external" keystone_external_fqdn: "keystone.external" neutron_external_fqdn: "neutron.external" nova_external_fqdn: "nova.external" nova_novncproxy_external_fqdn: "novncproxy.external" placement_external_fqdn: "placement.external" {% endif %} {% if scenario == "lets-encrypt" %} enable_letsencrypt: "yes" rabbitmq_enable_tls: "yes" letsencrypt_email: "usero@openstack.test" letsencrypt_cert_server: "https://pebble:14000/dir" kolla_internal_fqdn: "{{ kolla_internal_fqdn }}" kolla_enable_tls_backend: "no" kolla_admin_openrc_cacert: "{% raw %}{{ kolla_certificates_dir }}{% endraw %}/ca/pebble.crt" {% endif %} {% if scenario == "skyline" %} enable_skyline: "yes" {% endif %}