Ansible deployment of the Kolla containers
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1109 lines
38KB

  1. ---
  2. # The options in this file can be overridden in 'globals.yml'
  3. # The "temp" files that are created before merge need to stay persistent due
  4. # to the fact that ansible will register a "change" if it has to create them
  5. # again. Persistent files allow for idempotency
  6. container_config_directory: "/var/lib/kolla/config_files"
  7. # The directory on the deploy host containing globals.yml.
  8. node_config: "{{ CONFIG_DIR | default('/etc/kolla') }}"
  9. # The directory to merge custom config files the kolla's config files
  10. node_custom_config: "/etc/kolla/config"
  11. # The directory to store the config files on the destination node
  12. node_config_directory: "/etc/kolla"
  13. # The group which own node_config_directory, you can use a non-root
  14. # user to deploy kolla
  15. config_owner_user: "root"
  16. config_owner_group: "root"
  17. ###################
  18. # Kolla options
  19. ###################
  20. # Valid options are [ COPY_ONCE, COPY_ALWAYS ]
  21. config_strategy: "COPY_ALWAYS"
  22. # Valid options are ['centos', 'debian', 'rhel', 'ubuntu']
  23. kolla_base_distro: "centos"
  24. # Valid options are [ binary, source ]
  25. kolla_install_type: "binary"
  26. kolla_internal_vip_address: "{{ kolla_internal_address }}"
  27. kolla_internal_fqdn: "{{ kolla_internal_vip_address }}"
  28. kolla_external_vip_address: "{{ kolla_internal_vip_address }}"
  29. kolla_same_external_internal_vip: "{{ kolla_external_vip_address == kolla_internal_vip_address }}"
  30. kolla_external_fqdn: "{{ kolla_internal_fqdn if kolla_same_external_internal_vip | bool else kolla_external_vip_address }}"
  31. kolla_enable_sanity_checks: "no"
  32. kolla_enable_sanity_barbican: "{{ kolla_enable_sanity_checks }}"
  33. kolla_enable_sanity_keystone: "{{ kolla_enable_sanity_checks }}"
  34. kolla_enable_sanity_glance: "{{ kolla_enable_sanity_checks }}"
  35. kolla_enable_sanity_cinder: "{{ kolla_enable_sanity_checks }}"
  36. kolla_enable_sanity_swift: "{{ kolla_enable_sanity_checks }}"
  37. kolla_dev_repos_directory: "/opt/stack/"
  38. kolla_dev_repos_git: "https://opendev.org/openstack"
  39. kolla_dev_repos_pull: "no"
  40. kolla_dev_mode: "no"
  41. kolla_source_version: "master"
  42. # Proxy settings for containers such as magnum that need internet access
  43. container_http_proxy: ""
  44. container_https_proxy: ""
  45. container_no_proxy: "localhost,127.0.0.1"
  46. container_proxy:
  47. http_proxy: "{{ container_http_proxy }}"
  48. https_proxy: "{{ container_https_proxy }}"
  49. no_proxy: "{{ container_no_proxy }},{{ api_interface_address }},{{ kolla_internal_vip_address }}"
  50. # By default, Kolla API services bind to the network address assigned
  51. # to the api_interface. Allow the bind address to be an override.
  52. api_interface_address: "{{ 'api' | kolla_address }}"
  53. # This is used to get the ip corresponding to the storage_interface.
  54. storage_interface_address: "{{ 'storage' | kolla_address }}"
  55. ################
  56. # Chrony options
  57. ################
  58. # A list contains ntp servers
  59. external_ntp_servers:
  60. - 0.pool.ntp.org
  61. - 1.pool.ntp.org
  62. - 2.pool.ntp.org
  63. - 3.pool.ntp.org
  64. ####################
  65. # Database options
  66. ####################
  67. database_address: "{{ kolla_internal_fqdn }}"
  68. database_user: "root"
  69. database_port: "3306"
  70. ####################
  71. # Docker options
  72. ####################
  73. docker_registry_email:
  74. docker_registry:
  75. docker_namespace: "kolla"
  76. docker_registry_username:
  77. docker_registry_insecure: "{{ 'yes' if docker_registry else 'no' }}"
  78. docker_runtime_directory: ""
  79. # Docker client timeout in seconds.
  80. docker_client_timeout: 120
  81. # Retention settings for Docker logs
  82. docker_log_max_file: "5"
  83. docker_log_max_size: "50m"
  84. # Valid options are [ no, on-failure, always, unless-stopped ]
  85. docker_restart_policy: "unless-stopped"
  86. # '0' means unlimited retries (applies only to 'on-failure' policy)
  87. docker_restart_policy_retry: "10"
  88. # Extra docker options for Zun
  89. docker_configure_for_zun: "no"
  90. docker_zun_options: -H tcp://{{ api_interface_address | put_address_in_context('url') }}:2375
  91. docker_zun_config:
  92. cluster-store: etcd://{% for host in groups.get('etcd', []) %}{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ hostvars[host]['etcd_client_port'] }}{% if not loop.last %},{% endif %}{% endfor %}
  93. # Timeout after Docker sends SIGTERM before sending SIGKILL.
  94. docker_graceful_timeout: 60
  95. # Common options used throughout Docker
  96. docker_common_options:
  97. auth_email: "{{ docker_registry_email }}"
  98. auth_password: "{{ docker_registry_password }}"
  99. auth_registry: "{{ docker_registry }}"
  100. auth_username: "{{ docker_registry_username }}"
  101. environment:
  102. KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
  103. restart_policy: "{{ docker_restart_policy }}"
  104. restart_retries: "{{ docker_restart_policy_retry }}"
  105. graceful_timeout: "{{ docker_graceful_timeout }}"
  106. client_timeout: "{{ docker_client_timeout }}"
  107. ####################
  108. # Dimensions options
  109. ####################
  110. # Dimension options for Docker Containers
  111. default_container_dimensions: {}
  112. #######################
  113. # Extra volumes options
  114. #######################
  115. # Extra volumes for Docker Containers
  116. default_extra_volumes: []
  117. ####################
  118. # keepalived options
  119. ####################
  120. # Arbitrary unique number from 0..255
  121. keepalived_virtual_router_id: "51"
  122. #######################
  123. # Elasticsearch Options
  124. #######################
  125. es_heap_size: "1G"
  126. elasticsearch_datadir_volume: "elasticsearch"
  127. ###################
  128. # Messaging options
  129. ###################
  130. # oslo.messaging rpc transport valid options are [ rabbit, amqp ]
  131. om_rpc_transport: "rabbit"
  132. om_rpc_user: "{{ rabbitmq_user }}"
  133. om_rpc_password: "{{ rabbitmq_password }}"
  134. om_rpc_port: "{{ rabbitmq_port }}"
  135. om_rpc_group: "rabbitmq"
  136. om_rpc_vhost: "/"
  137. rpc_transport_url: "{{ om_rpc_transport }}://{% for host in groups[om_rpc_group] %}{{ om_rpc_user }}:{{ om_rpc_password }}@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ om_rpc_port }}{% if not loop.last %},{% endif %}{% endfor %}/{{ om_rpc_vhost }}"
  138. # oslo.messaging notify transport valid options are [ rabbit ]
  139. om_notify_transport: "rabbit"
  140. om_notify_user: "{{ rabbitmq_user }}"
  141. om_notify_password: "{{ rabbitmq_password }}"
  142. om_notify_port: "{{ rabbitmq_port }}"
  143. om_notify_group: "rabbitmq"
  144. om_notify_vhost: "/"
  145. notify_transport_url: "{{ om_notify_transport }}://{% for host in groups[om_notify_group] %}{{ om_notify_user }}:{{ om_notify_password }}@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ om_notify_port }}{% if not loop.last %},{% endif %}{% endfor %}/{{ om_notify_vhost }}"
  146. ####################
  147. # Networking options
  148. ####################
  149. network_interface: "eth0"
  150. neutron_external_interface: "eth1"
  151. kolla_external_vip_interface: "{{ network_interface }}"
  152. api_interface: "{{ network_interface }}"
  153. storage_interface: "{{ network_interface }}"
  154. cluster_interface: "{{ network_interface }}"
  155. swift_storage_interface: "{{ storage_interface }}"
  156. swift_replication_interface: "{{ swift_storage_interface }}"
  157. migration_interface: "{{ network_interface }}"
  158. tunnel_interface: "{{ network_interface }}"
  159. octavia_network_interface: "{{ api_interface }}"
  160. bifrost_network_interface: "{{ network_interface }}"
  161. dns_interface: "{{ network_interface }}"
  162. # Configure the address family (AF) per network.
  163. # Valid options are [ ipv4, ipv6 ]
  164. network_address_family: "ipv4"
  165. api_address_family: "{{ network_address_family }}"
  166. storage_address_family: "{{ network_address_family }}"
  167. cluster_address_family: "{{ network_address_family }}"
  168. swift_storage_address_family: "{{ storage_address_family }}"
  169. swift_replication_address_family: "{{ swift_storage_address_family }}"
  170. migration_address_family: "{{ network_address_family }}"
  171. tunnel_address_family: "{{ network_address_family }}"
  172. octavia_network_address_family: "{{ api_address_family }}"
  173. bifrost_network_address_family: "{{ network_address_family }}"
  174. dns_address_family: "{{ network_address_family }}"
  175. migration_interface_address: "{{ 'migration' | kolla_address }}"
  176. tunnel_interface_address: "{{ 'tunnel' | kolla_address }}"
  177. octavia_network_interface_address: "{{ 'octavia_network' | kolla_address }}"
  178. # Valid options are [ openvswitch, linuxbridge, vmware_nsxv, vmware_nsxv3, vmware_dvs ]
  179. neutron_plugin_agent: "openvswitch"
  180. # Valid options are [ internal, infoblox ]
  181. neutron_ipam_driver: "internal"
  182. # The default ports used by each service.
  183. # The list should be in alphabetical order
  184. aodh_internal_fqdn: "{{ kolla_internal_fqdn }}"
  185. aodh_external_fqdn: "{{ kolla_external_fqdn }}"
  186. aodh_api_port: "8042"
  187. aodh_api_listen_port: "{{ aodh_api_port }}"
  188. barbican_internal_fqdn: "{{ kolla_internal_fqdn }}"
  189. barbican_external_fqdn: "{{ kolla_external_fqdn }}"
  190. barbican_api_port: "9311"
  191. barbican_api_listen_port: "{{ barbican_api_port }}"
  192. blazar_api_port: "1234"
  193. cinder_internal_fqdn: "{{ kolla_internal_fqdn }}"
  194. cinder_external_fqdn: "{{ kolla_external_fqdn }}"
  195. cinder_api_port: "8776"
  196. cinder_api_listen_port: "{{ cinder_api_port }}"
  197. congress_api_port: "1789"
  198. cloudkitty_api_port: "8889"
  199. collectd_udp_port: "25826"
  200. cyborg_api_port: "6666"
  201. designate_internal_fqdn: "{{ kolla_internal_fqdn }}"
  202. designate_external_fqdn: "{{ kolla_external_fqdn }}"
  203. designate_api_port: "9001"
  204. designate_api_listen_port: "{{ designate_api_port }}"
  205. designate_bind_port: "53"
  206. designate_mdns_port: "{{ '53' if designate_backend == 'infoblox' else '5354' }}"
  207. designate_rndc_port: "953"
  208. elasticsearch_port: "9200"
  209. etcd_client_port: "2379"
  210. etcd_peer_port: "2380"
  211. fluentd_syslog_port: "5140"
  212. freezer_api_port: "9090"
  213. glance_internal_fqdn: "{{ kolla_internal_fqdn }}"
  214. glance_external_fqdn: "{{ kolla_external_fqdn }}"
  215. glance_api_port: "9292"
  216. glance_api_listen_port: "{{ glance_api_port }}"
  217. gnocchi_internal_fqdn: "{{ kolla_internal_fqdn }}"
  218. gnocchi_external_fqdn: "{{ kolla_external_fqdn }}"
  219. gnocchi_api_port: "8041"
  220. gnocchi_api_listen_port: "{{ gnocchi_api_port }}"
  221. grafana_server_port: "3000"
  222. haproxy_stats_port: "1984"
  223. haproxy_monitor_port: "61313"
  224. heat_internal_fqdn: "{{ kolla_internal_fqdn }}"
  225. heat_external_fqdn: "{{ kolla_external_fqdn }}"
  226. heat_api_port: "8004"
  227. heat_api_listen_port: "{{ heat_api_port }}"
  228. heat_cfn_internal_fqdn: "{{ kolla_internal_fqdn }}"
  229. heat_cfn_external_fqdn: "{{ kolla_external_fqdn }}"
  230. heat_api_cfn_port: "8000"
  231. heat_api_cfn_listen_port: "{{ heat_api_cfn_port }}"
  232. horizon_port: "80"
  233. horizon_listen_port: "{{ horizon_port }}"
  234. influxdb_http_port: "8086"
  235. ironic_internal_fqdn: "{{ kolla_internal_fqdn }}"
  236. ironic_external_fqdn: "{{ kolla_external_fqdn }}"
  237. ironic_api_port: "6385"
  238. ironic_api_listen_port: "{{ ironic_api_port }}"
  239. ironic_inspector_internal_fqdn: "{{ kolla_internal_fqdn }}"
  240. ironic_inspector_external_fqdn: "{{ kolla_external_fqdn }}"
  241. ironic_inspector_port: "5050"
  242. ironic_inspector_listen_port: "{{ ironic_inspector_port }}"
  243. ironic_ipxe_port: "8089"
  244. iscsi_port: "3260"
  245. kafka_port: "9092"
  246. karbor_api_port: "8799"
  247. keystone_public_port: "5000"
  248. keystone_public_listen_port: "{{ keystone_public_port }}"
  249. keystone_admin_port: "35357"
  250. keystone_admin_listen_port: "{{ keystone_admin_port }}"
  251. keystone_ssh_port: "8023"
  252. kibana_server_port: "5601"
  253. kuryr_port: "23750"
  254. magnum_api_port: "9511"
  255. manila_api_port: "8786"
  256. mariadb_port: "{{ database_port }}"
  257. mariadb_wsrep_port: "4567"
  258. mariadb_ist_port: "4568"
  259. mariadb_sst_port: "4444"
  260. masakari_api_port: "15868"
  261. memcached_port: "11211"
  262. mistral_api_port: "8989"
  263. monasca_api_port: "8070"
  264. monasca_log_api_port: "5607"
  265. monasca_agent_forwarder_port: "17123"
  266. monasca_agent_statsd_port: "8125"
  267. monasca_grafana_server_port: "3001"
  268. mongodb_port: "27017"
  269. mongodb_web_port: "28017"
  270. murano_api_port: "8082"
  271. neutron_internal_fqdn: "{{ kolla_internal_fqdn }}"
  272. neutron_external_fqdn: "{{ kolla_external_fqdn }}"
  273. neutron_server_port: "9696"
  274. neutron_server_listen_port: "{{ neutron_server_port }}"
  275. nova_internal_fqdn: "{{ kolla_internal_fqdn }}"
  276. nova_external_fqdn: "{{ kolla_external_fqdn }}"
  277. nova_api_port: "8774"
  278. nova_api_listen_port: "{{ nova_api_port }}"
  279. nova_metadata_port: "8775"
  280. nova_metadata_listen_port: "{{ nova_metadata_port }}"
  281. nova_novncproxy_fqdn: "{{ kolla_external_fqdn }}"
  282. nova_novncproxy_port: "6080"
  283. nova_novncproxy_listen_port: "{{ nova_novncproxy_port }}"
  284. nova_spicehtml5proxy_fqdn: "{{ kolla_external_fqdn }}"
  285. nova_spicehtml5proxy_port: "6082"
  286. nova_spicehtml5proxy_listen_port: "{{ nova_spicehtml5proxy_port }}"
  287. nova_serialproxy_fqdn: "{{ kolla_external_fqdn }}"
  288. nova_serialproxy_port: "6083"
  289. nova_serialproxy_listen_port: "{{ nova_serialproxy_port }}"
  290. nova_serialproxy_protocol: "{{ 'wss' if kolla_enable_tls_external | bool else 'ws' }}"
  291. octavia_internal_fqdn: "{{ kolla_internal_fqdn }}"
  292. octavia_external_fqdn: "{{ kolla_external_fqdn }}"
  293. octavia_api_port: "9876"
  294. octavia_api_listen_port: "{{ octavia_api_port }}"
  295. octavia_health_manager_port: "5555"
  296. outward_rabbitmq_port: "5674"
  297. outward_rabbitmq_management_port: "15674"
  298. outward_rabbitmq_cluster_port: "25674"
  299. outward_rabbitmq_epmd_port: "4371"
  300. ovsdb_port: "6640"
  301. panko_api_port: "8977"
  302. placement_internal_fqdn: "{{ kolla_internal_fqdn }}"
  303. placement_external_fqdn: "{{ kolla_external_fqdn }}"
  304. # Default Placement API port of 8778 already in use
  305. placement_api_port: "8780"
  306. placement_api_listen_port: "{{ placement_api_port }}"
  307. prometheus_port: "9091"
  308. prometheus_node_exporter_port: "9100"
  309. prometheus_mysqld_exporter_port: "9104"
  310. prometheus_haproxy_exporter_port: "9101"
  311. prometheus_memcached_exporter_port: "9150"
  312. prometheus_ceph_mgr_exporter_port: "9283"
  313. # Default cadvisor port of 8080 already in use
  314. prometheus_cadvisor_port: "18080"
  315. # Prometheus alertmanager ports
  316. prometheus_alertmanager_port: "9093"
  317. prometheus_alertmanager_cluster_port: "9094"
  318. # Prometheus openstack-exporter ports
  319. prometheus_openstack_exporter_port: "9198"
  320. prometheus_elasticsearch_exporter_port: "9108"
  321. # Prometheus blackbox-exporter ports
  322. prometheus_blackbox_exporter_port: "9115"
  323. qdrouterd_port: "31459"
  324. qinling_api_port: "7070"
  325. rabbitmq_port: "5672"
  326. rabbitmq_management_port: "15672"
  327. rabbitmq_cluster_port: "25672"
  328. rabbitmq_epmd_port: "4369"
  329. redis_port: "6379"
  330. redis_sentinel_port: "26379"
  331. rdp_port: "8001"
  332. rgw_port: "6780"
  333. sahara_api_port: "8386"
  334. searchlight_api_port: "9393"
  335. senlin_internal_fqdn: "{{ kolla_internal_fqdn }}"
  336. senlin_external_fqdn: "{{ kolla_external_fqdn }}"
  337. senlin_api_port: "8778"
  338. senlin_api_listen_port: "{{ senlin_api_port }}"
  339. skydive_analyzer_port: "8085"
  340. skydive_agents_port: "8090"
  341. solum_application_deployment_port: "9777"
  342. solum_image_builder_port: "9778"
  343. storm_nimbus_thrift_port: 6627
  344. storm_supervisor_thrift_port: 6628
  345. # Storm will run up to (end - start) + 1 workers per worker host. Here
  346. # we reserve ports for those workers, and implicitly define the maximum
  347. # number of workers per host.
  348. storm_worker_port_range:
  349. start: 6700
  350. end: 6703
  351. swift_internal_fqdn: "{{ kolla_internal_fqdn }}"
  352. swift_external_fqdn: "{{ kolla_external_fqdn }}"
  353. swift_proxy_server_port: "8080"
  354. swift_proxy_server_listen_port: "{{ swift_proxy_server_port }}"
  355. swift_object_server_port: "6000"
  356. swift_account_server_port: "6001"
  357. swift_container_server_port: "6002"
  358. swift_rsync_port: "10873"
  359. syslog_udp_port: "{{ fluentd_syslog_port }}"
  360. tacker_server_port: "9890"
  361. trove_api_port: "8779"
  362. watcher_api_port: "9322"
  363. zookeeper_client_port: "2181"
  364. zookeeper_peer_port: "2888"
  365. zookeeper_quorum_port: "3888"
  366. zun_api_port: "9517"
  367. zun_wsproxy_port: "6784"
  368. vitrage_api_port: "8999"
  369. public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}"
  370. internal_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}"
  371. admin_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}"
  372. ####################
  373. # OpenStack options
  374. ####################
  375. openstack_release: "master"
  376. openstack_logging_debug: "False"
  377. openstack_region_name: "RegionOne"
  378. # Variable defined the pin_release_version, apply for rolling upgrade process
  379. openstack_previous_release_name: "train"
  380. # A list of policy file formats that are supported by Oslo.policy
  381. supported_policy_format_list:
  382. - policy.yaml
  383. - policy.json
  384. # In the context of multi-regions, list here the name of all your regions.
  385. multiple_regions_names:
  386. - "{{ openstack_region_name }}"
  387. openstack_service_workers: "{{ [ansible_processor_vcpus, 5]|min }}"
  388. openstack_service_rpc_workers: "{{ [ansible_processor_vcpus, 3]|min }}"
  389. # Optionally allow Kolla to set sysctl values
  390. set_sysctl: "yes"
  391. # Endpoint type used to connect with OpenStack services with ansible modules.
  392. # Valid options are [ public, internal, admin ]
  393. openstack_interface: "admin"
  394. # Openstack CA certificate bundle file
  395. # CA bundle file must be added to both the Horizon and Kolla Toolbox containers
  396. openstack_cacert: ""
  397. # Enable core OpenStack services. This includes:
  398. # glance, keystone, neutron, nova, heat, and horizon.
  399. enable_openstack_core: "yes"
  400. # These roles are required for Kolla to be operation, however a savvy deployer
  401. # could disable some of these required roles and run their own services.
  402. enable_glance: "{{ enable_openstack_core | bool }}"
  403. enable_haproxy: "yes"
  404. enable_keepalived: "{{ enable_haproxy | bool }}"
  405. enable_keystone: "{{ enable_openstack_core | bool }}"
  406. enable_mariadb: "yes"
  407. enable_memcached: "yes"
  408. enable_neutron: "{{ enable_openstack_core | bool }}"
  409. enable_nova: "{{ enable_openstack_core | bool }}"
  410. enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}"
  411. enable_outward_rabbitmq: "{{ enable_murano | bool }}"
  412. # NOTE: Most memcached clients handle load-balancing via client side
  413. # hashing (consistent or not) logic, so going under the covers and messing
  414. # with things that the clients are not aware of is generally wrong
  415. enable_haproxy_memcached: "no"
  416. # Additional optional OpenStack features and services are specified here
  417. enable_aodh: "no"
  418. enable_barbican: "no"
  419. enable_blazar: "no"
  420. # NOTE: This variable has been deprecated and will be removed in the U cycle.
  421. enable_cadf_notifications: "no"
  422. enable_ceilometer: "no"
  423. enable_ceilometer_ipmi: "no"
  424. enable_cells: "no"
  425. enable_central_logging: "no"
  426. enable_ceph: "no"
  427. enable_ceph_mds: "no"
  428. enable_ceph_rgw: "no"
  429. enable_ceph_nfs: "no"
  430. enable_ceph_dashboard: "{{ enable_ceph | bool }}"
  431. enable_chrony: "yes"
  432. enable_cinder: "no"
  433. enable_cinder_backup: "yes"
  434. enable_cinder_backend_hnas_nfs: "no"
  435. enable_cinder_backend_iscsi: "{{ enable_cinder_backend_lvm | bool or enable_cinder_backend_zfssa_iscsi | bool }}"
  436. enable_cinder_backend_lvm: "no"
  437. enable_cinder_backend_nfs: "no"
  438. enable_cinder_backend_zfssa_iscsi: "no"
  439. enable_cinder_backend_quobyte: "no"
  440. enable_cloudkitty: "no"
  441. enable_collectd: "no"
  442. enable_congress: "no"
  443. enable_cyborg: "no"
  444. enable_designate: "no"
  445. enable_etcd: "no"
  446. enable_fluentd: "yes"
  447. enable_freezer: "no"
  448. enable_gnocchi: "no"
  449. enable_grafana: "no"
  450. enable_heat: "{{ enable_openstack_core | bool }}"
  451. enable_horizon: "{{ enable_openstack_core | bool }}"
  452. enable_horizon_blazar: "{{ enable_blazar | bool }}"
  453. enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}"
  454. enable_horizon_congress: "{{ enable_congress | bool }}"
  455. enable_horizon_designate: "{{ enable_designate | bool }}"
  456. enable_horizon_fwaas: "{{ enable_neutron_fwaas | bool }}"
  457. enable_horizon_freezer: "{{ enable_freezer | bool }}"
  458. enable_horizon_heat: "{{ enable_heat | bool }}"
  459. enable_horizon_ironic: "{{ enable_ironic | bool }}"
  460. enable_horizon_karbor: "{{ enable_karbor | bool }}"
  461. enable_horizon_magnum: "{{ enable_magnum | bool }}"
  462. enable_horizon_manila: "{{ enable_manila | bool }}"
  463. enable_horizon_masakari: "{{ enable_masakari | bool }}"
  464. enable_horizon_mistral: "{{ enable_mistral | bool }}"
  465. enable_horizon_murano: "{{ enable_murano | bool }}"
  466. enable_horizon_neutron_vpnaas: "{{ enable_neutron_vpnaas | bool }}"
  467. enable_horizon_octavia: "{{ enable_octavia | bool }}"
  468. enable_horizon_qinling: "{{ enable_qinling | bool }}"
  469. enable_horizon_sahara: "{{ enable_sahara | bool }}"
  470. enable_horizon_searchlight: "{{ enable_searchlight | bool }}"
  471. enable_horizon_senlin: "{{ enable_senlin | bool }}"
  472. enable_horizon_solum: "{{ enable_solum | bool }}"
  473. enable_horizon_tacker: "{{ enable_tacker | bool }}"
  474. enable_horizon_trove: "{{ enable_trove | bool }}"
  475. enable_horizon_vitrage: "{{ enable_vitrage | bool }}"
  476. enable_horizon_watcher: "{{ enable_watcher | bool }}"
  477. enable_horizon_zun: "{{ enable_zun | bool }}"
  478. enable_hyperv: "no"
  479. enable_influxdb: "{{ enable_monasca | bool or (enable_cloudkitty | bool and cloudkitty_storage_backend == 'influxdb') }}"
  480. enable_ironic: "no"
  481. enable_ironic_ipxe: "no"
  482. enable_ironic_neutron_agent: "{{ enable_neutron | bool and enable_ironic | bool }}"
  483. enable_ironic_pxe_uefi: "no"
  484. enable_iscsid: "{{ (enable_cinder | bool and enable_cinder_backend_iscsi | bool) or enable_ironic | bool }}"
  485. enable_karbor: "no"
  486. enable_kafka: "{{ enable_monasca | bool }}"
  487. enable_kuryr: "no"
  488. enable_magnum: "no"
  489. enable_manila: "no"
  490. enable_manila_backend_generic: "no"
  491. enable_manila_backend_hnas: "no"
  492. enable_manila_backend_cephfs_native: "no"
  493. enable_manila_backend_cephfs_nfs: "no"
  494. enable_mariabackup: "no"
  495. enable_masakari: "no"
  496. enable_mistral: "no"
  497. enable_monasca: "no"
  498. enable_mongodb: "no"
  499. enable_multipathd: "no"
  500. enable_murano: "no"
  501. enable_neutron_vpnaas: "no"
  502. enable_neutron_sriov: "no"
  503. enable_neutron_dvr: "no"
  504. enable_neutron_fwaas: "no"
  505. enable_neutron_qos: "no"
  506. enable_neutron_agent_ha: "no"
  507. enable_neutron_bgp_dragent: "no"
  508. enable_neutron_provider_networks: "no"
  509. enable_neutron_segments: "no"
  510. enable_neutron_sfc: "no"
  511. enable_neutron_metering: "no"
  512. enable_neutron_infoblox_ipam_agent: "no"
  513. enable_neutron_port_forwarding: "no"
  514. enable_nova_serialconsole_proxy: "no"
  515. enable_nova_ssh: "yes"
  516. enable_octavia: "no"
  517. enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}"
  518. enable_ovs_dpdk: "no"
  519. enable_osprofiler: "no"
  520. enable_panko: "no"
  521. enable_placement: "{{ enable_nova | bool or enable_zun | bool }}"
  522. enable_prometheus: "no"
  523. enable_qdrouterd: "{{ 'yes' if om_rpc_transport == 'amqp' else 'no' }}"
  524. enable_qinling: "no"
  525. enable_rally: "no"
  526. enable_redis: "no"
  527. enable_sahara: "no"
  528. enable_searchlight: "no"
  529. enable_senlin: "no"
  530. enable_skydive: "no"
  531. enable_solum: "no"
  532. enable_storm: "{{ enable_monasca | bool }}"
  533. enable_swift: "no"
  534. enable_swift_s3api: "no"
  535. enable_swift_recon: "no"
  536. enable_tacker: "no"
  537. enable_telegraf: "no"
  538. enable_tempest: "no"
  539. enable_trove: "no"
  540. enable_trove_singletenant: "no"
  541. enable_vitrage: "no"
  542. enable_vmtp: "no"
  543. enable_watcher: "no"
  544. enable_zookeeper: "{{ enable_kafka | bool }}"
  545. enable_zun: "no"
  546. ovs_datapath: "{{ 'netdev' if enable_ovs_dpdk | bool else 'system' }}"
  547. designate_keystone_user: "designate"
  548. ironic_keystone_user: "ironic"
  549. neutron_keystone_user: "neutron"
  550. nova_keystone_user: "nova"
  551. placement_keystone_user: "placement"
  552. murano_keystone_user: "murano"
  553. cinder_keystone_user: "cinder"
  554. # Nova fake driver and the number of fake driver per compute node
  555. enable_nova_fake: "no"
  556. num_nova_fake_per_node: 5
  557. # Clean images options are specified here
  558. enable_destroy_images: "no"
  559. ####################
  560. # Monasca options
  561. ####################
  562. # The OpenStack username used by the Monasca Agent and the Fluentd Monasca
  563. # plugin to post logs and metrics from the control plane to Monasca.
  564. monasca_agent_user: "monasca-agent"
  565. # The OpenStack project to which the control plane logs and metrics are
  566. # tagged with. Only users with the monasca read only user role, or higher
  567. # can access these from the Monasca APIs.
  568. monasca_control_plane_project: "monasca_control_plane"
  569. ####################
  570. # Global Options
  571. ####################
  572. # List of containers to skip during stop command in YAML list format
  573. # skip_stop_containers:
  574. # - container1
  575. # - container2
  576. skip_stop_containers: []
  577. ####################
  578. # Logging options
  579. ####################
  580. elasticsearch_address: "{{ kolla_internal_fqdn }}"
  581. enable_elasticsearch: "{{ 'yes' if enable_central_logging | bool or enable_osprofiler | bool or enable_skydive | bool or enable_monasca | bool else 'no' }}"
  582. # If using Curator an actions file will need to be defined. Please see
  583. # the documentation.
  584. enable_elasticsearch_curator: "no"
  585. enable_kibana: "{{ 'yes' if enable_central_logging | bool or enable_monasca | bool else 'no' }}"
  586. ####################
  587. # Redis options
  588. ####################
  589. redis_connection_string: "redis://{% for host in groups['redis'] %}{% if host == groups['redis'][0] %}admin:{{ redis_master_password }}@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ redis_sentinel_port }}?sentinel=kolla{% else %}&sentinel_fallback={{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ redis_sentinel_port }}{% endif %}{% endfor %}&db=0&socket_timeout=60&retry_on_timeout=yes"
  590. ####################
  591. # Osprofiler options
  592. ####################
  593. # valid values: ["elasticsearch", "redis"]
  594. osprofiler_backend: "elasticsearch"
  595. elasticsearch_connection_string: "elasticsearch://{{ elasticsearch_address | put_address_in_context('url') }}:{{ elasticsearch_port }}"
  596. osprofiler_backend_connection_string: "{{ redis_connection_string if osprofiler_backend == 'redis' else elasticsearch_connection_string }}"
  597. ####################
  598. # RabbitMQ options
  599. ####################
  600. rabbitmq_hipe_compile: "no"
  601. rabbitmq_user: "openstack"
  602. rabbitmq_monitoring_user: ""
  603. outward_rabbitmq_user: "openstack"
  604. ####################
  605. # Qdrouterd options
  606. ####################
  607. qdrouterd_user: "openstack"
  608. ####################
  609. # HAProxy options
  610. ####################
  611. haproxy_user: "openstack"
  612. haproxy_enable_external_vip: "{{ 'no' if kolla_same_external_internal_vip | bool else 'yes' }}"
  613. kolla_enable_tls_internal: "no"
  614. kolla_enable_tls_external: "{{ kolla_enable_tls_internal if kolla_same_external_internal_vip | bool else 'no' }}"
  615. kolla_external_fqdn_cert: "{{ node_config }}/certificates/haproxy.pem"
  616. kolla_internal_fqdn_cert: "{{ node_config }}/certificates/haproxy-internal.pem"
  617. kolla_external_fqdn_cacert: "{{ node_config }}/certificates/haproxy-ca.crt"
  618. kolla_internal_fqdn_cacert: "{{ node_config }}/certificates/haproxy-ca-internal.crt"
  619. ####################
  620. # Kibana options
  621. ####################
  622. kibana_user: "kibana"
  623. kibana_log_prefix: "flog"
  624. ####################
  625. # Keystone options
  626. ####################
  627. keystone_internal_fqdn: "{{ kolla_internal_fqdn }}"
  628. keystone_external_fqdn: "{{ kolla_external_fqdn }}"
  629. keystone_admin_url: "{{ admin_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_admin_port }}"
  630. keystone_internal_url: "{{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
  631. keystone_public_url: "{{ public_protocol }}://{{ keystone_external_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
  632. keystone_admin_user: "admin"
  633. keystone_admin_project: "admin"
  634. default_project_domain_name: "Default"
  635. default_project_domain_id: "default"
  636. default_user_domain_name: "Default"
  637. default_user_domain_id: "default"
  638. # Valid options are [ fernet ]
  639. keystone_token_provider: "fernet"
  640. # Keystone fernet token expiry in seconds. Default is 1 day.
  641. fernet_token_expiry: 86400
  642. # Keystone window to allow expired fernet tokens. Default is 2 days.
  643. fernet_token_allow_expired_window: 172800
  644. # Keystone fernet key rotation interval in seconds. Default is sum of token
  645. # expiry and allow expired window, 3 days. This ensures the minimum number
  646. # of keys are active. If this interval is lower than the sum of the token
  647. # expiry and allow expired window, multiple active keys will be necessary.
  648. fernet_key_rotation_interval: "{{ fernet_token_expiry + fernet_token_allow_expired_window }}"
  649. keystone_default_user_role: "_member_"
  650. # OpenStack authentication string. You should only need to override these if you
  651. # are changing the admin tenant/project or user.
  652. openstack_auth:
  653. auth_url: "{{ keystone_admin_url }}"
  654. username: "{{ keystone_admin_user }}"
  655. password: "{{ keystone_admin_password }}"
  656. project_name: "{{ keystone_admin_project }}"
  657. domain_name: "default"
  658. user_domain_name: "default"
  659. #######################
  660. # Glance options
  661. #######################
  662. # Using glance_backend_ceph rather than enable_ceph to determine whether to
  663. # use the file backend, as this allows for the external ceph case, where
  664. # enable_ceph is False.
  665. glance_backend_file: "{{ not (glance_backend_ceph | bool or glance_backend_swift | bool or glance_backend_vmware | bool) }}"
  666. glance_backend_ceph: "{{ enable_ceph }}"
  667. glance_backend_vmware: "no"
  668. enable_glance_image_cache: "no"
  669. # ceph backend has priority over swift in all-ceph clusters
  670. glance_backend_swift: "{{ not (enable_ceph | bool) and enable_swift | bool }}"
  671. glance_file_datadir_volume: "glance"
  672. glance_enable_rolling_upgrade: "no"
  673. glance_api_hosts: "{{ [groups['glance-api']|first] if glance_backend_file | bool and glance_file_datadir_volume == 'glance' else groups['glance-api'] }}"
  674. #######################
  675. # Barbican options
  676. #######################
  677. # Valid options are [ simple_crypto, p11_crypto ]
  678. barbican_crypto_plugin: "simple_crypto"
  679. barbican_library_path: "/usr/lib/libCryptoki2_64.so"
  680. ########################
  681. ### Panko options
  682. ########################
  683. # Valid options are [ mongodb, mysql ]
  684. panko_database_type: "mysql"
  685. #################
  686. # Gnocchi options
  687. #################
  688. # Valid options are [ file, ceph, swift ]
  689. # Defaults to file if ceph and swift are enabled; explicitly set to either if required.
  690. gnocchi_backend_storage: "{% if enable_ceph | bool and not enable_swift | bool %}ceph{% elif enable_swift | bool and not enable_ceph | bool %}swift{% else %}file{% endif %}"
  691. # Valid options are [redis, '']
  692. gnocchi_incoming_storage: "{{ 'redis' if enable_redis | bool else '' }}"
  693. gnocchi_metric_datadir_volume: "gnocchi"
  694. #################################
  695. # Cinder options
  696. #################################
  697. cinder_backend_ceph: "{{ enable_ceph }}"
  698. cinder_backend_vmwarevc_vmdk: "no"
  699. cinder_volume_group: "cinder-volumes"
  700. cinder_target_helper: "tgtadm"
  701. # Valid options are [ '', redis, etcd ]
  702. cinder_coordination_backend: "{{ 'redis' if enable_redis|bool else 'etcd' if enable_etcd|bool else '' }}"
  703. # Valid options are [ nfs, swift, ceph ]
  704. cinder_backup_driver: "ceph"
  705. cinder_backup_share: ""
  706. cinder_backup_mount_options_nfs: ""
  707. #######################
  708. # Cloudkitty options
  709. #######################
  710. # Valid option is gnocchi
  711. cloudkitty_collector_backend: "gnocchi"
  712. # Valid options are 'sqlalchemy' or 'influxdb'. The default value is
  713. # 'influxdb', which matches the default in Cloudkitty since the Stein release.
  714. # When the backend is "influxdb", we also enable Influxdb.
  715. # Also, when using 'influxdb' as the backend, we trigger the configuration/use
  716. # of Cloudkitty storage backend version 2.
  717. cloudkitty_storage_backend: "influxdb"
  718. #######################
  719. # Designate options
  720. #######################
  721. # Valid options are [ bind9, infoblox ]
  722. designate_backend: "bind9"
  723. designate_ns_record: "sample.openstack.org"
  724. designate_backend_external: "no"
  725. designate_backend_external_bind9_nameservers: ""
  726. # Valid options are [ '', redis, etcd ]
  727. designate_coordination_backend: "{{ 'redis' if enable_redis|bool else 'etcd' if enable_etcd|bool else '' }}"
  728. #######################
  729. # Neutron options
  730. #######################
  731. neutron_bgp_router_id: "1.1.1.1"
  732. neutron_bridge_name: "{{ 'br-dvs' if neutron_plugin_agent == 'vmware_dvs' else 'br-ex' }}"
  733. # Comma-separated type of enabled ml2 type drivers
  734. neutron_type_drivers: "flat,vlan,vxlan"
  735. # Comma-separated types of tenant networks (should be listed in 'neutron_type_drivers')
  736. # NOTE: for ironic this list should also contain 'flat'
  737. neutron_tenant_network_types: "vxlan"
  738. # valid values: ["dvr", "dvr_no_external"]
  739. neutron_compute_dvr_mode: "dvr"
  740. computes_need_external_bridge: "{{ (enable_neutron_dvr | bool and neutron_compute_dvr_mode == 'dvr') or enable_neutron_provider_networks | bool }}"
  741. # Default DNS resolvers for virtual networks
  742. neutron_dnsmasq_dns_servers: "1.1.1.1,8.8.8.8,8.8.4.4"
  743. # Set legacy iptables to allow kernels not supporting iptables-nft
  744. neutron_legacy_iptables: "no"
  745. #######################
  746. # Nova options
  747. #######################
  748. nova_backend_ceph: "{{ enable_ceph }}"
  749. nova_backend: "{{ 'rbd' if nova_backend_ceph | bool else 'default' }}"
  750. # Valid options are [ kvm, qemu, vmware, xenapi ]
  751. nova_compute_virt_type: "kvm"
  752. nova_instance_datadir_volume: "nova_compute"
  753. nova_safety_upgrade: "no"
  754. # Valid options are [ none, novnc, spice, rdp ]
  755. nova_console: "novnc"
  756. #######################
  757. # Murano options
  758. #######################
  759. murano_agent_rabbitmq_vhost: "muranoagent"
  760. murano_agent_rabbitmq_user: "muranoagent"
  761. #######################
  762. # Horizon options
  763. #######################
  764. horizon_backend_database: "{{ enable_murano | bool }}"
  765. horizon_keystone_multidomain: False
  766. # Enable deploying custom horizon policy files for services that don't have a
  767. # horizon plugin but have a policy file. Override these when you have services
  768. # not deployed by kolla-ansible but want custom policy files deployed for them
  769. # in horizon.
  770. enable_ceilometer_horizon_policy_file: "{{ enable_ceilometer }}"
  771. enable_cinder_horizon_policy_file: "{{ enable_cinder }}"
  772. enable_congress_horizon_policy_file: "{{ enable_congress }}"
  773. enable_glance_horizon_policy_file: "{{ enable_glance }}"
  774. enable_heat_horizon_policy_file: "{{ enable_heat }}"
  775. enable_keystone_horizon_policy_file: "{{ enable_keystone }}"
  776. enable_neutron_horizon_policy_file: "{{ enable_neutron }}"
  777. enable_nova_horizon_policy_file: "{{ enable_nova }}"
  778. #################
  779. # Octavia options
  780. #################
  781. # Load balancer topology options are [ SINGLE, ACTIVE_STANDBY ]
  782. octavia_loadbalancer_topology: "SINGLE"
  783. octavia_amp_boot_network_list:
  784. octavia_amp_secgroup_list:
  785. octavia_amp_flavor_id:
  786. #################
  787. # Qinling options
  788. #################
  789. # Configure qinling-engine certificates to authenticate with Kubernetes cluster.
  790. qinling_kubernetes_certificates: "no"
  791. ###################
  792. # Ceph options
  793. ###################
  794. # Ceph can be setup with a caching to improve performance. To use the cache you
  795. # must provide separate disks than those for the OSDs
  796. ceph_enable_cache: "no"
  797. external_ceph_cephx_enabled: "yes"
  798. # Ceph is not able to determine the size of a cache pool automatically,
  799. # so the configuration on the absolute size is required here, otherwise the flush/evict will not work.
  800. ceph_target_max_bytes: ""
  801. ceph_target_max_objects: ""
  802. # Valid options are [ forward, none, writeback ]
  803. ceph_cache_mode: "writeback"
  804. # Valid options are [ ext4, btrfs, xfs ]
  805. ceph_osd_filesystem: "xfs"
  806. # Set to 'yes-i-really-really-mean-it' to force wipe disks with existing partitions for OSDs. Only
  807. # set if you understand the consequences!
  808. ceph_osd_wipe_disk: ""
  809. # These are /etc/fstab options. Comma separated, no spaces (see fstab(8))
  810. ceph_osd_mount_options: "defaults,noatime"
  811. # A requirement for using the erasure-coded pools is you must setup a cache tier
  812. # Valid options are [ erasure, replicated ]
  813. ceph_pool_type: "replicated"
  814. # Integrate Ceph Rados Object Gateway with OpenStack keystone
  815. enable_ceph_rgw_keystone: "no"
  816. # Enable/disable ceph-rgw compatibility with OpenStack Swift
  817. # Valid options are [ True, False ]
  818. ceph_rgw_compatibility: "False"
  819. ceph_cinder_pool_name: "volumes"
  820. ceph_cinder_backup_pool_name: "backups"
  821. ceph_glance_pool_name: "images"
  822. ceph_gnocchi_pool_name: "gnocchi"
  823. ceph_nova_pool_name: "vms"
  824. ceph_erasure_profile: "k=4 m=2 ruleset-failure-domain=host"
  825. ceph_rule: "default host {{ 'indep' if ceph_pool_type == 'erasure' else 'firstn' }}"
  826. ceph_cache_rule: "cache host firstn"
  827. # Set the pgs and pgps for pool
  828. # WARNING! These values are dependant on the size and shape of your cluster -
  829. # the default values are not suitable for production use. Please refer to the
  830. # Kolla Ceph documentation for more information.
  831. ceph_pool_pg_num: 8
  832. ceph_pool_pgp_num: 8
  833. # Set the store type for ceph OSD
  834. # Valid options are [ filestore, bluestore]
  835. ceph_osd_store_type: "bluestore"
  836. # Set the host type for ceph daemons
  837. # Valid options are [ IP, HOSTNAME, FQDN, INVENTORY ]
  838. # Note: For existing clusters, please don't modify this parameter. Otherwise,
  839. # the existing mon will be invalidated, and the existing osd crush map will
  840. # be changed.
  841. ceph_mon_host_type: "IP"
  842. ceph_mgr_host_type: "INVENTORY"
  843. ceph_osd_host_type: "IP"
  844. ceph_mds_host_type: "INVENTORY"
  845. #####################
  846. # VMware support
  847. ######################
  848. vmware_vcenter_host_ip: "127.0.0.1"
  849. vmware_vcenter_host_username: "username"
  850. vmware_vcenter_cluster_name: "cluster-1"
  851. vmware_vcenter_insecure: "True"
  852. #######################################
  853. # XenAPI - Support XenAPI for XenServer
  854. #######################################
  855. # XenAPI driver use HIMN(Host Internal Management Network)
  856. # to communicate with XenServer host.
  857. xenserver_himn_ip: "169.254.0.1"
  858. xenserver_username: "root"
  859. xenserver_connect_protocol: "https"
  860. # File used to save XenAPI's facts variables formatted as json.
  861. xenapi_facts_root: "/etc/kolla/xenapi/"
  862. xenapi_facts_file: "facts.json"
  863. #############################################
  864. # MariaDB component-specific database details
  865. #############################################
  866. # Whether to configure haproxy to load balance
  867. # the external MariaDB server(s)
  868. enable_external_mariadb_load_balancer: "no"
  869. # Whether to use pre-configured databases / users
  870. use_preconfigured_databases: "no"
  871. # whether to use a common, preconfigured user
  872. # for all component databases
  873. use_common_mariadb_user: "no"
  874. ############
  875. # Prometheus
  876. ############
  877. enable_prometheus_haproxy_exporter: "{{ enable_haproxy | bool }}"
  878. enable_prometheus_mysqld_exporter: "{{ enable_mariadb | bool }}"
  879. enable_prometheus_node_exporter: "{{ enable_prometheus | bool }}"
  880. enable_prometheus_memcached_exporter: "{{ enable_memcached | bool }}"
  881. enable_prometheus_cadvisor: "{{ enable_prometheus | bool }}"
  882. enable_prometheus_alertmanager: "{{ enable_prometheus | bool }}"
  883. enable_prometheus_ceph_mgr_exporter: "{{ enable_ceph | bool and enable_prometheus | bool }}"
  884. enable_prometheus_openstack_exporter: "{{ enable_prometheus | bool }}"
  885. enable_prometheus_elasticsearch_exporter: "{{ enable_prometheus | bool and enable_elasticsearch | bool }}"
  886. enable_prometheus_blackbox_exporter: "{{ enable_prometheus | bool }}"
  887. prometheus_alertmanager_user: "admin"
  888. prometheus_openstack_exporter_interval: "60s"
  889. prometheus_elasticsearch_exporter_interval: "60s"
  890. prometheus_cmdline_extras:
  891. ############
  892. # Vitrage
  893. ############
  894. enable_vitrage_prometheus_datasource: "{{ enable_prometheus | bool }}"
  895. ####################
  896. # InfluxDB options
  897. ####################
  898. influxdb_address: "{{ kolla_internal_fqdn }}"
  899. #########################
  900. # Internal Image options
  901. #########################
  902. distro_python_version_map: {
  903. "centos": "2.7",
  904. "debian": "3.7",
  905. "rhel": "2.7",
  906. "ubuntu": "3.6"
  907. }
  908. distro_python_version: "{{ distro_python_version_map[kolla_base_distro] }}"
  909. ##########
  910. # Telegraf
  911. ##########
  912. # Configure telegraf to use the docker daemon itself as an input for
  913. # telemetry data.
  914. telegraf_enable_docker_input: "no"