Ansible deployment of the Kolla containers
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

1066 lines
37 KiB

  1. ---
  2. # The options in this file can be overridden in 'globals.yml'
  3. # The "temp" files that are created before merge need to stay persistent due
  4. # to the fact that ansible will register a "change" if it has to create them
  5. # again. Persistent files allow for idempotency
  6. container_config_directory: "/var/lib/kolla/config_files"
  7. # The directory on the deploy host containing globals.yml.
  8. node_config: "{{ CONFIG_DIR | default('/etc/kolla') }}"
  9. # The directory to merge custom config files the kolla's config files
  10. node_custom_config: "/etc/kolla/config"
  11. # The directory to store the config files on the destination node
  12. node_config_directory: "/etc/kolla"
  13. # The group which own node_config_directory, you can use a non-root
  14. # user to deploy kolla
  15. config_owner_user: "root"
  16. config_owner_group: "root"
  17. ###################
  18. # Kolla options
  19. ###################
  20. # Valid options are [ COPY_ONCE, COPY_ALWAYS ]
  21. config_strategy: "COPY_ALWAYS"
  22. # Valid options are ['centos', 'debian', 'rhel', 'ubuntu']
  23. kolla_base_distro: "centos"
  24. # Valid options are [ binary, source ]
  25. kolla_install_type: "binary"
  26. kolla_internal_vip_address: "{{ kolla_internal_address }}"
  27. kolla_internal_fqdn: "{{ kolla_internal_vip_address }}"
  28. kolla_external_vip_address: "{{ kolla_internal_vip_address }}"
  29. kolla_same_external_internal_vip: "{{ kolla_external_vip_address == kolla_internal_vip_address }}"
  30. kolla_external_fqdn: "{{ kolla_internal_fqdn if kolla_same_external_internal_vip | bool else kolla_external_vip_address }}"
  31. kolla_enable_sanity_checks: "no"
  32. kolla_enable_sanity_barbican: "{{ kolla_enable_sanity_checks }}"
  33. kolla_enable_sanity_keystone: "{{ kolla_enable_sanity_checks }}"
  34. kolla_enable_sanity_glance: "{{ kolla_enable_sanity_checks }}"
  35. kolla_enable_sanity_cinder: "{{ kolla_enable_sanity_checks }}"
  36. kolla_enable_sanity_swift: "{{ kolla_enable_sanity_checks }}"
  37. kolla_dev_repos_directory: "/opt/stack/"
  38. kolla_dev_repos_git: "https://opendev.org/openstack"
  39. kolla_dev_repos_pull: "no"
  40. kolla_dev_mode: "no"
  41. kolla_source_version: "{% if openstack_release == 'master' %}master{% else %}stable/{{ openstack_release }}{% endif %}"
  42. # Proxy settings for containers such as magnum that need internet access
  43. container_http_proxy: ""
  44. container_https_proxy: ""
  45. container_no_proxy: "localhost,127.0.0.1"
  46. container_proxy:
  47. http_proxy: "{{ container_http_proxy }}"
  48. https_proxy: "{{ container_https_proxy }}"
  49. no_proxy: "{{ container_no_proxy }},{{ api_interface_address }},{{ kolla_internal_vip_address }}"
  50. # By default, Kolla API services bind to the network address assigned
  51. # to the api_interface. Allow the bind address to be an override.
  52. api_interface_address: "{{ 'api' | kolla_address }}"
  53. # This is used to get the ip corresponding to the storage_interface.
  54. storage_interface_address: "{{ 'storage' | kolla_address }}"
  55. ################
  56. # Chrony options
  57. ################
  58. # A list contains ntp servers
  59. external_ntp_servers:
  60. - 0.pool.ntp.org
  61. - 1.pool.ntp.org
  62. - 2.pool.ntp.org
  63. - 3.pool.ntp.org
  64. ####################
  65. # Database options
  66. ####################
  67. database_address: "{{ kolla_internal_fqdn }}"
  68. database_user: "root"
  69. database_port: "3306"
  70. ####################
  71. # Docker options
  72. ####################
  73. docker_registry_email:
  74. docker_registry:
  75. docker_namespace: "kolla"
  76. docker_registry_username:
  77. docker_registry_insecure: "{{ 'yes' if docker_registry else 'no' }}"
  78. docker_runtime_directory: ""
  79. # Docker client timeout in seconds.
  80. docker_client_timeout: 120
  81. # Docker networking options
  82. docker_disable_default_iptables_rules: "no"
  83. # Retention settings for Docker logs
  84. docker_log_max_file: "5"
  85. docker_log_max_size: "50m"
  86. # Valid options are [ no, on-failure, always, unless-stopped ]
  87. docker_restart_policy: "unless-stopped"
  88. # '0' means unlimited retries (applies only to 'on-failure' policy)
  89. docker_restart_policy_retry: "10"
  90. # Extra docker options for Zun
  91. docker_configure_for_zun: "no"
  92. docker_zun_options: -H tcp://{{ api_interface_address | put_address_in_context('url') }}:2375
  93. docker_zun_config:
  94. cluster-store: etcd://{% for host in groups.get('etcd', []) %}{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ hostvars[host]['etcd_client_port'] }}{% if not loop.last %},{% endif %}{% endfor %}
  95. # Extra containerd options for Zun
  96. containerd_configure_for_zun: "no"
  97. # 42463 is the static group id of the zun user in the Zun image.
  98. # If users customize this value on building the Zun images,
  99. # they need to change this config accordingly.
  100. containerd_grpc_gid: 42463
  101. # Timeout after Docker sends SIGTERM before sending SIGKILL.
  102. docker_graceful_timeout: 60
  103. # Common options used throughout Docker
  104. docker_common_options:
  105. auth_email: "{{ docker_registry_email }}"
  106. auth_password: "{{ docker_registry_password }}"
  107. auth_registry: "{{ docker_registry }}"
  108. auth_username: "{{ docker_registry_username }}"
  109. environment:
  110. KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
  111. restart_policy: "{{ docker_restart_policy }}"
  112. restart_retries: "{{ docker_restart_policy_retry }}"
  113. graceful_timeout: "{{ docker_graceful_timeout }}"
  114. client_timeout: "{{ docker_client_timeout }}"
  115. ####################
  116. # Dimensions options
  117. ####################
  118. # Dimension options for Docker Containers
  119. default_container_dimensions: {}
  120. #######################
  121. # Extra volumes options
  122. #######################
  123. # Extra volumes for Docker Containers
  124. default_extra_volumes: []
  125. ####################
  126. # keepalived options
  127. ####################
  128. # Arbitrary unique number from 0..255
  129. keepalived_virtual_router_id: "51"
  130. #######################
  131. # Elasticsearch Options
  132. #######################
  133. es_heap_size: "1G"
  134. elasticsearch_datadir_volume: "elasticsearch"
  135. ###################
  136. # Messaging options
  137. ###################
  138. # oslo.messaging rpc transport valid options are [ rabbit, amqp ]
  139. om_rpc_transport: "rabbit"
  140. om_rpc_user: "{{ rabbitmq_user }}"
  141. om_rpc_password: "{{ rabbitmq_password }}"
  142. om_rpc_port: "{{ rabbitmq_port }}"
  143. om_rpc_group: "rabbitmq"
  144. om_rpc_vhost: "/"
  145. rpc_transport_url: "{{ om_rpc_transport }}://{% for host in groups[om_rpc_group] %}{{ om_rpc_user }}:{{ om_rpc_password }}@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ om_rpc_port }}{% if not loop.last %},{% endif %}{% endfor %}/{{ om_rpc_vhost }}"
  146. # oslo.messaging notify transport valid options are [ rabbit ]
  147. om_notify_transport: "rabbit"
  148. om_notify_user: "{{ rabbitmq_user }}"
  149. om_notify_password: "{{ rabbitmq_password }}"
  150. om_notify_port: "{{ rabbitmq_port }}"
  151. om_notify_group: "rabbitmq"
  152. om_notify_vhost: "/"
  153. notify_transport_url: "{{ om_notify_transport }}://{% for host in groups[om_notify_group] %}{{ om_notify_user }}:{{ om_notify_password }}@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ om_notify_port }}{% if not loop.last %},{% endif %}{% endfor %}/{{ om_notify_vhost }}"
  154. ####################
  155. # Networking options
  156. ####################
  157. network_interface: "eth0"
  158. neutron_external_interface: "eth1"
  159. kolla_external_vip_interface: "{{ network_interface }}"
  160. api_interface: "{{ network_interface }}"
  161. storage_interface: "{{ network_interface }}"
  162. cluster_interface: "{{ network_interface }}"
  163. swift_storage_interface: "{{ storage_interface }}"
  164. swift_replication_interface: "{{ swift_storage_interface }}"
  165. migration_interface: "{{ api_interface }}"
  166. tunnel_interface: "{{ network_interface }}"
  167. octavia_network_interface: "{{ api_interface }}"
  168. bifrost_network_interface: "{{ network_interface }}"
  169. dns_interface: "{{ network_interface }}"
  170. # Configure the address family (AF) per network.
  171. # Valid options are [ ipv4, ipv6 ]
  172. network_address_family: "ipv4"
  173. api_address_family: "{{ network_address_family }}"
  174. storage_address_family: "{{ network_address_family }}"
  175. cluster_address_family: "{{ network_address_family }}"
  176. swift_storage_address_family: "{{ storage_address_family }}"
  177. swift_replication_address_family: "{{ swift_storage_address_family }}"
  178. migration_address_family: "{{ api_address_family }}"
  179. tunnel_address_family: "{{ network_address_family }}"
  180. octavia_network_address_family: "{{ api_address_family }}"
  181. bifrost_network_address_family: "{{ network_address_family }}"
  182. dns_address_family: "{{ network_address_family }}"
  183. migration_interface_address: "{{ 'migration' | kolla_address }}"
  184. tunnel_interface_address: "{{ 'tunnel' | kolla_address }}"
  185. octavia_network_interface_address: "{{ 'octavia_network' | kolla_address }}"
  186. # Valid options are [ openvswitch, ovn, linuxbridge, vmware_nsxv, vmware_nsxv3, vmware_dvs ]
  187. neutron_plugin_agent: "openvswitch"
  188. # Valid options are [ internal, infoblox ]
  189. neutron_ipam_driver: "internal"
  190. # The default ports used by each service.
  191. # The list should be in alphabetical order
  192. aodh_internal_fqdn: "{{ kolla_internal_fqdn }}"
  193. aodh_external_fqdn: "{{ kolla_external_fqdn }}"
  194. aodh_api_port: "8042"
  195. aodh_api_listen_port: "{{ aodh_api_port }}"
  196. barbican_internal_fqdn: "{{ kolla_internal_fqdn }}"
  197. barbican_external_fqdn: "{{ kolla_external_fqdn }}"
  198. barbican_api_port: "9311"
  199. barbican_api_listen_port: "{{ barbican_api_port }}"
  200. blazar_api_port: "1234"
  201. cinder_internal_fqdn: "{{ kolla_internal_fqdn }}"
  202. cinder_external_fqdn: "{{ kolla_external_fqdn }}"
  203. cinder_api_port: "8776"
  204. cinder_api_listen_port: "{{ cinder_api_port }}"
  205. cloudkitty_api_port: "8889"
  206. collectd_udp_port: "25826"
  207. cyborg_api_port: "6666"
  208. designate_internal_fqdn: "{{ kolla_internal_fqdn }}"
  209. designate_external_fqdn: "{{ kolla_external_fqdn }}"
  210. designate_api_port: "9001"
  211. designate_api_listen_port: "{{ designate_api_port }}"
  212. designate_bind_port: "53"
  213. designate_mdns_port: "{{ '53' if designate_backend == 'infoblox' else '5354' }}"
  214. designate_rndc_port: "953"
  215. elasticsearch_port: "9200"
  216. etcd_client_port: "2379"
  217. etcd_peer_port: "2380"
  218. etcd_enable_tls: "{{ kolla_enable_tls_backend }}"
  219. etcd_protocol: "{{ 'https' if etcd_enable_tls | bool else 'http' }}"
  220. fluentd_syslog_port: "5140"
  221. freezer_api_port: "9090"
  222. glance_internal_fqdn: "{{ kolla_internal_fqdn }}"
  223. glance_external_fqdn: "{{ kolla_external_fqdn }}"
  224. glance_api_port: "9292"
  225. glance_api_listen_port: "{{ glance_api_port }}"
  226. gnocchi_internal_fqdn: "{{ kolla_internal_fqdn }}"
  227. gnocchi_external_fqdn: "{{ kolla_external_fqdn }}"
  228. gnocchi_api_port: "8041"
  229. gnocchi_api_listen_port: "{{ gnocchi_api_port }}"
  230. grafana_server_port: "3000"
  231. haproxy_stats_port: "1984"
  232. haproxy_monitor_port: "61313"
  233. heat_internal_fqdn: "{{ kolla_internal_fqdn }}"
  234. heat_external_fqdn: "{{ kolla_external_fqdn }}"
  235. heat_api_port: "8004"
  236. heat_api_listen_port: "{{ heat_api_port }}"
  237. heat_cfn_internal_fqdn: "{{ kolla_internal_fqdn }}"
  238. heat_cfn_external_fqdn: "{{ kolla_external_fqdn }}"
  239. heat_api_cfn_port: "8000"
  240. heat_api_cfn_listen_port: "{{ heat_api_cfn_port }}"
  241. horizon_port: "80"
  242. horizon_listen_port: "{{ horizon_port }}"
  243. influxdb_http_port: "8086"
  244. ironic_internal_fqdn: "{{ kolla_internal_fqdn }}"
  245. ironic_external_fqdn: "{{ kolla_external_fqdn }}"
  246. ironic_api_port: "6385"
  247. ironic_api_listen_port: "{{ ironic_api_port }}"
  248. ironic_inspector_internal_fqdn: "{{ kolla_internal_fqdn }}"
  249. ironic_inspector_external_fqdn: "{{ kolla_external_fqdn }}"
  250. ironic_inspector_port: "5050"
  251. ironic_inspector_listen_port: "{{ ironic_inspector_port }}"
  252. ironic_ipxe_port: "8089"
  253. iscsi_port: "3260"
  254. kafka_port: "9092"
  255. karbor_api_port: "8799"
  256. keystone_public_port: "5000"
  257. keystone_public_listen_port: "{{ keystone_public_port }}"
  258. keystone_admin_port: "35357"
  259. keystone_admin_listen_port: "{{ keystone_admin_port }}"
  260. keystone_ssh_port: "8023"
  261. kibana_server_port: "5601"
  262. kuryr_port: "23750"
  263. magnum_api_port: "9511"
  264. manila_api_port: "8786"
  265. mariadb_port: "{{ database_port }}"
  266. mariadb_wsrep_port: "4567"
  267. mariadb_ist_port: "4568"
  268. mariadb_sst_port: "4444"
  269. mariadb_clustercheck_port: "4569"
  270. masakari_api_port: "15868"
  271. memcached_port: "11211"
  272. mistral_api_port: "8989"
  273. monasca_api_port: "8070"
  274. monasca_log_api_port: "{{ monasca_api_port }}"
  275. monasca_agent_forwarder_port: "17123"
  276. monasca_agent_statsd_port: "8125"
  277. monasca_grafana_server_port: "3001"
  278. murano_api_port: "8082"
  279. neutron_internal_fqdn: "{{ kolla_internal_fqdn }}"
  280. neutron_external_fqdn: "{{ kolla_external_fqdn }}"
  281. neutron_server_port: "9696"
  282. neutron_server_listen_port: "{{ neutron_server_port }}"
  283. nova_internal_fqdn: "{{ kolla_internal_fqdn }}"
  284. nova_external_fqdn: "{{ kolla_external_fqdn }}"
  285. nova_api_port: "8774"
  286. nova_api_listen_port: "{{ nova_api_port }}"
  287. nova_metadata_port: "8775"
  288. nova_metadata_listen_port: "{{ nova_metadata_port }}"
  289. nova_novncproxy_fqdn: "{{ kolla_external_fqdn }}"
  290. nova_novncproxy_port: "6080"
  291. nova_novncproxy_listen_port: "{{ nova_novncproxy_port }}"
  292. nova_spicehtml5proxy_fqdn: "{{ kolla_external_fqdn }}"
  293. nova_spicehtml5proxy_port: "6082"
  294. nova_spicehtml5proxy_listen_port: "{{ nova_spicehtml5proxy_port }}"
  295. nova_serialproxy_fqdn: "{{ kolla_external_fqdn }}"
  296. nova_serialproxy_port: "6083"
  297. nova_serialproxy_listen_port: "{{ nova_serialproxy_port }}"
  298. nova_serialproxy_protocol: "{{ 'wss' if kolla_enable_tls_external | bool else 'ws' }}"
  299. octavia_internal_fqdn: "{{ kolla_internal_fqdn }}"
  300. octavia_external_fqdn: "{{ kolla_external_fqdn }}"
  301. octavia_api_port: "9876"
  302. octavia_api_listen_port: "{{ octavia_api_port }}"
  303. octavia_health_manager_port: "5555"
  304. ovn_nb_db_port: "6641"
  305. ovn_sb_db_port: "6642"
  306. ovn_nb_connection: "{% for host in groups['ovn-nb-db'] %}tcp:{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ ovn_nb_db_port }}{% if not loop.last %},{% endif %}{% endfor %}"
  307. ovn_sb_connection: "{% for host in groups['ovn-sb-db'] %}tcp:{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ ovn_sb_db_port }}{% if not loop.last %},{% endif %}{% endfor %}"
  308. outward_rabbitmq_port: "5674"
  309. outward_rabbitmq_management_port: "15674"
  310. outward_rabbitmq_cluster_port: "25674"
  311. outward_rabbitmq_epmd_port: "4371"
  312. ovsdb_port: "6640"
  313. panko_api_port: "8977"
  314. placement_internal_fqdn: "{{ kolla_internal_fqdn }}"
  315. placement_external_fqdn: "{{ kolla_external_fqdn }}"
  316. # Default Placement API port of 8778 already in use
  317. placement_api_port: "8780"
  318. placement_api_listen_port: "{{ placement_api_port }}"
  319. prometheus_port: "9091"
  320. prometheus_node_exporter_port: "9100"
  321. prometheus_mysqld_exporter_port: "9104"
  322. prometheus_haproxy_exporter_port: "9101"
  323. prometheus_memcached_exporter_port: "9150"
  324. # Default cadvisor port of 8080 already in use
  325. prometheus_cadvisor_port: "18080"
  326. # Prometheus alertmanager ports
  327. prometheus_alertmanager_port: "9093"
  328. prometheus_alertmanager_cluster_port: "9094"
  329. # Prometheus openstack-exporter ports
  330. prometheus_openstack_exporter_port: "9198"
  331. prometheus_elasticsearch_exporter_port: "9108"
  332. # Prometheus blackbox-exporter ports
  333. prometheus_blackbox_exporter_port: "9115"
  334. qdrouterd_port: "31459"
  335. qinling_api_port: "7070"
  336. rabbitmq_port: "5672"
  337. rabbitmq_management_port: "15672"
  338. rabbitmq_cluster_port: "25672"
  339. rabbitmq_epmd_port: "4369"
  340. redis_port: "6379"
  341. redis_sentinel_port: "26379"
  342. sahara_api_port: "8386"
  343. searchlight_api_port: "9393"
  344. senlin_internal_fqdn: "{{ kolla_internal_fqdn }}"
  345. senlin_external_fqdn: "{{ kolla_external_fqdn }}"
  346. senlin_api_port: "8778"
  347. senlin_api_listen_port: "{{ senlin_api_port }}"
  348. skydive_analyzer_port: "8085"
  349. skydive_agents_port: "8090"
  350. solum_application_deployment_port: "9777"
  351. solum_image_builder_port: "9778"
  352. storm_nimbus_thrift_port: 6627
  353. storm_supervisor_thrift_port: 6628
  354. # Storm will run up to (end - start) + 1 workers per worker host. Here
  355. # we reserve ports for those workers, and implicitly define the maximum
  356. # number of workers per host.
  357. storm_worker_port_range:
  358. start: 6700
  359. end: 6703
  360. swift_internal_fqdn: "{{ kolla_internal_fqdn }}"
  361. swift_external_fqdn: "{{ kolla_external_fqdn }}"
  362. swift_proxy_server_port: "8080"
  363. swift_proxy_server_listen_port: "{{ swift_proxy_server_port }}"
  364. swift_object_server_port: "6000"
  365. swift_account_server_port: "6001"
  366. swift_container_server_port: "6002"
  367. swift_rsync_port: "10873"
  368. syslog_udp_port: "{{ fluentd_syslog_port }}"
  369. tacker_server_port: "9890"
  370. trove_api_port: "8779"
  371. watcher_api_port: "9322"
  372. zookeeper_client_port: "2181"
  373. zookeeper_peer_port: "2888"
  374. zookeeper_quorum_port: "3888"
  375. zun_api_port: "9517"
  376. zun_wsproxy_port: "6784"
  377. zun_cni_daemon_port: "9036"
  378. vitrage_api_port: "8999"
  379. public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}"
  380. internal_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}"
  381. admin_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}"
  382. ####################
  383. # OpenStack options
  384. ####################
  385. openstack_release: "master"
  386. # Docker image tag used by default.
  387. openstack_tag: "{{ openstack_release ~ openstack_tag_suffix }}"
  388. openstack_tag_suffix: ""
  389. openstack_logging_debug: "False"
  390. openstack_region_name: "RegionOne"
  391. # Variable defined the pin_release_version, apply for rolling upgrade process
  392. openstack_previous_release_name: "ussuri"
  393. # A list of policy file formats that are supported by Oslo.policy
  394. supported_policy_format_list:
  395. - policy.yaml
  396. - policy.json
  397. # In the context of multi-regions, list here the name of all your regions.
  398. multiple_regions_names:
  399. - "{{ openstack_region_name }}"
  400. openstack_service_workers: "{{ [ansible_processor_vcpus, 5]|min }}"
  401. openstack_service_rpc_workers: "{{ [ansible_processor_vcpus, 3]|min }}"
  402. # Optionally allow Kolla to set sysctl values
  403. set_sysctl: "yes"
  404. # Endpoint type used to connect with OpenStack services with ansible modules.
  405. # Valid options are [ public, internal, admin ]
  406. openstack_interface: "admin"
  407. # Openstack CA certificate bundle file
  408. # CA bundle file must be added to both the Horizon and Kolla Toolbox containers
  409. openstack_cacert: ""
  410. # Enable core OpenStack services. This includes:
  411. # glance, keystone, neutron, nova, heat, and horizon.
  412. enable_openstack_core: "yes"
  413. # These roles are required for Kolla to be operation, however a savvy deployer
  414. # could disable some of these required roles and run their own services.
  415. enable_glance: "{{ enable_openstack_core | bool }}"
  416. enable_haproxy: "yes"
  417. enable_keepalived: "{{ enable_haproxy | bool }}"
  418. enable_keystone: "{{ enable_openstack_core | bool }}"
  419. enable_mariadb: "yes"
  420. enable_memcached: "yes"
  421. enable_neutron: "{{ enable_openstack_core | bool }}"
  422. enable_nova: "{{ enable_openstack_core | bool }}"
  423. enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}"
  424. enable_outward_rabbitmq: "{{ enable_murano | bool }}"
  425. # NOTE: Most memcached clients handle load-balancing via client side
  426. # hashing (consistent or not) logic, so going under the covers and messing
  427. # with things that the clients are not aware of is generally wrong
  428. enable_haproxy_memcached: "no"
  429. # Additional optional OpenStack features and services are specified here
  430. enable_aodh: "no"
  431. enable_barbican: "no"
  432. enable_blazar: "no"
  433. enable_ceilometer: "no"
  434. enable_ceilometer_ipmi: "no"
  435. enable_cells: "no"
  436. enable_central_logging: "no"
  437. enable_chrony: "yes"
  438. enable_cinder: "no"
  439. enable_cinder_backup: "yes"
  440. enable_cinder_backend_hnas_nfs: "no"
  441. enable_cinder_backend_iscsi: "{{ enable_cinder_backend_lvm | bool or enable_cinder_backend_zfssa_iscsi | bool }}"
  442. enable_cinder_backend_lvm: "no"
  443. enable_cinder_backend_nfs: "no"
  444. enable_cinder_backend_zfssa_iscsi: "no"
  445. enable_cinder_backend_quobyte: "no"
  446. enable_cloudkitty: "no"
  447. enable_collectd: "no"
  448. enable_cyborg: "no"
  449. enable_designate: "no"
  450. enable_etcd: "no"
  451. enable_fluentd: "yes"
  452. enable_freezer: "no"
  453. enable_gnocchi: "no"
  454. enable_gnocchi_statsd: "no"
  455. enable_grafana: "no"
  456. enable_heat: "{{ enable_openstack_core | bool }}"
  457. enable_horizon: "{{ enable_openstack_core | bool }}"
  458. enable_horizon_blazar: "{{ enable_blazar | bool }}"
  459. enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}"
  460. enable_horizon_designate: "{{ enable_designate | bool }}"
  461. enable_horizon_freezer: "{{ enable_freezer | bool }}"
  462. enable_horizon_heat: "{{ enable_heat | bool }}"
  463. enable_horizon_ironic: "{{ enable_ironic | bool }}"
  464. enable_horizon_karbor: "{{ enable_karbor | bool }}"
  465. enable_horizon_magnum: "{{ enable_magnum | bool }}"
  466. enable_horizon_manila: "{{ enable_manila | bool }}"
  467. enable_horizon_masakari: "{{ enable_masakari | bool }}"
  468. enable_horizon_mistral: "{{ enable_mistral | bool }}"
  469. enable_horizon_monasca: "{{ enable_monasca | bool }}"
  470. enable_horizon_murano: "{{ enable_murano | bool }}"
  471. enable_horizon_neutron_vpnaas: "{{ enable_neutron_vpnaas | bool }}"
  472. enable_horizon_octavia: "{{ enable_octavia | bool }}"
  473. enable_horizon_qinling: "{{ enable_qinling | bool }}"
  474. enable_horizon_sahara: "{{ enable_sahara | bool }}"
  475. enable_horizon_searchlight: "{{ enable_searchlight | bool }}"
  476. enable_horizon_senlin: "{{ enable_senlin | bool }}"
  477. enable_horizon_solum: "{{ enable_solum | bool }}"
  478. enable_horizon_tacker: "{{ enable_tacker | bool }}"
  479. enable_horizon_trove: "{{ enable_trove | bool }}"
  480. enable_horizon_vitrage: "{{ enable_vitrage | bool }}"
  481. enable_horizon_watcher: "{{ enable_watcher | bool }}"
  482. enable_horizon_zun: "{{ enable_zun | bool }}"
  483. enable_influxdb: "{{ enable_monasca | bool or (enable_cloudkitty | bool and cloudkitty_storage_backend == 'influxdb') }}"
  484. enable_ironic: "no"
  485. enable_ironic_ipxe: "no"
  486. enable_ironic_neutron_agent: "{{ enable_neutron | bool and enable_ironic | bool }}"
  487. enable_ironic_pxe_uefi: "no"
  488. enable_iscsid: "{{ (enable_cinder | bool and enable_cinder_backend_iscsi | bool) or enable_ironic | bool }}"
  489. enable_karbor: "no"
  490. enable_kafka: "{{ enable_monasca | bool }}"
  491. enable_kuryr: "no"
  492. enable_magnum: "no"
  493. enable_manila: "no"
  494. enable_manila_backend_generic: "no"
  495. enable_manila_backend_hnas: "no"
  496. enable_manila_backend_cephfs_native: "no"
  497. enable_manila_backend_cephfs_nfs: "no"
  498. enable_mariabackup: "no"
  499. enable_masakari: "no"
  500. enable_mistral: "no"
  501. enable_monasca: "no"
  502. enable_multipathd: "no"
  503. enable_murano: "no"
  504. enable_neutron_vpnaas: "no"
  505. enable_neutron_sriov: "no"
  506. enable_neutron_dvr: "no"
  507. enable_neutron_qos: "no"
  508. enable_neutron_agent_ha: "no"
  509. enable_neutron_bgp_dragent: "no"
  510. enable_neutron_provider_networks: "no"
  511. enable_neutron_segments: "no"
  512. enable_neutron_sfc: "no"
  513. enable_neutron_trunk: "no"
  514. enable_neutron_metering: "no"
  515. enable_neutron_infoblox_ipam_agent: "no"
  516. enable_neutron_port_forwarding: "no"
  517. enable_nova_serialconsole_proxy: "no"
  518. enable_nova_ssh: "yes"
  519. enable_octavia: "no"
  520. enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}"
  521. enable_ovn: "{{ enable_neutron | bool and neutron_plugin_agent == 'ovn' }}"
  522. enable_ovs_dpdk: "no"
  523. enable_osprofiler: "no"
  524. enable_panko: "no"
  525. enable_placement: "{{ enable_nova | bool or enable_zun | bool }}"
  526. enable_prometheus: "no"
  527. enable_qdrouterd: "{{ 'yes' if om_rpc_transport == 'amqp' else 'no' }}"
  528. enable_qinling: "no"
  529. enable_rally: "no"
  530. enable_redis: "no"
  531. enable_sahara: "no"
  532. enable_searchlight: "no"
  533. enable_senlin: "no"
  534. enable_skydive: "no"
  535. enable_solum: "no"
  536. enable_storm: "{{ enable_monasca | bool }}"
  537. enable_swift: "no"
  538. enable_swift_s3api: "no"
  539. enable_swift_recon: "no"
  540. enable_tacker: "no"
  541. enable_telegraf: "no"
  542. enable_tempest: "no"
  543. enable_trove: "no"
  544. enable_trove_singletenant: "no"
  545. enable_vitrage: "no"
  546. enable_vmtp: "no"
  547. enable_watcher: "no"
  548. enable_zookeeper: "{{ enable_kafka | bool or enable_storm | bool }}"
  549. enable_zun: "no"
  550. ovs_datapath: "{{ 'netdev' if enable_ovs_dpdk | bool else 'system' }}"
  551. designate_keystone_user: "designate"
  552. ironic_keystone_user: "ironic"
  553. neutron_keystone_user: "neutron"
  554. nova_keystone_user: "nova"
  555. placement_keystone_user: "placement"
  556. murano_keystone_user: "murano"
  557. cinder_keystone_user: "cinder"
  558. # Nova fake driver and the number of fake driver per compute node
  559. enable_nova_fake: "no"
  560. num_nova_fake_per_node: 5
  561. # Clean images options are specified here
  562. enable_destroy_images: "no"
  563. ####################
  564. # Monasca options
  565. ####################
  566. # The OpenStack username used by the Monasca Agent and the Fluentd Monasca
  567. # plugin to post logs and metrics from the control plane to Monasca.
  568. monasca_agent_user: "monasca-agent"
  569. # The OpenStack project to which the control plane logs and metrics are
  570. # tagged with. Only users with the monasca read only user role, or higher
  571. # can access these from the Monasca APIs.
  572. monasca_control_plane_project: "monasca_control_plane"
  573. ####################
  574. # Global Options
  575. ####################
  576. # List of containers to skip during stop command in YAML list format
  577. # skip_stop_containers:
  578. # - container1
  579. # - container2
  580. skip_stop_containers: []
  581. ####################
  582. # Logging options
  583. ####################
  584. elasticsearch_address: "{{ kolla_internal_fqdn }}"
  585. enable_elasticsearch: "{{ 'yes' if enable_central_logging | bool or enable_osprofiler | bool or enable_skydive | bool or enable_monasca | bool else 'no' }}"
  586. # If using Curator an actions file will need to be defined. Please see
  587. # the documentation.
  588. enable_elasticsearch_curator: "no"
  589. enable_kibana: "{{ 'yes' if enable_central_logging | bool or enable_monasca | bool else 'no' }}"
  590. ####################
  591. # Redis options
  592. ####################
  593. redis_connection_string: "redis://{% for host in groups['redis'] %}{% if host == groups['redis'][0] %}admin:{{ redis_master_password }}@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ redis_sentinel_port }}?sentinel=kolla{% else %}&sentinel_fallback={{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ redis_sentinel_port }}{% endif %}{% endfor %}&db=0&socket_timeout=60&retry_on_timeout=yes"
  594. ####################
  595. # Osprofiler options
  596. ####################
  597. # valid values: ["elasticsearch", "redis"]
  598. osprofiler_backend: "elasticsearch"
  599. elasticsearch_connection_string: "elasticsearch://{{ elasticsearch_address | put_address_in_context('url') }}:{{ elasticsearch_port }}"
  600. osprofiler_backend_connection_string: "{{ redis_connection_string if osprofiler_backend == 'redis' else elasticsearch_connection_string }}"
  601. ####################
  602. # RabbitMQ options
  603. ####################
  604. rabbitmq_user: "openstack"
  605. rabbitmq_monitoring_user: ""
  606. outward_rabbitmq_user: "openstack"
  607. ####################
  608. # Qdrouterd options
  609. ####################
  610. qdrouterd_user: "openstack"
  611. ####################
  612. # HAProxy options
  613. ####################
  614. haproxy_user: "openstack"
  615. haproxy_enable_external_vip: "{{ 'no' if kolla_same_external_internal_vip | bool else 'yes' }}"
  616. kolla_enable_tls_internal: "no"
  617. kolla_enable_tls_external: "{{ kolla_enable_tls_internal if kolla_same_external_internal_vip | bool else 'no' }}"
  618. kolla_certificates_dir: "{{ node_config }}/certificates"
  619. kolla_external_fqdn_cert: "{{ kolla_certificates_dir }}/haproxy.pem"
  620. kolla_internal_fqdn_cert: "{{ kolla_certificates_dir }}/haproxy-internal.pem"
  621. kolla_admin_openrc_cacert: ""
  622. kolla_copy_ca_into_containers: "no"
  623. kolla_verify_tls_backend: "yes"
  624. haproxy_backend_cacert: "{{ 'ca-certificates.crt' if kolla_base_distro in ['debian', 'ubuntu'] else 'ca-bundle.trust.crt' }}"
  625. haproxy_backend_cacert_dir: "/etc/ssl/certs"
  626. kolla_enable_tls_backend: "no"
  627. kolla_tls_backend_cert: "{{ kolla_certificates_dir }}/backend-cert.pem"
  628. kolla_tls_backend_key: "{{ kolla_certificates_dir }}/backend-key.pem"
  629. ####################
  630. # Kibana options
  631. ####################
  632. kibana_user: "kibana"
  633. kibana_log_prefix: "flog"
  634. ####################
  635. # Keystone options
  636. ####################
  637. keystone_internal_fqdn: "{{ kolla_internal_fqdn }}"
  638. keystone_external_fqdn: "{{ kolla_external_fqdn }}"
  639. keystone_admin_url: "{{ admin_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_admin_port }}"
  640. keystone_internal_url: "{{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
  641. keystone_public_url: "{{ public_protocol }}://{{ keystone_external_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
  642. keystone_admin_user: "admin"
  643. keystone_admin_project: "admin"
  644. default_project_domain_name: "Default"
  645. default_project_domain_id: "default"
  646. default_user_domain_name: "Default"
  647. default_user_domain_id: "default"
  648. # Valid options are [ fernet ]
  649. keystone_token_provider: "fernet"
  650. # Keystone fernet token expiry in seconds. Default is 1 day.
  651. fernet_token_expiry: 86400
  652. # Keystone window to allow expired fernet tokens. Default is 2 days.
  653. fernet_token_allow_expired_window: 172800
  654. # Keystone fernet key rotation interval in seconds. Default is sum of token
  655. # expiry and allow expired window, 3 days. This ensures the minimum number
  656. # of keys are active. If this interval is lower than the sum of the token
  657. # expiry and allow expired window, multiple active keys will be necessary.
  658. fernet_key_rotation_interval: "{{ fernet_token_expiry + fernet_token_allow_expired_window }}"
  659. keystone_default_user_role: "_member_"
  660. # OpenStack authentication string. You should only need to override these if you
  661. # are changing the admin tenant/project or user.
  662. openstack_auth:
  663. auth_url: "{{ keystone_admin_url }}"
  664. username: "{{ keystone_admin_user }}"
  665. password: "{{ keystone_admin_password }}"
  666. project_name: "{{ keystone_admin_project }}"
  667. domain_name: "default"
  668. user_domain_name: "default"
  669. #######################
  670. # Glance options
  671. #######################
  672. glance_backend_file: "{{ not (glance_backend_ceph | bool or glance_backend_swift | bool or glance_backend_vmware | bool) }}"
  673. glance_backend_ceph: "no"
  674. glance_backend_vmware: "no"
  675. enable_glance_image_cache: "no"
  676. glance_backend_swift: "{{ enable_swift | bool }}"
  677. glance_file_datadir_volume: "glance"
  678. glance_enable_rolling_upgrade: "no"
  679. glance_enable_property_protection: "no"
  680. glance_enable_interoperable_image_import: "no"
  681. glance_api_hosts: "{{ [groups['glance-api']|first] if glance_backend_file | bool and glance_file_datadir_volume == 'glance' else groups['glance-api'] }}"
  682. #######################
  683. # Barbican options
  684. #######################
  685. # Valid options are [ simple_crypto, p11_crypto ]
  686. barbican_crypto_plugin: "simple_crypto"
  687. barbican_library_path: "/usr/lib/libCryptoki2_64.so"
  688. #################
  689. # Gnocchi options
  690. #################
  691. # Valid options are [ file, ceph, swift ]
  692. gnocchi_backend_storage: "{% if enable_swift | bool %}swift{% else %}file{% endif %}"
  693. # Valid options are [redis, '']
  694. gnocchi_incoming_storage: "{{ 'redis' if enable_redis | bool else '' }}"
  695. gnocchi_metric_datadir_volume: "gnocchi"
  696. #################################
  697. # Cinder options
  698. #################################
  699. cinder_backend_ceph: "no"
  700. cinder_backend_vmwarevc_vmdk: "no"
  701. cinder_volume_group: "cinder-volumes"
  702. cinder_target_helper: "{{ 'lioadm' if ansible_os_family == 'RedHat' else 'tgtadm' }}"
  703. # Valid options are [ '', redis, etcd ]
  704. cinder_coordination_backend: "{{ 'redis' if enable_redis|bool else 'etcd' if enable_etcd|bool else '' }}"
  705. # Valid options are [ nfs, swift, ceph ]
  706. cinder_backup_driver: "ceph"
  707. cinder_backup_share: ""
  708. cinder_backup_mount_options_nfs: ""
  709. #######################
  710. # Cloudkitty options
  711. #######################
  712. # Valid option is gnocchi
  713. cloudkitty_collector_backend: "gnocchi"
  714. # Valid options are 'sqlalchemy' or 'influxdb'. The default value is
  715. # 'influxdb', which matches the default in Cloudkitty since the Stein release.
  716. # When the backend is "influxdb", we also enable Influxdb.
  717. # Also, when using 'influxdb' as the backend, we trigger the configuration/use
  718. # of Cloudkitty storage backend version 2.
  719. cloudkitty_storage_backend: "influxdb"
  720. #######################
  721. # Designate options
  722. #######################
  723. # Valid options are [ bind9, infoblox ]
  724. designate_backend: "bind9"
  725. designate_ns_record: "sample.openstack.org"
  726. designate_backend_external: "no"
  727. designate_backend_external_bind9_nameservers: ""
  728. # Valid options are [ '', redis ]
  729. designate_coordination_backend: "{{ 'redis' if enable_redis|bool else '' }}"
  730. #######################
  731. # Neutron options
  732. #######################
  733. neutron_bgp_router_id: "1.1.1.1"
  734. neutron_bridge_name: "{{ 'br-dvs' if neutron_plugin_agent == 'vmware_dvs' else 'br-ex' }}"
  735. # Comma-separated type of enabled ml2 type drivers
  736. neutron_type_drivers: "flat,vlan,vxlan{% if neutron_plugin_agent == 'ovn' %},geneve{% endif %}"
  737. # Comma-separated types of tenant networks (should be listed in 'neutron_type_drivers')
  738. # NOTE: for ironic this list should also contain 'flat'
  739. neutron_tenant_network_types: "{% if neutron_plugin_agent == 'ovn' %}geneve{% else %}vxlan{% endif %}"
  740. # valid values: ["dvr", "dvr_no_external"]
  741. neutron_compute_dvr_mode: "dvr"
  742. computes_need_external_bridge: "{{ (enable_neutron_dvr | bool and neutron_compute_dvr_mode == 'dvr') or enable_neutron_provider_networks | bool or neutron_ovn_distributed_fip | bool }}"
  743. # Default DNS resolvers for virtual networks
  744. neutron_dnsmasq_dns_servers: "1.1.1.1,8.8.8.8,8.8.4.4"
  745. # Set legacy iptables to allow kernels not supporting iptables-nft
  746. neutron_legacy_iptables: "no"
  747. # Enable distributed floating ip for OVN deployments
  748. neutron_ovn_distributed_fip: "no"
  749. #######################
  750. # Nova options
  751. #######################
  752. nova_backend_ceph: "no"
  753. nova_backend: "{{ 'rbd' if nova_backend_ceph | bool else 'default' }}"
  754. # Valid options are [ kvm, qemu, vmware ]
  755. nova_compute_virt_type: "kvm"
  756. nova_instance_datadir_volume: "nova_compute"
  757. nova_safety_upgrade: "no"
  758. # Valid options are [ none, novnc, spice ]
  759. nova_console: "novnc"
  760. #######################
  761. # Murano options
  762. #######################
  763. murano_agent_rabbitmq_vhost: "muranoagent"
  764. murano_agent_rabbitmq_user: "muranoagent"
  765. #######################
  766. # Horizon options
  767. #######################
  768. horizon_backend_database: "{{ enable_murano | bool }}"
  769. horizon_keystone_multidomain: False
  770. # Enable deploying custom horizon policy files for services that don't have a
  771. # horizon plugin but have a policy file. Override these when you have services
  772. # not deployed by kolla-ansible but want custom policy files deployed for them
  773. # in horizon.
  774. enable_ceilometer_horizon_policy_file: "{{ enable_ceilometer }}"
  775. enable_cinder_horizon_policy_file: "{{ enable_cinder }}"
  776. enable_glance_horizon_policy_file: "{{ enable_glance }}"
  777. enable_heat_horizon_policy_file: "{{ enable_heat }}"
  778. enable_keystone_horizon_policy_file: "{{ enable_keystone }}"
  779. enable_neutron_horizon_policy_file: "{{ enable_neutron }}"
  780. enable_nova_horizon_policy_file: "{{ enable_nova }}"
  781. #################
  782. # Octavia options
  783. #################
  784. # Load balancer topology options are [ SINGLE, ACTIVE_STANDBY ]
  785. octavia_loadbalancer_topology: "SINGLE"
  786. octavia_amp_boot_network_list:
  787. octavia_amp_secgroup_list:
  788. octavia_amp_flavor_id:
  789. #################
  790. # Qinling options
  791. #################
  792. # Configure qinling-engine certificates to authenticate with Kubernetes cluster.
  793. qinling_kubernetes_certificates: "no"
  794. ###################
  795. # External Ceph options
  796. ###################
  797. # External Ceph - cephx auth enabled (this is the standard nowadays, defaults to yes)
  798. external_ceph_cephx_enabled: "yes"
  799. # External Ceph pool names
  800. ceph_cinder_pool_name: "volumes"
  801. ceph_cinder_backup_pool_name: "backups"
  802. ceph_glance_pool_name: "images"
  803. ceph_gnocchi_pool_name: "gnocchi"
  804. ceph_nova_pool_name: "vms"
  805. ceph_cinder_backup_user: "cinder-backup"
  806. ceph_cinder_user: "cinder"
  807. ceph_glance_user: "glance"
  808. ceph_gnocchi_user: "gnocchi"
  809. ceph_manila_user: "manila"
  810. ceph_nova_user: "nova"
  811. # External Ceph keyrings
  812. ceph_cinder_keyring: "ceph.client.cinder.keyring"
  813. ceph_cinder_backup_keyring: "ceph.client.cinder-backup.keyring"
  814. ceph_glance_keyring: "ceph.client.glance.keyring"
  815. ceph_gnocchi_keyring: "ceph.client.gnocchi.keyring"
  816. ceph_manila_keyring: "ceph.client.manila.keyring"
  817. ceph_nova_keyring: "{{ ceph_cinder_keyring }}"
  818. #####################
  819. # VMware support
  820. ######################
  821. vmware_vcenter_host_ip: "127.0.0.1"
  822. vmware_vcenter_host_username: "username"
  823. vmware_vcenter_cluster_name: "cluster-1"
  824. vmware_vcenter_insecure: "True"
  825. #############################################
  826. # MariaDB component-specific database details
  827. #############################################
  828. # Whether to configure haproxy to load balance
  829. # the external MariaDB server(s)
  830. enable_external_mariadb_load_balancer: "no"
  831. # Whether to use pre-configured databases / users
  832. use_preconfigured_databases: "no"
  833. # whether to use a common, preconfigured user
  834. # for all component databases
  835. use_common_mariadb_user: "no"
  836. ############
  837. # Prometheus
  838. ############
  839. enable_prometheus_server: "{{ enable_prometheus | bool }}"
  840. enable_prometheus_haproxy_exporter: "{{ enable_haproxy | bool }}"
  841. enable_prometheus_mysqld_exporter: "{{ enable_mariadb | bool }}"
  842. enable_prometheus_node_exporter: "{{ enable_prometheus | bool }}"
  843. enable_prometheus_memcached_exporter: "{{ enable_memcached | bool }}"
  844. enable_prometheus_cadvisor: "{{ enable_prometheus | bool }}"
  845. enable_prometheus_alertmanager: "{{ enable_prometheus | bool }}"
  846. enable_prometheus_ceph_mgr_exporter: "no"
  847. enable_prometheus_openstack_exporter: "{{ enable_prometheus | bool }}"
  848. enable_prometheus_elasticsearch_exporter: "{{ enable_prometheus | bool and enable_elasticsearch | bool }}"
  849. enable_prometheus_blackbox_exporter: "{{ enable_prometheus | bool }}"
  850. prometheus_alertmanager_user: "admin"
  851. prometheus_openstack_exporter_interval: "60s"
  852. prometheus_elasticsearch_exporter_interval: "60s"
  853. prometheus_cmdline_extras:
  854. prometheus_ceph_mgr_exporter_endpoints: []
  855. prometheus_openstack_exporter_endpoint_type: "internal"
  856. ############
  857. # Vitrage
  858. ############
  859. enable_vitrage_prometheus_datasource: "{{ enable_prometheus | bool }}"
  860. ####################
  861. # InfluxDB options
  862. ####################
  863. influxdb_address: "{{ kolla_internal_fqdn }}"
  864. influxdb_datadir_volume: "influxdb"
  865. #################
  866. # Kafka options
  867. #################
  868. kafka_datadir_volume: "kafka"
  869. #########################
  870. # Internal Image options
  871. #########################
  872. distro_python_version_map: {
  873. "centos": "3.6",
  874. "debian": "3.7",
  875. "rhel": "3.6",
  876. "ubuntu": "3.6"
  877. }
  878. distro_python_version: "{{ distro_python_version_map[kolla_base_distro] }}"
  879. ##########
  880. # Telegraf
  881. ##########
  882. # Configure telegraf to use the docker daemon itself as an input for
  883. # telemetry data.
  884. telegraf_enable_docker_input: "no"