Ansible deployment of the Kolla containers
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

1170 lines
43 KiB

  1. ---
  2. # The options in this file can be overridden in 'globals.yml'
  3. # The "temp" files that are created before merge need to stay persistent due
  4. # to the fact that ansible will register a "change" if it has to create them
  5. # again. Persistent files allow for idempotency
  6. container_config_directory: "/var/lib/kolla/config_files"
  7. # The directory on the deploy host containing globals.yml.
  8. node_config: "{{ CONFIG_DIR | default('/etc/kolla') }}"
  9. # The directory to merge custom config files the kolla's config files
  10. node_custom_config: "/etc/kolla/config"
  11. # The directory to store the config files on the destination node
  12. node_config_directory: "/etc/kolla"
  13. # The group which own node_config_directory, you can use a non-root
  14. # user to deploy kolla
  15. config_owner_user: "root"
  16. config_owner_group: "root"
  17. ###################
  18. # Kolla options
  19. ###################
  20. # Valid options are [ COPY_ONCE, COPY_ALWAYS ]
  21. config_strategy: "COPY_ALWAYS"
  22. # Valid options are ['centos', 'debian', 'rhel', 'ubuntu']
  23. kolla_base_distro: "centos"
  24. # Valid options are [ binary, source ]
  25. kolla_install_type: "binary"
  26. kolla_internal_vip_address: "{{ kolla_internal_address | default('') }}"
  27. kolla_internal_fqdn: "{{ kolla_internal_vip_address }}"
  28. kolla_external_vip_address: "{{ kolla_internal_vip_address }}"
  29. kolla_same_external_internal_vip: "{{ kolla_external_vip_address == kolla_internal_vip_address }}"
  30. kolla_external_fqdn: "{{ kolla_internal_fqdn if kolla_same_external_internal_vip | bool else kolla_external_vip_address }}"
  31. kolla_enable_sanity_checks: "no"
  32. kolla_enable_sanity_barbican: "{{ kolla_enable_sanity_checks }}"
  33. kolla_enable_sanity_keystone: "{{ kolla_enable_sanity_checks }}"
  34. kolla_enable_sanity_glance: "{{ kolla_enable_sanity_checks }}"
  35. kolla_enable_sanity_cinder: "{{ kolla_enable_sanity_checks }}"
  36. kolla_enable_sanity_swift: "{{ kolla_enable_sanity_checks }}"
  37. kolla_dev_repos_directory: "/opt/stack/"
  38. kolla_dev_repos_git: "https://opendev.org/openstack"
  39. kolla_dev_repos_pull: "no"
  40. kolla_dev_mode: "no"
  41. kolla_source_version: "{% if openstack_release == 'master' %}master{% else %}stable/{{ openstack_release }}{% endif %}"
  42. # Proxy settings for containers such as magnum that need internet access
  43. container_http_proxy: ""
  44. container_https_proxy: ""
  45. container_no_proxy: "localhost,127.0.0.1"
  46. container_proxy_no_proxy_entries:
  47. - "{{ container_no_proxy }}"
  48. - "{{ api_interface_address }}"
  49. - "{{ kolla_internal_vip_address | default('') }}"
  50. container_proxy:
  51. http_proxy: "{{ container_http_proxy }}"
  52. https_proxy: "{{ container_https_proxy }}"
  53. no_proxy: "{{ container_proxy_no_proxy_entries | select | join(',') }}"
  54. # By default, Kolla API services bind to the network address assigned
  55. # to the api_interface. Allow the bind address to be an override.
  56. api_interface_address: "{{ 'api' | kolla_address }}"
  57. ################
  58. # Chrony options
  59. ################
  60. # A list contains ntp servers
  61. external_ntp_servers:
  62. - 0.pool.ntp.org
  63. - 1.pool.ntp.org
  64. - 2.pool.ntp.org
  65. - 3.pool.ntp.org
  66. ####################
  67. # Database options
  68. ####################
  69. database_address: "{{ kolla_internal_fqdn }}"
  70. database_user: "root"
  71. database_port: "3306"
  72. database_connection_recycle_time: 10
  73. database_max_pool_size: 1
  74. ####################
  75. # Docker options
  76. ####################
  77. docker_registry_email:
  78. docker_registry:
  79. docker_namespace: "kolla"
  80. docker_registry_username:
  81. docker_registry_insecure: "{{ 'yes' if docker_registry else 'no' }}"
  82. docker_runtime_directory: ""
  83. # Docker client timeout in seconds.
  84. docker_client_timeout: 120
  85. # Docker networking options
  86. docker_disable_default_iptables_rules: "no"
  87. # Retention settings for Docker logs
  88. docker_log_max_file: "5"
  89. docker_log_max_size: "50m"
  90. # Valid options are [ no, on-failure, always, unless-stopped ]
  91. docker_restart_policy: "unless-stopped"
  92. # '0' means unlimited retries (applies only to 'on-failure' policy)
  93. docker_restart_policy_retry: "10"
  94. # Extra docker options for Zun
  95. docker_configure_for_zun: "no"
  96. docker_zun_options: -H tcp://{{ api_interface_address | put_address_in_context('url') }}:2375
  97. docker_zun_config:
  98. cluster-store: etcd://{% for host in groups.get('etcd', []) %}{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ hostvars[host]['etcd_client_port'] }}{% if not loop.last %},{% endif %}{% endfor %}
  99. # Extra containerd options for Zun
  100. containerd_configure_for_zun: "no"
  101. # 42463 is the static group id of the zun user in the Zun image.
  102. # If users customize this value on building the Zun images,
  103. # they need to change this config accordingly.
  104. containerd_grpc_gid: 42463
  105. # Timeout after Docker sends SIGTERM before sending SIGKILL.
  106. docker_graceful_timeout: 60
  107. # Common options used throughout Docker
  108. docker_common_options:
  109. auth_email: "{{ docker_registry_email }}"
  110. auth_password: "{{ docker_registry_password }}"
  111. auth_registry: "{{ docker_registry }}"
  112. auth_username: "{{ docker_registry_username }}"
  113. environment:
  114. KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
  115. restart_policy: "{{ docker_restart_policy }}"
  116. restart_retries: "{{ docker_restart_policy_retry }}"
  117. graceful_timeout: "{{ docker_graceful_timeout }}"
  118. client_timeout: "{{ docker_client_timeout }}"
  119. ####################
  120. # Dimensions options
  121. ####################
  122. # Dimension options for Docker Containers
  123. default_container_dimensions: {}
  124. #####################
  125. # Healthcheck options
  126. #####################
  127. enable_container_healthchecks: "yes"
  128. # Healthcheck options for Docker containers
  129. # interval/timeout/start_period are in seconds
  130. default_container_healthcheck_interval: 30
  131. default_container_healthcheck_timeout: 30
  132. default_container_healthcheck_retries: 3
  133. default_container_healthcheck_start_period: 5
  134. #######################
  135. # Extra volumes options
  136. #######################
  137. # Extra volumes for Docker Containers
  138. default_extra_volumes: []
  139. ####################
  140. # keepalived options
  141. ####################
  142. # Arbitrary unique number from 0..255
  143. keepalived_virtual_router_id: "51"
  144. #######################
  145. # Elasticsearch Options
  146. #######################
  147. es_heap_size: "1G"
  148. elasticsearch_datadir_volume: "elasticsearch"
  149. elasticsearch_internal_endpoint: "{{ internal_protocol }}://{{ elasticsearch_address | put_address_in_context('url') }}:{{ elasticsearch_port }}"
  150. ###################
  151. # Messaging options
  152. ###################
  153. # oslo.messaging rpc transport valid options are [ rabbit, amqp ]
  154. om_rpc_transport: "rabbit"
  155. om_rpc_user: "{{ rabbitmq_user }}"
  156. om_rpc_password: "{{ rabbitmq_password }}"
  157. om_rpc_port: "{{ rabbitmq_port }}"
  158. om_rpc_group: "rabbitmq"
  159. om_rpc_vhost: "/"
  160. rpc_transport_url: "{{ om_rpc_transport }}://{% for host in groups[om_rpc_group] %}{{ om_rpc_user }}:{{ om_rpc_password }}@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ om_rpc_port }}{% if not loop.last %},{% endif %}{% endfor %}/{{ om_rpc_vhost }}"
  161. # oslo.messaging notify transport valid options are [ rabbit ]
  162. om_notify_transport: "rabbit"
  163. om_notify_user: "{{ rabbitmq_user }}"
  164. om_notify_password: "{{ rabbitmq_password }}"
  165. om_notify_port: "{{ rabbitmq_port }}"
  166. om_notify_group: "rabbitmq"
  167. om_notify_vhost: "/"
  168. notify_transport_url: "{{ om_notify_transport }}://{% for host in groups[om_notify_group] %}{{ om_notify_user }}:{{ om_notify_password }}@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ om_notify_port }}{% if not loop.last %},{% endif %}{% endfor %}/{{ om_notify_vhost }}"
  169. # Whether to enable TLS for oslo.messaging communication with RabbitMQ.
  170. om_enable_rabbitmq_tls: "{{ rabbitmq_enable_tls | bool }}"
  171. # CA certificate bundle in containers using oslo.messaging with RabbitMQ TLS.
  172. om_rabbitmq_cacert: "{{ rabbitmq_cacert }}"
  173. ####################
  174. # Networking options
  175. ####################
  176. network_interface: "eth0"
  177. neutron_external_interface: "eth1"
  178. kolla_external_vip_interface: "{{ network_interface }}"
  179. api_interface: "{{ network_interface }}"
  180. storage_interface: "{{ network_interface }}"
  181. swift_storage_interface: "{{ storage_interface }}"
  182. swift_replication_interface: "{{ swift_storage_interface }}"
  183. migration_interface: "{{ api_interface }}"
  184. tunnel_interface: "{{ network_interface }}"
  185. octavia_network_interface: "{{ api_interface }}"
  186. bifrost_network_interface: "{{ network_interface }}"
  187. dns_interface: "{{ network_interface }}"
  188. # Configure the address family (AF) per network.
  189. # Valid options are [ ipv4, ipv6 ]
  190. network_address_family: "ipv4"
  191. api_address_family: "{{ network_address_family }}"
  192. storage_address_family: "{{ network_address_family }}"
  193. swift_storage_address_family: "{{ storage_address_family }}"
  194. swift_replication_address_family: "{{ swift_storage_address_family }}"
  195. migration_address_family: "{{ api_address_family }}"
  196. tunnel_address_family: "{{ network_address_family }}"
  197. octavia_network_address_family: "{{ api_address_family }}"
  198. bifrost_network_address_family: "{{ network_address_family }}"
  199. dns_address_family: "{{ network_address_family }}"
  200. migration_interface_address: "{{ 'migration' | kolla_address }}"
  201. tunnel_interface_address: "{{ 'tunnel' | kolla_address }}"
  202. octavia_network_interface_address: "{{ 'octavia_network' | kolla_address }}"
  203. # Valid options are [ openvswitch, ovn, linuxbridge, vmware_nsxv, vmware_nsxv3, vmware_dvs ]
  204. neutron_plugin_agent: "openvswitch"
  205. # Valid options are [ internal, infoblox ]
  206. neutron_ipam_driver: "internal"
  207. # The default ports used by each service.
  208. # The list should be in alphabetical order
  209. aodh_internal_fqdn: "{{ kolla_internal_fqdn }}"
  210. aodh_external_fqdn: "{{ kolla_external_fqdn }}"
  211. aodh_api_port: "8042"
  212. aodh_api_listen_port: "{{ aodh_api_port }}"
  213. barbican_internal_fqdn: "{{ kolla_internal_fqdn }}"
  214. barbican_external_fqdn: "{{ kolla_external_fqdn }}"
  215. barbican_api_port: "9311"
  216. barbican_api_listen_port: "{{ barbican_api_port }}"
  217. blazar_api_port: "1234"
  218. cinder_internal_fqdn: "{{ kolla_internal_fqdn }}"
  219. cinder_external_fqdn: "{{ kolla_external_fqdn }}"
  220. cinder_api_port: "8776"
  221. cinder_api_listen_port: "{{ cinder_api_port }}"
  222. cloudkitty_api_port: "8889"
  223. collectd_udp_port: "25826"
  224. cyborg_api_port: "6666"
  225. designate_internal_fqdn: "{{ kolla_internal_fqdn }}"
  226. designate_external_fqdn: "{{ kolla_external_fqdn }}"
  227. designate_api_port: "9001"
  228. designate_api_listen_port: "{{ designate_api_port }}"
  229. designate_bind_port: "53"
  230. designate_mdns_port: "{{ '53' if designate_backend == 'infoblox' else '5354' }}"
  231. designate_rndc_port: "953"
  232. elasticsearch_port: "9200"
  233. etcd_client_port: "2379"
  234. etcd_peer_port: "2380"
  235. etcd_enable_tls: "{{ kolla_enable_tls_backend }}"
  236. etcd_protocol: "{{ 'https' if etcd_enable_tls | bool else 'http' }}"
  237. fluentd_syslog_port: "5140"
  238. freezer_api_port: "9090"
  239. glance_internal_fqdn: "{{ kolla_internal_fqdn }}"
  240. glance_external_fqdn: "{{ kolla_external_fqdn }}"
  241. glance_api_port: "9292"
  242. glance_api_listen_port: "{{ glance_api_port }}"
  243. glance_tls_proxy_stats_port: "9293"
  244. gnocchi_internal_fqdn: "{{ kolla_internal_fqdn }}"
  245. gnocchi_external_fqdn: "{{ kolla_external_fqdn }}"
  246. gnocchi_api_port: "8041"
  247. gnocchi_api_listen_port: "{{ gnocchi_api_port }}"
  248. grafana_server_port: "3000"
  249. haproxy_stats_port: "1984"
  250. haproxy_monitor_port: "61313"
  251. heat_internal_fqdn: "{{ kolla_internal_fqdn }}"
  252. heat_external_fqdn: "{{ kolla_external_fqdn }}"
  253. heat_api_port: "8004"
  254. heat_api_listen_port: "{{ heat_api_port }}"
  255. heat_cfn_internal_fqdn: "{{ kolla_internal_fqdn }}"
  256. heat_cfn_external_fqdn: "{{ kolla_external_fqdn }}"
  257. heat_api_cfn_port: "8000"
  258. heat_api_cfn_listen_port: "{{ heat_api_cfn_port }}"
  259. horizon_port: "80"
  260. horizon_tls_port: "443"
  261. horizon_listen_port: "{{ horizon_port }}"
  262. influxdb_http_port: "8086"
  263. ironic_internal_fqdn: "{{ kolla_internal_fqdn }}"
  264. ironic_external_fqdn: "{{ kolla_external_fqdn }}"
  265. ironic_api_port: "6385"
  266. ironic_api_listen_port: "{{ ironic_api_port }}"
  267. ironic_inspector_internal_fqdn: "{{ kolla_internal_fqdn }}"
  268. ironic_inspector_external_fqdn: "{{ kolla_external_fqdn }}"
  269. ironic_inspector_port: "5050"
  270. ironic_inspector_listen_port: "{{ ironic_inspector_port }}"
  271. ironic_ipxe_port: "8089"
  272. iscsi_port: "3260"
  273. kafka_port: "9092"
  274. karbor_api_port: "8799"
  275. keystone_public_port: "5000"
  276. keystone_public_listen_port: "{{ keystone_public_port }}"
  277. keystone_admin_port: "35357"
  278. keystone_admin_listen_port: "{{ keystone_admin_port }}"
  279. keystone_ssh_port: "8023"
  280. kibana_server_port: "5601"
  281. kuryr_port: "23750"
  282. magnum_api_port: "9511"
  283. manila_api_port: "8786"
  284. mariadb_port: "{{ database_port }}"
  285. mariadb_wsrep_port: "4567"
  286. mariadb_ist_port: "4568"
  287. mariadb_sst_port: "4444"
  288. mariadb_clustercheck_port: "4569"
  289. masakari_api_port: "15868"
  290. memcached_port: "11211"
  291. mistral_api_port: "8989"
  292. monasca_api_port: "8070"
  293. monasca_log_api_port: "{{ monasca_api_port }}"
  294. monasca_agent_forwarder_port: "17123"
  295. monasca_agent_statsd_port: "8125"
  296. monasca_grafana_server_port: "3001"
  297. murano_api_port: "8082"
  298. neutron_internal_fqdn: "{{ kolla_internal_fqdn }}"
  299. neutron_external_fqdn: "{{ kolla_external_fqdn }}"
  300. neutron_server_port: "9696"
  301. neutron_server_listen_port: "{{ neutron_server_port }}"
  302. neutron_tls_proxy_stats_port: "9697"
  303. nova_internal_fqdn: "{{ kolla_internal_fqdn }}"
  304. nova_external_fqdn: "{{ kolla_external_fqdn }}"
  305. nova_api_port: "8774"
  306. nova_api_listen_port: "{{ nova_api_port }}"
  307. nova_metadata_port: "8775"
  308. nova_metadata_listen_port: "{{ nova_metadata_port }}"
  309. nova_novncproxy_fqdn: "{{ kolla_external_fqdn }}"
  310. nova_novncproxy_port: "6080"
  311. nova_novncproxy_listen_port: "{{ nova_novncproxy_port }}"
  312. nova_spicehtml5proxy_fqdn: "{{ kolla_external_fqdn }}"
  313. nova_spicehtml5proxy_port: "6082"
  314. nova_spicehtml5proxy_listen_port: "{{ nova_spicehtml5proxy_port }}"
  315. nova_serialproxy_fqdn: "{{ kolla_external_fqdn }}"
  316. nova_serialproxy_port: "6083"
  317. nova_serialproxy_listen_port: "{{ nova_serialproxy_port }}"
  318. nova_serialproxy_protocol: "{{ 'wss' if kolla_enable_tls_external | bool else 'ws' }}"
  319. octavia_internal_fqdn: "{{ kolla_internal_fqdn }}"
  320. octavia_external_fqdn: "{{ kolla_external_fqdn }}"
  321. octavia_api_port: "9876"
  322. octavia_api_listen_port: "{{ octavia_api_port }}"
  323. octavia_health_manager_port: "5555"
  324. ovn_nb_db_port: "6641"
  325. ovn_sb_db_port: "6642"
  326. ovn_nb_connection: "{% for host in groups['ovn-nb-db'] %}tcp:{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ ovn_nb_db_port }}{% if not loop.last %},{% endif %}{% endfor %}"
  327. ovn_sb_connection: "{% for host in groups['ovn-sb-db'] %}tcp:{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ ovn_sb_db_port }}{% if not loop.last %},{% endif %}{% endfor %}"
  328. outward_rabbitmq_port: "5674"
  329. outward_rabbitmq_management_port: "15674"
  330. outward_rabbitmq_cluster_port: "25674"
  331. outward_rabbitmq_epmd_port: "4371"
  332. ovsdb_port: "6640"
  333. panko_api_port: "8977"
  334. placement_internal_fqdn: "{{ kolla_internal_fqdn }}"
  335. placement_external_fqdn: "{{ kolla_external_fqdn }}"
  336. # Default Placement API port of 8778 already in use
  337. placement_api_port: "8780"
  338. placement_api_listen_port: "{{ placement_api_port }}"
  339. prometheus_port: "9091"
  340. prometheus_node_exporter_port: "9100"
  341. prometheus_mysqld_exporter_port: "9104"
  342. prometheus_haproxy_exporter_port: "9101"
  343. prometheus_memcached_exporter_port: "9150"
  344. # Default cadvisor port of 8080 already in use
  345. prometheus_cadvisor_port: "18080"
  346. # Prometheus alertmanager ports
  347. prometheus_alertmanager_port: "9093"
  348. prometheus_alertmanager_cluster_port: "9094"
  349. # Prometheus openstack-exporter ports
  350. prometheus_openstack_exporter_port: "9198"
  351. prometheus_elasticsearch_exporter_port: "9108"
  352. # Prometheus blackbox-exporter ports
  353. prometheus_blackbox_exporter_port: "9115"
  354. qdrouterd_port: "31459"
  355. qinling_api_port: "7070"
  356. rabbitmq_port: "{{ '5671' if rabbitmq_enable_tls | bool else '5672' }}"
  357. rabbitmq_management_port: "15672"
  358. rabbitmq_cluster_port: "25672"
  359. rabbitmq_epmd_port: "4369"
  360. redis_port: "6379"
  361. redis_sentinel_port: "26379"
  362. sahara_api_port: "8386"
  363. searchlight_api_port: "9393"
  364. senlin_internal_fqdn: "{{ kolla_internal_fqdn }}"
  365. senlin_external_fqdn: "{{ kolla_external_fqdn }}"
  366. senlin_api_port: "8778"
  367. senlin_api_listen_port: "{{ senlin_api_port }}"
  368. skydive_analyzer_port: "8085"
  369. skydive_agents_port: "8090"
  370. solum_application_deployment_port: "9777"
  371. solum_image_builder_port: "9778"
  372. storm_nimbus_thrift_port: 6627
  373. storm_supervisor_thrift_port: 6628
  374. # Storm will run up to (end - start) + 1 workers per worker host. Here
  375. # we reserve ports for those workers, and implicitly define the maximum
  376. # number of workers per host.
  377. storm_worker_port_range:
  378. start: 6700
  379. end: 6703
  380. swift_internal_fqdn: "{{ kolla_internal_fqdn }}"
  381. swift_external_fqdn: "{{ kolla_external_fqdn }}"
  382. swift_proxy_server_port: "8080"
  383. swift_proxy_server_listen_port: "{{ swift_proxy_server_port }}"
  384. swift_object_server_port: "6000"
  385. swift_account_server_port: "6001"
  386. swift_container_server_port: "6002"
  387. swift_rsync_port: "10873"
  388. syslog_udp_port: "{{ fluentd_syslog_port }}"
  389. tacker_server_port: "9890"
  390. trove_api_port: "8779"
  391. watcher_api_port: "9322"
  392. zookeeper_client_port: "2181"
  393. zookeeper_peer_port: "2888"
  394. zookeeper_quorum_port: "3888"
  395. zun_api_port: "9517"
  396. zun_wsproxy_port: "6784"
  397. zun_cni_daemon_port: "9036"
  398. vitrage_api_port: "8999"
  399. public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}"
  400. internal_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}"
  401. admin_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}"
  402. ####################
  403. # OpenStack options
  404. ####################
  405. openstack_release: "master"
  406. # Docker image tag used by default.
  407. openstack_tag: "{{ openstack_release ~ openstack_tag_suffix }}"
  408. openstack_tag_suffix: ""
  409. openstack_logging_debug: "False"
  410. openstack_region_name: "RegionOne"
  411. # Variable defined the pin_release_version, apply for rolling upgrade process
  412. openstack_previous_release_name: "ussuri"
  413. # A list of policy file formats that are supported by Oslo.policy
  414. supported_policy_format_list:
  415. - policy.yaml
  416. - policy.json
  417. # In the context of multi-regions, list here the name of all your regions.
  418. multiple_regions_names:
  419. - "{{ openstack_region_name }}"
  420. openstack_service_workers: "{{ [ansible_processor_vcpus, 5]|min }}"
  421. openstack_service_rpc_workers: "{{ [ansible_processor_vcpus, 3]|min }}"
  422. # Optionally allow Kolla to set sysctl values
  423. set_sysctl: "yes"
  424. # Optionally change the path to sysctl.conf modified by Kolla Ansible plays.
  425. kolla_sysctl_conf_path: /etc/sysctl.conf
  426. # Endpoint type used to connect with OpenStack services with ansible modules.
  427. # Valid options are [ public, internal, admin ]
  428. openstack_interface: "admin"
  429. # Openstack CA certificate bundle file
  430. # CA bundle file must be added to both the Horizon and Kolla Toolbox containers
  431. openstack_cacert: ""
  432. # Enable core OpenStack services. This includes:
  433. # glance, keystone, neutron, nova, heat, and horizon.
  434. enable_openstack_core: "yes"
  435. # These roles are required for Kolla to be operation, however a savvy deployer
  436. # could disable some of these required roles and run their own services.
  437. enable_glance: "{{ enable_openstack_core | bool }}"
  438. enable_haproxy: "yes"
  439. enable_keepalived: "{{ enable_haproxy | bool }}"
  440. enable_keystone: "{{ enable_openstack_core | bool }}"
  441. enable_mariadb: "yes"
  442. enable_memcached: "yes"
  443. enable_neutron: "{{ enable_openstack_core | bool }}"
  444. enable_nova: "{{ enable_openstack_core | bool }}"
  445. enable_rabbitmq: "{{ 'yes' if om_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no' }}"
  446. enable_outward_rabbitmq: "{{ enable_murano | bool }}"
  447. # NOTE: Most memcached clients handle load-balancing via client side
  448. # hashing (consistent or not) logic, so going under the covers and messing
  449. # with things that the clients are not aware of is generally wrong
  450. enable_haproxy_memcached: "no"
  451. # Additional optional OpenStack features and services are specified here
  452. enable_aodh: "no"
  453. enable_barbican: "no"
  454. enable_blazar: "no"
  455. enable_ceilometer: "no"
  456. enable_ceilometer_ipmi: "no"
  457. enable_cells: "no"
  458. enable_central_logging: "no"
  459. enable_chrony: "yes"
  460. enable_cinder: "no"
  461. enable_cinder_backup: "yes"
  462. enable_cinder_backend_hnas_nfs: "no"
  463. enable_cinder_backend_iscsi: "{{ enable_cinder_backend_lvm | bool or enable_cinder_backend_zfssa_iscsi | bool }}"
  464. enable_cinder_backend_lvm: "no"
  465. enable_cinder_backend_nfs: "no"
  466. enable_cinder_backend_zfssa_iscsi: "no"
  467. enable_cinder_backend_quobyte: "no"
  468. enable_cloudkitty: "no"
  469. enable_collectd: "no"
  470. enable_cyborg: "no"
  471. enable_designate: "no"
  472. enable_etcd: "no"
  473. enable_fluentd: "yes"
  474. enable_freezer: "no"
  475. enable_gnocchi: "no"
  476. enable_gnocchi_statsd: "no"
  477. enable_grafana: "no"
  478. enable_heat: "{{ enable_openstack_core | bool }}"
  479. enable_horizon: "{{ enable_openstack_core | bool }}"
  480. enable_horizon_blazar: "{{ enable_blazar | bool }}"
  481. enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}"
  482. enable_horizon_designate: "{{ enable_designate | bool }}"
  483. enable_horizon_freezer: "{{ enable_freezer | bool }}"
  484. enable_horizon_heat: "{{ enable_heat | bool }}"
  485. enable_horizon_ironic: "{{ enable_ironic | bool }}"
  486. enable_horizon_karbor: "{{ enable_karbor | bool }}"
  487. enable_horizon_magnum: "{{ enable_magnum | bool }}"
  488. enable_horizon_manila: "{{ enable_manila | bool }}"
  489. enable_horizon_masakari: "{{ enable_masakari | bool }}"
  490. enable_horizon_mistral: "{{ enable_mistral | bool }}"
  491. enable_horizon_monasca: "{{ enable_monasca | bool }}"
  492. enable_horizon_murano: "{{ enable_murano | bool }}"
  493. enable_horizon_neutron_vpnaas: "{{ enable_neutron_vpnaas | bool }}"
  494. enable_horizon_octavia: "{{ enable_octavia | bool }}"
  495. enable_horizon_qinling: "{{ enable_qinling | bool }}"
  496. enable_horizon_sahara: "{{ enable_sahara | bool }}"
  497. enable_horizon_searchlight: "{{ enable_searchlight | bool }}"
  498. enable_horizon_senlin: "{{ enable_senlin | bool }}"
  499. enable_horizon_solum: "{{ enable_solum | bool }}"
  500. enable_horizon_tacker: "{{ enable_tacker | bool }}"
  501. enable_horizon_trove: "{{ enable_trove | bool }}"
  502. enable_horizon_vitrage: "{{ enable_vitrage | bool }}"
  503. enable_horizon_watcher: "{{ enable_watcher | bool }}"
  504. enable_horizon_zun: "{{ enable_zun | bool }}"
  505. enable_influxdb: "{{ enable_monasca | bool or (enable_cloudkitty | bool and cloudkitty_storage_backend == 'influxdb') }}"
  506. enable_ironic: "no"
  507. enable_ironic_ipxe: "no"
  508. enable_ironic_neutron_agent: "{{ enable_neutron | bool and enable_ironic | bool }}"
  509. enable_ironic_pxe_uefi: "no"
  510. enable_iscsid: "{{ (enable_cinder | bool and enable_cinder_backend_iscsi | bool) or enable_ironic | bool }}"
  511. enable_karbor: "no"
  512. enable_kafka: "{{ enable_monasca | bool }}"
  513. enable_kuryr: "no"
  514. enable_magnum: "no"
  515. enable_manila: "no"
  516. enable_manila_backend_generic: "no"
  517. enable_manila_backend_hnas: "no"
  518. enable_manila_backend_cephfs_native: "no"
  519. enable_manila_backend_cephfs_nfs: "no"
  520. enable_mariabackup: "no"
  521. enable_masakari: "no"
  522. enable_mistral: "no"
  523. enable_monasca: "no"
  524. enable_multipathd: "no"
  525. enable_murano: "no"
  526. enable_neutron_vpnaas: "no"
  527. enable_neutron_sriov: "no"
  528. enable_neutron_mlnx: "no"
  529. enable_neutron_dvr: "no"
  530. enable_neutron_qos: "no"
  531. enable_neutron_agent_ha: "no"
  532. enable_neutron_bgp_dragent: "no"
  533. enable_neutron_provider_networks: "no"
  534. enable_neutron_segments: "no"
  535. enable_neutron_sfc: "no"
  536. enable_neutron_trunk: "no"
  537. enable_neutron_metering: "no"
  538. enable_neutron_infoblox_ipam_agent: "no"
  539. enable_neutron_port_forwarding: "no"
  540. enable_nova_serialconsole_proxy: "no"
  541. enable_nova_ssh: "yes"
  542. enable_octavia: "no"
  543. enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}"
  544. enable_ovn: "{{ enable_neutron | bool and neutron_plugin_agent == 'ovn' }}"
  545. enable_ovs_dpdk: "no"
  546. enable_osprofiler: "no"
  547. enable_panko: "no"
  548. enable_placement: "{{ enable_nova | bool or enable_zun | bool }}"
  549. enable_prometheus: "no"
  550. enable_qdrouterd: "{{ 'yes' if om_rpc_transport == 'amqp' else 'no' }}"
  551. enable_qinling: "no"
  552. enable_rally: "no"
  553. enable_redis: "no"
  554. enable_sahara: "no"
  555. enable_searchlight: "no"
  556. enable_senlin: "no"
  557. enable_skydive: "no"
  558. enable_solum: "no"
  559. enable_storm: "{{ enable_monasca | bool }}"
  560. enable_swift: "no"
  561. enable_swift_s3api: "no"
  562. enable_swift_recon: "no"
  563. enable_tacker: "no"
  564. enable_telegraf: "no"
  565. enable_tempest: "no"
  566. enable_trove: "no"
  567. enable_trove_singletenant: "no"
  568. enable_vitrage: "no"
  569. enable_vmtp: "no"
  570. enable_watcher: "no"
  571. enable_zookeeper: "{{ enable_kafka | bool or enable_storm | bool }}"
  572. enable_zun: "no"
  573. ovs_datapath: "{{ 'netdev' if enable_ovs_dpdk | bool else 'system' }}"
  574. designate_keystone_user: "designate"
  575. ironic_keystone_user: "ironic"
  576. neutron_keystone_user: "neutron"
  577. nova_keystone_user: "nova"
  578. placement_keystone_user: "placement"
  579. murano_keystone_user: "murano"
  580. cinder_keystone_user: "cinder"
  581. # Nova fake driver and the number of fake driver per compute node
  582. enable_nova_fake: "no"
  583. num_nova_fake_per_node: 5
  584. # Clean images options are specified here
  585. enable_destroy_images: "no"
  586. ####################
  587. # Monasca options
  588. ####################
  589. monasca_api_admin_base_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_api_port }}"
  590. monasca_api_internal_base_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_api_port }}"
  591. monasca_api_public_base_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ monasca_api_port }}"
  592. monasca_log_api_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_log_api_port }}"
  593. monasca_log_api_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_log_api_port }}"
  594. monasca_log_api_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ monasca_log_api_port }}"
  595. # The OpenStack username used by the Monasca Agent and the Fluentd Monasca
  596. # plugin to post logs and metrics from the control plane to Monasca.
  597. monasca_agent_user: "monasca-agent"
  598. # The OpenStack project to which the control plane logs and metrics are
  599. # tagged with. Only users with the monasca read only user role, or higher
  600. # can access these from the Monasca APIs.
  601. monasca_control_plane_project: "monasca_control_plane"
  602. ####################
  603. # Global Options
  604. ####################
  605. # List of containers to skip during stop command in YAML list format
  606. # skip_stop_containers:
  607. # - container1
  608. # - container2
  609. skip_stop_containers: []
  610. ####################
  611. # Logging options
  612. ####################
  613. elasticsearch_address: "{{ kolla_internal_fqdn }}"
  614. enable_elasticsearch: "{{ 'yes' if enable_central_logging | bool or enable_osprofiler | bool or enable_skydive | bool or enable_monasca | bool else 'no' }}"
  615. # If using Curator an actions file will need to be defined. Please see
  616. # the documentation.
  617. enable_elasticsearch_curator: "no"
  618. enable_kibana: "{{ 'yes' if enable_central_logging | bool or enable_monasca | bool else 'no' }}"
  619. ####################
  620. # Redis options
  621. ####################
  622. redis_connection_string: "redis://{% for host in groups['redis'] %}{% if host == groups['redis'][0] %}admin:{{ redis_master_password }}@{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ redis_sentinel_port }}?sentinel=kolla{% else %}&sentinel_fallback={{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ redis_sentinel_port }}{% endif %}{% endfor %}&db=0&socket_timeout=60&retry_on_timeout=yes"
  623. ####################
  624. # Osprofiler options
  625. ####################
  626. # valid values: ["elasticsearch", "redis"]
  627. osprofiler_backend: "elasticsearch"
  628. elasticsearch_connection_string: "elasticsearch://{{ elasticsearch_address | put_address_in_context('url') }}:{{ elasticsearch_port }}"
  629. osprofiler_backend_connection_string: "{{ redis_connection_string if osprofiler_backend == 'redis' else elasticsearch_connection_string }}"
  630. ####################
  631. # RabbitMQ options
  632. ####################
  633. rabbitmq_user: "openstack"
  634. rabbitmq_monitoring_user: ""
  635. outward_rabbitmq_user: "openstack"
  636. # Whether to enable TLS encryption for RabbitMQ client-server communication.
  637. rabbitmq_enable_tls: "no"
  638. # CA certificate bundle in RabbitMQ container.
  639. rabbitmq_cacert: "/etc/ssl/certs/{{ 'ca-certificates.crt' if kolla_base_distro in ['debian', 'ubuntu'] else 'ca-bundle.trust.crt' }}"
  640. ####################
  641. # Qdrouterd options
  642. ####################
  643. qdrouterd_user: "openstack"
  644. ####################
  645. # HAProxy options
  646. ####################
  647. haproxy_user: "openstack"
  648. haproxy_enable_external_vip: "{{ 'no' if kolla_same_external_internal_vip | bool else 'yes' }}"
  649. kolla_enable_tls_internal: "no"
  650. kolla_enable_tls_external: "{{ kolla_enable_tls_internal if kolla_same_external_internal_vip | bool else 'no' }}"
  651. kolla_certificates_dir: "{{ node_config }}/certificates"
  652. kolla_external_fqdn_cert: "{{ kolla_certificates_dir }}/haproxy.pem"
  653. kolla_internal_fqdn_cert: "{{ kolla_certificates_dir }}/haproxy-internal.pem"
  654. kolla_admin_openrc_cacert: ""
  655. kolla_copy_ca_into_containers: "no"
  656. haproxy_backend_cacert: "{{ 'ca-certificates.crt' if kolla_base_distro in ['debian', 'ubuntu'] else 'ca-bundle.trust.crt' }}"
  657. haproxy_backend_cacert_dir: "/etc/ssl/certs"
  658. ##################
  659. # Backend options
  660. ##################
  661. kolla_httpd_keep_alive: "60"
  662. ######################
  663. # Backend TLS options
  664. ######################
  665. kolla_enable_tls_backend: "no"
  666. kolla_verify_tls_backend: "yes"
  667. kolla_tls_backend_cert: "{{ kolla_certificates_dir }}/backend-cert.pem"
  668. kolla_tls_backend_key: "{{ kolla_certificates_dir }}/backend-key.pem"
  669. #####################
  670. # ACME client options
  671. #####################
  672. acme_client_servers: []
  673. ####################
  674. # Kibana options
  675. ####################
  676. kibana_user: "kibana"
  677. kibana_log_prefix: "flog"
  678. ####################
  679. # Keystone options
  680. ####################
  681. keystone_internal_fqdn: "{{ kolla_internal_fqdn }}"
  682. keystone_external_fqdn: "{{ kolla_external_fqdn }}"
  683. keystone_admin_url: "{{ admin_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_admin_port }}"
  684. keystone_internal_url: "{{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
  685. keystone_public_url: "{{ public_protocol }}://{{ keystone_external_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
  686. keystone_admin_user: "admin"
  687. keystone_admin_project: "admin"
  688. default_project_domain_name: "Default"
  689. default_project_domain_id: "default"
  690. default_user_domain_name: "Default"
  691. default_user_domain_id: "default"
  692. # Valid options are [ fernet ]
  693. keystone_token_provider: "fernet"
  694. # Keystone fernet token expiry in seconds. Default is 1 day.
  695. fernet_token_expiry: 86400
  696. # Keystone window to allow expired fernet tokens. Default is 2 days.
  697. fernet_token_allow_expired_window: 172800
  698. # Keystone fernet key rotation interval in seconds. Default is sum of token
  699. # expiry and allow expired window, 3 days. This ensures the minimum number
  700. # of keys are active. If this interval is lower than the sum of the token
  701. # expiry and allow expired window, multiple active keys will be necessary.
  702. fernet_key_rotation_interval: "{{ fernet_token_expiry + fernet_token_allow_expired_window }}"
  703. keystone_default_user_role: "_member_"
  704. # OpenStack authentication string. You should only need to override these if you
  705. # are changing the admin tenant/project or user.
  706. openstack_auth:
  707. auth_url: "{{ keystone_admin_url }}"
  708. username: "{{ keystone_admin_user }}"
  709. password: "{{ keystone_admin_password }}"
  710. project_name: "{{ keystone_admin_project }}"
  711. domain_name: "default"
  712. user_domain_name: "default"
  713. #######################
  714. # Glance options
  715. #######################
  716. glance_backend_file: "{{ not (glance_backend_ceph | bool or glance_backend_swift | bool or glance_backend_vmware | bool) }}"
  717. glance_backend_ceph: "no"
  718. glance_backend_vmware: "no"
  719. enable_glance_image_cache: "no"
  720. glance_backend_swift: "{{ enable_swift | bool }}"
  721. glance_file_datadir_volume: "glance"
  722. glance_enable_rolling_upgrade: "no"
  723. glance_enable_property_protection: "no"
  724. glance_enable_interoperable_image_import: "no"
  725. glance_api_hosts: "{{ [groups['glance-api']|first] if glance_backend_file | bool and glance_file_datadir_volume == 'glance' else groups['glance-api'] }}"
  726. # NOTE(mnasiadka): For use in common role
  727. glance_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
  728. glance_admin_endpoint: "{{ admin_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}"
  729. glance_internal_endpoint: "{{ internal_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}"
  730. glance_public_endpoint: "{{ public_protocol }}://{{ glance_external_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}"
  731. #######################
  732. # Barbican options
  733. #######################
  734. # Valid options are [ simple_crypto, p11_crypto ]
  735. barbican_crypto_plugin: "simple_crypto"
  736. barbican_library_path: "/usr/lib/libCryptoki2_64.so"
  737. barbican_admin_endpoint: "{{ admin_protocol }}://{{ barbican_internal_fqdn | put_address_in_context('url') }}:{{ barbican_api_port }}"
  738. barbican_internal_endpoint: "{{ internal_protocol }}://{{ barbican_internal_fqdn | put_address_in_context('url') }}:{{ barbican_api_port }}"
  739. barbican_public_endpoint: "{{ public_protocol }}://{{ barbican_external_fqdn | put_address_in_context('url') }}:{{ barbican_api_port }}"
  740. #################
  741. # Gnocchi options
  742. #################
  743. # Valid options are [ file, ceph, swift ]
  744. gnocchi_backend_storage: "{% if enable_swift | bool %}swift{% else %}file{% endif %}"
  745. # Valid options are [redis, '']
  746. gnocchi_incoming_storage: "{{ 'redis' if enable_redis | bool else '' }}"
  747. gnocchi_metric_datadir_volume: "gnocchi"
  748. #################################
  749. # Cinder options
  750. #################################
  751. cinder_backend_ceph: "no"
  752. cinder_backend_vmwarevc_vmdk: "no"
  753. cinder_volume_group: "cinder-volumes"
  754. cinder_target_helper: "{{ 'lioadm' if ansible_os_family == 'RedHat' else 'tgtadm' }}"
  755. # Valid options are [ '', redis, etcd ]
  756. cinder_coordination_backend: "{{ 'redis' if enable_redis|bool else 'etcd' if enable_etcd|bool else '' }}"
  757. # Valid options are [ nfs, swift, ceph ]
  758. cinder_backup_driver: "ceph"
  759. cinder_backup_share: ""
  760. cinder_backup_mount_options_nfs: ""
  761. #######################
  762. # Cloudkitty options
  763. #######################
  764. # Valid option is gnocchi
  765. cloudkitty_collector_backend: "gnocchi"
  766. # Valid options are 'sqlalchemy' or 'influxdb'. The default value is
  767. # 'influxdb', which matches the default in Cloudkitty since the Stein release.
  768. # When the backend is "influxdb", we also enable Influxdb.
  769. # Also, when using 'influxdb' as the backend, we trigger the configuration/use
  770. # of Cloudkitty storage backend version 2.
  771. cloudkitty_storage_backend: "influxdb"
  772. #######################
  773. # Designate options
  774. #######################
  775. # Valid options are [ bind9, infoblox ]
  776. designate_backend: "bind9"
  777. designate_ns_record: "sample.openstack.org"
  778. designate_backend_external: "no"
  779. designate_backend_external_bind9_nameservers: ""
  780. # Valid options are [ '', redis ]
  781. designate_coordination_backend: "{{ 'redis' if enable_redis|bool else '' }}"
  782. designate_admin_endpoint: "{{ admin_protocol }}://{{ designate_internal_fqdn | put_address_in_context('url') }}:{{ designate_api_port }}"
  783. designate_internal_endpoint: "{{ internal_protocol }}://{{ designate_internal_fqdn | put_address_in_context('url') }}:{{ designate_api_port }}"
  784. designate_public_endpoint: "{{ public_protocol }}://{{ designate_external_fqdn | put_address_in_context('url') }}:{{ designate_api_port }}"
  785. #######################
  786. # Neutron options
  787. #######################
  788. neutron_bgp_router_id: "1.1.1.1"
  789. neutron_bridge_name: "{{ 'br-dvs' if neutron_plugin_agent == 'vmware_dvs' else 'br-ex' }}"
  790. # Comma-separated type of enabled ml2 type drivers
  791. neutron_type_drivers: "flat,vlan,vxlan{% if neutron_plugin_agent == 'ovn' %},geneve{% endif %}"
  792. # Comma-separated types of tenant networks (should be listed in 'neutron_type_drivers')
  793. # NOTE: for ironic this list should also contain 'flat'
  794. neutron_tenant_network_types: "{% if neutron_plugin_agent == 'ovn' %}geneve{% else %}vxlan{% endif %}"
  795. # valid values: ["dvr", "dvr_no_external"]
  796. neutron_compute_dvr_mode: "dvr"
  797. computes_need_external_bridge: "{{ (enable_neutron_dvr | bool and neutron_compute_dvr_mode == 'dvr') or enable_neutron_provider_networks | bool or neutron_ovn_distributed_fip | bool }}"
  798. # Default DNS resolvers for virtual networks
  799. neutron_dnsmasq_dns_servers: "1.1.1.1,8.8.8.8,8.8.4.4"
  800. # Set legacy iptables to allow kernels not supporting iptables-nft
  801. neutron_legacy_iptables: "no"
  802. # Enable distributed floating ip for OVN deployments
  803. neutron_ovn_distributed_fip: "no"
  804. neutron_admin_endpoint: "{{ admin_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}"
  805. neutron_internal_endpoint: "{{ internal_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}"
  806. neutron_public_endpoint: "{{ public_protocol }}://{{ neutron_external_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}"
  807. # SRIOV physnet:interface mappings when SRIOV is enabled
  808. # "sriovnet1" and tunnel_interface used here as placeholders
  809. neutron_sriov_physnet_mappings:
  810. sriovnet1: "{{ tunnel_interface }}"
  811. neutron_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
  812. #######################
  813. # Nova options
  814. #######################
  815. nova_backend_ceph: "no"
  816. nova_backend: "{{ 'rbd' if nova_backend_ceph | bool else 'default' }}"
  817. # Valid options are [ kvm, qemu, vmware ]
  818. nova_compute_virt_type: "kvm"
  819. nova_instance_datadir_volume: "nova_compute"
  820. nova_safety_upgrade: "no"
  821. # Valid options are [ none, novnc, spice ]
  822. nova_console: "novnc"
  823. #######################
  824. # Murano options
  825. #######################
  826. murano_agent_rabbitmq_vhost: "muranoagent"
  827. murano_agent_rabbitmq_user: "muranoagent"
  828. #######################
  829. # Horizon options
  830. #######################
  831. horizon_backend_database: "{{ enable_murano | bool }}"
  832. horizon_keystone_multidomain: False
  833. # Enable deploying custom horizon policy files for services that don't have a
  834. # horizon plugin but have a policy file. Override these when you have services
  835. # not deployed by kolla-ansible but want custom policy files deployed for them
  836. # in horizon.
  837. enable_ceilometer_horizon_policy_file: "{{ enable_ceilometer }}"
  838. enable_cinder_horizon_policy_file: "{{ enable_cinder }}"
  839. enable_glance_horizon_policy_file: "{{ enable_glance }}"
  840. enable_heat_horizon_policy_file: "{{ enable_heat }}"
  841. enable_keystone_horizon_policy_file: "{{ enable_keystone }}"
  842. enable_neutron_horizon_policy_file: "{{ enable_neutron }}"
  843. enable_nova_horizon_policy_file: "{{ enable_nova }}"
  844. horizon_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ horizon_tls_port if kolla_enable_tls_internal | bool else horizon_port }}"
  845. #################
  846. # Qinling options
  847. #################
  848. # Configure qinling-engine certificates to authenticate with Kubernetes cluster.
  849. qinling_kubernetes_certificates: "no"
  850. ###################
  851. # External Ceph options
  852. ###################
  853. # External Ceph - cephx auth enabled (this is the standard nowadays, defaults to yes)
  854. external_ceph_cephx_enabled: "yes"
  855. # External Ceph pool names
  856. ceph_cinder_pool_name: "volumes"
  857. ceph_cinder_backup_pool_name: "backups"
  858. ceph_glance_pool_name: "images"
  859. ceph_gnocchi_pool_name: "gnocchi"
  860. ceph_nova_pool_name: "vms"
  861. ceph_cinder_backup_user: "cinder-backup"
  862. ceph_cinder_user: "cinder"
  863. ceph_glance_user: "glance"
  864. ceph_gnocchi_user: "gnocchi"
  865. ceph_manila_user: "manila"
  866. ceph_nova_user: "nova"
  867. # External Ceph keyrings
  868. ceph_cinder_keyring: "ceph.client.cinder.keyring"
  869. ceph_cinder_backup_keyring: "ceph.client.cinder-backup.keyring"
  870. ceph_glance_keyring: "ceph.client.glance.keyring"
  871. ceph_gnocchi_keyring: "ceph.client.gnocchi.keyring"
  872. ceph_manila_keyring: "ceph.client.manila.keyring"
  873. ceph_nova_keyring: "{{ ceph_cinder_keyring }}"
  874. #####################
  875. # VMware support
  876. ######################
  877. vmware_vcenter_host_ip: "127.0.0.1"
  878. vmware_vcenter_host_username: "username"
  879. vmware_vcenter_cluster_name: "cluster-1"
  880. vmware_vcenter_insecure: "True"
  881. #############################################
  882. # MariaDB component-specific database details
  883. #############################################
  884. # Whether to configure haproxy to load balance
  885. # the external MariaDB server(s)
  886. enable_external_mariadb_load_balancer: "no"
  887. # Whether to use pre-configured databases / users
  888. use_preconfigured_databases: "no"
  889. # whether to use a common, preconfigured user
  890. # for all component databases
  891. use_common_mariadb_user: "no"
  892. ############
  893. # Prometheus
  894. ############
  895. enable_prometheus_server: "{{ enable_prometheus | bool }}"
  896. enable_prometheus_haproxy_exporter: "{{ enable_haproxy | bool }}"
  897. enable_prometheus_mysqld_exporter: "{{ enable_mariadb | bool }}"
  898. enable_prometheus_node_exporter: "{{ enable_prometheus | bool }}"
  899. enable_prometheus_memcached_exporter: "{{ enable_memcached | bool }}"
  900. enable_prometheus_cadvisor: "{{ enable_prometheus | bool }}"
  901. enable_prometheus_alertmanager: "{{ enable_prometheus | bool }}"
  902. enable_prometheus_ceph_mgr_exporter: "no"
  903. enable_prometheus_openstack_exporter: "{{ enable_prometheus | bool }}"
  904. enable_prometheus_elasticsearch_exporter: "{{ enable_prometheus | bool and enable_elasticsearch | bool }}"
  905. enable_prometheus_blackbox_exporter: "{{ enable_prometheus | bool }}"
  906. prometheus_alertmanager_user: "admin"
  907. prometheus_openstack_exporter_interval: "60s"
  908. prometheus_elasticsearch_exporter_interval: "60s"
  909. prometheus_cmdline_extras:
  910. prometheus_ceph_mgr_exporter_endpoints: []
  911. prometheus_openstack_exporter_endpoint_type: "internal"
  912. ############
  913. # Vitrage
  914. ############
  915. enable_vitrage_prometheus_datasource: "{{ enable_prometheus | bool }}"
  916. ####################
  917. # InfluxDB options
  918. ####################
  919. influxdb_address: "{{ kolla_internal_fqdn }}"
  920. influxdb_datadir_volume: "influxdb"
  921. infuxdb_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ influxdb_http_port }}"
  922. #################
  923. # Kafka options
  924. #################
  925. kafka_datadir_volume: "kafka"
  926. #########################
  927. # Internal Image options
  928. #########################
  929. distro_python_version_map: {
  930. "centos": "3.6",
  931. "debian": "3.7",
  932. "rhel": "3.6",
  933. "ubuntu": "3.8"
  934. }
  935. distro_python_version: "{{ distro_python_version_map[kolla_base_distro] }}"
  936. ##########
  937. # Telegraf
  938. ##########
  939. # Configure telegraf to use the docker daemon itself as an input for
  940. # telemetry data.
  941. telegraf_enable_docker_input: "no"
  942. vitrage_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ vitrage_api_port }}"
  943. vitrage_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ vitrage_api_port }}"
  944. vitrage_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ vitrage_api_port }}"
  945. ####################
  946. # Grafana
  947. ####################
  948. grafana_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ grafana_server_port }}"
  949. grafana_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ grafana_server_port }}"
  950. #############
  951. # Ironic
  952. #############
  953. ironic_admin_endpoint: "{{ admin_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}"
  954. ironic_internal_endpoint: "{{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}"
  955. ironic_public_endpoint: "{{ public_protocol }}://{{ ironic_external_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}"
  956. ########
  957. # Swift
  958. ########
  959. swift_internal_base_endpoint: "{{ internal_protocol }}://{{ swift_internal_fqdn | put_address_in_context('url') }}:{{ swift_proxy_server_port }}"
  960. swift_admin_endpoint: "{{ admin_protocol }}://{{ swift_internal_fqdn | put_address_in_context('url') }}:{{ swift_proxy_server_port }}/v1"
  961. swift_internal_endpoint: "{{ swift_internal_base_endpoint }}/v1/AUTH_%(tenant_id)s"
  962. swift_public_endpoint: "{{ public_protocol }}://{{ swift_external_fqdn | put_address_in_context('url') }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s"
  963. ##########
  964. # Octavia
  965. ##########
  966. octavia_admin_endpoint: "{{ admin_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}"
  967. octavia_internal_endpoint: "{{ internal_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}"
  968. octavia_public_endpoint: "{{ public_protocol }}://{{ octavia_external_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}"