---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

## Verbosity Options
debug: False

# Set the package install state for distribution packages
# Options are 'present' and 'latest'
adjutant_package_state: "{{ package_state | default('latest') }}"

adjutant_service_user_name: adjutant

adjutant_system_group_name: adjutant
adjutant_system_user_name: adjutant
adjutant_system_comment: adjutant system user
adjutant_system_shell: /bin/false
adjutant_system_home_folder: "/var/lib/{{ adjutant_system_user_name }}"

adjutant_venv_tag: "{{ venv_tag | default('untagged') }}"
adjutant_bin: "/openstack/venvs/adjutant-{{ adjutant_venv_tag }}/bin"

adjutant_git_repo: https://opendev.org/openstack/adjutant
adjutant_git_install_branch: master
adjutant_upper_constraints_url: "{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}"
adjutant_git_constraints:
  - "--constraint {{ adjutant_upper_constraints_url }}"

adjutant_user_domain_name: Default
adjutant_user_domain_id: default
adjutant_keystone_auth_plugin: password

adjutant_galera_address: "{{ galera_address | default('127.0.0.1') }}"
adjutant_galera_database: adjutant
adjutant_galera_user: adjutant
adjutant_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
adjutant_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
adjutant_galera_port: "{{ galera_port | default('3306') }}"
adjutant_galera_setup_host: "{{ openstack_db_setup_host | default('localhost') }}"
adjutant_galera_setup_python_interpreter: "{{ openstack_db_setup_python_interpreter | default((adjutant_galera_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}"

## Service Type and Data
adjutant_role_name: admin
adjutant_service_region: "{{ service_region | default('RegionOne') }}"
adjutant_service_name: adjutant
adjutant_service_type: registration
adjutant_service_description: "Adjutant Registration Service"
adjutant_service_port: 5050
adjutant_service_project_name: service
adjutant_service_in_ldap: "{{ service_ldap_backend_enabled | default(False) }}"
adjutant_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
adjutant_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((adjutant_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}"
adjutant_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
adjutant_service_proto: http
adjutant_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(adjutant_service_proto) }}"
adjutant_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(adjutant_service_proto) }}"
adjutant_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(adjutant_service_proto) }}"
adjutant_service_publicuri: "{{ adjutant_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ adjutant_service_port }}"
adjutant_service_publicurl: "{{ adjutant_service_publicuri }}/v1/"
adjutant_service_adminuri: "{{ adjutant_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ adjutant_service_port }}"
adjutant_service_adminurl: "{{ adjutant_service_adminuri }}/v1/"
adjutant_service_internaluri: "{{ adjutant_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ adjutant_service_port }}"
adjutant_service_internalurl: "{{ adjutant_service_internaluri }}/v1/"
adjutant_horizon_publicurl: "{{ openstack_service_publicuri_proto | default(adjutant_service_proto) }}://{{ external_lb_vip_address }}/"

# uWSGI settings
adjutant_wsgi_threads: 1
adjutant_wsgi_processes_max: 16
adjutant_wsgi_processes: "{{ [[(ansible_facts['processor_vcpus']//ansible_facts['processor_threads_per_core'])|default(1), 1] | max * 2, adjutant_wsgi_processes_max] | min }}"
adjutant_use_uwsgi: True
adjutant_uwsgi_tls:
  crt: "{{ adjutant_ssl_cert }}"
  key: "{{ adjutant_ssl_key }}"

adjutant_email_backend: django.core.mail.backends.smtp.EmailBackend
adjutant_email_host: localhost
adjutant_email_port: 587
adjutant_email_host_user: adjutant
adjutant_email_use_tls: True
adjutant_email_use_ssl: False
adjutant_email_reply_address: no-reply@example.com
adjutant_email_from_address: bounce+%(task_uuid)s@example.com
adjutant_email_notification_address: example@example.com
adjutant_email_signups_notification_address: signups@example.com
adjutant_active_delegate_apis:
  - RoleList
  - SignUp
  - UpdateProjectQuotas
  - UserDetail
  - UserList
  - UserResetPassword
  - UserRoles
  - UserUpdateEmail
adjutant_role_mapping:
  admin:
    - project_admin
    - project_mod
    - heat_stack_owner
    - _member_
  project_admin:
    - project_admin
    - project_mod
    - heat_stack_owner
    - _member_
  project_mod:
    - project_mod
    - heat_stack_owner
    - _member_
adjutant_blacklisted_roles:
  - admin
  - rating
adjutant_default_users_to_project_action: []
adjutant_default_roles_to_project_action: []
adjutant_default_quota_size: small
adjutant_signup_allow_auto_approve: False
adjutant_quota_allow_auto_approve: False
adjutant_quota_size_difference_threshold: 0.1
adjutant_quota_auto_approve_days: 30
adjutant_quota_sizes:
  small:
    cinder:
      gigabytes: 5000
      snapshots: 50
      volumes: 20
    neutron:
      floatingip: 10
      network: 3
      port: 50
      router: 3
      security_group: 20
      security_group_rule: 100
      subnet: 3
    nova:
      cores: 20
      fixed_ips: 0
      floating_ips: 10
      injected_file_content_bytes: 10240
      injected_files: 5
      instances: 10
      key_pairs: 50
      metadata_items: 128
      ram: 65536
      security_group_rules: 100
      security_groups: 20
    octavia:
      health_monitor: 5
      listener: 1
      load_balancer: 1
      member: 2
      pool: 1
  medium:
    cinder:
      gigabytes: 10000
      snapshots: 300
      volumes: 100
    neutron:
      floatingip: 25
      network: 5
      port: 250
      router: 5
      security_group: 50
      security_group_rule: 400
      subnet: 5
    nova:
      cores: 100
      fixed_ips: 0
      floating_ips: 25
      injected_file_content_bytes: 10240
      injected_files: 5
      instances: 50
      key_pairs: 50
      metadata_items: 128
      ram: 327680
      security_group_rules: 400
      security_groups: 50
    octavia:
      health_monitor: 50
      listener: 5
      load_balancer: 5
      member: 5
      pool: 5
  large:
    cinder:
      gigabytes: 50000
      snapshots: 600
      volumes: 200
    neutron:
      floatingip: 50
      network: 10
      port: 500
      router: 10
      security_group: 100
      security_group_rule: 800
      subnet: 10
    nova:
      cores: 200
      fixed_ips: 0
      floating_ips: 50
      injected_file_content_bytes: 10240
      injected_files: 5
      instances: 100
      key_pairs: 50
      metadata_items: 128
      ram: 655360
      security_group_rules: 800
      security_groups: 100
    octavia:
      health_monitor: 100
      listener: 10
      load_balancer: 10
      member: 10
      pool: 10

adjutant_quota_sizes_asc:
  - small
  - medium
  - large

adjutant_quota_services:
  "*":
    - cinder
    - neutron
    - nova
    # Additonal Quota Service
    # - octavia

adjutant_adjutant_conf_overrides: {}
adjutant_api_uwsgi_ini_overrides: {}
adjutant_api_init_overrides: {}

## Service Name-Group Mapping
adjutant_services:
  adjutant-api:
    group: adjutant_api
    service_name: adjutant-api
    service_enabled: true
    init_config_overrides: "{{ adjutant_api_init_overrides }}"
    execstarts: "{{ adjutant_bin }}/adjutant-api"
    wsgi_app: "{{ adjutant_use_uwsgi }}"
    wsgi_name: adjutant-api-wsgi
    uwsgi_overrides: "{{ adjutant_api_uwsgi_ini_overrides }}"
    uwsgi_bind_address: "{{ adjutant_bind_address }}"
    uwsgi_port: "{{ adjutant_service_port }}"
    uwsgi_tls: "{{ adjutant_backend_ssl | ternary(adjutant_uwsgi_tls, {}) }}"

adjutant_pip_install_args: "{{ pip_install_options | default('') }}"
adjutant_venv_python_executable: "{{ openstack_venv_python_executable | default('python3') }}"

adjutant_pip_packages:
  - "git+{{ adjutant_git_repo }}@{{ adjutant_git_install_branch }}#egg=python-adjutant"
  - cryptography
  - systemd-python

adjutant_pip_extra_packages:
    - mysqlclient

###
### Backend TLS
###

# Define if communication between haproxy and service backends should be
# encrypted with TLS.
adjutant_backend_ssl: "{{ openstack_service_backend_ssl | default(False) }}"

# Storage location for SSL certificate authority
adjutant_pki_dir: "{{ openstack_pki_dir | default('/etc/openstack_deploy/pki') }}"

# Delegated host for operating the certificate authority
adjutant_pki_setup_host: "{{ openstack_pki_setup_host | default('localhost') }}"

# adjutant server certificate
adjutant_pki_keys_path: "{{ adjutant_pki_dir ~ '/certs/private/' }}"
adjutant_pki_certs_path: "{{ adjutant_pki_dir ~ '/certs/certs/' }}"
adjutant_pki_intermediate_cert_name: "{{ openstack_pki_service_intermediate_cert_name | default('ExampleCorpIntermediate') }}"
adjutant_pki_regen_cert: ''
adjutant_pki_san: "{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}"
adjutant_pki_certificates:
  - name: "adjutant_{{ ansible_facts['hostname'] }}"
    provider: ownca
    cn: "{{ ansible_facts['hostname'] }}"
    san: "{{ adjutant_pki_san }}"
    signed_by: "{{ adjutant_pki_intermediate_cert_name }}"

# adjutant destination files for SSL certificates
adjutant_ssl_cert: /etc/adjutant/adjutant.pem
adjutant_ssl_key: /etc/adjutant/adjutant.key

# Installation details for SSL certificates
adjutant_pki_install_certificates:
  - src: "{{ adjutant_user_ssl_cert | default(adjutant_pki_certs_path ~ 'adjutant_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}"
    dest: "{{ adjutant_ssl_cert }}"
    owner: "{{ adjutant_system_user_name }}"
    group: "{{ adjutant_system_user_name }}"
    mode: "0644"
  - src: "{{ adjutant_user_ssl_key | default(adjutant_pki_keys_path ~ 'adjutant_' ~ ansible_facts['hostname'] ~ '.key.pem') }}"
    dest: "{{ adjutant_ssl_key }}"
    owner: "{{ adjutant_system_user_name }}"
    group: "{{ adjutant_system_user_name }}"
    mode: "0600"

# Define user-provided SSL certificates
#adjutant_user_ssl_cert: <path to cert on ansible deployment host>
#adjutant_user_ssl_key: <path to cert on ansible deployment host>