openstack/openstack-ansible-os_designate
Code Issues Proposed changes
Files
682764493a443fd7196422b22888f9ea624a3720
openstack-ansible-os_designate/defaults/main.yml
Jesse Pretorius 15f7775800 Default MQ RPC/Notify credentials/vhosts to match 
When the RPC and Notify service are the same, the credentials
must match - otherwise the tasks to create the user/password
will overwrite with each other.

If the two clusters are different, then the matching credentials
and vhost will not be a problem. However, if the deployer really
wishes to make sure they're different, then the vars can be
overridden.

Also, to ensure that the SSL value is consistently set in the
conf file, we apply the bool filter. We also use the 'notify'
SSL setting as the messaging system for Notifications is more
likely to remain rabbitmq in our default deployment with qrouterd
becoming the default for RPC messaging.

Change-Id: Id94e6337032807ee5baa79945e043c9282e17263
2018-07-31 23:01:59 +01:00

231 lines
8.8 KiB
YAML
Raw Blame History

---
# Copyright 2016, Tata Consultancy Services
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Verbosity Options
debug: False
# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
designate_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
# Set the package install state for distribution packages
# Options are 'present' and 'latest'
designate_package_state: "latest"
designate_pip_package_state: "latest"
# Set installation method.
designate_install_method: "source"
## The git source/branch
designate_git_repo: https://git.openstack.org/openstack/designate
designate_git_install_branch: master
# Developer mode is used for role functional testing and allows the role
# to build an environment directly from a git source without the presence
# of an OpenStack-Ansible repo_server.
designate_developer_mode: False
## The packages to build from source (used in developer mode)
designate_developer_constraints:
- "git+{{ designate_git_repo }}@{{ designate_git_install_branch }}#egg=designate"
# Name of the virtual env to deploy into
designate_venv_tag: untagged
designate_bin: "{{ _designate_bin }}"
# Set the etc dir path where designate is installed.
# This is used for role access to the db migrations.
# Example:
# designate_etc_dir: "/usr/local/etc/designate"
designate_etc_dir: "{{ _designate_etc }}/designate"
# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
designate_venv_download: "{{ not designate_developer_mode | bool }}"
# URL of the pre-built virtualenv
designate_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/designate.tgz
## System info
designate_system_user_name: designate
designate_system_group_name: designate
designate_system_shell: /bin/false
designate_system_comment: designate system user
designate_system_user_home: "/var/lib/{{ designate_system_user_name }}"
## Database info
designate_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
designate_galera_address: "{{ galera_address | default('127.0.0.1') }}"
designate_galera_user: designate
designate_galera_database: designate
designate_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
designate_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
## Oslo Messaging
# RPC
designate_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
designate_oslomsg_rpc_setup_host: "{{ (designate_oslomsg_rpc_host_group in groups) | ternary(groups[designate_oslomsg_rpc_host_group][0], 'localhost') }}"
designate_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}"
designate_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}"
designate_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}"
designate_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}"
designate_oslomsg_rpc_userid: designate-rpc
designate_oslomsg_rpc_vhost: /designate
# Notify
designate_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
designate_oslomsg_notify_setup_host: "{{ (designate_oslomsg_notify_host_group in groups) | ternary(groups[designate_oslomsg_notify_host_group][0], 'localhost') }}"
designate_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
designate_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
designate_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
designate_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}"
designate_oslomsg_notify_userid: "{{ designate_oslomsg_rpc_userid }}"
designate_oslomsg_notify_password: "{{ designate_oslomsg_rpc_password }}"
designate_oslomsg_notify_vhost: "{{ designate_oslomsg_rpc_vhost }}"
## RabbitMQ info
## Pool Configuration Defaults
designate_pool_uuid: 794ccc2c-d751-44fe-b57f-8894c9f5c842
# Enable/Disable Ceilometer
designate_ceilometer_enabled: False
# Designate services info
designate_role_name: admin
## DNS Backend Configuration
# Configuration for the DNS backend that Designate will talk to, Designate
# supports lots of backends, bind9, powerdns, nsd, djb, dyn, akamai, etc.
# DNS Backends are configured via a YAML file that Designate reads. The DNS
# server need not be in the actual Designate container, but for development,
# or for some internal addressing use cases, it may make sense.
# YAML to use for the Designate pools.yaml file. If this variable is defined,
# a pools.yaml file will be written to /etc/designate/pools.yaml with the
# provided YAML data.
#
# This is some example pools.yaml information that will work with a
# simple bind9 installation in the same container as Designate.
# designate_pools_yaml:
# - name: "default"
# description: Default BIND9 Pool
# attributes: {}
# ns_records:
# - hostname: ns1.example.org.
# priority: 1
# nameservers:
# - host: 127.0.0.1
# port: 53
# targets:
# - type: bind9
# description: BIND9 Server
# masters:
# - host: 127.0.0.1
# port: 5354
# options:
# host: 127.0.0.1
# port: 53
# rndc_host: 127.0.0.1
# rndc_port: 953
## rndc keys for authenticating with bind9
# define this to create as many key files as are required
# designate_rndc_keys
# - name: "rndc-key"
# file: /etc/designate/rndc.key
# algorithm: "hmac-md5"
# secret: "<key>"
## Service Type and Data
designate_service_region: RegionOne
designate_service_endpoint_type: internalURL
designate_service_name: designate
designate_service_port: 9001
designate_service_proto: http
designate_service_type: dns
designate_service_description: "Designate DNS as a Service"
designate_service_project_domain_id: default
designate_service_user_domain_id: default
designate_service_user_name: designate
designate_keystone_auth_type: password
designate_service_project_name: service
designate_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(designate_service_proto) }}"
designate_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(designate_service_proto) }}"
designate_service_publicuri: "{{ designate_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ designate_service_port }}"
designate_service_internaluri: "{{ designate_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}"
designate_service_adminuri: "{{ (designate_service_adminurl | default('http://localhost')) | netorigin }}"
designate_service_in_ldap: False
# Common pip packages
designate_pip_packages:
- cryptography
- designate
- osprofiler
- python-designateclient
- PyMySQL
- python-memcached
- warlock
designate_central_init_overrides: {}
designate_worker_init_overrides: {}
designate_producer_init_overrides: {}
designate_mdns_init_overrides: {}
designate_sink_init_overrides: {}
designate_api_init_overrides: {}
## Service Name-Group Mapping
designate_services:
designate-central:
group: designate_central
service_name: designate-central
init_config_overrides: "{{ designate_central_init_overrides }}"
designate-worker:
group: designate_worker
service_name: designate-worker
init_config_overrides: "{{ designate_worker_init_overrides }}"
designate-producer:
group: designate_producer
service_name: designate-producer
init_config_overrides: "{{ designate_producer_init_overrides }}"
designate-mdns:
group: designate_mdns
service_name: designate-mdns
init_config_overrides: "{{ designate_mdns_init_overrides }}"
designate-sink:
group: designate_sink
service_name: designate-sink
init_config_overrides: "{{ designate_sink_init_overrides }}"
designate-api:
group: designate_api
service_name: designate-api
init_config_overrides: "{{ designate_api_init_overrides }}"
# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
designate_role_project_group: designate_all
## Tunable overrides
designate_policy_overrides: {}
designate_designate_conf_overrides: {}
designate_api_paste_ini_overrides: {}
designate_rootwrap_conf_overrides: {}
View Git Blame Copy Permalink