248bc02264
This enable cluster_user_trust which is needed to get Kubernetes
integration with Cinder and Neutron LBaaS.
Fedora images for Ocata have been updated in
https://review.openstack.org/#/c/452102/. This commit also fixes the
gate.
Change-Id: Ie95c45f84381b0d278dafa6a3227f787ece83323
(cherry picked from commit aceaa3e5f1)
175 lines
5.8 KiB
YAML
175 lines
5.8 KiB
YAML
---
|
|
magnum_developer_mode: true
|
|
cinder_service_region: RegionOne
|
|
magnum_galera_password: secrete
|
|
magnum_galera_address: "{{ hostvars[groups['galera_all'][0]]['ansible_host'] }}"
|
|
magnum_service_password: secrete
|
|
magnum_rabbitmq_password: secrete
|
|
magnum_trustee_password: secrete
|
|
magnum_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
|
magnum_rabbitmq_userid: magnum
|
|
magnum_rabbitmq_vhost: /magnum
|
|
magnum_galera_database_name: magnum_service
|
|
magnum_galera_user: magnum
|
|
|
|
# TODO: Install and use barbican for certificate management
|
|
# Make sure we use x509keypair for now
|
|
magnum_cert_manager_type: x509keypair
|
|
|
|
magnum_glance_images:
|
|
- name: fedora-atomic-ocata
|
|
disk_format: qcow2
|
|
image_format: bare
|
|
public: true
|
|
file: https://fedorapeople.org/groups/magnum/fedora-atomic-ocata.qcow2
|
|
distro: fedora-atomic
|
|
checksum: "sha1:b08726169870219e3b87687c4fa28a660a3cad4d"
|
|
|
|
haproxy_default_services:
|
|
- service:
|
|
haproxy_service_name: galera
|
|
haproxy_backend_nodes: "{{ [groups['galera_all'][0]] | default([]) }}" # list expected
|
|
haproxy_backup_nodes: "{{ groups['galera_all'][1:] | default([]) }}"
|
|
haproxy_port: 3306
|
|
haproxy_balance_type: tcp
|
|
haproxy_timeout_client: 5000s
|
|
haproxy_timeout_server: 5000s
|
|
haproxy_backend_options:
|
|
- "mysql-check user {{ galera_monitoring_user }}"
|
|
haproxy_whitelist_networks:
|
|
- 192.168.0.0/16
|
|
- 172.16.0.0/12
|
|
- 10.0.0.0/8
|
|
- service:
|
|
haproxy_service_name: glance_api
|
|
haproxy_backend_nodes: "{{ groups['glance_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 9292
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk /healthcheck"
|
|
- service:
|
|
haproxy_service_name: glance_registry
|
|
haproxy_backend_nodes: "{{ groups['glance_registry'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 9191
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk /healthcheck"
|
|
haproxy_whitelist_networks:
|
|
- 192.168.0.0/16
|
|
- 172.16.0.0/12
|
|
- 10.0.0.0/8
|
|
- service:
|
|
haproxy_service_name: heat_api_cfn
|
|
haproxy_backend_nodes: "{{ groups['heat_api_cfn'] | default([]) }}"
|
|
haproxy_port: 8000
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: heat_api_cloudwatch
|
|
haproxy_backend_nodes: "{{ groups['heat_api_cloudwatch'] | default([]) }}"
|
|
haproxy_port: 8003
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: heat_api
|
|
haproxy_backend_nodes: "{{ groups['heat_api'] | default([]) }}"
|
|
haproxy_port: 8004
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: keystone_service
|
|
haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}"
|
|
haproxy_port: 5000
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_balance_type: "http"
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: keystone_admin
|
|
haproxy_backend_nodes: "{{ groups['keystone_all'] | default([]) }}"
|
|
haproxy_port: 35357
|
|
haproxy_balance_type: "http"
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
haproxy_whitelist_networks:
|
|
- 192.168.0.0/16
|
|
- 172.16.0.0/12
|
|
- 10.0.0.0/8
|
|
- service:
|
|
haproxy_service_name: neutron_server
|
|
haproxy_backend_nodes: "{{ groups['neutron_server'] | default([]) }}"
|
|
haproxy_port: 9696
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: nova_api_metadata
|
|
haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}"
|
|
haproxy_port: 8775
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
haproxy_whitelist_networks:
|
|
- 192.168.0.0/16
|
|
- 172.16.0.0/12
|
|
- 10.0.0.0/8
|
|
- service:
|
|
haproxy_service_name: nova_api_os_compute
|
|
haproxy_backend_nodes: "{{ groups['nova_api_os_compute'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 8774
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: nova_console
|
|
haproxy_backend_nodes: "{{ groups['nova_console'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 6082
|
|
haproxy_balance_type: tcp
|
|
haproxy_timeout_client: 60m
|
|
haproxy_timeout_server: 60m
|
|
haproxy_balance_alg: source
|
|
haproxy_backend_options:
|
|
- tcp-check
|
|
- service:
|
|
haproxy_service_name: cinder_api
|
|
haproxy_backend_nodes: "{{ groups['cinder_api'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 8776
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
- service:
|
|
haproxy_service_name: rabbitmq_mgmt
|
|
haproxy_backend_nodes: "{{ groups['rabbitmq'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 15672
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk HEAD /"
|
|
haproxy_whitelist_networks:
|
|
- 192.168.0.0/16
|
|
- 172.16.0.0/12
|
|
- 10.0.0.0/8
|
|
- service:
|
|
haproxy_service_name: magnum
|
|
haproxy_backend_nodes: "{{ groups['magnum_all'] | default([]) }}"
|
|
haproxy_ssl: "{{ haproxy_ssl }}"
|
|
haproxy_port: 9511
|
|
haproxy_balance_type: http
|
|
haproxy_backend_options:
|
|
- "httpchk GET /"
|
|
|
|
haproxy_ssl: false
|