openstack/openstack-ansible-os_octavia
Code Issues Proposed changes
openstack-ansible-os_octavia/tests/os_octavia-overrides.yml
German Eichberger fbda283da8 Adds the issuer to the CAs 
Octavia is using certificate authorities to manage
the amp communication but the built-in ansible
certificate commands can't generate proper CA
certificates (they omit the necessary X509 extensions)
nor properly sign CSRs and reference the CA.

The changes here replace the parts where ansible's
certificate commands fall short with running the
openssl command directly. To do so it sets up
the necessary files, directories, and templates
an openssl config file.

Once ansible's certificate capabilities improve we
can retire those commands.

Also improve tests so we gate when this fails.

Change-Id: Iaae462844d783bd6086ce6a2816ea01cafc14e6d
2018-06-22 08:46:14 -07:00

105 lines
3.6 KiB
YAML
Raw Blame History

---
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Octavia rewuires currently nested virtualization (VT-X) which only one jenkins
## gate cloud provides reliabley. To cut down on gate errors this will
## disbale the tests which spin up an amphora
## As of 4/6/18 zuul runs out of memory testing with this enabled
test_octavia_amphora: True
# Test Octavia standalone
octavia_v2: True
octavia_v1: False
test_octavia_api_host: "{{ hostvars['octavia1']['ansible_host'] }}"
## octavia User / Group
octavia_system_user_name: octavia
octavia_system_group_name: octavia
octavia_system_shell: /bin/false
octavia_system_comment: octavia system user
octavia_system_home_folder: "/var/lib/{{ octavia_system_user_name }}"
# Octavia specific settings
octavia_venv_tag: "testing"
octavia_developer_mode: True
octavia_git_install_branch: master
octavia_service_internaluri: "http://{{ test_octavia_api_host }}:9876"
octavia_service_adminuri: "{{ octavia_service_internaluri }}"
octavia_service_publicuri: "{{ octavia_service_internaluri }}"
octavia_service_password: "secrete"
octavia_service_name: octavia
octavia_service_project_name: "service"
octavia_galera_address: "{{ test_galera_host }}"
octavia_galera_database: octavia
octavia_galera_user: octavia
octavia_container_mysql_password: "secrete"
octavia_rabbitmq_password: "{{ rabbitmq_password }}"
octavia_rabbitmq_userid: octavia
octavia_rabbitmq_vhost: /octavia
octavia_rabbitmq_servers: "{{ rabbitmq_servers }}"
octavia_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
octavia_rabbitmq_port: "{{ rabbitmq_port }}"
octavia_standalone: False
octavia_swift_temp_url_secret_key: secrete
octavia_keystone_auth_plugin: password
octavia_service_project_domain_id: default
octavia_service_user_domain_id: default
octavia_service_user_name: "octavia"
octavia_ansible_endpoint_type: "internal"
octavia_legacy_policy: True
octavia_health_hmac_key: secrete
test_swift_storage_network: "eth3"
test_swift_repl_network: "eth3"
glance_file_store: swift
test_swift_repl_number: 2
nova_console_type: novnc
neutron_provider_networks:
network_types: "vxlan,flat"
network_vxlan_ranges: "1:1000"
network_flat_networks: "flat,lbaas"
network_mappings: "flat:eth12,lbaas:eth14"
#couldn't find provider_networks inventory var?
octavia_container_interface: "eth14"
# Must be set to a normal MTU
neutron_network_device_mtu: 1500
neutron_l2_population: True
neutron_dhcp_config:
dhcp-option-force: "26,1500"
log-facility: "/var/log/neutron/neutron-dnsmasq.log"
neutron_l3: True
neutron_metadata: True
octavia_pip_package_state: latest
octavia_package_state: latest
octavia_neutron_management_network_name: lbaas-mgmt
octavia_management_net_subnet_cidr: 10.1.7.0/24
octavia_ssh_enabled: True
octavia_amphora_driver: "{% if test_octavia_amphora | bool %}amphora_haproxy_rest_driver{% else %}amphora_noop_driver{% endif %}"
octavia_compute_driver: "{% if test_octavia_amphora | bool %}compute_nova_driver{% else %}compute_noop_driver{% endif %}"
octavia_network_driver: "{% if test_octavia_amphora | bool %}allowed_address_pairs_driver{% else %}network_noop_driver{% endif %}"
# cert generation
octavia_cert_client_password: 'changeme'
View Git Blame Copy Permalink