04b99a0f81
Implement support for service_tokens. For that we convert role_name to be a list along with renaming corresponding variable. Additionally service_type is defined now for keystone_authtoken which enables to validate tokens with restricted access rules Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/845690 Change-Id: Id451d06bcc40c94e9ef021dd7e3c1d14703e73cc
138 lines
4.8 KiB
Django/Jinja
138 lines
4.8 KiB
Django/Jinja
[DEFAULT]
|
|
debug = {{ debug | bool }}
|
|
use_journal = true
|
|
rpc_conn_pool_size = {{ zun_rpc_conn_pool_size }}
|
|
transport_url = {{ zun_oslomsg_rpc_transport }}://{% for host in zun_oslomsg_rpc_servers.split(',') %}{{ zun_oslomsg_rpc_userid }}:{{ zun_oslomsg_rpc_password }}@{{ host }}:{{ zun_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ zun_oslomsg_rpc_vhost }}{% if zun_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ zun_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ zun_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
|
|
|
|
use_sandbox = true
|
|
image_driver_list = glance,docker
|
|
default_image_driver = docker
|
|
capsule_driver = docker
|
|
container_runtime = {{ zun_container_runtime }}
|
|
|
|
|
|
[api]
|
|
port = {{ zun_service_port }}
|
|
host_ip = {{ ansible_host }}
|
|
workers = {{ zun_api_threads }}
|
|
|
|
|
|
[cinder_client]
|
|
endpoint_type = {{ zun_service_endpoint_type }}
|
|
|
|
{% if group_names | intersect(zun_services.keys() | difference('zun-compute') | map('extract', zun_services, 'group') | list) | count > 0 %}
|
|
[database]
|
|
connection = mysql+pymysql://{{ zun_galera_user }}:{{ zun_galera_password }}@{{ zun_galera_address }}/{{ zun_galera_database }}?charset=utf8{% if zun_galera_use_ssl | bool %}&ssl_verify_cert=true{% if zun_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ zun_galera_ssl_ca_cert }}{% endif %}{% endif +%}
|
|
max_overflow = {{ zun_db_max_overflow }}
|
|
max_pool_size = {{ zun_db_max_pool_size }}
|
|
pool_timeout = {{ zun_db_pool_timeout }}
|
|
connection_recycle_time = {{ zun_db_connection_recycle_time }}
|
|
{% endif %}
|
|
|
|
|
|
{% if zun_docker_api_version != false %}
|
|
[docker]
|
|
docker_remote_api_version = {{ zun_docker_api_version }}
|
|
{% endif %}
|
|
|
|
[glance]
|
|
images_directory = {{ zun_system_home_folder }}/images
|
|
|
|
|
|
[glance_client]
|
|
endpoint_type = {{ zun_service_endpoint_type }}
|
|
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
|
|
|
|
|
[keystone_auth]
|
|
auth_type = {{ zun_keystone_auth_plugin }}
|
|
auth_url = {{ keystone_service_adminurl }}
|
|
project_name = {{ zun_service_project_name }}
|
|
project_domain_id = {{ zun_service_project_domain_id }}
|
|
username = {{ zun_service_user_name }}
|
|
user_domain_id = {{ zun_service_user_domain_id }}
|
|
password = {{ zun_service_password }}
|
|
|
|
|
|
[keystone_authtoken]
|
|
auth_url = {{ keystone_service_adminurl }}
|
|
www_authenticate_uri = {{ keystone_service_internaluri }}
|
|
auth_version = v3
|
|
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
|
region_name = {{ keystone_service_region }}
|
|
memcached_servers = {{ zun_memcached_servers }}
|
|
token_cache_time = 300
|
|
memcache_security_strategy = ENCRYPT
|
|
memcache_secret_key = {{ memcached_encryption_key }}
|
|
auth_type = {{ zun_keystone_auth_plugin }}
|
|
username = {{ zun_service_user_name }}
|
|
user_domain_id = {{ zun_service_user_domain_id }}
|
|
password = {{ zun_service_password }}
|
|
|
|
service_token_roles_required = {{ zun_service_token_roles_required | bool }}
|
|
service_token_roles = {{ zun_service_token_roles | join(',') }}
|
|
service_type = {{ zun_service_type }}
|
|
|
|
[network]
|
|
driver = kuryr
|
|
driver_name = kuryr
|
|
|
|
[neutron_client]
|
|
endpoint_type = {{ zun_service_endpoint_type }}
|
|
insecure = {{ keystone_service_adminuri_insecure | bool }}
|
|
|
|
|
|
[oslo_concurrency]
|
|
lock_path = {{ zun_lock_dir }}/{{ zun_system_slice_name }}
|
|
|
|
|
|
[oslo_messaging_notifications]
|
|
driver = {{ (zun_ceilometer_enabled | bool) | ternary('messagingv2', 'noop') }}
|
|
transport_url = {{ zun_oslomsg_notify_transport }}://{% for host in zun_oslomsg_notify_servers.split(',') %}{{ zun_oslomsg_notify_userid }}:{{ zun_oslomsg_notify_password }}@{{ host }}:{{ zun_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ zun_oslomsg_notify_vhost }}{% if zun_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ zun_oslomsg_notify_ssl_version }}&ssl_ca_file={{ zun_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
|
|
{% if zun_ceilometer_enabled or zun_designate_enabled %}
|
|
{% set notification_topics = [] %}
|
|
{% if zun_ceilometer_enabled %}
|
|
{% set _ = notification_topics.append('notifications') %}
|
|
{% endif %}
|
|
{% if zun_designate_enabled %}
|
|
{% set _ = notification_topics.append(zun_notifications_designate) %}
|
|
{% endif %}
|
|
topics = {{ notification_topics | join(',') }}
|
|
{% endif %}
|
|
|
|
|
|
[oslo_messaging_rabbit]
|
|
ssl = {{ zun_oslomsg_notify_use_ssl | bool }}
|
|
|
|
|
|
[placement_client]
|
|
endpoint_type = {{ zun_service_endpoint_type }}
|
|
insecure = {{ keystone_service_adminuri_insecure | bool }}
|
|
|
|
|
|
[scheduler]
|
|
driver = {{ zun_scheduler_driver }}
|
|
available_filters = {{ zun_scheduler_available_filters }}
|
|
enabled_filters = {{ zun_scheduler_default_filters }}
|
|
|
|
|
|
[volume]
|
|
use_multipath = true
|
|
driver_list = cinder,local
|
|
volume_dir = {{ zun_system_home_folder }}/volumes
|
|
|
|
|
|
[compute]
|
|
host_shared_with_nova = {{ inventory_hostname in groups['nova_compute'] }}
|
|
|
|
|
|
[websocket_proxy]
|
|
base_url = {{ zun_wsproxy_base_uri }}
|
|
wsproxy_host = {{ zun_wsproxy_host }}
|
|
wsproxy_port = {{ zun_wsproxy_port }}
|
|
|
|
|
|
[zun_client]
|
|
endpoint_type = {{ zun_service_endpoint_type }}
|
|
insecure = {{ keystone_service_internaluri_insecure | bool }}
|