openstack-ansible-os_zun/defaults/main.yml

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


# Enable/Disable barbican configurations
zun_barbican_enabled: False
# Enable/Disable designate configurations
zun_designate_enabled: False
# Notification topics for designate.
zun_notifications_designate: notifications_designate
# Enable/Disable ceilometer configurations
zun_ceilometer_enabled: False

## Verbosity Options
debug: False

#python venv executable
zun_venv_python_executable: "{{ openstack_venv_python_executable | default('python2') }}"

# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
zun_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
zun_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((zun_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}"

# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
zun_package_state: "latest"
zun_pip_package_state: "latest"

zun_git_repo: https://opendev.org/openstack/zun
zun_git_install_branch: master

zun_kuryr_git_repo: https://opendev.org/openstack/kuryr-libnetwork
zun_kuryr_git_install_branch: master

zun_upper_constraints_url: "{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}"
zun_git_constraints:
  - "git+{{ zun_git_repo }}@{{ zun_git_install_branch }}#egg=zun"
  - "git+{{ zun_kuryr_git_repo }}@{{ zun_kuryr_git_install_branch }}#egg=kuryr-libnetwork"
  - "--constraint {{ zun_upper_constraints_url }}"

zun_pip_install_args: "{{ pip_install_options | default('') }}"

# Name of the virtual env to deploy into
zun_venv_tag: "{{ venv_tag | default('untagged') }}"
zun_bin: "/openstack/venvs/zun-{{ zun_venv_tag }}/bin"

zun_fatal_deprecations: False

## Zun user information
zun_system_user_name: zun
zun_system_group_name: zun
zun_system_shell: /bin/false
zun_system_comment: zun system user
zun_system_home_folder: "/var/lib/{{ zun_system_user_name }}"
zun_log_dir: "/var/log/zun"

zun_lock_path: "/var/lock/zun"

## Kuryr user information
zun_kuryr_system_user_name: kuryr
zun_kuryr_system_group_name: kuryr
zun_kuryr_system_shell: /bin/false
zun_kuryr_system_comment: kuryr system user
zun_kuryr_system_home_folder: "/var/lib/{{ zun_kuryr_system_user_name }}"
zun_kuryr_log_dir: "/var/log/kuryr"

zun_kuryr_lock_path: "/var/lock/kuryr"

# Set a list of users that are permitted to execute the docker binary.
zun_docker_users:
  - "{{ zun_system_user_name }}"
  - "{{ zun_kuryr_system_user_name }}"

# Set the docker api version. The default is false, which will result in no
# option being set in config for api servers. On compute hosts the docker api
# version will be used as determined by the client version information.
zun_docker_api_version: false

## Manually specified zun UID/GID
# Deployers can specify a UID for the zun user as well as the GID for the
# zun group if needed. This is commonly used in environments where shared
# storage is used, such as NFS or GlusterFS, and zun UID/GID values must be
# in sync between multiple servers.
#
# WARNING: Changing these values on an existing deployment can lead to
#          failures, errors, and instability.
#
# zun_system_user_uid = <UID>
# zun_system_group_gid = <GID>

## Database info
zun_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
zun_galera_address: "{{ galera_address | default('127.0.0.1') }}"
zun_galera_user: zun
zun_galera_database: zun
zun_db_max_overflow: 10
zun_db_max_pool_size: 120
zun_db_pool_timeout: 30
# Toggle whether zun connects via an encrypted connection
zun_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
# The path where to store the database server CA certificate
zun_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"

## RabbitMQ info

## Configuration for RPC communications
zun_rpc_thread_pool_size: 64
zun_rpc_conn_pool_size: 30
zun_rpc_response_timeout: 60

## Oslo Messaging info

# RPC
zun_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
zun_oslomsg_rpc_setup_host: "{{ (zun_oslomsg_rpc_host_group in groups) | ternary(groups[zun_oslomsg_rpc_host_group][0], 'localhost') }}"
zun_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}"
zun_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}"
zun_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}"
zun_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}"
zun_oslomsg_rpc_userid: zun
zun_oslomsg_rpc_vhost: /zun

# Notify
zun_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
zun_oslomsg_notify_setup_host: "{{ (zun_oslomsg_notify_host_group in groups) | ternary(groups[zun_oslomsg_notify_host_group][0], 'localhost') }}"
zun_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
zun_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
zun_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
zun_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}"
zun_oslomsg_notify_userid: "{{ zun_oslomsg_rpc_userid }}"
zun_oslomsg_notify_password: "{{ zun_oslomsg_rpc_password }}"
zun_oslomsg_notify_vhost: "{{ zun_oslomsg_rpc_vhost }}"

# If this is not set, then the playbook will try to guess it.
#zun_virt_type: kvm

## Zun Auth
zun_service_region: RegionOne
zun_service_project_name: "service"
zun_service_project_domain_id: default
zun_service_user_domain_id: default
zun_service_user_name: "zun"
zun_service_role_name: "admin"

## Zun Auth for kuryr
zun_kuryr_service_username: kuryr

## Keystone authentication middleware
zun_keystone_auth_plugin: password

## Zun v1
zun_service_name: zun
zun_service_type: container
zun_service_proto: http
zun_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(zun_service_proto) }}"
zun_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(zun_service_proto) }}"
zun_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(zun_service_proto) }}"
zun_service_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
zun_service_port: 9517
zun_kuryr_service_address: 127.0.0.1
zun_kuryr_service_port: 23750
zun_service_description: "Zun Compute Service"
zun_service_publicuri: "{{ zun_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ zun_service_port }}"
zun_service_publicurl: "{{ zun_service_publicuri }}"
zun_service_adminuri: "{{ zun_service_adminuri_proto }}//{{ internal_lb_vip_address }}:{{ zun_service_port }}"
zun_service_adminurl: "{{ zun_service_adminuri }}"
zun_service_internaluri: "{{ zun_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ zun_service_port }}"
zun_service_internalurl: "{{ zun_service_internaluri }}"
zun_service_endpoint_type: internalURL

# If you want to regenerate the zun users SSH keys, on each run, set this var to True
# Otherwise keys will be generated on the first run and not regenerated each run.
zun_recreate_keys: False

## General Zun configuration
# If ``zun_osapi_compute_workers`` is unset the system will use half the number of available VCPUS to
# compute the number of api workers to use.
# zun_osapi_compute_workers: 16

# If ``zun_conductor_workers`` is unset the system will use half the number of available VCPUS to
# compute the number of api workers to use.
# zun_conductor_workers: 16

# If ``zun_metadata_workers`` is unset the system will use half the number of available VCPUS to
# compute the number of api workers to use.
# zun_metadata_workers: 16

## Cap the maximun number of threads / workers when a user value is unspecified.
zun_api_threads_max: 16
zun_api_threads: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, zun_api_threads_max] | min }}"

zun_service_in_ldap: false

zun_scheduler_default_filters: >-
  AvailabilityZoneFilter,
  CPUFilter,
  ComputeFilter  
zun_scheduler_available_filters: zun.scheduler.filters.all_filters
zun_scheduler_driver: filter_scheduler

## uWSGI setup
zun_wsgi_threads: 1
zun_wsgi_processes_max: 16
zun_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, zun_wsgi_processes_max] | min }}"

## Service Name-Group Mapping
zun_services:
  kuryr-libnetwork:
    group: zun_compute
    service_name: kuryr-libnetwork
    condition: "{{ inventory_hostname in groups['zun_compute'] }}"
    init_config_overrides: "{{ zun_kuryr_init_overrides }}"
    start_order: 3
    wsgi_app: True
    wsgi: kuryr_libnetwork.server:app
    uwsgi_bind_address: "{{ zun_kuryr_service_address }}"
    uwsgi_port: "{{ zun_kuryr_service_port }}"
    uwsgi_overrides: "{{ zun_kuryr_uwsgi_conf_overrides }}"
    uwsgi_uid: "{{ zun_kuryr_system_user_name }}"
    uwsgi_guid: "{{ zun_kuryr_system_group_name }}"
  zun-api:
    group: zun_api
    service_name: zun-api
    init_config_overrides: "{{ zun_api_init_overrides }}"
    start_order: 1
    wsgi_app: True
    wsgi_path: "{{ zun_bin }}/zun-api-wsgi"
    uwsgi_bind_address: "{{ zun_service_address }}"
    uwsgi_port: "{{ zun_service_port }}"
    uwsgi_overrides: "{{ zun_uwsgi_conf_overrides }}"
    uwsgi_uid: "{{ zun_system_user_name }}"
    uwsgi_guid: "{{ zun_system_group_name }}"
  zun-compute:
    group: zun_compute
    service_name: zun-compute
    init_config_overrides: "{{ zun_compute_init_overrides }}"
    start_order: 4
    execstarts: "{{ zun_bin }}/zun-compute --config-dir /etc/zun"
  zun-wsproxy:
    group: zun_api
    service_name: zun-wsproxy
    init_config_overrides: "{{ zun_wsproxy_init_overrides }}"
    start_order: 2
    execstarts: "{{ zun_bin }}/zun-wsproxy --config-dir /etc/zun"

# Common pip packages
zun_pip_packages:
  - kuryr-libnetwork
  - oslo_rootwrap
  - osprofiler
  - python-memcached
  - pymemcache
  - python-zunclient
  - pymysql
  - systemd-python
  - zun

## (Qdrouterd) integration
# TODO(ansmith): Change structure when more backends will be supported
zun_oslomsg_amqp1_enabled: "{{ zun_oslomsg_rpc_transport == 'amqp' }}"

zun_memcached_servers: "{{ memcached_servers }}"

zun_optional_oslomsg_amqp1_pip_packages:
  - oslo.messaging[amqp1]

## Default service options used within all systemd unit files.
zun_service_defaults: {}

## Tunable overrides for services
zun_zun_conf_overrides: {}
zun_rootwrap_conf_overrides: {}
zun_kuryr_conf_overrides: {}
zun_docker_config_overrides: {}
zun_kuryr_config_overrides: {}
zun_uwsgi_conf_overrides: {}
zun_kuryr_uwsgi_conf_overrides:
  uwsgi:
    pyargv: --config-file /etc/kuryr/kuryr.conf

## Tubnable overrides for service unit files.
zun_api_paste_ini_overrides: {}
zun_api_init_overrides: {}
zun_wsproxy_init_overrides: {}
zun_compute_init_overrides: {}

## Default zun+kuryr options used within the system unit file.
# NOTE(cloudnull): These options are used to ensure that kuryr is always
#                  started after docker and has the proper capabilities.
zun_kuryr_init_overrides:
  Unit:
    After:
      ? network-online.target
      ? docker.service
    PartOf: docker.service
    Wants: network-online.target
  Service:
    CapabilityBoundingSet: CAP_NET_ADMIN
    Group: "{{ zun_kuryr_system_group_name }}"
    User: "{{ zun_kuryr_system_user_name }}"