openstack/openstack-ansible-repo_server
Code Issues Proposed changes
openstack-ansible-repo_server/defaults/main.yml
Jonathan Rosser c966363bd4 Add facility to store repo contents on a remote mount 
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/837706
Change-Id: I9008680a5f41287599d67f4ce70605b60bccabf3
2022-04-20 06:55:06 +00:00

107 lines
4.4 KiB
YAML
Raw Blame History

---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Verbosity Options
debug: False
## Cap the maximum number of threads / workers when a user value is unspecified.
repo_nginx_threads_max: 16
repo_nginx_threads: "{{ [[ansible_facts['processor_vcpus']|default(2) // 2, 1] | max, repo_nginx_threads_max] | min }}"
## APT Cache Options
cache_timeout: 600
## Centos EPEL repository options
repo_centos_epel_mirror: "{{ centos_epel_mirror | default('http://download.fedoraproject.org/pub/epel') }}"
repo_centos_epel_key: "{{ centos_epel_key | default('http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-' ~ ansible_facts['distribution_major_version']) }}"
## Centos NGINX repository options
repo_centos_nginx_mirror: "{{ centos_nginx_mirror | default('http://nginx.org/packages/centos/$releasever/$basearch') }}"
repo_centos_nginx_key: "{{ centos_nginx_key | default('http://nginx.org/keys/nginx_signing.key') }}"
# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
repo_server_package_state: "latest"
repo_server_pip_package_state: "latest"
repo_worker_connections: 1024
repo_server_name: openstack-slushee
repo_service_home_folder: /var/www
repo_service_user_name: nginx
repo_service_group_name: www-data
# Main web server port
repo_server_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
repo_server_port: 8181
# This directory is used by the repo_build, and will cause problems if synced
# to repo_containers with other releases.
repo_build_global_links_dirname: links
# This directory is used on the deploy host to create u-c files which are then
# copied to the repo server and served by http. Any other files in this
# directory placed by the deployer will also be transferred
repo_upper_constraints_path: "/etc/openstack_deploy/upper-constraints"
# Delegated host for operating the ssh certificate authority
repo_ssh_keypairs_setup_host: "{{ openstack_ssh_keypairs_setup_host | default('localhost') }}"
# directory on the setup host to create and store SSH keypairs
repo_ssh_keypairs_dir: "{{ openstack_ssh_keypairs_dir | default('/etc/openstack_deploy/ssh_keypairs') }}"
#Each repo host needs a signed ssh certificate to log into the others
repo_ssh_keypairs:
- name: "repo-{{ inventory_hostname }}"
cert:
signed_by: "{{ openstack_ssh_signing_key }}"
principals: "{{ repo_ssh_key_principals | default('repo') }}"
valid_from: "{{ repo_ssh_key_valid_from | default('always') }}"
valid_to: "{{ repo_ssh_key_valid_to | default('forever') }}"
#Each repo host needs the signed ssh certificate installing to the repo_server user
repo_ssh_keypairs_install_keys:
owner: "{{ repo_service_user_name }}"
group: "{{ repo_service_group_name }}"
keys:
- cert: "repo-{{ inventory_hostname }}"
dest: "{{ repo_service_home_folder }}/.ssh/id_rsa"
#Each repo host must trust the SSHD certificate authoritiy in the sshd configuration
repo_ssh_keypairs_install_ca: "{{ openstack_ssh_keypairs_authorities }}"
#Each repo host must allow SSH certificates with the appropriate principal to log into the repo_server user
repo_ssh_keypairs_principals:
- user: "{{ repo_service_user_name }}"
principals: "{{ repo_ssh_key_principals | default(['repo']) }}"
# Temporary variable which allows the lsyncd/rsync installation to be disabled outside this
# role when transtioning to using a shared filesystem to sync contents between repo_servers.
# The default is to enable the sync manager to give backward compatibility and allow code to
# merge.
repo_server_enable_sync_manager: True
# Multiple repo servers must have a shared /var/www/repo
repo_server_systemd_mounts: []
# Example using remote shared filesystem to synchronise the repo contents between
# several repo servers
#repo_server_systemd_mounts:
# - what: "gluster-server:gluster-volume-name"
# where: "/var/www/repo"
# type: glusterfs
# state: 'started'
# enabled: true
View Git Blame Copy Permalink