Merge "Move to a all/ group var folder"
This commit is contained in:
commit
028fd55d70
@ -1,511 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright 2016, Rackspace US, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
## OpenStack Source Code Release
|
|
||||||
openstack_release: master
|
|
||||||
|
|
||||||
## Verbosity Options
|
|
||||||
debug: False
|
|
||||||
|
|
||||||
## SSH connection wait time
|
|
||||||
ssh_delay: 5
|
|
||||||
|
|
||||||
# Set the package install state for distribution packages
|
|
||||||
# Options are 'present' and 'latest'
|
|
||||||
package_state: "latest"
|
|
||||||
|
|
||||||
# Set "/var/log" to be a bind mount to the physical host.
|
|
||||||
default_bind_mount_logs: true
|
|
||||||
|
|
||||||
# Set distro variable
|
|
||||||
os_distro_version: "{{ ansible_distribution | lower }}-{{ ansible_distribution_version.split('.')[:2] | join('.') }}-{{ ansible_architecture | lower }}"
|
|
||||||
|
|
||||||
# Ensure that the package state matches the global setting
|
|
||||||
ceph_client_package_state: "{{ package_state }}"
|
|
||||||
galera_client_package_state: "{{ package_state }}"
|
|
||||||
pip_install_package_state: "{{ package_state }}"
|
|
||||||
rsyslog_client_package_state: "{{ package_state }}"
|
|
||||||
|
|
||||||
## OpenStack source options
|
|
||||||
openstack_repo_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}"
|
|
||||||
openstack_repo_git_url: "git://{{ internal_lb_vip_address }}"
|
|
||||||
|
|
||||||
# URL for the frozen internal openstack repo.
|
|
||||||
repo_server_port: 8181
|
|
||||||
repo_pkg_cache_enabled: true
|
|
||||||
repo_pkg_cache_port: 3142
|
|
||||||
repo_pkg_cache_url: "http://{{ internal_lb_vip_address }}:{{ repo_pkg_cache_port }}"
|
|
||||||
repo_release_path: "{{ openstack_repo_url }}/os-releases/{{ openstack_release }}/{{ os_distro_version }}"
|
|
||||||
|
|
||||||
# These are pinned to ensure exactly the same behaviour forever!
|
|
||||||
# These pins are updated through the sources-branch-updater script
|
|
||||||
pip_packages:
|
|
||||||
- pip==9.0.1
|
|
||||||
- setuptools==33.1.1
|
|
||||||
- wheel==0.29.0
|
|
||||||
|
|
||||||
pip_links:
|
|
||||||
- { name: "openstack_release", link: "{{ repo_release_path }}/" }
|
|
||||||
pip_lock_to_internal_repo: "{{ (pip_links | length) >= 1 }}"
|
|
||||||
|
|
||||||
# The upper constraints to apply to all pip installations
|
|
||||||
pip_install_upper_constraints: "{{ repo_release_path }}/requirements_absolute_requirements.txt"
|
|
||||||
|
|
||||||
# The URL to retrieve the get-pip.py installation script
|
|
||||||
pip_upstream_url: "{{ (pip_offline_install | bool) | ternary('https://bootstrap.pypa.io/get-pip.py', repo_release_path ~ '/get-pip.py') }}"
|
|
||||||
|
|
||||||
## kernel modules for specific group hosts
|
|
||||||
# :param name: name of the kernel module
|
|
||||||
# :param pattern: pattern to search for in /boot/config-$kernel_version to check how module is configured inside kernel
|
|
||||||
# :param group: group of hosts where the module will be loaded
|
|
||||||
openstack_host_specific_kernel_modules:
|
|
||||||
- { name: "ebtables", pattern: "CONFIG_BRIDGE_NF_EBTABLES", group: "network_hosts" }
|
|
||||||
|
|
||||||
## DNS resolution (resolvconf) options
|
|
||||||
#Group containing resolvers to configure
|
|
||||||
resolvconf_resolver_group: unbound
|
|
||||||
|
|
||||||
## Memcached options
|
|
||||||
memcached_port: 11211
|
|
||||||
memcached_servers: "{% for host in groups['memcached'] %}{{ hostvars[host]['ansible_host'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
|
||||||
|
|
||||||
## Galera
|
|
||||||
galera_address: "{{ internal_lb_vip_address }}"
|
|
||||||
galera_root_user: "root"
|
|
||||||
|
|
||||||
## RabbitMQ
|
|
||||||
rabbitmq_host_group: "rabbitmq_all"
|
|
||||||
rabbitmq_port: "{{ (rabbitmq_use_ssl | bool) | ternary(5671, 5672) }}"
|
|
||||||
|
|
||||||
rabbitmq_use_ssl: True
|
|
||||||
rabbitmq_servers: "{% for host in groups[rabbitmq_host_group] %}{{ hostvars[host]['ansible_host'] }}{% if not loop.last %},{% endif %}{% endfor %}"
|
|
||||||
|
|
||||||
## Enable external SSL handling for general OpenStack services
|
|
||||||
openstack_external_ssl: true
|
|
||||||
|
|
||||||
## OpenStack global Endpoint Protos
|
|
||||||
openstack_service_publicuri_proto: https
|
|
||||||
#openstack_service_adminuri_proto: http
|
|
||||||
#openstack_service_internaluri_proto: http
|
|
||||||
|
|
||||||
## SSL
|
|
||||||
# These do not need to be configured unless you're creating certificates for
|
|
||||||
# services running behind Apache (currently, Horizon and Keystone).
|
|
||||||
ssl_protocol: "ALL -SSLv2 -SSLv3"
|
|
||||||
# Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
|
|
||||||
ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS"
|
|
||||||
|
|
||||||
## Region Name
|
|
||||||
service_region: RegionOne
|
|
||||||
|
|
||||||
## OpenStack Domain
|
|
||||||
openstack_domain: openstack.local
|
|
||||||
lxc_container_domain: "{{ openstack_domain }}"
|
|
||||||
|
|
||||||
## DHCP Domain Name
|
|
||||||
dhcp_domain: openstacklocal
|
|
||||||
|
|
||||||
## LDAP enabled toggle
|
|
||||||
service_ldap_backend_enabled: "{{ keystone_ldap is defined and keystone_ldap.Default is defined }}"
|
|
||||||
|
|
||||||
## Base venv configuration
|
|
||||||
venv_tag: "{{ openstack_release }}"
|
|
||||||
venv_base_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ os_distro_version }}"
|
|
||||||
|
|
||||||
## Aodh
|
|
||||||
aodh_service_region: "{{ service_region }}"
|
|
||||||
aodh_galera_user: aodh
|
|
||||||
aodh_galera_database: aodh
|
|
||||||
aodh_galera_address: "{{ internal_lb_vip_address }}"
|
|
||||||
aodh_connection_string: "mysql+pymysql://{{ aodh_galera_user }}:{{ aodh_container_db_password }}@{{ aodh_galera_address }}/{{ aodh_galera_database }}?charset=utf8"
|
|
||||||
aodh_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
|
|
||||||
## Ceilometer
|
|
||||||
ceilometer_service_user_name: ceilometer
|
|
||||||
ceilometer_service_tenant_name: service
|
|
||||||
|
|
||||||
# These are here rather than in ceilometer_all because
|
|
||||||
# both the os_ceilometer and os_swift roles require them
|
|
||||||
ceilometer_rabbitmq_userid: ceilometer
|
|
||||||
ceilometer_rabbitmq_vhost: /ceilometer
|
|
||||||
ceilometer_rabbitmq_port: "{{ rabbitmq_port }}"
|
|
||||||
ceilometer_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
|
||||||
ceilometer_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
|
||||||
ceilometer_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
|
|
||||||
## Cinder
|
|
||||||
cinder_service_region: "{{ service_region }}"
|
|
||||||
cinder_service_port: 8776
|
|
||||||
# If there are Swift hosts in the environment, then enable cinder backups to it
|
|
||||||
cinder_service_backup_program_enabled: "{{ groups['swift_all'] is defined and groups['swift_all'] | length > 0 }}"
|
|
||||||
# cinder_backend_rbd_inuse: True if current host has an rbd backend
|
|
||||||
cinder_backend_rbd_inuse: '{{ (cinder_backends|default("")|to_json).find("cinder.volume.drivers.rbd.RBDDriver") != -1 }}'
|
|
||||||
# cinder_backends_rbd_inuse: true if at least 1 cinder_backend on any
|
|
||||||
# cinder_volume host uses Ceph RBD
|
|
||||||
# http://stackoverflow.com/questions/9486393/jinja2-change-the-value-of-a-variable-inside-a-loop
|
|
||||||
cinder_backends_rbd_inuse: >-
|
|
||||||
{% set _var = False -%}
|
|
||||||
{% for host in groups['cinder_volume'] -%}
|
|
||||||
{% if hostvars[host]['cinder_backend_rbd_inuse'] | bool -%}
|
|
||||||
{% set _var = True -%}
|
|
||||||
{% endif -%}
|
|
||||||
{% endfor -%}
|
|
||||||
{{ _var }}
|
|
||||||
cinder_ceph_client: cinder
|
|
||||||
|
|
||||||
# These are here rather than in cinder_all because
|
|
||||||
# both the os_ceilometer and os_cinder roles require them
|
|
||||||
|
|
||||||
# RPC
|
|
||||||
cinder_rabbitmq_userid: cinder
|
|
||||||
cinder_rabbitmq_vhost: /cinder
|
|
||||||
cinder_rabbitmq_port: "{{ rabbitmq_port }}"
|
|
||||||
cinder_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
|
||||||
cinder_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
|
||||||
cinder_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
# Telemetry notifications
|
|
||||||
cinder_rabbitmq_telemetry_userid: "{{ cinder_rabbitmq_userid }}"
|
|
||||||
cinder_rabbitmq_telemetry_password: "{{ cinder_rabbitmq_password }}"
|
|
||||||
cinder_rabbitmq_telemetry_vhost: "{{ cinder_rabbitmq_vhost }}"
|
|
||||||
cinder_rabbitmq_telemetry_port: "{{ cinder_rabbitmq_port }}"
|
|
||||||
cinder_rabbitmq_telemetry_servers: "{{ cinder_rabbitmq_servers }}"
|
|
||||||
cinder_rabbitmq_telemetry_use_ssl: "{{ cinder_rabbitmq_use_ssl }}"
|
|
||||||
cinder_rabbitmq_telemetry_host_group: "{{ cinder_rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
# If there are any Ceilometer hosts in the environment, then enable its usage
|
|
||||||
cinder_ceilometer_enabled: "{{ (groups['cinder_all'] is defined) and (groups['cinder_all'] | length > 0) and (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}"
|
|
||||||
|
|
||||||
## Glance
|
|
||||||
glance_service_port: 9292
|
|
||||||
glance_service_proto: http
|
|
||||||
glance_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(glance_service_proto) }}"
|
|
||||||
glance_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(glance_service_proto) }}"
|
|
||||||
glance_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(glance_service_proto) }}"
|
|
||||||
glance_service_publicuri: "{{ glance_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ glance_service_port }}"
|
|
||||||
glance_service_publicurl: "{{ glance_service_publicuri }}"
|
|
||||||
glance_service_internaluri: "{{ glance_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}"
|
|
||||||
glance_service_internalurl: "{{ glance_service_internaluri }}"
|
|
||||||
glance_service_adminuri: "{{ glance_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}"
|
|
||||||
glance_service_adminurl: "{{ glance_service_adminuri }}"
|
|
||||||
glance_api_servers: "{{ glance_service_internaluri }}"
|
|
||||||
glance_service_user_name: glance
|
|
||||||
|
|
||||||
# These are here rather than in glance_all because
|
|
||||||
# both the os_ceilometer and os_glance roles require them
|
|
||||||
|
|
||||||
## Gnocchi
|
|
||||||
# Used in both Gnocchi and Swift roles.
|
|
||||||
gnocchi_service_project_name: "{{ (gnocchi_storage_driver is defined and gnocchi_storage_driver == 'swift') | ternary('gnocchi_swift', 'service') }}"
|
|
||||||
|
|
||||||
# RPC
|
|
||||||
glance_rabbitmq_userid: glance
|
|
||||||
glance_rabbitmq_vhost: /glance
|
|
||||||
glance_rabbitmq_port: "{{ rabbitmq_port }}"
|
|
||||||
glance_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
|
||||||
glance_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
|
||||||
glance_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
# Telemetry notifications
|
|
||||||
glance_rabbitmq_telemetry_userid: "{{ glance_rabbitmq_userid }}"
|
|
||||||
glance_rabbitmq_telemetry_password: "{{ glance_rabbitmq_password }}"
|
|
||||||
glance_rabbitmq_telemetry_vhost: "{{ glance_rabbitmq_vhost }}"
|
|
||||||
glance_rabbitmq_telemetry_port: "{{ glance_rabbitmq_port }}"
|
|
||||||
glance_rabbitmq_telemetry_servers: "{{ glance_rabbitmq_servers }}"
|
|
||||||
glance_rabbitmq_telemetry_use_ssl: "{{ glance_rabbitmq_use_ssl }}"
|
|
||||||
glance_rabbitmq_telemetry_host_group: "{{ glance_rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
# If there are any Ceilometer hosts in the environment, then enable its usage
|
|
||||||
glance_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}"
|
|
||||||
|
|
||||||
## Heat
|
|
||||||
|
|
||||||
# These are here rather than in heat_all because
|
|
||||||
# both the os_ceilometer and os_heat roles require them
|
|
||||||
|
|
||||||
# RPC
|
|
||||||
heat_rabbitmq_userid: heat
|
|
||||||
heat_rabbitmq_vhost: /heat
|
|
||||||
heat_rabbitmq_port: "{{ rabbitmq_port }}"
|
|
||||||
heat_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
|
||||||
heat_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
|
||||||
heat_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
# Telemetry notifications
|
|
||||||
heat_rabbitmq_telemetry_userid: "{{ heat_rabbitmq_userid }}"
|
|
||||||
heat_rabbitmq_telemetry_password: "{{ heat_rabbitmq_password }}"
|
|
||||||
heat_rabbitmq_telemetry_vhost: "{{ heat_rabbitmq_vhost }}"
|
|
||||||
heat_rabbitmq_telemetry_port: "{{ heat_rabbitmq_port }}"
|
|
||||||
heat_rabbitmq_telemetry_servers: "{{ heat_rabbitmq_servers }}"
|
|
||||||
heat_rabbitmq_telemetry_use_ssl: "{{ heat_rabbitmq_use_ssl }}"
|
|
||||||
heat_rabbitmq_telemetry_host_group: "{{ heat_rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
# If there are any Ceilometer hosts in the environment, then enable its usage
|
|
||||||
heat_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}"
|
|
||||||
|
|
||||||
## Ironic
|
|
||||||
ironic_keystone_auth_plugin: password
|
|
||||||
ironic_rabbitmq_userid: ironic
|
|
||||||
ironic_rabbitmq_vhost: /ironic
|
|
||||||
ironic_rabbitmq_port: "{{ rabbitmq_port }}"
|
|
||||||
ironic_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
|
||||||
ironic_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
|
||||||
ironic_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
|
||||||
ironic_service_name: ironic
|
|
||||||
ironic_service_user_name: ironic
|
|
||||||
ironic_service_proto: http
|
|
||||||
ironic_service_port: 6385
|
|
||||||
ironic_service_project_name: service
|
|
||||||
ironic_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(ironic_service_proto) }}"
|
|
||||||
ironic_service_adminurl: "{{ ironic_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_service_port }}"
|
|
||||||
|
|
||||||
## Keystone
|
|
||||||
keystone_admin_user_name: admin
|
|
||||||
keystone_admin_tenant_name: admin
|
|
||||||
keystone_admin_port: 35357
|
|
||||||
keystone_service_port: 5000
|
|
||||||
keystone_service_proto: http
|
|
||||||
keystone_service_region: "{{ service_region }}"
|
|
||||||
|
|
||||||
# These are here rather than in keystone_all because
|
|
||||||
# both the os_ceilometer and os_keystone roles require them
|
|
||||||
|
|
||||||
# RPC
|
|
||||||
keystone_rabbitmq_userid: keystone
|
|
||||||
keystone_rabbitmq_vhost: /keystone
|
|
||||||
keystone_rabbitmq_port: "{{ rabbitmq_port }}"
|
|
||||||
keystone_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
|
||||||
keystone_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
|
||||||
keystone_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
# Telemetry notifications
|
|
||||||
keystone_rabbitmq_telemetry_userid: "{{ keystone_rabbitmq_userid }}"
|
|
||||||
keystone_rabbitmq_telemetry_password: "{{ keystone_rabbitmq_password }}"
|
|
||||||
keystone_rabbitmq_telemetry_vhost: "{{ keystone_rabbitmq_vhost }}"
|
|
||||||
keystone_rabbitmq_telemetry_port: "{{ keystone_rabbitmq_port }}"
|
|
||||||
keystone_rabbitmq_telemetry_servers: "{{ keystone_rabbitmq_servers }}"
|
|
||||||
keystone_rabbitmq_telemetry_use_ssl: "{{ keystone_rabbitmq_use_ssl }}"
|
|
||||||
keystone_rabbitmq_telemetry_host_group: "{{ keystone_rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
# If there are any Ceilometer hosts in the environment, then enable its usage
|
|
||||||
keystone_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}"
|
|
||||||
|
|
||||||
keystone_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(keystone_service_proto) }}"
|
|
||||||
keystone_service_adminuri_insecure: "{% if keystone_service_adminuri_proto == 'https' and (keystone_user_ssl_cert is not defined or haproxy_user_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}"
|
|
||||||
keystone_service_adminuri: "{{ keystone_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
|
|
||||||
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
|
|
||||||
|
|
||||||
keystone_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(keystone_service_proto) }}"
|
|
||||||
keystone_service_internaluri_insecure: "{% if keystone_service_internaluri_proto == 'https' and (keystone_user_ssl_cert is not defined or haproxy_user_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}"
|
|
||||||
keystone_service_internaluri: "{{ keystone_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
|
|
||||||
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
|
|
||||||
|
|
||||||
keystone_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(keystone_service_proto) }}"
|
|
||||||
keystone_service_publicuri_insecure: "{% if keystone_service_publicuri_proto == 'https' and (keystone_user_ssl_cert is not defined or haproxy_user_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}"
|
|
||||||
keystone_service_publicuri: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
|
|
||||||
keystone_service_publicurl: "{{ keystone_service_publicuri }}/v3"
|
|
||||||
|
|
||||||
## Neutron
|
|
||||||
neutron_service_port: 9696
|
|
||||||
neutron_service_proto: http
|
|
||||||
neutron_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(neutron_service_proto) }}"
|
|
||||||
neutron_service_adminuri: "{{ neutron_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}"
|
|
||||||
neutron_service_adminurl: "{{ neutron_service_adminuri }}"
|
|
||||||
neutron_service_user_name: neutron
|
|
||||||
neutron_service_project_name: service
|
|
||||||
neutron_service_region: "{{ service_region }}"
|
|
||||||
|
|
||||||
# These are here rather than in neutron_all because
|
|
||||||
# both the os_ceilometer and os_neutron roles require them
|
|
||||||
|
|
||||||
# RPC
|
|
||||||
neutron_rabbitmq_userid: neutron
|
|
||||||
neutron_rabbitmq_vhost: /neutron
|
|
||||||
neutron_rabbitmq_port: "{{ rabbitmq_port }}"
|
|
||||||
neutron_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
|
||||||
neutron_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
|
||||||
neutron_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
# Telemetry notifications
|
|
||||||
neutron_rabbitmq_telemetry_userid: "{{ neutron_rabbitmq_userid }}"
|
|
||||||
neutron_rabbitmq_telemetry_password: "{{ neutron_rabbitmq_password }}"
|
|
||||||
neutron_rabbitmq_telemetry_vhost: "{{ neutron_rabbitmq_vhost }}"
|
|
||||||
neutron_rabbitmq_telemetry_port: "{{ neutron_rabbitmq_port }}"
|
|
||||||
neutron_rabbitmq_telemetry_servers: "{{ neutron_rabbitmq_servers }}"
|
|
||||||
neutron_rabbitmq_telemetry_use_ssl: "{{ neutron_rabbitmq_use_ssl }}"
|
|
||||||
neutron_rabbitmq_telemetry_host_group: "{{ neutron_rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
# If there are any Designate hosts in the environment, then enable its usage
|
|
||||||
neutron_designate_enabled: "{{ (groups['designate_all'] is defined) and (groups['designate_all'] | length > 0) }}"
|
|
||||||
# If there are any Ceilometer hosts in the environment, then enable its usage
|
|
||||||
neutron_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}"
|
|
||||||
|
|
||||||
neutron_plugin_type: ml2.lxb
|
|
||||||
|
|
||||||
## Nova
|
|
||||||
nova_service_port: 8774
|
|
||||||
nova_metadata_port: 8775
|
|
||||||
nova_service_proto: http
|
|
||||||
nova_metadata_protocol: "{{ openstack_service_internaluri_proto | default(nova_service_proto) }}"
|
|
||||||
nova_metadata_insecure: False
|
|
||||||
nova_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_service_proto) }}"
|
|
||||||
nova_service_adminuri: "{{ nova_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}"
|
|
||||||
nova_service_adminurl: "{{ nova_service_adminuri }}/v2.1"
|
|
||||||
nova_service_region: "{{ service_region }}"
|
|
||||||
nova_service_user_name: nova
|
|
||||||
nova_service_project_name: service
|
|
||||||
nova_service_project_domain_id: default
|
|
||||||
nova_service_user_domain_id: default
|
|
||||||
nova_keystone_auth_plugin: password
|
|
||||||
nova_console_type: spice
|
|
||||||
nova_novncproxy_port: 6080
|
|
||||||
nova_spice_html5proxy_base_port: 6082
|
|
||||||
nova_console_port: "{% if nova_console_type == 'spice' %}{{ nova_spice_html5proxy_base_port }}{% else %}{{ nova_novncproxy_port }}{% endif %}"
|
|
||||||
|
|
||||||
# These are here rather than in nova_all because
|
|
||||||
# both the os_ceilometer and os_nova roles require them
|
|
||||||
|
|
||||||
# RPC
|
|
||||||
nova_rabbitmq_userid: nova
|
|
||||||
nova_rabbitmq_vhost: /nova
|
|
||||||
nova_rabbitmq_port: "{{ rabbitmq_port }}"
|
|
||||||
nova_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
|
||||||
nova_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
|
||||||
nova_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
# Telemetry notifications
|
|
||||||
nova_rabbitmq_telemetry_userid: "{{ nova_rabbitmq_userid }}"
|
|
||||||
nova_rabbitmq_telemetry_password: "{{ nova_rabbitmq_password }}"
|
|
||||||
nova_rabbitmq_telemetry_vhost: "{{ nova_rabbitmq_vhost }}"
|
|
||||||
nova_rabbitmq_telemetry_port: "{{ nova_rabbitmq_port }}"
|
|
||||||
nova_rabbitmq_telemetry_servers: "{{ nova_rabbitmq_servers }}"
|
|
||||||
nova_rabbitmq_telemetry_use_ssl: "{{ nova_rabbitmq_use_ssl }}"
|
|
||||||
nova_rabbitmq_telemetry_host_group: "{{ nova_rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
# If there are any Designate hosts in the environment, then enable its usage
|
|
||||||
nova_designate_enabled: "{{ (groups['designate_all'] is defined) and (groups['designate_all'] | length > 0) }}"
|
|
||||||
# If there are any Ceilometer hosts in the environment, then enable its usage
|
|
||||||
nova_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}"
|
|
||||||
# If there are any Barbican hosts in the environment, then enable its usage
|
|
||||||
nova_barbican_enabled: "{{ (groups['barbican_all'] is defined) and (groups['barbican_all'] | length > 0) }}"
|
|
||||||
|
|
||||||
## Octavia
|
|
||||||
octavia_service_port: 9876
|
|
||||||
octavia_service_proto: http
|
|
||||||
octavia_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(octavia_service_proto) }}"
|
|
||||||
octavia_service_internaluri: "{{ octavia_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}"
|
|
||||||
octavia_service_internalurl: "{{ octavia_service_internaluri }}/v1/%(tenant_id)s"
|
|
||||||
|
|
||||||
octavia_service_user_name: octavia
|
|
||||||
octavia_service_url: "{{ octavia_service_internaluri }}"
|
|
||||||
|
|
||||||
# RPC
|
|
||||||
octavia_rabbitmq_userid: octavia
|
|
||||||
octavia_rabbitmq_vhost: /octavia
|
|
||||||
octavia_rabbitmq_port: "{{ rabbitmq_port }}"
|
|
||||||
octavia_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
|
||||||
octavia_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
|
||||||
octavia_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
|
|
||||||
## Sahara
|
|
||||||
#RPC
|
|
||||||
sahara_rabbitmq_userid: sahara
|
|
||||||
sahara_rabbitmq_vhost: /sahara
|
|
||||||
sahara_rabbitmq_port: "{{ rabbitmq_port }}"
|
|
||||||
sahara_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
|
||||||
sahara_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
|
||||||
sahara_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
# Telemetry notifications
|
|
||||||
sahara_rabbitmq_telemetry_userid: "{{ sahara_rabbitmq_userid }}"
|
|
||||||
sahara_rabbitmq_telemetry_password: "{{ sahara_rabbitmq_password }}"
|
|
||||||
sahara_rabbitmq_telemetry_vhost: "{{ sahara_rabbitmq_vhost }}"
|
|
||||||
sahara_rabbitmq_telemetry_port: "{{ sahara_rabbitmq_port }}"
|
|
||||||
sahara_rabbitmq_telemetry_servers: "{{ sahara_rabbitmq_servers }}"
|
|
||||||
sahara_rabbitmq_telemetry_use_ssl: "{{ sahara_rabbitmq_use_ssl }}"
|
|
||||||
sahara_rabbitmq_telemetry_host_group: "{{ sahara_rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
# If there are any Ceilometer and Sahara hosts in the environment, then enable its usage
|
|
||||||
sahara_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['sahara_all'] is defined) and (groups['ceilometer_all'] | length > 0) and (groups['sahara_all'] | length > 0) }}"
|
|
||||||
|
|
||||||
## Swift
|
|
||||||
swift_proxy_port: 8080
|
|
||||||
swift_system_user_name: swift
|
|
||||||
swift_system_shell: /bin/bash
|
|
||||||
swift_system_comment: swift system user
|
|
||||||
swift_system_home_folder: "/var/lib/{{ swift_system_user_name }}"
|
|
||||||
|
|
||||||
# Swift Telemetry notifications
|
|
||||||
swift_rabbitmq_telemetry_userid: "swift"
|
|
||||||
swift_rabbitmq_telemetry_vhost: "/swift"
|
|
||||||
swift_rabbitmq_telemetry_servers: "{{ rabbitmq_servers }}"
|
|
||||||
swift_rabbitmq_telemetry_host_group: "{{ rabbitmq_host_group }}"
|
|
||||||
|
|
||||||
# If there are any Ceilometer and Swift hosts in the environment, then enable its usage
|
|
||||||
swift_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['swift_proxy'] is defined) and (groups['ceilometer_all'] | length > 0) and (groups['swift_proxy'] | length > 0) }}"
|
|
||||||
|
|
||||||
## OpenStack Openrc
|
|
||||||
openrc_os_auth_url: "{{ keystone_service_internalurl }}"
|
|
||||||
openrc_os_password: "{{ keystone_auth_admin_password }}"
|
|
||||||
openrc_os_domain_name: "Default"
|
|
||||||
openrc_region_name: "{{ service_region }}"
|
|
||||||
|
|
||||||
## Host security hardening
|
|
||||||
# The openstack-ansible-security role provides security hardening for hosts
|
|
||||||
# by applying security configurations from the STIG. Hardening is enabled by
|
|
||||||
# default, but an option to opt out is available by setting the following
|
|
||||||
# variable to 'false'.
|
|
||||||
# Docs: http://docs.openstack.org/developer/openstack-ansible-security/
|
|
||||||
apply_security_hardening: true
|
|
||||||
|
|
||||||
## Ansible ssh configuration
|
|
||||||
ansible_ssh_extra_args: >
|
|
||||||
-o UserKnownHostsFile=/dev/null
|
|
||||||
-o StrictHostKeyChecking=no
|
|
||||||
-o ServerAliveInterval=64
|
|
||||||
-o ServerAliveCountMax=1024
|
|
||||||
-o Compression=no
|
|
||||||
-o TCPKeepAlive=yes
|
|
||||||
-o VerifyHostKeyDNS=no
|
|
||||||
-o ForwardX11=no
|
|
||||||
-o ForwardAgent=yes
|
|
||||||
-T
|
|
||||||
|
|
||||||
## ceph-ansible configuration
|
|
||||||
mon_group_name: ceph-mon
|
|
||||||
osd_group_name: ceph-osd
|
|
||||||
ceph_stable: true
|
|
||||||
# The _stable_release var is used by both the OSA ceph_client role and the
|
|
||||||
# ceph-ansible roles. It is defaulted in ceph_client but set here to keep the
|
|
||||||
# OSA/ceph-ansible integrations in sync.
|
|
||||||
ceph_stable_release: jewel
|
|
||||||
fetch_directory: /etc/openstack_deploy/ceph-fetch/
|
|
||||||
# tries to create /var/log/ceph as a directory and fails if the log link already
|
|
||||||
# exists. we handle the log dir creation so this is not something we need
|
|
||||||
# ceph-common to prepare for us.
|
|
||||||
rbd_client_directories: false
|
|
||||||
|
|
||||||
# Magnum
|
|
||||||
magnum_bind_port: 9511
|
|
||||||
magnum_service_proto: http
|
|
||||||
magnum_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(magnum_service_proto) }}"
|
|
||||||
magnum_service_publicurl: "{{ magnum_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ magnum_bind_port }}"
|
|
||||||
magnum_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(magnum_service_proto) }}"
|
|
||||||
magnum_service_internalurl: "{{ magnum_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ magnum_bind_port }}"
|
|
||||||
magnum_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(magnum_service_proto) }}"
|
|
||||||
magnum_service_adminurl: "{{ magnum_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ magnum_bind_port }}"
|
|
115
playbooks/inventory/group_vars/all/all.yml
Normal file
115
playbooks/inventory/group_vars/all/all.yml
Normal file
@ -0,0 +1,115 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
## OpenStack Source Code Release
|
||||||
|
openstack_release: master
|
||||||
|
|
||||||
|
## Verbosity Options
|
||||||
|
debug: False
|
||||||
|
|
||||||
|
## SSH connection wait time
|
||||||
|
ssh_delay: 5
|
||||||
|
|
||||||
|
# Set the package install state for distribution packages
|
||||||
|
# Options are 'present' and 'latest'
|
||||||
|
package_state: "latest"
|
||||||
|
|
||||||
|
# Set "/var/log" to be a bind mount to the physical host.
|
||||||
|
default_bind_mount_logs: true
|
||||||
|
|
||||||
|
# Set distro variable
|
||||||
|
os_distro_version: "{{ ansible_distribution | lower }}-{{ ansible_distribution_version.split('.')[:2] | join('.') }}-{{ ansible_architecture | lower }}"
|
||||||
|
|
||||||
|
# Ensure that the package state matches the global setting
|
||||||
|
rsyslog_client_package_state: "{{ package_state }}"
|
||||||
|
|
||||||
|
## OpenStack source options
|
||||||
|
openstack_repo_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}"
|
||||||
|
openstack_repo_git_url: "git://{{ internal_lb_vip_address }}"
|
||||||
|
|
||||||
|
# URL for the frozen internal openstack repo.
|
||||||
|
repo_server_port: 8181
|
||||||
|
repo_pkg_cache_enabled: true
|
||||||
|
repo_pkg_cache_port: 3142
|
||||||
|
repo_pkg_cache_url: "http://{{ internal_lb_vip_address }}:{{ repo_pkg_cache_port }}"
|
||||||
|
repo_release_path: "{{ openstack_repo_url }}/os-releases/{{ openstack_release }}/{{ os_distro_version }}"
|
||||||
|
|
||||||
|
## kernel modules for specific group hosts
|
||||||
|
# :param name: name of the kernel module
|
||||||
|
# :param pattern: pattern to search for in /boot/config-$kernel_version to check how module is configured inside kernel
|
||||||
|
# :param group: group of hosts where the module will be loaded
|
||||||
|
openstack_host_specific_kernel_modules:
|
||||||
|
- { name: "ebtables", pattern: "CONFIG_BRIDGE_NF_EBTABLES", group: "network_hosts" }
|
||||||
|
|
||||||
|
## DNS resolution (resolvconf) options
|
||||||
|
#Group containing resolvers to configure
|
||||||
|
resolvconf_resolver_group: unbound
|
||||||
|
|
||||||
|
## Enable external SSL handling for general OpenStack services
|
||||||
|
openstack_external_ssl: true
|
||||||
|
|
||||||
|
## OpenStack global Endpoint Protos
|
||||||
|
openstack_service_publicuri_proto: https
|
||||||
|
#openstack_service_adminuri_proto: http
|
||||||
|
#openstack_service_internaluri_proto: http
|
||||||
|
|
||||||
|
## Region Name
|
||||||
|
service_region: RegionOne
|
||||||
|
|
||||||
|
## OpenStack Domain
|
||||||
|
openstack_domain: openstack.local
|
||||||
|
lxc_container_domain: "{{ openstack_domain }}"
|
||||||
|
|
||||||
|
## DHCP Domain Name
|
||||||
|
dhcp_domain: openstacklocal
|
||||||
|
|
||||||
|
## LDAP enabled toggle
|
||||||
|
service_ldap_backend_enabled: "{{ keystone_ldap is defined and keystone_ldap.Default is defined }}"
|
||||||
|
|
||||||
|
## Base venv configuration
|
||||||
|
venv_tag: "{{ openstack_release }}"
|
||||||
|
venv_base_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ os_distro_version }}"
|
||||||
|
|
||||||
|
|
||||||
|
## Gnocchi
|
||||||
|
# Used in both Gnocchi and Swift roles.
|
||||||
|
gnocchi_service_project_name: "{{ (gnocchi_storage_driver is defined and gnocchi_storage_driver == 'swift') | ternary('gnocchi_swift', 'service') }}"
|
||||||
|
|
||||||
|
## OpenStack Openrc
|
||||||
|
openrc_os_auth_url: "{{ keystone_service_internalurl }}"
|
||||||
|
openrc_os_password: "{{ keystone_auth_admin_password }}"
|
||||||
|
openrc_os_domain_name: "Default"
|
||||||
|
openrc_region_name: "{{ service_region }}"
|
||||||
|
|
||||||
|
## Host security hardening
|
||||||
|
# The openstack-ansible-security role provides security hardening for hosts
|
||||||
|
# by applying security configurations from the STIG. Hardening is enabled by
|
||||||
|
# default, but an option to opt out is available by setting the following
|
||||||
|
# variable to 'false'.
|
||||||
|
# Docs: http://docs.openstack.org/developer/openstack-ansible-security/
|
||||||
|
apply_security_hardening: true
|
||||||
|
|
||||||
|
## Ansible ssh configuration
|
||||||
|
ansible_ssh_extra_args: >
|
||||||
|
-o UserKnownHostsFile=/dev/null
|
||||||
|
-o StrictHostKeyChecking=no
|
||||||
|
-o ServerAliveInterval=64
|
||||||
|
-o ServerAliveCountMax=1024
|
||||||
|
-o Compression=no
|
||||||
|
-o TCPKeepAlive=yes
|
||||||
|
-o VerifyHostKeyDNS=no
|
||||||
|
-o ForwardX11=no
|
||||||
|
-o ForwardAgent=yes
|
||||||
|
-T
|
21
playbooks/inventory/group_vars/all/aodh.yml
Normal file
21
playbooks/inventory/group_vars/all/aodh.yml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2017, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
aodh_service_region: "{{ service_region }}"
|
||||||
|
aodh_galera_user: aodh
|
||||||
|
aodh_galera_database: aodh
|
||||||
|
aodh_galera_address: "{{ internal_lb_vip_address }}"
|
||||||
|
aodh_connection_string: "mysql+pymysql://{{ aodh_galera_user }}:{{ aodh_container_db_password }}@{{ aodh_galera_address }}/{{ aodh_galera_database }}?charset=utf8"
|
||||||
|
aodh_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
26
playbooks/inventory/group_vars/all/ceilometer.yml
Normal file
26
playbooks/inventory/group_vars/all/ceilometer.yml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2017, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
ceilometer_service_user_name: ceilometer
|
||||||
|
ceilometer_service_tenant_name: service
|
||||||
|
|
||||||
|
# These are here rather than in ceilometer_all because
|
||||||
|
# both the os_ceilometer and os_swift roles require them
|
||||||
|
ceilometer_rabbitmq_userid: ceilometer
|
||||||
|
ceilometer_rabbitmq_vhost: /ceilometer
|
||||||
|
ceilometer_rabbitmq_port: "{{ rabbitmq_port }}"
|
||||||
|
ceilometer_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
||||||
|
ceilometer_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
||||||
|
ceilometer_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
30
playbooks/inventory/group_vars/all/ceph.yml
Normal file
30
playbooks/inventory/group_vars/all/ceph.yml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2016, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
ceph_client_package_state: "{{ package_state }}"
|
||||||
|
|
||||||
|
## ceph-ansible configuration
|
||||||
|
mon_group_name: ceph-mon
|
||||||
|
osd_group_name: ceph-osd
|
||||||
|
ceph_stable: true
|
||||||
|
# The _stable_release var is used by both the OSA ceph_client role and the
|
||||||
|
# ceph-ansible roles. It is defaulted in ceph_client but set here to keep the
|
||||||
|
# OSA/ceph-ansible integrations in sync.
|
||||||
|
ceph_stable_release: jewel
|
||||||
|
fetch_directory: /etc/openstack_deploy/ceph-fetch/
|
||||||
|
# tries to create /var/log/ceph as a directory and fails if the log link already
|
||||||
|
# exists. we handle the log dir creation so this is not something we need
|
||||||
|
# ceph-common to prepare for us.
|
||||||
|
rbd_client_directories: false
|
56
playbooks/inventory/group_vars/all/cinder.yml
Normal file
56
playbooks/inventory/group_vars/all/cinder.yml
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2017, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
cinder_service_region: "{{ service_region }}"
|
||||||
|
cinder_service_port: 8776
|
||||||
|
# If there are Swift hosts in the environment, then enable cinder backups to it
|
||||||
|
cinder_service_backup_program_enabled: "{{ groups['swift_all'] is defined and groups['swift_all'] | length > 0 }}"
|
||||||
|
# cinder_backend_rbd_inuse: True if current host has an rbd backend
|
||||||
|
cinder_backend_rbd_inuse: '{{ (cinder_backends|default("")|to_json).find("cinder.volume.drivers.rbd.RBDDriver") != -1 }}'
|
||||||
|
# cinder_backends_rbd_inuse: true if at least 1 cinder_backend on any
|
||||||
|
# cinder_volume host uses Ceph RBD
|
||||||
|
# http://stackoverflow.com/questions/9486393/jinja2-change-the-value-of-a-variable-inside-a-loop
|
||||||
|
cinder_backends_rbd_inuse: >-
|
||||||
|
{% set _var = False -%}
|
||||||
|
{% for host in groups['cinder_volume'] -%}
|
||||||
|
{% if hostvars[host]['cinder_backend_rbd_inuse'] | bool -%}
|
||||||
|
{% set _var = True -%}
|
||||||
|
{% endif -%}
|
||||||
|
{% endfor -%}
|
||||||
|
{{ _var }}
|
||||||
|
cinder_ceph_client: cinder
|
||||||
|
|
||||||
|
# These are here rather than in cinder_all because
|
||||||
|
# both the os_ceilometer and os_cinder roles require them
|
||||||
|
|
||||||
|
# RPC
|
||||||
|
cinder_rabbitmq_userid: cinder
|
||||||
|
cinder_rabbitmq_vhost: /cinder
|
||||||
|
cinder_rabbitmq_port: "{{ rabbitmq_port }}"
|
||||||
|
cinder_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
||||||
|
cinder_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
||||||
|
cinder_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
||||||
|
|
||||||
|
# Telemetry notifications
|
||||||
|
cinder_rabbitmq_telemetry_userid: "{{ cinder_rabbitmq_userid }}"
|
||||||
|
cinder_rabbitmq_telemetry_password: "{{ cinder_rabbitmq_password }}"
|
||||||
|
cinder_rabbitmq_telemetry_vhost: "{{ cinder_rabbitmq_vhost }}"
|
||||||
|
cinder_rabbitmq_telemetry_port: "{{ cinder_rabbitmq_port }}"
|
||||||
|
cinder_rabbitmq_telemetry_servers: "{{ cinder_rabbitmq_servers }}"
|
||||||
|
cinder_rabbitmq_telemetry_use_ssl: "{{ cinder_rabbitmq_use_ssl }}"
|
||||||
|
cinder_rabbitmq_telemetry_host_group: "{{ cinder_rabbitmq_host_group }}"
|
||||||
|
|
||||||
|
# If there are any Ceilometer hosts in the environment, then enable its usage
|
||||||
|
cinder_ceilometer_enabled: "{{ (groups['cinder_all'] is defined) and (groups['cinder_all'] | length > 0) and (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}"
|
51
playbooks/inventory/group_vars/all/glance.yml
Normal file
51
playbooks/inventory/group_vars/all/glance.yml
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2017, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
glance_service_port: 9292
|
||||||
|
glance_service_proto: http
|
||||||
|
glance_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(glance_service_proto) }}"
|
||||||
|
glance_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(glance_service_proto) }}"
|
||||||
|
glance_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(glance_service_proto) }}"
|
||||||
|
glance_service_publicuri: "{{ glance_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ glance_service_port }}"
|
||||||
|
glance_service_publicurl: "{{ glance_service_publicuri }}"
|
||||||
|
glance_service_internaluri: "{{ glance_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}"
|
||||||
|
glance_service_internalurl: "{{ glance_service_internaluri }}"
|
||||||
|
glance_service_adminuri: "{{ glance_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}"
|
||||||
|
glance_service_adminurl: "{{ glance_service_adminuri }}"
|
||||||
|
glance_api_servers: "{{ glance_service_internaluri }}"
|
||||||
|
glance_service_user_name: glance
|
||||||
|
|
||||||
|
# These are here rather than in glance_all because
|
||||||
|
# both the os_ceilometer and os_glance roles require them
|
||||||
|
|
||||||
|
# RPC
|
||||||
|
glance_rabbitmq_userid: glance
|
||||||
|
glance_rabbitmq_vhost: /glance
|
||||||
|
glance_rabbitmq_port: "{{ rabbitmq_port }}"
|
||||||
|
glance_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
||||||
|
glance_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
||||||
|
glance_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
||||||
|
|
||||||
|
# Telemetry notifications
|
||||||
|
glance_rabbitmq_telemetry_userid: "{{ glance_rabbitmq_userid }}"
|
||||||
|
glance_rabbitmq_telemetry_password: "{{ glance_rabbitmq_password }}"
|
||||||
|
glance_rabbitmq_telemetry_vhost: "{{ glance_rabbitmq_vhost }}"
|
||||||
|
glance_rabbitmq_telemetry_port: "{{ glance_rabbitmq_port }}"
|
||||||
|
glance_rabbitmq_telemetry_servers: "{{ glance_rabbitmq_servers }}"
|
||||||
|
glance_rabbitmq_telemetry_use_ssl: "{{ glance_rabbitmq_use_ssl }}"
|
||||||
|
glance_rabbitmq_telemetry_host_group: "{{ glance_rabbitmq_host_group }}"
|
||||||
|
|
||||||
|
# If there are any Ceilometer hosts in the environment, then enable its usage
|
||||||
|
glance_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}"
|
34
playbooks/inventory/group_vars/all/heat.yml
Normal file
34
playbooks/inventory/group_vars/all/heat.yml
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2017, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
# RPC
|
||||||
|
heat_rabbitmq_userid: heat
|
||||||
|
heat_rabbitmq_vhost: /heat
|
||||||
|
heat_rabbitmq_port: "{{ rabbitmq_port }}"
|
||||||
|
heat_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
||||||
|
heat_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
||||||
|
heat_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
||||||
|
|
||||||
|
# Telemetry notifications
|
||||||
|
heat_rabbitmq_telemetry_userid: "{{ heat_rabbitmq_userid }}"
|
||||||
|
heat_rabbitmq_telemetry_password: "{{ heat_rabbitmq_password }}"
|
||||||
|
heat_rabbitmq_telemetry_vhost: "{{ heat_rabbitmq_vhost }}"
|
||||||
|
heat_rabbitmq_telemetry_port: "{{ heat_rabbitmq_port }}"
|
||||||
|
heat_rabbitmq_telemetry_servers: "{{ heat_rabbitmq_servers }}"
|
||||||
|
heat_rabbitmq_telemetry_use_ssl: "{{ heat_rabbitmq_use_ssl }}"
|
||||||
|
heat_rabbitmq_telemetry_host_group: "{{ heat_rabbitmq_host_group }}"
|
||||||
|
|
||||||
|
# If there are any Ceilometer hosts in the environment, then enable its usage
|
||||||
|
heat_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}"
|
31
playbooks/inventory/group_vars/all/infra.yml
Normal file
31
playbooks/inventory/group_vars/all/infra.yml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2017, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
## Rabbit options
|
||||||
|
rabbitmq_host_group: "rabbitmq_all"
|
||||||
|
rabbitmq_port: "{{ (rabbitmq_use_ssl | bool) | ternary(5671, 5672) }}"
|
||||||
|
|
||||||
|
rabbitmq_use_ssl: True
|
||||||
|
rabbitmq_servers: "{% for host in groups[rabbitmq_host_group] %}{{ hostvars[host]['ansible_host'] }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||||
|
|
||||||
|
## Galera options
|
||||||
|
galera_client_package_state: "{{ package_state }}"
|
||||||
|
galera_address: "{{ internal_lb_vip_address }}"
|
||||||
|
galera_root_user: "root"
|
||||||
|
|
||||||
|
## Memcached options
|
||||||
|
memcached_port: 11211
|
||||||
|
memcached_servers: "{% for host in groups['memcached'] %}{{ hostvars[host]['ansible_host'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||||
|
|
29
playbooks/inventory/group_vars/all/ironic.yml
Normal file
29
playbooks/inventory/group_vars/all/ironic.yml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2017, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
ironic_keystone_auth_plugin: password
|
||||||
|
ironic_rabbitmq_userid: ironic
|
||||||
|
ironic_rabbitmq_vhost: /ironic
|
||||||
|
ironic_rabbitmq_port: "{{ rabbitmq_port }}"
|
||||||
|
ironic_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
||||||
|
ironic_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
||||||
|
ironic_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
||||||
|
ironic_service_name: ironic
|
||||||
|
ironic_service_user_name: ironic
|
||||||
|
ironic_service_proto: http
|
||||||
|
ironic_service_port: 6385
|
||||||
|
ironic_service_project_name: service
|
||||||
|
ironic_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(ironic_service_proto) }}"
|
||||||
|
ironic_service_adminurl: "{{ ironic_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_service_port }}"
|
59
playbooks/inventory/group_vars/all/keystone.yml
Normal file
59
playbooks/inventory/group_vars/all/keystone.yml
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2017, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
keystone_admin_user_name: admin
|
||||||
|
keystone_admin_tenant_name: admin
|
||||||
|
keystone_admin_port: 35357
|
||||||
|
keystone_service_port: 5000
|
||||||
|
keystone_service_proto: http
|
||||||
|
keystone_service_region: "{{ service_region }}"
|
||||||
|
|
||||||
|
# These are here rather than in keystone_all because
|
||||||
|
# both the os_ceilometer and os_keystone roles require them
|
||||||
|
|
||||||
|
# RPC
|
||||||
|
keystone_rabbitmq_userid: keystone
|
||||||
|
keystone_rabbitmq_vhost: /keystone
|
||||||
|
keystone_rabbitmq_port: "{{ rabbitmq_port }}"
|
||||||
|
keystone_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
||||||
|
keystone_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
||||||
|
keystone_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
||||||
|
|
||||||
|
# Telemetry notifications
|
||||||
|
keystone_rabbitmq_telemetry_userid: "{{ keystone_rabbitmq_userid }}"
|
||||||
|
keystone_rabbitmq_telemetry_password: "{{ keystone_rabbitmq_password }}"
|
||||||
|
keystone_rabbitmq_telemetry_vhost: "{{ keystone_rabbitmq_vhost }}"
|
||||||
|
keystone_rabbitmq_telemetry_port: "{{ keystone_rabbitmq_port }}"
|
||||||
|
keystone_rabbitmq_telemetry_servers: "{{ keystone_rabbitmq_servers }}"
|
||||||
|
keystone_rabbitmq_telemetry_use_ssl: "{{ keystone_rabbitmq_use_ssl }}"
|
||||||
|
keystone_rabbitmq_telemetry_host_group: "{{ keystone_rabbitmq_host_group }}"
|
||||||
|
|
||||||
|
# If there are any Ceilometer hosts in the environment, then enable its usage
|
||||||
|
keystone_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}"
|
||||||
|
|
||||||
|
keystone_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(keystone_service_proto) }}"
|
||||||
|
keystone_service_adminuri_insecure: "{% if keystone_service_adminuri_proto == 'https' and (keystone_user_ssl_cert is not defined or haproxy_user_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}"
|
||||||
|
keystone_service_adminuri: "{{ keystone_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
|
||||||
|
keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
|
||||||
|
|
||||||
|
keystone_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(keystone_service_proto) }}"
|
||||||
|
keystone_service_internaluri_insecure: "{% if keystone_service_internaluri_proto == 'https' and (keystone_user_ssl_cert is not defined or haproxy_user_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}"
|
||||||
|
keystone_service_internaluri: "{{ keystone_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
|
||||||
|
keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
|
||||||
|
|
||||||
|
keystone_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(keystone_service_proto) }}"
|
||||||
|
keystone_service_publicuri_insecure: "{% if keystone_service_publicuri_proto == 'https' and (keystone_user_ssl_cert is not defined or haproxy_user_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}"
|
||||||
|
keystone_service_publicuri: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
|
||||||
|
keystone_service_publicurl: "{{ keystone_service_publicuri }}/v3"
|
23
playbooks/inventory/group_vars/all/magnum.yml
Normal file
23
playbooks/inventory/group_vars/all/magnum.yml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2017, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
magnum_bind_port: 9511
|
||||||
|
magnum_service_proto: http
|
||||||
|
magnum_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(magnum_service_proto) }}"
|
||||||
|
magnum_service_publicurl: "{{ magnum_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ magnum_bind_port }}"
|
||||||
|
magnum_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(magnum_service_proto) }}"
|
||||||
|
magnum_service_internalurl: "{{ magnum_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ magnum_bind_port }}"
|
||||||
|
magnum_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(magnum_service_proto) }}"
|
||||||
|
magnum_service_adminurl: "{{ magnum_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ magnum_bind_port }}"
|
50
playbooks/inventory/group_vars/all/neutron.yml
Normal file
50
playbooks/inventory/group_vars/all/neutron.yml
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2017, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
neutron_service_port: 9696
|
||||||
|
neutron_service_proto: http
|
||||||
|
neutron_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(neutron_service_proto) }}"
|
||||||
|
neutron_service_adminuri: "{{ neutron_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}"
|
||||||
|
neutron_service_adminurl: "{{ neutron_service_adminuri }}"
|
||||||
|
neutron_service_user_name: neutron
|
||||||
|
neutron_service_project_name: service
|
||||||
|
neutron_service_region: "{{ service_region }}"
|
||||||
|
|
||||||
|
# These are here rather than in neutron_all because
|
||||||
|
# both the os_ceilometer and os_neutron roles require them
|
||||||
|
|
||||||
|
# RPC
|
||||||
|
neutron_rabbitmq_userid: neutron
|
||||||
|
neutron_rabbitmq_vhost: /neutron
|
||||||
|
neutron_rabbitmq_port: "{{ rabbitmq_port }}"
|
||||||
|
neutron_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
||||||
|
neutron_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
||||||
|
neutron_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
||||||
|
|
||||||
|
# Telemetry notifications
|
||||||
|
neutron_rabbitmq_telemetry_userid: "{{ neutron_rabbitmq_userid }}"
|
||||||
|
neutron_rabbitmq_telemetry_password: "{{ neutron_rabbitmq_password }}"
|
||||||
|
neutron_rabbitmq_telemetry_vhost: "{{ neutron_rabbitmq_vhost }}"
|
||||||
|
neutron_rabbitmq_telemetry_port: "{{ neutron_rabbitmq_port }}"
|
||||||
|
neutron_rabbitmq_telemetry_servers: "{{ neutron_rabbitmq_servers }}"
|
||||||
|
neutron_rabbitmq_telemetry_use_ssl: "{{ neutron_rabbitmq_use_ssl }}"
|
||||||
|
neutron_rabbitmq_telemetry_host_group: "{{ neutron_rabbitmq_host_group }}"
|
||||||
|
|
||||||
|
# If there are any Designate hosts in the environment, then enable its usage
|
||||||
|
neutron_designate_enabled: "{{ (groups['designate_all'] is defined) and (groups['designate_all'] | length > 0) }}"
|
||||||
|
# If there are any Ceilometer hosts in the environment, then enable its usage
|
||||||
|
neutron_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}"
|
||||||
|
|
||||||
|
neutron_plugin_type: ml2.lxb
|
60
playbooks/inventory/group_vars/all/nova.yml
Normal file
60
playbooks/inventory/group_vars/all/nova.yml
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2017, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
nova_service_port: 8774
|
||||||
|
nova_metadata_port: 8775
|
||||||
|
nova_service_proto: http
|
||||||
|
nova_metadata_protocol: "{{ openstack_service_internaluri_proto | default(nova_service_proto) }}"
|
||||||
|
nova_metadata_insecure: False
|
||||||
|
nova_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_service_proto) }}"
|
||||||
|
nova_service_adminuri: "{{ nova_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}"
|
||||||
|
nova_service_adminurl: "{{ nova_service_adminuri }}/v2.1"
|
||||||
|
nova_service_region: "{{ service_region }}"
|
||||||
|
nova_service_user_name: nova
|
||||||
|
nova_service_project_name: service
|
||||||
|
nova_service_project_domain_id: default
|
||||||
|
nova_service_user_domain_id: default
|
||||||
|
nova_keystone_auth_plugin: password
|
||||||
|
nova_console_type: spice
|
||||||
|
nova_novncproxy_port: 6080
|
||||||
|
nova_spice_html5proxy_base_port: 6082
|
||||||
|
nova_console_port: "{% if nova_console_type == 'spice' %}{{ nova_spice_html5proxy_base_port }}{% else %}{{ nova_novncproxy_port }}{% endif %}"
|
||||||
|
|
||||||
|
# These are here rather than in nova_all because
|
||||||
|
# both the os_ceilometer and os_nova roles require them
|
||||||
|
|
||||||
|
# RPC
|
||||||
|
nova_rabbitmq_userid: nova
|
||||||
|
nova_rabbitmq_vhost: /nova
|
||||||
|
nova_rabbitmq_port: "{{ rabbitmq_port }}"
|
||||||
|
nova_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
||||||
|
nova_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
||||||
|
nova_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
||||||
|
|
||||||
|
# Telemetry notifications
|
||||||
|
nova_rabbitmq_telemetry_userid: "{{ nova_rabbitmq_userid }}"
|
||||||
|
nova_rabbitmq_telemetry_password: "{{ nova_rabbitmq_password }}"
|
||||||
|
nova_rabbitmq_telemetry_vhost: "{{ nova_rabbitmq_vhost }}"
|
||||||
|
nova_rabbitmq_telemetry_port: "{{ nova_rabbitmq_port }}"
|
||||||
|
nova_rabbitmq_telemetry_servers: "{{ nova_rabbitmq_servers }}"
|
||||||
|
nova_rabbitmq_telemetry_use_ssl: "{{ nova_rabbitmq_use_ssl }}"
|
||||||
|
nova_rabbitmq_telemetry_host_group: "{{ nova_rabbitmq_host_group }}"
|
||||||
|
|
||||||
|
# If there are any Designate hosts in the environment, then enable its usage
|
||||||
|
nova_designate_enabled: "{{ (groups['designate_all'] is defined) and (groups['designate_all'] | length > 0) }}"
|
||||||
|
# If there are any Ceilometer hosts in the environment, then enable its usage
|
||||||
|
nova_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}"
|
||||||
|
# If there are any Barbican hosts in the environment, then enable its usage
|
||||||
|
nova_barbican_enabled: "{{ (groups['barbican_all'] is defined) and (groups['barbican_all'] | length > 0) }}"
|
31
playbooks/inventory/group_vars/all/octavia.yml
Normal file
31
playbooks/inventory/group_vars/all/octavia.yml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2017, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
octavia_service_port: 9876
|
||||||
|
octavia_service_proto: http
|
||||||
|
octavia_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(octavia_service_proto) }}"
|
||||||
|
octavia_service_internaluri: "{{ octavia_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}"
|
||||||
|
octavia_service_internalurl: "{{ octavia_service_internaluri }}/v1/%(tenant_id)s"
|
||||||
|
|
||||||
|
octavia_service_user_name: octavia
|
||||||
|
octavia_service_url: "{{ octavia_service_internaluri }}"
|
||||||
|
|
||||||
|
# RPC
|
||||||
|
octavia_rabbitmq_userid: octavia
|
||||||
|
octavia_rabbitmq_vhost: /octavia
|
||||||
|
octavia_rabbitmq_port: "{{ rabbitmq_port }}"
|
||||||
|
octavia_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
||||||
|
octavia_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
||||||
|
octavia_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
33
playbooks/inventory/group_vars/all/pip.yml
Normal file
33
playbooks/inventory/group_vars/all/pip.yml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2017, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
pip_install_package_state: "{{ package_state }}"
|
||||||
|
|
||||||
|
# These are pinned to ensure exactly the same behaviour forever!
|
||||||
|
# These pins are updated through the sources-branch-updater script
|
||||||
|
pip_packages:
|
||||||
|
- pip==9.0.1
|
||||||
|
- setuptools==33.1.1
|
||||||
|
- wheel==0.29.0
|
||||||
|
|
||||||
|
pip_links:
|
||||||
|
- { name: "openstack_release", link: "{{ repo_release_path }}/" }
|
||||||
|
pip_lock_to_internal_repo: "{{ (pip_links | length) >= 1 }}"
|
||||||
|
|
||||||
|
# The upper constraints to apply to all pip installations
|
||||||
|
pip_install_upper_constraints: "{{ repo_release_path }}/requirements_absolute_requirements.txt"
|
||||||
|
|
||||||
|
# The URL to retrieve the get-pip.py installation script
|
||||||
|
pip_upstream_url: "{{ (pip_offline_install | bool) | ternary('https://bootstrap.pypa.io/get-pip.py', repo_release_path ~ '/get-pip.py') }}"
|
34
playbooks/inventory/group_vars/all/sahara.yml
Normal file
34
playbooks/inventory/group_vars/all/sahara.yml
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2017, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
#RPC
|
||||||
|
sahara_rabbitmq_userid: sahara
|
||||||
|
sahara_rabbitmq_vhost: /sahara
|
||||||
|
sahara_rabbitmq_port: "{{ rabbitmq_port }}"
|
||||||
|
sahara_rabbitmq_servers: "{{ rabbitmq_servers }}"
|
||||||
|
sahara_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
|
||||||
|
sahara_rabbitmq_host_group: "{{ rabbitmq_host_group }}"
|
||||||
|
|
||||||
|
# Telemetry notifications
|
||||||
|
sahara_rabbitmq_telemetry_userid: "{{ sahara_rabbitmq_userid }}"
|
||||||
|
sahara_rabbitmq_telemetry_password: "{{ sahara_rabbitmq_password }}"
|
||||||
|
sahara_rabbitmq_telemetry_vhost: "{{ sahara_rabbitmq_vhost }}"
|
||||||
|
sahara_rabbitmq_telemetry_port: "{{ sahara_rabbitmq_port }}"
|
||||||
|
sahara_rabbitmq_telemetry_servers: "{{ sahara_rabbitmq_servers }}"
|
||||||
|
sahara_rabbitmq_telemetry_use_ssl: "{{ sahara_rabbitmq_use_ssl }}"
|
||||||
|
sahara_rabbitmq_telemetry_host_group: "{{ sahara_rabbitmq_host_group }}"
|
||||||
|
|
||||||
|
# If there are any Ceilometer and Sahara hosts in the environment, then enable its usage
|
||||||
|
sahara_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['sahara_all'] is defined) and (groups['ceilometer_all'] | length > 0) and (groups['sahara_all'] | length > 0) }}"
|
21
playbooks/inventory/group_vars/all/ssl.yml
Normal file
21
playbooks/inventory/group_vars/all/ssl.yml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2017, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
## SSL
|
||||||
|
# These do not need to be configured unless you're creating certificates for
|
||||||
|
# services running behind Apache (currently, Horizon and Keystone).
|
||||||
|
ssl_protocol: "ALL -SSLv2 -SSLv3"
|
||||||
|
# Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
|
||||||
|
ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS"
|
29
playbooks/inventory/group_vars/all/swift.yml
Normal file
29
playbooks/inventory/group_vars/all/swift.yml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
# Copyright 2017, Rackspace US, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
swift_proxy_port: 8080
|
||||||
|
swift_system_user_name: swift
|
||||||
|
swift_system_shell: /bin/bash
|
||||||
|
swift_system_comment: swift system user
|
||||||
|
swift_system_home_folder: "/var/lib/{{ swift_system_user_name }}"
|
||||||
|
|
||||||
|
# Swift Telemetry notifications
|
||||||
|
swift_rabbitmq_telemetry_userid: "swift"
|
||||||
|
swift_rabbitmq_telemetry_vhost: "/swift"
|
||||||
|
swift_rabbitmq_telemetry_servers: "{{ rabbitmq_servers }}"
|
||||||
|
swift_rabbitmq_telemetry_host_group: "{{ rabbitmq_host_group }}"
|
||||||
|
|
||||||
|
# If there are any Ceilometer and Swift hosts in the environment, then enable its usage
|
||||||
|
swift_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['swift_proxy'] is defined) and (groups['ceilometer_all'] | length > 0) and (groups['swift_proxy'] | length > 0) }}"
|
@ -197,7 +197,7 @@ sed -i.bak "s|^PIP_INSTALL_OPTIONS=.*|PIP_INSTALL_OPTIONS=\$\{PIP_INSTALL_OPTION
|
|||||||
|
|
||||||
for pin in ${PIP_CURRENT_OPTIONS}; do
|
for pin in ${PIP_CURRENT_OPTIONS}; do
|
||||||
sed -i.bak "s|^$(echo ${pin} | cut -f1 -d=).*|${pin}|" global-requirement-pins.txt
|
sed -i.bak "s|^$(echo ${pin} | cut -f1 -d=).*|${pin}|" global-requirement-pins.txt
|
||||||
sed -i.bak "s|^ - $(echo ${pin} | cut -f1 -d=).*| - ${pin}|" playbooks/inventory/group_vars/all.yml
|
sed -i.bak "s|^ - $(echo ${pin} | cut -f1 -d=).*| - ${pin}|" playbooks/inventory/group_vars/all/pip.yml
|
||||||
done
|
done
|
||||||
|
|
||||||
echo "Updated pip install options/pins"
|
echo "Updated pip install options/pins"
|
||||||
@ -263,13 +263,13 @@ else
|
|||||||
echo "Skipping the ansible-role-requirements.yml update as we're working on the master branch"
|
echo "Skipping the ansible-role-requirements.yml update as we're working on the master branch"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Update the release version in playbooks/inventory/group_vars/all.yml
|
# Update the release version in playbooks/inventory/group_vars/all/all.yml
|
||||||
# We don't want to be doing this for the master branch and we only want
|
# We don't want to be doing this for the master branch and we only want
|
||||||
# to do it once, so we key off of a specific repo source file name.
|
# to do it once, so we key off of a specific repo source file name.
|
||||||
if [[ "${OSA_BRANCH}" != "master" ]] && [[ "${SERVICE_FILE}" == "playbooks/defaults/repo_packages/openstack_services.yml" ]]; then
|
if [[ "${OSA_BRANCH}" != "master" ]] && [[ "${SERVICE_FILE}" == "playbooks/defaults/repo_packages/openstack_services.yml" ]]; then
|
||||||
|
|
||||||
echo "Updating the release version..."
|
echo "Updating the release version..."
|
||||||
currentversion=$(awk '/openstack_release:/ {print $2}' playbooks/inventory/group_vars/all.yml)
|
currentversion=$(awk '/openstack_release:/ {print $2}' playbooks/inventory/group_vars/all/all.yml)
|
||||||
|
|
||||||
# Extract the required version info
|
# Extract the required version info
|
||||||
major_version=$( echo ${currentversion} | cut -d. -f1 )
|
major_version=$( echo ${currentversion} | cut -d. -f1 )
|
||||||
@ -279,7 +279,7 @@ if [[ "${OSA_BRANCH}" != "master" ]] && [[ "${SERVICE_FILE}" == "playbooks/defau
|
|||||||
# increment the patch version
|
# increment the patch version
|
||||||
patch_version=$(( patch_version + 1 ))
|
patch_version=$(( patch_version + 1 ))
|
||||||
|
|
||||||
sed -i .bak "s/${currentversion}/${major_version}.${minor_version}.${patch_version}/" playbooks/inventory/group_vars/all.yml
|
sed -i .bak "s/${currentversion}/${major_version}.${minor_version}.${patch_version}/" playbooks/inventory/group_vars/all/all.yml
|
||||||
else
|
else
|
||||||
echo "Skipping the release version update as we're working on the master branch"
|
echo "Skipping the release version update as we're working on the master branch"
|
||||||
fi
|
fi
|
||||||
|
@ -40,5 +40,5 @@ esac
|
|||||||
shift
|
shift
|
||||||
done
|
done
|
||||||
|
|
||||||
sed -i.bak "s/^openstack_release\:.*/openstack_release\: ${REVISION}/" playbooks/inventory/group_vars/all.yml
|
sed -i.bak "s/^openstack_release\:.*/openstack_release\: ${REVISION}/" playbooks/inventory/group_vars/all/all.yml
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user