Merge "Reduce and organize group vars"

playbooks/inventory/group_vars/all.yml

@@ -1,5 +1,5 @@
 ---
-# Copyright 2015, Rackspace US, Inc.
+# Copyright 2016, Rackspace US, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,5 +16,183 @@
 ## OpenStack Source Code Release
 openstack_release: master
 
-# Global minimum kernel requirement
-openstack_host_required_kernel: 3.13.0-34-generic
+## Verbosity Options
+debug: False
+
+## SSH connection wait time
+ssh_delay: 5
+
+# These are pinned to ensure exactly the same behaviour forever!
+# These pins are updated through the sources-branch-updater script
+pip_packages:
+  - pip==8.1.2
+  - setuptools==22.0.0
+  - wheel==0.29.0
+
+pip_links:
+  - { name: "openstack_release", link: "{{ openstack_repo_url }}/os-releases/{{ openstack_release }}/" }
+
+## OpenStack source options
+# URL for the frozen internal openstack repo.
+repo_server_port: 8181
+openstack_repo_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}"
+openstack_repo_git_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}/openstackgit"
+
+## kernel modules for specific group hosts
+# :param name: name of the kernel module
+# :param pattern: pattern to search for in /boot/config-$kernel_version to check how module is configured inside kernel
+# :param group: group of hosts where the module will be loaded
+openstack_host_specific_kernel_modules:
+  - { name: "ebtables", pattern: "CONFIG_BRIDGE_NF_EBTABLES", group: "network_hosts" }
+
+## Memcached options
+memcached_port: 11211
+memcached_servers: "{% for host in groups['memcached'] %}{{ hostvars[host]['ansible_ssh_host'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
+
+## Galera
+galera_root_user: "root"
+
+## RabbitMQ
+rabbitmq_port: "{{ (rabbitmq_use_ssl | bool) | ternary(5671, 5672) }}"
+rabbitmq_servers: "{% for host in groups['rabbitmq_all'] %}{{ hostvars[host]['ansible_ssh_host'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}"
+rabbitmq_use_ssl: true
+
+## Enable external SSL handling for general OpenStack services
+openstack_external_ssl: true
+
+## OpenStack global Endpoint Protos
+openstack_service_publicuri_proto: https
+#openstack_service_adminuri_proto: http
+#openstack_service_internaluri_proto: http
+
+## SSL
+# These do not need to be configured unless you're creating certificates for
+# services running behind Apache (currently, Horizon and Keystone).
+ssl_protocol: "ALL -SSLv2 -SSLv3"
+# Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
+
+## Region Name
+service_region: RegionOne
+
+## OpenStack Domain
+openstack_domain: openstack.local
+lxc_container_domain: "{{ openstack_domain }}"
+
+## DHCP Domain Name
+dhcp_domain: openstacklocal
+
+## LDAP enabled toggle
+service_ldap_backend_enabled: "{{ keystone_ldap is defined and keystone_ldap.Default is defined }}"
+
+## Aodh DB info
+aodh_database_name: aodh
+aodh_database_user: aodh
+aodh_db_type: mongodb
+aodh_db_ip: localhost
+aodh_db_port: 27017
+aodh_connection_string: "{{ aodh_db_type }}://{{ aodh_database_user }}:{{ aodh_container_db_password }}@{{ aodh_db_ip }}:{{ aodh_db_port }}/{{ aodh_database_name }}"
+
+## Ceilometer
+ceilometer_service_user_name: ceilometer
+ceilometer_service_tenant_name: service
+ceilometer_rabbitmq_userid: ceilometer
+ceilometer_rabbitmq_vhost: /ceilometer
+
+## Cinder
+# cinder_backend_rbd_inuse: True if current host has an rbd backend
+cinder_backend_rbd_inuse: '{{ (cinder_backends|default("")|to_json).find("cinder.volume.drivers.rbd.RBDDriver") != -1 }}'
+# cinder_backends_rbd_inuse: true if at least 1 cinder_backend on any
+# cinder_volume host uses Ceph RBD
+# http://stackoverflow.com/questions/9486393/jinja2-change-the-value-of-a-variable-inside-a-loop
+cinder_backends_rbd_inuse: >
+  {% set _var = {'rbd_inuse': False} %}{%
+  for host in groups.cinder_volume %}{%
+  if hostvars[host].cinder_backend_rbd_inuse | bool %}{%
+  if _var.update({'rbd_inuse': True }) %}{%
+  endif %}{%
+  endif %}{%
+  endfor %}{{
+  _var.rbd_inuse }}
+cinder_ceph_client: cinder
+cinder_rabbitmq_userid: cinder
+cinder_rabbitmq_vhost: /cinder
+
+## Glance
+glance_service_port: 9292
+glance_api_servers: "{{ internal_lb_vip_address }}:{{ glance_service_port }}"
+glance_service_user_name: glance
+glance_rabbitmq_userid: glance
+glance_rabbitmq_vhost: /glance
+
+## Heat
+heat_rabbitmq_userid: heat
+heat_rabbitmq_vhost: /heat
+
+## Keystone
+keystone_admin_user_name: admin
+keystone_admin_tenant_name: admin
+keystone_admin_port: 35357
+keystone_service_port: 5000
+keystone_service_proto: http
+keystone_service_region: "{{ service_region }}"
+keystone_rabbitmq_userid: keystone
+keystone_rabbitmq_vhost: /keystone
+
+keystone_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(keystone_service_proto) }}"
+keystone_service_adminuri_insecure: "{% if keystone_service_adminuri_proto == 'https' and (keystone_user_ssl_cert is not defined or haproxy_user_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}"
+keystone_service_adminuri: "{{ keystone_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
+keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
+
+keystone_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(keystone_service_proto) }}"
+keystone_service_internaluri_insecure: "{% if keystone_service_internaluri_proto == 'https' and (keystone_user_ssl_cert is not defined or haproxy_user_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}"
+keystone_service_internaluri: "{{ keystone_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
+keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
+
+## Neutron
+neutron_service_port: 9696
+neutron_service_proto: http
+neutron_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(neutron_service_proto) }}"
+neutron_service_adminuri: "{{ neutron_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}"
+neutron_service_adminurl: "{{ neutron_service_adminuri }}"
+neutron_service_user_name: neutron
+neutron_service_project_name: service
+neutron_service_region: "{{ service_region }}"
+neutron_rabbitmq_userid: neutron
+neutron_rabbitmq_vhost: /neutron
+neutron_plugin_type: ml2.lxb
+
+## Nova
+nova_service_port: 8774
+nova_metadata_port: 8775
+nova_service_proto: http
+nova_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_service_proto) }}"
+nova_service_adminuri: "{{ nova_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}"
+nova_service_adminurl: "{{ nova_service_adminuri }}/v2.1/%(tenant_id)s"
+nova_service_region: "{{ service_region }}"
+nova_service_user_name: nova
+nova_service_project_name: service
+nova_service_project_domain_id: default
+nova_service_user_domain_id: default
+nova_rabbitmq_userid: nova
+nova_rabbitmq_vhost: /nova
+nova_keystone_auth_plugin: password
+
+## Swift
+swift_system_user_name: swift
+swift_system_shell: /bin/bash
+swift_system_comment: swift system user
+swift_system_home_folder: "/var/lib/{{ swift_system_user_name }}"
+
+## OpenStack Openrc
+openrc_os_auth_url: "{{ keystone_service_internalurl }}"
+openrc_os_password: "{{ keystone_auth_admin_password }}"
+openrc_os_domain_name: "Default"
+
+## Host security hardening
+# The openstack-ansible-security role provides security hardening for hosts
+# by applying security configurations from the STIG. Hardening is enabled by
+# default, but an option to opt out is available by setting the following
+# variable to 'false'.
+# Docs: http://docs.openstack.org/developer/openstack-ansible-security/
+apply_security_hardening: true

playbooks/inventory/group_vars/all_containers.yml

@@ -1 +0,0 @@
-hosts.yml

playbooks/inventory/group_vars/aodh_all.yml

@@ -0,0 +1,17 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+aodh_service_in_ldap: "{{ service_ldap_backend_enabled }}"
+aodh_service_publicuri: "{{ openstack_service_publicuri_proto|default(aodh_service_proto) }}://{{ external_lb_vip_address }}:{{ aodh_service_port }}"

playbooks/inventory/group_vars/ceilometer_all.yml

@@ -0,0 +1,19 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ceilometer_service_publicuri: "{{ openstack_service_publicuri_proto|default(ceilometer_service_proto) }}://{{ external_lb_vip_address }}:{{ ceilometer_service_port }}"
+ceilometer_service_adminurl: "{{ ceilometer_service_adminuri }}/"
+ceilometer_service_region: "{{ service_region }}"
+ceilometer_service_in_ldap: "{{ service_ldap_backend_enabled }}"

playbooks/inventory/group_vars/cinder_all.yml

@@ -0,0 +1,21 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# cinder_backend_lvm_inuse: True if current host has an lvm backend
+cinder_backend_lvm_inuse: '{{ (cinder_backends|default("")|to_json).find("cinder.volume.drivers.lvm.LVMVolumeDriver") != -1 }}'
+cinder_service_region: "{{ service_region }}"
+cinder_service_in_ldap: "{{ service_ldap_backend_enabled }}"
+cinder_glance_api_servers: "{{ glance_api_servers }}"
+cinder_glance_api_version: "{{ (cinder_backends_rbd_inuse|bool and glance_default_store == 'rbd') | ternary('2','1') }}"

playbooks/inventory/group_vars/glance_all.yml

@@ -0,0 +1,17 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+glance_service_region: "{{ service_region }}"
+glance_service_in_ldap: "{{ service_ldap_backend_enabled }}"

playbooks/inventory/group_vars/haproxy_all.yml

@@ -0,0 +1,17 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+haproxy_bind_on_non_local: "{% if groups.haproxy[1] is defined and internal_lb_vip_address != external_lb_vip_address %}True{% else %}False{% endif %}"
+haproxy_use_keepalived: "{% if groups.haproxy|length > 1 %}True{% else %}False{% endif %}"

playbooks/inventory/group_vars/heat_all.yml

@@ -0,0 +1,17 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+heat_service_region: "{{ service_region }}"
+heat_service_in_ldap: "{{ service_ldap_backend_enabled }}"

playbooks/inventory/group_vars/horizon_all.yml

@@ -0,0 +1,26 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+horizon_external_ssl: "{{ openstack_external_ssl }}"
+horizon_service_region: "{{ service_region }}"
+horizon_enable_cinder_backup: "{{ cinder_service_backup_program_enabled is defined and cinder_service_backup_program_enabled | bool }}"
+# NOTE(mhayden): neutron-lbaas is a separate plugin and requires the full
+# namespace to be specified. Also, LBaaS v1 was removed in Newton.
+horizon_enable_neutron_lbaas: "{{ neutron_plugin_base is defined and 'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2' in neutron_plugin_base }}"
+horizon_enable_neutron_fwaas: "{{ neutron_plugin_base is defined and 'firewall' in neutron_plugin_base }}"
+horizon_enable_neutron_vpnaas: "{{ neutron_plugin_base is defined and 'vpnaas' in neutron_plugin_base }}"
+horizon_enable_ha_router: "{{ neutron_plugin_type.split('.')[0] == 'ml2' and (groups['neutron_l3_agent'] | length >= 2) }}"
+horizon_rabbitmq_userid: horizon
+horizon_rabbitmq_vhost: /horizon

playbooks/inventory/group_vars/hosts.yml

@@ -1,329 +0,0 @@
----
-# Copyright 2014, Rackspace US, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-## Verbosity Options
-debug: False
-
-
-## SSH connection wait time
-ssh_delay: 5
-
-
-## Repo server
-repo_service_user_name: nginx
-repo_service_home_folder: /var/www
-repo_server_port: 8181
-repo_pip_default_index: "https://rpc-repo.rackspace.com/pools"
-
-
-## Rsyslog server
-rsyslog_server_storage_directory: /var/log/log-storage
-
-
-## OpenStack source options
-# URL for the frozen internal openstack repo.
-openstack_repo_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}"
-openstack_repo_git_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}/openstackgit"
-
-## Enable external SSL handling for general OpenStack services
-openstack_external_ssl: true
-nova_external_ssl: "{{ openstack_external_ssl }}"
-keystone_external_ssl: "{{ openstack_external_ssl }}"
-horizon_external_ssl: "{{ openstack_external_ssl }}"
-
-## LXC options
-lxc_container_caches:
-  - url: "https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz"
-    name: "trusty.tgz"
-    sha256sum: "56c6a6e132ea7d10be2f3e8104f47136ccf408b30e362133f0dc4a0a9adb4d0c"
-    chroot_path: trusty/rootfs-amd64
-
-
-## RabbitMQ
-rabbitmq_cluster_name: openstack
-rabbitmq_port: "{{ (rabbitmq_use_ssl | bool) | ternary(5671, 5672) }}"
-rabbitmq_servers: "{% for host in groups['rabbitmq_all'] %}{{ hostvars[host]['ansible_ssh_host'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}"
-rabbitmq_use_ssl: true
-
-## Galera
-galera_root_user: "root"
-galera_wsrep_cluster_address: "{% for host in groups['galera_all'] %}{{ hostvars[host]['ansible_ssh_host'] }}{% if not loop.last %},{% endif %}{% endfor %}"
-galera_wsrep_address: "{{ ansible_ssh_host }}"
-
-
-pip_links:
-  - { name: "openstack_release", link: "{{ openstack_repo_url }}/os-releases/{{ openstack_release }}/" }
-
-# These are pinned to ensure exactly the same behaviour forever!
-# These pins are updated through the sources-branch-updater script
-pip_packages:
-  - pip==8.1.2
-  - setuptools==22.0.0
-  - wheel==0.29.0
-
-## Memcached options
-memcached_listen: "{{ ansible_ssh_host }}"
-memcached_port: 11211
-memcached_servers: "{% for host in groups['memcached'] %}{{ hostvars[host]['ansible_ssh_host'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
-
-## Host security hardening
-# The openstack-ansible-security role provides security hardening for hosts
-# by applying security configurations from the STIG. Hardening is enabled by
-# default, but an option to opt out is available by setting the following
-# variable to 'false'.
-# Docs: http://docs.openstack.org/developer/openstack-ansible-security/
-apply_security_hardening: true
-
-## Region Name
-service_region: RegionOne
-
-## OpenStack Domain
-openstack_domain: openstack.local
-lxc_container_domain: "{{ openstack_domain }}"
-
-## DHCP Domain Name
-dhcp_domain: openstacklocal
-
-## SSL: Keystone
-# These do not need to be configured unless you're creating certificates for
-# services running behind Apache (currently, Horizon and Keystone).
-ssl_protocol: "ALL -SSLv2 -SSLv3"
-# Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
-ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
-
-## OpenStack global Endpoint Protos
-openstack_service_publicuri_proto: https
-#openstack_service_adminuri_proto: http
-#openstack_service_internaluri_proto: http
-
-## LDAP enabled toggle
-service_ldap_backend_enabled: "{{ keystone_ldap is defined and keystone_ldap.Default is defined }}"
-
-
-## Aodh
-# DB info
-aodh_database_name: aodh
-aodh_database_user: aodh
-aodh_db_type: mongodb
-aodh_db_ip: localhost
-aodh_db_port: 27017
-aodh_connection_string: "{{ aodh_db_type }}://{{ aodh_database_user }}:{{ aodh_container_db_password }}@{{ aodh_db_ip }}:{{ aodh_db_port }}/{{ aodh_database_name }}"
-aodh_service_in_ldap: "{{ service_ldap_backend_enabled }}"
-aodh_service_proto: http
-aodh_service_publicuri: "{{ openstack_service_publicuri_proto|default(aodh_service_proto) }}://{{ external_lb_vip_address }}:{{ aodh_service_port }}"
-
-
-## Ceilometer
-ceilometer_service_port: 8777
-ceilometer_service_proto: http
-ceilometer_service_user_name: ceilometer
-ceilometer_service_tenant_name: service
-ceilometer_service_publicuri: "{{ openstack_service_publicuri_proto|default(ceilometer_service_proto) }}://{{ external_lb_vip_address }}:{{ ceilometer_service_port }}"
-ceilometer_service_adminuri: "{{ ceilometer_service_proto }}://{{ internal_lb_vip_address }}:{{ ceilometer_service_port }}"
-ceilometer_service_adminurl: "{{ ceilometer_service_adminuri }}/"
-ceilometer_service_region: "{{ service_region }}"
-ceilometer_rabbitmq_userid: ceilometer
-ceilometer_rabbitmq_vhost: /ceilometer
-ceilometer_service_in_ldap: "{{ service_ldap_backend_enabled }}"
-
-
-## Nova
-nova_service_port: 8774
-nova_service_proto: http
-nova_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(nova_service_proto) }}"
-nova_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_service_proto) }}"
-nova_service_user_name: nova
-nova_service_project_name: service
-nova_service_project_domain_id: default
-nova_service_user_domain_id: default
-nova_service_adminuri: "{{ nova_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}"
-nova_service_adminurl: "{{ nova_service_adminuri }}/v2.1/%(tenant_id)s"
-nova_service_region: "{{ service_region }}"
-nova_metadata_port: 8775
-nova_keystone_auth_plugin: password
-nova_ceph_client: '{{ cinder_ceph_client }}'
-nova_ceph_client_uuid: '{{ cinder_ceph_client_uuid | default() }}'
-nova_dhcp_domain: "{{ dhcp_domain }}"
-nova_service_in_ldap: "{{ service_ldap_backend_enabled }}"
-nova_rabbitmq_userid: nova
-nova_rabbitmq_vhost: /nova
-nova_glance_api_servers: "{{ glance_api_servers }}"
-
-
-## Neutron
-neutron_service_port: 9696
-neutron_service_proto: http
-neutron_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(neutron_service_proto) }}"
-neutron_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(neutron_service_proto) }}"
-neutron_service_user_name: neutron
-neutron_service_project_name: service
-neutron_service_project_domain_id: default
-neutron_service_user_domain_id: default
-neutron_service_adminuri: "{{ neutron_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}"
-neutron_service_adminurl: "{{ neutron_service_adminuri }}"
-neutron_service_region: "{{ service_region }}"
-neutron_dhcp_domain: "{{ dhcp_domain }}"
-neutron_service_in_ldap: "{{ service_ldap_backend_enabled }}"
-neutron_rabbitmq_userid: neutron
-neutron_rabbitmq_vhost: /neutron
-
-# Neutron Plugins
-neutron_plugin_type: ml2.lxb
-
-
-## Glance
-glance_service_port: 9292
-glance_service_proto: http
-glance_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(glance_service_proto) }}"
-glance_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(glance_service_proto) }}"
-glance_service_user_name: glance
-glance_service_project_name: service
-glance_service_project_domain_id: default
-glance_service_user_domain_id: default
-glance_service_adminurl: "{{ glance_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}"
-glance_service_region: "{{ service_region }}"
-glance_service_in_ldap: "{{ service_ldap_backend_enabled }}"
-glance_api_servers: "{{ internal_lb_vip_address }}:{{ glance_service_port }}"
-glance_rabbitmq_userid: glance
-glance_rabbitmq_vhost: /glance
-
-
-## Keystone
-keystone_admin_user_name: admin
-keystone_admin_tenant_name: admin
-keystone_admin_port: 35357
-keystone_service_port: 5000
-keystone_service_proto: http
-keystone_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(keystone_service_proto) }}"
-keystone_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(keystone_service_proto) }}"
-keystone_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(keystone_service_proto) }}"
-keystone_service_user_name: keystone
-keystone_service_tenant_name: service
-keystone_service_region: "{{ service_region }}"
-keystone_rabbitmq_userid: keystone
-keystone_rabbitmq_vhost: /keystone
-
-keystone_service_internaluri_insecure: "{% if keystone_service_internaluri_proto == 'https' and (keystone_user_ssl_cert is not defined or haproxy_user_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}"
-keystone_service_adminuri_insecure: "{% if keystone_service_adminuri_proto == 'https' and (keystone_user_ssl_cert is not defined or haproxy_user_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}"
-
-keystone_service_publicuri: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
-keystone_service_internaluri: "{{ keystone_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
-keystone_service_adminuri: "{{ keystone_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
-
-keystone_service_publicurl: "{{ keystone_service_publicuri }}/v3"
-keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"
-keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"
-
-keystone_cache_backend_argument: "url:{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}:{{ memcached_port }}"
-keystone_memcached_servers: "{% for host in groups['keystone_all'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
-keystone_service_in_ldap: "{{ service_ldap_backend_enabled }}"
-
-
-## Horizon
-horizon_service_region: "{{ service_region }}"
-horizon_enable_cinder_backup: "{{ cinder_service_backup_program_enabled is defined and cinder_service_backup_program_enabled | bool }}"
-# NOTE(mhayden): neutron-lbaas is a separate plugin and requires the full
-# namespace to be specified. Also, LBaaS v1 was removed in Newton.
-horizon_enable_neutron_lbaas: "{{ neutron_plugin_base is defined and 'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2' in neutron_plugin_base }}"
-horizon_enable_neutron_fwaas: "{{ neutron_plugin_base is defined and 'firewall' in neutron_plugin_base }}"
-horizon_enable_neutron_vpnaas: "{{ neutron_plugin_base is defined and 'vpnaas' in neutron_plugin_base }}"
-horizon_enable_ha_router: "{{ neutron_plugin_type.split('.')[0] == 'ml2' and (groups['neutron_l3_agent'] | length >= 2) }}"
-horizon_rabbitmq_userid: horizon
-horizon_rabbitmq_vhost: /horizon
-
-
-## Heat
-heat_service_region: "{{ service_region }}"
-heat_service_in_ldap: "{{ service_ldap_backend_enabled }}"
-heat_rabbitmq_userid: heat
-heat_rabbitmq_vhost: /heat
-heat_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(heat_service_proto) }}"
-
-
-## Cinder
-# cinder_backend_rbd_inuse: True if current host has an rbd backend
-cinder_backend_rbd_inuse: '{{ (cinder_backends|default("")|to_json).find("cinder.volume.drivers.rbd.RBDDriver") != -1 }}'
-# cinder_backends_rbd_inuse: true if at least 1 cinder_backend on any
-# cinder_volume host uses Ceph RBD
-# http://stackoverflow.com/questions/9486393/jinja2-change-the-value-of-a-variable-inside-a-loop
-cinder_backends_rbd_inuse: >
-  {% set _var = {'rbd_inuse': False} %}{%
-  for host in groups.cinder_volume %}{%
-  if hostvars[host].cinder_backend_rbd_inuse | bool %}{%
-  if _var.update({'rbd_inuse': True }) %}{%
-  endif %}{%
-  endif %}{%
-  endfor %}{{
-  _var.rbd_inuse }}
-cinder_ceph_client: cinder
-# cinder_backend_lvm_inuse: True if current host has an lvm backend
-cinder_backend_lvm_inuse: '{{ (cinder_backends|default("")|to_json).find("cinder.volume.drivers.lvm.LVMVolumeDriver") != -1 }}'
-cinder_service_region: "{{ service_region }}"
-cinder_service_in_ldap: "{{ service_ldap_backend_enabled }}"
-cinder_rabbitmq_userid: cinder
-cinder_rabbitmq_vhost: /cinder
-cinder_glance_api_servers: "{{ glance_api_servers }}"
-cinder_glance_api_version: "{{ (cinder_backends_rbd_inuse|bool and glance_default_store == 'rbd') | ternary('2','1') }}"
-cinder_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(cinder_service_proto) }}"
-
-
-## Swift
-swift_system_user_name: swift
-swift_system_group_name: swift
-swift_system_shell: /bin/bash
-swift_system_comment: swift system user
-swift_system_home_folder: "/var/lib/{{ swift_system_user_name }}"
-swift_service_region: "{{ service_region }}"
-swift_service_in_ldap: "{{ service_ldap_backend_enabled }}"
-swift_rabbitmq_userid: swift
-swift_rabbitmq_vhost: /swift
-swift_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(swift_service_proto) }}"
-
-
-## Ironic
-ironic_rabbitmq_vhost: /ironic
-ironic_rabbitmq_userid: ironic
-ironic_galera_database: ironic
-ironic_galera_user: ironic
-ironic_service_name: ironic
-ironic_service_project_name: service
-ironic_service_port: 6385
-ironic_service_proto: http
-ironic_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(ironic_service_proto) }}"
-ironic_service_adminuri: "{{ ironic_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_service_port }}"
-ironic_service_adminurl: "{{ ironic_service_adminuri }}/v1"
-
-
-## OpenStack Openrc
-openrc_os_auth_url: "{{ keystone_service_internalurl }}"
-openrc_os_password: "{{ keystone_auth_admin_password }}"
-openrc_os_domain_name: "Default"
-
-
-## HAProxy
-haproxy_bind_on_non_local: "{% if groups.haproxy[1] is defined and internal_lb_vip_address != external_lb_vip_address %}True{% else %}False{% endif %}"
-haproxy_use_keepalived: "{% if groups.haproxy|length > 1 %}True{% else %}False{% endif %}"
-
-## kernel modules for specific group hosts
-# :param name: name of the kernel module
-# :param pattern: pattern to search for in /boot/config-$kernel_version to check how module is configured inside kernel
-# :param group: group of hosts where the module will be loaded
-openstack_host_specific_kernel_modules:
-  - { name: "ebtables", pattern: "CONFIG_BRIDGE_NF_EBTABLES", group: "network_hosts" }
-
-## Tempest
-tempest_log_dir: /var/log/utility
-tempest_venv_tag: "{{ tempest_git_install_branch }}"
-tempest_venv_bin: "/opt/tempest_{{ tempest_venv_tag }}/bin"

playbooks/inventory/group_vars/ironic_all.yml

@@ -0,0 +1,20 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ironic_rabbitmq_vhost: /ironic
+ironic_rabbitmq_userid: ironic
+ironic_galera_database: ironic
+ironic_galera_user: ironic
+ironic_service_adminurl: "{{ ironic_service_adminuri }}/v1"

playbooks/inventory/group_vars/keystone_all.yml

@@ -0,0 +1,20 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+keystone_external_ssl: "{{ openstack_external_ssl }}"
+
+keystone_cache_backend_argument: "url:{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}:{{ memcached_port }}"
+keystone_memcached_servers: "{% for host in groups['keystone_all'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
+keystone_service_in_ldap: "{{ service_ldap_backend_enabled }}"

playbooks/inventory/group_vars/memcached.yml

@@ -0,0 +1,16 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+memcached_listen: "{{ ansible_ssh_host }}"

playbooks/inventory/group_vars/neutron_all.yml

@@ -0,0 +1,17 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+neutron_dhcp_domain: "{{ dhcp_domain }}"
+neutron_service_in_ldap: "{{ service_ldap_backend_enabled }}"

playbooks/inventory/group_vars/nova_all.yml

@@ -0,0 +1,19 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+nova_external_ssl: "{{ openstack_external_ssl }}"
+nova_ceph_client_uuid: '{{ cinder_ceph_client_uuid | default() }}'
+nova_dhcp_domain: "{{ dhcp_domain }}"
+nova_service_in_ldap: "{{ service_ldap_backend_enabled }}"

playbooks/inventory/group_vars/rabbitmq_all.yml

@@ -0,0 +1,16 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+rabbitmq_cluster_name: openstack

playbooks/inventory/group_vars/rsyslog.yml

@@ -0,0 +1,16 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+rsyslog_server_storage_directory: /var/log/log-storage

playbooks/inventory/group_vars/swift_all.yml

@@ -0,0 +1,17 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+swift_service_region: "{{ service_region }}"
+swift_service_in_ldap: "{{ service_ldap_backend_enabled }}"

playbooks/inventory/group_vars/utility_all.yml

@@ -0,0 +1,16 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+tempest_log_dir: /var/log/utility

scripts/sources-branch-updater.sh

@@ -187,7 +187,7 @@ sed -i.bak "s|^PIP_INSTALL_OPTIONS=.*|PIP_INSTALL_OPTIONS=\$\{PIP_INSTALL_OPTION
 
 for pin in ${PIP_CURRENT_OPTIONS}; do
   sed -i.bak "s|^$(echo ${pin} | cut -f1 -d=).*|${pin}|" *requirements.txt
-  sed -i.bak "s|^  - $(echo ${pin} | cut -f1 -d=).*|  - ${pin}|" playbooks/inventory/group_vars/hosts.yml
+  sed -i.bak "s|^  - $(echo ${pin} | cut -f1 -d=).*|  - ${pin}|" playbooks/inventory/group_vars/all.yml
 done
 
 echo "Updated pip install options/pins"