--- # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ## Glance Options # Set default_store to "swift" if using Cloud Files or swift backend glance_default_store: file glance_notification_driver: noop # `internalURL` will cause glance to speak to swift via ServiceNet, use # `publicURL` to communicate with swift over the public network glance_swift_store_endpoint_type: internalURL ## Nova # Uncomment "nova_console_endpoint" to define a specific nova console URI or # IP address this will construct the specific proxy endpoint for the console. # nova_console_endpoint: console.company_domain.name # This defaults to KVM, if you are deploying on a host that is not KVM capable # change this to your hypervisor type: IE "qemu", "lxc". # nova_virt_type: kvm # nova_cpu_allocation_ratio: 2.0 # nova_ram_allocation_ratio: 1.0 ## Glance with Swift ### Extra options when configuring swift as a glance back-end. ### By default it will use the local swift install ### Set these when using a remote swift as a glance backend #glance_swift_store_auth_address: "https://some.auth.url.com" #glance_swift_store_user: "OPENSTACK_TENANT_ID:OPENSTACK_USER_NAME" #glance_swift_store_key: "OPENSTACK_USER_PASSWORD" #glance_swift_store_container: "NAME_OF_SWIFT_CONTAINER" #glance_swift_store_region: "NAME_OF_REGION" ## Swift # This will allow all users to create containers and upload to swift if set to True swift_allow_all_users: False ## Apache SSL Settings # These do not need to be configured unless you're creating certificates for # services running behind Apache (currently, Horizon and Keystone). ssl_protocol: "ALL -SSLv2 -SSLv3" # Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" # To override for Keystone only: # - keystone_ssl_protocol # - keystone_ssl_cipher_suite # To override for Horizon only: # - horizon_ssl_protocol # - horizon_ssl_cipher_suite ## Additional pinning generator that will allow for more packages to be pinned as you see fit. ## All pins allow for package and versions to be defined. Be careful using this as versions ## are always subject to change and updates regarding security will become your problem from this ## point on. Pinning can be done based on a package version, release, or origin. Use "*" in the ## package name to indicate that you want to pin all package to a particular constraint. # apt_pinned_packages: # - { package: "lxc", version: "1.0.7-0ubuntu0.1" } # - { package: "libvirt-bin", version: "1.2.2-0ubuntu13.1.9" } # - { package: "rabbitmq-server", origin: "www.rabbitmq.com" } # - { package: "*", release: "MariaDB" } ## Environment variable settings # This allows users to specify the additional environment variables to be set # which is useful in setting where you working behind a proxy. If working behind # a proxy It's important to always specify the scheme as "http://". This is what # the underlying python libraries will handle best. This proxy information will be # placed both on the hosts and inside the containers. ## Example environment variable setup: # proxy_env_url: http://username:pa$$w0rd@10.10.10.9:9000/ # no_proxy_env: "localhost,127.0.0.1,{% for host in groups['all_containers'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}" # global_environment_variables: # HTTP_PROXY: "{{ proxy_env_url }}" # HTTPS_PROXY: "{{ proxy_env_url }}" # NO_PROXY: "{{ no_proxy_env }}"