--- # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ## General options debug: True ## Ceilometer Options ceilometer_db_type: mongodb ceilometer_db_ip: {{ bootstrap_host_mongodb_address }} ceilometer_db_port: 27017 cinder_ceilometer_enabled: True glance_ceilometer_enabled: True heat_ceilometer_enabled: True neutron_ceilometer_enabled: True nova_ceilometer_enabled: True swift_ceilometer_enabled: False keystone_ceilometer_enabled: True ## Aodh Options aodh_db_type: mongodb aodh_db_ip: {{ bootstrap_host_mongodb_address }} aodh_db_port: 27017 ## Glance Options glance_default_store: swift ## SSL Settings ssl_protocol: "ALL -SSLv2 -SSLv3" # Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" ## Cinder settings cinder_service_backup_program_enabled: True ## Tempest settings tempest_service_available_ceilometer: True tempest_service_available_aodh: True tempest_public_subnet_cidr: 172.29.248.0/22 tempest_public_subnet_allocation_pools: "172.29.249.110-172.29.249.200" tempest_volume_backup_enabled: True ## Galera settings galera_innodb_buffer_pool_size: 512M galera_innodb_log_buffer_size: 32M galera_wsrep_provider_options: - { option: "gcache.size", value: "32M" } ## Neutron settings neutron_metadata_checksum_fix: True ## Set workers for all services to optimise memory usage ceilometer_api_workers: 2 ceilometer_collector_workers: 2 ceilometer_notification_workers: 2 cinder_osapi_volume_workers: 2 glance_api_workers: 2 glance_registry_workers: 2 heat_api_workers: 2 heat_engine_workers: 2 horizon_wsgi_processes: 2 horizon_wsgi_threads: 2 keystone_wsgi_processes: 2 neutron_api_workers: 2 neutron_metadata_workers: 1 neutron_rpc_workers: 1 nova_conductor_workers: 2 nova_metadata_workers: 2 nova_osapi_compute_workers: 2 swift_account_server_workers: 2 swift_container_server_workers: 2 swift_object_server_workers: 2 swift_proxy_server_workers: 2 # NOTE: hpcloud-b4's eth0 uses 10.0.3.0/24, which overlaps with the # lxc_net_address default # TODO: We'll need to implement a mechanism to determine valid lxc_net_address # value which will not overlap with an IP already assigned to the host. lxc_net_address: 10.255.255.1 lxc_net_netmask: 255.255.255.0 lxc_net_dhcp_range: 10.255.255.2,10.255.255.253 ## Security hardening apply_security_hardening: true {% if repo_build_pip_extra_indexes is defined %} ## Wheel mirrors for the repo_build to use repo_build_pip_extra_indexes: {{ repo_build_pip_extra_indexes | to_nice_yaml }} {% endif %} {% if uca_apt_repo_url is defined %} ## Ubuntu Cloud Archive mirror to use uca_apt_repo_url: {{ uca_apt_repo_url }} {% endif %} ## Instruct the gate to always build libvirt-python from pip source repo_build_pip_no_binary: - libvirt-python # The container backing store is set to 'overlayfs' to speed up the # AIO build time. lxc_container_backing_store: overlayfs ## Enable LBaaSv2 in the AIO neutron_plugin_base: - router - metering - neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2