openstack-ansible/playbooks/roles/os_nova/defaults/main.yml
Matt Thompson 5a3d5afa0f Allow nova key/partition/password injection
This commit adds the following new variables to customise whether nova
will allow key/partition/password injection:

nova_libvirt_inject_key
nova_libvirt_inject_partition
nova_libvirt_inject_password

Additionally, the following variable has been added to allow setting
password via Horizon:

horizon_can_set_password

Lastly, password injection can now be tested with tempest via:

tempest_compute_change_password

Note that all variables have been defaulted to their current values.

Closes-Bug: #1469238

Change-Id: Iff434ed7c042f7990990485c34d0f35b9a7baa7a
2015-08-13 09:25:17 +00:00

329 lines
13 KiB
YAML

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Defines that the role will be deployed on a host machine
is_metal: true
# Enable/Disable ceilometer configurations
nova_ceilometer_enabled: False
## Verbosity Options
debug: False
verbose: True
nova_fatal_deprecations: False
## System info
nova_system_user_name: nova
nova_system_group_name: nova
nova_system_shell: /bin/bash
nova_system_comment: nova system user
nova_system_home_folder: "/var/lib/{{ nova_system_user_name }}"
## DB
nova_galera_user: nova
nova_galera_database: nova
nova_db_max_overflow: 10
nova_db_max_pool_size: 120
nova_db_pool_timeout: 30
## RPC
nova_rpc_backend: nova.openstack.common.rpc.impl_kombu
nova_rpc_thread_pool_size: 64
nova_rpc_conn_pool_size: 30
nova_rpc_response_timeout: 60
## Nova virtualization Type, set to KVM if supported
nova_virt_type: kvm
## Nova Auth
nova_service_region: RegionOne
nova_service_project_name: "service"
nova_service_project_domain_id: default
nova_service_user_domain_id: default
nova_service_user_name: "nova"
nova_service_role_name: "admin"
## Keystone authentication middleware
nova_keystone_auth_plugin: password
## Nova enabled apis
nova_enabled_apis: "osapi_compute,metadata"
## Nova s3
nova_s3_service_name: s3
nova_s3_service_type: s3
nova_s3_service_proto: http
nova_s3_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(nova_s3_service_proto) }}"
nova_s3_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_s3_service_proto) }}"
nova_s3_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(nova_s3_service_proto) }}"
nova_s3_service_port: 3333
nova_s3_service_description: "S3 Compatibility Layer"
nova_s3_service_publicuri: "{{ nova_s3_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ nova_s3_service_port }}"
nova_s3_service_publicurl: "{{ nova_s3_service_publicuri }}"
nova_s3_service_adminuri: "{{ nova_s3_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_s3_service_port }}"
nova_s3_service_adminurl: "{{ nova_s3_service_adminuri }}"
nova_s3_service_internaluri: "{{ nova_s3_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_s3_service_port }}"
nova_s3_service_internalurl: "{{ nova_s3_service_internaluri }}"
nova_s3_program_name: nova-api-ec2
nova_s3_deprecated_but_enabled: false
## Nova v3
nova_v3_service_name: novav3
nova_v3_service_type: computev3
nova_v3_service_proto: http
nova_v3_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(nova_v3_service_proto) }}"
nova_v3_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_v3_service_proto) }}"
nova_v3_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(nova_v3_service_proto) }}"
nova_v3_service_port: 8774
nova_v3_service_description: "Nova Compute Service V3"
nova_v3_service_publicuri: "{{ nova_v3_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ nova_v3_service_port }}"
nova_v3_service_publicurl: "{{ nova_v3_service_publicuri }}/v3"
nova_v3_service_adminuri: "{{ nova_v3_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_v3_service_port }}"
nova_v3_service_adminurl: "{{ nova_v3_service_adminuri }}/v3"
nova_v3_service_internaluri: "{{ nova_v3_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_v3_service_port }}"
nova_v3_service_internalurl: "{{ nova_v3_service_internaluri }}/v3"
nova_v3_deprecated_but_enabled: false
## Nova v2.1
nova_v21_service_name: novav21
nova_v21_service_type: computev21
nova_v21_service_proto: http
nova_v21_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(nova_v21_service_proto) }}"
nova_v21_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_v21_service_proto) }}"
nova_v21_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(nova_v21_service_proto) }}"
nova_v21_service_port: 8774
nova_v21_service_description: "Nova Compute Service V2.1"
nova_v21_service_publicuri: "{{ nova_v21_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ nova_v21_service_port }}"
nova_v21_service_publicurl: "{{ nova_v21_service_publicuri }}/v2.1"
nova_v21_service_adminuri: "{{ nova_v21_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_v21_service_port }}"
nova_v21_service_adminurl: "{{ nova_v21_service_adminuri }}/v2.1"
nova_v21_service_internaluri: "{{ nova_v21_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_v21_service_port }}"
nova_v21_service_internalurl: "{{ nova_v21_service_internaluri }}/v2.1"
nova_v21_enabled: true
## Nova v2
nova_service_name: nova
nova_service_type: compute
nova_service_proto: http
nova_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(nova_service_proto) }}"
nova_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_service_proto) }}"
nova_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(nova_service_proto) }}"
nova_service_port: 8774
nova_service_description: "Nova Compute Service"
nova_service_publicuri: "{{ nova_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ nova_service_port }}"
nova_service_publicurl: "{{ nova_service_publicuri }}/v2/%(tenant_id)s"
nova_service_adminuri: "{{ nova_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}"
nova_service_adminurl: "{{ nova_service_adminuri }}/v2/%(tenant_id)s"
nova_service_internaluri: "{{ nova_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}"
nova_service_internalurl: "{{ nova_service_internaluri }}/v2/%(tenant_id)s"
nova_program_name: nova-api-os-compute
## Nova ec2
# WARNNING: The EC2 api in the nova tree has been deprecated. To consume this API you'll need to
# uncomment the EC2 section found within the nova `api-paste.ini` file.
nova_ec2_service_name: ec2
nova_ec2_service_type: ec2
nova_ec2_service_proto: http
nova_ec2_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(nova_ec2_service_proto) }}"
nova_ec2_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_ec2_service_proto) }}"
nova_ec2_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(nova_ec2_service_proto) }}"
nova_ec2_service_port: 8773
nova_ec2_service_description: "EC2 Compatibility Layer"
nova_ec2_service_publicuri: "{{ nova_ec2_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ nova_ec2_service_port }}"
nova_ec2_service_publicurl: "{{ nova_ec2_service_publicuri }}/services/Cloud"
nova_ec2_service_adminuri: "{{ nova_ec2_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_ec2_service_port }}"
nova_ec2_service_adminurl: "{{ nova_ec2_service_adminuri }}/services/Admin"
nova_ec2_service_internaluri: "{{ nova_ec2_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_ec2_service_port }}"
nova_ec2_service_internalurl: "{{ nova_ec2_service_internaluri }}/services/Cloud"
nova_ec2_program_name: nova-api-ec2
nova_ec2_deprecated_but_enabled: false
## Nova cinder
nova_cross_az_attach: True
## Nova spice
nova_spice_html5proxy_base_proto: http
nova_spice_html5proxy_base_port: 6082
nova_spice_html5proxy_base_uri: "{{ nova_spice_html5proxy_base_proto }}://{{ external_lb_vip_address}}:{{ nova_spice_html5proxy_base_port }}"
nova_spice_html5proxy_base_url: "{{ nova_spice_html5proxy_base_uri }}/spice_auto.html"
nova_spice_console_keymap: en-us
nova_spice_console_agent_enabled: True
nova_spice_program_name: nova-spicehtml5proxy
## Nova metadata
nova_metadata_proxy_enabled: True
nova_metadata_port: 8775
nova_metadata_program_name: nova-api-metadata
## Nova cert
nova_cert_program_name: nova-cert
## Nova compute
nova_enable_instance_password: True
nova_compute_program_name: nova-compute
# TODO: This defaults to 'False' upstream, we should set this to 'False' in Liberty
nova_force_config_drive: True
## Nova libvirt
nova_libvirt_inject_key: False
# inject partition options:
# -2 => disable, -1 => inspect (libguestfs only), 0 => not partitioned, >0 => partition number
nova_libvirt_inject_partition: -2
nova_libvirt_inject_password: False
## Nova conductor
nova_conductor_program_name: nova-conductor
## Nova console
nova_console_agent_enabled: True
nova_consoleauth_program_name: nova-consoleauth
nova_console_agent_enabled: True
nova_console_keymap: en-us
# Set the console type. Presently the only option is ["spice"].
nova_console_type: spice
## Nova global config
nova_cpu_mode: host-model
nova_linuxnet_interface_driver: nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
nova_libvirt_vif_driver: nova.virt.libvirt.vif.NeutronLinuxBridgeVIFDriver
nova_firewall_driver: nova.virt.firewall.NoopFirewallDriver
nova_compute_driver: libvirt.LibvirtDriver
nova_max_age: 0
nova_remove_unused_resized_minimum_age_seconds: 3600
nova_image_cache_manager_interval: 0
nova_resume_guests_state_on_host_boot: False
# Nova quota
nova_quota_cores: 20
nova_quota_fixed_ips: -1
nova_quota_floating_ips: 10
nova_quota_injected_file_content_bytes: 10240
nova_quota_injected_file_path_length: 255
nova_quota_injected_files: 5
nova_quota_instances: 10
nova_quota_key_pairs: 100
nova_quota_metadata_items: 128
nova_quota_networks: 3
nova_quota_ram: 51200
nova_quota_security_group_rules: 20
nova_quota_security_groups: 10
nova_quota_server_group_members: 10
nova_quota_server_groups: 10
# Nova Scheduler
nova_cpu_allocation_ratio: 2.0
nova_disk_allocation_ratio: 1.0
nova_max_instances_per_host: 50
nova_max_io_ops_per_host: 10
nova_ram_allocation_ratio: 1.0
nova_ram_weight_multiplier: 5.0
nova_reserved_host_disk_mb: 2048
nova_reserved_host_memory_mb: 2048
nova_scheduler_driver_task_period: 60
nova_scheduler_host_subset_size: 10
nova_scheduler_max_attempts: 5
nova_scheduler_default_filters: "RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,AggregateCoreFilter,AggregateDiskFilter"
nova_scheduler_driver: nova.scheduler.filter_scheduler.FilterScheduler
nova_scheduler_available_filters: nova.scheduler.filters.all_filters
nova_scheduler_host_manager: nova.scheduler.host_manager.HostManager
nova_scheduler_manager: nova.scheduler.manager.SchedulerManager
nova_scheduler_weight_classes: nova.scheduler.weights.all_weighers
nova_scheduler_program_name: nova-scheduler
# If you want to regenerate the nova users SSH keys, on each run, set this var to True
# Otherwise keys will be generated on the first run and not regenerated each run.
nova_recreate_keys: False
# Nova Ceph rbd
# Enble and define nova_libvirt_images_rbd_pool to use rbd as nova backend
#nova_libvirt_images_rbd_pool: vms
nova_ceph_client: '{{ cinder_ceph_client }}'
nova_ceph_client_uuid: 517a4663-3927-44bc-9ea7-4a90e1cd4c66
## General Neutron configuration
# If ``nova_osapi_compute_workers`` is unset the system will use half the number of available VCPUS to
# compute the number of api workers to use.
# nova_osapi_compute_workers: 16
# If ``nova_conductor_workers`` is unset the system will use half the number of available VCPUS to
# compute the number of api workers to use.
# nova_conductor_workers: 16
# If ``nova_ec2_workers`` is unset the system will use half the number of available VCPUS to
# compute the number of api workers to use.
# nova_ec2_workers: 16
# If ``nova_metadata_workers`` is unset the system will use half the number of available VCPUS to
# compute the number of api workers to use.
# nova_metadata_workers: 16
## Policy vars
# Provide a list of access controls to update the default policy.json with. These changes will be merged
# with the access controls in the default policy.json. E.g.
#nova_policy_overrides:
# "compute:create": ""
# "compute:create:attach_network": ""
## libvirtd config options
nova_libvirtd_listen_tls: 1
nova_libvirtd_listen_tcp: 0
nova_libvirtd_auth_tcp: sasl
## Service Names
nova_service_names:
- "{{ nova_metadata_program_name }}"
- "{{ nova_cert_program_name }}"
- "{{ nova_conductor_program_name }}"
- "{{ nova_s3_program_name }}"
- "{{ nova_program_name }}"
- "{{ nova_ec2_program_name }}"
- "{{ nova_scheduler_program_name }}"
- "{{ nova_compute_program_name }}"
- "{{ nova_spice_program_name }}"
- "{{ nova_consoleauth_program_name }}"
# Common apt packages
nova_apt_packages:
- genisoimage
- git
- libpq-dev
# Spice console apt packages
nova_spice_apt_packages:
- spice-html5
nova_compute_kvm_apt_packages:
- bridge-utils
- genisoimage
- kpartx
- libvirt-bin
- open-iscsi
- python-libguestfs
- python-libvirt
- qemu
- qemu-utils
- sysfsutils
- vlan
# Common pip packages
nova_pip_packages:
- MySQL-python
- python-memcached
- pycrypto
- python-keystoneclient
- python-novaclient
- keystonemiddleware
- nova