openstack/openstack-ansible
Code Issues Proposed changes
af5c873af4
openstack-ansible/group_vars/all/all.yml
Jesse Pretorius ef12bf04ed Implement rolling upgrades for cinder 
Based on [1], this patch implements changes to the playbook
which executes the cinder deployment in a play per host
group, serialised to ensure that:

1. The services are changed in the right order.
2. The services remain available at all times during
   an upgrade.
3. Online data migrations are actioned once all versions
   of software are at the same levels.
4. If services are sharing a host/container then the
   role execution will not execute twice on the same
   host.

[1] https://docs.openstack.org/developer/cinder/upgrade.html#minimal-downtime-upgrade-procedure

Depends-On: Id95cae40f736ea2c84200955fccdb44ea3bc1dd8
Depends-On: If5729671cb69f928df660ec2d9ba83fe3f567946
Depends-On: I9aacda78f92355374af3f4ab24d2d9a9b47491ed
Change-Id: I0bdb51ce0d8b3b9a145d29ef6808e1fe595924e2
2017-06-20 09:40:43 +00:00

120 lines
4.1 KiB
YAML
Raw Blame History

---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## OpenStack Source Code Release
openstack_release: master
## Verbosity Options
debug: False
## SSH connection wait time
ssh_delay: 5
# Set the package install state for distribution packages
# Options are 'present' and 'latest'
package_state: "latest"
# Set "/var/log" to be a bind mount to the physical host.
default_bind_mount_logs: true
# Set distro variable
os_distro_version: "{{ ansible_distribution | lower }}-{{ ansible_distribution_version.split('.')[:2] | join('.') }}-{{ ansible_architecture | lower }}"
# Ensure that the package state matches the global setting
rsyslog_client_package_state: "{{ package_state }}"
## OpenStack source options
openstack_repo_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}"
openstack_repo_git_url: "git://{{ internal_lb_vip_address }}"
# URL for the frozen internal openstack repo.
repo_server_port: 8181
repo_pkg_cache_enabled: true
repo_pkg_cache_port: 3142
repo_pkg_cache_url: "http://{{ internal_lb_vip_address }}:{{ repo_pkg_cache_port }}"
repo_release_path: "{{ openstack_repo_url }}/os-releases/{{ openstack_release }}/{{ os_distro_version }}"
## kernel modules for specific group hosts
# :param name: name of the kernel module
# :param pattern: pattern to search for in /boot/config-$kernel_version to check how module is configured inside kernel
# :param group: group of hosts where the module will be loaded
openstack_host_specific_kernel_modules:
- { name: "ebtables", pattern: "CONFIG_BRIDGE_NF_EBTABLES", group: "network_hosts" }
## DNS resolution (resolvconf) options
#Group containing resolvers to configure
resolvconf_resolver_group: unbound
## Enable external SSL handling for general OpenStack services
openstack_external_ssl: true
## OpenStack global Endpoint Protos
openstack_service_publicuri_proto: https
#openstack_service_adminuri_proto: http
#openstack_service_internaluri_proto: http
## Region Name
service_region: RegionOne
## OpenStack Domain
openstack_domain: openstack.local
lxc_container_domain: "{{ openstack_domain }}"
## DHCP Domain Name
dhcp_domain: openstacklocal
## LDAP enabled toggle
service_ldap_backend_enabled: "{{ keystone_ldap is defined and keystone_ldap.Default is defined }}"
## Base venv configuration
venv_tag: "{{ openstack_release }}"
venv_base_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ os_distro_version }}"
## Gnocchi
# Used in both Gnocchi and Swift roles.
gnocchi_service_project_name: "{{ (gnocchi_storage_driver is defined and gnocchi_storage_driver == 'swift') | ternary('gnocchi_swift', 'service') }}"
## OpenStack Openrc
openrc_os_auth_url: "{{ keystone_service_internalurl }}"
openrc_os_password: "{{ keystone_auth_admin_password }}"
openrc_os_domain_name: "Default"
openrc_region_name: "{{ service_region }}"
## Host security hardening
# The ansible-hardening role provides security hardening for hosts
# by applying security configurations from the STIG. Hardening is enabled by
# default, but an option to opt out is available by setting the following
# variable to 'false'.
# Docs: http://docs.openstack.org/developer/ansible-hardening/
apply_security_hardening: true
## Ansible ssh configuration
ansible_ssh_extra_args: >
-o UserKnownHostsFile=/dev/null
-o StrictHostKeyChecking=no
-o ServerAliveInterval=64
-o ServerAliveCountMax=1024
-o Compression=no
-o TCPKeepAlive=yes
-o VerifyHostKeyDNS=no
-o ForwardX11=no
-o ForwardAgent=yes
-T
# Toggle whether the service is deployed in a container or not
is_metal: "{{ properties.is_metal | default(false) }}"
View Git Blame Copy Permalink