openstack-ansible/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

## General options
debug: True

## Ceilometer Options
ceilometer_db_type: mongodb
ceilometer_db_ip: {{ bootstrap_host_mongodb_address }}
ceilometer_db_port: 27017
cinder_ceilometer_enabled: True
glance_ceilometer_enabled: True
heat_ceilometer_enabled: True
neutron_ceilometer_enabled: True
nova_ceilometer_enabled: True
swift_ceilometer_enabled: False
keystone_ceilometer_enabled: True

## Aodh Options
aodh_db_type: mongodb
aodh_db_ip: {{ bootstrap_host_mongodb_address }}
aodh_db_port: 27017

## Glance Options
glance_default_store: swift

## SSL Settings
ssl_protocol: "ALL -SSLv2 -SSLv3"
# Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"

## Cinder settings
cinder_service_backup_program_enabled: True

## Tempest settings
tempest_service_available_ceilometer: True
tempest_service_available_aodh: True
tempest_public_subnet_cidr: 172.29.248.0/22
tempest_public_subnet_allocation_pools: "172.29.249.110-172.29.249.200"
tempest_volume_backup_enabled: True

## Galera settings
galera_innodb_buffer_pool_size: 512M
galera_innodb_log_buffer_size: 32M
galera_wsrep_provider_options:
 - { option: "gcache.size", value: "32M" }

## Neutron settings
neutron_metadata_checksum_fix: True

## Set workers for all services to optimise memory usage
ceilometer_api_workers: 2
ceilometer_collector_workers: 2
ceilometer_notification_workers: 2
cinder_osapi_volume_workers: 2
glance_api_workers: 2
glance_registry_workers: 2
heat_api_workers: 2
heat_engine_workers: 2
horizon_wsgi_processes: 2
horizon_wsgi_threads: 2
keystone_wsgi_processes: 2
neutron_api_workers: 2
neutron_metadata_workers: 1
neutron_rpc_workers: 1
nova_conductor_workers: 2
nova_metadata_workers: 2
nova_osapi_compute_workers: 2
swift_account_server_workers: 2
swift_container_server_workers: 2
swift_object_server_workers: 2
swift_proxy_server_workers: 2

# NOTE: hpcloud-b4's eth0 uses 10.0.3.0/24, which overlaps with the
#       lxc_net_address default
# TODO: We'll need to implement a mechanism to determine valid lxc_net_address
#       value which will not overlap with an IP already assigned to the host.
lxc_net_address: 10.255.255.1
lxc_net_netmask: 255.255.255.0
lxc_net_dhcp_range: 10.255.255.2,10.255.255.253

## Security hardening
apply_security_hardening: true

{% if repo_build_pip_extra_indexes is defined %}
## Wheel mirrors for the repo_build to use
repo_build_pip_extra_indexes:
{{ repo_build_pip_extra_indexes | to_nice_yaml }}
{% endif %}

{% if uca_apt_repo_url is defined %}
## Ubuntu Cloud Archive mirror to use
uca_apt_repo_url: {{ uca_apt_repo_url }}
{% endif %}

## Instruct the gate to always build libvirt-python from pip source
repo_build_pip_no_binary:
  - libvirt-python

# The container backing store is set to 'overlayfs' to speed up the
# AIO build time.
lxc_container_backing_store: overlayfs

## Enable LBaaSv2 in the AIO
neutron_plugin_base:
  - router
  - metering
  - neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2