parameter_merge_strategies: default: overwrite UndercloudExtraConfig: deep_merge resource_registry: OS::TripleO::Services::Tmpwatch: ../deployment/logrotate/tmpwatch-install.yaml OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/noop.yaml OS::TripleO::Network::Ports::OVNDBsVipPort: ../network/ports/noop.yaml OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/undercloud_post.yaml OS::TripleO::Services::DockerRegistry: ../deployment/image-serve/image-serve-baremetal-ansible.yaml OS::TripleO::Services::ContainerImagePrepare: ../deployment/container-image-prepare/container-image-prepare-baremetal-ansible.yaml # Allows us to control the external VIP for Undercloud SSL OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_from_pool.yaml OS::TripleO::Services::ComputeNeutronOvsAgent: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml OS::TripleO::Services::NeutronOvsAgent: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml OS::TripleO::Services::NeutronDhcpAgent: ../deployment/neutron/neutron-dhcp-container-puppet.yaml OS::TripleO::Services::NeutronL3Agent: ../deployment/neutron/neutron-l3-container-puppet.yaml OS::TripleO::Services::NeutronCorePlugin: ../deployment/neutron/neutron-plugin-ml2-container-puppet.yaml OS::TripleO::Services::NeutronMl2PluginBase: ../deployment/neutron/neutron-plugin-ml2.yaml OS::TripleO::Services::OpenStackClients: ../deployment/clients/openstack-clients-baremetal-ansible.yaml # services we disable by default on the undercloud OS::TripleO::Services::AodhApi: OS::Heat::None OS::TripleO::Services::AodhEvaluator: OS::Heat::None OS::TripleO::Services::AodhNotifier: OS::Heat::None OS::TripleO::Services::AodhListener: OS::Heat::None OS::TripleO::Services::CeilometerAgentCentral: OS::Heat::None OS::TripleO::Services::CeilometerAgentNotification: OS::Heat::None OS::TripleO::Services::CeilometerAgentIpmi: OS::Heat::None OS::TripleO::Services::GnocchiApi: OS::Heat::None OS::TripleO::Services::GnocchiMetricd: OS::Heat::None OS::TripleO::Services::GnocchiStatsd: OS::Heat::None OS::TripleO::Services::Rear: OS::Heat::None OS::TripleO::Services::Redis: OS::Heat::None OS::TripleO::Services::CinderApi: OS::Heat::None OS::TripleO::Services::CinderScheduler: OS::Heat::None OS::TripleO::Services::CinderVolume: OS::Heat::None OS::TripleO::Services::HeatApiCfn: OS::Heat::None OS::TripleO::Services::NovaApi: OS::Heat::None OS::TripleO::Services::NovaConductor: OS::Heat::None OS::TripleO::Services::NovaIronic: OS::Heat::None OS::TripleO::Services::NovaMetadata: OS::Heat::None OS::TripleO::Services::NovaScheduler: OS::Heat::None OS::TripleO::Services::PlacementApi: OS::Heat::None OS::TripleO::Services::Logging::PlacementApi: OS::Heat::None OS::TripleO::Services::GlanceApi: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None # Services we don't ever want configured. See LP#1824030 OS::TripleO::Services::Pacemaker: OS::Heat::None OS::TripleO::Services::PacemakerRemote: OS::Heat::None OS::TripleO::Services::Clustercheck: OS::Heat::None # Ensure non-pacemaker versions. See LP#1824030 # CinderVolume is set to None above and OVNdbs is currently not in the list in role_data_undercloud.yaml so # avoiding that as well until the UC switches to OVN OS::TripleO::Services::MySQL: ../deployment/database/mysql-container-puppet.yaml OS::TripleO::Services::OsloMessagingRpc: ../deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml OS::TripleO::Services::OsloMessagingNotify: ../deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml # Enable Podman on the Undercloud. # This line will drop in Stein when it becomes the default. OS::TripleO::Services::Podman: ../deployment/podman/podman-baremetal-ansible.yaml # https://bugs.launchpad.net/tripleo/+bug/1850562 OS::TripleO::Services::Rsyslog: ../deployment/logging/rsyslog-baremetal-ansible.yaml # Undercloud HA services OS::TripleO::Services::HAproxy: OS::Heat::None # Don't create OVN Chassis MAC address nets/ports on the undercloud OS::TripleO::OVNMacAddressNetwork: OS::Heat::None OS::TripleO::OVNMacAddressPort: OS::Heat::None parameter_defaults: # ensure we enable ip_forward before docker gets run KernelIpForward: 1 KernelIpNonLocalBind: 1 KeystoneCorsAllowedOrigin: '*' KeystoneEnableMember: true # Increase the Token expiration time until we fix the actual session bug: # https://bugs.launchpad.net/tripleo/+bug/1761050 TokenExpiration: 14400 EnablePackageInstall: true StackAction: CREATE NetworkDeploymentActions: ['CREATE','UPDATE'] SoftwareConfigTransport: POLL_SERVER_HEAT NeutronTunnelTypes: [] NeutronBridgeMappings: ctlplane:br-ctlplane NeutronAgentExtensions: [] NeutronFlatNetworks: '*' HeatConvergenceEngine: true HeatCorsAllowedOrigin: '*' HeatMaxNestedStackDepth: 7 HeatMaxResourcesPerStack: -1 HeatMaxJsonBodySize: 4194304 HeatReauthenticationAuthMethod: 'trusts' HeatYaqlLimitIterators: 10000 HeatYaqlMemoryQuota: 200000 # Disable non-lifecycle stack actions like # snapshot, resume, cancel update and stack check. HeatApiPolicies: heat-deny-action: key: 'actions:action' value: 'rule:deny_everybody' IronicCleaningDiskErase: 'metadata' IronicCorsAllowedOrigin: '*' IronicDefaultInspectInterface: 'inspector' IronicDefaultResourceClass: 'baremetal' IronicEnabledHardwareTypes: ['ipmi', 'redfish', 'idrac', 'ilo'] IronicEnabledBootInterfaces: ['pxe', 'ilo-pxe'] IronicEnabledConsoleInterfaces: ['ipmitool-socat', 'ilo', 'no-console'] IronicEnabledDeployInterfaces: ['iscsi', 'direct', 'ansible'] IronicEnabledInspectInterfaces: ['inspector', 'no-inspect'] IronicEnabledManagementInterfaces: ['ipmitool', 'redfish', 'idrac', 'ilo'] # NOTE(dtantsur): disabling advanced networking as it's not used (or # configured) in the undercloud IronicEnabledNetworkInterfaces: ['flat'] IronicEnabledPowerInterfaces: ['ipmitool', 'redfish', 'idrac', 'ilo'] # NOTE(dtantsur): disabling the "agent" RAID as our ramdisk does not contain # any vendor-specific RAID additions. IronicEnabledRaidInterfaces: ['no-raid'] # NOTE(dtantsur): we don't use boot-from-cinder on the undercloud IronicEnabledStorageInterfaces: ['noop'] IronicEnabledVendorInterfaces: ['ipmitool', 'idrac', 'no-vendor'] IronicEnableStagingDrivers: true IronicCleaningNetwork: 'ctlplane' IronicForcePowerStateDuringSync: false IronicInspectorCollectors: default,extra-hardware,numa-topology,logs IronicInspectorInterface: br-ctlplane # IronicInspectorSubnets: # - ip_range: '192.168.24.100,192.168.24.200' IronicProvisioningNetwork: 'ctlplane' IronicRescuingNetwork: 'ctlplane' ZaqarMessageStore: 'swift' ZaqarManagementStore: 'sqlalchemy' MistralCorsAllowedOrigin: '*' MistralExecutionFieldSizeLimit: 16384 NeutronServicePlugins: router,segments NeutronMechanismDrivers: ['openvswitch', 'baremetal'] NeutronNetworkVLANRanges: 'physnet1:1000:2999' NeutronPluginExtensions: port_security,dns_domain_ports NeutronOVSFirewallDriver: '' NeutronNetworkType: ['local','flat','vlan','gre','vxlan'] NeutronTunnelIdRanges: '20:100' NeutronTypeDrivers: ['local','flat','vlan','gre','vxlan'] NeutronVniRanges: '10:100' NeutronEnableDVR: false NeutronPortQuota: '-1' # This allows MTU > 1500 for the overcloud if local_mtu is set to 1500 # See LP#1826729 TenantNetPhysnetMtu: 0 SwiftCorsAllowedOrigin: '*' SwiftReplicas: 1 SwiftWorkers: 2 SwiftAccountWorkers: 2 SwiftContainerWorkers: 2 SwiftObjectWorkers: 2 # A list of static routes for the control plane network. Ensure traffic to # nodes on remote control plane networks use the correct network path. # Example: # ControlPlaneStaticRoutes: # - ip_netmask: 192.168.25.0/24 # next_hop: 192.168.24.1 # - ip_netmask: 192.168.26.0/24 # next_hop: 192.168.24.1 ControlPlaneStaticRoutes: [] # A dictionary of Undercloud ctlplane subnets. # NOTE(hjensas): This should be {} in this environment file, otherwise it may # results in values set here being merged with the values set in # undercloud.conf. See Bug: https://bugs.launchpad.net/tripleo/+bug/1820330 # Example: # UndercloudCtlplaneSubnets: # ctlplane-subnet: # NetworkCidr: '192.168.24.0/24' # NetworkGateway: '192.168.24.1' # DhcpRangeStart: '192.168.24.5' # DhcpRangeEnd: '192.168.24.24' # HostRoutes: # - {'destination': '10.10.10.0/24', 'nexthop': '192.168.24.254'} UndercloudCtlplaneSubnets: {} UndercloudCtlplaneLocalSubnet: 'ctlplane-subnet' UndercloudNetworkConfigTemplate: 'templates/undercloud.j2' MistralDockerGroup: true PasswordAuthentication: 'yes' HeatEngineOptVolumes: - /usr/lib/heat:/usr/lib/heat:ro MySQLServerOptions: mysqld: connect_timeout: 60 SshFirewallAllowAll: true NetworkSafeDefaults: false