0f5bc4d1b5
'fernet' is the token provider since octata. As we've memcached
in the undercloud, we should enable caching by setting
cache_backend to 'dogpile.cache.memcached'.
Change-Id: I4b040d25b2cb83f40cbd8e8caf6890feba586b60
Closes-Bug: #1832437
(cherry picked from commit e2a4d90aad
)
231 lines
12 KiB
YAML
231 lines
12 KiB
YAML
parameter_merge_strategies:
|
|
default: overwrite
|
|
UndercloudExtraConfig: deep_merge
|
|
|
|
resource_registry:
|
|
OS::TripleO::Services::Tmpwatch: ../deployment/logrotate/tmpwatch-install.yaml
|
|
OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/noop.yaml
|
|
OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml
|
|
OS::TripleO::Undercloud::Net::SoftwareConfig: ../net-config-undercloud.yaml
|
|
OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/undercloud_post.yaml
|
|
OS::TripleO::Services::DockerRegistry: ../deployment/image-serve/image-serve-baremetal-ansible.yaml
|
|
OS::TripleO::Services::ContainerImagePrepare: ../deployment/container-image-prepare/container-image-prepare-baremetal-ansible.yaml
|
|
# Allows us to control the external VIP for Undercloud SSL
|
|
OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_from_pool.yaml
|
|
|
|
OS::TripleO::Services::ComputeNeutronOvsAgent: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml
|
|
OS::TripleO::Services::NeutronMetadataAgent: ../deployment/neutron/neutron-metadata-container-puppet.yaml
|
|
OS::TripleO::Services::NeutronOvsAgent: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml
|
|
OS::TripleO::Services::NeutronDhcpAgent: ../deployment/neutron/neutron-dhcp-container-puppet.yaml
|
|
OS::TripleO::Services::NeutronL3Agent: ../deployment/neutron/neutron-l3-container-puppet.yaml
|
|
OS::TripleO::Services::NeutronCorePlugin: ../deployment/neutron/neutron-plugin-ml2-container-puppet.yaml
|
|
OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml
|
|
|
|
# We managed this in instack-undercloud, so we need to manage it here.
|
|
OS::TripleO::Services::SELinux: ../deployment/selinux/selinux-baremetal-puppet.yaml
|
|
OS::TripleO::Services::OpenStackClients: ../deployment/clients/openstack-clients-baremetal-puppet.yaml
|
|
|
|
# services we disable by default on the undercloud
|
|
OS::TripleO::Services::AodhApi: OS::Heat::None
|
|
OS::TripleO::Services::AodhEvaluator: OS::Heat::None
|
|
OS::TripleO::Services::AodhNotifier: OS::Heat::None
|
|
OS::TripleO::Services::AodhListener: OS::Heat::None
|
|
OS::TripleO::Services::CeilometerAgentCentral: OS::Heat::None
|
|
OS::TripleO::Services::CeilometerAgentNotification: OS::Heat::None
|
|
OS::TripleO::Services::CeilometerAgentIpmi: OS::Heat::None
|
|
OS::TripleO::Services::GnocchiApi: OS::Heat::None
|
|
OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
|
|
OS::TripleO::Services::GnocchiStatsd: OS::Heat::None
|
|
OS::TripleO::Services::PankoApi: OS::Heat::None
|
|
OS::TripleO::Services::Redis: OS::Heat::None
|
|
OS::TripleO::Services::CinderApi: OS::Heat::None
|
|
OS::TripleO::Services::CinderScheduler: OS::Heat::None
|
|
OS::TripleO::Services::CinderVolume: OS::Heat::None
|
|
|
|
# Services we don't ever want configured. See LP#1824030
|
|
OS::TripleO::Services::Pacemaker: OS::Heat::None
|
|
OS::TripleO::Services::PacemakerRemote: OS::Heat::None
|
|
OS::TripleO::Services::Clustercheck: OS::Heat::None
|
|
|
|
# Ensure non-pacemaker versions. See LP#1824030
|
|
# CinderVolume is set to None above and OVNdbs is currently not in the list in role_data_undercloud.yaml so
|
|
# avoiding that as well until the UC switches to OVN
|
|
OS::TripleO::Services::MySQL: ../deployment/database/mysql-container-puppet.yaml
|
|
OS::TripleO::Services::OsloMessagingRpc: ../deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml
|
|
OS::TripleO::Services::OsloMessagingNotify: ../deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml
|
|
|
|
# Enable Podman on the Undercloud.
|
|
# This line will drop in Stein when it becomes the default.
|
|
OS::TripleO::Services::Podman: ../deployment/podman/podman-baremetal-ansible.yaml
|
|
|
|
# Undercloud HA services
|
|
OS::TripleO::Services::HAproxy: OS::Heat::None
|
|
OS::TripleO::Services::Keepalived: OS::Heat::None
|
|
|
|
parameter_defaults:
|
|
# ensure we enable ip_forward before docker gets run
|
|
KernelIpForward: 1
|
|
KernelIpNonLocalBind: 1
|
|
KeystoneCorsAllowedOrigin: '*'
|
|
KeystoneEnableMember: true
|
|
# Increase the Token expiration time until we fix the actual session bug:
|
|
# https://bugs.launchpad.net/tripleo/+bug/1761050
|
|
TokenExpiration: 14400
|
|
EnablePackageInstall: true
|
|
StackAction: CREATE
|
|
SoftwareConfigTransport: POLL_SERVER_HEAT
|
|
NeutronTunnelTypes: []
|
|
NeutronBridgeMappings: ctlplane:br-ctlplane
|
|
NeutronAgentExtensions: []
|
|
NeutronFlatNetworks: '*'
|
|
NovaSchedulerAvailableFilters: 'tripleo_common.filters.list.tripleo_filters'
|
|
NovaSchedulerDefaultFilters: ['RetryFilter', 'TripleOCapabilitiesFilter', 'ComputeCapabilitiesFilter', 'AvailabilityZoneFilter', 'ComputeFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter']
|
|
NovaSchedulerMaxAttempts: 30
|
|
# Disable compute auto disabling:
|
|
# As part of Pike, nova introduced a change to have the nova-compute
|
|
# process automatically disable the nova-compute instance in the case of
|
|
# consecutive build failures. This can lead to odd errors when deploying
|
|
# the ironic nodes on the undercloud as you end up with a ComputeFilter
|
|
# error. This parameter disables this functionality for the undercloud since
|
|
# we do not want the nova-compute instance running on the undercloud for
|
|
# Ironic to be disabled in the case of multiple deployment failures.
|
|
NovaAutoDisabling: '0'
|
|
NovaCorsAllowedOrigin: '*'
|
|
NovaSyncPowerStateInterval: -1
|
|
NeutronDhcpAgentsPerNetwork: 2
|
|
HeatConvergenceEngine: true
|
|
HeatCorsAllowedOrigin: '*'
|
|
HeatMaxNestedStackDepth: 7
|
|
HeatMaxResourcesPerStack: -1
|
|
HeatMaxJsonBodySize: 4194304
|
|
HeatReauthenticationAuthMethod: 'trusts'
|
|
HeatYaqlLimitIterators: 10000
|
|
# Disable non-lifecycle stack actions like
|
|
# snapshot, resume, cancel update and stack check.
|
|
HeatApiPolicies:
|
|
heat-deny-action:
|
|
key: 'actions:action'
|
|
value: 'rule:deny_everybody'
|
|
IronicCleaningDiskErase: 'metadata'
|
|
IronicCorsAllowedOrigin: '*'
|
|
IronicDefaultInspectInterface: 'inspector'
|
|
IronicDefaultResourceClass: 'baremetal'
|
|
IronicEnabledHardwareTypes: ['ipmi', 'redfish', 'idrac', 'ilo']
|
|
IronicEnabledBootInterfaces: ['pxe', 'ilo-pxe']
|
|
IronicEnabledConsoleInterfaces: ['ipmitool-socat', 'ilo', 'no-console']
|
|
IronicEnabledDeployInterfaces: ['iscsi', 'direct', 'ansible']
|
|
IronicEnabledInspectInterfaces: ['inspector', 'no-inspect']
|
|
IronicEnabledManagementInterfaces: ['ipmitool', 'redfish', 'idrac', 'ilo']
|
|
# NOTE(dtantsur): disabling advanced networking as it's not used (or
|
|
# configured) in the undercloud
|
|
IronicEnabledNetworkInterfaces: ['flat']
|
|
IronicEnabledPowerInterfaces: ['ipmitool', 'redfish', 'idrac', 'ilo']
|
|
# NOTE(dtantsur): disabling the "agent" RAID as our ramdisk does not contain
|
|
# any vendor-specific RAID additions.
|
|
IronicEnabledRaidInterfaces: ['no-raid']
|
|
# NOTE(dtantsur): we don't use boot-from-cinder on the undercloud
|
|
IronicEnabledStorageInterfaces: ['noop']
|
|
IronicEnabledVendorInterfaces: ['ipmitool', 'idrac', 'no-vendor']
|
|
IronicEnableStagingDrivers: true
|
|
IronicCleaningNetwork: 'ctlplane'
|
|
IronicForcePowerStateDuringSync: false
|
|
IronicInspectorCollectors: default,extra-hardware,numa-topology,logs
|
|
IronicInspectorInterface: br-ctlplane
|
|
# IronicInspectorSubnets:
|
|
# - ip_range: '192.168.24.100,192.168.24.200'
|
|
IronicProvisioningNetwork: 'ctlplane'
|
|
IronicRescuingNetwork: 'ctlplane'
|
|
ZaqarMessageStore: 'swift'
|
|
ZaqarManagementStore: 'sqlalchemy'
|
|
MistralCorsAllowedOrigin: '*'
|
|
MistralExecutionFieldSizeLimit: 16384
|
|
MistralExecutorVolumes:
|
|
- /var/lib/config-data/nova/etc/nova:/etc/nova:ro
|
|
NeutronServicePlugins: router,segments
|
|
NeutronMechanismDrivers: ['openvswitch', 'baremetal']
|
|
NeutronNetworkVLANRanges: 'physnet1:1000:2999'
|
|
NeutronPluginExtensions: 'port_security'
|
|
NeutronFirewallDriver: ''
|
|
NeutronNetworkType: ['local','flat','vlan','gre','vxlan']
|
|
NeutronTunnelIdRanges: '20:100'
|
|
NeutronTypeDrivers: ['local','flat','vlan','gre','vxlan']
|
|
NeutronVniRanges: '10:100'
|
|
NeutronEnableDVR: false
|
|
NeutronPortQuota: '-1'
|
|
# This allows MTU > 1500 for the overcloud if local_mtu is set to 1500
|
|
# See LP#1826729
|
|
TenantNetPhysnetMtu: 0
|
|
SwiftCorsAllowedOrigin: '*'
|
|
SwiftReplicas: 1
|
|
SwiftWorkers: 2
|
|
SwiftAccountWorkers: 2
|
|
SwiftContainerWorkers: 2
|
|
SwiftObjectWorkers: 2
|
|
# A list of static routes for the control plane network. Ensure traffic to
|
|
# nodes on remote control plane networks use the correct network path.
|
|
# Example:
|
|
# ControlPlaneStaticRoutes:
|
|
# - ip_netmask: 192.168.25.0/24
|
|
# next_hop: 192.168.24.1
|
|
# - ip_netmask: 192.168.26.0/24
|
|
# next_hop: 192.168.24.1
|
|
ControlPlaneStaticRoutes: []
|
|
# A dictionary of Undercloud ctlplane subnets.
|
|
# NOTE(hjensas): This should be {} in this environment file, otherwise it may
|
|
# results in values set here being merged with the values set in
|
|
# undercloud.conf. See Bug: https://bugs.launchpad.net/tripleo/+bug/1820330
|
|
# Example:
|
|
# UndercloudCtlplaneSubnets:
|
|
# ctlplane-subnet:
|
|
# NetworkCidr: '192.168.24.0/24'
|
|
# NetworkGateway: '192.168.24.1'
|
|
# DhcpRangeStart: '192.168.24.5'
|
|
# DhcpRangeEnd: '192.168.24.24'
|
|
# HostRoutes:
|
|
# - {'destination': '10.10.10.0/24', 'nexthop': '192.168.24.254'}
|
|
UndercloudCtlplaneSubnets: {}
|
|
UndercloudCtlplaneLocalSubnet: 'ctlplane-subnet'
|
|
MistralDockerGroup: true
|
|
PasswordAuthentication: 'yes'
|
|
HeatEngineOptVolumes:
|
|
- /usr/lib/heat:/usr/lib/heat:ro
|
|
MySQLServerOptions:
|
|
mysqld:
|
|
connect_timeout: 60
|
|
NeutronMetadataProxySharedSecret: ''
|
|
MetadataNATRule: true
|
|
# TODO(emilien) Remove when Keepalived 2.0.6 is out
|
|
# https://bugs.launchpad.net/tripleo/+bug/1791238
|
|
KeepalivedRestart: true
|
|
SshFirewallAllowAll: true
|
|
UndercloudExtraConfig:
|
|
aodh::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
barbican::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
ceilometer::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
cinder::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
congress::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
ec2api::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
glance::api::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
gnocchi::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
heat::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
heat::cache::memcache_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
horizon::cache_server_ip: "%{hiera('memcached::listen_ip')}:11211"
|
|
ironic::api::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
ironic::inspector::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
keystone::cache_memcache_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
keystone::cache_backend: "dogpile.cache.memcached"
|
|
manila::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
manila::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
mistral::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
neutron::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
nova::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
nova::cache::memcache_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
nova::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
panko::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
sahara::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
swift::proxy::authtoken::memcache_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
swift::proxy::cache::memcache_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
tacker::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
zaqar::keystone::authtoken::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|
|
swift::objectexpirer::memcached_servers: "%{hiera('memcached::listen_ip')}:11211"
|