2016-08-08 16:48:11 +00:00
|
|
|
---
|
2017-01-22 10:06:06 +08:00
|
|
|
barbican_services:
|
|
|
|
barbican-api:
|
|
|
|
container_name: barbican_api
|
|
|
|
group: barbican-api
|
|
|
|
enabled: true
|
|
|
|
image: "{{ barbican_api_image_full }}"
|
2019-04-09 16:55:20 +08:00
|
|
|
volumes: "{{ barbican_api_default_volumes + barbican_api_extra_volumes }}"
|
2018-07-13 19:17:53 +05:30
|
|
|
dimensions: "{{ barbican_api_dimensions }}"
|
2020-12-02 22:04:13 +08:00
|
|
|
healthcheck: "{{ barbican_api_healthcheck }}"
|
2018-06-19 00:43:35 -05:00
|
|
|
haproxy:
|
|
|
|
barbican_api:
|
|
|
|
enabled: "{{ enable_barbican }}"
|
|
|
|
mode: "http"
|
|
|
|
external: false
|
|
|
|
port: "{{ barbican_api_port }}"
|
2018-12-27 14:10:26 -05:00
|
|
|
listen_port: "{{ barbican_api_listen_port }}"
|
2020-05-07 15:49:56 -07:00
|
|
|
tls_backend: "{{ barbican_enable_tls_backend }}"
|
2018-06-19 00:43:35 -05:00
|
|
|
barbican_api_external:
|
|
|
|
enabled: "{{ enable_barbican }}"
|
|
|
|
mode: "http"
|
|
|
|
external: true
|
|
|
|
port: "{{ barbican_api_port }}"
|
2018-12-27 14:10:26 -05:00
|
|
|
listen_port: "{{ barbican_api_listen_port }}"
|
2020-05-07 15:49:56 -07:00
|
|
|
tls_backend: "{{ barbican_enable_tls_backend }}"
|
2017-01-22 10:06:06 +08:00
|
|
|
barbican-keystone-listener:
|
|
|
|
container_name: barbican_keystone_listener
|
|
|
|
group: barbican-keystone-listener
|
|
|
|
enabled: true
|
|
|
|
image: "{{ barbican_keystone_listener_image_full }}"
|
2019-04-09 16:55:20 +08:00
|
|
|
volumes: "{{ barbican_keystone_listener_default_volumes + barbican_keystone_listener_extra_volumes }}"
|
2018-07-13 19:17:53 +05:30
|
|
|
dimensions: "{{ barbican_keystone_listener_dimensions }}"
|
2020-12-02 22:04:13 +08:00
|
|
|
healthcheck: "{{ barbican_keystone_listener_healthcheck }}"
|
2017-01-22 10:06:06 +08:00
|
|
|
barbican-worker:
|
|
|
|
container_name: barbican_worker
|
|
|
|
group: barbican-worker
|
|
|
|
enabled: true
|
|
|
|
image: "{{ barbican_worker_image_full }}"
|
2019-04-09 16:55:20 +08:00
|
|
|
volumes: "{{ barbican_worker_default_volumes + barbican_worker_extra_volumes }}"
|
2018-07-13 19:17:53 +05:30
|
|
|
dimensions: "{{ barbican_worker_dimensions }}"
|
2020-12-02 22:04:13 +08:00
|
|
|
healthcheck: "{{ barbican_worker_healthcheck }}"
|
2018-04-12 23:37:37 +08:00
|
|
|
|
2022-11-15 13:46:53 +00:00
|
|
|
####################
|
|
|
|
# Config Validate
|
|
|
|
####################
|
|
|
|
barbican_config_validation:
|
|
|
|
- generator: "/barbican/etc/oslo-config-generator/barbican.conf"
|
|
|
|
config: "/etc/barbican/barbican.conf"
|
2016-08-08 16:48:11 +00:00
|
|
|
|
|
|
|
####################
|
|
|
|
# Database
|
|
|
|
####################
|
|
|
|
barbican_database_name: "barbican"
|
2018-01-14 20:16:43 +02:00
|
|
|
barbican_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}barbican{% endif %}"
|
2019-09-11 20:47:00 +02:00
|
|
|
barbican_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
|
2016-08-08 16:48:11 +00:00
|
|
|
|
2021-01-10 19:51:55 +00:00
|
|
|
####################
|
|
|
|
# Database sharding
|
|
|
|
####################
|
|
|
|
barbican_database_shard_root_user: "{% if enable_proxysql | bool %}root_shard_{{ barbican_database_shard_id }}{% else %}{{ database_user }}{% endif %}"
|
|
|
|
barbican_database_shard_id: "{{ mariadb_default_database_shard_id | int }}"
|
|
|
|
barbican_database_shard:
|
|
|
|
users:
|
|
|
|
- user: "{{ barbican_database_user }}"
|
|
|
|
password: "{{ barbican_database_password }}"
|
|
|
|
rules:
|
|
|
|
- schema: "{{ barbican_database_name }}"
|
|
|
|
shard_id: "{{ barbican_database_shard_id }}"
|
|
|
|
|
2016-08-08 16:48:11 +00:00
|
|
|
|
|
|
|
####################
|
|
|
|
# Docker
|
|
|
|
####################
|
2020-01-09 17:03:28 +00:00
|
|
|
barbican_tag: "{{ openstack_tag }}"
|
2017-05-22 17:04:56 +07:00
|
|
|
|
2022-05-20 15:15:40 +02:00
|
|
|
barbican_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/barbican-api"
|
2017-05-22 17:04:56 +07:00
|
|
|
barbican_api_tag: "{{ barbican_tag }}"
|
2016-08-08 16:48:11 +00:00
|
|
|
barbican_api_image_full: "{{ barbican_api_image }}:{{ barbican_api_tag }}"
|
|
|
|
|
2022-05-20 15:15:40 +02:00
|
|
|
barbican_keystone_listener_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/barbican-keystone-listener"
|
2017-05-22 17:04:56 +07:00
|
|
|
barbican_keystone_listener_tag: "{{ barbican_tag }}"
|
2016-08-08 16:48:11 +00:00
|
|
|
barbican_keystone_listener_image_full: "{{ barbican_keystone_listener_image }}:{{ barbican_keystone_listener_tag }}"
|
|
|
|
|
2022-05-20 15:15:40 +02:00
|
|
|
barbican_worker_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/barbican-worker"
|
2017-05-22 17:04:56 +07:00
|
|
|
barbican_worker_tag: "{{ barbican_tag }}"
|
2016-08-08 16:48:11 +00:00
|
|
|
barbican_worker_image_full: "{{ barbican_worker_image }}:{{ barbican_worker_tag }}"
|
|
|
|
|
2018-07-13 19:17:53 +05:30
|
|
|
barbican_api_dimensions: "{{ default_container_dimensions }}"
|
|
|
|
barbican_keystone_listener_dimensions: "{{ default_container_dimensions }}"
|
|
|
|
barbican_worker_dimensions: "{{ default_container_dimensions }}"
|
2016-08-08 16:48:11 +00:00
|
|
|
|
2020-12-02 22:04:13 +08:00
|
|
|
barbican_api_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
|
|
barbican_api_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
|
|
barbican_api_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
|
|
barbican_api_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
2022-09-21 09:09:32 +00:00
|
|
|
barbican_api_healthcheck_test: ["CMD-SHELL", "healthcheck_curl {{ 'https' if barbican_enable_tls_backend | bool else 'http' }}://{{ api_interface_address | put_address_in_context('url') }}:{{ barbican_api_listen_port }}"]
|
2020-12-02 22:04:13 +08:00
|
|
|
barbican_api_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
|
|
barbican_api_healthcheck:
|
|
|
|
interval: "{{ barbican_api_healthcheck_interval }}"
|
|
|
|
retries: "{{ barbican_api_healthcheck_retries }}"
|
|
|
|
start_period: "{{ barbican_api_healthcheck_start_period }}"
|
|
|
|
test: "{% if barbican_api_enable_healthchecks | bool %}{{ barbican_api_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
|
|
timeout: "{{ barbican_api_healthcheck_timeout }}"
|
|
|
|
|
|
|
|
barbican_keystone_listener_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
|
|
barbican_keystone_listener_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
|
|
barbican_keystone_listener_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
|
|
barbican_keystone_listener_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
|
|
barbican_keystone_listener_healthcheck_test: ["CMD-SHELL", "healthcheck_port barbican-keystone-listener {{ om_rpc_port }}"]
|
|
|
|
barbican_keystone_listener_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
|
|
barbican_keystone_listener_healthcheck:
|
|
|
|
interval: "{{ barbican_keystone_listener_healthcheck_interval }}"
|
|
|
|
retries: "{{ barbican_keystone_listener_healthcheck_retries }}"
|
|
|
|
start_period: "{{ barbican_keystone_listener_healthcheck_start_period }}"
|
|
|
|
test: "{% if barbican_keystone_listener_enable_healthchecks | bool %}{{ barbican_keystone_listener_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
|
|
timeout: "{{ barbican_keystone_listener_healthcheck_timeout }}"
|
|
|
|
|
|
|
|
barbican_worker_enable_healthchecks: "{{ enable_container_healthchecks }}"
|
|
|
|
barbican_worker_healthcheck_interval: "{{ default_container_healthcheck_interval }}"
|
|
|
|
barbican_worker_healthcheck_retries: "{{ default_container_healthcheck_retries }}"
|
|
|
|
barbican_worker_healthcheck_start_period: "{{ default_container_healthcheck_start_period }}"
|
|
|
|
barbican_worker_healthcheck_test: ["CMD-SHELL", "healthcheck_port barbican-worker {{ om_rpc_port }}"]
|
|
|
|
barbican_worker_healthcheck_timeout: "{{ default_container_healthcheck_timeout }}"
|
|
|
|
barbican_worker_healthcheck:
|
|
|
|
interval: "{{ barbican_worker_healthcheck_interval }}"
|
|
|
|
retries: "{{ barbican_worker_healthcheck_retries }}"
|
|
|
|
start_period: "{{ barbican_worker_healthcheck_start_period }}"
|
|
|
|
test: "{% if barbican_worker_enable_healthchecks | bool %}{{ barbican_worker_healthcheck_test }}{% else %}NONE{% endif %}"
|
|
|
|
timeout: "{{ barbican_worker_healthcheck_timeout }}"
|
|
|
|
|
2019-04-09 16:55:20 +08:00
|
|
|
barbican_api_default_volumes:
|
|
|
|
- "{{ node_config_directory }}/barbican-api/:{{ container_config_directory }}/:ro"
|
|
|
|
- "/etc/localtime:/etc/localtime:ro"
|
2021-05-13 12:21:11 +01:00
|
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
2019-04-09 16:55:20 +08:00
|
|
|
- "barbican:/var/lib/barbican/"
|
|
|
|
- "kolla_logs:/var/log/kolla/"
|
2020-01-30 14:00:34 +00:00
|
|
|
- "{{ kolla_dev_repos_directory ~ '/barbican/barbican:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/barbican' if barbican_dev_mode | bool else '' }}"
|
2019-04-09 16:55:20 +08:00
|
|
|
barbican_keystone_listener_default_volumes:
|
|
|
|
- "{{ node_config_directory }}/barbican-keystone-listener/:{{ container_config_directory }}/:ro"
|
|
|
|
- "/etc/localtime:/etc/localtime:ro"
|
2021-05-13 12:21:11 +01:00
|
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
2019-04-09 16:55:20 +08:00
|
|
|
- "kolla_logs:/var/log/kolla/"
|
2020-01-30 14:00:34 +00:00
|
|
|
- "{{ kolla_dev_repos_directory ~ '/barbican/barbican:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/barbican' if barbican_dev_mode | bool else '' }}"
|
2019-04-09 16:55:20 +08:00
|
|
|
barbican_worker_default_volumes:
|
|
|
|
- "{{ node_config_directory }}/barbican-worker/:{{ container_config_directory }}/:ro"
|
|
|
|
- "/etc/localtime:/etc/localtime:ro"
|
2021-05-13 12:21:11 +01:00
|
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if ansible_facts.os_family == 'Debian' else '' }}"
|
2019-04-09 16:55:20 +08:00
|
|
|
- "kolla_logs:/var/log/kolla/"
|
2020-01-30 14:00:34 +00:00
|
|
|
- "{{ kolla_dev_repos_directory ~ '/barbican/barbican:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/barbican' if barbican_dev_mode | bool else '' }}"
|
2019-04-09 16:55:20 +08:00
|
|
|
|
|
|
|
barbican_extra_volumes: "{{ default_extra_volumes }}"
|
|
|
|
barbican_api_extra_volumes: "{{ barbican_extra_volumes }}"
|
|
|
|
barbican_keystone_listener_extra_volumes: "{{ barbican_extra_volumes }}"
|
|
|
|
barbican_worker_extra_volumes: "{{ barbican_extra_volumes }}"
|
|
|
|
|
2016-08-08 16:48:11 +00:00
|
|
|
####################
|
|
|
|
# OpenStack
|
|
|
|
####################
|
|
|
|
barbican_logging_debug: "{{ openstack_logging_debug }}"
|
|
|
|
|
|
|
|
barbican_keystone_user: "barbican"
|
2017-01-19 14:05:20 +00:00
|
|
|
barbican_keymanager_role: "key-manager:service-admin"
|
|
|
|
barbican_creator_role: "creator"
|
|
|
|
barbican_observer_role: "observer"
|
|
|
|
barbican_audit_role: "audit"
|
2016-08-08 16:48:11 +00:00
|
|
|
|
2016-12-30 15:57:07 +08:00
|
|
|
openstack_barbican_auth: "{{ openstack_auth }}"
|
2018-04-12 23:37:37 +08:00
|
|
|
|
2021-10-08 15:43:02 +02:00
|
|
|
barbican_api_workers: "{{ openstack_service_workers }}"
|
2018-04-12 23:37:37 +08:00
|
|
|
|
|
|
|
####################
|
|
|
|
# Kolla
|
|
|
|
####################
|
|
|
|
barbican_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
|
|
|
|
barbican_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
|
|
|
|
barbican_dev_mode: "{{ kolla_dev_mode }}"
|
2018-07-20 10:00:37 +08:00
|
|
|
barbican_source_version: "{{ kolla_source_version }}"
|
2018-07-31 19:24:02 +01:00
|
|
|
|
|
|
|
####################
|
|
|
|
# Keystone
|
|
|
|
####################
|
|
|
|
barbican_ks_services:
|
|
|
|
- name: "barbican"
|
|
|
|
type: "key-manager"
|
|
|
|
description: "Barbican Key Management Service"
|
|
|
|
endpoints:
|
|
|
|
- {'interface': 'internal', 'url': '{{ barbican_internal_endpoint }}'}
|
|
|
|
- {'interface': 'public', 'url': '{{ barbican_public_endpoint }}'}
|
|
|
|
|
|
|
|
barbican_ks_users:
|
|
|
|
- project: "service"
|
|
|
|
user: "{{ barbican_keystone_user }}"
|
|
|
|
password: "{{ barbican_keystone_password }}"
|
|
|
|
role: "admin"
|
2019-09-20 15:20:19 +01:00
|
|
|
|
|
|
|
barbican_ks_roles:
|
|
|
|
- "{{ barbican_keymanager_role }}"
|
|
|
|
- "{{ barbican_creator_role }}"
|
|
|
|
- "{{ barbican_observer_role }}"
|
|
|
|
- "{{ barbican_audit_role }}"
|
2020-05-07 15:49:56 -07:00
|
|
|
|
2020-07-02 22:48:31 +08:00
|
|
|
####################
|
|
|
|
# Notification
|
|
|
|
####################
|
|
|
|
barbican_notification_topics:
|
|
|
|
- name: notifications
|
2020-11-28 15:52:39 -06:00
|
|
|
enabled: "{{ enable_ceilometer | bool }}"
|
2020-07-02 22:48:31 +08:00
|
|
|
|
|
|
|
barbican_enabled_notification_topics: "{{ barbican_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
|
|
|
|
|
2020-05-07 15:49:56 -07:00
|
|
|
####################
|
|
|
|
# TLS
|
|
|
|
####################
|
|
|
|
barbican_enable_tls_backend: "{{ kolla_enable_tls_backend }}"
|