--- # The options in this file can be overridden in 'globals.yml' # The "temp" files that are created before merge need to stay persistent due # to the fact that ansible will register a "change" if it has to create them # again. Persistent files allow for idempotency container_config_directory: "/var/lib/kolla/config_files" # The directory to merge custom config files the kolla's config files node_custom_config: "/etc/kolla/config" # The project to generate configuration files for project: "" # The directory to store the config files on the destination node node_config_directory: "/etc/kolla/{{ project }}" # The group which own node_config_directory, you can use a non-root # user to deploy kolla config_owner_user: "root" config_owner_group: "root" ################### # Kolla options ################### # Valid options are [ COPY_ONCE, COPY_ALWAYS ] config_strategy: "COPY_ALWAYS" # Valid options are [ centos, oraclelinux, ubuntu ] kolla_base_distro: "centos" # Valid options are [ binary, source ] kolla_install_type: "binary" kolla_internal_vip_address: "{{ kolla_internal_address }}" kolla_internal_fqdn: "{{ kolla_internal_vip_address }}" kolla_external_vip_address: "{{ kolla_internal_vip_address }}" kolla_external_fqdn: "{{ kolla_internal_fqdn if kolla_external_vip_address == kolla_internal_vip_address else kolla_external_vip_address }}" kolla_enable_sanity_checks: "no" kolla_enable_sanity_barbican: "{{ kolla_enable_sanity_checks }}" kolla_enable_sanity_keystone: "{{ kolla_enable_sanity_checks }}" kolla_enable_sanity_glance: "{{ kolla_enable_sanity_checks }}" kolla_enable_sanity_cinder: "{{ kolla_enable_sanity_checks }}" kolla_enable_sanity_swift: "{{ kolla_enable_sanity_checks }}" kolla_dev_repos_directory: "/opt/stack/" kolla_dev_repos_git: "https://git.openstack.org/openstack" kolla_dev_repos_pull: "no" kolla_dev_mode: "no" # Proxy settings for containers such as magnum that need internet access container_http_proxy: "" container_https_proxy: "" container_no_proxy: "localhost,127.0.0.1" container_proxy: http_proxy: "{{ container_http_proxy }}" https_proxy: "{{ container_https_proxy }}" no_proxy: "{{ container_no_proxy }},{{ api_interface_address }},{{ kolla_internal_vip_address }}" #################### # kolla-kubernetes #################### # By default, Kolla API services bind to the network address assigned # to the api_interface. Allow the bind address to be an override. api_interface_address: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}" ################ # Chrony options ################ # A list contains ntp servers external_ntp_servers: - 0.pool.ntp.org - 1.pool.ntp.org - 2.pool.ntp.org - 3.pool.ntp.org #################### # Database options #################### database_address: "{{ kolla_internal_fqdn }}" database_user: "root" database_port: "3306" #################### # Docker options #################### docker_registry_email: docker_registry: docker_namespace: "kolla" docker_registry_username: # Valid options are [ never, on-failure, always, unless-stopped ] docker_restart_policy: "unless-stopped" # '0' means unlimited retries docker_restart_policy_retry: "10" # Common options used throughout Docker docker_common_options: auth_email: "{{ docker_registry_email }}" auth_password: "{{ docker_registry_password }}" auth_registry: "{{ docker_registry }}" auth_username: "{{ docker_registry_username }}" environment: KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" restart_policy: "{{ docker_restart_policy }}" restart_retries: "{{ docker_restart_policy_retry }}" #################### # keepalived options #################### # Arbitrary unique number from 0..255 keepalived_virtual_router_id: "51" ####################### # Elasticsearch Options ####################### es_heap_size: "1G" #################### # Networking options #################### network_interface: "eth0" neutron_external_interface: "eth1" kolla_external_vip_interface: "{{ network_interface }}" api_interface: "{{ network_interface }}" storage_interface: "{{ network_interface }}" cluster_interface: "{{ network_interface }}" tunnel_interface: "{{ network_interface }}" bifrost_network_interface: "{{ network_interface }}" dns_interface: "{{ network_interface }}" tunnel_interface_address: "{{ hostvars[inventory_hostname]['ansible_' + tunnel_interface]['ipv4']['address'] }}" # Valid options are [ openvswitch, linuxbridge, vmware_nsxv, vmware_dvs, opendaylight ] neutron_plugin_agent: "openvswitch" # The default ports used by each service. # The list should be in alphabetical order aodh_api_port: "8042" barbican_api_port: "9311" cinder_api_port: "8776" congress_api_port: "1789" cloudkitty_api_port: "8889" collectd_udp_port: "25826" designate_api_port: "9001" designate_bind_port: "53" designate_mdns_port: "5354" designate_rndc_port: "953" elasticsearch_port: "9200" etcd_client_port: "2379" etcd_peer_port: "2380" fluentd_syslog_port: "5140" freezer_api_port: "9090" glance_api_port: "9292" glance_registry_port: "9191" gnocchi_api_port: "8041" grafana_server_port: "3000" haproxy_stats_port: "1984" heat_api_port: "8004" heat_api_cfn_port: "8000" horizon_port: "80" influxdb_admin_port: "8083" influxdb_http_port: "8086" ironic_api_port: "6385" ironic_inspector_port: "5050" iscsi_port: "3260" karbor_api_port: "8799" keystone_public_port: "5000" keystone_admin_port: "35357" keystone_ssh_port: "8023" kibana_server_port: "5601" kuryr_port: "23750" magnum_api_port: "9511" manila_api_port: "8786" mariadb_port: "{{ database_port }}" mariadb_wsrep_port: "4567" mariadb_ist_port: "4568" mariadb_sst_port: "4444" memcached_port: "11211" mistral_api_port: "8989" mongodb_port: "27017" mongodb_web_port: "28017" murano_api_port: "8082" neutron_server_port: "9696" nova_api_port: "8774" nova_metadata_port: "8775" nova_novncproxy_port: "6080" nova_spicehtml5proxy_port: "6082" nova_serialproxy_port: "6083" octavia_api_port: "9876" octavia_health_manager_port: "5555" outward_rabbitmq_port: "5674" outward_rabbitmq_management_port: "15674" outward_rabbitmq_cluster_port: "25674" outward_rabbitmq_epmd_port: "4371" ovsdb_port: "6640" panko_api_port: "8977" placement_api_port: "8780" qdrouterd_port: "15676" rabbitmq_port: "5672" rabbitmq_management_port: "15672" rabbitmq_cluster_port: "25672" rabbitmq_epmd_port: "4369" redis_port: "6379" redis_sentinel_port: "26379" rdp_port: "8001" rgw_port: "6780" sahara_api_port: "8386" searchlight_api_port: "9393" senlin_api_port: "8778" skydive_analyzer_port: "8085" skydive_agents_port: "8090" solum_application_deployment_port: "9777" solum_image_builder_port: "9778" swift_proxy_server_port: "8080" swift_object_server_port: "6000" swift_account_server_port: "6001" swift_container_server_port: "6002" swift_rsync_port: "10873" syslog_udp_port: "{{ fluentd_syslog_port }}" tacker_server_port: "9890" trove_api_port: "8779" watcher_api_port: "9322" zun_api_port: "9517" opendaylight_clustering_port: "2550" opendaylight_restconf_port: "8087" opendaylight_restconf_port_backup: "8182" opendaylight_haproxy_restconf_port: "8088" opendaylight_haproxy_restconf_port_backup: "8183" opendaylight_jetty_conf_port: "8543" opendaylight_jetty_conf2_port: "8443" opendaylight_tomcat_port: "8282" opendaylight_tomcat_redirect_port: "8663" opendaylight_karaf_ssh_port: "8101" opendaylight_openflow_port: "6653" opendaylight_ovsdb_port: "6641" opendaylight_haproxy_ovsdb_port: "6642" public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}" internal_protocol: "http" admin_protocol: "http" #################### # OpenStack options #################### openstack_release: "auto" openstack_logging_debug: "False" openstack_region_name: "RegionOne" # In the context of multi-regions, list here the name of all your regions. multiple_regions_names: - "{{ openstack_region_name }}" openstack_service_workers: "{{ [ansible_processor_vcpus, 5]|min }}" openstack_service_rpc_workers: "{{ [ansible_processor_vcpus, 3]|min }}" # Optionally allow Kolla to set sysctl values set_sysctl: "yes" # Valid options are [ novnc, spice ] nova_console: "novnc" # OpenStack authentication string. You should only need to override these if you # are changing the admin tenant/project or user. openstack_auth: auth_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}" username: "admin" password: "{{ keystone_admin_password }}" project_name: "admin" domain_name: "default" # Endpoint type used to connect with OpenStack services with ansible modules. # Valid options are [ public, internal, admin ] openstack_interface: "admin" # These roles are required for Kolla to be operation, however a savvy deployer # could disable some of these required roles and run their own services. enable_glance: "yes" enable_haproxy: "yes" enable_keystone: "yes" enable_mariadb: "yes" enable_memcached: "yes" enable_neutron: "yes" enable_nova: "yes" enable_rabbitmq: "yes" enable_outward_rabbitmq: "{{ enable_murano | bool }}" # Additional optional OpenStack features and services are specified here enable_aodh: "no" enable_barbican: "no" enable_cadf_notifications: "no" enable_ceilometer: "no" enable_central_logging: "no" enable_ceph: "no" enable_ceph_rgw: "no" enable_chrony: "no" enable_cinder: "no" enable_cinder_backup: "yes" enable_cinder_backend_hnas_iscsi: "no" enable_cinder_backend_hnas_nfs: "no" enable_cinder_backend_iscsi: "{{ enable_cinder_backend_lvm | bool or enable_cinder_backend_hnas_iscsi | bool or enable_cinder_backend_zfssa_iscsi | bool }}" enable_cinder_backend_lvm: "no" enable_cinder_backend_nfs: "no" enable_cinder_backend_zfssa_iscsi: "no" enable_cloudkitty: "no" enable_congress: "no" enable_designate: "no" enable_etcd: "no" enable_fluentd: "yes" enable_freezer: "no" enable_gnocchi: "no" enable_grafana: "no" enable_heat: "yes" enable_horizon: "yes" enable_horizon_cloudkitty: "{{ enable_cloudkitty | bool }}" enable_horizon_designate: "{{ enable_designate | bool }}" enable_horizon_fwaas: "{{ enable_neutron_fwaas | bool }}" enable_horizon_freezer: "{{ enable_freezer | bool }}" enable_horizon_ironic: "{{ enable_ironic | bool }}" enable_horizon_karbor: "{{ enable_karbor | bool }}" enable_horizon_magnum: "{{ enable_magnum | bool }}" enable_horizon_manila: "{{ enable_manila | bool }}" enable_horizon_mistral: "{{ enable_mistral | bool }}" enable_horizon_murano: "{{ enable_murano | bool }}" enable_horizon_neutron_lbaas: "{{ enable_neutron_lbaas | bool }}" enable_horizon_sahara: "{{ enable_sahara | bool }}" enable_horizon_searchlight: "{{ enable_searchlight | bool }}" enable_horizon_senlin: "{{ enable_senlin | bool }}" enable_horizon_solum: "{{ enable_solum | bool }}" enable_horizon_tacker: "{{ enable_tacker | bool }}" enable_horizon_trove: "{{ enable_trove | bool }}" enable_horizon_watcher: "{{ enable_watcher | bool }}" enable_horizon_zun: "{{ enable_zun | bool }}" enable_hyperv: "no" enable_influxdb: "no" enable_ironic: "no" enable_iscsid: "{{ enable_cinder_backend_iscsi | bool or enable_ironic | bool }}" enable_karbor: "no" enable_kuryr: "no" enable_magnum: "no" enable_manila: "no" enable_manila_backend_generic: "no" enable_manila_backend_hnas: "no" enable_mistral: "no" enable_mongodb: "no" enable_multipathd: "no" enable_murano: "no" enable_neutron_vpnaas: "no" enable_neutron_dvr: "no" enable_neutron_lbaas: "no" enable_neutron_fwaas: "no" enable_neutron_qos: "no" enable_neutron_agent_ha: "no" enable_neutron_bgp_dragent: "no" enable_neutron_provider_networks: "no" enable_neutron_segments: "no" enable_neutron_sfc: "no" enable_nova_serialconsole_proxy: "no" enable_octavia: "no" enable_opendaylight: "no" enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' | bool }}" enable_ovs_dpdk: "no" enable_osprofiler: "no" enable_panko: "no" enable_qdrouterd: "no" enable_rally: "no" enable_redis: "no" enable_sahara: "no" enable_searchlight: "no" enable_senlin: "no" enable_skydive: "no" enable_solum: "no" enable_swift: "no" enable_tacker: "no" enable_telegraf: "no" enable_tempest: "no" enable_trove: "no" enable_vmtp: "no" enable_watcher: "no" enable_zun: "no" designate_keystone_user: "designate" ironic_keystone_user: "ironic" neutron_keystone_user: "neutron" nova_keystone_user: "nova" placement_keystone_user: "placement" # Nova fake driver and the number of fake driver per compute node enable_nova_fake: "no" num_nova_fake_per_node: 5 # Monitoring options are specified here enable_collectd: "no" # Clean images options are specified here enable_destroy_images: "no" #################### # Logging options #################### elasticsearch_address: "{{ kolla_internal_vip_address }}" enable_elasticsearch: "{{ 'yes' if enable_central_logging | bool or enable_freezer | bool or enable_osprofiler | bool or enable_skydive | bool else 'no' }}" enable_kibana: "{{ 'yes' if enable_central_logging | bool else 'no' }}" #################### # RabbitMQ options #################### rabbitmq_hipe_compile: "no" rabbitmq_user: "openstack" rabbitmq_version: "rabbitmq_server-3.6/plugins/rabbitmq_clusterer-3.6.x.ez/rabbitmq_clusterer-3.6.x-667f92b0/ebin" outward_rabbitmq_user: "openstack" #################### # Qdrouterd options #################### qdrouterd_user: "openstack" #################### # HAProxy options #################### haproxy_user: "openstack" haproxy_enable_external_vip: "{{ 'no' if kolla_external_vip_address == kolla_internal_vip_address else 'yes' }}" kolla_enable_tls_external: "no" kolla_external_fqdn_cert: "{{ node_config_directory }}/certificates/haproxy.pem" kolla_external_fqdn_cacert: "{{ node_config_directory }}/certificates/haproxy-ca.crt" #################### # Kibana options #################### kibana_user: "kibana" kibana_log_prefix: "flog" #################### # Keystone options #################### keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}" keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}" keystone_public_url: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keystone_public_port }}" default_project_domain_name: "Default" default_project_domain_id: "default" default_user_domain_name: "Default" default_user_domain_id: "default" # Valid options are [ uuid, fernet ] keystone_token_provider: "uuid" fernet_token_expiry: 86400 keystone_default_user_role: "_member_" ####################### # Glance options ####################### glance_backend_file: "{{ not enable_ceph | bool }}" glance_backend_ceph: "{{ enable_ceph }}" glance_backend_vmware: "no" glance_backend_swift: "no" glance_file_datadir_volume: "glance" ####################### # Barbican options ####################### # Valid options are [ simple_crypto, p11_crypto ] barbican_crypto_plugin: "simple_crypto" barbican_library_path: "/usr/lib/libCryptoki2_64.so" ######################## ### Panko options ######################## # Valid options are [ mongodb, mysql ] panko_database_type: "mysql" ################# # Gnocchi options ################# # Valid options are [file, ceph] gnocchi_backend_storage: "{{ 'ceph' if enable_ceph|bool else 'file' }}" ################################# # Cinder options ################################# cinder_backend_ceph: "{{ enable_ceph }}" cinder_backend_vmwarevc_vmdk: "no" cinder_volume_group: "cinder-volumes" # Valid options are [ nfs, swift, ceph ] cinder_backup_driver: "ceph" cinder_backup_share: "" cinder_backup_mount_options_nfs: "" ####################### # Cloudkitty options ####################### # Valid options are [ ceilometer, gnocchi ] cloudkitty_collector_backend: "ceilometer" ####################### # Designate options ####################### # Valid options are [ bind9 ] designate_backend: "bind9" designate_ns_record: "sample.openstack.org" designate_backend_external: "no" designate_backend_external_bind9_nameservers: "" ####################### # Neutron options ####################### neutron_bgp_router_id: "1.1.1.1" neutron_bridge_name: "{{ 'br-dvs' if neutron_plugin_agent == 'vmware_dvs' else 'br-ex' }}" # Comma-separated type of enabled ml2 type drivers neutron_type_drivers: "flat,vlan,vxlan" # Comma-separated types of tenant networks (should be listed in 'neutron_type_drivers') # NOTE: for ironic this list should also contain 'flat' neutron_tenant_network_types: "vxlan" computes_need_external_bridge: "{{ enable_neutron_dvr | bool or enable_neutron_provider_networks | bool or enable_opendaylight | bool and neutron_plugin_agent != 'vmware_dvs' }}" ####################### # Nova options ####################### nova_backend_ceph: "{{ enable_ceph }}" nova_backend: "{{ 'rbd' if nova_backend_ceph | bool else 'default' }}" # Valid options are [ kvm, qemu, vmware ] nova_compute_virt_type: "kvm" ####################### # Murano options ####################### murano_agent_rabbitmq_vhost: "muranoagent" murano_agent_rabbitmq_user: "muranoagent" ####################### # Horizon options ####################### horizon_backend_database: "{{ enable_murano | bool }}" horizon_keystone_multidomain: False ################# # Octavia options ################# # Load balancer topology options are [ SINGLE, ACTIVE_STANDBY ] octavia_loadbalancer_topology: "SINGLE" octavia_amp_boot_network_list: octavia_amp_secgroup_list: octavia_amp_flavor_id: ################### # Ceph options ################### # Ceph can be setup with a caching to improve performance. To use the cache you # must provide separate disks than those for the OSDs ceph_enable_cache: "no" external_ceph_cephx_enabled: "yes" # Ceph is not able to determine the size of a cache pool automatically, # so the configuration on the absolute size is required here, otherwise the flush/evict will not work. ceph_target_max_bytes: "" ceph_target_max_objects: "" # Valid options are [ forward, none, writeback ] ceph_cache_mode: "writeback" # Valid options are [ ext4, btrfs, xfs ] ceph_osd_filesystem: "xfs" # Set to 'yes-i-really-really-mean-it' to force wipe disks with existing partitions for OSDs. Only # set if you understand the consequences! ceph_osd_wipe_disk: "" # These are /etc/fstab options. Comma separated, no spaces (see fstab(8)) ceph_osd_mount_options: "defaults,noatime" # A requirement for using the erasure-coded pools is you must setup a cache tier # Valid options are [ erasure, replicated ] ceph_pool_type: "replicated" # Integrate Ceph Rados Object Gateway with OpenStack keystone enable_ceph_rgw_keystone: "no" ceph_cinder_pool_name: "volumes" ceph_cinder_backup_pool_name: "backups" ceph_glance_pool_name: "images" ceph_gnocchi_pool_name: "gnocchi" ceph_nova_pool_name: "vms" ceph_erasure_profile: "k=4 m=2 ruleset-failure-domain=host" ceph_rule: "default host {{ 'indep' if ceph_pool_type == 'erasure' else 'firstn' }}" ceph_cache_rule: "cache host firstn" # Set the pgs and pgps for pool ceph_pool_pg_num: 128 ceph_pool_pgp_num: 128 ##################### # VMware support ###################### vmware_vcenter_host_ip: "127.0.0.1" vmware_vcenter_host_username: "username" vmware_vcenter_cluster_name: "cluster-1" vmware_vcenter_insecure: "True" ###################### # OpenDaylight ###################### opendaylight_release: "0.6.1-Carbon" opendaylight_mechanism_driver: "opendaylight_v2" opendaylight_l3_service_plugin: "odl-router_v2" opendaylight_acl_impl: "learn" enable_opendaylight_qos: "no" enable_opendaylight_l3: "{{ enable_opendaylight }}" enable_opendaylight_legacy_netvirt_conntrack: "no" opendaylight_port_binding_type: "pseudo-agentdb-binding" opendaylight_features: "odl-mdsal-apidocs,odl-netvirt-openstack" opendaylight_allowed_network_types: '"flat", "vlan", "vxlan"'