--- {% if ansible_os_family == 'Debian' %} # Force the use of python3 on Debian and Ubuntu remote hosts. These distros # typically have an unversioned Python interpreter which links to python2.7. ansible_python_interpreter: /usr/bin/python3 {% endif %} kolla_base_distro: "{{ base_distro }}" kolla_install_type: "{{ install_type }}" network_interface: "{{ api_interface_name }}" network_address_family: "{{ address_family }}" docker_restart_policy: "no" docker_custom_config: debug: true registry-mirrors: - {{ infra_dockerhub_mirror }} {% if kolla_python_version is defined and not is_previous_release %} distro_python_version: "{{ kolla_python_version }}" {% endif %} # Use a random router id, otherwise it may result in the same router id # in the CI gate. keepalived_virtual_router_id: "{{ 250 | random(1) }}" # MariaDB/Galera - fine tune gmcast.peer_timeout mariadb_wsrep_extra_provider_options: - "gmcast.peer_timeout=PT15S" nova_compute_virt_type: "{{ virt_type }}" enable_openstack_core: "{{ openstack_core_enabled }}" enable_horizon: "{{ dashboard_enabled }}" enable_heat: "{{ openstack_core_tested }}" {% if scenario != 'bifrost' %} kolla_internal_vip_address: "{{ kolla_internal_vip_address }}" neutron_external_interface: "{{ neutron_external_interface_name }}" openstack_logging_debug: "True" nova_libvirt_logging_debug: "False" openstack_service_workers: "1" {% endif %} {% if need_build_image and not is_previous_release %} # NOTE(Jeffrey4l): use different a docker namespace name in case it pull image from hub.docker.io when deplying docker_namespace: "lokolla" # NOTE(yoctozepto): use hostname or FQDN to be compatible between IPv4 and IPv6 # docker does not support referencing registry via an IPv6 address # see: https://github.com/moby/moby/issues/39033 docker_registry: "primary:4000" openstack_tag: "{{ build_image_tag }}" {% else %} # use the published images from a site mirror of quay.io docker_registry: "{{ zuul_site_mirror_fqdn }}:4447" docker_registry_insecure: no docker_namespace: openstack.kolla {% if docker_image_tag_suffix %} openstack_tag_suffix: "{{ docker_image_tag_suffix }}" {% endif %} {% if need_build_image and is_previous_release %} # NOTE(mgoddard): Ensure that the insecure local registry is trusted, since it # will be the source of images during the upgrade. # NOTE(yoctozepto): this is required here for CI because we run templating # of docker systemd command only once docker_custom_option: "--insecure-registry primary:4000" {% endif %} {% endif %} {% if scenario == "zun" %} enable_zun: "yes" enable_kuryr: "yes" enable_etcd: "yes" docker_configure_for_zun: "yes" containerd_configure_for_zun: "yes" enable_cinder: "yes" # lvm backup driver for cinder-backup does not exist enable_cinder_backup: "no" enable_cinder_backend_lvm: "yes" {% endif %} {% if scenario == "swift" %} enable_swift: "yes" {% endif %} {% if scenario == "scenario_nfv" %} enable_tacker: "yes" enable_neutron_sfc: "yes" enable_mistral: "yes" enable_redis: "yes" enable_barbican: "yes" enable_heat: "yes" # NOTE(yoctozepto): see https://bugs.launchpad.net/kolla-ansible/+bug/1906299 enable_aodh: "yes" {% endif %} {% if scenario == "ironic" %} enable_ironic: "yes" ironic_dnsmasq_dhcp_range: "10.42.0.2,10.42.0.254" {% endif %} {% if scenario == "masakari" %} enable_masakari: "yes" enable_hacluster: "yes" {% endif %} {% if scenario == "cells" %} enable_cells: "yes" {% endif %} {% if scenario == "mariadb" %} enable_fluentd: "yes" enable_mariadb: "yes" enable_memcached: "no" enable_rabbitmq: "no" {% endif %} {% if scenario == "cephadm" %} # kolla-ansible vars enable_cinder: "yes" # External Ceph glance_backend_ceph: "yes" cinder_backend_ceph: "yes" nova_backend_ceph: "yes" ceph_nova_user: "cinder" # TODO(yoctozepto): Remove this in the Xena cycle. # cephadm doesn't support chrony in a container (checks for chrony.service) enable_chrony: "no" {% endif %} {% if tls_enabled %} kolla_enable_tls_external: "yes" kolla_enable_tls_internal: "yes" kolla_copy_ca_into_containers: "yes" kolla_enable_tls_backend: "yes" {% if base_distro == "ubuntu" or base_distro == "debian" %} openstack_cacert: "/etc/ssl/certs/ca-certificates.crt" {% endif %} {% if base_distro == "centos" %} openstack_cacert: "/etc/pki/tls/certs/ca-bundle.crt" {% endif %} kolla_admin_openrc_cacert: "{% raw %}{{ kolla_certificates_dir }}{% endraw %}/ca/root.crt" # TODO(mgoddard): Remove the condition when Victoria supports RabbitMQ TLS, # or the previous release is no longer Victoria. {% if not is_upgrade or previous_release != "victoria" %} rabbitmq_enable_tls: "yes" {% endif %} {% endif %} {% if scenario == 'linuxbridge' %} neutron_plugin_agent: "linuxbridge" {% endif %} {% if scenario == "ovn" %} neutron_plugin_agent: "ovn" neutron_ovn_distributed_fip: "yes" enable_octavia: "yes" octavia_auto_configure: "no" octavia_provider_drivers: "ovn:OVN provider" octavia_provider_agents: "ovn" {% endif %} {% if scenario == "prometheus-efk" %} enable_central_logging: "yes" enable_grafana: "yes" enable_prometheus: "yes" enable_prometheus_openstack_exporter: "no" {% endif %} {% if scenario == "magnum" %} enable_designate: "yes" enable_magnum: "yes" enable_trove: "yes" {% endif %} {% if scenario == "monasca" %} enable_keystone: "yes" enable_monasca: "yes" enable_rabbitmq: "no" {% endif %} {% if scenario == "octavia" %} enable_octavia: "yes" # NOTE(wuchunyang): work around for qemu-kvm 5.1 can not attach second NIC. # more: http://lists.openstack.org/pipermail/openstack-discuss/2021-February/020218.html octavia_amp_flavor: name: "amphora" is_public: no vcpus: 2 ram: 1024 disk: 5 octavia_network_type: "tenant" {% endif %}