kolla-ansible/ansible/roles/magnum/templates/magnum.conf.j2
Bertrand Lallau 866a160ec9 Magnum: Enable cluster trust customization
This enable cluster_user_trust customization which is needed to get
Kubernetes integration with Cinder and Neutron LBaaS.

https://github.com/openstack/magnum/blob/master/releasenotes/notes/CVE-2016-7404-f53e62a4a40e4d30.yaml#L5

Change-Id: Ib3243b110d2c592f3bf6467b086738335799c853
2017-07-13 06:43:45 +00:00

104 lines
3.1 KiB
Django/Jinja

[DEFAULT]
debug = {{ magnum_logging_debug }}
state_path = /var/lib/magnum
log_dir = /var/log/kolla/magnum
host = {{ api_interface_address }}
transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
{% if service_name == 'magnum-api' %}
[api]
port = {{ magnum_api_port }}
host = {{ api_interface_address }}
workers = {{ openstack_service_workers }}
{% endif %}
[oslo_policy]
policy_file = /etc/magnum/policy.json
[database]
connection = mysql+pymysql://{{ magnum_database_user }}:{{ magnum_database_password }}@{{ magnum_database_address }}/{{ magnum_database_name }}
max_retries = -1
[heat_client]
region_name = {{ openstack_region_name }}
endpoint_type = internalURL
[cinder_client]
region_name = {{ openstack_region_name }}
[barbican_client]
region_name = {{ openstack_region_name }}
endpoint_type = internalURL
[glance_client]
region_name = {{ openstack_region_name }}
endpoint_type = internalURL
[neutron_client]
region_name = {{ openstack_region_name }}
endpoint_type = internalURL
[nova_client]
region_name = {{ openstack_region_name }}
endpoint_type = internalURL
[keystone_auth]
auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3
user_domain_name = {{ default_user_domain_name }}
project_domain_name = {{ default_project_domain_name }}
project_name = service
password = {{ magnum_keystone_password }}
username = {{ magnum_keystone_user }}
auth_type = password
[keystone_authtoken]
auth_version = v3
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
auth_type = password
project_domain_name = {{ default_project_domain_name }}
user_domain_name = {{ default_user_domain_name }}
project_name = service
username = {{ magnum_keystone_user }}
password = {{ magnum_keystone_password }}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[trust]
trustee_domain_admin_password = {{ magnum_keystone_password }}
trustee_domain_admin_name = {{ magnum_trustee_domain_admin }}
trustee_domain_name = {{ magnum_trustee_domain }}
cluster_user_trust = {{ enable_cluster_user_trust }}
[oslo_concurrency]
lock_path = /var/lib/magnum/tmp
[certificates]
{% if enable_barbican | bool %}
cert_manager_type = barbican
{% else %}
cert_manager_type = x509keypair
{% endif %}
[oslo_messaging_notifications]
{% if enable_ceilometer | bool %}
driver = messaging
topics = 'notifications'
{% else %}
driver = noop
{% endif %}
{% if enable_osprofiler | bool %}
[profiler]
enabled = true
trace_sqlalchemy = true
hmac_keys = {{ osprofiler_secret }}
{% if enable_elasticsearch | bool %}
connection_string = elasticsearch://{{ elasticsearch_address }}:{{ elasticsearch_port }}
{% endif %}
{% endif %}