34c2cb8e64
To improve security, operators have asked for two VIPs for their cloud. VIP 1 is the internal VIP that can reach internal and admin endpoints. In addition, the internal VIP can also reach other internal services, such as the database and message services. VIP 2 is the external VIP that can only reach public endpoints. With one VIP only, all services are reached at the same address. To add a second VIP, this patch adds two new configuration parameters. kolla_external_vip_address: is an IPv4 address to use for created VIP kolla_external_vip_interface: is the network interface to use for VIP In this scenario, the first VIP (the internal VIP), is defined by the original parameters (kolla_internal address and network_interface). When using two VIPs, the existing kolla_external_address parameter should be/point to/resolve to the kolla_external_vip_address. Closes-bug: 1535333 Change-Id: I5bfcefaf7899298455cdade8209c34324aebfecb
100 lines
3.7 KiB
YAML
100 lines
3.7 KiB
YAML
---
|
|
# You can use this file to override _any_ variable throughout Kolla.
|
|
# Additional options can be found in the 'kolla/group_vars/all.yml' file.
|
|
|
|
###################
|
|
# Kolla options
|
|
###################
|
|
# Valid options are [ COPY_ONCE, COPY_ALWAYS ]
|
|
#config_strategy: "COPY_ONCE"
|
|
|
|
# Valid options are [ centos, fedora, oraclelinux, ubuntu ]
|
|
#kolla_base_distro: "centos"
|
|
|
|
# Valid options are [ binary, source ]
|
|
#kolla_install_type: "binary"
|
|
|
|
# This should be a VIP, an unused IP on your network that will float between
|
|
# the hosts running keepalived for high-availability. When running an All-In-One
|
|
# without haproxy and keepalived, this should be the first IP on your
|
|
# 'network_interface' as set in the Networking section below.
|
|
kolla_internal_address: "10.10.10.254"
|
|
|
|
# The Public address used to communicate with OpenStack as set in the public_url
|
|
# for the endpoints that will be created. It defaults to kolla_internal_address
|
|
# but can be overridden in your globals.yml to a public address. It is up to the
|
|
# deployer to ensure that that public address maps to the environment correctly.
|
|
# It is recommended to use a DNS name as well, but not required.
|
|
#kolla_external_address: "{{ kolla_internal_address }}"
|
|
|
|
# This should be a VIP, an unused IP on your network that will float between
|
|
# the hosts running keepalived for high-availability. It defaults to the
|
|
# kolla_internal_address, allowing internal and external communication to
|
|
# share the same address. Specify a kolla_external_vip_address to
|
|
# separate internal and external requests between two VIPs.
|
|
#kolla_external_vip_address: "{{ kolla_internal_address }}"
|
|
|
|
####################
|
|
# Docker options
|
|
####################
|
|
### Example: Private repository with authentication
|
|
#
|
|
# docker_registry: "172.16.0.10:5000"
|
|
# docker_namespace: "companyname"
|
|
# docker_registry_username: "sam"
|
|
# docker_registry_password: "correcthorsebatterystaple"
|
|
|
|
|
|
####################
|
|
# Networking options
|
|
####################
|
|
# This interface is what all your api services will be bound to by default.
|
|
# Additionally, all vxlan/tunnel and storage network traffic will go over this
|
|
# interface by default. This interface must contain an IPv4 address.
|
|
network_interface: "eth0"
|
|
|
|
# These can be adjusted for even more customization. The default is the same as
|
|
# the 'network_interface'. These interfaces must container an IPv4 address.
|
|
#kolla_external_vip_interface: "{{ network_interface }}"
|
|
#api_interface: "{{ network_interface }}"
|
|
#storage_interface: "{{ network_interface }}"
|
|
#tunnel_interface: "{{ network_interface }}"
|
|
|
|
# This is the raw interface given to neutron as its external network port. Even
|
|
# though an IP address can exist on this interface, it will be unusable in most
|
|
# configurations. It is recommended this interface not be configured with any IP
|
|
# addresses for that reason.
|
|
neutron_external_interface: "eth1"
|
|
|
|
# Valid options are [ openvswitch, linuxbridge ]
|
|
#neutron_plugin_agent: "openvswitch"
|
|
|
|
|
|
####################
|
|
# OpenStack options
|
|
####################
|
|
# Use these options to set the various log levels across all OpenStack projects
|
|
#openstack_logging_debug: "False"
|
|
|
|
# Valid options are [ novnc, spice ]
|
|
#nova_console: "novnc"
|
|
|
|
# OpenStack services can be enabled or disabled with these options
|
|
#enable_cinder: "yes"
|
|
#enable_heat: "no"
|
|
#enable_magnum: "no"
|
|
|
|
|
|
###################
|
|
# Ceph options
|
|
###################
|
|
# Ceph can be setup with a caching to improve performance. To use the cache you
|
|
# must provide separate disks than those for the OSDs
|
|
# ceph_use_cache: "no"
|
|
# Valid options are [ forward, none, writeback ]
|
|
# ceph_cache_mode: "writeback"
|
|
|
|
# A requirement for using the erasure-coded pools is you must setup a cache tier
|
|
# Valid options are [ erasure, replicated ]
|
|
# ceph_pool_type: "replicated"
|