openstack-ansible-os_manila/defaults/main.yml

---
# Copyright 2019, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Set the package install state for distribution packages
# Options are 'present' and 'latest'
manila_package_state: "{{ package_state | default('latest') }}"

# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
manila_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
manila_service_setup_host_python_interpreter: >-
  {{
    openstack_service_setup_host_python_interpreter | default(
      (manila_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))
  }}

# Set installation method.
manila_install_method: "{{ service_install_method | default('source') }}"
manila_venv_python_executable: "{{ openstack_venv_python_executable | default('python3') }}"

manila_git_repo: https://opendev.org/openstack/manila
manila_git_install_branch: master
manila_upper_constraints_url: >-
  {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}
manila_git_constraints:
  - "--constraint {{ manila_upper_constraints_url }}"

manila_pip_install_args: "{{ pip_install_options | default('') }}"

# Name of the virtual env to deploy into
manila_venv_tag: "{{ venv_tag | default('untagged') }}"
manila_bin: "{{ _manila_bin }}"

# Enable/Disable Ceilometer
manila_ceilometer_enabled: False

manila_storage_availability_zone: nova
manila_default_availability_zone: "{{ manila_storage_availability_zone }}"

manila_management_address: 127.0.0.1
manila_uwsgi_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"

manila_fatal_deprecations: False

## Database info
manila_db_setup_host: "{{ openstack_db_setup_host | default('localhost') }}"
manila_db_setup_python_interpreter: >-
  {{
    openstack_db_setup_python_interpreter | default(
      (manila_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))
  }}
manila_galera_address: "{{ galera_address | default('127.0.0.1') }}"
manila_galera_user: manila
manila_galera_database: manila
manila_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
manila_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('') }}"
manila_galera_port: "{{ galera_port | default('3306') }}"
manila_db_max_overflow: "{{ openstack_db_max_overflow | default('50') }}"
manila_db_max_pool_size: "{{ openstack_db_max_pool_size | default('5') }}"
manila_db_pool_timeout: "{{ openstack_db_pool_timeout | default('30') }}"
manila_db_connection_recycle_time: "{{ openstack_db_connection_recycle_time | default('600') }}"

## Oslo Messaging

# RPC
manila_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
manila_oslomsg_rpc_setup_host: "{{ (manila_oslomsg_rpc_host_group in groups) | ternary(groups[manila_oslomsg_rpc_host_group][0], 'localhost') }}"
manila_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}"
manila_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}"
manila_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}"
manila_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}"
manila_oslomsg_rpc_userid: manila
manila_oslomsg_rpc_vhost: /manila
manila_oslomsg_rpc_ssl_version: "{{ oslomsg_rpc_ssl_version | default('TLSv1_2') }}"
manila_oslomsg_rpc_ssl_ca_file: "{{ oslomsg_rpc_ssl_ca_file | default('') }}"

# Notify
manila_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
manila_oslomsg_notify_setup_host: "{{ (manila_oslomsg_notify_host_group in groups) | ternary(groups[manila_oslomsg_notify_host_group][0], 'localhost') }}"
manila_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
manila_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
manila_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
manila_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}"
manila_oslomsg_notify_userid: "{{ manila_oslomsg_rpc_userid }}"
manila_oslomsg_notify_password: "{{ manila_oslomsg_rpc_password }}"
manila_oslomsg_notify_vhost: "{{ manila_oslomsg_rpc_vhost }}"
manila_oslomsg_notify_ssl_version: "{{ oslomsg_notify_ssl_version | default('TLSv1_2') }}"
manila_oslomsg_notify_ssl_ca_file: "{{ oslomsg_notify_ssl_ca_file | default('') }}"

## (Qdrouterd) integration
# TODO(evrardjp): Change structure when more backends will be supported
manila_oslomsg_amqp1_enabled: "{{ manila_oslomsg_rpc_transport == 'amqp' }}"

## Manila User / Group
manila_system_user_name: manila
manila_system_group_name: manila
manila_system_comment: manila system user
manila_system_shell: /bin/false
manila_system_home_folder: "/var/lib/{{ manila_system_user_name }}"
manila_system_slice_name: manila

## Manually specified manila UID/GID
# Deployers can specify a UID for the manila user as well as the GID for the
# manila group if needed. This is commonly used in environments where shared
# storage is used, such as NFS or GlusterFS, and manila UID/GID values must be
# in sync between multiple servers.
#
# WARNING: Changing these values on an existing deployment can lead to
#          failures, errors, and instability.
#
# manila_system_user_uid = <UID>
# manila_system_group_gid = <GID>

manila_lock_dir: "{{ openstack_lock_dir | default('/run/lock') }}"

## Manila Auth
manila_service_admin_tenant_name: "service"
manila_service_admin_username: "manila"

## Manila API's enabled
manila_enable_v2_api: true

## Manila API check cert validation
manila_service_internaluri_insecure: false

## Manila api service type and data
manila_service_name: manila
manila_service_project_domain_id: default
manila_service_user_domain_id: default
manila_service_user_name: manila
manila_service_project_name: service
manila_service_role_names:
  - admin
  - service
manila_service_token_roles:
  - service
manila_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
manila_service_region: "{{ service_region | default('RegionOne') }}"
manila_service_description: "Openstack Shared File Systems"
manila_service_port: 8786
manila_service_proto: http
manila_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(manila_service_proto) }}"
manila_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(manila_service_proto) }}"
manila_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(manila_service_proto) }}"
manila_service_type: share
manila_service_publicuri: "{{ manila_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ manila_service_port }}"
manila_service_publicurl: "{{ manila_service_publicuri }}/v1/%(tenant_id)s"
manila_service_adminuri: "{{ manila_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ manila_service_port }}"
manila_service_adminurl: "{{ manila_service_adminuri }}/v1/%(tenant_id)s"
manila_service_internaluri: "{{ manila_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ manila_service_port }}"
manila_service_internalurl: "{{ manila_service_internaluri }}/v1/%(tenant_id)s"

manila_service_v2_name: manilav2
manila_service_v2_port: 8786
manila_service_v2_proto: http
manila_service_v2_type: sharev2
manila_service_v2_description: "Openstack Shared File Systems V2"
manila_service_v2_publicuri: "{{ manila_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ manila_service_port }}"
manila_service_v2_publicurl: "{{ manila_service_publicuri }}/v2/%(tenant_id)s"
manila_service_v2_adminuri: "{{ manila_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ manila_service_port }}"
manila_service_v2_adminurl: "{{ manila_service_adminuri }}/v2/%(tenant_id)s"
manila_service_v2_internaluri: "{{ manila_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ manila_service_port }}"
manila_service_v2_internalurl: "{{ manila_service_internaluri }}/v2/%(tenant_id)s"

## Keystone authentication middleware
manila_keystone_auth_plugin: "{{ manila_keystone_auth_type }}"
manila_keystone_auth_type: password

## In order to enable the manila data you MUST set ``manila_service_data_program_enabled`` to "true"
manila_service_data_program_enabled: false

## Cap the maximun number of threads / workers when a user value is unspecified.
manila_osapi_share_workers_max: 16
manila_osapi_share_workers: >-
  {{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, manila_osapi_share_workers_max] | min }}

## Manila RPC
manila_rpc_executor_thread_pool_size: 64
manila_rpc_response_timeout: 60

# osprofiler
manila_profiler_enabled: false
# manila_profiler_hmac_key is set in user_secrets.yml
manila_profiler_trace_sqlalchemy: false

## Manila quota
manila_quota_shares: 50
manila_quota_snapshots: 50
manila_quota_gigabytes: 1000
manila_quota_snapshot_gigabytes: 1000
manila_quota_share_networks: 10

## General configuration
# manila_backends:
#   lvm:
#     share_backend_name: LVM
#     share_driver: manila.share.drivers.lvm.LVMShareDriver
#     driver_handles_share_servers: False
#     lvm_share_volume_group: manila_shares
#     lvm_share_export_ips: <server-ip>
manila_backends: {}

manila_enabled_share_protocols:
  - NFS
  - CEPHFS

manila_default_share_type: "{{ _manila_default_share_type | default('') }}"

manila_share_name_template: share-%s

# manila_backend_lvm_inuse: True if current host has an lvm backend
manila_backend_lvm_inuse: "{{ (manila_backends | to_json).find('lvm') != -1 }}"
# manila_backend_rbd_inuse: True if the current host has an rbd backend
manila_backend_rbd_inuse: "{{ (manila_backends | to_json).find('manila.share.drivers.cephfs') != -1 }}"

## Policy vars
# Provide a list of access controls to update the default policy.json with. These changes will be merged
# with the access controls in the default policy.json. E.g.
# manila_policy_overrides:
#   "share:create": ""
#   "share:delete": ""

manila_service_in_ldap: "{{ service_ldap_backend_enabled | default(False) }}"

# Common pip packages
manila_pip_packages:
  - "git+{{ manila_git_repo }}@{{ manila_git_install_branch }}#egg=manila"
  - cryptography
  - ecdsa
  - httplib2
  - keystonemiddleware
  - osprofiler
  - PyMySQL
  - pymemcache
  - python-memcached
  - systemd-python

# Memcached override
manila_memcached_servers: "{{ memcached_servers }}"

manila_user_pip_packages: []

manila_optional_oslomsg_amqp1_pip_packages:
  - oslo.messaging[amqp1]

manila_api_init_overrides: {}
manila_scheduler_init_overrides: {}
manila_share_init_overrides: {}
manila_data_init_overrides: {}

## Service Name-Group Mapping
manila_services:
  manila-scheduler:
    group: manila_scheduler
    service_name: manila-scheduler
    init_config_overrides: "{{ manila_scheduler_init_overrides }}"
    start_order: 1
    execstarts: "{{ manila_bin }}/manila-scheduler"
    execreloads: "/bin/kill -HUP $MAINPID"
  manila-share:
    group: manila_share
    service_name: manila-share
    init_config_overrides: "{{ manila_share_init_overrides }}"
    start_order: 2
    execstarts: "{{ manila_bin }}/manila-share"
    execreloads: "/bin/kill -HUP $MAINPID"
  manila-data:
    group: manila_share
    service_name: manila-data
    init_config_overrides: "{{ manila_data_init_overrides }}"
    start_order: 3
    execstarts: "{{ manila_bin }}/manila-data"
    execreloads: "/bin/kill -HUP $MAINPID"
  manila-api:
    group: manila_api
    service_name: manila-api
    init_config_overrides: "{{ manila_api_init_overrides }}"
    start_order: 4
    wsgi_app: True
    wsgi_name: manila-wsgi
    uwsgi_overrides: "{{ manila_api_uwsgi_ini_overrides }}"
    uwsgi_port: "{{ manila_service_port }}"
    uwsgi_bind_address: "{{ manila_uwsgi_bind_address }}"
    uwsgi_tls: "{{ manila_backend_ssl | ternary(manila_uwsgi_tls, {}) }}"

# Manila uWSGI settings
manila_wsgi_processes_max: 16
manila_wsgi_processes: "{{ [[ansible_facts['processor_vcpus'] | default(1), 1] | max * 2, manila_wsgi_processes_max] | min }}"
manila_wsgi_threads: 1
manila_wsgi_buffer_size: 65535
manila_uwsgi_tls:
  crt: "{{ manila_ssl_cert }}"
  key: "{{ manila_ssl_key }}"

## Tunable overrides
manila_policy_overrides: {}
manila_rootwrap_conf_overrides: {}
manila_api_paste_ini_overrides: {}
manila_manila_conf_overrides: {}
manila_api_uwsgi_ini_overrides: {}

# Manila keypair
#
# The following path ontains the keypair which will be used for SSH.  It requires that
# the same file with a trailing .pub exists as well if using an existing key.  If this
# is set and a key cannot be found it will generate one.
#
# manila_keypair_path: /etc/openstack_deploy/id_rsa

###
### Backend TLS
###

# Define if communication between haproxy and service backends should be
# encrypted with TLS.
manila_backend_ssl: "{{ openstack_service_backend_ssl | default(False) }}"

# Storage location for SSL certificate authority
manila_pki_dir: "{{ openstack_pki_dir | default('/etc/openstack_deploy/pki') }}"

# Delegated host for operating the certificate authority
manila_pki_setup_host: "{{ openstack_pki_setup_host | default('localhost') }}"

# manila server certificate
manila_pki_keys_path: "{{ manila_pki_dir ~ '/certs/private/' }}"
manila_pki_certs_path: "{{ manila_pki_dir ~ '/certs/certs/' }}"
manila_pki_intermediate_cert_name: "{{ openstack_pki_service_intermediate_cert_name | default('ExampleCorpIntermediate') }}"
manila_pki_regen_cert: ''
manila_pki_san: "{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}"
manila_pki_certificates:
  - name: "manila_{{ ansible_facts['hostname'] }}"
    provider: ownca
    cn: "{{ ansible_facts['hostname'] }}"
    san: "{{ manila_pki_san }}"
    signed_by: "{{ manila_pki_intermediate_cert_name }}"

# manila destination files for SSL certificates
manila_ssl_cert: /etc/manila/manila.pem
manila_ssl_key: /etc/manila/manila.key

# Installation details for SSL certificates
manila_pki_install_certificates:
  - src: "{{ manila_user_ssl_cert | default(manila_pki_certs_path ~ 'manila_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}"
    dest: "{{ manila_ssl_cert }}"
    owner: "{{ manila_system_user_name }}"
    group: "{{ manila_system_user_name }}"
    mode: "0644"
  - src: "{{ manila_user_ssl_key | default(manila_pki_keys_path ~ 'manila_' ~ ansible_facts['hostname'] ~ '.key.pem') }}"
    dest: "{{ manila_ssl_key }}"
    owner: "{{ manila_system_user_name }}"
    group: "{{ manila_system_user_name }}"
    mode: "0600"

# Define user-provided SSL certificates
# manila_user_ssl_cert: <path to cert on ansible deployment host>
# manila_user_ssl_key: <path to cert on ansible deployment host>