Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ---
- # Copyright 2014, Rackspace US, Inc.
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- ###
- ### This file contains commonly used overrides for convenience. Please inspect
- ### the defaults for each role to find additional override options.
- ###
- ## Debug and Verbose options.
- debug: false
- ## Set the service setup host
- # The default is to use localhost (the deploy host where ansible runs),
- # but any other host can be used. If using an alternative host with all
- # required libraries in a venv (eg: the utility container) then the
- # python interpreter needs to be set. If it is not, the default is to
- # the system python interpreter.
- # If you wish to use the first utility container in the inventory for
- # all service setup tasks, uncomment the following.
- #
- #openstack_service_setup_host: "{{ groups['utility_all'][0] }}"
- #openstack_service_setup_host_python_interpreter: "/openstack/venvs/utility-{{ openstack_release }}/bin/python"
- ## Installation method for OpenStack services
- # Default option (source) is to install the OpenStack services using PIP
- # packages. An alternative method (distro) is to use the distribution cloud
- # repositories to install OpenStack using distribution packages
- install_method: source
- ## Common Glance Overrides
- # Set glance_default_store to "swift" if using Cloud Files backend
- # or "rbd" if using ceph backend; the latter will trigger ceph to get
- # installed on glance. If using a file store, a shared file store is
- # recommended. See the OpenStack-Ansible install guide and the OpenStack
- # documentation for more details.
- # Note that "swift" is automatically set as the default back-end if there
- # are any swift hosts in the environment. Use this setting to override
- # this automation if you wish for a different default back-end.
- # glance_default_store: file
- ## Ceph pool name for Glance to use
- # glance_rbd_store_pool: images
- # glance_rbd_store_chunk_size: 8
- ## Common Nova Overrides
- # When nova_libvirt_images_rbd_pool is defined, ceph will be installed on nova
- # hosts.
- # nova_libvirt_images_rbd_pool: vms
- # If you wish to change the dhcp_domain configured for both nova and neutron
- # dhcp_domain: openstacklocal
- ## Common Glance Overrides when using a Swift back-end
- # By default when 'glance_default_store' is set to 'swift' the playbooks will
- # expect to use the Swift back-end that is configured in the same inventory.
- # If the Swift back-end is not in the same inventory (ie it is already setup
- # through some other means) then these settings should be used.
- #
- # NOTE: Ensure that the auth version matches your authentication endpoint.
- #
- # NOTE: If the password for glance_swift_store_key contains a dollar sign ($),
- # it must be escaped with an additional dollar sign ($$), not a backslash. For
- # example, a password of "super$ecure" would need to be entered as
- # "super$$ecure" below. See Launchpad Bug #1259729 for more details.
- #
- # glance_swift_store_auth_version: 3
- # glance_swift_store_auth_address: "https://some.auth.url.com"
- # glance_swift_store_user: "OPENSTACK_TENANT_ID:OPENSTACK_USER_NAME"
- # glance_swift_store_key: "OPENSTACK_USER_PASSWORD"
- # glance_swift_store_container: "NAME_OF_SWIFT_CONTAINER"
- # glance_swift_store_region: "NAME_OF_REGION"
- ## Common Ceph Overrides
- # ceph_mons:
- # - 10.16.5.40
- # - 10.16.5.41
- # - 10.16.5.42
- ## Custom Ceph Configuration File (ceph.conf)
- # By default, your deployment host will connect to one of the mons defined above to
- # obtain a copy of your cluster's ceph.conf. If you prefer, uncomment ceph_conf_file
- # and customise to avoid ceph.conf being copied from a mon.
- # ceph_conf_file: |
- # [global]
- # fsid = 00000000-1111-2222-3333-444444444444
- # mon_initial_members = mon1.example.local,mon2.example.local,mon3.example.local
- # mon_host = 10.16.5.40,10.16.5.41,10.16.5.42
- # # optionally, you can use this construct to avoid defining this list twice:
- # # mon_host = {{ ceph_mons|join(',') }}
- # auth_cluster_required = cephx
- # auth_service_required = cephx
- # By default, openstack-ansible configures all OpenStack services to talk to
- # RabbitMQ over encrypted connections on port 5671. To opt-out of this default,
- # set the rabbitmq_use_ssl variable to 'false'. The default setting of 'true'
- # is highly recommended for securing the contents of RabbitMQ messages.
- # rabbitmq_use_ssl: false
- # RabbitMQ management plugin is enabled by default, the guest user has been
- # removed for security reasons and a new userid 'monitoring' has been created
- # with the 'monitoring' user tag. In order to modify the userid, uncomment the
- # following and change 'monitoring' to your userid of choice.
- # rabbitmq_monitoring_userid: monitoring
- ## Additional pinning generator that will allow for more packages to be pinned as you see fit.
- ## All pins allow for package and versions to be defined. Be careful using this as versions
- ## are always subject to change and updates regarding security will become your problem from this
- ## point on. Pinning can be done based on a package version, release, or origin. Use "*" in the
- ## package name to indicate that you want to pin all package to a particular constraint.
- # apt_pinned_packages:
- # - { package: "lxc", version: "1.0.7-0ubuntu0.1" }
- # - { package: "libvirt-bin", version: "1.2.2-0ubuntu13.1.9" }
- # - { package: "rabbitmq-server", origin: "www.rabbitmq.com" }
- # - { package: "*", release: "MariaDB" }
- ## Environment variable settings
- # This allows users to specify the additional environment variables to be set
- # which is useful in setting where you working behind a proxy. If working behind
- # a proxy It's important to always specify the scheme as "http://". This is what
- # the underlying python libraries will handle best. This proxy information will be
- # placed both on the hosts and inside the containers.
- ## Example environment variable setup:
- ## This is used by apt-cacher-ng to download apt packages:
- # proxy_env_url: http://username:pa$$w0rd@10.10.10.9:9000/
- ## (1) This sets up a permanent environment, used during and after deployment:
- # no_proxy_env: "localhost,127.0.0.1,{{ internal_lb_vip_address }},{{ external_lb_vip_address }},{% for host in groups['all_containers'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}"
- # global_environment_variables:
- # HTTP_PROXY: "{{ proxy_env_url }}"
- # HTTPS_PROXY: "{{ proxy_env_url }}"
- # NO_PROXY: "{{ no_proxy_env }}"
- # http_proxy: "{{ proxy_env_url }}"
- # https_proxy: "{{ proxy_env_url }}"
- # no_proxy: "{{ no_proxy_env }}"
- #
- ## (2) This is applied only during deployment, nothing is left after deployment is complete:
- # deployment_environment_variables:
- # http_proxy: "{{ proxy_env_url }}"
- # https_proxy: "{{ proxy_env_url }}"
- # no_proxy: "localhost,127.0.0.1,{{ internal_lb_vip_address }},{{ external_lb_vip_address }},{% for host in groups['keystone_all'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}"
- ## SSH connection wait time
- # If an increased delay for the ssh connection check is desired,
- # uncomment this variable and set it appropriately.
- #ssh_delay: 5
- ## HAProxy and keepalived
- # All the previous variables are used inside a var, in the group vars.
- # You can override the current keepalived definition (see
- # group_vars/all/keepalived.yml) in your user space if necessary.
- #
- # Uncomment this to disable keepalived installation (cf. documentation)
- # haproxy_use_keepalived: False
- #
- # HAProxy Keepalived configuration (cf. documentation)
- # Make sure that this is set correctly according to the CIDR used for your
- # internal and external addresses.
- # haproxy_keepalived_external_vip_cidr: "{{external_lb_vip_address}}/32"
- # haproxy_keepalived_internal_vip_cidr: "{{internal_lb_vip_address}}/32"
- # haproxy_keepalived_external_interface:
- # haproxy_keepalived_internal_interface:
- # Defines the default VRRP id used for keepalived with haproxy.
- # Overwrite it to your value to make sure you don't overlap
- # with existing VRRPs id on your network. Default is 10 for the external and 11 for the
- # internal VRRPs
- # haproxy_keepalived_external_virtual_router_id:
- # haproxy_keepalived_internal_virtual_router_id:
- # Defines the VRRP master/backup priority. Defaults respectively to 100 and 20
- # haproxy_keepalived_priority_master:
- # haproxy_keepalived_priority_backup:
- # Keepalived default IP address used to check its alive status (IPv4 only)
- # keepalived_ping_address: "193.0.14.129"
- #
- # Neutron Configuration
- neutron_dnsmasq_force_metadata: True
- ###
- ### Metadata Agent Plugin Configuration
- ###
- # If ``neutron_metadata_workers`` is unset the system will use half the number of available VCPUs to
- # compute the number of api workers to use with a default capping value of 16.
- # neutron_metadata_workers: 16
- neutron_metadata_backlog: 4096
- # The protocol used by neutron to access the nova metadata service.
- nova_metadata_protocol: http
- # If the nova_metadata_protocol is using a self-signed cert, then
- # this flag should be set to a boolean True.
- nova_metadata_insecure: True
- ## OpenStack public endpoint protocol
- openstack_service_publicuri_proto: http
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement