openstack/kayobe
Code Issues Proposed changes
kayobe/ansible/roles/kolla-ansible/defaults/main.yml
Mark Goddard 939e298c56 Don't use become for Kolla Ansible 
Using become for all Kolla Ansible tasks is not ideal from a security
perspective. It is also incompatible with fact caching, since it causes
facts to be gathered and cached as root, which changes some facts.

This change modifies the default value of kolla_ansible_become to false.

Change-Id: I9ee5c55e59276f70c92e9c698c01123dcf8919a1
Story: 2007492
Task: 39217
2020-03-31 15:32:10 +01:00

351 lines
11 KiB
YAML
Raw Blame History

---
# Path to directory for kolla-ansible source code checkout.
kolla_ansible_source_path:
# Type of Kolla-ansible control installation. One of 'binary' or 'source'.
kolla_ansible_ctl_install_type:
# URL of Kolla Ansible source code repository if type is 'source'.
kolla_ansible_source_url:
# Version (branch, tag, etc.) of Kolla Ansible source code repository if type
# is 'source'.
kolla_ansible_source_version:
# Virtualenv directory where Kolla-ansible will be installed.
kolla_ansible_venv: "{{ ansible_env['PWD'] }}/kolla-venv"
# Python interpreter to use to create Kolla Ansible virtualenv.
# FIXME(mgoddard): Use ansible_python when Kayobe supports Python 3.
kolla_ansible_venv_python: "python{{ kolla_ansible_venv_python_major_version }}"
# Major version of Python interpreter used in Kolla Ansible virtualenv.
# FIXME(mgoddard): Use ansible_python when Kayobe supports Python 3.
kolla_ansible_venv_python_major_version: 3
# Virtualenv directory where Kolla-ansible's ansible modules will execute
# remotely on the target nodes. If None, no virtualenv will be used.
kolla_ansible_target_venv:
# Upper constraints file which is passed to pip when installing packages
# into the kolla-ansible venv.
kolla_upper_constraints_file:
# Whether to install the epel-release package.
kolla_ansible_install_epel: true
# Password to use to encrypt the passwords.yml file.
kolla_ansible_vault_password:
# Directory where Kolla config files will be installed.
kolla_config_path:
# Directory where Kolla custom configuration files will be installed.
kolla_node_custom_config_path:
# Path to kolla-ansible passwords.yml input file.
kolla_ansible_passwords_path:
# User account to use for Kolla SSH access.
kolla_ansible_user: kolla
# Primary group of Kolla SSH user.
kolla_ansible_group: kolla
# Whether to use privilege escalation for all operations performed via Kolla
# Ansible.
kolla_ansible_become: false
###############################################################################
# Kolla-ansible inventory configuration.
# Full custom seed inventory contents.
kolla_seed_inventory_custom:
# Directory containing custom Kolla-Ansible group vars.
kolla_overcloud_group_vars_path:
# List of names of host variables to pass through from kayobe hosts to
# the kolla-ansible seed host, if set. See also
# kolla_seed_inventory_pass_through_host_vars_map.
kolla_seed_inventory_pass_through_host_vars:
- "ansible_host"
- "ansible_port"
- "ansible_ssh_private_key_file"
- "kolla_api_interface"
- "kolla_bifrost_network_interface"
# Dict mapping names of variables in
# kolla_seed_inventory_pass_through_host_vars to the variable to use in
# kolla-ansible. If a variable name is not in this mapping the kayobe name is
# used.
kolla_seed_inventory_pass_through_host_vars_map:
kolla_api_interface: "api_interface"
kolla_bifrost_network_interface: "bifrost_network_interface"
# Custom overcloud inventory containing a mapping from top level groups to
# hosts.
kolla_overcloud_inventory_custom_top_level:
# Custom overcloud inventory containing a mapping from components to top level
# groups.
kolla_overcloud_inventory_custom_components:
# Custom overcloud inventory containing a mapping from services to components.
kolla_overcloud_inventory_custom_services:
# Full custom overcloud inventory contents. By default this will be the
# concatenation of the top level, component, and service inventories.
kolla_overcloud_inventory_custom:
# Dict mapping from kolla-ansible groups to kayobe groups and variables. Each
# item is a dict with the following items:
# * groups: A list of kayobe ansible groups to map to this kolla-ansible group.
# * vars: A dict mapping variable names to values for hosts in this
# kolla-ansible group.
kolla_overcloud_inventory_top_level_group_map: {}
# List of names of top level kolla-ansible groups. Any of these groups which
# have no hosts mapped to them will be provided with an empty group definition.
kolla_overcloud_inventory_kolla_top_level_groups: []
# List of names of host variables to pass through from kayobe hosts to
# kolla-ansible hosts, if set. See also
# kolla_overcloud_inventory_pass_through_host_vars_map.
kolla_overcloud_inventory_pass_through_host_vars:
- "ansible_host"
- "ansible_port"
- "ansible_ssh_private_key_file"
- "kolla_network_interface"
- "kolla_api_interface"
- "kolla_storage_interface"
- "kolla_cluster_interface"
- "kolla_swift_storage_interface"
- "kolla_swift_replication_interface"
- "kolla_provision_interface"
- "kolla_inspector_dnsmasq_interface"
- "kolla_dns_interface"
- "kolla_tunnel_interface"
- "kolla_external_vip_interface"
- "kolla_neutron_external_interfaces"
- "kolla_neutron_bridge_names"
# Dict mapping names of variables in
# kolla_seed_inventory_pass_through_host_vars to the variable to use in
# kolla-ansible. If a variable name is not in this mapping the kayobe name is
# used.
kolla_overcloud_inventory_pass_through_host_vars_map:
kolla_network_interface: "network_interface"
kolla_api_interface: "api_interface"
kolla_storage_interface: "storage_interface"
kolla_cluster_interface: "cluster_interface"
kolla_swift_storage_interface: "swift_storage_interface"
kolla_swift_replication_interface: "swift_replication_interface"
kolla_provision_interface: "provision_interface"
kolla_inspector_dnsmasq_interface: "ironic_dnsmasq_interface"
kolla_dns_interface: "dns_interface"
kolla_tunnel_interface: "tunnel_interface"
kolla_neutron_external_interfaces: "neutron_external_interface"
kolla_neutron_bridge_names: "neutron_bridge_name"
###############################################################################
# Kolla-ansible global configuration options.
# Valid options are [ centos, fedora, oraclelinux, ubuntu ]
kolla_base_distro:
# Valid options are [ binary, source ]
kolla_install_type:
# Docker namespace to use for Kolla images.
kolla_docker_namespace:
# Url of docker registry to use for Kolla images.
kolla_docker_registry:
# Username to use to access a docker registry.
kolla_docker_registry_username:
# Password to use to access a docker registry.
kolla_docker_registry_password:
# Valid option is Docker repository tag
kolla_openstack_release:
# This should be a VIP, an unused IP on your network that will float between
# the hosts running keepalived for high-availability. When running an All-In-One
# without haproxy and keepalived, this should be the first IP on your
# 'network_interface' as set in the Networking section below.
kolla_internal_vip_address:
# This is the DNS name that maps to the kolla_internal_vip_address VIP. By
# default it is the same as kolla_internal_vip_address.
kolla_internal_fqdn:
# This should be a VIP, an unused IP on your network that will float between
# the hosts running keepalived for high-availability. It defaults to the
# kolla_internal_vip_address, allowing internal and external communication to
# share the same address. Specify a kolla_external_vip_address to separate
# internal and external requests between two VIPs.
kolla_external_vip_address:
# The Public address used to communicate with OpenStack as set in the public_url
# for the endpoints that will be created. This DNS name should map to
# kolla_external_vip_address.
kolla_external_fqdn:
####################
# Networking options
####################
# List of Neutron ML2 type drivers to use.
kolla_neutron_ml2_type_drivers: []
# List of Neutron ML2 tenant network types to use.
kolla_neutron_ml2_tenant_network_types: []
####################
# TLS options
####################
# To provide encryption and authentication on the external and/or internal
# APIs, TLS can be enabled. When TLS is enabled, certificates must be provided
# to allow clients to perform authentication.
kolla_enable_tls_external:
kolla_enable_tls_internal:
kolla_external_fqdn_cert:
kolla_internal_fqdn_cert:
kolla_external_fqdn_cacert:
kolla_internal_fqdn_cacert:
#############################
# Ironic options
#############################
# Start of range of IP addresses for dnsmasq to allocate from.
kolla_inspector_dhcp_pool_start:
# End of range of IP addresses for dnsmasq to allocate from.
kolla_inspector_dhcp_pool_end:
# Default gateway to use for inspection network.
kolla_inspector_default_gateway:
# List of extra kernel parameters for the inspector default PXE configuration.
kolla_inspector_extra_kernel_options: []
####################
# OpenStack options
####################
# Use these options to set the various log levels across all OpenStack projects
# Valid options are [ True, False ]
kolla_openstack_logging_debug:
# OpenStack services can be enabled or disabled with these options
#kolla_enable_aodh:
#kolla_enable_barbican:
#kolla_enable_blazar:
#kolla_enable_ceilometer:
#kolla_enable_central_logging:
#kolla_enable_cinder:
#kolla_enable_cinder_backend_iscsi:
#kolla_enable_cinder_backend_lvm:
#kolla_enable_cloudkitty:
#kolla_enable_congress:
#kolla_enable_etcd:
#kolla_enable_gnocchi:
#kolla_enable_grafana:
#kolla_enable_heat:
#kolla_enable_horizon:
#kolla_enable_influxdb:
#kolla_enable_ironic:
#kolla_enable_ironic_ipxe:
#kolla_enable_kafka:
#kolla_enable_kuryr:
#kolla_enable_magnum:
#kolla_enable_manila:
#kolla_enable_mistral:
#kolla_enable_monasca:
#kolla_enable_mongodb:
#kolla_enable_murano:
#kolla_enable_multipathd:
#kolla_enable_neutron_dvr:
#kolla_enable_neutron_lbaas:
#kolla_enable_neutron_qos:
#kolla_enable_neutron_agent_ha:
#kolla_enable_neutron_vpnaas:
#kolla_enable_prometheus:
#kolla_enable_rally:
#kolla_enable_sahara:
#kolla_enable_senlin:
#kolla_enable_storm:
#kolla_enable_swift:
#kolla_enable_telegraf:
#kolla_enable_tempest:
#kolla_enable_watcher:
#kolla_enable_zookeeper:
#######################
# Nova options
#######################
# Which host to use to deploy the nova-compute services for ironic. By default
# this is none and all hosts in the nova group are used instead - typically the
# controllers.
kolla_nova_compute_ironic_host:
###############################################################################
# Extra free-form configuraton.
# Free form extra configuration to append to {{ kolla_config_path }}/globals.yml.
kolla_extra_globals:
# Dictionary containing custom passwords to add or override in the Kolla
# passwords file.
kolla_ansible_custom_passwords: {}
###############################################################################
# TLS certificate bundle management
# When set, this will copy the contents of this variable into place for
# use by HAProxy.
kolla_external_tls_cert:
kolla_internal_tls_cert:
###############################################################################
# SELinux
# Desired SELinux state.
kolla_selinux_state:
###############################################################################
# NTP
# Whether to enable the NTP daemon.
kolla_enable_host_ntp:
###############################################################################
# Docker configuration.
# Name of the docker storage driver.
docker_storage_driver: devicemapper
# Name of the docker storage LVM volume group.
docker_storage_volume_group:
# Name of the docker storage data LVM volume.
docker_storage_volume_thinpool:
# URL of docker registry
docker_registry:
# CA of docker registry
docker_registry_ca:
# List of Docker registry mirrors.
docker_registry_mirrors: []
# MTU to pass through to containers not using net=host
docker_daemon_mtu: 1500
# Enable live-restore on docker daemon
docker_daemon_live_restore: false
View Git Blame Copy Permalink