5581a28253
Add support for automatic provisioning and renewal of HTTPS certificates via LetsEncrypt. Spec is available at: https://etherpad.opendev.org/p/kolla-ansible-letsencrypt-https Depends-On: https://review.opendev.org/c/openstack/kolla/+/887347 Co-Authored-By: Michal Arbet <michal.arbet@ultimum.io> Implements: blueprint letsencrypt-https Change-Id: I35317ea0343f0db74ddc0e587862e95408e9e106
718 lines
8.8 KiB
Plaintext
718 lines
8.8 KiB
Plaintext
# These initial groups are the only groups required to be modified. The
|
|
# additional groups are for more control of the environment.
|
|
[control]
|
|
# These hostname must be resolvable from your deployment host
|
|
control01
|
|
control02
|
|
control03
|
|
|
|
# The above can also be specified as follows:
|
|
#control[01:03] ansible_user=kolla
|
|
|
|
# The network nodes are where your l3-agent and loadbalancers will run
|
|
# This can be the same as a host in the control group
|
|
[network]
|
|
network01
|
|
network02
|
|
|
|
[compute]
|
|
compute01
|
|
|
|
[monitoring]
|
|
monitoring01
|
|
|
|
# When compute nodes and control nodes use different interfaces,
|
|
# you need to comment out "api_interface" and other interfaces from the globals.yml
|
|
# and specify like below:
|
|
#compute01 neutron_external_interface=eth0 api_interface=em1 tunnel_interface=em1
|
|
|
|
[storage]
|
|
storage01
|
|
|
|
[deployment]
|
|
localhost ansible_connection=local
|
|
|
|
[baremetal:children]
|
|
control
|
|
network
|
|
compute
|
|
storage
|
|
monitoring
|
|
|
|
[tls-backend:children]
|
|
control
|
|
|
|
# You can explicitly specify which hosts run each project by updating the
|
|
# groups in the sections below. Common services are grouped together.
|
|
|
|
[common:children]
|
|
control
|
|
network
|
|
compute
|
|
storage
|
|
monitoring
|
|
|
|
[collectd:children]
|
|
compute
|
|
|
|
[grafana:children]
|
|
monitoring
|
|
|
|
[etcd:children]
|
|
control
|
|
|
|
[influxdb:children]
|
|
monitoring
|
|
|
|
[prometheus:children]
|
|
monitoring
|
|
|
|
[telegraf:children]
|
|
compute
|
|
control
|
|
monitoring
|
|
network
|
|
storage
|
|
|
|
[hacluster:children]
|
|
control
|
|
|
|
[hacluster-remote:children]
|
|
compute
|
|
|
|
[loadbalancer:children]
|
|
network
|
|
|
|
[mariadb:children]
|
|
control
|
|
|
|
[rabbitmq:children]
|
|
control
|
|
|
|
[outward-rabbitmq:children]
|
|
control
|
|
|
|
[keystone:children]
|
|
control
|
|
|
|
[glance:children]
|
|
control
|
|
|
|
[nova:children]
|
|
control
|
|
|
|
[neutron:children]
|
|
network
|
|
|
|
[openvswitch:children]
|
|
network
|
|
compute
|
|
manila-share
|
|
|
|
[cinder:children]
|
|
control
|
|
|
|
[cloudkitty:children]
|
|
control
|
|
|
|
[freezer:children]
|
|
control
|
|
|
|
[memcached:children]
|
|
control
|
|
|
|
[horizon:children]
|
|
control
|
|
|
|
[swift:children]
|
|
control
|
|
|
|
[barbican:children]
|
|
control
|
|
|
|
[heat:children]
|
|
control
|
|
|
|
[murano:children]
|
|
control
|
|
|
|
[solum:children]
|
|
control
|
|
|
|
[ironic:children]
|
|
control
|
|
|
|
[magnum:children]
|
|
control
|
|
|
|
[sahara:children]
|
|
control
|
|
|
|
[mistral:children]
|
|
control
|
|
|
|
[manila:children]
|
|
control
|
|
|
|
[ceilometer:children]
|
|
control
|
|
|
|
[aodh:children]
|
|
control
|
|
|
|
[cyborg:children]
|
|
control
|
|
compute
|
|
|
|
[gnocchi:children]
|
|
control
|
|
|
|
[tacker:children]
|
|
control
|
|
|
|
[trove:children]
|
|
control
|
|
|
|
[senlin:children]
|
|
control
|
|
|
|
[vitrage:children]
|
|
control
|
|
|
|
[watcher:children]
|
|
control
|
|
|
|
[octavia:children]
|
|
control
|
|
|
|
[designate:children]
|
|
control
|
|
|
|
[placement:children]
|
|
control
|
|
|
|
[bifrost:children]
|
|
deployment
|
|
|
|
[zun:children]
|
|
control
|
|
|
|
[skyline:children]
|
|
control
|
|
|
|
[redis:children]
|
|
control
|
|
|
|
[blazar:children]
|
|
control
|
|
|
|
[venus:children]
|
|
monitoring
|
|
|
|
[letsencrypt:children]
|
|
loadbalancer
|
|
|
|
# Additional control implemented here. These groups allow you to control which
|
|
# services run on which hosts at a per-service level.
|
|
#
|
|
# Word of caution: Some services are required to run on the same host to
|
|
# function appropriately. For example, neutron-metadata-agent must run on the
|
|
# same host as the l3-agent and (depending on configuration) the dhcp-agent.
|
|
|
|
# Common
|
|
[cron:children]
|
|
common
|
|
|
|
[fluentd:children]
|
|
common
|
|
|
|
[kolla-logs:children]
|
|
common
|
|
|
|
[kolla-toolbox:children]
|
|
common
|
|
|
|
[opensearch:children]
|
|
control
|
|
|
|
# Opensearch dashboards
|
|
[opensearch-dashboards:children]
|
|
opensearch
|
|
|
|
# Glance
|
|
[glance-api:children]
|
|
glance
|
|
|
|
# Nova
|
|
[nova-api:children]
|
|
nova
|
|
|
|
[nova-conductor:children]
|
|
nova
|
|
|
|
[nova-super-conductor:children]
|
|
nova
|
|
|
|
[nova-novncproxy:children]
|
|
nova
|
|
|
|
[nova-scheduler:children]
|
|
nova
|
|
|
|
[nova-spicehtml5proxy:children]
|
|
nova
|
|
|
|
[nova-compute-ironic:children]
|
|
nova
|
|
|
|
[nova-serialproxy:children]
|
|
nova
|
|
|
|
# Neutron
|
|
[neutron-server:children]
|
|
control
|
|
|
|
[neutron-dhcp-agent:children]
|
|
neutron
|
|
|
|
[neutron-l3-agent:children]
|
|
neutron
|
|
|
|
[neutron-metadata-agent:children]
|
|
neutron
|
|
|
|
[neutron-ovn-metadata-agent:children]
|
|
compute
|
|
network
|
|
|
|
[neutron-bgp-dragent:children]
|
|
neutron
|
|
|
|
[neutron-infoblox-ipam-agent:children]
|
|
neutron
|
|
|
|
[neutron-metering-agent:children]
|
|
neutron
|
|
|
|
[ironic-neutron-agent:children]
|
|
neutron
|
|
|
|
[neutron-ovn-agent:children]
|
|
compute
|
|
network
|
|
|
|
# Cinder
|
|
[cinder-api:children]
|
|
cinder
|
|
|
|
[cinder-backup:children]
|
|
storage
|
|
|
|
[cinder-scheduler:children]
|
|
cinder
|
|
|
|
[cinder-volume:children]
|
|
storage
|
|
|
|
# Cloudkitty
|
|
[cloudkitty-api:children]
|
|
cloudkitty
|
|
|
|
[cloudkitty-processor:children]
|
|
cloudkitty
|
|
|
|
# Freezer
|
|
[freezer-api:children]
|
|
freezer
|
|
|
|
[freezer-scheduler:children]
|
|
freezer
|
|
|
|
# iSCSI
|
|
[iscsid:children]
|
|
compute
|
|
storage
|
|
ironic
|
|
|
|
[tgtd:children]
|
|
storage
|
|
|
|
# Manila
|
|
[manila-api:children]
|
|
manila
|
|
|
|
[manila-scheduler:children]
|
|
manila
|
|
|
|
[manila-share:children]
|
|
network
|
|
|
|
[manila-data:children]
|
|
manila
|
|
|
|
# Swift
|
|
[swift-proxy-server:children]
|
|
swift
|
|
|
|
[swift-account-server:children]
|
|
storage
|
|
|
|
[swift-container-server:children]
|
|
storage
|
|
|
|
[swift-object-server:children]
|
|
storage
|
|
|
|
# Barbican
|
|
[barbican-api:children]
|
|
barbican
|
|
|
|
[barbican-keystone-listener:children]
|
|
barbican
|
|
|
|
[barbican-worker:children]
|
|
barbican
|
|
|
|
# Heat
|
|
[heat-api:children]
|
|
heat
|
|
|
|
[heat-api-cfn:children]
|
|
heat
|
|
|
|
[heat-engine:children]
|
|
heat
|
|
|
|
# Murano
|
|
[murano-api:children]
|
|
murano
|
|
|
|
[murano-engine:children]
|
|
murano
|
|
|
|
# Ironic
|
|
[ironic-api:children]
|
|
ironic
|
|
|
|
[ironic-conductor:children]
|
|
ironic
|
|
|
|
[ironic-inspector:children]
|
|
ironic
|
|
|
|
[ironic-tftp:children]
|
|
ironic
|
|
|
|
[ironic-http:children]
|
|
ironic
|
|
|
|
# Magnum
|
|
[magnum-api:children]
|
|
magnum
|
|
|
|
[magnum-conductor:children]
|
|
magnum
|
|
|
|
# Sahara
|
|
[sahara-api:children]
|
|
sahara
|
|
|
|
[sahara-engine:children]
|
|
sahara
|
|
|
|
# Solum
|
|
[solum-api:children]
|
|
solum
|
|
|
|
[solum-worker:children]
|
|
solum
|
|
|
|
[solum-deployer:children]
|
|
solum
|
|
|
|
[solum-conductor:children]
|
|
solum
|
|
|
|
[solum-application-deployment:children]
|
|
solum
|
|
|
|
[solum-image-builder:children]
|
|
solum
|
|
|
|
# Mistral
|
|
[mistral-api:children]
|
|
mistral
|
|
|
|
[mistral-executor:children]
|
|
mistral
|
|
|
|
[mistral-engine:children]
|
|
mistral
|
|
|
|
[mistral-event-engine:children]
|
|
mistral
|
|
|
|
# Ceilometer
|
|
[ceilometer-central:children]
|
|
ceilometer
|
|
|
|
[ceilometer-notification:children]
|
|
ceilometer
|
|
|
|
[ceilometer-compute:children]
|
|
compute
|
|
|
|
[ceilometer-ipmi:children]
|
|
compute
|
|
|
|
# Aodh
|
|
[aodh-api:children]
|
|
aodh
|
|
|
|
[aodh-evaluator:children]
|
|
aodh
|
|
|
|
[aodh-listener:children]
|
|
aodh
|
|
|
|
[aodh-notifier:children]
|
|
aodh
|
|
|
|
# Cyborg
|
|
[cyborg-api:children]
|
|
cyborg
|
|
|
|
[cyborg-agent:children]
|
|
compute
|
|
|
|
[cyborg-conductor:children]
|
|
cyborg
|
|
|
|
# Gnocchi
|
|
[gnocchi-api:children]
|
|
gnocchi
|
|
|
|
[gnocchi-statsd:children]
|
|
gnocchi
|
|
|
|
[gnocchi-metricd:children]
|
|
gnocchi
|
|
|
|
# Trove
|
|
[trove-api:children]
|
|
trove
|
|
|
|
[trove-conductor:children]
|
|
trove
|
|
|
|
[trove-taskmanager:children]
|
|
trove
|
|
|
|
# Multipathd
|
|
[multipathd:children]
|
|
compute
|
|
storage
|
|
|
|
# Watcher
|
|
[watcher-api:children]
|
|
watcher
|
|
|
|
[watcher-engine:children]
|
|
watcher
|
|
|
|
[watcher-applier:children]
|
|
watcher
|
|
|
|
# Senlin
|
|
[senlin-api:children]
|
|
senlin
|
|
|
|
[senlin-conductor:children]
|
|
senlin
|
|
|
|
[senlin-engine:children]
|
|
senlin
|
|
|
|
[senlin-health-manager:children]
|
|
senlin
|
|
|
|
# Octavia
|
|
[octavia-api:children]
|
|
octavia
|
|
|
|
[octavia-driver-agent:children]
|
|
octavia
|
|
|
|
[octavia-health-manager:children]
|
|
octavia
|
|
|
|
[octavia-housekeeping:children]
|
|
octavia
|
|
|
|
[octavia-worker:children]
|
|
octavia
|
|
|
|
# Designate
|
|
[designate-api:children]
|
|
designate
|
|
|
|
[designate-central:children]
|
|
designate
|
|
|
|
[designate-producer:children]
|
|
designate
|
|
|
|
[designate-mdns:children]
|
|
network
|
|
|
|
[designate-worker:children]
|
|
designate
|
|
|
|
[designate-sink:children]
|
|
designate
|
|
|
|
[designate-backend-bind9:children]
|
|
designate
|
|
|
|
# Placement
|
|
[placement-api:children]
|
|
placement
|
|
|
|
# Zun
|
|
[zun-api:children]
|
|
zun
|
|
|
|
[zun-wsproxy:children]
|
|
zun
|
|
|
|
[zun-compute:children]
|
|
compute
|
|
|
|
[zun-cni-daemon:children]
|
|
compute
|
|
|
|
# Skyline
|
|
[skyline-apiserver:children]
|
|
skyline
|
|
|
|
[skyline-console:children]
|
|
skyline
|
|
|
|
# Tacker
|
|
[tacker-server:children]
|
|
tacker
|
|
|
|
[tacker-conductor:children]
|
|
tacker
|
|
|
|
# Vitrage
|
|
[vitrage-api:children]
|
|
vitrage
|
|
|
|
[vitrage-notifier:children]
|
|
vitrage
|
|
|
|
[vitrage-graph:children]
|
|
vitrage
|
|
|
|
[vitrage-ml:children]
|
|
vitrage
|
|
|
|
[vitrage-persistor:children]
|
|
vitrage
|
|
|
|
# Blazar
|
|
[blazar-api:children]
|
|
blazar
|
|
|
|
[blazar-manager:children]
|
|
blazar
|
|
|
|
# Prometheus
|
|
[prometheus-node-exporter:children]
|
|
monitoring
|
|
control
|
|
compute
|
|
network
|
|
storage
|
|
|
|
[prometheus-mysqld-exporter:children]
|
|
mariadb
|
|
|
|
[prometheus-haproxy-exporter:children]
|
|
loadbalancer
|
|
|
|
[prometheus-memcached-exporter:children]
|
|
memcached
|
|
|
|
[prometheus-cadvisor:children]
|
|
monitoring
|
|
control
|
|
compute
|
|
network
|
|
storage
|
|
|
|
[prometheus-alertmanager:children]
|
|
monitoring
|
|
|
|
[prometheus-openstack-exporter:children]
|
|
monitoring
|
|
|
|
[prometheus-elasticsearch-exporter:children]
|
|
opensearch
|
|
|
|
[prometheus-blackbox-exporter:children]
|
|
monitoring
|
|
|
|
[prometheus-libvirt-exporter:children]
|
|
compute
|
|
|
|
[prometheus-msteams:children]
|
|
prometheus-alertmanager
|
|
|
|
[masakari-api:children]
|
|
control
|
|
|
|
[masakari-engine:children]
|
|
control
|
|
|
|
[masakari-hostmonitor:children]
|
|
control
|
|
|
|
[masakari-instancemonitor:children]
|
|
compute
|
|
|
|
[ovn-controller:children]
|
|
ovn-controller-compute
|
|
ovn-controller-network
|
|
|
|
[ovn-controller-compute:children]
|
|
compute
|
|
|
|
[ovn-controller-network:children]
|
|
network
|
|
|
|
[ovn-database:children]
|
|
control
|
|
|
|
[ovn-northd:children]
|
|
ovn-database
|
|
|
|
[ovn-nb-db:children]
|
|
ovn-database
|
|
|
|
[ovn-sb-db:children]
|
|
ovn-database
|
|
|
|
[venus-api:children]
|
|
venus
|
|
|
|
[venus-manager:children]
|
|
venus
|
|
|
|
[letsencrypt-webserver:children]
|
|
letsencrypt
|
|
|
|
[letsencrypt-lego:children]
|
|
letsencrypt
|