264866ca2b
Enables setting rp_filter mode on Neutron L3 agent and Nova compute hosts whilst maintaining the default that it is disabled. Closes-Bug: #1782799 Change-Id: I93e53bad9727beb786b00bd7fcd6d78785c619c2
301 lines
13 KiB
YAML
301 lines
13 KiB
YAML
---
|
|
project_name: "nova"
|
|
|
|
nova_services:
|
|
nova-libvirt:
|
|
container_name: nova_libvirt
|
|
group: compute
|
|
enabled: "{{ nova_compute_virt_type in ['kvm', 'qemu'] }}"
|
|
image: "{{ nova_libvirt_image_full }}"
|
|
pid_mode: "host"
|
|
privileged: True
|
|
volumes:
|
|
- "{{ node_config_directory }}/nova-libvirt/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "/lib/modules:/lib/modules:ro"
|
|
- "/run/:/run/:shared"
|
|
- "/dev:/dev"
|
|
- "/sys/fs/cgroup:/sys/fs/cgroup"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
- "libvirtd:/var/lib/libvirt"
|
|
- "{{ nova_instance_datadir_volume }}:/var/lib/nova/"
|
|
- "{% if enable_cinder_backend_nfs | bool %}/var/lib/nova/mnt:/var/lib/nova/mnt:shared{% endif %}"
|
|
- "nova_libvirt_qemu:/etc/libvirt/qemu"
|
|
dimensions: "{{ nova_libvirt_dimensions }}"
|
|
nova-ssh:
|
|
container_name: "nova_ssh"
|
|
group: "compute"
|
|
image: "{{ nova_ssh_image_full }}"
|
|
enabled: "{{ enable_nova_ssh | bool }}"
|
|
volumes:
|
|
- "{{ node_config_directory }}/nova-ssh/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "kolla_logs:/var/log/kolla"
|
|
- "{{ nova_instance_datadir_volume }}:/var/lib/nova"
|
|
- "{% if enable_cinder_backend_nfs | bool %}/var/lib/nova/mnt:/var/lib/nova/mnt:shared{% endif %}"
|
|
dimensions: "{{ nova_ssh_dimensions }}"
|
|
placement-api:
|
|
container_name: "placement_api"
|
|
group: "placement-api"
|
|
image: "{{ placement_api_image_full }}"
|
|
enabled: True
|
|
volumes:
|
|
- "{{ node_config_directory }}/placement-api/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
dimensions: "{{ placement_api_dimensions }}"
|
|
nova-api:
|
|
container_name: "nova_api"
|
|
group: "nova-api"
|
|
image: "{{ nova_api_image_full }}"
|
|
enabled: True
|
|
privileged: True
|
|
volumes:
|
|
- "{{ node_config_directory }}/nova-api/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "/lib/modules:/lib/modules:ro"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
dimensions: "{{ nova_api_dimensions }}"
|
|
nova-consoleauth:
|
|
container_name: "nova_consoleauth"
|
|
group: "nova-consoleauth"
|
|
image: "{{ nova_consoleauth_image_full }}"
|
|
enabled: True
|
|
volumes:
|
|
- "{{ node_config_directory }}/nova-consoleauth/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
dimensions: "{{ nova_consoleauth_dimensions }}"
|
|
nova-novncproxy:
|
|
container_name: "nova_novncproxy"
|
|
group: "nova-novncproxy"
|
|
image: "{{ nova_novncproxy_image_full }}"
|
|
enabled: "{{ nova_console == 'novnc' }}"
|
|
volumes:
|
|
- "{{ node_config_directory }}/nova-novncproxy/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
dimensions: "{{ nova_novncproxy_dimensions }}"
|
|
nova-scheduler:
|
|
container_name: "nova_scheduler"
|
|
group: "nova-scheduler"
|
|
image: "{{ nova_scheduler_image_full }}"
|
|
enabled: True
|
|
volumes:
|
|
- "{{ node_config_directory }}/nova-scheduler/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
dimensions: "{{ nova_scheduler_dimensions }}"
|
|
nova-spicehtml5proxy:
|
|
container_name: "nova_spicehtml5proxy"
|
|
group: "nova-spicehtml5proxy"
|
|
image: "{{ nova_spicehtml5proxy_image_full }}"
|
|
enabled: "{{ nova_console == 'spice' }}"
|
|
volumes:
|
|
- "{{ node_config_directory }}/nova-spicehtml5proxy/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
dimensions: "{{ nova_spicehtml5proxy_dimensions }}"
|
|
nova-serialproxy:
|
|
container_name: "nova_serialproxy"
|
|
group: "nova-serialproxy"
|
|
image: "{{ nova_serialproxy_image_full }}"
|
|
enabled: "{{ enable_nova_serialconsole_proxy | bool }}"
|
|
volumes:
|
|
- "{{ node_config_directory }}/nova-serialproxy/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
dimensions: "{{ nova_serialproxy_dimensions }}"
|
|
nova-conductor:
|
|
container_name: "nova_conductor"
|
|
group: "nova-conductor"
|
|
enabled: True
|
|
image: "{{ nova_conductor_image_full }}"
|
|
volumes:
|
|
- "{{ node_config_directory }}/nova-conductor/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
dimensions: "{{ nova_conductor_dimensions }}"
|
|
nova-compute:
|
|
container_name: "nova_compute"
|
|
group: "compute"
|
|
image: "{{ nova_compute_image_full }}"
|
|
environment:
|
|
LIBGUESTFS_BACKEND: "direct"
|
|
privileged: True
|
|
enabled: "{{ not enable_nova_fake | bool }}"
|
|
ipc_mode: "host"
|
|
volumes:
|
|
- "{{ node_config_directory }}/nova-compute/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "/lib/modules:/lib/modules:ro"
|
|
- "/run:/run:shared"
|
|
- "/dev:/dev"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
- "{% if enable_iscsid | bool %}iscsi_info:/etc/iscsi{% endif %}"
|
|
- "libvirtd:/var/lib/libvirt"
|
|
- "{{ nova_instance_datadir_volume }}:/var/lib/nova/"
|
|
- "{% if enable_cinder_backend_nfs | bool %}/var/lib/nova/mnt:/var/lib/nova/mnt:shared{% endif %}"
|
|
dimensions: "{{ nova_compute_dimensions }}"
|
|
nova-compute-ironic:
|
|
container_name: "nova_compute_ironic"
|
|
group: "nova-compute-ironic"
|
|
image: "{{ nova_compute_ironic_image_full }}"
|
|
enabled: "{{ enable_ironic | bool }}"
|
|
volumes:
|
|
- "{{ node_config_directory }}/nova-compute-ironic/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
dimensions: "{{ nova_compute_ironic_dimensions }}"
|
|
|
|
####################
|
|
# Ceph
|
|
####################
|
|
ceph_nova_pool_type: "{{ ceph_pool_type }}"
|
|
ceph_nova_cache_mode: "{{ ceph_cache_mode }}"
|
|
|
|
# Due to Ansible issues on include, you cannot override these variables. Please
|
|
# override the variables they reference instead.
|
|
nova_pool_name: "{{ ceph_nova_pool_name }}"
|
|
nova_pool_type: "{{ ceph_nova_pool_type }}"
|
|
nova_cache_mode: "{{ ceph_nova_cache_mode }}"
|
|
nova_pool_pg_num: "{{ ceph_pool_pg_num }}"
|
|
nova_pool_pgp_num: "{{ ceph_pool_pgp_num }}"
|
|
|
|
# Discard option for nova managed disks. Requires libvirt (1, 0, 6) or later and
|
|
# qemu (1, 6, 0) or later. Set to "" to disable.
|
|
nova_hw_disk_discard: "unmap"
|
|
|
|
ceph_client_nova_keyring_caps:
|
|
mon: 'allow r'
|
|
osd: >-
|
|
allow class-read object_prefix rbd_children,
|
|
allow rwx pool={{ ceph_cinder_pool_name }},
|
|
allow rwx pool={{ ceph_cinder_pool_name }}-cache,
|
|
allow rwx pool={{ ceph_nova_pool_name }},
|
|
allow rwx pool={{ ceph_nova_pool_name }}-cache,
|
|
allow rwx pool={{ ceph_glance_pool_name }},
|
|
allow rwx pool={{ ceph_glance_pool_name }}-cache
|
|
|
|
|
|
####################
|
|
# Database
|
|
####################
|
|
nova_database_name: "nova"
|
|
nova_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}nova{% endif %}"
|
|
nova_database_address: "{{ database_address }}:{{ database_port }}"
|
|
|
|
nova_api_database_name: "nova_api"
|
|
nova_api_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}nova_api{% endif %}"
|
|
nova_api_database_address: "{{ database_address }}:{{ database_port }}"
|
|
|
|
####################
|
|
# Docker
|
|
####################
|
|
nova_install_type: "{{ kolla_install_type }}"
|
|
nova_tag: "{{ openstack_release }}"
|
|
|
|
nova_libvirt_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-libvirt"
|
|
nova_libvirt_tag: "{{ nova_tag }}"
|
|
nova_libvirt_image_full: "{{ nova_libvirt_image }}:{{ nova_libvirt_tag }}"
|
|
nova_libvirt_cpu_mode: "{{ 'host-passthrough' if ansible_architecture == 'aarch64' else '' }}"
|
|
|
|
nova_ssh_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-ssh"
|
|
nova_ssh_tag: "{{ nova_tag }}"
|
|
nova_ssh_image_full: "{{ nova_ssh_image }}:{{ nova_ssh_tag }}"
|
|
|
|
nova_conductor_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-conductor"
|
|
nova_conductor_tag: "{{ nova_tag }}"
|
|
nova_conductor_image_full: "{{ nova_conductor_image }}:{{ nova_conductor_tag }}"
|
|
|
|
nova_consoleauth_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-consoleauth"
|
|
nova_consoleauth_tag: "{{ nova_tag }}"
|
|
nova_consoleauth_image_full: "{{ nova_consoleauth_image }}:{{ nova_consoleauth_tag }}"
|
|
|
|
nova_novncproxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-novncproxy"
|
|
nova_novncproxy_tag: "{{ nova_tag }}"
|
|
nova_novncproxy_image_full: "{{ nova_novncproxy_image }}:{{ nova_novncproxy_tag }}"
|
|
|
|
nova_spicehtml5proxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-spicehtml5proxy"
|
|
nova_spicehtml5proxy_tag: "{{ nova_tag }}"
|
|
nova_spicehtml5proxy_image_full: "{{ nova_spicehtml5proxy_image }}:{{ nova_spicehtml5proxy_tag }}"
|
|
|
|
nova_scheduler_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-scheduler"
|
|
nova_scheduler_tag: "{{ nova_tag }}"
|
|
nova_scheduler_image_full: "{{ nova_scheduler_image }}:{{ nova_scheduler_tag }}"
|
|
|
|
nova_compute_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-compute"
|
|
nova_compute_tag: "{{ nova_tag }}"
|
|
nova_compute_image_full: "{{ nova_compute_image }}:{{ nova_compute_tag }}"
|
|
|
|
nova_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-api"
|
|
nova_api_tag: "{{ nova_tag }}"
|
|
nova_api_image_full: "{{ nova_api_image }}:{{ nova_api_tag }}"
|
|
|
|
nova_compute_ironic_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-compute-ironic"
|
|
nova_compute_ironic_tag: "{{ nova_tag }}"
|
|
nova_compute_ironic_image_full: "{{ nova_compute_ironic_image }}:{{ nova_compute_ironic_tag }}"
|
|
|
|
nova_serialproxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-serialproxy"
|
|
nova_serialproxy_tag: "{{ nova_tag }}"
|
|
nova_serialproxy_image_full: "{{ nova_serialproxy_image }}:{{ nova_serialproxy_tag }}"
|
|
|
|
placement_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ nova_install_type }}-nova-placement-api"
|
|
placement_api_tag: "{{ nova_tag }}"
|
|
placement_api_image_full: "{{ placement_api_image }}:{{ placement_api_tag }}"
|
|
|
|
nova_libvirt_dimensions: "{{ default_container_dimensions }}"
|
|
nova_ssh_dimensions: "{{ default_container_dimensions }}"
|
|
placement_api_dimensions: "{{ default_container_dimensions }}"
|
|
nova_api_dimensions: "{{ default_container_dimensions }}"
|
|
nova_consoleauth_dimensions: "{{ default_container_dimensions }}"
|
|
nova_novncproxy_dimensions: "{{ default_container_dimensions }}"
|
|
nova_scheduler_dimensions: "{{ default_container_dimensions }}"
|
|
nova_spicehtml5proxy_dimensions: "{{ default_container_dimensions }}"
|
|
nova_serialproxy_dimensions: "{{ default_container_dimensions }}"
|
|
nova_conductor_dimensions: "{{ default_container_dimensions }}"
|
|
nova_compute_dimensions: "{{ default_container_dimensions }}"
|
|
nova_compute_ironic_dimensions: "{{ default_container_dimensions }}"
|
|
|
|
####################
|
|
# OpenStack
|
|
####################
|
|
nova_legacy_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s"
|
|
nova_legacy_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s"
|
|
nova_legacy_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s"
|
|
|
|
nova_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2.1/%(tenant_id)s"
|
|
nova_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2.1/%(tenant_id)s"
|
|
nova_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ nova_api_port }}/v2.1/%(tenant_id)s"
|
|
|
|
placement_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ placement_api_port }}"
|
|
placement_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ placement_api_port }}"
|
|
placement_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ placement_api_port }}"
|
|
|
|
nova_logging_debug: "{{ openstack_logging_debug }}"
|
|
|
|
openstack_nova_auth: "{{ openstack_auth }}"
|
|
openstack_placement_auth: "{{ openstack_auth }}"
|
|
|
|
nova_compute_host_rp_filter_mode: 0
|
|
|
|
nova_libvirt_port: "16509"
|
|
nova_ssh_port: "8022"
|
|
|
|
####################
|
|
# Notification
|
|
####################
|
|
nova_notification_topics:
|
|
- name: notifications
|
|
enabled: "{{ enable_ceilometer | bool or enable_searchlight | bool or enable_neutron_infoblox_ipam_agent | bool }}"
|
|
- name: notifications_designate
|
|
enabled: "{{ enable_designate | bool }}"
|
|
|
|
nova_enabled_notification_topics: "{{ nova_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
|
|
|
|
####################
|
|
# VMware
|
|
####################
|
|
vmware_vcenter_datastore_regex: ".*"
|
|
ovs_bridge: "nsx-managed"
|