b0241f8100
In order to radically simplify how we prepare the service venvs, we use a common role to do the wheel builds and the venv preparation. This makes the process far simpler to understand, because the role does its own building and installing. It also reduces the code maintenance burden, because instead of duplicating the build processes in the repo_build role and the service role - we only have it all done in a single place. We also change the role venv tag var to use the integrated build's common venv tag so that we can remove the role's venv tag in group_vars in the integrated build. This reduces memory consumption and also reduces the duplication. This is by no means the final stop in the simplification process, but it is a step forward. The will be work to follow which: 1. Replaces 'developer mode' with an equivalent mechanism that uses the common role and is simpler to understand. We will also simplify the provisioning of pip install arguments when doing this. 2. Simplifies the installation of optional pip packages. Right now it's more complicated than it needs to be due to us needing to keep the py_pkgs plugin working in the integrated build. 3. Deduplicates the distro package installs. Right now the role installs the distro packages twice - just before building the venv, and during the python_venv_build role execution. Depends-On: https://review.openstack.org/598957 Change-Id: I1c1dcd73c9d5d78c0a8e40149ff84cbba828f3e2 Implements: blueprint python-build-install-simplification Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
477 lines
17 KiB
YAML
477 lines
17 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
###
|
|
### Verbosity Options
|
|
###
|
|
|
|
debug: False
|
|
|
|
|
|
###
|
|
### Service setup options
|
|
###
|
|
|
|
# Set the host which will execute the shade modules
|
|
# for the service setup. The host must already have
|
|
# clouds.yaml properly configured.
|
|
neutron_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
|
|
|
|
###
|
|
### Packages Options
|
|
###
|
|
|
|
# Set the package install state for distribution
|
|
# Options are 'present' and 'latest'
|
|
neutron_package_state: "latest"
|
|
|
|
# Set installation method.
|
|
neutron_install_method: "source"
|
|
|
|
###
|
|
### Python code details
|
|
###
|
|
|
|
neutron_log_dir: "/var/log/neutron"
|
|
|
|
# Set the package install state for pip_package
|
|
# Options are 'present' and 'latest'
|
|
neutron_pip_package_state: "latest"
|
|
|
|
# Source git repo/branch settings
|
|
neutron_git_repo: https://git.openstack.org/openstack/neutron
|
|
neutron_git_install_branch: master
|
|
neutron_fwaas_git_repo: https://git.openstack.org/openstack/neutron-fwaas
|
|
neutron_fwaas_git_install_branch: master
|
|
neutron_lbaas_git_repo: https://git.openstack.org/openstack/neutron-lbaas
|
|
neutron_lbaas_git_install_branch: master
|
|
neutron_vpnaas_git_repo: https://git.openstack.org/openstack/neutron-vpnaas
|
|
neutron_vpnaas_git_install_branch: master
|
|
neutron_dynamic_routing_git_repo: https://git.openstack.org/openstack/neutron-dynamic-routing
|
|
neutron_dynamic_routing_git_install_branch: master
|
|
networking_calico_git_repo: https://git.openstack.org/openstack/networking-calico
|
|
networking_calico_git_install_branch: master
|
|
dragonflow_git_repo: https://git.openstack.org/openstack/dragonflow
|
|
dragonflow_git_install_branch: master
|
|
networking_odl_git_repo: https://git.openstack.org/openstack/networking-odl
|
|
networking_odl_git_install_branch: master
|
|
networking_sfc_git_repo: https://git.openstack.org/openstack/networking-sfc
|
|
networking_sfc_git_install_branch: master
|
|
networking_bgpvpn_git_repo: https://git.openstack.org/openstack/networking-bgpvpn
|
|
networking_bgpvpn_git_install_branch: master
|
|
openstack_ceilometer_git_repo: https://git.openstack.org/openstack/ceilometer
|
|
openstack_ceilometer_git_install_branch: master
|
|
networking_ovn_git_repo: https://git.openstack.org/openstack/networking-ovn
|
|
networking_ovn_git_install_branch: master
|
|
|
|
# Developer mode
|
|
neutron_developer_mode: false
|
|
|
|
# TODO(odyssey4me):
|
|
# This can be simplified once all the roles are using
|
|
# python_venv_build. We can then switch to using a
|
|
# set of constraints in pip.conf inside the venv,
|
|
# perhaps prepared by giving a giving a list of
|
|
# constraints to the role.
|
|
neutron_pip_install_args: >-
|
|
{{ neutron_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
|
|
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''), '') }}
|
|
{{ pip_install_options | default('') }}
|
|
|
|
# Name of the virtual env to deploy into
|
|
neutron_venv_tag: "{{ venv_tag | default('untagged') }}"
|
|
|
|
# venv_download, even when true, will use the fallback method of building the
|
|
# venv from scratch if the venv download fails.
|
|
neutron_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/neutron.tgz
|
|
|
|
###
|
|
### Generic Neutron Config
|
|
###
|
|
|
|
# Fatal Deprecations
|
|
neutron_fatal_deprecations: False
|
|
|
|
# If ``neutron_api_workers`` is unset the system will use half the number of available VCPUs to
|
|
# compute the number of api workers to use with a default capping value of 16.
|
|
# neutron_api_workers: 16
|
|
|
|
## Cap the maximun number of threads / workers when a user value is unspecified.
|
|
neutron_api_threads_max: 16
|
|
neutron_api_threads: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, neutron_api_threads_max] | min }}"
|
|
|
|
neutron_agent_down_time: 120
|
|
neutron_agent_polling_interval: 5
|
|
neutron_report_interval: "{{ neutron_agent_down_time | int / 2 | int }}"
|
|
|
|
# TODO(evrardjp): Remove this when vpnaas/Dragonflow don't use it anymore.
|
|
# This was deprecated in Pike cycle.
|
|
neutron_external_network_bridge: ""
|
|
|
|
neutron_dns_domain: "openstacklocal."
|
|
|
|
# If ``neutron_num_sync_threads`` is unset, the system will use the value of
|
|
# neutron_api_threads in templates/dhcp_agent.ini.j2 for num_sync_threads.
|
|
# neutron_num_sync_threads: 4
|
|
|
|
###
|
|
### DNSMasq configuration
|
|
###
|
|
# Dnsmasq doesn't work with config_template override, a deployer
|
|
# should instead configure its own neutron_dhcp_config key/values
|
|
neutron_dhcp_config:
|
|
log-facility: "{{ neutron_log_dir }}/neutron-dnsmasq.log"
|
|
|
|
# Set the neutron lbaasv2 user group, defaults from os specific vars
|
|
neutron_lbaasv2_user_group: "{{ _neutron_lbaasv2_user_group }}"
|
|
|
|
###
|
|
### Tunable Overrides (Sorted alphabetically)
|
|
###
|
|
|
|
# These variables facilitate adding config file entries
|
|
# for anything supported by the service. See the section
|
|
# 'Overriding OpenStack configuration defaults' in the
|
|
# 'Advanced configuration' appendix of the Deploy Guide.
|
|
neutron_api_paste_ini_overrides: {}
|
|
_neutron_api_paste_ini_overrides:
|
|
"composite:neutronapi_v2_0":
|
|
noauth: "cors http_proxy_to_wsgi request_id catch_errors osprofiler extensions neutronapiapp_v2_0"
|
|
keystone: "cors http_proxy_to_wsgi request_id catch_errors osprofiler authtoken keystonecontext extensions neutronapiapp_v2_0"
|
|
|
|
neutron_bgp_dragent_ini_overrides: {}
|
|
neutron_bgp_dragent_init_overrides: {}
|
|
neutron_calico_dhcp_agent_ini_overrides: {}
|
|
neutron_calico_dhcp_agent_init_overrides: {}
|
|
neutron_calico_felix_ini_overrides: {}
|
|
neutron_calico_felix_init_overrides: {}
|
|
neutron_dhcp_agent_ini_overrides: {}
|
|
neutron_dhcp_agent_init_overrides: {}
|
|
neutron_dragonflow_controller_agent_init_overrides: {}
|
|
neutron_dragonflow_ini_overrides: {}
|
|
neutron_dragonflow_l3_agent_init_overrides: {}
|
|
neutron_dragonflow_pubsub_agent_init_overrides: {}
|
|
neutron_l3_agent_ini_overrides: {}
|
|
neutron_l3_agent_init_overrides: {}
|
|
neutron_lbaas_agent_ini_overrides: {}
|
|
neutron_lbaas_agent_init_overrides: {}
|
|
neutron_linuxbridge_agent_ini_overrides: {}
|
|
neutron_linuxbridge_agent_init_overrides: {}
|
|
neutron_metadata_agent_ini_overrides: {}
|
|
neutron_metadata_agent_init_overrides: {}
|
|
neutron_metering_agent_ini_overrides: {}
|
|
neutron_metering_agent_init_overrides: {}
|
|
neutron_ml2_conf_ini_overrides: {}
|
|
neutron_neutron_conf_overrides: {}
|
|
neutron_nuage_conf_ini_overrides: {}
|
|
neutron_opendaylight_conf_ini_overrides: {}
|
|
neutron_openvswitch_agent_ini_overrides: {}
|
|
neutron_openvswitch_agent_init_overrides: {}
|
|
# Provide a list of access controls to update the default policy.json with.
|
|
# These changes will be merged
|
|
# with the access controls in the default policy.json. E.g.
|
|
#neutron_policy_overrides:
|
|
# "create_subnet": "rule:admin_or_network_owner"
|
|
# "get_subnet": "rule:admin_or_owner or rule:shared"
|
|
neutron_policy_overrides: {}
|
|
_neutron_rootwrap_conf_overrides:
|
|
DEFAULT:
|
|
filters_path: "{{ neutron_conf_dir }}/rootwrap.d,/usr/share/neutron/rootwrap"
|
|
exec_dirs: "{{ neutron_bin }},/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin"
|
|
neutron_rootwrap_conf_overrides: {}
|
|
|
|
neutron_server_init_overrides: {}
|
|
neutron_sriov_nic_agent_ini_overrides: {}
|
|
neutron_sriov_nic_agent_init_overrides: {}
|
|
neutron_vpn_agent_init_overrides: {}
|
|
neutron_vpnaas_agent_ini_overrides: {}
|
|
neutron_ovn_metadata_agent_ini_overrides: {}
|
|
neutron_ovn_metadata_agent_init_overrides: {}
|
|
|
|
###
|
|
### Quotas
|
|
###
|
|
|
|
neutron_default_quota: -1
|
|
neutron_quota_floatingip: 50
|
|
neutron_quota_health_monitor: -1
|
|
neutron_quota_member: -1
|
|
neutron_quota_network: 100
|
|
neutron_quota_network_gateway: 5
|
|
neutron_quota_packet_filter: 100
|
|
neutron_quota_pool: 10
|
|
neutron_quota_port: 500
|
|
neutron_quota_router: 10
|
|
neutron_quota_security_group: 10
|
|
neutron_quota_security_group_rule: 100
|
|
neutron_quota_subnet: 100
|
|
neutron_quota_vip: 10
|
|
|
|
###
|
|
### DB (Galera) integration
|
|
###
|
|
|
|
neutron_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
|
|
neutron_galera_address: "{{ galera_address | default('127.0.0.1') }}"
|
|
neutron_galera_user: neutron
|
|
neutron_galera_database: neutron
|
|
neutron_db_max_overflow: 20
|
|
neutron_db_pool_size: 120
|
|
neutron_db_pool_timeout: 30
|
|
neutron_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
|
|
neutron_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
|
|
|
|
###
|
|
### Oslo Messaging
|
|
###
|
|
|
|
# RPC
|
|
|
|
neutron_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
|
|
neutron_oslomsg_rpc_setup_host: "{{ (neutron_oslomsg_rpc_host_group in groups) | ternary(groups[neutron_oslomsg_rpc_host_group][0], 'localhost') }}"
|
|
neutron_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}"
|
|
neutron_oslomsg_rpc_servers: "{{ oslomsg_rpc_servers | default('127.0.0.1') }}"
|
|
neutron_oslomsg_rpc_port: "{{ oslomsg_rpc_port | default('5672') }}"
|
|
neutron_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}"
|
|
neutron_oslomsg_rpc_userid: neutron
|
|
neutron_oslomsg_rpc_vhost: /neutron
|
|
|
|
# Notify
|
|
|
|
neutron_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
|
|
neutron_oslomsg_notify_setup_host: "{{ (neutron_oslomsg_notify_host_group in groups) | ternary(groups[neutron_oslomsg_notify_host_group][0], 'localhost') }}"
|
|
neutron_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
|
|
neutron_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
|
|
neutron_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
|
|
neutron_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}"
|
|
neutron_oslomsg_notify_userid: "{{ neutron_oslomsg_rpc_userid }}"
|
|
neutron_oslomsg_notify_password: "{{ neutron_oslomsg_rpc_password }}"
|
|
neutron_oslomsg_notify_vhost: "{{ neutron_oslomsg_rpc_vhost }}"
|
|
|
|
|
|
###
|
|
### (RabbitMQ) integration
|
|
###
|
|
|
|
neutron_rpc_thread_pool_size: 64
|
|
neutron_rpc_conn_pool_size: 30
|
|
neutron_rpc_response_timeout: 60
|
|
neutron_rpc_workers: 1
|
|
|
|
###
|
|
### Identity (Keystone) integration
|
|
###
|
|
|
|
neutron_service_project_name: service
|
|
neutron_service_project_domain_id: default
|
|
neutron_service_user_domain_id: default
|
|
neutron_service_role_name: admin
|
|
neutron_service_user_name: neutron
|
|
neutron_service_name: neutron
|
|
neutron_service_type: network
|
|
neutron_service_description: "OpenStack Networking"
|
|
neutron_service_port: 9696
|
|
neutron_service_proto: http
|
|
neutron_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(neutron_service_proto) }}"
|
|
neutron_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(neutron_service_proto) }}"
|
|
neutron_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(neutron_service_proto) }}"
|
|
neutron_service_publicuri: "{{ neutron_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ neutron_service_port }}"
|
|
neutron_service_publicurl: "{{ neutron_service_publicuri }}"
|
|
neutron_service_adminuri: "{{ neutron_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}"
|
|
neutron_service_adminurl: "{{ neutron_service_adminuri }}"
|
|
neutron_service_internaluri: "{{ neutron_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}"
|
|
neutron_service_internalurl: "{{ neutron_service_internaluri }}"
|
|
neutron_service_region: RegionOne
|
|
neutron_keystone_auth_plugin: "{{ neutron_keystone_auth_type }}"
|
|
neutron_keystone_auth_type: password
|
|
neutron_service_in_ldap: false
|
|
|
|
###
|
|
### Telemetry integration
|
|
###
|
|
|
|
neutron_ceilometer_enabled: False
|
|
|
|
###
|
|
### Designate integration
|
|
###
|
|
|
|
neutron_designate_enabled: False
|
|
neutron_allow_reverse_dns_lookup: True
|
|
neutron_ipv4_ptr_zone_prefix_size: 24
|
|
neutron_ipv6_ptr_zone_prefix_size: 116
|
|
|
|
# Notifications topic for designate
|
|
neutron_notifications_designate: notifications_designate
|
|
|
|
###
|
|
### Plugins Loading
|
|
###
|
|
|
|
# Other plugins can be added to the system by simply extending the list `neutron_plugin_base`.
|
|
# neutron_plugin_base:
|
|
# - router
|
|
# - firewall/firewall_v2 either one or the other, not both
|
|
# - lbaas
|
|
# - neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
|
|
# - neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin
|
|
# - vpnaas
|
|
# - metering
|
|
# - qos
|
|
# - dns
|
|
neutron_plugin_base:
|
|
- router
|
|
- metering
|
|
|
|
###
|
|
### ML2 Plugin Configuration
|
|
###
|
|
|
|
# The neutron core plugin (ML2) is defined with neutron_plugin_type,
|
|
# you can not load multiple ML2 plugins as core.
|
|
neutron_plugin_type: 'ml2.lxb'
|
|
|
|
# Additional ML2 plugins can be loaded with neutron_plugin_types (as list)
|
|
neutron_plugin_types: []
|
|
|
|
# ml2 network type drivers to load
|
|
neutron_ml2_drivers_type: "flat,vlan,vxlan,local"
|
|
|
|
# Enable or disable L2 Population.
|
|
neutron_l2_population: "False"
|
|
|
|
neutron_vxlan_enabled: true
|
|
|
|
## The neutron multicast group address. This should be set as a host variable if used.
|
|
neutron_vxlan_group: "239.1.1.1"
|
|
|
|
neutron_sriov_excluded_devices: ""
|
|
|
|
# neutron_local_ip is used for the VXLAN local tunnel endpoint
|
|
neutron_local_ip: 127.0.0.1
|
|
|
|
## Set this variable to configure the provider networks that will be available
|
|
## When setting up networking in things like the ml2_conf.ini file. Normally
|
|
## this will be defined as a host variable used within neutron as network configuration
|
|
## are likely to differ in between hosts.
|
|
# neutron_provider_networks:
|
|
# network_flat_networks: "flat"
|
|
# network_mappings: "flat:eth12,vlan:eth11"
|
|
# network_types: "vxlan,flat,vlan"
|
|
# network_vlan_ranges: "vlan:1:1,vlan:1024:1025"
|
|
# network_vxlan_ranges: "1:1000"
|
|
# network_geneve_ranges: "1:1000"
|
|
# network_sriov_mappings: "vlan:p4p1"
|
|
|
|
###
|
|
### L3 Agent Plugin Configuration
|
|
###
|
|
|
|
# Set this option to "true" to enable legacy neutron L3HA tool support
|
|
# TODO(cloudnull): Remove this in the Ocata cycle
|
|
neutron_legacy_ha_tool_enabled: false
|
|
|
|
# L3HA configuration options
|
|
neutron_ha_vrrp_auth_type: PASS
|
|
neutron_l3_ha_net_cidr: 169.254.192.0/18
|
|
|
|
###
|
|
### DHCP Agent Plugin Configuration
|
|
###
|
|
|
|
# Comma-separated list of DNS servers which will be used by dnsmasq as forwarders.
|
|
neutron_dnsmasq_dns_servers: ""
|
|
|
|
# Limit number of leases to prevent a denial-of-service.
|
|
neutron_dnsmasq_lease_max: 16777216
|
|
|
|
###
|
|
### Metadata Agent Plugin Configuration
|
|
###
|
|
|
|
# If ``neutron_metadata_workers`` is unset the system will use half the number of available VCPUs to
|
|
# compute the number of api workers to use with a default capping value of 16.
|
|
# neutron_metadata_workers: 16
|
|
neutron_metadata_backlog: 4096
|
|
|
|
# The protocol used by neutron to access the nova metadata service.
|
|
nova_metadata_protocol: http
|
|
|
|
# If the nova_metadata_protocol is using a self-signed cert, then
|
|
# this flag should be set to a boolean True.
|
|
nova_metadata_insecure: False
|
|
|
|
###
|
|
### LBaaS Configuration
|
|
###
|
|
|
|
# See documentation section titled "Configuring the Network Load Balancing
|
|
# Service (Optional)" for more details.
|
|
neutron_octavia_request_poll_timeout: 100
|
|
|
|
# Use the Octavia proxy
|
|
neutron_octavia_proxy_plugin: False
|
|
|
|
###
|
|
### VPNaaS Configuration
|
|
###
|
|
|
|
# See VPNaaS documentation for driver/service provider selection
|
|
# in case you want to override it.
|
|
neutron_driver_vpnaas: neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver
|
|
neutron_vpnaas_service_provider: VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
|
|
|
|
###
|
|
### Dragonflow Configuration
|
|
###
|
|
|
|
# neutron_management_ip is used to configure the location (IP) of the
|
|
# neutron-server
|
|
neutron_management_ip: 127.0.0.1
|
|
|
|
# Calico Felix agent upstream settings
|
|
calico_felix_url: "https://github.com/projectcalico/felix/releases/download/{{ calico_felix_version }}/calico-felix"
|
|
calico_felix_version: 2.3.0
|
|
calico_felix_sha256: 6cc538d6d93d2b5e732841769f427ce61a4e7d9a6eedf4ca8d33c4df42cf6419
|
|
calico_felix_validate_certs: yes
|
|
|
|
# Database specific configuration
|
|
dragonflow_remote_db_ip: 127.0.0.1 # etcd has local proxy installed
|
|
dragonflow_remote_db_port: 4001
|
|
dragonflow_port_status_notifier:
|
|
dragonflow_apps:
|
|
- l2_app.L2App
|
|
- l3_proactive_app.L3ProactiveApp
|
|
- dhcp_app.DHCPApp
|
|
- dnat_app.DNATApp
|
|
- sg_app.SGApp
|
|
- portsec_app.PortSecApp
|
|
dragonflow_ex_peer_patch_port: patch-int
|
|
dragonflow_int_peer_patch_port: patch-ex
|
|
dragonflow_external_network_bridge: br-ex
|
|
dragonflow_publisher_bind_address: "*"
|
|
|
|
# OVN Defaults
|
|
neutron_ovn_northd_service_name: ovn-northd
|
|
neutron_ovn_controller_service_name: ovn-controller
|
|
neutron_ovn_l3_scheduler: leastloaded
|
|
neutron_ovn_ip: "{{ internal_lb_vip_address }}"
|
|
|
|
# Install Openvswitch without NSH support
|
|
ovs_nsh_support: False
|
|
|
|
# Set higher priority to mardim PPA when ovs_nsh_support is True
|
|
ovs_nsh_apt_pinned_packages: [{ package: "*", release: "LP-PPA-mardim-mardim-ppa"}]
|