--- # Copyright 2017, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ## Verbosity Options debug: False # Set the package install state for distribution and pip packages # Options are 'present' and 'latest' octavia_package_state: "latest" octavia_pip_package_state: "latest" octavia_git_repo: https://git.openstack.org/openstack/octavia octavia_git_install_branch: master octavia_developer_mode: false octavia_developer_constraints: - "git+{{ octavia_git_repo }}@{{ octavia_git_install_branch }}#egg=octavia" # Name of the virtual env to deploy into octavia_venv_tag: untagged octavia_bin: "/openstack/venvs/octavia-{{ octavia_venv_tag }}/bin" octavia_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/octavia.tgz octavia_fatal_deprecations: False octavia_clients_endpoint: internalURL ## DB octavia_galera_user: octavia octavia_galera_database: octavia octavia_db_max_overflow: 20 octavia_db_pool_size: 120 octavia_db_pool_timeout: 30 ## RabbitMQ info ## Configuration for RPC communications octavia_rpc_backend: octavia.openstack.common.rpc.impl_kombu octavia_rabbitmq_userid: octavia octavia_rabbitmq_vhost: /octavia octavia_rabbitmq_servers: 127.0.0.1 octavia_rabbitmq_use_ssl: False octavia_rabbitmq_port: 5672 ## Configuration for notifications communication, i.e. [oslo_messaging_notifications] octavia_rabbitmq_telemetry_userid: "{{ octavia_rabbitmq_userid }}" octavia_rabbitmq_telemetry_password: "{{ octavia_rabbitmq_password }}" octavia_rabbitmq_telemetry_vhost: "{{ octavia_rabbitmq_vhost }}" octavia_rabbitmq_telemetry_port: "{{ octavia_rabbitmq_port }}" octavia_rabbitmq_telemetry_servers: "{{ octavia_rabbitmq_servers }}" octavia_rabbitmq_telemetry_use_ssl: "{{ octavia_rabbitmq_use_ssl }}" ## octavia User / Group octavia_system_user_name: octavia octavia_system_group_name: octavia octavia_system_shell: /bin/false octavia_system_comment: octavia system user octavia_system_home_folder: "/var/lib/{{ octavia_system_user_name }}" ## Default domain octavia_project_domain_name: Default octavia_project_name: admin octavia_user_domain_name: Default ## Stack octavia_stack_domain_admin: stack_domain_admin octavia_stack_owner_name: octavia_stack_owner octavia_stack_domain_description: Owns users and projects created by octavia octavia_stack_user_domain_name: octavia octavia_max_nested_stack_depth: 5 octavia_deferred_auth_method: trusts octavia_trusts_delegated_roles: [] ## Cinder backups octavia_cinder_backups_enabled: false # osprofiler octavia_profiler_enabled: false octavia_profiler_trace_sqlalchemy: false ## Auth octavia_service_region: RegionOne octavia_service_project_name: "service" octavia_service_user_name: "octavia" octavia_service_role_name: admin octavia_service_project_domain_id: default octavia_service_user_domain_id: default octavia_keystone_auth_plugin: password octavia_ansible_endpoint_type: "internal" # endpoint for ansible ## Trustee Auth octavia_service_trustee_project_name: "service" octavia_service_trustee_user_name: "octavia" octavia_service_trustee_password: "{{ octavia_service_password }}" octavia_service_trustee_project_domain_id: "default" octavia_service_trustee_user_domain_id: "default" octavia_keystone_trustee_auth_plugin: "{{ octavia_keystone_trustee_auth_type }}" octavia_keystone_trustee_auth_type: password ## octavia api service type and data octavia_service_name: octavia octavia_service_description: "Octavia Load Balancing Service" octavia_service_port: 9876 octavia_service_proto: http octavia_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(octavia_service_proto) }}" octavia_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(octavia_service_proto) }}" octavia_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(octavia_service_proto) }}" octavia_service_type: load-balancing octavia_service_publicuri: "{{ octavia_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ octavia_service_port }}" octavia_service_publicurl: "{{ octavia_service_publicuri }}/v1/%(tenant_id)s" octavia_service_adminuri: "{{ octavia_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}" octavia_service_adminurl: "{{ octavia_service_adminuri }}/v1/%(tenant_id)s" octavia_service_internaluri: "{{ octavia_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}" octavia_service_internalurl: "{{ octavia_service_internaluri }}/v1/%(tenant_id)s" octavia_service_in_ldap: false ## RPC octavia_rpc_backend: rabbit octavia_rpc_thread_pool_size: 64 octavia_rpc_conn_pool_size: 30 octavia_rpc_response_timeout: 60 octavia_rpc_workers: 2 ## Plugin dirs octavia_plugin_dirs: - /usr/lib/octavia - /usr/local/lib/octavia # octavia packages that must be installed before anything else octavia_requires_pip_packages: - virtualenv - virtualenv-tools - python-keystoneclient # Keystoneclient needed to OSA keystone lib - httplib2 # Common pip packages octavia_pip_packages: - keystonemiddleware - PyMySQL - python-memcached - pycrypto - python-ceilometerclient - python-cinderclient - python-glanceclient - python-heatclient - python-keystoneclient - python-neutronclient - python-novaclient - python-openstackclient - python-swiftclient - python-troveclient - octavia ## Service Name-Group Mapping octavia_services: octavia-api: group: octavia_api service_name: octavia-api octavia-worker: group: octavia_worker service_name: octavia-worker octavia-housekeeping: group: octavia_housekeeping service_name: octavia-housekeeping octavia-health-manager: group: octavia_health_manager service_name: octavia-health-manager # Required secrets for the role octavia_required_secrets: - keystone_auth_admin_password - octavia_stack_domain_admin_password - octavia_auth_encryption_key - octavia_container_mysql_password - octavia_rabbitmq_password - octavia_service_password - memcached_encryption_key # This variable is used by the repo_build process to determine # which host group to check for members of before building the # pip packages required by this role. The value is picked up # by the py_pkgs lookup. octavia_role_project_group: octavia_all ## Octavia configs # Load balancer topology options are SINGLE, ACTIVE_STANDBY # ACTIVE_STANDBY is recommended for production settings octavia_loadbalancer_topology: SINGLE # Image tag for the amphora image in glance octavia_glance_image_tag: octavia-amphora-image # add here the id of the image owner to avoid faked images being used octavia_amp_image_owner_id: # Name of the Octavia management network octavia_neutron_management_network_name: mgmt # Name of the Octavia security group octavia_security_group_name: octavia_sec_grp # Restrict access to only authorized hosts octavia_security_group_rule_cidr: # ssh enabled - switch to True if you need ssh access to the amphora # and make sure to uplaod a key with the name below octavia_ssh_enabled: False octavia_ssh_key_name: octavia_key # port the agent listens on octavia_agent_port: "9443" octavia_health_manager_port: 5555 #Octavia Nova flavor octavia_amp_flavor_name: "m1.amphora" octavia_amp_ram: 1024 octavia_amp_vcpu: 1 octavia_amp_disk: 2 # client certs octavia_client_ca: "{{ octavia_system_home_folder }}/certs/ca_01.pem" octavia_client_cert: "{{ octavia_system_home_folder }}/certs/client.pem" # server octavia_server_ca: "{{ octavia_system_home_folder }}/certs/ca_01.pem" # ca certs octavia_ca_private_key: "{{ octavia_system_home_folder }}/certs/private/cakey.pem" octavia_ca_certificate: "{{ octavia_system_home_folder }}/certs/ca_01.pem" octavia_ca_private_key_passphrase: foobar octavia_signing_digest: sha256 # spare pool - increase to speed up load balancer creation and fail over octavia_spare_amphora_pool_size: 1 # only increase when it's a really busy system since this is by deployed host, # e.g. 3 hosts, 5 workers (this param) per host, results in 15 worker total octavia_task_flow_max_workers: 5 # event_streamer - set to False if you don't need up to date lb information and/or # your queue is crashing (Octavia will stream events to the neutron DB) octavia_event_streamer: True octavia_hm_group: "octavia-health-manager" octavia_hm_hosts: "{% for host in groups[octavia_hm_group] %}{{ hostvars[host]['ansible_host'] }}{% if not loop.last %},{% endif %}{% endfor %}" # Set up the drivers octavia_amphora_driver: amphora_haproxy_rest_driver octavia_compute_driver: compute_nova_driver octavia_network_driver: allowed_address_pairs_driver ## Tunable overrides octavia_octavia_conf_overrides: {} octavia_api_paste_ini_overrides: {} octavia_policy_overrides: {}