Major Hayden f510d6561c Octavia role hacking
- installs Octavia service in OSA
- adds a test which installs Octavia (but uses noop
  to work around gate limitations)

Co-Authored-By: German Eichberger <German.eichberger@rackspace.com>

Change-Id: Idb419a4ca5daa311d39c90eda5f83412ccf576ad
2017-03-01 12:48:12 -05:00

269 lines
9.0 KiB
YAML

---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Verbosity Options
debug: False
# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
octavia_package_state: "latest"
octavia_pip_package_state: "latest"
octavia_git_repo: https://git.openstack.org/openstack/octavia
octavia_git_install_branch: master
octavia_developer_mode: false
octavia_developer_constraints:
- "git+{{ octavia_git_repo }}@{{ octavia_git_install_branch }}#egg=octavia"
# Name of the virtual env to deploy into
octavia_venv_tag: untagged
octavia_bin: "/openstack/venvs/octavia-{{ octavia_venv_tag }}/bin"
octavia_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/octavia.tgz
octavia_fatal_deprecations: False
octavia_clients_endpoint: internalURL
## DB
octavia_galera_user: octavia
octavia_galera_database: octavia
octavia_db_max_overflow: 20
octavia_db_pool_size: 120
octavia_db_pool_timeout: 30
## RabbitMQ info
## Configuration for RPC communications
octavia_rpc_backend: octavia.openstack.common.rpc.impl_kombu
octavia_rabbitmq_userid: octavia
octavia_rabbitmq_vhost: /octavia
octavia_rabbitmq_servers: 127.0.0.1
octavia_rabbitmq_use_ssl: False
octavia_rabbitmq_port: 5672
## Configuration for notifications communication, i.e. [oslo_messaging_notifications]
octavia_rabbitmq_telemetry_userid: "{{ octavia_rabbitmq_userid }}"
octavia_rabbitmq_telemetry_password: "{{ octavia_rabbitmq_password }}"
octavia_rabbitmq_telemetry_vhost: "{{ octavia_rabbitmq_vhost }}"
octavia_rabbitmq_telemetry_port: "{{ octavia_rabbitmq_port }}"
octavia_rabbitmq_telemetry_servers: "{{ octavia_rabbitmq_servers }}"
octavia_rabbitmq_telemetry_use_ssl: "{{ octavia_rabbitmq_use_ssl }}"
## octavia User / Group
octavia_system_user_name: octavia
octavia_system_group_name: octavia
octavia_system_shell: /bin/false
octavia_system_comment: octavia system user
octavia_system_home_folder: "/var/lib/{{ octavia_system_user_name }}"
## Default domain
octavia_project_domain_name: Default
octavia_project_name: admin
octavia_user_domain_name: Default
## Stack
octavia_stack_domain_admin: stack_domain_admin
octavia_stack_owner_name: octavia_stack_owner
octavia_stack_domain_description: Owns users and projects created by octavia
octavia_stack_user_domain_name: octavia
octavia_max_nested_stack_depth: 5
octavia_deferred_auth_method: trusts
octavia_trusts_delegated_roles: []
## Cinder backups
octavia_cinder_backups_enabled: false
# osprofiler
octavia_profiler_enabled: false
octavia_profiler_trace_sqlalchemy: false
## Auth
octavia_service_region: RegionOne
octavia_service_project_name: "service"
octavia_service_user_name: "octavia"
octavia_service_role_name: admin
octavia_service_project_domain_id: default
octavia_service_user_domain_id: default
octavia_keystone_auth_plugin: password
octavia_ansible_endpoint_type: "internal" # endpoint for ansible
## Trustee Auth
octavia_service_trustee_project_name: "service"
octavia_service_trustee_user_name: "octavia"
octavia_service_trustee_password: "{{ octavia_service_password }}"
octavia_service_trustee_project_domain_id: "default"
octavia_service_trustee_user_domain_id: "default"
octavia_keystone_trustee_auth_plugin: "{{ octavia_keystone_trustee_auth_type }}"
octavia_keystone_trustee_auth_type: password
## octavia api service type and data
octavia_service_name: octavia
octavia_service_description: "Octavia Load Balancing Service"
octavia_service_port: 9876
octavia_service_proto: http
octavia_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(octavia_service_proto) }}"
octavia_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(octavia_service_proto) }}"
octavia_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(octavia_service_proto) }}"
octavia_service_type: load-balancing
octavia_service_publicuri: "{{ octavia_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ octavia_service_port }}"
octavia_service_publicurl: "{{ octavia_service_publicuri }}/v1/%(tenant_id)s"
octavia_service_adminuri: "{{ octavia_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}"
octavia_service_adminurl: "{{ octavia_service_adminuri }}/v1/%(tenant_id)s"
octavia_service_internaluri: "{{ octavia_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}"
octavia_service_internalurl: "{{ octavia_service_internaluri }}/v1/%(tenant_id)s"
octavia_service_in_ldap: false
## RPC
octavia_rpc_backend: rabbit
octavia_rpc_thread_pool_size: 64
octavia_rpc_conn_pool_size: 30
octavia_rpc_response_timeout: 60
octavia_rpc_workers: 2
## Plugin dirs
octavia_plugin_dirs:
- /usr/lib/octavia
- /usr/local/lib/octavia
# octavia packages that must be installed before anything else
octavia_requires_pip_packages:
- virtualenv
- virtualenv-tools
- python-keystoneclient # Keystoneclient needed to OSA keystone lib
- httplib2
# Common pip packages
octavia_pip_packages:
- keystonemiddleware
- PyMySQL
- python-memcached
- pycrypto
- python-ceilometerclient
- python-cinderclient
- python-glanceclient
- python-heatclient
- python-keystoneclient
- python-neutronclient
- python-novaclient
- python-openstackclient
- python-swiftclient
- python-troveclient
- octavia
## Service Name-Group Mapping
octavia_services:
octavia-api:
group: octavia_api
service_name: octavia-api
octavia-worker:
group: octavia_worker
service_name: octavia-worker
octavia-housekeeping:
group: octavia_housekeeping
service_name: octavia-housekeeping
octavia-health-manager:
group: octavia_health_manager
service_name: octavia-health-manager
# Required secrets for the role
octavia_required_secrets:
- keystone_auth_admin_password
- octavia_stack_domain_admin_password
- octavia_auth_encryption_key
- octavia_container_mysql_password
- octavia_rabbitmq_password
- octavia_service_password
- memcached_encryption_key
# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
octavia_role_project_group: octavia_all
## Octavia configs
# Load balancer topology options are SINGLE, ACTIVE_STANDBY
# ACTIVE_STANDBY is recommended for production settings
octavia_loadbalancer_topology: SINGLE
# Image tag for the amphora image in glance
octavia_glance_image_tag: octavia-amphora-image
# add here the id of the image owner to avoid faked images being used
octavia_amp_image_owner_id:
# Name of the Octavia management network
octavia_neutron_management_network_name: mgmt
# Name of the Octavia security group
octavia_security_group_name: octavia_sec_grp
# Restrict access to only authorized hosts
octavia_security_group_rule_cidr:
# ssh enabled - switch to True if you need ssh access to the amphora
# and make sure to uplaod a key with the name below
octavia_ssh_enabled: False
octavia_ssh_key_name: octavia_key
# port the agent listens on
octavia_agent_port: "9443"
octavia_health_manager_port: 5555
#Octavia Nova flavor
octavia_amp_flavor_name: "m1.amphora"
octavia_amp_ram: 1024
octavia_amp_vcpu: 1
octavia_amp_disk: 2
# client certs
octavia_client_ca: "{{ octavia_system_home_folder }}/certs/ca_01.pem"
octavia_client_cert: "{{ octavia_system_home_folder }}/certs/client.pem"
# server
octavia_server_ca: "{{ octavia_system_home_folder }}/certs/ca_01.pem"
# ca certs
octavia_ca_private_key: "{{ octavia_system_home_folder }}/certs/private/cakey.pem"
octavia_ca_certificate: "{{ octavia_system_home_folder }}/certs/ca_01.pem"
octavia_ca_private_key_passphrase: foobar
octavia_signing_digest: sha256
# spare pool - increase to speed up load balancer creation and fail over
octavia_spare_amphora_pool_size: 1
# only increase when it's a really busy system since this is by deployed host,
# e.g. 3 hosts, 5 workers (this param) per host, results in 15 worker total
octavia_task_flow_max_workers: 5
# event_streamer - set to False if you don't need up to date lb information and/or
# your queue is crashing (Octavia will stream events to the neutron DB)
octavia_event_streamer: True
octavia_hm_group: "octavia-health-manager"
octavia_hm_hosts: "{% for host in groups[octavia_hm_group] %}{{ hostvars[host]['ansible_host'] }}{% if not loop.last %},{% endif %}{% endfor %}"
# Set up the drivers
octavia_amphora_driver: amphora_haproxy_rest_driver
octavia_compute_driver: compute_nova_driver
octavia_network_driver: allowed_address_pairs_driver
## Tunable overrides
octavia_octavia_conf_overrides: {}
octavia_api_paste_ini_overrides: {}
octavia_policy_overrides: {}