--- # Copyright 2016, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ## OpenStack Source Code Release openstack_release: master ## Verbosity Options debug: False ## SSH connection wait time ssh_delay: 5 # Set the package install state for distribution packages # Options are 'present' and 'latest' package_state: "latest" # Set "/var/log" to be a bind mount to the physical host. default_bind_mount_logs: true # Set distro variable os_distro_version: "{{ ansible_distribution | lower }}-{{ ansible_distribution_version.split('.')[:2] | join('.') }}-{{ ansible_architecture | lower }}" # Ensure that the package state matches the global setting rsyslog_client_package_state: "{{ package_state }}" ## OpenStack source options openstack_repo_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}" openstack_repo_git_url: "git://{{ internal_lb_vip_address }}" # URL for the frozen internal openstack repo. repo_server_port: 8181 repo_pkg_cache_enabled: true repo_pkg_cache_port: 3142 repo_pkg_cache_url: "http://{{ internal_lb_vip_address }}:{{ repo_pkg_cache_port }}" repo_release_path: "{{ openstack_repo_url }}/os-releases/{{ openstack_release }}/{{ os_distro_version }}" ## kernel modules for specific group hosts # :param name: name of the kernel module # :param pattern: pattern to search for in /boot/config-$kernel_version to check how module is configured inside kernel # :param group: group of hosts where the module will be loaded openstack_host_specific_kernel_modules: - { name: "ebtables", pattern: "CONFIG_BRIDGE_NF_EBTABLES", group: "network_hosts" } ## DNS resolution (resolvconf) options #Group containing resolvers to configure resolvconf_resolver_group: unbound ## Enable external SSL handling for general OpenStack services openstack_external_ssl: true ## OpenStack global Endpoint Protos openstack_service_publicuri_proto: https #openstack_service_adminuri_proto: http #openstack_service_internaluri_proto: http ## Region Name service_region: RegionOne ## OpenStack Domain openstack_domain: openstack.local lxc_container_domain: "{{ openstack_domain }}" ## DHCP Domain Name dhcp_domain: openstacklocal ## LDAP enabled toggle service_ldap_backend_enabled: "{{ keystone_ldap is defined and keystone_ldap.Default is defined }}" ## Base venv configuration venv_tag: "{{ openstack_release }}" venv_base_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ os_distro_version }}" ## Gnocchi # Used in both Gnocchi and Swift roles. gnocchi_service_project_name: "{{ (gnocchi_storage_driver is defined and gnocchi_storage_driver == 'swift') | ternary('gnocchi_swift', 'service') }}" ## OpenStack Openrc openrc_os_auth_url: "{{ keystone_service_internalurl }}" openrc_os_password: "{{ keystone_auth_admin_password }}" openrc_os_domain_name: "Default" openrc_region_name: "{{ service_region }}" ## Host security hardening # The openstack-ansible-security role provides security hardening for hosts # by applying security configurations from the STIG. Hardening is enabled by # default, but an option to opt out is available by setting the following # variable to 'false'. # Docs: http://docs.openstack.org/developer/openstack-ansible-security/ apply_security_hardening: true ## Ansible ssh configuration ansible_ssh_extra_args: > -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ServerAliveInterval=64 -o ServerAliveCountMax=1024 -o Compression=no -o TCPKeepAlive=yes -o VerifyHostKeyDNS=no -o ForwardX11=no -o ForwardAgent=yes -T