Change-Id: I4522fe318541dac7f4ff4e45d72d4cd8869420ba
6.2 KiB
Home OpenStack-Ansible Installation Guide
Overriding OpenStack configuration defaults
OpenStack has many configuration options available in configuration
files which are in the form of .conf
files (in a standard
INI
file format), policy files (in a standard
JSON
format) and also YAML
files.
Note
YAML
files are only in the ceilometer project at this
time.
OpenStack-Ansible provides the facility to include reference to any
options in the OpenStack
Configuration Reference through the use of a simple set of
configuration entries in
/etc/openstack_deploy/user_variables.yml
.
This section provides guidance for how to make use of this facility. Further guidance is available in the developer documentation in the section titled Setting overrides in configuration files.
Overriding .conf files
The most common use-case for implementing overrides are for the
<service>.conf
files (for example,
nova.conf
). These files use a standard INI
file format.
For example, if you add the following parameters to
nova.conf
:
[DEFAULT]
remove_unused_original_minimum_age_seconds = 43200
[libvirt]
cpu_mode = host-model
disk_cachemodes = file=directsync,block=none
[database]
idle_timeout = 300
max_pool_size = 10
This is accomplished through the use of the following configuration
entry in /etc/openstack_deploy/user_variables.yml
:
nova_nova_conf_overrides:
DEFAULT:
remove_unused_original_minimum_age_seconds: 43200
libvirt:
cpu_mode: host-model
disk_cachemodes: file=directsync,block=none
database:
idle_timeout: 300
max_pool_size: 10
Overrides may also be applied on a per host basis with the following
configuration in
/etc/openstack_deploy/openstack_user_config.yml
:
compute_hosts:
900089-compute001:
ip: 192.0.2.10
host_vars:
nova_nova_conf_overrides:
DEFAULT:
remove_unused_original_minimum_age_seconds: 43200
libvirt:
cpu_mode: host-model
disk_cachemodes: file=directsync,block=none
database:
idle_timeout: 300
max_pool_size: 10
Use this method for any INI
file format for all
OpenStack projects deployed in OpenStack-Ansible.
To assist you in finding the appropriate variable name to use for
overrides, the general format for the variable name is:
<service>_<filename>_<file extension>_overrides
.
Overriding .json files
You can adjust the default policies applied by services in order to
implement access controls which are different to a standard OpenStack
environment. Policy files are in a JSON
format.
For example, you can add the following policy in keystone's
policy.json
:
{
"identity:foo": "rule:admin_required",
"identity:bar": "rule:admin_required"
}
Accomplish this through the use of the following configuration entry
in /etc/openstack_deploy/user_variables.yml
:
keystone_policy_overrides:
identity:foo: "rule:admin_required"
identity:bar: "rule:admin_required"
Use this method for any JSON
file format for all
OpenStack projects deployed in OpenStack-Ansible.
To assist you in finding the appropriate variable name to use for
overrides, the general format for the variable name is
<service>_policy_overrides
.
Currently available overrides
The following is a list of overrides available:
- Galera:
-
- galera_client_my_cnf_overrides
- galera_my_cnf_overrides
- galera_cluster_cnf_overrides
- galera_debian_cnf_overrides
- Ceilometer:
-
- ceilometer_policy_overrides
- ceilometer_ceilometer_conf_overrides
- ceilometer_api_paste_ini_overrides
- ceilometer_event_definitions_yaml_overrides
- ceilometer_event_pipeline_yaml_overrides
- ceilometer_pipeline_yaml_overrides
- Cinder:
-
- cinder_policy_overrides
- cinder_rootwrap_conf_overrides
- cinder_api_paste_ini_overrides
- cinder_cinder_conf_overrides
- Glance:
-
- glance_glance_api_paste_ini_overrides
- glance_glance_api_conf_overrides
- glance_glance_cache_conf_overrides
- glance_glance_manage_conf_overrides
- glance_glance_registry_paste_ini_overrides
- glance_glance_registry_conf_overrides
- glance_glance_scrubber_conf_overrides
- glance_glance_scheme_json_overrides
- glance_policy_overrides
- Heat:
-
- heat_heat_conf_overrides
- heat_api_paste_ini_overrides
- heat_default_yaml_overrides
- heat_aws_cloudwatch_alarm_yaml_overrides
- heat_aws_rds_dbinstance_yaml_overrides
- heat_policy_overrides
- Keystone:
-
- keystone_keystone_conf_overrides
- keystone_keystone_default_conf_overrides
- keystone_keystone_paste_ini_overrides
- keystone_policy_overrides
- Neutron:
-
- neutron_neutron_conf_overrides
- neutron_ml2_conf_ini_overrides
- neutron_dhcp_agent_ini_overrides
- neutron_api_paste_ini_overrides
- neutron_rootwrap_conf_overrides
- neutron_policy_overrides
- neutron_dnsmasq_neutron_conf_overrides
- neutron_l3_agent_ini_overrides
- neutron_metadata_agent_ini_overrides
- neutron_metering_agent_ini_overrides
- Nova:
-
- nova_nova_conf_overrides
- nova_rootwrap_conf_overrides
- nova_api_paste_ini_overrides
- nova_policy_overrides
- Swift:
-
- swift_swift_conf_overrides
- swift_swift_dispersion_conf_overrides
- swift_proxy_server_conf_overrides
- swift_account_server_conf_overrides
- swift_account_server_replicator_conf_overrides
- swift_container_server_conf_overrides
- swift_container_server_replicator_conf_overrides
- swift_object_server_conf_overrides
- swift_object_server_replicator_conf_overrides
- Tempest:
-
- tempest_tempest_conf_overrides
- pip:
-
- pip_global_conf_overrides