8a4729de24
Additionally, this adds Designate back into integrated build since Designate is now working and requirements have caught up. Change-Id: Ib8a6e2fe1aeb3dc475f8c0a4bdf212392ff8cdfe
90 lines
2.7 KiB
YAML
90 lines
2.7 KiB
YAML
---
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Bootstrap the All-In-One (AIO)
|
|
hosts: localhost
|
|
gather_facts: True
|
|
user: root
|
|
roles:
|
|
- role: "sshd"
|
|
- role: "pip_install"
|
|
- role: "bootstrap-host"
|
|
vars:
|
|
openstack_confd_entries: "{{ confd_overrides[bootstrap_host_scenario] }}"
|
|
bootstrap_host_scenario: "{{ lookup('env','SCENARIO') | default('aio', true) }}"
|
|
confd_overrides:
|
|
aio:
|
|
- name: cinder.yml.aio
|
|
- name: designate.yml.aio
|
|
- name: glance.yml.aio
|
|
- name: heat.yml.aio
|
|
- name: horizon.yml.aio
|
|
- name: keystone.yml.aio
|
|
- name: neutron.yml.aio
|
|
- name: nova.yml.aio
|
|
- name: swift.yml.aio
|
|
ceph:
|
|
- name: ceph.yml.aio
|
|
- name: cinder.yml.aio
|
|
- name: glance.yml.aio
|
|
- name: heat.yml.aio
|
|
- name: horizon.yml.aio
|
|
- name: keystone.yml.aio
|
|
- name: neutron.yml.aio
|
|
- name: nova.yml.aio
|
|
sftp_subsystem: "{{ (ansible_pkg_mgr == 'apt') | ternary('sftp /usr/lib/openssh/sftp-server','sftp /usr/libexec/openssh/sftp-server') }}"
|
|
sshd:
|
|
ListenAddress:
|
|
- 0.0.0.0
|
|
- '::'
|
|
Port: 22
|
|
Protocol: 2
|
|
HostKey:
|
|
- "/etc/ssh/ssh_host_rsa_key"
|
|
- "/etc/ssh/ssh_host_ecdsa_key"
|
|
- "/etc/ssh/ssh_host_ed25519_key"
|
|
UsePrivilegeSeparation: yes
|
|
KeyRegenerationInterval: 3600
|
|
ServerKeyBits: 1024
|
|
SyslogFacility: "AUTH"
|
|
LogLevel: "INFO"
|
|
LoginGraceTime: 120
|
|
StrictModes: yes
|
|
RSAAuthentication: yes
|
|
PubkeyAuthentication: yes
|
|
IgnoreRhosts: yes
|
|
RhostsRSAAuthentication: no
|
|
HostbasedAuthentication: no
|
|
PermitEmptyPasswords: no
|
|
PermitRootLogin: yes
|
|
ChallengeResponseAuthentication: no
|
|
PasswordAuthentication: no
|
|
X11DisplayOffset: 10
|
|
PrintMotd: no
|
|
PrintLastLog: no
|
|
TCPKeepAlive: yes
|
|
AcceptEnv: "LANG LC_*"
|
|
Subsystem: "{{ sftp_subsystem }}"
|
|
UsePAM: yes
|
|
UseDNS: no
|
|
X11Forwarding: no
|
|
Compression: yes
|
|
CompressionLevel: 6
|
|
MaxSessions: 100
|
|
MaxStartups: "100:100:100"
|
|
GSSAPIAuthentication: no
|
|
GSSAPICleanupCredentials: no
|
|
|