openstack/openstack-ansible
Code Issues Proposed changes
openstack-ansible/group_vars/all/all.yml
Logan V 85501cbf26 Limit group_vars scoping 
Instead of defining almost all vars scoped to the 'all'group, we will
limit our vars scoping to the group namespace they are consumed in.

Vars that are used in 1 group are defined in the group they are used
in. This covers most service role vars.

Vars that are used in 2 groups (usually linking 2 roles communicating
with each other) are now using localhost's host_vars as a proxy. The
2 service groups will then reference hostvars['localhost']['var'].

Vars that are used in 3+ groups are left in the 'all' scoping.

Change-Id: I09cb22d51985d5f50e98030a455251cc2ea1a205
2017-09-21 13:22:20 +00:00

122 lines
4.3 KiB
YAML
Raw Blame History

---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## OpenStack Source Code Release
openstack_release: master
## Verbosity Options
debug: False
## SSH connection wait time
ssh_delay: 5
# Set the package install state for distribution packages
# Options are 'present' and 'latest'
package_state: "latest"
# Set "/var/log" to be a bind mount to the physical host.
default_bind_mount_logs: true
# Set distro variable
# NOTE(hwoarang): ansible_distribution may return a string with spaces
# such as "openSUSE Leap" so we need to replace the space with underscore
# in order to create a more sensible repo name for the distro.
os_distro_version: "{{ (ansible_distribution | lower) | replace(' ', '_') }}-{{ ansible_distribution_version.split('.')[:2] | join('.') }}-{{ ansible_architecture | lower }}"
# Ensure that the package state matches the global setting
rsyslog_client_package_state: "{{ package_state }}"
## OpenStack source options
openstack_repo_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}"
openstack_repo_git_url: "git://{{ internal_lb_vip_address }}"
# URL for the frozen internal openstack repo.
repo_server_port: 8181
repo_pkg_cache_enabled: true
repo_pkg_cache_port: 3142
repo_pkg_cache_url: "http://{{ internal_lb_vip_address }}:{{ repo_pkg_cache_port }}"
repo_release_path: "{{ openstack_repo_url }}/os-releases/{{ openstack_release }}/{{ os_distro_version }}"
## kernel modules for specific group hosts
# :param name: name of the kernel module
# :param pattern: pattern to search for in /boot/config-$kernel_version to check how module is configured inside kernel
# :param group: group of hosts where the module will be loaded
openstack_host_specific_kernel_modules:
- { name: "ebtables", pattern: "CONFIG_BRIDGE_NF_EBTABLES", group: "network_hosts" }
## DNS resolution (resolvconf) options
#Group containing resolvers to configure
resolvconf_resolver_group: unbound
## Enable external SSL handling for general OpenStack services
openstack_external_ssl: true
## OpenStack global Endpoint Protos
openstack_service_publicuri_proto: https
#openstack_service_adminuri_proto: http
#openstack_service_internaluri_proto: http
## Region Name
service_region: RegionOne
## OpenStack Domain
openstack_domain: openstack.local
lxc_container_domain: "{{ openstack_domain }}"
## DHCP Domain Name
dhcp_domain: openstacklocal
## LDAP enabled toggle
service_ldap_backend_enabled: "{{ keystone_ldap is defined and keystone_ldap.Default is defined }}"
## Base venv configuration
venv_tag: "{{ openstack_release }}"
venv_base_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ os_distro_version }}"
## Gnocchi
# Used in both Gnocchi and Swift roles.
gnocchi_service_project_name: "{{ (gnocchi_storage_driver is defined and gnocchi_storage_driver == 'swift') | ternary('gnocchi_swift', 'service') }}"
## OpenStack Openrc
openrc_os_auth_url: "{{ keystone_service_internalurl }}"
openrc_os_password: "{{ keystone_auth_admin_password }}"
openrc_os_domain_name: "Default"
openrc_region_name: "{{ service_region }}"
## Host security hardening
# The ansible-hardening role provides security hardening for hosts
# by applying security configurations from the STIG. Hardening is enabled by
# default, but an option to opt out is available by setting the following
# variable to 'false'.
# Docs: https://docs.openstack.org/ansible-hardening/latest/
apply_security_hardening: true
## Ansible ssh configuration
ansible_ssh_extra_args: >
-o UserKnownHostsFile=/dev/null
-o StrictHostKeyChecking=no
-o ServerAliveInterval=64
-o ServerAliveCountMax=1024
-o Compression=no
-o TCPKeepAlive=yes
-o VerifyHostKeyDNS=no
-o ForwardX11=no
-o ForwardAgent=yes
-T
# Toggle whether the service is deployed in a container or not
is_metal: "{{ properties.is_metal | default(false) }}"
View Git Blame Copy Permalink