b59b392813
This patch uses the certbot functionality to issue a certificate from a locally installed ACME server on the AIO node, when the string 'stepca' appears in the scenario. This allows testing of the certbot code in the haproxy role and the wider integration with Openstack-Ansible to be tested in CI jobs. Change-Id: Ide769f54505898630aae67e25b238624ba4f4fdb
255 lines
7.3 KiB
Django/Jinja
255 lines
7.3 KiB
Django/Jinja
---
|
|
cidr_networks:
|
|
{% if 'ironic' in bootstrap_host_scenarios_expanded %}
|
|
bmaas: 172.29.228.0/22
|
|
{% endif %}
|
|
{% if 'trove' in bootstrap_host_scenarios_expanded %}
|
|
dbaas: 172.29.252.0/22
|
|
{% endif %}
|
|
{% if 'octavia' in bootstrap_host_scenarios_expanded %}
|
|
lbaas: 172.29.232.0/22
|
|
{% endif %}
|
|
container: 172.29.236.0/22
|
|
tunnel: 172.29.240.0/22
|
|
storage: 172.29.244.0/22
|
|
|
|
used_ips:
|
|
{% if 'ironic' in bootstrap_host_scenarios_expanded %}
|
|
- "172.29.228.1,172.29.228.10"
|
|
- "172.29.229.50,172.29.231.255"
|
|
- "172.29.228.100"
|
|
{% endif %}
|
|
{% if 'trove' in bootstrap_host_scenarios_expanded %}
|
|
- "172.29.252.1,172.29.252.10"
|
|
- "172.29.252.50,172.29.255.255"
|
|
{% endif %}
|
|
{% if 'octavia' in bootstrap_host_scenarios_expanded %}
|
|
- "172.29.232.1,172.29.232.10"
|
|
- "172.29.232.50,172.29.235.255"
|
|
{% endif %}
|
|
- "172.29.236.1,172.29.236.50"
|
|
- "172.29.236.100"
|
|
- "172.29.236.101"
|
|
- "172.29.240.1,172.29.240.50"
|
|
- "172.29.240.100"
|
|
- "172.29.244.1,172.29.244.50"
|
|
- "172.29.244.100"
|
|
- "172.29.248.1,172.29.248.50"
|
|
- "172.29.248.100"
|
|
|
|
global_overrides:
|
|
internal_lb_vip_address: 172.29.236.101
|
|
# The external IP is quoted simply to ensure that the .aio file can be used as input
|
|
# dynamic inventory testing.
|
|
external_lb_vip_address: "{{ ('stepca' in bootstrap_host_scenarios) | ternary('external.openstack.local', bootstrap_host_public_address | default(ansible_facts['default_ipv4']['address'])) }}"
|
|
management_bridge: "br-mgmt"
|
|
no_containers: {{ true if 'metal' in bootstrap_host_scenarios else false }}
|
|
provider_networks:
|
|
- network:
|
|
container_bridge: "br-mgmt"
|
|
container_type: "veth"
|
|
container_interface: "eth1"
|
|
ip_from_q: "container"
|
|
type: "raw"
|
|
group_binds:
|
|
- all_containers
|
|
- hosts
|
|
is_container_address: true
|
|
# define static routes to the neutron public IP ranges via br-mgmt
|
|
# this is AIO specific and relies on the host forwarding to reach instance
|
|
# floating ips using the br-mgmt interface as a gateway
|
|
static_routes:
|
|
# neutron public addresses, LXC
|
|
- cidr: 172.29.248.0/22
|
|
gateway: 172.29.236.100
|
|
{% if 'ovs' in bootstrap_host_scenarios_expanded %}
|
|
- network:
|
|
container_bridge: "br-vxlan"
|
|
container_type: "veth"
|
|
container_interface: "eth10"
|
|
ip_from_q: "tunnel"
|
|
type: "vxlan"
|
|
range: "1:1000"
|
|
net_name: "vxlan"
|
|
group_binds:
|
|
- neutron_openvswitch_agent
|
|
{% elif 'lxb' in bootstrap_host_scenarios_expanded %}
|
|
- network:
|
|
container_bridge: "br-vxlan"
|
|
container_type: "veth"
|
|
container_interface: "eth10"
|
|
ip_from_q: "tunnel"
|
|
type: "vxlan"
|
|
range: "1:1000"
|
|
net_name: "vxlan"
|
|
group_binds:
|
|
- neutron_linuxbridge_agent
|
|
{% else %}
|
|
- network:
|
|
container_bridge: "br-vxlan"
|
|
container_type: "veth"
|
|
container_interface: "eth10"
|
|
ip_from_q: "tunnel"
|
|
type: "geneve"
|
|
range: "1:1000"
|
|
net_name: "geneve"
|
|
group_binds:
|
|
- neutron_ovn_controller
|
|
{% endif %}
|
|
{% if 'trove' in bootstrap_host_scenarios_expanded %}
|
|
- network:
|
|
container_bridge: "br-dbaas"
|
|
container_type: "veth"
|
|
container_interface: "eth13"
|
|
network_interface: "eth13"
|
|
ip_from_q: "dbaas"
|
|
type: "flat"
|
|
net_name: "dbaas-mgmt"
|
|
group_binds:
|
|
- neutron_ovn_gateway
|
|
- rabbitmq
|
|
{% endif %}
|
|
{% if 'octavia' in bootstrap_host_scenarios_expanded %}
|
|
- network:
|
|
container_bridge: "br-octavia"
|
|
container_type: "veth"
|
|
container_interface: "eth14"
|
|
network_interface: "eth14"
|
|
ip_from_q: "lbaas"
|
|
type: "flat"
|
|
net_name: "lbaas"
|
|
group_binds:
|
|
- neutron_ovn_gateway
|
|
- octavia-worker
|
|
- octavia-housekeeping
|
|
- octavia-health-manager
|
|
{% endif %}
|
|
{% if 'ironic' in bootstrap_host_scenarios_expanded %}
|
|
- network:
|
|
container_bridge: "br-bmaas"
|
|
container_type: "veth"
|
|
container_interface: "eth15"
|
|
host_bind_override: "eth15"
|
|
ip_from_q: "bmaas"
|
|
type: "flat"
|
|
net_name: "bmaas"
|
|
group_binds:
|
|
- ironic_api
|
|
- ironic_inspector
|
|
{% endif %}
|
|
{% if 'ovs' in bootstrap_host_scenarios_expanded %}
|
|
- network:
|
|
container_bridge: "br-provider"
|
|
container_type: "veth"
|
|
container_interface: "eth12"
|
|
network_interface: "eth12"
|
|
type: "vlan"
|
|
range: "101:200,301:400"
|
|
net_name: "vlan"
|
|
group_binds:
|
|
- neutron_openvswitch_agent
|
|
- network:
|
|
container_bridge: "br-provider"
|
|
container_type: "veth"
|
|
net_name: "vlan"
|
|
type: "flat"
|
|
group_binds:
|
|
- neutron_openvswitch_agent
|
|
{% elif 'lxb' in bootstrap_host_scenarios_expanded %}
|
|
- network:
|
|
container_bridge: "br-vlan"
|
|
container_type: "veth"
|
|
container_interface: "eth12"
|
|
host_bind_override: "eth12"
|
|
type: "flat"
|
|
net_name: "flat"
|
|
group_binds:
|
|
- neutron_linuxbridge_agent
|
|
- network:
|
|
container_bridge: "br-vlan"
|
|
container_type: "veth"
|
|
container_interface: "eth11"
|
|
type: "vlan"
|
|
range: "101:200,301:400"
|
|
net_name: "vlan"
|
|
group_binds:
|
|
- neutron_linuxbridge_agent
|
|
{% else %}
|
|
- network:
|
|
container_bridge: "br-provider"
|
|
network_interface: "eth12"
|
|
type: "vlan"
|
|
range: "101:200,301:400"
|
|
net_name: "vlan"
|
|
group_binds:
|
|
- neutron_ovn_gateway
|
|
- network:
|
|
container_bridge: "br-provider"
|
|
container_type: "veth"
|
|
net_name: "vlan"
|
|
type: "flat"
|
|
group_binds:
|
|
- neutron_ovn_gateway
|
|
{% endif %}
|
|
- network:
|
|
container_bridge: "br-storage"
|
|
container_type: "veth"
|
|
container_interface: "eth2"
|
|
ip_from_q: "storage"
|
|
type: "raw"
|
|
group_binds:
|
|
- glance_api
|
|
- cinder_api
|
|
- cinder_volume
|
|
- nova_compute
|
|
- manila_share
|
|
- swift_proxy
|
|
- ceph-mon
|
|
- ceph-osd
|
|
|
|
# keystone
|
|
identity_hosts:
|
|
aio1:
|
|
ip: 172.29.236.100
|
|
{% if 'keystone' in bootstrap_host_scenarios or 'infra' in bootstrap_host_scenarios %}
|
|
# NOTE (jrosser) this ensures that we deploy 3 keystone containers
|
|
# during the os_keystone role test to validate ssh keys and fernet key sync
|
|
# Also deploy 3 keystone containers for infra jobs as these are run
|
|
# for patches to the plugins repo containing the ssh key management role
|
|
affinity:
|
|
keystone_container: 3
|
|
{% endif %}
|
|
|
|
# galera, memcache, rabbitmq, utility
|
|
shared-infra_hosts:
|
|
aio1:
|
|
ip: 172.29.236.100
|
|
{% if 'infra' in bootstrap_host_scenarios_expanded %}
|
|
affinity:
|
|
galera_container: 3
|
|
memcached_container: 3
|
|
rabbit_mq_container: 3
|
|
{% endif %}
|
|
|
|
repo-infra_hosts:
|
|
aio1:
|
|
{% if bootstrap_host_install_method == 'distro' %}
|
|
affinity:
|
|
repo_container: 0
|
|
{% endif %}
|
|
{% if 'infra' in bootstrap_host_scenarios_expanded %}
|
|
affinity:
|
|
repo_container: 3
|
|
{% endif %}
|
|
ip: 172.29.236.100
|
|
|
|
{% if 'zookeeper' in bootstrap_host_scenarios_expanded %}
|
|
coordination_hosts:
|
|
aio1:
|
|
ip: 172.29.236.100
|
|
{% if 'infra' in bootstrap_host_scenarios_expanded %}
|
|
affinity:
|
|
zookeeper_container: 3
|
|
{% endif %}
|
|
{% endif %}
|