f139eb09d4
This new role is now providing the ability for a user to pin apt packages as they see fit. The idea is to allow someone to implement pinning in a generic way that can be represented as a global variable or as a hostvar. The new role has been added to all install roles as a dependency which will allow it to ensure that packages are pinned everywhere as would be expected. Change-Id: I354e8515570fa7174366ba57d57aece3c304568e
74 lines
3.2 KiB
YAML
74 lines
3.2 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
## Glance Options
|
|
# Set default_store to "swift" if using Cloud Files or swift backend
|
|
glance_default_store: file
|
|
glance_notification_driver: noop
|
|
|
|
# `internalURL` will cause glance to speak to swift via ServiceNet, use
|
|
# `publicURL` to communicate with swift over the public network
|
|
glance_swift_store_endpoint_type: internalURL
|
|
|
|
|
|
## Nova
|
|
# Uncomment "nova_console_endpoint" to define a specific nova console URI or
|
|
# IP address this will construct the specific proxy endpoint for the console.
|
|
# nova_console_endpoint: console.company_domain.name
|
|
|
|
# This defaults to KVM, if you are deploying on a host that is not KVM capable
|
|
# change this to your hypervisor type: IE "qemu", "lxc".
|
|
# nova_virt_type: kvm
|
|
# nova_cpu_allocation_ratio: 2.0
|
|
# nova_ram_allocation_ratio: 1.0
|
|
|
|
## Glance with Swift
|
|
### Extra options when configuring swift as a glance back-end.
|
|
### By default it will use the local swift install
|
|
### Set these when using a remote swift as a glance backend
|
|
#glance_swift_store_auth_address: "https://some.auth.url.com"
|
|
#glance_swift_store_user: "OPENSTACK_TENANT_ID:OPENSTACK_USER_NAME"
|
|
#glance_swift_store_key: "OPENSTACK_USER_PASSWORD"
|
|
#glance_swift_store_container: "NAME_OF_SWIFT_CONTAINER"
|
|
#glance_swift_store_region: "NAME_OF_REGION"
|
|
|
|
## Swift
|
|
# This will allow all users to create containers and upload to swift if set to True
|
|
swift_allow_all_users: False
|
|
|
|
## Apache SSL Settings
|
|
# These do not need to be configured unless you're creating certificates for
|
|
# services running behind Apache (currently, Horizon and Keystone).
|
|
ssl_protocol: "ALL -SSLv2 -SSLv3"
|
|
# Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
|
|
ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
|
|
# To override for Keystone only:
|
|
# - keystone_ssl_protocol
|
|
# - keystone_ssl_cipher_suite
|
|
# To override for Horizon only:
|
|
# - horizon_ssl_protocol
|
|
# - horizon_ssl_cipher_suite
|
|
|
|
## Additional pinning generator that will allow for more packages to be pinned as you see fit.
|
|
## All pins allow for package and versions to be defined. Be careful using this as versions
|
|
## are always subject to change and updates regarding security will become your problem from this
|
|
## point on. Pinning can be done based on a package version, release, or origin. Use "*" in the
|
|
## package name to indicate that you want to pin all package to a particular constraint.
|
|
# apt_pinned_packages:
|
|
# - { package: "lxc", version: "1.0.7-0ubuntu0.1" }
|
|
# - { package: "libvirt-bin", version: "1.2.2-0ubuntu13.1.9" }
|
|
# - { package: "rabbitmq-server", origin: "www.rabbitmq.com" }
|
|
# - { package: "*", release: "MariaDB" }
|