1030 lines
48 KiB
Plaintext
1030 lines
48 KiB
Plaintext
keystone_identity_uri: {{UNDERCLOUD_ENDPOINT_KEYSTONE_ADMIN}}
|
|
keystone_auth_uri: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}/v3
|
|
keystone_region: 'regionOne'
|
|
keystone_default_domain: 'Default'
|
|
|
|
debug: {{UNDERCLOUD_DEBUG}}
|
|
controller_host: {{LOCAL_IP}} #local-ipv4
|
|
#local-ipv4 similar to the same hiera key in the overcloud
|
|
ctlplane: {{LOCAL_IP}}
|
|
controller_host_wrapped: "{{LOCAL_IP_WRAPPED}}"
|
|
controller_admin_host: {{UNDERCLOUD_ADMIN_HOST}}
|
|
controller_public_host: {{UNDERCLOUD_PUBLIC_HOST}}
|
|
ntp::servers: {{UNDERCLOUD_NTP_SERVERS}}
|
|
|
|
sysctl_settings: {{SYSCTL_SETTINGS}}
|
|
|
|
# SSL
|
|
tripleo::haproxy::service_certificate: {{UNDERCLOUD_SERVICE_CERTIFICATE}}
|
|
generate_service_certificates: {{GENERATE_SERVICE_CERTIFICATE}}
|
|
tripleo::profile::base::haproxy::certificates_specs:
|
|
undercloud-haproxy-public:
|
|
service_pem: {{UNDERCLOUD_SERVICE_CERTIFICATE}}
|
|
service_certificate: '/etc/pki/tls/certs/undercloud-front.crt'
|
|
service_key: '/etc/pki/tls/private/undercloud-front.key'
|
|
hostname: "%{hiera('controller_public_host')}"
|
|
postsave_cmd: "/usr/bin/instack-haproxy-cert-update '/etc/pki/tls/certs/undercloud-front.crt' '/etc/pki/tls/private/undercloud-front.key' {{UNDERCLOUD_SERVICE_CERTIFICATE}} undercloud-haproxy-public-cert"
|
|
principal: {{SERVICE_PRINCIPAL}}
|
|
|
|
# CA defaults
|
|
certmonger_ca: {{CERTIFICATE_GENERATION_CA}}
|
|
|
|
# Common Hiera data gets applied to all nodes
|
|
ssh::server::storeconfigs_enabled: false
|
|
|
|
# memcached
|
|
memcached::max_memory: '50%'
|
|
memcached::verbosity: 'v'
|
|
memcached::disable_cachedump: true
|
|
|
|
# Apache
|
|
apache::server_signature: 'Off'
|
|
apache::server_tokens: 'Prod'
|
|
|
|
# ceilometer settings used by compute and controller ceilo auth settings
|
|
ceilometer::agent::auth::auth_region: "%{hiera('keystone_region')}"
|
|
aodh::auth::auth_region: "%{hiera('keystone_region')}"
|
|
ceilometer::agent::auth::auth_tenant_name: 'service'
|
|
aodh::auth::auth_tenant_name: 'service'
|
|
ceilometer::agent::auth::auth_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
|
|
aodh::auth::auth_url: "%{hiera('keystone_auth_uri')}"
|
|
|
|
# Swift
|
|
swift::proxy::proxy_local_net_ip: {{LOCAL_IP}}
|
|
swift::proxy::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
|
swift::proxy::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
swift::proxy::node_timeout: 60
|
|
swift::proxy::workers: "%{::os_workers}"
|
|
swift::proxy::log_facility: LOG_LOCAL2
|
|
swift::storage::all::storage_local_net_ip: {{LOCAL_IP}}
|
|
swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
|
|
swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
|
|
swift::swift_hash_path_suffix: {{UNDERCLOUD_SWIFT_HASH_SUFFIX}}
|
|
swift::proxy::account_autocreate: true
|
|
swift::proxy::authtoken::password: {{UNDERCLOUD_SWIFT_PASSWORD}}
|
|
swift::keystone::auth::tenant: 'service'
|
|
swift::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_SWIFT_PUBLIC}}
|
|
swift::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_SWIFT_INTERNAL}}
|
|
swift::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_SWIFT_ADMIN}}
|
|
swift::keystone::auth::password: {{UNDERCLOUD_SWIFT_PASSWORD}}
|
|
swift::keystone::auth::region: "%{hiera('keystone_region')}"
|
|
swift::keystone::auth::configure_s3_endpoint: false
|
|
swift::keystone::auth::operator_roles:
|
|
- admin
|
|
- swiftoperator
|
|
swift_mount_check: false
|
|
swift::ringbuilder::replicas: 1
|
|
swift::ringbuilder::part_power: 10
|
|
swift::ringbuilder::min_part_hours: 1
|
|
|
|
swift::proxy::pipeline:
|
|
- 'catch_errors'
|
|
- 'healthcheck'
|
|
- 'proxy-logging'
|
|
- 'cache'
|
|
- 'ratelimit'
|
|
- 'bulk'
|
|
- 'tempurl'
|
|
- 'formpost'
|
|
- 'authtoken'
|
|
- 'keystone'
|
|
- 'staticweb'
|
|
- 'proxy-logging'
|
|
- 'proxy-server'
|
|
|
|
# Glance
|
|
glance::api::debug: "%{hiera('debug')}"
|
|
glance::api::bind_port: 9292
|
|
glance::api::bind_host: {{LOCAL_IP}}
|
|
glance::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
|
glance::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
glance::api::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
|
|
glance::api::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
|
|
glance::api::registry_host: {{LOCAL_IP}}
|
|
glance::api::authtoken::password: {{UNDERCLOUD_GLANCE_PASSWORD}}
|
|
glance::api::workers: "%{::os_workers}"
|
|
glance::api::stores:
|
|
- glance.store.filesystem.Store
|
|
- glance.store.swift.Store
|
|
glance::api::default_store: 'glance.store.swift.Store'
|
|
glance::api::pipeline: 'keystone'
|
|
# used to construct glance_api_servers
|
|
glance_log_file: ''
|
|
glance::api::database_connection: mysql+pymysql://glance:{{UNDERCLOUD_GLANCE_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/glance
|
|
glance::api::enable_v1_api: false
|
|
glance::api::enable_v2_api: true
|
|
glance::keystone::auth::tenant: 'service'
|
|
glance::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_GLANCE_PUBLIC}}
|
|
glance::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
|
|
glance::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_GLANCE_ADMIN}}
|
|
glance::keystone::auth::password: {{UNDERCLOUD_GLANCE_PASSWORD}}
|
|
glance::keystone::auth::region: "%{hiera('keystone_region')}"
|
|
glance::backend::swift::swift_store_auth_address: "%{hiera('keystone_auth_uri')}"
|
|
glance::backend::swift::swift_store_auth_version: 3
|
|
glance::backend::swift::swift_store_user: service:glance
|
|
glance::backend::swift::swift_store_key: {{UNDERCLOUD_GLANCE_PASSWORD}}
|
|
glance::backend::swift::swift_store_create_container_on_put: true
|
|
glance::notify::rabbitmq::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
|
|
glance::notify::rabbitmq::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
|
|
glance::notify::rabbitmq::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
|
|
glance::registry::debug: "%{hiera('debug')}"
|
|
|
|
# Heat
|
|
heat::debug: "%{hiera('debug')}"
|
|
heat_stack_domain_admin_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}}
|
|
heat::engine::configure_delegated_roles: false
|
|
heat::engine::heat_stack_user_role: 'heat_stack_user'
|
|
heat::engine::heat_watch_server_url: http://{{LOCAL_IP}}:8003
|
|
heat::engine::heat_metadata_server_url: http://{{LOCAL_IP}}:8000
|
|
heat::engine::heat_waitcondition_server_url: http://{{LOCAL_IP}}:8000/v1/waitcondition
|
|
heat::engine::reauthentication_auth_method: 'trusts'
|
|
heat::engine::trusts_delegated_roles: []
|
|
heat::engine::auth_encryption_key: {{UNDERCLOUD_HEAT_ENCRYPTION_KEY}}
|
|
heat::engine::max_resources_per_stack: -1
|
|
heat::engine::convergence_engine: true
|
|
heat::engine::num_engine_workers: "%{::os_workers_heat_engine}"
|
|
heat::engine::max_nested_stack_depth: 7
|
|
heat::instance_user: heat-admin
|
|
heat::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
|
|
heat::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
heat::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
|
heat::keystone::authtoken::password: {{UNDERCLOUD_HEAT_PASSWORD}}
|
|
heat::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
|
|
heat::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
|
|
heat::keystone::domain::domain_name: 'heat_stack'
|
|
heat::keystone::domain::domain_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}}
|
|
heat::api::bind_host: {{LOCAL_IP}}
|
|
heat::api::workers: "%{::os_workers}"
|
|
heat::api::service_name: 'httpd'
|
|
heat::api_cfn::bind_host: {{LOCAL_IP}}
|
|
heat::api_cfn::workers: "%{::os_workers}"
|
|
heat::api_cfn::service_name: 'httpd'
|
|
heat::wsgi::apache_api::ssl: false
|
|
heat::wsgi::apache_api::bind_host: {{LOCAL_IP}}
|
|
heat::wsgi::apache_api::workers: "%{hiera('heat::api::workers')}"
|
|
heat::wsgi::apache_api_cfn::ssl: false
|
|
heat::wsgi::apache_api_cfn::bind_host: {{LOCAL_IP}}
|
|
heat::wsgi::apache_api_cfn::workers: "%{hiera('heat::api_cfn::workers')}"
|
|
heat::database_connection: mysql+pymysql://heat:{{UNDERCLOUD_HEAT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/heat
|
|
heat_dsn: mysql+pymysql://heat:{{UNDERCLOUD_HEAT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/heat
|
|
heat::rpc_response_timeout: 600
|
|
heat::keystone::auth::tenant: 'service'
|
|
heat::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_PUBLIC}}
|
|
heat::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_INTERNAL}}
|
|
heat::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_ADMIN}}
|
|
heat::keystone::auth::password: {{UNDERCLOUD_HEAT_PASSWORD}}
|
|
heat::keystone::auth::region: "%{hiera('keystone_region')}"
|
|
heat::keystone::auth_cfn::tenant: 'service'
|
|
heat::keystone::auth_cfn::region: "%{hiera('keystone_region')}"
|
|
heat::keystone::auth_cfn::password: {{UNDERCLOUD_HEAT_CFN_PASSWORD}}
|
|
heat::keystone::auth_cfn::public_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_PUBLIC}}
|
|
heat::keystone::auth_cfn::internal_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_INTERNAL}}
|
|
heat::keystone::auth_cfn::admin_url: {{UNDERCLOUD_ENDPOINT_HEAT_CFN_ADMIN}}
|
|
heat::cron::purge_deleted::age: 1
|
|
heat::cron::purge_deleted::age_type: 'days'
|
|
heat::cron::purge_deleted::destination: '/dev/null'
|
|
heat::notification_driver: 'messaging'
|
|
heat::yaql_memory_quota: 100000
|
|
heat::yaql_limit_iterators: 1000
|
|
heat::max_json_body_size: 2097152
|
|
|
|
# Keystone
|
|
keystone::debug: "%{hiera('debug')}"
|
|
keystone::admin_token: {{UNDERCLOUD_ADMIN_TOKEN}}
|
|
keystone::admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}}
|
|
keystone::admin_workers: "%{::os_workers}"
|
|
keystone::public_workers: "%{::os_workers}"
|
|
keystone::public_bind_host: {{LOCAL_IP}}
|
|
keystone::admin_bind_host: {{LOCAL_IP}}
|
|
keystone::public_endpoint: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
|
|
keystone::service_name: 'httpd'
|
|
keystone_ca_certificate: '{{KEYSTONE_CA_CERTIFICATE}}'
|
|
keystone_signing_key: '{{KEYSTONE_SIGNING_KEY}}'
|
|
keystone_signing_certificate: '{{KEYSTONE_SIGNING_CERTIFICATE}}'
|
|
keystone::database_connection: mysql+pymysql://keystone:{{UNDERCLOUD_ADMIN_TOKEN}}@{{LOCAL_IP_WRAPPED}}/keystone
|
|
keystone::cron::token_flush::destination: '/dev/null'
|
|
keystone::roles::admin::password: {{UNDERCLOUD_ADMIN_PASSWORD}}
|
|
keystone::roles::admin::email: 'root@localhost'
|
|
keystone::roles::admin::admin_tenant: 'admin'
|
|
keystone::roles::admin::service_tenant: 'service'
|
|
keystone::token_expiration: 14400
|
|
keystone::endpoint::public_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC}}
|
|
keystone::endpoint::internal_url: {{UNDERCLOUD_ENDPOINT_KEYSTONE_INTERNAL}}
|
|
keystone::endpoint::admin_url: "%{hiera('keystone_identity_uri')}"
|
|
keystone::endpoint::region: "%{hiera('keystone_region')}"
|
|
keystone::endpoint::version: ''
|
|
keystone::wsgi::apache::ssl: false
|
|
keystone::wsgi::apache::bind_host: {{LOCAL_IP}}
|
|
keystone::notification_driver: messaging
|
|
keystone::notification_topics: notifications
|
|
keystone::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
|
|
keystone::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
|
|
keystone::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
|
|
keystone::enable_credential_setup: true
|
|
keystone::fernet_max_active_keys: 2
|
|
|
|
# MySQL
|
|
admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}}
|
|
enable_galera: true
|
|
mysql_max_connections: '4096'
|
|
tripleo::profile::base::database::mysql::step: 2
|
|
tripleo::profile::base::database::mysql::manage_resources: true
|
|
tripleo::profile::base::database::mysql::remove_default_accounts: true
|
|
tripleo::profile::base::database::mysql::mysql_server_options:
|
|
'mysqld':
|
|
bind-address: "%{hiera('controller_host')}"
|
|
innodb_file_per_table: 'ON'
|
|
mysql::server::restart: true
|
|
mysql::server::root_password: {{UNDERCLOUD_DB_PASSWORD}}
|
|
|
|
# Neutron
|
|
neutron::debug: "%{hiera('debug')}"
|
|
neutron::bind_host: {{LOCAL_IP}}
|
|
neutron::core_plugin: ml2
|
|
neutron::service_plugins: ['router']
|
|
neutron::dhcp_agents_per_network: 2
|
|
neutron::dns_domain: {{OVERCLOUD_DOMAIN_NAME}}
|
|
neutron::server::api_workers: "%{::os_workers}"
|
|
neutron::server::rpc_workers: "%{::os_workers}"
|
|
neutron::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
|
|
neutron::rabbit_user: {{UNDERCLOUD_RABBIT_USERNAME}}
|
|
neutron::keystone::authtoken::project_name: "%{hiera('neutron::keystone::auth::tenant')}"
|
|
neutron::server::notifications::project_name: "%{hiera('neutron::keystone::auth::tenant')}"
|
|
neutron::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
|
neutron::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
neutron::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
|
|
neutron::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
|
|
neutron::server::database_connection: mysql+pymysql://neutron:{{UNDERCLOUD_NEUTRON_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/neutron
|
|
neutron::server::sync_db: true
|
|
neutron::agents::ml2::ovs::local_ip: {{LOCAL_IP}}
|
|
neutron::plugins::ml2::mechanism_drivers: ['openvswitch']
|
|
neutron_bridge_mappings: ctlplane:br-ctlplane
|
|
neutron_public_interface: {{LOCAL_INTERFACE}}
|
|
neutron_physical_bridge: br-ctlplane
|
|
neutron::keystone::authtoken::password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
|
|
neutron::agents::metadata::auth_password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
|
|
neutron::agents::metadata::metadata_workers: "%{::os_workers}"
|
|
neutron::quota::quota_port: -1
|
|
neutron::server::notifications::auth_url: "%{hiera('keystone_auth_uri')}"
|
|
neutron::server::notifications::tenant_name: service
|
|
neutron::server::notifications::password: {{UNDERCLOUD_NOVA_PASSWORD}}
|
|
neutron::keystone::auth::tenant: 'service'
|
|
neutron::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}}
|
|
neutron::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_INTERNAL}}
|
|
neutron::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_ADMIN}}
|
|
neutron::keystone::auth::password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
|
|
neutron::keystone::auth::region: "%{hiera('keystone_region')}"
|
|
neutron::plugins::ml2::extension_drivers: 'port_security'
|
|
|
|
# Ceilometer
|
|
ceilometer::debug: "%{hiera('debug')}"
|
|
ceilometer::expirer::time_to_live: undef
|
|
ceilometer::metering_secret: {{UNDERCLOUD_CEILOMETER_METERING_SECRET}}
|
|
ceilometer::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
|
|
ceilometer::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
|
|
ceilometer::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
|
|
ceilometer::keystone::authtoken::password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
|
|
ceilometer::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
|
ceilometer::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
ceilometer::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
|
|
ceilometer::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
|
|
ceilometer::db::database_connection: mysql+pymysql://ceilometer:{{UNDERCLOUD_CEILOMETER_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/ceilometer
|
|
ceilometer::agent::auth::auth_password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
|
|
ceilometer_compute_agent: ''
|
|
ceilometer::snmpd_readonly_username: {{UNDERCLOUD_CEILOMETER_SNMPD_USER}}
|
|
ceilometer::snmpd_readonly_user_password: {{UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD}}
|
|
ceilometer::keystone::auth::tenant: 'service'
|
|
ceilometer::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_PUBLIC}}
|
|
ceilometer::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_INTERNAL}}
|
|
ceilometer::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CEILOMETER_ADMIN}}
|
|
ceilometer::keystone::auth::password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
|
|
ceilometer::keystone::auth::region: "%{hiera('keystone_region')}"
|
|
ceilometer::dispatcher::gnocchi::url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_INTERNAL}}
|
|
ceilometer::dispatcher::gnocchi::filter_project: 'service'
|
|
ceilometer::dispatcher::gnocchi::archive_policy: 'low'
|
|
ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
|
|
|
|
# events dispatcher config
|
|
ceilometer::agent::notification::event_pipeline_publishers: ['gnocchi://', 'panko://']
|
|
ceilometer::agent::notification::manage_event_pipeline: true
|
|
|
|
# Aodh
|
|
aodh::debug: "%{hiera('debug')}"
|
|
aodh::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
|
|
aodh::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
|
|
aodh::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
|
|
aodh::api::host: {{LOCAL_IP}}
|
|
aodh::keystone::authtoken::password: {{UNDERCLOUD_AODH_PASSWORD}}
|
|
aodh::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
|
aodh::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
ceilometer::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
|
|
ceilometer::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
|
|
aodh::api::service_name: 'httpd'
|
|
aodh::wsgi::apache::ssl: false
|
|
aodh::wsgi::apache::bind_host: {{LOCAL_IP}}
|
|
aodh::db::database_connection: mysql+pymysql://aodh:{{UNDERCLOUD_AODH_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/aodh
|
|
aodh::auth::auth_password: {{UNDERCLOUD_AODH_PASSWORD}}
|
|
aodh::keystone::auth::tenant: 'service'
|
|
aodh::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_AODH_PUBLIC}}
|
|
aodh::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_AODH_INTERNAL}}
|
|
aodh::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_AODH_ADMIN}}
|
|
aodh::keystone::auth::password: {{UNDERCLOUD_AODH_PASSWORD}}
|
|
aodh::keystone::auth::region: "%{hiera('keystone_region')}"
|
|
|
|
|
|
# Gnocchi
|
|
gnocchi::debug: "%{hiera('debug')}"
|
|
gnocchi_backend: 'file'
|
|
gnocchi::wsgi::apache::ssl: false
|
|
gnocchi::wsgi::apache::bind_host: {{LOCAL_IP}}
|
|
gnocchi::api::service_name: 'httpd'
|
|
gnocchi::api::host: {{LOCAL_IP}}
|
|
gnocchi::keystone::authtoken::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
|
|
gnocchi::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
|
gnocchi::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
|
|
gnocchi::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
|
|
gnocchi::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
gnocchi::keystone::auth::tenant: 'service'
|
|
gnocchi::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_PUBLIC}}
|
|
gnocchi::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_INTERNAL}}
|
|
gnocchi::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_ADMIN}}
|
|
gnocchi::keystone::auth::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
|
|
gnocchi::keystone::auth::region: "%{hiera('keystone_region')}"
|
|
gnocchi::db::mysql::password: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
|
|
gnocchi::db::database_connection: mysql+pymysql://gnocchi:{{UNDERCLOUD_GNOCCHI_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/gnocchi
|
|
gnocchi::storage::swift::swift_user: 'service:gnocchi'
|
|
gnocchi::storage::swift::swift_auth_version: 2
|
|
gnocchi::storage::swift::swift_authurl: "%{hiera('keystone_auth_uri')}"
|
|
gnocchi::storage::swift::swift_key: {{UNDERCLOUD_GNOCCHI_PASSWORD}}
|
|
#Gnocchi statsd
|
|
gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26'
|
|
gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3'
|
|
gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
|
|
gnocchi::statsd::flush_delay: 10
|
|
gnocchi::statsd::archive_policy_name: 'low'
|
|
gnocchi_healthcheck_url: {{UNDERCLOUD_ENDPOINT_GNOCCHI_PUBLIC}}/healthcheck
|
|
|
|
# Panko
|
|
panko::logging::debug: "%{hiera('debug')}"
|
|
panko::wsgi::apache::ssl: false
|
|
panko::wsgi::apache::bind_host: {{LOCAL_IP}}
|
|
panko::api::service_name: 'httpd'
|
|
panko::api::host: {{LOCAL_IP}}
|
|
panko::db::mysql::password: {{UNDERCLOUD_PANKO_PASSWORD}}
|
|
panko::db::database_connection: mysql+pymysql://panko:{{UNDERCLOUD_PANKO_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/panko
|
|
panko::keystone::authtoken::password: {{UNDERCLOUD_PANKO_PASSWORD}}
|
|
panko::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
|
panko::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
panko::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
|
|
panko::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
|
|
panko::keystone::auth::tenant: 'service'
|
|
panko::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_PANKO_PUBLIC}}
|
|
panko::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_PANKO_INTERNAL}}
|
|
panko::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_PANKO_ADMIN}}
|
|
panko::keystone::auth::password: {{UNDERCLOUD_PANKO_PASSWORD}}
|
|
panko::keystone::auth::region: "%{hiera('keystone_region')}"
|
|
panko::keystone::authtoken::project_name: 'service'
|
|
|
|
# Nova
|
|
nova::debug: "%{hiera('debug')}"
|
|
nova::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
|
|
nova::notification_driver: messaging
|
|
nova::rpc_response_timeout: '600'
|
|
nova::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
|
nova::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
nova::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
|
|
nova::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
|
|
nova::api::service_name: 'httpd'
|
|
nova::api::api_bind_address: {{LOCAL_IP}}
|
|
nova::api::enabled: true
|
|
nova::api::metadata_listen: {{LOCAL_IP}}
|
|
nova::keystone::authtoken::password: {{UNDERCLOUD_NOVA_PASSWORD}}
|
|
nova::api::enabled_apis:
|
|
- metadata
|
|
nova::api::sync_db_api: true
|
|
nova::api::osapi_compute_workers: "%{::os_workers}"
|
|
nova::api::metadata_workers: "%{::os_workers}"
|
|
nova::wsgi::apache_api::ssl: false
|
|
nova::wsgi::apache_api::bind_host: {{LOCAL_IP}}
|
|
nova::wsgi::apache_placement::ssl: false
|
|
nova::wsgi::apache_placement::bind_host: {{LOCAL_IP}}
|
|
nova::wsgi::apache_placement::api_port: '8778'
|
|
nova::placement::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
nova::placement::password: {{UNDERCLOUD_NOVA_PASSWORD}}
|
|
nova::placement::project_name: 'service'
|
|
nova::placement::os_region_name: "%{hiera('keystone_region')}"
|
|
nova::conductor::enabled: true
|
|
nova::conductor::workers: "%{::os_workers}"
|
|
nova::database_connection: mysql+pymysql://nova:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/nova
|
|
nova::api_database_connection: mysql+pymysql://nova_api:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/nova_api
|
|
nova::placement_database_connection: mysql+pymysql://nova_placement:{{UNDERCLOUD_NOVA_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/nova_placement
|
|
nova::notify_on_state_change: 'vm_and_task_state'
|
|
nova::scheduler::enabled: true
|
|
nova::network::neutron::dhcp_domain: ''
|
|
nova::compute::force_config_drive: true
|
|
nova::compute::reserved_host_memory: '0'
|
|
nova::compute::vnc_enabled: false
|
|
nova::compute::instance_usage_audit: true
|
|
nova::compute::instance_usage_audit_period: 'hour'
|
|
nova::compute::consecutive_build_service_disable_threshold: 0
|
|
nova::cron::archive_deleted_rows::destination: '/dev/null'
|
|
nova_sync_power_state_interval: -1
|
|
|
|
nova::ironic::common::username: 'ironic'
|
|
nova::ironic::common::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
|
|
nova::ironic::common::project_name: 'service'
|
|
nova::ironic::common::api_endpoint: "{{UNDERCLOUD_ENDPOINT_IRONIC_PUBLIC}}/v1"
|
|
nova::ironic::common::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
|
|
nova::network::neutron::neutron_auth_url: "%{hiera('keystone_auth_uri')}"
|
|
nova::network::neutron::neutron_url: {{UNDERCLOUD_ENDPOINT_NEUTRON_PUBLIC}}
|
|
nova::network::neutron::neutron_password: "%{hiera('neutron::keystone::authtoken::password')}"
|
|
nova::network::neutron::neutron_project_name: "%{hiera('neutron::keystone::auth::tenant')}"
|
|
nova::network::neutron::neutron_region_name: ''
|
|
|
|
nova::ram_allocation_ratio: '1.0'
|
|
nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager'
|
|
nova::scheduler::filter::scheduler_max_attempts: {{SCHEDULER_MAX_ATTEMPTS}}
|
|
nova::scheduler::filter::scheduler_available_filters: ['tripleo_common.filters.list.tripleo_filters']
|
|
nova::scheduler::filter::scheduler_default_filters: ['RetryFilter', 'TripleOCapabilitiesFilter', 'ComputeCapabilitiesFilter', 'AvailabilityZoneFilter', 'RamFilter', 'DiskFilter', 'ComputeFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter']
|
|
|
|
nova::keystone::auth::tenant: 'service'
|
|
nova::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_NOVA_PUBLIC}}
|
|
nova::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_NOVA_INTERNAL}}
|
|
nova::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_NOVA_ADMIN}}
|
|
nova::keystone::auth::password: {{UNDERCLOUD_NOVA_PASSWORD}}
|
|
nova::keystone::auth::region: "%{hiera('keystone_region')}"
|
|
nova::keystone::auth::configure_ec2_endpoint: false
|
|
|
|
nova::keystone::auth_placement::tenant: 'service'
|
|
nova::keystone::auth_placement::public_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_PUBLIC}}
|
|
nova::keystone::auth_placement::internal_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_INTERNAL}}
|
|
nova::keystone::auth_placement::admin_url: {{UNDERCLOUD_ENDPOINT_PLACEMENT_ADMIN}}
|
|
nova::keystone::auth_placement::password: {{UNDERCLOUD_NOVA_PASSWORD}}
|
|
nova::keystone::auth_placement::region: "%{hiera('keystone_region')}"
|
|
|
|
nova::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
|
|
|
|
# NOTE(aschultz): raise upper limit on nova DB syncs for undercloud only.
|
|
# There is no way this should take 15 minutes and if it does we now have way
|
|
# different problems. But rather than block undercloud installs let's increase
|
|
# the timeout for these actions. See LP#1661396 for more details.
|
|
nova::db::sync::db_sync_timeout: 900
|
|
nova::db::sync_api::db_sync_timeout: 900
|
|
|
|
# Ironic
|
|
ironic::debug: "%{hiera('debug')}"
|
|
ironic::my_ip: {{LOCAL_IP}}
|
|
ironic::db_online_data_migrations: true
|
|
ironic::rpc_response_timeout: 600
|
|
ironic::api::authtoken::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
|
|
ironic::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
|
ironic::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
ironic::api::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
|
|
ironic::api::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
|
|
ironic::api::host_ip: {{LOCAL_IP}}
|
|
ironic::api::service_name: 'httpd'
|
|
ironic::api::workers: "%{::os_workers}"
|
|
ironic::wsgi::apache::ssl: false
|
|
ironic::wsgi::apache::bind_host: {{LOCAL_IP}}
|
|
ironic::pxe::tftp_bind_host: {{LOCAL_IP}}
|
|
ironic::database_connection: mysql+pymysql://ironic:{{UNDERCLOUD_IRONIC_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/ironic
|
|
ironic::default_transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
|
|
ironic::drivers::inspector::enabled: true
|
|
ironic::drivers::inspector::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
|
|
ironic::drivers::inspector::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
ironic::drivers::inspector::user_domain_name: "%{hiera('keystone_default_domain')}"
|
|
ironic::drivers::inspector::project_domain_name: "%{hiera('keystone_default_domain')}"
|
|
ironic::glance::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
|
|
ironic::glance::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
ironic::neutron::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
|
|
ironic::neutron::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
ironic::service_catalog::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
|
|
ironic::service_catalog::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
ironic::swift::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
|
|
ironic::swift::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
# Ironic conductor forces deployments to use http
|
|
# https://bugs.launchpad.net/tripleo/+bug/1613088
|
|
ironic::conductor::api_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
|
|
ironic::conductor::force_power_state_during_sync: false
|
|
ironic::conductor::automated_clean: {{CLEAN_NODES}}
|
|
ironic::conductor::cleaning_disk_erase: 'metadata'
|
|
ironic::conductor::cleaning_network: 'ctlplane'
|
|
ironic::conductor::provisioning_network: 'ctlplane'
|
|
ironic::conductor::default_boot_option: 'local'
|
|
ironic::conductor::enabled_drivers: {{ENABLED_DRIVERS}}
|
|
ironic::conductor::enabled_hardware_types: {{ENABLED_HARDWARE_TYPES}}
|
|
ironic::drivers::interfaces::default_inspect_interface: inspector
|
|
ironic::drivers::interfaces::enabled_boot_interfaces: {{ENABLED_BOOT_INTERFACES}}
|
|
ironic::drivers::interfaces::enabled_console_interfaces: ['no-console', 'ipmitool-socat']
|
|
ironic::drivers::interfaces::enabled_deploy_interfaces: ['iscsi', 'direct', 'ansible']
|
|
ironic::drivers::interfaces::enabled_inspect_interfaces: ['no-inspect', 'inspector']
|
|
ironic::drivers::interfaces::enabled_management_interfaces: {{ENABLED_MANAGEMENT_INTERFACES}}
|
|
ironic::drivers::interfaces::enabled_power_interfaces: {{ENABLED_POWER_INTERFACES}}
|
|
ironic::drivers::interfaces::enabled_raid_interfaces: {{ENABLED_RAID_INTERFACES}}
|
|
ironic::drivers::interfaces::enabled_vendor_interfaces: {{ENABLED_VENDOR_INTERFACES}}
|
|
|
|
# Make sure new nodes default to 'baremetal' resource class
|
|
ironic::default_resource_class: 'baremetal'
|
|
|
|
ironic::keystone::auth::tenant: 'service'
|
|
ironic::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_IRONIC_PUBLIC}}
|
|
ironic::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
|
|
ironic::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_IRONIC_ADMIN}}
|
|
ironic::keystone::auth::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
|
|
ironic::keystone::auth::region: "%{hiera('keystone_region')}"
|
|
|
|
ironic::keystone::auth_inspector::tenant: 'service'
|
|
ironic::keystone::auth_inspector::public_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_PUBLIC}}
|
|
ironic::keystone::auth_inspector::internal_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_INTERNAL}}
|
|
ironic::keystone::auth_inspector::admin_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_ADMIN}}
|
|
ironic::keystone::auth_inspector::password: {{UNDERCLOUD_IRONIC_PASSWORD}}
|
|
ironic::keystone::auth_inspector::region: "%{hiera('keystone_region')}"
|
|
|
|
# Ironic Inspector
|
|
ironic::inspector::listen_address: {{LOCAL_IP}}
|
|
ironic::inspector::debug: "%{hiera('debug')}"
|
|
{{#IPXE_ENABLED}}
|
|
ironic::inspector::pxe_transfer_protocol: 'http'
|
|
{{/IPXE_ENABLED}}
|
|
ironic::inspector::enable_uefi: {{INSPECTION_ENABLE_UEFI}}
|
|
ironic::inspector::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
|
ironic::inspector::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
ironic::inspector::authtoken::username: 'ironic'
|
|
ironic::inspector::authtoken::password: "%{hiera('ironic::api::authtoken::password')}"
|
|
ironic::inspector::authtoken::project_name: 'service'
|
|
ironic::inspector::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
|
|
ironic::inspector::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
|
|
ironic::inspector::db::database_connection: mysql+pymysql://ironic-inspector:{{UNDERCLOUD_IRONIC_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/ironic-inspector
|
|
ironic::inspector::keep_ports: 'added'
|
|
ironic::inspector::ironic_username: 'ironic'
|
|
ironic::inspector::ironic_password: "%{hiera('ironic::api::authtoken::password')}"
|
|
ironic::inspector::ironic_tenant_name: 'service'
|
|
ironic::inspector::ironic_project_domain_name: 'Default'
|
|
ironic::inspector::ironic_user_domain_name: 'Default'
|
|
ironic::inspector::ironic_auth_url: "%{hiera('keystone_auth_uri')}"
|
|
ironic::inspector::ironic_max_retries: 6
|
|
ironic::inspector::ironic_retry_interval: 10
|
|
ironic::inspector::store_data: 'swift'
|
|
ironic::inspector::swift_username: 'ironic'
|
|
ironic::inspector::swift_password: "%{hiera('ironic::api::authtoken::password')}"
|
|
ironic::inspector::swift_tenant_name: 'service'
|
|
ironic::inspector::swift_project_domain_name: 'Default'
|
|
ironic::inspector::swift_user_domain_name: 'Default'
|
|
ironic::inspector::swift_auth_url: "%{hiera('keystone_auth_uri')}"
|
|
ironic::inspector::dnsmasq_local_ip: {{LOCAL_IP}}
|
|
ironic::inspector::dnsmasq_interface: {{INSPECTION_INTERFACE}}
|
|
ironic::inspector::dnsmasq_ip_subnets: {{{INSPECTION_SUBNETS}}}
|
|
ironic::inspector::ramdisk_collectors: {{INSPECTION_COLLECTORS}}
|
|
ironic::inspector::additional_processing_hooks: 'extra_hardware,lldp_basic,local_link_connection'
|
|
ironic::inspector::ramdisk_kernel_args: {{INSPECTION_KERNEL_ARGS}}
|
|
ironic::inspector::ipxe_timeout: 60
|
|
ironic::inspector::node_not_found_hook: {{INSPECTION_NODE_NOT_FOUND_HOOK}}
|
|
ironic::inspector::discovery_default_driver: {{DISCOVERY_DEFAULT_DRIVER}}
|
|
ironic::inspector::detect_boot_mode: true
|
|
|
|
# Ironic PXE driver
|
|
ironic::drivers::pxe::ipxe_timeout: 60
|
|
|
|
# Ironic deploy utils
|
|
ironic_ipxe_port: 8088
|
|
ironic::conductor::http_url: "http://{{LOCAL_IP_WRAPPED}}:%{hiera('ironic_ipxe_port')}"
|
|
ironic::conductor::http_boot: '/httpboot'
|
|
ironic::inspector::http_port: "%{hiera('ironic_ipxe_port')}"
|
|
|
|
# Ironic pxe
|
|
ironic::drivers::pxe::ipxe_enabled: {{IPXE_ENABLED}}
|
|
# NOTE(dtantsur): UEFI only works with iPXE currently for us
|
|
ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
|
|
ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
|
|
|
|
# Ironic agent
|
|
ironic::drivers::agent::deploy_logs_collect: 'always'
|
|
ironic::drivers::agent::deploy_logs_storage_backend: 'local'
|
|
ironic::drivers::agent::deploy_logs_local_path: '/var/log/ironic/deploy/'
|
|
|
|
# Ironic power and management drivers tuning
|
|
ironic::drivers::ilo::default_boot_mode: 'bios'
|
|
|
|
# Customisations for ppc64le
|
|
{{#ENABLE_ARCHITECTURE_PPC64LE}}
|
|
ironic::pxe::enable_ppc64le: true
|
|
ironic::inspector::enable_ppc64le: true
|
|
ironic::conductor::power_state_change_timeout: 60
|
|
ironic::drivers::ipmi::command_retry_timeout: 120
|
|
ironic::drivers::ipmi::min_command_interval: 15
|
|
{{/ENABLE_ARCHITECTURE_PPC64LE}}
|
|
|
|
# Rabbit
|
|
rabbit_cookie: {{UNDERCLOUD_RABBIT_COOKIE}}
|
|
rabbitmq::delete_guest_user: false
|
|
rabbitmq::node_ip_address: {{LOCAL_IP}}
|
|
rabbitmq::management_ip_address: {{LOCAL_IP}}
|
|
rabbitmq::package_source: undef
|
|
rabbitmq::port: 5672
|
|
rabbitmq::repos_ensure: false
|
|
rabbitmq::wipe_db_on_cookie_change: true
|
|
rabbitmq::default_user: {{UNDERCLOUD_RABBIT_USERNAME}}
|
|
rabbitmq::default_pass: {{UNDERCLOUD_RABBIT_PASSWORD}}
|
|
|
|
# Horizon
|
|
horizon::django_debug: "%{hiera('debug')}"
|
|
horizon_secret_key: {{UNDERCLOUD_HORIZON_SECRET_KEY}}
|
|
horizon::allowed_hosts:
|
|
- "%{::fqdn}"
|
|
- "{{LOCAL_IP}}"
|
|
horizon::wsgi::apache::priority: 10
|
|
horizon::openstack_endpoint_type: internalURL
|
|
|
|
# Mistral
|
|
mistral::debug: "%{hiera('debug')}"
|
|
mistral::api::bind_host: {{LOCAL_IP}}
|
|
mistral::api::api_workers: "%{::os_workers}"
|
|
mistral::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
|
|
mistral::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
|
|
mistral::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
|
|
mistral::database_connection: mysql+pymysql://mistral:{{UNDERCLOUD_MISTRAL_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/mistral
|
|
mistral::rpc_backend: rabbit
|
|
mistral::rpc_response_timeout: 120
|
|
mistral::keystone::authtoken::password: {{UNDERCLOUD_MISTRAL_PASSWORD}}
|
|
mistral::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
|
mistral::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
mistral::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
|
|
mistral::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
|
|
|
|
mistral::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_PUBLIC}}
|
|
mistral::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_INTERNAL}}
|
|
mistral::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_MISTRAL_ADMIN}}
|
|
mistral::keystone::auth::region: "%{hiera('keystone_region')}"
|
|
mistral::keystone::auth::password: {{UNDERCLOUD_MISTRAL_PASSWORD}}
|
|
mistral::keystone::auth::tenant: 'service'
|
|
mistral::engine::older_than: 2880
|
|
mistral::engine::evaluation_interval: 120
|
|
mistral::engine::execution_field_size_limit_kb: 16384
|
|
|
|
# Zaqar
|
|
zaqar::keystone::authtoken::project_name: 'service'
|
|
zaqar::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
|
zaqar::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
zaqar::keystone::authtoken::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
|
|
zaqar::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
|
|
zaqar::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
|
|
zaqar::keystone::auth::tenant: 'service'
|
|
zaqar::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_PUBLIC}}
|
|
zaqar::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_INTERNAL}}
|
|
zaqar::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_ADMIN}}
|
|
zaqar::keystone::auth::region: "%{hiera('keystone_region')}"
|
|
zaqar::keystone::auth::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
|
|
zaqar::keystone::auth::roles:
|
|
- admin
|
|
- ResellerAdmin
|
|
zaqar::keystone::auth_websocket::tenant: 'service'
|
|
zaqar::keystone::auth_websocket::public_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_PUBLIC}}
|
|
zaqar::keystone::auth_websocket::internal_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_INTERNAL}}
|
|
zaqar::keystone::auth_websocket::admin_url: {{UNDERCLOUD_ENDPOINT_ZAQAR_WEBSOCKET_ADMIN}}
|
|
zaqar::keystone::auth_websocket::region: "%{hiera('keystone_region')}"
|
|
zaqar::keystone::auth_websocket::password: {{UNDERCLOUD_ZAQAR_PASSWORD}}
|
|
zaqar::server::service_name: 'httpd'
|
|
zaqar::unreliable: true
|
|
zaqar::transport::websocket::bind: {{LOCAL_IP}}
|
|
zaqar::transport::websocket::notification_bind: {{LOCAL_IP}}
|
|
zaqar::wsgi::apache::bind_host: {{LOCAL_IP}}
|
|
zaqar::wsgi::apache::ssl: false
|
|
zaqar::message_store: swift
|
|
zaqar::management_store: sqlalchemy
|
|
zaqar::management::sqlalchemy::uri: mysql+pymysql://zaqar:{{UNDERCLOUD_ZAQAR_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/zaqar
|
|
zaqar::messaging::swift::uri: swift://zaqar:{{UNDERCLOUD_ZAQAR_PASSWORD}}@/service
|
|
zaqar::messaging::swift::auth_url: "%{hiera('keystone_auth_uri')}"
|
|
zaqar::message_pipeline: 'zaqar.notification.notifier'
|
|
zaqar::max_messages_post_size: 1048576
|
|
|
|
# Cinder
|
|
cinder::debug: "%{hiera('debug')}"
|
|
cinder_backend_name: 'undercloud_iscsi'
|
|
cinder_enable_test_volume: false
|
|
cinder_iscsi_address: {{LOCAL_IP}}
|
|
cinder::api::enable_proxy_headers_parsing: true
|
|
cinder::api::service_name: 'httpd'
|
|
cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL'
|
|
cinder::backends::enabled_backends: ["%{hiera('cinder_backend_name')}"]
|
|
cinder::cron::db_purge::destination: "/dev/null"
|
|
cinder::database_connection: mysql+pymysql://cinder:{{UNDERCLOUD_CINDER_PASSWORD}}@{{LOCAL_IP_WRAPPED}}/cinder
|
|
cinder::db::database_db_max_retries: -1
|
|
cinder::db::database_max_retries: -1
|
|
cinder::debug: "%{hiera('debug')}"
|
|
cinder::glance::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_INTERNAL}}
|
|
cinder::keystone::auth::tenant: 'service'
|
|
cinder::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CINDER_PUBLIC}}
|
|
cinder::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CINDER_INTERNAL}}
|
|
cinder::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CINDER_ADMIN}}
|
|
cinder::keystone::auth::public_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_PUBLIC}}
|
|
cinder::keystone::auth::internal_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_INTERNAL}}
|
|
cinder::keystone::auth::admin_url_v2: {{UNDERCLOUD_ENDPOINT_CINDER_V2_ADMIN}}
|
|
cinder::keystone::auth::public_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_PUBLIC}}
|
|
cinder::keystone::auth::internal_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_INTERNAL}}
|
|
cinder::keystone::auth::admin_url_v3: {{UNDERCLOUD_ENDPOINT_CINDER_V3_ADMIN}}
|
|
cinder::keystone::auth::region: "%{hiera('keystone_region')}"
|
|
cinder::keystone::auth::password: {{UNDERCLOUD_CINDER_PASSWORD}}
|
|
cinder::keystone::authtoken::project_name: 'service'
|
|
cinder::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
|
cinder::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
cinder::keystone::authtoken::password: {{UNDERCLOUD_CINDER_PASSWORD}}
|
|
cinder::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
|
|
cinder::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
|
|
cinder::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
|
|
cinder::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
|
|
cinder::rabbit_host: "{{LOCAL_IP_WRAPPED}}"
|
|
cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
|
|
cinder::setup_test_volume::size: '10280M'
|
|
cinder::wsgi::apache::bind_host: {{LOCAL_IP}}
|
|
cinder::wsgi::apache::ssl: false
|
|
cinder::wsgi::apache::workers: "%{::os_workers}"
|
|
|
|
# HAproxy
|
|
tripleo::profile::base::haproxy::step: 1
|
|
tripleo::haproxy::haproxy_stats_password: {{UNDERCLOUD_HAPROXY_STATS_PASSWORD}}
|
|
tripleo::haproxy::controller_virtual_ip: "%{hiera('controller_admin_host')}"
|
|
tripleo::haproxy::controller_hosts: "%{hiera('controller_host')}"
|
|
tripleo::haproxy::public_virtual_ip: "%{hiera('controller_public_host')}"
|
|
tripleo::haproxy::public_virtual_interface: 'br-ctlplane'
|
|
tripleo::haproxy::keystone_admin: true
|
|
tripleo::haproxy::keystone_public: true
|
|
tripleo::haproxy::neutron: true
|
|
tripleo::haproxy::glance_api: true
|
|
tripleo::haproxy::glance_registry: true
|
|
tripleo::haproxy::nova_osapi: true
|
|
tripleo::haproxy::nova_placement: true
|
|
tripleo::haproxy::nova_metadata: true
|
|
tripleo::haproxy::swift_proxy_server: true
|
|
tripleo::haproxy::heat_api: true
|
|
tripleo::haproxy::ceilometer: "%{hiera('enable_telemetry')}"
|
|
tripleo::haproxy::aodh: "%{hiera('enable_telemetry')}"
|
|
tripleo::haproxy::gnocchi: "%{hiera('enable_telemetry')}"
|
|
tripleo::haproxy::panko: "%{hiera('enable_telemetry')}"
|
|
tripleo::haproxy::ironic: true
|
|
tripleo::haproxy::ironic_inspector: true
|
|
tripleo::haproxy::rabbitmq: true
|
|
tripleo::haproxy::mistral: true
|
|
tripleo::haproxy::zaqar_api: true
|
|
tripleo::haproxy::zaqar_ws: true
|
|
tripleo::haproxy::docker_registry: true
|
|
|
|
# Docker
|
|
tripleo::profile::base::docker::step: 1
|
|
# Undercloud should not have --iptables=false by default hence this override (LP#1709325)
|
|
tripleo::profile::base::docker::docker_options: '--log-driver=journald --signature-verification=false'
|
|
{{#DOCKER_REGISTRY_MIRROR}}
|
|
tripleo::profile::base::docker::registry_mirror: {{DOCKER_REGISTRY_MIRROR}}
|
|
{{/DOCKER_REGISTRY_MIRROR}}
|
|
tripleo::profile::base::docker::debug: "%{hiera('debug')}"
|
|
tripleo::profile::base::docker::insecure_registries: ['{{LOCAL_IP}}:8787','{{UNDERCLOUD_ADMIN_HOST}}:8787']
|
|
|
|
# Keepalived
|
|
tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}"
|
|
tripleo::keepalived::control_virtual_interface: 'br-ctlplane'
|
|
tripleo::keepalived::public_virtual_ip: "%{hiera('controller_public_host')}"
|
|
tripleo::keepalived::public_virtual_interface: 'br-ctlplane'
|
|
tripleo::keepalived::virtual_router_id_base: 40
|
|
|
|
# UI
|
|
keystone::cors::allowed_origin: '*'
|
|
ironic::cors::allowed_origin: '*'
|
|
ironic::cors::max_age: 3600
|
|
ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
|
|
ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
|
|
ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
|
|
ironic::inspector::cors::allowed_origin: '*'
|
|
ironic::inspector::cors::max_age: 3600
|
|
ironic::inspector::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
|
|
ironic::inspector::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
|
|
ironic::inspector::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
|
|
heat::cors::allowed_origin: '*'
|
|
heat::cors::max_age: 3600
|
|
heat::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
|
|
heat::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
|
|
mistral::cors::allowed_origin: '*'
|
|
mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
|
|
mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
|
|
swift::proxy::cors_allow_origin: '*'
|
|
tripleo::ui::endpoint_proxy_zaqar: {{UNDERCLOUD_ENDPOINT_ZAQAR_UI_PROXY_INTERNAL}}
|
|
tripleo::ui::endpoint_proxy_keystone: {{UNDERCLOUD_ENDPOINT_KEYSTONE_INTERNAL}}
|
|
tripleo::ui::endpoint_proxy_heat: {{UNDERCLOUD_ENDPOINT_HEAT_UI_PROXY_INTERNAL}}
|
|
tripleo::ui::endpoint_proxy_ironic: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}}
|
|
tripleo::ui::endpoint_proxy_ironic_inspector: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_INTERNAL}}
|
|
tripleo::ui::endpoint_proxy_mistral: {{UNDERCLOUD_ENDPOINT_MISTRAL_UI_PROXY_INTERNAL}}
|
|
tripleo::ui::endpoint_proxy_swift: {{UNDERCLOUD_ENDPOINT_SWIFT_UI_PROXY_INTERNAL}}
|
|
tripleo::ui::endpoint_config_zaqar: {{UNDERCLOUD_ENDPOINT_ZAQAR_UI_CONFIG_PUBLIC}}
|
|
tripleo::ui::endpoint_config_keystone: {{UNDERCLOUD_ENDPOINT_KEYSTONE_UI_CONFIG_PUBLIC}}
|
|
tripleo::ui::endpoint_config_heat: {{UNDERCLOUD_ENDPOINT_HEAT_UI_CONFIG_PUBLIC}}
|
|
tripleo::ui::endpoint_config_ironic: {{UNDERCLOUD_ENDPOINT_IRONIC_UI_CONFIG_PUBLIC}}
|
|
tripleo::ui::endpoint_config_ironic_inspector: {{UNDERCLOUD_ENDPOINT_IRONIC_INSPECTOR_UI_CONFIG_PUBLIC}}
|
|
tripleo::ui::endpoint_config_mistral: {{UNDERCLOUD_ENDPOINT_MISTRAL_UI_CONFIG_PUBLIC}}
|
|
tripleo::ui::endpoint_config_swift: {{UNDERCLOUD_ENDPOINT_SWIFT_UI_CONFIG_PUBLIC}}
|
|
|
|
# service tenant
|
|
ceilometer::keystone::authtoken::project_name: 'service'
|
|
aodh::keystone::authtoken::project_name: 'service'
|
|
gnocchi::keystone::authtoken::project_name: 'service'
|
|
cinder::keystone::authtoken::project_name: 'service'
|
|
heat::keystone::authtoken::project_name: 'service'
|
|
glance::api::authtoken::project_name: 'service'
|
|
glance::registry::authtoken::project_name: 'service'
|
|
ironic::api::authtoken::project_name: 'service'
|
|
ironic::drivers::inspector::project_name: 'service'
|
|
ironic::glance::project_name: 'service'
|
|
ironic::neutron::project_name: 'service'
|
|
ironic::service_catalog::project_name: 'service'
|
|
ironic::swift::project_name: 'service'
|
|
nova::keystone::authtoken::project_name: 'service'
|
|
swift::proxy::authtoken::project_name: 'service'
|
|
mistral::keystone::authtoken::project_name: 'service'
|
|
|
|
swift::proxy::workers: "%{::os_workers}"
|
|
# Options
|
|
enable_tempest: {{ENABLE_TEMPEST}}
|
|
enable_validations: {{ENABLE_VALIDATIONS}}
|
|
enable_telemetry: {{ENABLE_TELEMETRY}}
|
|
enable_ui: {{ENABLE_UI}}
|
|
enable_cinder: {{ENABLE_CINDER}}
|
|
enable_container_images_build: {{ENABLE_CONTAINER_IMAGES_BUILD}}
|
|
|
|
# Path to install configuration files
|
|
tripleo_install_user: {{TRIPLEO_INSTALL_USER}}
|
|
tripleo_undercloud_conf_file: {{TRIPLEO_UNDERCLOUD_CONF_FILE}}
|
|
tripleo_undercloud_password_file: {{TRIPLEO_UNDERCLOUD_PASSWORD_FILE}}
|
|
|
|
# Novajoin
|
|
{{#ENABLE_NOVAJOIN}}
|
|
novajoin_listen_port: 9090
|
|
nova::metadata::novajoin::api::bind_address: "{{LOCAL_IP}}"
|
|
nova::metadata::novajoin::api::join_listen_port: "%{hiera('novajoin_listen_port')}"
|
|
nova::metadata::novajoin::api::keystone_auth_url: "%{hiera('keystone_auth_uri')}"
|
|
nova::metadata::novajoin::api::service_password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
|
|
nova::metadata::novajoin::api::transport_url: "rabbit://{{UNDERCLOUD_RABBIT_USERNAME}}:{{UNDERCLOUD_RABBIT_PASSWORD}}@{{LOCAL_IP_WRAPPED}}//"
|
|
nova::metadata::novajoin::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
|
|
nova::metadata::novajoin::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
|
|
nova::metadata::novajoin::authtoken::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
|
|
nova::metadata::novajoin::authtoken::project_name: 'service'
|
|
nova::metadata::novajoin::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}"
|
|
nova::metadata::novajoin::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}"
|
|
nova::metadata::novajoin::auth::tenant: 'service'
|
|
nova::metadata::novajoin::auth::password: {{UNDERCLOUD_NOVAJOIN_PASSWORD}}
|
|
nova::metadata::novajoin::auth::region: "%{hiera('keystone_region')}"
|
|
ipaclient::password: {{IPA_OTP}}
|
|
ipaclient::hostname: {{UNDERCLOUD_HOSTNAME}}
|
|
enable_novajoin: true
|
|
nova::api::vendordata_jsonfile_path: '/etc/novajoin/cloud-config-novajoin.json'
|
|
nova::api::vendordata_providers: ['StaticJSON', 'DynamicJSON']
|
|
nova::api::vendordata_dynamic_targets: ["join@http://{{LOCAL_IP}}:%{hiera('novajoin_listen_port')}/v1/"]
|
|
nova::api::vendordata_dynamic_failure_fatal: true
|
|
nova::api::vendordata_dynamic_auth_auth_type: 'password'
|
|
nova::api::vendordata_dynamic_auth_auth_url: "%{hiera('keystone_auth_uri')}"
|
|
nova::api::vendordata_dynamic_auth_os_region_name: "%{hiera('keystone_region')}"
|
|
nova::api::vendordata_dynamic_auth_username: 'nova'
|
|
nova::api::vendordata_dynamic_auth_project_name: 'service'
|
|
nova::api::vendordata_dynamic_auth_project_domain_name: 'Default'
|
|
nova::api::vendordata_dynamic_auth_user_domain_name: 'Default'
|
|
nova::api::vendordata_dynamic_auth_password: {{UNDERCLOUD_NOVA_PASSWORD}}
|
|
nova::notification_topics: ['notifications', 'novajoin_notifications']
|
|
nova::notify_on_state_change: 'vm_state'
|
|
{{/ENABLE_NOVAJOIN}}
|
|
|
|
# Firewall
|
|
tripleo::firewall::manage_firewall: true
|
|
tripleo::firewall::firewall_rules:
|
|
'105 ntp':
|
|
dport: 123
|
|
proto: udp
|
|
'106 vrrp':
|
|
proto: vrrp
|
|
'107 haproxy stats':
|
|
dport: 1993
|
|
'108 redis':
|
|
dport:
|
|
- 6379
|
|
- 26379
|
|
'110 ceph':
|
|
dport:
|
|
- 6789
|
|
- '6800-6810'
|
|
'111 keystone':
|
|
dport:
|
|
- 5000
|
|
- 13000
|
|
- 35357
|
|
- 13357
|
|
'112 glance':
|
|
dport:
|
|
- 9292
|
|
- 9191
|
|
- 13292
|
|
'113 nova':
|
|
dport:
|
|
- 6080
|
|
- 13080
|
|
- 8773
|
|
- 13773
|
|
- 8774
|
|
- 13774
|
|
- 8778
|
|
- 13778
|
|
- 8775
|
|
- 13775
|
|
'114 neutron server':
|
|
dport:
|
|
- 9696
|
|
- 13696
|
|
'115 neutron dhcp input':
|
|
proto: 'udp'
|
|
dport: 67
|
|
'116 neutron dhcp output':
|
|
proto: 'udp'
|
|
chain: 'OUTPUT'
|
|
dport: 68
|
|
'118 neutron vxlan networks':
|
|
proto: 'udp'
|
|
dport: 4789
|
|
'119 cinder':
|
|
dport:
|
|
- 8776
|
|
- 13776
|
|
'120 iscsi initiator':
|
|
dport: 3260
|
|
'121 memcached':
|
|
dport: 11211
|
|
'122 swift proxy':
|
|
dport:
|
|
- 8080
|
|
- 13808
|
|
'123 swift storage':
|
|
dport:
|
|
- 873
|
|
- 6000
|
|
- 6001
|
|
- 6002
|
|
'125 heat':
|
|
dport:
|
|
- 8000
|
|
- 13800
|
|
- 8003
|
|
- 13003
|
|
- 8004
|
|
- 13004
|
|
'126 horizon':
|
|
dport:
|
|
- 80
|
|
- 443
|
|
'127 snmp':
|
|
dport: 161
|
|
proto: 'udp'
|
|
'128 aodh':
|
|
dport:
|
|
- 8042
|
|
- 13042
|
|
'129 gnocchi-api':
|
|
dport:
|
|
- 8041
|
|
- 13041
|
|
'130 tftp':
|
|
dport: 69
|
|
proto: udp
|
|
'131 novnc':
|
|
dport: 5900-5999
|
|
proto: tcp
|
|
'132 mistral':
|
|
dport:
|
|
- 8989
|
|
- 13989
|
|
'133 zaqar':
|
|
dport:
|
|
- 8888
|
|
- 13888
|
|
'134 zaqar websockets':
|
|
dport: 9000
|
|
'135 ironic':
|
|
dport:
|
|
- 6385
|
|
- 13385
|
|
'136 trove':
|
|
dport:
|
|
- 8779
|
|
- 13779
|
|
'137 ironic-inspector':
|
|
dport: 5050
|
|
'138 docker registry':
|
|
dport:
|
|
- 8787
|
|
- 13787
|
|
'139 apache vhost':
|
|
dport: "%{hiera('ironic_ipxe_port')}"
|
|
# 140 network cidr nat rules
|
|
{{SUBNETS_CIDR_NAT_RULES}}
|
|
'142 tripleo-ui':
|
|
dport:
|
|
- 3000
|
|
- 443
|
|
'143 panko-api':
|
|
dport:
|
|
- 8977
|
|
- 13977
|