Sync kayobe-config with kayobe changes

Change-Id: I016af4a3d214c3f5e2a59c806a40281de024e713

etc/kayobe/apt.yml

@@ -5,6 +5,12 @@
 # Apt cache TTL in seconds. Default is 3600.
 #apt_cache_valid_time:
 
+# Apt proxy URL for HTTP. Default is empty (no proxy).
+#apt_proxy_http:
+
+# Apt proxy URL for HTTPS. Default is {{ apt_proxy_http }}.
+#apt_proxy_https:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes

etc/kayobe/bifrost.yml

@@ -11,6 +11,10 @@
 # {{ openstack_branch }}.
 #kolla_bifrost_source_version:
 
+# Whether Bifrost uses firewalld. Default value is false to avoid conflicting
+# with iptables rules configured on the seed host by Kayobe.
+#kolla_bifrost_use_firewalld:
+
 # Firewalld zone used by Bifrost. Default is "trusted", to avoid blocking other
 # services running on the seed host.
 #kolla_bifrost_firewalld_internal_zone:
@@ -39,8 +43,10 @@
 # DIB init element. Default is "cloud-init-datasources".
 #kolla_bifrost_dib_init_element:
 
-# DIB default environment variables. Default is {"DIB_CLOUD_INIT_DATASOURCES":
-# "ConfigDrive", "DIB_DISABLE_KERNEL_CLEANUP": 1}.
+# DIB default environment variables. Default is
+# {DIB_BOOTLOADER_DEFAULT_CMDLINE:
+# "nofb nomodeset gfxpayload=text net.ifnames=1",
+# "DIB_CLOUD_INIT_DATASOURCES": "ConfigDrive"}.
 #kolla_bifrost_dib_env_vars_default:
 
 # DIB additional environment variables. Default is none.
@@ -53,6 +59,12 @@
 # List of DIB packages to install. Default is to install no extra packages.
 #kolla_bifrost_dib_packages:
 
+###############################################################################
+# Disk image deployment configuration.
+
+# Name of disk image file to deploy. Default is "deployment_image.qcow2".
+#kolla_bifrost_deploy_image_filename:
+
 ###############################################################################
 # Ironic configuration.
 

etc/kayobe/compute.yml

@@ -108,6 +108,13 @@
 # Dict of sysctl parameters to set.
 #compute_sysctl_parameters:
 
+###############################################################################
+# Compute node tuned configuration.
+
+# Builtin tuned profile to use. Format is same as that used by giovtorres.tuned
+# role. Default is virtual-host.
+#compute_tuned_active_builtin_profile:
+
 ###############################################################################
 # Compute node user configuration.
 
@@ -115,6 +122,27 @@
 # singleplatform-eng.users role.
 #compute_users:
 
+###############################################################################
+# Compute node firewalld configuration.
+
+# Whether to install and enable firewalld.
+#compute_firewalld_enabled:
+
+# A list of zones to create. Each item is a dict containing a 'zone' item.
+#compute_firewalld_zones:
+
+# A firewalld zone to set as the default. Default is unset, in which case the
+# default zone will not be changed.
+#compute_firewalld_default_zone:
+
+# A list of firewall rules to apply. Each item is a dict containing arguments
+# to pass to the firewalld module. Arguments are omitted if not provided, with
+# the following exceptions:
+# - offline: true
+# - permanent: true
+# - state: enabled
+#compute_firewalld_rules:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes

etc/kayobe/controllers.yml

@@ -117,6 +117,13 @@
 # Dict of sysctl parameters to set.
 #controller_sysctl_parameters:
 
+###############################################################################
+# Controller node tuned configuration.
+
+# Builtin tuned profile to use. Format is same as that used by giovtorres.tuned
+# role. Default is throughput-performance.
+#controller_tuned_active_builtin_profile:
+
 ###############################################################################
 # Controller node user configuration.
 
@@ -124,6 +131,27 @@
 # singleplatform-eng.users role.
 #controller_users:
 
+###############################################################################
+# Controller node firewalld configuration.
+
+# Whether to install and enable firewalld.
+#controller_firewalld_enabled:
+
+# A list of zones to create. Each item is a dict containing a 'zone' item.
+#controller_firewalld_zones:
+
+# A firewalld zone to set as the default. Default is unset, in which case the
+# default zone will not be changed.
+#controller_firewalld_default_zone:
+
+# A list of firewall rules to apply. Each item is a dict containing arguments
+# to pass to the firewalld module. Arguments are omitted if not provided, with
+# the following exceptions:
+# - offline: true
+# - permanent: true
+# - state: enabled
+#controller_firewalld_rules:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes

etc/kayobe/globals.yml

@@ -53,6 +53,17 @@
 # "focal" when os_distribution is "ubuntu".
 #os_release:
 
+###############################################################################
+# Ansible configuration.
+
+# Filter to apply to the setup module when gathering facts. Default is to not
+# specify a filter.
+#kayobe_ansible_setup_filter:
+
+# Gather subset to apply to the setup module when gathering facts. Default is
+# to not specify a gather subset.
+#kayobe_ansible_setup_gather_subset:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes

etc/kayobe/infra-vms.yml

@@ -0,0 +1,174 @@
+---
+###############################################################################
+# Infrastructure VM configuration.
+
+# Name of the infra VM.
+#infra_vm_name:
+
+# Memory in MB.
+#infra_vm_memory_mb:
+
+# Number of vCPUs.
+#infra_vm_vcpus:
+
+# List of volumes.
+#infra_vm_volumes:
+
+# Root volume.
+#infra_vm_root_volume:
+
+# Data volume.
+#infra_vm_data_volume:
+
+# Name of the storage pool for the infra VM volumes.
+#infra_vm_pool:
+
+# Capacity of the infra VM root volume.
+#infra_vm_root_capacity:
+
+# Format of the infra VM root volume.
+#infra_vm_root_format:
+
+# Base image for the infra VM root volume. Default is
+# "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img"
+# when os_distribution is "ubuntu", or
+# "https://cloud.centos.org/centos/8-stream/x86_64/images/CentOS-Stream-GenericCloud-8-20210210.0.x86_64.qcow2"
+# otherwise.
+#infra_vm_root_image:
+
+# Capacity of the infra VM data volume.
+#infra_vm_data_capacity:
+
+# Format of the infra VM data volume.
+#infra_vm_data_format:
+
+# List of network interfaces to attach to the infra VM.
+#infra_vm_interfaces:
+
+# Hypervisor that the VM runs on.
+#infra_vm_hypervisor:
+
+# Customise ansible_ssh_extra_args for the test that checks SSH connectivity
+# after provisioning. Defaults to disabling ssh host key checking.
+#infra_vm_wait_connection_ssh_extra_args:
+
+# OS family. Needed for config drive generation.
+# infra_vm_os_family:
+
+###############################################################################
+# Infrastructure VM node configuration.
+
+# User with which to access the infrastructure vm via SSH during bootstrap, in
+# order to setup the Kayobe user account.
+#infra_vm_bootstrap_user:
+
+###############################################################################
+# Infrastructure VM network interface configuration.
+
+# List of networks to which infrastructure vm nodes are attached.
+#infra_vm_network_interfaces:
+
+# List of default networks to which infrastructure vm nodes are attached.
+#infra_vm_default_network_interfaces:
+
+# List of extra networks to which infrastructure vm nodes are attached.
+#infra_vm_extra_network_interfaces:
+
+###############################################################################
+# Infrastructure VM node software RAID configuration.
+
+# List of software RAID arrays. See mrlesmithjr.mdadm role for format.
+#infra_vm_mdadm_arrays:
+
+###############################################################################
+# Infrastructure VM node encryption configuration.
+
+# List of block devices to encrypt. See stackhpc.luks role for format.
+#infra_vm_luks_devices:
+
+###############################################################################
+# Infrastructure VM node LVM configuration.
+
+# List of infrastructure vm volume groups. See mrlesmithjr.manage-lvm role for
+# format.
+#infra_vm_lvm_groups:
+
+# Default list of infrastructure vm volume groups. See mrlesmithjr.manage-lvm
+# role for format.
+#infra_vm_lvm_groups_default:
+
+# Additional list of infrastructure vm volume groups. See mrlesmithjr.manage-lvm
+# role for format.
+#infra_vm_lvm_groups_extra:
+
+# Whether a 'data' LVM volume group should exist on the infrastructure vm. By
+# default this contains a 'docker-volumes' logical volume for Docker volume
+# storage. It will also be used for Docker container and image storage if
+# 'docker_storage_driver' is set to 'devicemapper'. Default is true if
+# 'docker_storage_driver' is set to 'devicemapper', or false otherwise.
+#infra_vm_lvm_group_data_enabled:
+
+# Infrastructure VM LVM volume group for data. See mrlesmithjr.manage-lvm role
+# for format.
+#infra_vm_lvm_group_data:
+
+# List of disks for use by infrastructure vm LVM data volume group. Default to
+# an invalid value to require configuration.
+#infra_vm_lvm_group_data_disks:
+
+# List of LVM logical volumes for the data volume group.
+#infra_vm_lvm_group_data_lvs:
+
+# Docker volumes LVM backing volume.
+#infra_vm_lvm_group_data_lv_docker_volumes:
+
+# Size of docker volumes LVM backing volume.
+#infra_vm_lvm_group_data_lv_docker_volumes_size:
+
+# Filesystem for docker volumes LVM backing volume. ext4 allows for shrinking.
+#infra_vm_lvm_group_data_lv_docker_volumes_fs:
+
+###############################################################################
+# Infrastructure VM node sysctl configuration.
+
+# Dict of sysctl parameters to set.
+#infra_vm_sysctl_parameters:
+
+###############################################################################
+# Infrastructure VM node tuned configuration.
+
+# Builtin tuned profile to use. Format is same as that used by giovtorres.tuned
+# role. Default is virtual-guest.
+#infra_vm_tuned_active_builtin_profile:
+
+###############################################################################
+# Infrastructure VM node user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+#infra_vm_users:
+
+###############################################################################
+# Infrastructure VM node firewalld configuration.
+
+# Whether to install and enable firewalld.
+#infra_vm_firewalld_enabled:
+
+# A list of zones to create. Each item is a dict containing a 'zone' item.
+#infra_vm_firewalld_zones:
+
+# A firewalld zone to set as the default. Default is unset, in which case the
+# default zone will not be changed.
+#infra_vm_firewalld_default_zone:
+
+# A list of firewall rules to apply. Each item is a dict containing arguments
+# to pass to the firewalld module. Arguments are omitted if not provided, with
+# the following exceptions:
+# - offline: true
+# - permanent: true
+# - state: enabled
+#infra_vm_firewalld_rules:
+
+###############################################################################
+# Dummy variable to allow Ansible to accept this file.
+workaround_ansible_issue_8743: yes

etc/kayobe/inspector.yml

@@ -103,7 +103,7 @@
 # Ironic inspector rule to save introspection data to the node.
 #inspector_rule_save_data:
 
-# List of default ironic insepctor rules.
+# List of default ironic inspector rules.
 #inspector_rules_default:
 
 # List of additional ironic inspector rules.

etc/kayobe/inventory/groups

@@ -14,6 +14,16 @@
 # Build container images on the seed by default.
 seed
 
+###############################################################################
+# Infra VM groups.
+
+[hypervisors:children]
+# Group that contains all hypervisors used for infra VMs
+seed-hypervisor
+
+[infra-vms]
+# Empty group to provide declaration of infra-vms group.
+
 ###############################################################################
 # Overcloud groups.
 

etc/kayobe/ipa.yml

@@ -17,7 +17,7 @@
 #ipa_builder_source_url:
 
 # Version of IPA builder source repository. Default is master.
-#ipa_build_source_version:
+#ipa_builder_source_version:
 
 # List of default Diskimage Builder (DIB) elements to use when building IPA
 # images. Default is ["centos", "enable-serial-console",

etc/kayobe/kolla.yml

@@ -65,7 +65,7 @@
 # "ubuntu". Default is {{ os_distribution }}.
 #kolla_base_distro:
 
-# Kolla container image type: binary or source. Default is 'binary'.
+# Kolla container image type: binary or source. Default is 'source'.
 #kolla_install_type:
 
 # URL of docker registry to use for Kolla images. Default is not set, in which
@@ -75,6 +75,11 @@
 # Docker namespace to use for Kolla images. Default is 'kolla'.
 #kolla_docker_namespace:
 
+# Whether docker should be configured to use an insecure registry for Kolla
+# images. Default is false, unless docker_registry_enabled is true and
+# docker_registry_enable_tls is false.
+#kolla_docker_registry_insecure:
+
 # Username to use to access a docker registry. Default is not set, in which
 # case the registry will be used without authentication.
 #kolla_docker_registry_username:
@@ -258,14 +263,14 @@
 #kolla_enable_ceilometer_ipmi:
 #kolla_enable_cells:
 #kolla_enable_central_logging:
-#kolla_enable_chrony:
+#kolla_enable_ceph_rgw:
+#kolla_enable_ceph_rgw_loadbalancer:
 #kolla_enable_cinder:
 #kolla_enable_cinder_backend_hnas_nfs:
 #kolla_enable_cinder_backend_iscsi:
 #kolla_enable_cinder_backend_lvm:
 #kolla_enable_cinder_backend_nfs:
 #kolla_enable_cinder_backend_quobyte:
-#kolla_enable_cinder_backend_zfssa_iscsi:
 #kolla_enable_cinder_backup:
 #kolla_enable_cinder_horizon_policy_file:
 #kolla_enable_cloudkitty:
@@ -327,6 +332,7 @@
 #kolla_enable_keystone_horizon_policy_file:
 #kolla_enable_kibana:
 #kolla_enable_kuryr:
+#kolla_enable_loadbalancer:
 #kolla_enable_magnum:
 #kolla_enable_manila:
 #kolla_enable_manila_backend_cephfs_native:
@@ -350,6 +356,7 @@
 #kolla_enable_neutron_infoblox_ipam_agent:
 #kolla_enable_neutron_metering:
 #kolla_enable_neutron_mlnx:
+#kolla_enable_neutron_packet_logging:
 #kolla_enable_neutron_port_forwarding:
 #kolla_enable_neutron_provider_networks:
 #kolla_enable_neutron_qos:
@@ -371,7 +378,6 @@
 #kolla_enable_outward_rabbitmq:
 #kolla_enable_ovn:
 #kolla_enable_ovs_dpdk:
-#kolla_enable_panko:
 #kolla_enable_placement:
 #kolla_enable_prometheus:
 #kolla_enable_prometheus_alertmanager:
@@ -379,6 +385,7 @@
 #kolla_enable_prometheus_cadvisor:
 #kolla_enable_prometheus_ceph_mgr_exporter:
 #kolla_enable_prometheus_elasticsearch_exporter:
+#kolla_enable_prometheus_fluentd_integration:
 #kolla_enable_prometheus_haproxy_exporter:
 #kolla_enable_prometheus_memcached_exporter:
 #kolla_enable_prometheus_mysqld_exporter:
@@ -388,7 +395,6 @@
 #kolla_enable_prometheus_server:
 #kolla_enable_qdrouterd:
 #kolla_enable_rabbitmq:
-#kolla_enable_rally:
 #kolla_enable_redis:
 #kolla_enable_sahara:
 #kolla_enable_senlin:
@@ -400,7 +406,6 @@
 #kolla_enable_swift_s3api:
 #kolla_enable_tacker:
 #kolla_enable_telegraf:
-#kolla_enable_tempest:
 #kolla_enable_trove:
 #kolla_enable_trove_singletenant:
 #kolla_enable_vitrage:

etc/kayobe/monitoring.yml

@@ -81,6 +81,13 @@
 # Dict of sysctl parameters to set.
 #monitoring_sysctl_parameters:
 
+###############################################################################
+# Monitoring node tuned configuration.
+
+# Builtin tuned profile to use. Format is same as that used by giovtorres.tuned
+# role. Default is throughput-performance.
+#monitoring_tuned_active_builtin_profile:
+
 ###############################################################################
 # Monitoring node user configuration.
 
@@ -88,6 +95,27 @@
 # singleplatform-eng.users role.
 #monitoring_users:
 
+###############################################################################
+# Monitoring node firewalld configuration.
+
+# Whether to install and enable firewalld.
+#monitoring_firewalld_enabled:
+
+# A list of zones to create. Each item is a dict containing a 'zone' item.
+#monitoring_firewalld_zones:
+
+# A firewalld zone to set as the default. Default is unset, in which case the
+# default zone will not be changed.
+#monitoring_firewalld_default_zone:
+
+# A list of firewall rules to apply. Each item is a dict containing arguments
+# to pass to the firewalld module. Arguments are omitted if not provided, with
+# the following exceptions:
+# - offline: true
+# - permanent: true
+# - state: enabled
+#monitoring_firewalld_rules:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes

etc/kayobe/openstack.yml

@@ -2,10 +2,10 @@
 ###############################################################################
 # OpenStack release configuration.
 
-# Name of the current OpenStack release. Default is "wallaby".
+# Name of the current OpenStack release. Default is "xena".
 #openstack_release:
 
-# Name of the current OpenStack branch. Default is "stable/wallaby".
+# Name of the current OpenStack branch. Default is "stable/xena".
 #openstack_branch:
 
 ###############################################################################

etc/kayobe/seed-hypervisor.yml

@@ -97,6 +97,13 @@
 # Dict of sysctl parameters to set.
 #seed_hypervisor_sysctl_parameters:
 
+###############################################################################
+# Seed hypervisor tuned configuration.
+
+# Builtin tuned profile to use. Format is same as that used by giovtorres.tuned
+# role. Default is virtual-host.
+#seed_hypervisor_tuned_active_builtin_profile:
+
 ###############################################################################
 # Seed hypervisor user configuration.
 
@@ -104,6 +111,27 @@
 # singleplatform-eng.users role.
 #seed_hypervisor_users:
 
+###############################################################################
+# Seed hypervisor node firewalld configuration.
+
+# Whether to install and enable firewalld.
+#seed_hypervisor_firewalld_enabled:
+
+# A list of zones to create. Each item is a dict containing a 'zone' item.
+#seed_hypervisor_firewalld_zones:
+
+# A firewalld zone to set as the default. Default is unset, in which case the
+# default zone will not be changed.
+#seed_hypervisor_firewalld_default_zone:
+
+# A list of firewall rules to apply. Each item is a dict containing arguments
+# to pass to the firewalld module. Arguments are omitted if not provided, with
+# the following exceptions:
+# - offline: true
+# - permanent: true
+# - state: enabled
+#seed_hypervisor_firewalld_rules:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes

etc/kayobe/seed.yml

@@ -18,6 +18,9 @@
 # List of extra networks to which seed nodes are attached.
 #seed_extra_network_interfaces:
 
+# Whether to enable SNAT on seed nodes. Default is false.
+#seed_enable_snat:
+
 ###############################################################################
 # Seed node software RAID configuration.
 
@@ -76,6 +79,13 @@
 # Dict of sysctl parameters to set.
 #seed_sysctl_parameters:
 
+###############################################################################
+# Seed node tuned configuration.
+
+# Builtin tuned profile to use. Format is same as that used by giovtorres.tuned
+# role. Default is virtual-guest.
+#seed_tuned_active_builtin_profile:
+
 ###############################################################################
 # Seed node user configuration.
 
@@ -97,6 +107,27 @@
 #
 #seed_containers:
 
+###############################################################################
+# Seed node firewalld configuration.
+
+# Whether to install and enable firewalld.
+#seed_firewalld_enabled:
+
+# A list of zones to create. Each item is a dict containing a 'zone' item.
+#seed_firewalld_zones:
+
+# A firewalld zone to set as the default. Default is unset, in which case the
+# default zone will not be changed.
+#seed_firewalld_default_zone:
+
+# A list of firewall rules to apply. Each item is a dict containing arguments
+# to pass to the firewalld module. Arguments are omitted if not provided, with
+# the following exceptions:
+# - offline: true
+# - permanent: true
+# - state: enabled
+#seed_firewalld_rules:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes

etc/kayobe/storage.yml

@@ -113,6 +113,13 @@
 # Dict of sysctl parameters to set.
 #storage_sysctl_parameters:
 
+###############################################################################
+# Storage node tuned configuration.
+
+# Builtin tuned profile to use. Format is same as that used by giovtorres.tuned
+# role. Default is throughput-performance.
+#storage_tuned_active_builtin_profile:
+
 ###############################################################################
 # Storage node user configuration.
 
@@ -120,6 +127,27 @@
 # singleplatform-eng.users role.
 #storage_users:
 
+###############################################################################
+# Storage node firewalld configuration.
+
+# Whether to install and enable firewalld.
+#storage_firewalld_enabled:
+
+# A list of zones to create. Each item is a dict containing a 'zone' item.
+#storage_firewalld_zones:
+
+# A firewalld zone to set as the default. Default is unset, in which case the
+# default zone will not be changed.
+#storage_firewalld_default_zone:
+
+# A list of firewall rules to apply. Each item is a dict containing arguments
+# to pass to the firewalld module. Arguments are omitted if not provided, with
+# the following exceptions:
+# - offline: true
+# - permanent: true
+# - state: enabled
+#storage_firewalld_rules:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes