openstack-ansible-os_gnocchi/defaults/main.yml

---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Special role execution lifecycles
# Only create Gnocchi's identity entities in Keystone
gnocchi_identity_only: False

# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
gnocchi_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
gnocchi_service_setup_host_python_interpreter: >-
  {{
    openstack_service_setup_host_python_interpreter | default(
      (gnocchi_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))
  }}  

# venv python version
gnocchi_venv_python_executable: "{{ openstack_venv_python_executable | default('python3') }}"

# Enable for debug logging level
debug: false

# Set the package install state for distribution packages
# Options are 'present' and 'latest'
gnocchi_package_state: "{{ package_state | default('latest') }}"

# Toggle keystone authentication for gnocchi
gnocchi_auth_mode: "keystone"

# These variables are used in 'developer mode' in order to allow the role
# to build an environment directly from a git source without the presence
# of an OpenStack-Ansible repo_server.
gnocchi_git_repo: https://github.com/gnocchixyz/gnocchi
gnocchi_git_install_branch: master
gnocchi_upper_constraints_url: >-
  {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}  
gnocchi_git_constraints:
  - "--constraint {{ gnocchi_upper_constraints_url }}"

gnocchi_pip_install_args: "{{ pip_install_options | default('') }}"

# Use of deprecated config options will cause a fatal application error
gnocchi_fatal_deprecations: false

# External SSL forwarding proto, assumes TLS termination at load balancer
gnocchi_ssl_external: "{{ openstack_external_ssl | default(True) }}"
gnocchi_secure_proxy_ssl_header: HTTP_X_FORWARDED_PROTO

# Name of the virtual env to deploy into
gnocchi_venv_tag: "{{ venv_tag | default('untagged') }}"
gnocchi_bin: "/openstack/venvs/gnocchi-{{ gnocchi_venv_tag }}/bin"
gnocchi_venv_pkgs: "/openstack/venvs/gnocchi-{{ gnocchi_venv_tag }}/lib/python2.7/site-packages"

# Set the etc dir path where gnocchi is installed.
#  This is used for role access to the db migrations.
#  Example:
#  gnocchi_etc_dir: "/usr/local/etc/gnocchi"
gnocchi_etc_dir: "{{ gnocchi_bin | dirname }}/etc/gnocchi"

# Index Database info
gnocchi_db_setup_host: "{{ openstack_db_setup_host | default('localhost') }}"
gnocchi_db_setup_python_interpreter: >-
  {{
    openstack_db_setup_python_interpreter | default(
      (gnocchi_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))
  }}  
gnocchi_galera_address: "{{ galera_address | default('127.0.0.1') }}"
gnocchi_galera_database: gnocchi
gnocchi_galera_user: gnocchi
gnocchi_db_sync_options: ""
gnocchi_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
gnocchi_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('') }}"
gnocchi_galera_port: "{{ galera_port | default('3306') }}"

# Storage info
gnocchi_storage_driver: file
gnocchi_storage_file_basepath: "{{ gnocchi_system_user_home }}"
gnocchi_storage_swift_container_prefix: "gnocchi"
gnocchi_storage_redis_url: "redis://localhost:6379/"

gnocchi_coordination_url: >-
  mysql://{{ gnocchi_galera_user }}:{{ gnocchi_container_mysql_password }}@{{ gnocchi_galera_address }}/{{
    gnocchi_galera_database }}?charset=utf8&timeout=5{%
      if gnocchi_galera_use_ssl | bool %}&ssl_ca={{ gnocchi_galera_ssl_ca_cert }}{% endif %}  

# Incoming configuration
# Incoming configuration is not applied if driver is the same as storage one
gnocchi_incoming_driver: "{{ gnocchi_storage_driver }}"
gnocchi_incoming_file_basepath: "{{ gnocchi_storage_file_basepath }}"
gnocchi_incoming_swift_container_prefix: "{{ gnocchi_storage_swift_container_prefix }}"
gnocchi_incoming_redis_url: "{{ gnocchi_storage_redis_url }}"

# Default Ceph parameters
gnocchi_ceph_pool: "metrics"
gnocchi_ceph_username: "gnocchi"
# If gnocchi_storage_driver == gnocchi_incoming_driver this would have no effect
gnocchi_ceph_incoming_pool: "{{ gnocchi_ceph_pool }}"
gnocchi_ceph_incoming_username: "{{ gnocchi_ceph_username }}"

# System info
gnocchi_system_user_name: gnocchi
gnocchi_system_group_name: gnocchi
gnocchi_system_shell: /bin/false
gnocchi_system_comment: gnocchi system user
gnocchi_system_user_home: "/var/lib/{{ gnocchi_system_user_name }}"

# Service Type and Data
gnocchi_service_name: gnocchi
gnocchi_service_type: metric
gnocchi_service_description: "OpenStack Metric Service"
gnocchi_service_project_description: "OpenStack Services"
gnocchi_keystone_auth_plugin: "{{ gnocchi_keystone_auth_type }}"
gnocchi_keystone_auth_type: password
gnocchi_service_region: "{{ service_region | default('RegionOne') }}"
gnocchi_service_user_name: gnocchi
gnocchi_service_role_names:
  - admin
  - service
gnocchi_service_token_roles:
  - service
gnocchi_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
gnocchi_service_project_name: service
gnocchi_service_project_domain_id: default
gnocchi_service_user_domain_id: default
gnocchi_service_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
gnocchi_service_port: 8041
gnocchi_service_proto: http
gnocchi_service_registry_proto: "{{ gnocchi_service_proto }}"
gnocchi_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(gnocchi_service_proto) }}"
gnocchi_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(gnocchi_service_proto) }}"
gnocchi_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(gnocchi_service_proto) }}"
gnocchi_service_publicuri: "{{ gnocchi_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ gnocchi_service_port }}"
gnocchi_service_publicurl: "{{ gnocchi_service_publicuri }}"
gnocchi_service_internaluri: "{{ gnocchi_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ gnocchi_service_port }}"
gnocchi_service_internalurl: "{{ gnocchi_service_internaluri }}"
gnocchi_service_adminuri: "{{ gnocchi_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ gnocchi_service_port }}"
gnocchi_service_adminurl: "{{ gnocchi_service_adminuri }}"

gnocchi_service_in_ldap: "{{ service_ldap_backend_enabled | default(False) }}"

## uWSGI setup
gnocchi_wsgi_threads: 1
gnocchi_wsgi_processes_max: 16
gnocchi_wsgi_processes: >-
  {{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, gnocchi_wsgi_processes_max] | min }}  
gnocchi_uwsgi_tls:
  crt: "{{ gnocchi_ssl_cert }}"
  key: "{{ gnocchi_ssl_key }}"

gnocchi_metricd_workers_max: 16
gnocchi_metricd_workers: >-
  {{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, gnocchi_metricd_workers_max] | min }}  

gnocchi_uwsgi_conf_overrides: {}
gnocchi_api_init_overrides: {}
gnocchi_metricd_init_overrides: {}

## Service Names
gnocchi_services:
  gnocchi-api:
    group: "gnocchi_api"
    service_name: "gnocchi-api"
    service_enabled: true
    init_config_overrides: "{{ gnocchi_api_init_overrides }}"
    wsgi_app: True
    wsgi_path: "{{ gnocchi_bin }}/gnocchi-api"
    uwsgi_bind_address: "{{ gnocchi_service_address }}"
    uwsgi_port: "{{ gnocchi_service_port }}"
    uwsgi_overrides: "{{ gnocchi_uwsgi_conf_overrides }}"
    uwsgi_tls: "{{ gnocchi_backend_ssl | ternary(gnocchi_uwsgi_tls, {}) }}"
  gnocchi-metricd:
    group: "gnocchi_metricd"
    service_name: "gnocchi-metricd"
    service_enabled: true
    init_config_overrides: "{{ gnocchi_metricd_init_overrides }}"
    execstarts: "{{ gnocchi_bin }}/gnocchi-metricd"

gnocchi_pip_package_extras:
  - "{{ (gnocchi_auth_mode == 'keystone') | ternary('keystone', '') }}"
  - mysql
  - "{{ gnocchi_storage_driver_pip_extra }}"
  - "{{ gnocchi_incoming_driver_pip_extra }}"

# Common pip packages
gnocchi_pip_packages:
  - cryptography
  - "git+{{ gnocchi_git_repo }}@{{ gnocchi_git_install_branch }}#egg=gnocchi[{{ gnocchi_pip_package_extras | unique | reject('equalto', '') | join(',') }}]"
  - gnocchiclient
  - osprofiler
  - pymemcache
  - python-memcached
  - kazoo
  - systemd-python

# Memcached override
gnocchi_memcached_servers: "{{ memcached_servers }}"

# Tunable file-based overrides
# The contents of these files, if they exist, are read from the
# specified path on the deployment host, interpreted by the
# template engine and copied to the target host. If they do
# not exist then the default files will be sourced from the
# service git repository.
gnocchi_api_paste_default_file_path: "/etc/openstack_deploy/gnocchi/api-paste.ini"
gnocchi_policy_default_file_path: "/etc/openstack_deploy/gnocchi/policy.yaml"

# If the above-mentioned files do not exist, then these
# paths will be used to find the files from the git config
# lookup location.
gnocchi_git_config_lookup_location: https://raw.githubusercontent.com/gnocchixyz/gnocchi/{{ gnocchi_git_install_branch }}/
gnocchi_api_paste_git_file_path: "gnocchi/rest/api-paste.ini"

# Tunable var-based overrides
# The contents of these are templated over the default files.
gnocchi_api_paste_ini_overrides: {}
gnocchi_conf_overrides: {}
gnocchi_policy_overrides: {}

###
### Backend TLS
###

# Define if communication between haproxy and service backends should be
# encrypted with TLS.
gnocchi_backend_ssl: "{{ openstack_service_backend_ssl | default(False) }}"

# Storage location for SSL certificate authority
gnocchi_pki_dir: "{{ openstack_pki_dir | default('/etc/openstack_deploy/pki') }}"

# Delegated host for operating the certificate authority
gnocchi_pki_setup_host: "{{ openstack_pki_setup_host | default('localhost') }}"

# gnocchi server certificate
gnocchi_pki_keys_path: "{{ gnocchi_pki_dir ~ '/certs/private/' }}"
gnocchi_pki_certs_path: "{{ gnocchi_pki_dir ~ '/certs/certs/' }}"
gnocchi_pki_intermediate_cert_name: "{{ openstack_pki_service_intermediate_cert_name | default('ExampleCorpIntermediate') }}"
gnocchi_pki_regen_cert: ''
gnocchi_pki_san: "{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}"
gnocchi_pki_certificates:
  - name: "gnocchi_{{ ansible_facts['hostname'] }}"
    provider: ownca
    cn: "{{ ansible_facts['hostname'] }}"
    san: "{{ gnocchi_pki_san }}"
    signed_by: "{{ gnocchi_pki_intermediate_cert_name }}"

# gnocchi destination files for SSL certificates
gnocchi_ssl_cert: /etc/gnocchi/gnocchi.pem
gnocchi_ssl_key: /etc/gnocchi/gnocchi.key

# Installation details for SSL certificates
gnocchi_pki_install_certificates:
  - src: "{{ gnocchi_user_ssl_cert | default(gnocchi_pki_certs_path ~ 'gnocchi_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}"
    dest: "{{ gnocchi_ssl_cert }}"
    owner: "{{ gnocchi_system_user_name }}"
    group: "{{ gnocchi_system_user_name }}"
    mode: "0644"
  - src: "{{ gnocchi_user_ssl_key | default(gnocchi_pki_keys_path ~ 'gnocchi_' ~ ansible_facts['hostname'] ~ '.key.pem') }}"
    dest: "{{ gnocchi_ssl_key }}"
    owner: "{{ gnocchi_system_user_name }}"
    group: "{{ gnocchi_system_user_name }}"
    mode: "0600"

# Define user-provided SSL certificates
# gnocchi_user_ssl_cert: <path to cert on ansible deployment host>
# gnocchi_user_ssl_key: <path to cert on ansible deployment host>