---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

#: Special role execution lifecycles
# Only create Gnocchi's identity entities in Keystone
gnocchi_identity_only: False

# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
gnocchi_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
gnocchi_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((gnocchi_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}"


#: Enable for debug logging level
debug: false

# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
gnocchi_package_state: "latest"
gnocchi_pip_package_state: "latest"

# Toggle keystone authentication for gnocchi
# TODO: (andymccr) Remove the gnocchi_keystone_auth var in Queen cycle.
gnocchi_keystone_auth: no
gnocchi_auth_mode: "{{ (gnocchi_keystone_auth | bool) | ternary('keystone', 'basic') }}"

# These variables are used in 'developer mode' in order to allow the role
# to build an environment directly from a git source without the presence
# of an OpenStack-Ansible repo_server.
gnocchi_git_repo: https://github.com/gnocchixyz/gnocchi
gnocchi_git_install_branch: master
gnocchi_developer_mode: false
gnocchi_developer_constraints:
  - "git+{{ gnocchi_git_repo }}@{{ gnocchi_git_install_branch }}#egg=gnocchi"

#: Use of deprecated config options will cause a fatal application error
gnocchi_fatal_deprecations: false

#: External SSL forwarding proto, assumes TLS termination at load balancer
gnocchi_ssl_external: true
gnocchi_secure_proxy_ssl_header: HTTP_X_FORWARDED_PROTO

#: Set this to false to disable API service through Apache + mod_wsgi
gnocchi_use_mod_wsgi: true

# TODO(odyssey4me):
# This can be simplified once all the roles are using
# python_venv_build. We can then switch to using a
# set of constraints in pip.conf inside the venv,
# perhaps prepared by giving a giving a list of
# constraints to the role.
gnocchi_pip_install_args: >-
  {{ gnocchi_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
  {{ pip_install_options | default('') }}

#: Name of the virtual env to deploy into
gnocchi_venv_tag: "{{ venv_tag | default('untagged') }}"
gnocchi_bin: "/openstack/venvs/gnocchi-{{ gnocchi_venv_tag }}/bin"
gnocchi_venv_pkgs: "/openstack/venvs/gnocchi-{{ gnocchi_venv_tag }}/lib/python2.7/site-packages"

#: Set the etc dir path where gnocchi is installed.
#  This is used for role access to the db migrations.
#  Example:
#  gnocchi_etc_dir: "/usr/local/etc/gnocchi"
gnocchi_etc_dir: "{{ gnocchi_bin | dirname }}/etc/gnocchi"

# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
gnocchi_venv_download: "{{ not gnocchi_developer_mode | bool and not gnocchi_identity_only | bool }}"
#: Location to retrieve the pre-built virtuelenv for gnocchi (optional)
gnocchi_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/gnocchi.tgz

#: Index Database info
gnocchi_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
gnocchi_galera_address: "{{ galera_address | default('127.0.0.1') }}"
gnocchi_galera_database: gnocchi
gnocchi_galera_user: gnocchi
gnocchi_db_sync_options: ""
gnocchi_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
gnocchi_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"

#: Storage info
gnocchi_storage_driver: file
gnocchi_coordination_url: "mysql://{{ gnocchi_galera_user }}:{{ gnocchi_container_mysql_password }}@{{ gnocchi_galera_address }}/{{ gnocchi_galera_database }}?charset=utf8&timeout=5{% if gnocchi_galera_use_ssl | bool %}&ssl_ca={{ gnocchi_galera_ssl_ca_cert }}{% endif %}"

#: Default Ceph parameters
gnocchi_ceph_pool: "metrics"
gnocchi_ceph_username: "gnocchi"

#: System info
gnocchi_system_user_name: gnocchi
gnocchi_system_group_name: gnocchi
gnocchi_system_shell: /bin/false
gnocchi_system_comment: gnocchi system user
gnocchi_system_user_home: "/var/lib/{{ gnocchi_system_user_name }}"

#: Service Type and Data
gnocchi_service_name: gnocchi
gnocchi_service_type: metric
gnocchi_service_description: "OpenStack Metric Service"
gnocchi_service_project_description: "OpenStack Services"
gnocchi_keystone_auth_plugin: "{{ gnocchi_keystone_auth_type }}"
gnocchi_keystone_auth_type: password
gnocchi_service_region: RegionOne
gnocchi_service_user_name: gnocchi
gnocchi_role_name: admin
gnocchi_service_project_name: "{{ (gnocchi_storage_driver == 'swift') | ternary('gnocchi_swift', 'service') }}"
gnocchi_service_project_domain_id: default
gnocchi_service_user_domain_id: default
gnocchi_service_address: 0.0.0.0
gnocchi_service_port: 8041
gnocchi_service_proto: http
gnocchi_service_registry_proto: "{{ gnocchi_service_proto }}"
gnocchi_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(gnocchi_service_proto) }}"
gnocchi_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(gnocchi_service_proto) }}"
gnocchi_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(gnocchi_service_proto) }}"
gnocchi_service_publicuri: "{{ gnocchi_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ gnocchi_service_port }}"
gnocchi_service_publicurl: "{{ gnocchi_service_publicuri }}"
gnocchi_service_internaluri: "{{ gnocchi_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ gnocchi_service_port }}"
gnocchi_service_internalurl: "{{ gnocchi_service_internaluri }}"
gnocchi_service_adminuri: "{{ gnocchi_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ gnocchi_service_port }}"
gnocchi_service_adminurl: "{{ gnocchi_service_adminuri }}"

## Apache setup
gnocchi_apache_log_level: info
gnocchi_apache_servertokens: "Prod"
gnocchi_apache_serversignature: "Off"
gnocchi_wsgi_threads: 1
gnocchi_wsgi_processes_max: 16
gnocchi_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, gnocchi_wsgi_processes_max] | min }}"

# set gnocchi_ssl to true to enable SSL configuration on the gnocchi containers
gnocchi_ssl: false
gnocchi_ssl_cert: /etc/ssl/certs/gnocchi.pem
gnocchi_ssl_key: /etc/ssl/private/gnocchi.key
gnocchi_ssl_ca_cert: /etc/ssl/certs/gnocchi-ca.pem
gnocchi_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3 -TLSv1.0 -TLSv1.1') }}"
gnocchi_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"

# if using a self-signed certificate, set this to true to regenerate it
gnocchi_ssl_self_signed_regen: false
gnocchi_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"

# Set these in user_variables to deploy custom certificates
#gnocchi_user_ssl_cert: <path to cert on ansible deployment host>
#gnocchi_user_ssl_key: <path to cert on ansible deployment host>
#gnocchi_user_ssl_ca_cert: <path to cert on ansible deployment host>

gnocchi_api_init_overrides: {}
gnocchi_metricd_init_overrides: {}

## Service Names
gnocchi_services:
  gnocchi-api:
    group: "gnocchi_api"
    service_name: "gnocchi-api"
    service_enabled: "{{ gnocchi_use_mod_wsgi | ternary(false, true) }}"
    init_config_overrides: "{{ gnocchi_api_init_overrides }}"
    execstarts: "{{ gnocchi_bin }}/gnocchi-api"
  gnocchi-metricd:
    group: "gnocchi_metricd"
    service_name: "gnocchi-metricd"
    service_enabled: true
    init_config_overrides: "{{ gnocchi_metricd_init_overrides }}"
    execstarts: "{{ gnocchi_bin }}/gnocchi-metricd"

#: Common pip packages
gnocchi_pip_packages:
  - cryptography
  - gnocchiclient
  - "gnocchi[keystone,mysql,{{ gnocchi_storage_driver | default('file') }}]"
  - osprofiler
  - python-memcached
  - kazoo
  - redis

# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
gnocchi_role_project_group: gnocchi_all

#: Tunable file-based overrides
# The contents of these files, if they exist, are read from the
# specified path on the deployment host, interpreted by the
# template engine and copied to the target host. If they do
# not exist then the default files will be sourced from the
# service git repository.
gnocchi_api_paste_default_file_path: "/etc/openstack_deploy/gnocchi/api-paste.ini"
gnocchi_policy_default_file_path: "/etc/openstack_deploy/gnocchi/policy.json"

# If the above-mentioned files do not exist, then these
# paths will be used to find the files from the git config
# lookup location.
gnocchi_git_config_lookup_location: https://raw.githubusercontent.com/gnocchixyz/gnocchi/{{ gnocchi_git_install_branch }}/
gnocchi_api_paste_git_file_path: "gnocchi/rest/api-paste.ini"
gnocchi_policy_git_file_path: "gnocchi/rest/policy.json"

#: Tunable var-based overrides
# The contents of these are templated over the default files.
gnocchi_api_paste_ini_overrides: {}
gnocchi_conf_overrides: {}
gnocchi_policy_overrides: {}