Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / mcp-virtual-aio / 9a4cdaf3a42e2af7f289cabadc79e04d0e050e2d / . / classes / cluster / virtual-mcp11-aio / openstack / init.yml
blob: abd53342947f36835dc2b1caea92d0fd7ca337f2 [file] [log] [blame]
classes:
- system.defaults
- system.salt.minion.cert.mysql.server
- system.salt.minion.cert.rabbitmq_server
- system.linux.system.lowmem
- system.linux.system.repo.mcp.mirror.v1.openstack
- system.linux.system.repo.mcp.apt_mirantis.extra
- system.linux.storage.loopback
- service.rabbitmq.server.ssl
- system.rabbitmq.server.vhost.openstack
- system.keystone.server.wsgi
- system.keystone.server.single
- service.galera.ssl
- service.galera.master.cluster
- system.galera.server.database.cinder
- system.galera.server.database.designate
- system.galera.server.database.glance
- system.galera.server.database.heat
- system.galera.server.database.keystone
- system.galera.server.database.nova
- system.galera.server.database.neutron
- system.keystone.client.single
- system.keystone.client.service.cinder3
- system.keystone.client.service.nova21
- system.keystone.client.service.nova-placement
- system.keystone.client.service.designate
- system.glance.control.single
- system.nova.control.single
- system.neutron.control.openvswitch.single
- system.neutron.client.service.public
- system.heat.server.single
- system.nova.compute.single
- service.neutron.gateway.single
- system.nova.control.notification.messagingv2
- system.neutron.control.notification.messagingv2
- system.cinder.control.single
- system.cinder.control.backend.lvm
- service.cinder.volume.single
- system.cinder.volume.backend.lvm
- system.horizon.server.single
- system.horizon.server.plugin.theme
- system.bind.server.single
- system.designate.server.single
- system.designate.server.backend.bind
parameters:
_param:
openstack_version: pike
openstack_node_role: primary
cluster_public_host: ${_param:single_address}
cluster_public_protocol: http
openstack_region: CustomRegion
admin_email: root@localhost
rabbitmq_openstack_password: workshop
galera_server_cluster_name: openstack_cluster
galera_server_maintenance_password: workshop
galera_server_admin_password: workshop
keystone_public_path: '/'
keystone_internal_path: '/'
keystone_admin_path: '/'
keystone_version: ${_param:openstack_version}
glance_version: ${_param:openstack_version}
nova_version: ${_param:openstack_version}
neutron_version: ${_param:openstack_version}
cinder_version: ${_param:openstack_version}
heat_version: ${_param:openstack_version}
horizon_version: ${_param:openstack_version}
designate_version: ${_param:openstack_version}
keystone_service_token: workshop
keystone_admin_password: workshop
keystone_ceilometer_password: workshop
keystone_cinder_password: workshop
keystone_glance_password: workshop
keystone_heat_password: workshop
keystone_neutron_password: workshop
keystone_nova_password: workshop
keystone_designate_password: workshop
keystone_service_host: ${_param:single_address}
mysql_keystone_password: workshop
mysql_glance_password: workshop
mysql_nova_password: workshop
mysql_neutron_password: workshop
mysql_cinder_password: workshop
mysql_heat_password: workshop
mysql_designate_password: workshop
heat_service_host: ${_param:single_address}
neutron_service_host: ${_param:single_address}
glance_service_host: ${_param:single_address}
cinder_service_host: ${_param:single_address}
designate_service_host: ${_param:single_address}
nova_service_host: ${_param:single_address}
control_address: ${_param:single_address}
metadata_password: workshop
cluster_vip_address: ${_param:single_address}
cluster_local_address: ${_param:single_address}
openstack_database_address: ${_param:single_address}
tenant_address: ${_param:single_address}
heat_domain_admin_password: workshop
horizon_secret_key: workshop
horizon_identity_encryption: none
horizon_identity_version: 2
horizon_identity_host: ${_param:single_address}
designate_admin_api_enabled: true
designate_bind9_rndc_key: 4pc+X4PDqb2q+5o72dISm72LM1Ds9X2EYZjqg+nmsS7FhdTwzFFY8l/iEDmHxnyjkA33EQC8H+z0fLLBunoitw==
designate_pool_target_type: bind9
designate_domain_id: 5186883b-91fb-4891-bd49-e6769234a8fc
designate_pool_ns_records:
- hostname: 'ns1.example.org.'
priority: 10
designate_pool_nameservers:
- host: ${_param:single_address}
port: 53
designate_pool_target_masters:
- host: ${_param:single_address}
port: 5354
designate_pool_target_options:
host: ${_param:single_address}
port: 53
rndc_host: 127.0.0.1
rndc_port: 953
rndc_key_file: /etc/designate/rndc.key
designate_quota_zones: 40
designate_worker_enabled: true
openstack_public_neutron_subnet_gateway: 192.168.130.1
openstack_public_neutron_subnet_cidr: 192.168.130.0/24
openstack_public_neutron_subnet_allocation_start: 192.168.130.10
openstack_public_neutron_subnet_allocation_end: 192.168.130.254
galera_ssl_enabled: true
rabbitmq_ssl_enabled: false # untill rabbitmq formula with https://gerrit.mcp.mirantis.net/#/c/15198/ promoted to stable
openstack_rabbitmq_port: 5672 # for non-ssl use 5672/for ssl 5671
runtest_tempest_cfg_dir: /root/rally_reports/
runtest_tempest_cfg_name: tempest_generated.conf
runtest_tempest_log_file: /home/rally/rally_reports/tempest.log
runtest_tempest_public_net: public
artifactory_user: artifactory_user
artifactory_password: artifactory_password
openstack_log_appender: true
openstack_fluentd_handler_enabled: true
openstack_ossyslog_handler_enabled: true
openstack_memcache_security_enabled: false
glance_image_cirros_location: 'https://artifactory.mcp.mirantis.net/artifactory/test-images/cirros-0.3.5-x86_64-disk.img'
glance_image_fedora_location: 'https://artifactory.mcp.mirantis.net/artifactory/test-images/Fedora-Cloud-Base-27-1.6.x86_64.qcow2'
openstack_control_address: ${_param:single_address}
glance_cors_allowed_origin: "http://${_param:single_address}:8078"
openstack_notification_topics: 'notifications'
nova_compute_ssh_private: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEA6LwOJGVD28S0ZZVWp8MDOJGxlbtr8JSl82tpAeDX8s0Uy6P5
6PFcwp0zxWrhXcTQMHhg1ScZ+7B7QZ6x+eoQSfS8ZrbMhLkc0BhUJpH5baqpSYOy
8Pb34/dDwq6WSqLKWP6+bzh/RpZNg+tSf7tpIiZF7Phjgw9G/wWYkpUHO/7MMMEn
qZnHE/xg64Xb66MOtRZc6xXajSXRaOWSKTlL3R7nP5N8Ucb7QaZOPK+doIFbjGEI
G3lalA+IeUCkHeF3ZyMsPwlJ5jIOMy5CEKvSNYb/2Tc3CFLkGoWfKKqIrNONQaWM
fMoVGhjvZoKbWbsQOCgE28mffh6muPecsiH/tQIDAQABAoIBAQC3dGWBcwGGnwvE
d2+TVjmXweDGMrLnNYWK18QyYtZW4ineTCeW44tHLTu+Bn4XuCiTzJAn9WaZ64d9
Nmb8pPCqG2zXWojkpjZ8InFS5gZD2B8Rf+rx3vuQizyynYSC2MfAVy4t5c8OCTSZ
JEonvccl0B2WqkVm7gf8xqB6C1dkhffCsMfnAd1/IBzTyA52i7Q/YOuEgZmnaB1k
63ZdVp+bfO6AI4LD1NasrRPuSEC9o4q8DT2DP2TwZGbBoqy8PIE2XOdQMjWgCbca
d6YQ4MFi7j8qC8YXSU1AQ/tV7b4kap5ddyzdh1E9qYlRMIRH347dKFT+UFOjxWxi
mB9FYlUBAoGBAP1DK8+zGkBBkGZfWZrWdZjdYyLxkuxeP/7WfXibRKjC3cyqfr3u
GA3uBjywpvYTYTHhvYm3uMWOiJgBQcW1jzClpP9rZrggjPUe8qU3PBqoHIqyFPCf
uW8XDhYNJ7YeMqmHApF/hLPbTy8CkrjGnXpRHkP+EpObT4Vp/5UKz1txAoGBAOtA
FFl9fxaLtYSqyxiNyH5Utgvw7EsBFJ48px4CrpTwcn19Bu7qrCjOAcmd0Cq5KyRq
b4NNlj3Yi2dKf0h/8WZHPZtZJdxZzBJ1Jfv97zNIR2HdXKtyDriJ/f1VbOEYgYR7
/eRZZwEBSWjiCPPWbnwri+7cEDIaJYh2LJGMFF6FAoGBAOku0IbSu+fPthlbz0+u
B+ZwaBfDXuh8uuVzLWE/bI8JpFgN3tYXA1TIBDwa1g8ZttLLqszDOL/ExWVXOuzD
hwxeZzW4+IGtjrsd/IE8Av30LRtSbc9C8OQk0RZilF6tHS5TnXzDcTZ8RULeVqME
U/hL+dbWdtorFKOc/fKHWnYxAoGBALwEw/7eMWO4l4QH6TifoP1vAOy8Sm6L14m8
mih/Jj89iZPICHGNN7mJJJ6aNdTfl56MPsHnkcuuNYSBYwdz0mDXUWLGtl7Nmi+q
V4h2ZOZMv1h1TmpsR12wVEJUMygYqPNVEg+ecJe6Coz8EwGngThWqYlncr5IbXUK
VgahuWntAoGBAIxPstoun8lKxbqUoggqAmwfuELfmiGicOF8OeD5s7a7y1ufLFwm
QdjxS70QNBY9NP/Bft/uTO839QY/RYf2DIAILxqFHz2PiVROYiIE1qJUOgK4METC
Jw9oAEIB8VZCVIh8I1VNyf/Mm6DDfuWeUqrkm5NYEAKPBsPasjqoFJq6
-----END RSA PRIVATE KEY-----
nova_compute_ssh_public: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDovA4kZUPbxLRllVanwwM4kbGVu2vwlKXza2kB4NfyzRTLo/no8VzCnTPFauFdxNAweGDVJxn7sHtBnrH56hBJ9LxmtsyEuRzQGFQmkfltqqlJg7Lw9vfj90PCrpZKospY/r5vOH9Glk2D61J/u2kiJkXs+GODD0b/BZiSlQc7/swwwSepmccT/GDrhdvrow61FlzrFdqNJdFo5ZIpOUvdHuc/k3xRxvtBpk48r52ggVuMYQgbeVqUD4h5QKQd4XdnIyw/CUnmMg4zLkIQq9I1hv/ZNzcIUuQahZ8oqois041BpYx8yhUaGO9mgptZuxA4KATbyZ9+Hqa495yyIf+1
galera:
master:
innodb_buffer_pool_size: 1024M
max_connections: 1000
slave:
enabled: false
rabbitmq:
server:
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
neutron:
server:
# Temporary install neutron-plugin-ml2 untill https://gerrit.mcp.mirantis.net/#/c/16262/ promoted
# to stable
pkgs:
- neutron-server
- python-neutron-lbaas
- gettext-base
- python-pycadf
- neutron-plugin-ml2
api_workers: 2
rpc_state_report_workers: 2
rpc_workers: 2
message_queue:
port: ${_param:openstack_rabbitmq_port}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
database:
ssl:
enabled: ${_param:galera_ssl_enabled}
gateway:
metadata:
workers: 2
agent_mode: dvr_snat
dvr: True
message_queue:
port: ${_param:openstack_rabbitmq_port}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
nova:
compute:
vncproxy_url: http://${_param:single_address}:6080
network:
user: neutron
password: ${_param:keystone_neutron_password}
tenant: service
message_queue:
port: ${_param:openstack_rabbitmq_port}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
# Since in AIO by default option config_drive is false,
# due to nova controller and compute states rewrite
# configs each, we must set config_drive option
# explicitly for runtest formula to discover the correct settings
config_drive:
forced: false
controller:
vncproxy_url: http://${_param:single_address}:6080
database:
ssl:
enabled: ${_param:galera_ssl_enabled}
message_queue:
port: ${_param:openstack_rabbitmq_port}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
cinder:
controller:
database:
ssl:
enabled: ${_param:galera_ssl_enabled}
message_queue:
port: ${_param:openstack_rabbitmq_port}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
volume:
database:
ssl:
enabled: ${_param:galera_ssl_enabled}
message_queue:
port: ${_param:openstack_rabbitmq_port}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
horizon:
server:
secure: False
identity:
encryption: ${_param:horizon_identity_encryption}
api_versions:
identity: 3
designate:
server:
quota:
zones: ${_param:designate_quota_zones}
database:
ssl:
enabled: ${_param:galera_ssl_enabled}
message_queue:
port: ${_param:openstack_rabbitmq_port}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
worker:
enabled: ${_param:designate_worker_enabled}
glance:
client:
enabled: True
server:
database:
ssl:
enabled: ${_param:galera_ssl_enabled}
message_queue:
port: ${_param:openstack_rabbitmq_port}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
keystone:
server:
database:
ssl:
enabled: ${_param:galera_ssl_enabled}
message_queue:
port: ${_param:openstack_rabbitmq_port}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
client:
enabled: true
server:
identity:
admin:
api_version: 3
admin_identity:
admin:
api_version: '3'
user_domain_name: 'Default'
project_domain_name: 'Default'
heat:
server:
reauthentication_auth_method: 'trusts'
database:
ssl:
enabled: ${_param:galera_ssl_enabled}
message_queue:
port: ${_param:openstack_rabbitmq_port}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
linux:
system:
job:
periodically_get_horizon_home_page:
command: "MAX_TIME=60 ; SLEEP_TIME=15 ; COUNT=$((MAX_TIME/SLEEP_TIME)) ; for i in `seq 1 $COUNT`; do timeout $SLEEP_TIME sh -c \" curl -fsL --insecure --connect-timeout $SLEEP_TIME --max-time $SLEEP_TIME ${_param:cluster_public_protocol}://${_param:single_address}:8078 -o /dev/null ; sleep $SLEEP_TIME \" ; done"
enabled: true
user: root
minute: '*'