defaults/openstack/init.yml

parameters:
  _param:
    # Enable barbican integration in other services nova,glance,cinder
    barbican_integration_enabled: False
    # General
    cluster_public_protocol: https
    cluster_internal_protocol: http
    openstack_service_hostname: os-ctl-vip
    openstack_service_host: ${_param:openstack_service_hostname}.${linux:system:domain}
    # SSL
    ceilometer_agent_ssl_enabled: False
    openstack_mysql_x509_enabled: False
    # for non-ssl use 5672 / for ssl 5671
    openstack_rabbitmq_port: 5672
    openstack_rabbitmq_x509_enabled: False
    # Openstack memcache
    openstack_memcached_server_bind_address: 0.0.0.0
    openstack_memcache_security_enabled: False
    openstack_memcache_security_strategy: 'ENCRYPT'
    openstack_memcached_proto_tcp_enabled: True
    openstack_memcached_proto_udp_enabled: False
    # Cinder
    cinder_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
    cinder_memcache_secret_key: ''
    # Nova
    nova_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
    nova_memcache_secret_key: ''
    # Glance
    glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
    glance_memcache_secret_key: ''
    # Allow CORS from horizon, needed for direct upload
    glance_cors_allowed_origin: '${_param:horizon_public_protocol}://${_param:horizon_public_host}'
    # Heat
    heat_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
    heat_memcache_secret_key: ''
    # Aodh
    aodh_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
    aodh_memcache_secret_key: ''
    # Gnocchi
    gnocchi_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
    gnocchi_memcache_secret_key: ''
    # Panko
    panko_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
    panko_memcache_secret_key: ''
    # Barbican
    barbican_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
    barbican_memcache_secret_key: ''
    # Ironic
    ironic_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
    ironic_memcache_secret_key: ''
    # Apache mods defaults
    apache_mods_status_enabled: True
    apache_mods_status_status: 'disabled'
    apache_horizon_listen_address: '0.0.0.0'
    # Horizon
    # 'direct' mode will require cors on glance side to be enabled.
    horizon_images_upload_mode: 'direct'
    # TODO (vsaineko): switch to openstack_cluster_public_host
    horizon_public_host: ${_param:cluster_public_host}
    horizon_public_port: 443
    horizon_public_protocol: https
    horizon_server_bind_address: ${_param:single_address}
    # HAproxy
    haproxy_openstack_web_bind_port: ${_param:horizon_public_port}
    #
    # haproxy_openstack_web_sticks_params is defined for SSL by default
    # if cluster_protocolr HTTP is going to be used then haproxy_openstack_web_sticks_params
    # should be redefined peroperly. For example empty list.
    #
    haproxy_openstack_web_sticks_params:
      - stick-table type binary len 32 size 30k expire 30m
      - acl clienthello req_ssl_hello_type 1
      - acl serverhello rep_ssl_hello_type 2
      - tcp-request inspect-delay 5s
      - tcp-request content accept if clienthello
      - tcp-response content accept if serverhello
      - stick on payload_lv(43,1) if clienthello
      - stick store-response payload_lv(43,1) if serverhello