blob: 15a718fcced32fd96b6f557853697ff0a53a90e7 [file] [log] [blame]
azvyagintsevf94ab8c2018-10-12 20:48:59 +03001parameters:
2 _param:
Vasyl Saienko1cc05de2018-11-19 16:49:27 +02003 # Enable barbican integration in other services nova,glance,cinder
4 barbican_integration_enabled: False
azvyagintsev3f736c42018-11-01 20:04:29 +02005 # General
6 cluster_public_protocol: https
7 cluster_internal_protocol: http
Vasyl Saienko71e8c542018-11-16 16:19:17 +02008 openstack_service_hostname: os-ctl-vip
Vasyl Saienko6853c7c2019-01-15 15:42:12 +02009 openstack_share_service_hostname: os-share-vip
10 openstack_kmn_service_hostname: os-kmn-vip
11 openstack_telemetry_service_hostname: os-telemetry-vip
Vasyl Saienko71e8c542018-11-16 16:19:17 +020012 openstack_service_host: ${_param:openstack_service_hostname}.${linux:system:domain}
Vasyl Saienko6853c7c2019-01-15 15:42:12 +020013 openstack_share_service_host: ${_param:openstack_share_service_hostname}.${linux:system:domain}
14 openstack_kmn_service_host: ${_param:openstack_kmn_service_hostname}.${linux:system:domain}
15 openstack_telemetry_service_host: ${_param:openstack_telemetry_service_hostname}.${linux:system:domain}
Oleksandr Bryndziif8e71a52019-03-05 17:16:48 +020016 openstack_service_user_enabled: True
Oleksandr Bryndziie6b1f372019-05-17 14:02:08 +030017 openstack_upgrade_enabled: False
Oleksandr Bryndzii94e1c9b2019-04-05 12:49:23 +030018 openstack_telemetry_redis_db: '0'
19 openstack_telemetry_redis_sentinel_mastername: 'master_1'
ibumarskovf0386ca2019-04-22 10:58:14 +020020 openstack_region: RegionOne
azvyagintsevf94ab8c2018-10-12 20:48:59 +030021 # SSL
22 ceilometer_agent_ssl_enabled: False
23 openstack_mysql_x509_enabled: False
24 # for non-ssl use 5672 / for ssl 5671
25 openstack_rabbitmq_port: 5672
26 openstack_rabbitmq_x509_enabled: False
Oleksandr Bryndziie6b1f372019-05-17 14:02:08 +030027 # RabbitMQ
28 rabbitmq_upgrade_enabled: ${_param:openstack_upgrade_enabled}
sgarbuz5c99f3d2019-07-05 15:24:37 +030029 # Galera
Vladimir Khlyunev339a6342022-02-10 14:24:31 +040030 galera_mysql_version: '5.6'
sgarbuz5c99f3d2019-07-05 15:24:37 +030031 galera_upgrade_enabled: ${_param:openstack_upgrade_enabled}
azvyagintsev3f736c42018-11-01 20:04:29 +020032 # Openstack memcache
Oleh Hryhorov26e8d6f2018-11-21 16:18:57 +020033 openstack_memcached_server_bind_address: 0.0.0.0
Oleksandr Bryndzii87f24232018-10-02 09:51:13 +000034 openstack_memcache_security_enabled: False
35 openstack_memcache_security_strategy: 'ENCRYPT'
azvyagintsev3f736c42018-11-01 20:04:29 +020036 openstack_memcached_proto_tcp_enabled: True
37 openstack_memcached_proto_udp_enabled: False
Vasyl Saienko0e753f12019-01-22 18:55:48 +020038 openstack_version: queens
Mykyta Karpin569ac8f2018-12-11 11:33:55 +020039 openstack_old_version: ${_param:openstack_version}
Oleksandr Shyshkoa3384502019-02-27 13:23:06 +020040 # Security compliance user options
41 openstack_service_user_options:
42 ignore_change_password_upon_first_use: True
43 ignore_password_expiry: True
Pavlo Shchelokovskyy05238eb2019-05-16 16:04:33 +030044 ignore_lockout_failure_attempts: True
Oleksandr Shyshkoa3384502019-02-27 13:23:06 +020045 lock_password: False
Oleksandr Bryndzii256f63e2018-10-02 11:36:05 +000046 # Cinder
sgarbuz5f58dd72019-05-20 14:10:11 +030047 mysql_cinder_username: cinder
48 keystone_cinder_username: cinder
Oleksandr Bryndzii256f63e2018-10-02 11:36:05 +000049 cinder_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
50 cinder_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +020051 cinder_old_version: ${_param:openstack_old_version}
52 cinder_version: ${_param:openstack_version}
53 cinder_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndziif8e71a52019-03-05 17:16:48 +020054 cinder_service_user_enabled: ${_param:openstack_service_user_enabled}
Oleksandr Pidrepnyi8e8df062019-05-06 18:56:27 +030055 cinder_image_conversion_dir_path: /var/tmp/cinder/conversion
Oleksandr Bryndzii48cf31f2018-10-24 16:08:46 +030056 # Nova
sgarbuz5f58dd72019-05-20 14:10:11 +030057 mysql_nova_username: nova
Vladimir Khlyunev54dac262021-08-10 15:41:29 +040058 mysql_nova_port: 3307
Vladimir Khlyunev9d877252021-09-08 14:25:20 +040059 nova_control_update_cells: True
sgarbuz5f58dd72019-05-20 14:10:11 +030060 keystone_nova_username: nova
Oleksandr Bryndzii48cf31f2018-10-24 16:08:46 +030061 nova_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
62 nova_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +020063 nova_old_version: ${_param:openstack_old_version}
64 nova_version: ${_param:openstack_version}
65 nova_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndziif8e71a52019-03-05 17:16:48 +020066 nova_service_user_enabled: ${_param:openstack_service_user_enabled}
Oleksandr Bryndzii61d8db82018-10-24 16:03:12 +030067 # Glance
sgarbuz5f58dd72019-05-20 14:10:11 +030068 mysql_glance_username: glance
69 keystone_glance_username: glance
Oleksandr Bryndzii61d8db82018-10-24 16:03:12 +030070 glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
71 glance_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +020072 glance_old_version: ${_param:openstack_old_version}
73 glance_version: ${_param:openstack_version}
74 glance_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Vasyl Saienkoebe90622018-11-12 11:03:18 +020075 # Allow CORS from horizon, needed for direct upload
76 glance_cors_allowed_origin: '${_param:horizon_public_protocol}://${_param:horizon_public_host}'
Oleksandr Bryndziib7c92172018-10-24 12:02:20 +030077 # Heat
sgarbuz5f58dd72019-05-20 14:10:11 +030078 mysql_heat_username: heat
79 keystone_heat_username: heat
Oleksandr Bryndziib7c92172018-10-24 12:02:20 +030080 heat_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
81 heat_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +020082 heat_old_version: ${_param:openstack_old_version}
83 heat_version: ${_param:openstack_version}
84 heat_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndziic72982c2018-10-24 11:50:20 +030085 # Aodh
sgarbuz5f58dd72019-05-20 14:10:11 +030086 mysql_aodh_username: aodh
87 keystone_aodh_username: aodh
Oleksandr Bryndziic72982c2018-10-24 11:50:20 +030088 aodh_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
89 aodh_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +020090 aodh_old_version: ${_param:openstack_old_version}
91 aodh_version: ${_param:openstack_version}
92 aodh_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii820e9f92019-04-05 13:18:25 +030093 aodh_redis_db: ${_param:openstack_telemetry_redis_db}
94 aodh_redis_sentinel_mastername: ${_param:openstack_telemetry_redis_sentinel_mastername}
Mykyta Karpin882dcac2018-11-30 16:37:28 +020095 # Ceilometer
sgarbuz5f58dd72019-05-20 14:10:11 +030096 mysql_ceilometer_username: ceilometer
97 keystone_ceilometer_username: ceilometer
Mykyta Karpin882dcac2018-11-30 16:37:28 +020098 ceilometer_old_version: ${_param:openstack_old_version}
99 ceilometer_version: ${_param:openstack_version}
100 ceilometer_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii7c1d3b32019-04-05 13:22:48 +0300101 ceilometer_redis_db: ${_param:openstack_telemetry_redis_db}
102 ceilometer_redis_sentinel_mastername: ${_param:openstack_telemetry_redis_sentinel_mastername}
sgarbuz5f58dd72019-05-20 14:10:11 +0300103 # Congress
104 keystone_congress_username: congress
105 # Grafana
106 mysql_grafana_username: grafana
107 # Graphite
108 mysql_graphite_username: graphite
Oleksandr Bryndzii0b5809e2018-11-01 18:23:35 +0200109 # Gnocchi
sgarbuz5f58dd72019-05-20 14:10:11 +0300110 mysql_gnocchi_username: gnocchi
111 keystone_gnocchi_username: gnocchi
Oleksandr Bryndzii0b5809e2018-11-01 18:23:35 +0200112 gnocchi_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
113 gnocchi_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200114 gnocchi_version: 4.0
Mykyta Karpin569ac8f2018-12-11 11:33:55 +0200115 gnocchi_old_version: ${_param:gnocchi_version}
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200116 gnocchi_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii94e1c9b2019-04-05 12:49:23 +0300117 gnocchi_redis_db: ${_param:openstack_telemetry_redis_db}
118 gnocchi_redis_sentinel_mastername: ${_param:openstack_telemetry_redis_sentinel_mastername}
Oleksandr Bryndzii0bf966d2018-11-01 18:36:54 +0200119 # Panko
sgarbuz5f58dd72019-05-20 14:10:11 +0300120 mysql_panko_username: panko
121 keystone_panko_username: panko
Oleksandr Bryndzii0bf966d2018-11-01 18:36:54 +0200122 panko_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
123 panko_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200124 panko_old_version: ${_param:openstack_old_version}
125 panko_version: ${_param:openstack_version}
126 panko_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii43fed5f2018-11-01 19:26:19 +0200127 # Barbican
sgarbuz5f58dd72019-05-20 14:10:11 +0300128 mysql_barbican_username: barbican
129 keystone_barbican_username: barbican
Oleksandr Bryndzii43fed5f2018-11-01 19:26:19 +0200130 barbican_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
131 barbican_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200132 barbican_old_version: ${_param:openstack_old_version}
133 barbican_version: ${_param:openstack_version}
134 barbican_upgrade_enabled: ${_param:openstack_upgrade_enabled}
sgarbuz5f58dd72019-05-20 14:10:11 +0300135 # Billometer
136 keystone_billometer_username: billometer
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200137 # Designate
sgarbuz5f58dd72019-05-20 14:10:11 +0300138 mysql_designate_username: designate
139 keystone_designate_username: designate
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200140 designate_old_version: ${_param:openstack_old_version}
141 designate_version: ${_param:openstack_version}
142 designate_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Martin Polreich659ab092019-11-06 11:30:41 +0100143 designate_export_policy_grains: true
Oleksandr Bryndzii242b2d12018-11-07 13:49:15 +0200144 # Ironic
sgarbuz5f58dd72019-05-20 14:10:11 +0300145 mysql_ironic_username: ironic
146 keystone_ironic_username: ironic
Oleksandr Bryndzii242b2d12018-11-07 13:49:15 +0200147 ironic_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
148 ironic_memcache_secret_key: ''
Vasyl Saienko2663ae22019-01-31 11:04:48 +0200149 ironic_console_enabled: true
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200150 # Keystone
sgarbuz5f58dd72019-05-20 14:10:11 +0300151 mysql_keystone_username: keystone
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200152 keystone_old_version: ${_param:openstack_old_version}
153 keystone_version: ${_param:openstack_version}
154 keystone_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii79b89682019-02-27 14:23:23 +0200155 # (obryndzii) Rotating keys too frequently, or with ``[fernet_tokens] max_active_keys``
156 # set too low, will cause tokens to become invalid prior to their expiration.
157 # As tokens may be fetched beyond their initial expiration period (nova live migration,
158 # cider volume backup), keys should not be fully rotated within the period of
159 # ``[token] expiration``+``[token] allow_expired_window`` seconds to prevent the tokens
160 # becoming unavailable.
161 # The max_active_keys default value was adjusted according to the following defaults:
162 # [token]/allow_expired_window = 172800 (48 hours)
163 # [token]/expiration = 3600 (1 hour)
164 # rotation_frequency = 1 hour (keystone_fernet_rotate_rsync_minute/hour 0 *)
165 # max_active_keys = (allow_expired_window + expiration)/rotation_frequency + 2
166 # In case of changing those defaults the keystone_tokens_max_active_keys value should be
167 # calculated according to the definition above.
168 keystone_tokens_expiration: 3600
169 keystone_tokens_max_active_keys: 51
170 keystone_tokens_allow_expired_window: 172800
171 keystone_fernet_rotate_rsync_minute: 0
172 keystone_fernet_rotate_rsync_hour: '*'
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200173 # Manila
sgarbuz5f58dd72019-05-20 14:10:11 +0300174 mysql_manila_username: manila
175 keystone_manila_username: manila
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200176 manila_old_version: ${_param:openstack_old_version}
177 manila_version: ${_param:openstack_version}
178 manila_upgrade_enabled: ${_param:openstack_upgrade_enabled}
sgarbuz5f58dd72019-05-20 14:10:11 +0300179 # Murano
180 mysql_murano_username: murano
181 keystone_murano_username: murano
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200182 # Neutron
sgarbuz5f58dd72019-05-20 14:10:11 +0300183 mysql_neutron_username: neutron
Vladimir Khlyunev54dac262021-08-10 15:41:29 +0400184 mysql_neutron_port: 3308
sgarbuz5f58dd72019-05-20 14:10:11 +0300185 keystone_neutron_username: neutron
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200186 neutron_old_version: ${_param:openstack_old_version}
187 neutron_version: ${_param:openstack_version}
188 neutron_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii1d423492018-11-06 10:35:02 +0200189 # Apache mods defaults
Oleksandr Bryndzii955e67a12018-12-13 23:31:28 +0000190 # Stacklight uses /server-status endpoint to monitor apache
Oleksandr Bryndzii1d423492018-11-06 10:35:02 +0200191 apache_mods_status_enabled: True
Oleksandr Bryndzii955e67a12018-12-13 23:31:28 +0000192 apache_mods_status_status: 'enabled'
Oleksandr Bryndziida2c7832018-12-18 12:58:36 +0000193 apache_mods_status_host_address: '127.0.0.1'
194 apache_mods_status_host_port: 80
Oleh Hryhorov1b5be042018-11-29 19:04:34 +0200195 apache_horizon_listen_address: '0.0.0.0'
Mykyta Karpin3ed24aa2018-12-21 10:58:30 +0200196 # Apache proxies for openstack aren't used as HA proxies, they are
197 # simply ssl terminators in case of setup of ssl on internal endpoints
198 # for services which don't support running under apache and wsgi.
199 # So retry parameter is set 0, to eliminate maintenance mode for backend
200 # which is 60 seconds by default.
201 apache_proxy_openstack_api_retry: 0
202 apache_proxy_openstack_cinder_retry: ${_param:apache_proxy_openstack_api_retry}
203 apache_proxy_openstack_designate_retry: ${_param:apache_proxy_openstack_api_retry}
204 apache_proxy_openstack_glance_retry: ${_param:apache_proxy_openstack_api_retry}
205 apache_proxy_openstack_heat_retry: ${_param:apache_proxy_openstack_api_retry}
206 apache_proxy_openstack_ironic_retry: ${_param:apache_proxy_openstack_api_retry}
207 apache_proxy_openstack_nova_retry: ${_param:apache_proxy_openstack_api_retry}
208 apache_proxy_openstack_neutron_retry: ${_param:apache_proxy_openstack_api_retry}
209 apache_proxy_openstack_aodh_retry: ${_param:apache_proxy_openstack_api_retry}
210 apache_proxy_openstack_placement_retry: ${_param:apache_proxy_openstack_api_retry}
Vasyl Saienko3cdc7682019-01-28 11:38:28 +0200211 apache_proxy_openstack_octavia_retry: ${_param:apache_proxy_openstack_api_retry}
Dmitry Kalashnik4c9f3432019-03-14 18:42:59 +0400212 # Formats for logs for openstack apache sites
213 apache_site_openstack_api_log_format: >-
Vladimir Khlyunev04333332021-12-20 17:23:20 +0400214 %v:%p %h %l %u [%{%d/%b/%Y %T}t.%{msec_frac}t %{%z}t] \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
Denis V. Meltsaykin50b30f72021-12-22 08:24:20 +0100215 apache_site_openstack_aodh_log_format: >-
216 %v:%p %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
217 apache_site_openstack_barbican_log_format: >-
218 %v:%p %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
Dmitry Kalashnik4c9f3432019-03-14 18:42:59 +0400219 apache_site_openstack_cinder_log_format: ${_param:apache_site_openstack_api_log_format}
220 apache_site_openstack_gnocchi_log_format: ${_param:apache_site_openstack_api_log_format}
221 apache_site_openstack_horizon_log_format: >-
222 %v:%p %{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
223 apache_site_openstack_manila_log_format: ${_param:apache_site_openstack_api_log_format}
224 apache_site_openstack_placement_log_format: ${_param:apache_site_openstack_api_log_format}
Denis V. Meltsaykin50b30f72021-12-22 08:24:20 +0100225 apache_site_openstack_panko_log_format: >-
226 %v:%p %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
Vasyl Saienko0e5c1052018-11-06 17:35:51 +0200227 # Horizon
228 # 'direct' mode will require cors on glance side to be enabled.
Vasyl Saienkoebe90622018-11-12 11:03:18 +0200229 horizon_images_upload_mode: 'direct'
230 # TODO (vsaineko): switch to openstack_cluster_public_host
231 horizon_public_host: ${_param:cluster_public_host}
232 horizon_public_port: 443
233 horizon_public_protocol: https
Oleh Hryhorov2368cdb2018-12-04 14:43:44 +0200234 horizon_server_bind_address: ${_param:single_address}
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200235 horizon_old_version: ${_param:openstack_old_version}
236 horizon_version: ${_param:openstack_version}
237 horizon_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Martin Polreich659ab092019-11-06 11:30:41 +0100238 ## Dashboards
239 horizon_dashboard_designate_file: designate_policy.json
240 horizon_dashboard_designate_grain: designate_policy
Ann Kamyshnikova119d3ec2018-11-28 14:32:29 +0400241 # Octavia
sgarbuz5f58dd72019-05-20 14:10:11 +0300242 mysql_octavia_username: octavia
243 keystone_octavia_username: octavia
Ann Kamyshnikova119d3ec2018-11-28 14:32:29 +0400244 octavia_health_manager_node01_address: 192.168.10.10
245 octavia_health_manager_node02_address: 192.168.10.11
246 octavia_health_manager_node03_address: 192.168.10.12
azvyagintsev9b91ef92019-01-21 18:46:02 +0200247 #
248 amphora_image_name: amphora-x64-haproxy
Oleksii Molchanov74865012021-01-22 11:47:12 +0200249 amphora_image_url: "${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-${_param:openstack_version}-2019.2.0.qcow2"
Denis Egorenko6d9f14e2019-09-16 16:19:19 +0400250
Denis Egorenkoad5827f2019-10-07 12:24:44 +0400251 glance_image_cirros_name: 'TestCirros-0.4.0'
Denis Egorenkof979ac52019-10-07 15:51:56 +0400252 glance_image_cirros_location: "${_param:mcp_binary_registry}/mirantis/external/images/cirros/0.4.0/cirros-0.4.0-x86_64-disk.img"
Denis Egorenko6d9f14e2019-09-16 16:19:19 +0400253
254 glance_image_fedora_name: 'TestFedora-27-1.6'
255 glance_image_fedora_location: "${_param:mcp_binary_registry}/mirantis/external/images/cloud-fedora/27/Fedora-Cloud-Base-27-1.6.x86_64.qcow2"
sgarbuz5f58dd72019-05-20 14:10:11 +0300256 # Sahara
257 mysql_sahara_username: sahara
258 keystone_sahara_username: sahara
259 # Swift
260 keystone_swift_username: swift
261 # Tacker
262 mysql_tacker_username: tacker
263 keystone_tacker_username: tacker
Oleh Hryhorov81c4c212018-11-23 17:23:15 +0200264 # HAproxy
265 haproxy_openstack_web_bind_port: ${_param:horizon_public_port}
Vladimir Khlyunev54dac262021-08-10 15:41:29 +0400266 haproxy_neutron_db_proxy_enabled: True
267 haproxy_nova_db_proxy_enabled: True
Oleh Hryhorov81c4c212018-11-23 17:23:15 +0200268 #
269 # haproxy_openstack_web_sticks_params is defined for SSL by default
270 # if cluster_protocolr HTTP is going to be used then haproxy_openstack_web_sticks_params
271 # should be redefined peroperly. For example empty list.
272 #
273 haproxy_openstack_web_sticks_params:
274 - stick-table type binary len 32 size 30k expire 30m
275 - acl clienthello req_ssl_hello_type 1
276 - acl serverhello rep_ssl_hello_type 2
277 - tcp-request inspect-delay 5s
278 - tcp-request content accept if clienthello
279 - tcp-response content accept if serverhello
280 - stick on payload_lv(43,1) if clienthello
281 - stick store-response payload_lv(43,1) if serverhello