Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / 39349726754286c3e0cf4d2e11b6e84d8a62fa37 / . / defaults / openstack / init.yml
blob: 61af3188a3b100d2c868085c2da894403647e4f6 [file] [log] [blame]
azvyagintsevf94ab8c2018-10-12 20:48:59 +0300[diff] [blame]1parameters:
2 _param:
Vasyl Saienko1cc05de2018-11-19 16:49:27 +0200[diff] [blame]3 # Enable barbican integration in other services nova,glance,cinder
4 barbican_integration_enabled: False
azvyagintsev3f736c42018-11-01 20:04:29 +0200[diff] [blame]5 # General
6 cluster_public_protocol: https
7 cluster_internal_protocol: http
Vasyl Saienko71e8c542018-11-16 16:19:17 +0200[diff] [blame]8 openstack_service_hostname: os-ctl-vip
Vasyl Saienko6853c7c2019-01-15 15:42:12 +0200[diff] [blame]9 openstack_share_service_hostname: os-share-vip
10 openstack_kmn_service_hostname: os-kmn-vip
11 openstack_telemetry_service_hostname: os-telemetry-vip
Vasyl Saienko71e8c542018-11-16 16:19:17 +0200[diff] [blame]12 openstack_service_host: ${_param:openstack_service_hostname}.${linux:system:domain}
Vasyl Saienko6853c7c2019-01-15 15:42:12 +0200[diff] [blame]13 openstack_share_service_host: ${_param:openstack_share_service_hostname}.${linux:system:domain}
14 openstack_kmn_service_host: ${_param:openstack_kmn_service_hostname}.${linux:system:domain}
15 openstack_telemetry_service_host: ${_param:openstack_telemetry_service_hostname}.${linux:system:domain}
Oleksandr Bryndziif8e71a52019-03-05 17:16:48 +0200[diff] [blame]16 openstack_service_user_enabled: True
Oleksandr Bryndziie6b1f372019-05-17 14:02:08 +0300[diff] [blame]17 openstack_upgrade_enabled: False
Oleksandr Bryndzii94e1c9b2019-04-05 12:49:23 +0300[diff] [blame]18 openstack_telemetry_redis_db: '0'
19 openstack_telemetry_redis_sentinel_mastername: 'master_1'
ibumarskovf0386ca2019-04-22 10:58:14 +0200[diff] [blame]20 openstack_region: RegionOne
azvyagintsevf94ab8c2018-10-12 20:48:59 +0300[diff] [blame]21 # SSL
22 ceilometer_agent_ssl_enabled: False
23 openstack_mysql_x509_enabled: False
24 # for non-ssl use 5672 / for ssl 5671
25 openstack_rabbitmq_port: 5672
26 openstack_rabbitmq_x509_enabled: False
Oleksandr Bryndziie6b1f372019-05-17 14:02:08 +0300[diff] [blame]27 # RabbitMQ
28 rabbitmq_upgrade_enabled: ${_param:openstack_upgrade_enabled}
azvyagintsev3f736c42018-11-01 20:04:29 +0200[diff] [blame]29 # Openstack memcache
Oleh Hryhorov26e8d6f2018-11-21 16:18:57 +0200[diff] [blame]30 openstack_memcached_server_bind_address: 0.0.0.0
Oleksandr Bryndzii87f24232018-10-02 09:51:13 +0000[diff] [blame]31 openstack_memcache_security_enabled: False
32 openstack_memcache_security_strategy: 'ENCRYPT'
azvyagintsev3f736c42018-11-01 20:04:29 +0200[diff] [blame]33 openstack_memcached_proto_tcp_enabled: True
34 openstack_memcached_proto_udp_enabled: False
Vasyl Saienko0e753f12019-01-22 18:55:48 +0200[diff] [blame]35 openstack_version: queens
Mykyta Karpin569ac8f2018-12-11 11:33:55 +0200[diff] [blame]36 openstack_old_version: ${_param:openstack_version}
Oleksandr Shyshkoa3384502019-02-27 13:23:06 +0200[diff] [blame]37 # Security compliance user options
38 openstack_service_user_options:
39 ignore_change_password_upon_first_use: True
40 ignore_password_expiry: True
Pavlo Shchelokovskyy05238eb2019-05-16 16:04:33 +0300[diff] [blame]41 ignore_lockout_failure_attempts: True
Oleksandr Shyshkoa3384502019-02-27 13:23:06 +0200[diff] [blame]42 lock_password: False
Oleksandr Bryndzii256f63e2018-10-02 11:36:05 +0000[diff] [blame]43 # Cinder
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]44 mysql_cinder_username: cinder
45 keystone_cinder_username: cinder
Oleksandr Bryndzii256f63e2018-10-02 11:36:05 +0000[diff] [blame]46 cinder_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
47 cinder_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]48 cinder_old_version: ${_param:openstack_old_version}
49 cinder_version: ${_param:openstack_version}
50 cinder_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndziif8e71a52019-03-05 17:16:48 +0200[diff] [blame]51 cinder_service_user_enabled: ${_param:openstack_service_user_enabled}
Oleksandr Pidrepnyi8e8df062019-05-06 18:56:27 +0300[diff] [blame]52 cinder_image_conversion_dir_path: /var/tmp/cinder/conversion
Oleksandr Bryndzii48cf31f2018-10-24 16:08:46 +0300[diff] [blame]53 # Nova
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]54 mysql_nova_username: nova
55 keystone_nova_username: nova
Oleksandr Bryndzii48cf31f2018-10-24 16:08:46 +0300[diff] [blame]56 nova_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
57 nova_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]58 nova_old_version: ${_param:openstack_old_version}
59 nova_version: ${_param:openstack_version}
60 nova_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndziif8e71a52019-03-05 17:16:48 +0200[diff] [blame]61 nova_service_user_enabled: ${_param:openstack_service_user_enabled}
Oleksandr Bryndzii61d8db82018-10-24 16:03:12 +0300[diff] [blame]62 # Glance
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]63 mysql_glance_username: glance
64 keystone_glance_username: glance
Oleksandr Bryndzii61d8db82018-10-24 16:03:12 +0300[diff] [blame]65 glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
66 glance_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]67 glance_old_version: ${_param:openstack_old_version}
68 glance_version: ${_param:openstack_version}
69 glance_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Vasyl Saienkoebe90622018-11-12 11:03:18 +0200[diff] [blame]70 # Allow CORS from horizon, needed for direct upload
71 glance_cors_allowed_origin: '${_param:horizon_public_protocol}://${_param:horizon_public_host}'
Oleksandr Bryndziib7c92172018-10-24 12:02:20 +0300[diff] [blame]72 # Heat
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]73 mysql_heat_username: heat
74 keystone_heat_username: heat
Oleksandr Bryndziib7c92172018-10-24 12:02:20 +0300[diff] [blame]75 heat_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
76 heat_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]77 heat_old_version: ${_param:openstack_old_version}
78 heat_version: ${_param:openstack_version}
79 heat_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndziic72982c2018-10-24 11:50:20 +0300[diff] [blame]80 # Aodh
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]81 mysql_aodh_username: aodh
82 keystone_aodh_username: aodh
Oleksandr Bryndziic72982c2018-10-24 11:50:20 +0300[diff] [blame]83 aodh_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
84 aodh_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]85 aodh_old_version: ${_param:openstack_old_version}
86 aodh_version: ${_param:openstack_version}
87 aodh_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii820e9f92019-04-05 13:18:25 +0300[diff] [blame]88 aodh_redis_db: ${_param:openstack_telemetry_redis_db}
89 aodh_redis_sentinel_mastername: ${_param:openstack_telemetry_redis_sentinel_mastername}
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]90 # Ceilometer
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]91 mysql_ceilometer_username: ceilometer
92 keystone_ceilometer_username: ceilometer
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]93 ceilometer_old_version: ${_param:openstack_old_version}
94 ceilometer_version: ${_param:openstack_version}
95 ceilometer_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii7c1d3b32019-04-05 13:22:48 +0300[diff] [blame]96 ceilometer_redis_db: ${_param:openstack_telemetry_redis_db}
97 ceilometer_redis_sentinel_mastername: ${_param:openstack_telemetry_redis_sentinel_mastername}
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]98 # Congress
99 keystone_congress_username: congress
100 # Grafana
101 mysql_grafana_username: grafana
102 # Graphite
103 mysql_graphite_username: graphite
Oleksandr Bryndzii0b5809e2018-11-01 18:23:35 +0200[diff] [blame]104 # Gnocchi
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]105 mysql_gnocchi_username: gnocchi
106 keystone_gnocchi_username: gnocchi
Oleksandr Bryndzii0b5809e2018-11-01 18:23:35 +0200[diff] [blame]107 gnocchi_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
108 gnocchi_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]109 gnocchi_version: 4.0
Mykyta Karpin569ac8f2018-12-11 11:33:55 +0200[diff] [blame]110 gnocchi_old_version: ${_param:gnocchi_version}
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]111 gnocchi_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii94e1c9b2019-04-05 12:49:23 +0300[diff] [blame]112 gnocchi_redis_db: ${_param:openstack_telemetry_redis_db}
113 gnocchi_redis_sentinel_mastername: ${_param:openstack_telemetry_redis_sentinel_mastername}
Oleksandr Bryndzii0bf966d2018-11-01 18:36:54 +0200[diff] [blame]114 # Panko
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]115 mysql_panko_username: panko
116 keystone_panko_username: panko
Oleksandr Bryndzii0bf966d2018-11-01 18:36:54 +0200[diff] [blame]117 panko_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
118 panko_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]119 panko_old_version: ${_param:openstack_old_version}
120 panko_version: ${_param:openstack_version}
121 panko_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii43fed5f2018-11-01 19:26:19 +0200[diff] [blame]122 # Barbican
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]123 mysql_barbican_username: barbican
124 keystone_barbican_username: barbican
Oleksandr Bryndzii43fed5f2018-11-01 19:26:19 +0200[diff] [blame]125 barbican_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
126 barbican_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]127 barbican_old_version: ${_param:openstack_old_version}
128 barbican_version: ${_param:openstack_version}
129 barbican_upgrade_enabled: ${_param:openstack_upgrade_enabled}
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]130 # Billometer
131 keystone_billometer_username: billometer
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]132 # Designate
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]133 mysql_designate_username: designate
134 keystone_designate_username: designate
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]135 designate_old_version: ${_param:openstack_old_version}
136 designate_version: ${_param:openstack_version}
137 designate_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii242b2d12018-11-07 13:49:15 +0200[diff] [blame]138 # Ironic
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]139 mysql_ironic_username: ironic
140 keystone_ironic_username: ironic
Oleksandr Bryndzii242b2d12018-11-07 13:49:15 +0200[diff] [blame]141 ironic_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
142 ironic_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]143 # Keystone
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]144 mysql_keystone_username: keystone
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]145 keystone_old_version: ${_param:openstack_old_version}
146 keystone_version: ${_param:openstack_version}
147 keystone_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii79b89682019-02-27 14:23:23 +0200[diff] [blame]148 # (obryndzii) Rotating keys too frequently, or with ``[fernet_tokens] max_active_keys``
149 # set too low, will cause tokens to become invalid prior to their expiration.
150 # As tokens may be fetched beyond their initial expiration period (nova live migration,
151 # cider volume backup), keys should not be fully rotated within the period of
152 # ``[token] expiration``+``[token] allow_expired_window`` seconds to prevent the tokens
153 # becoming unavailable.
154 # The max_active_keys default value was adjusted according to the following defaults:
155 # [token]/allow_expired_window = 172800 (48 hours)
156 # [token]/expiration = 3600 (1 hour)
157 # rotation_frequency = 1 hour (keystone_fernet_rotate_rsync_minute/hour 0 *)
158 # max_active_keys = (allow_expired_window + expiration)/rotation_frequency + 2
159 # In case of changing those defaults the keystone_tokens_max_active_keys value should be
160 # calculated according to the definition above.
161 keystone_tokens_expiration: 3600
162 keystone_tokens_max_active_keys: 51
163 keystone_tokens_allow_expired_window: 172800
164 keystone_fernet_rotate_rsync_minute: 0
165 keystone_fernet_rotate_rsync_hour: '*'
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]166 # Manila
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]167 mysql_manila_username: manila
168 keystone_manila_username: manila
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]169 manila_old_version: ${_param:openstack_old_version}
170 manila_version: ${_param:openstack_version}
171 manila_upgrade_enabled: ${_param:openstack_upgrade_enabled}
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]172 # Murano
173 mysql_murano_username: murano
174 keystone_murano_username: murano
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]175 # Neutron
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]176 mysql_neutron_username: neutron
177 keystone_neutron_username: neutron
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]178 neutron_old_version: ${_param:openstack_old_version}
179 neutron_version: ${_param:openstack_version}
180 neutron_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii1d423492018-11-06 10:35:02 +0200[diff] [blame]181 # Apache mods defaults
Oleksandr Bryndzii955e67a12018-12-13 23:31:28 +0000[diff] [blame]182 # Stacklight uses /server-status endpoint to monitor apache
Oleksandr Bryndzii1d423492018-11-06 10:35:02 +0200[diff] [blame]183 apache_mods_status_enabled: True
Oleksandr Bryndzii955e67a12018-12-13 23:31:28 +0000[diff] [blame]184 apache_mods_status_status: 'enabled'
Oleksandr Bryndziida2c7832018-12-18 12:58:36 +0000[diff] [blame]185 apache_mods_status_host_address: '127.0.0.1'
186 apache_mods_status_host_port: 80
Oleh Hryhorov1b5be042018-11-29 19:04:34 +0200[diff] [blame]187 apache_horizon_listen_address: '0.0.0.0'
Mykyta Karpin3ed24aa2018-12-21 10:58:30 +0200[diff] [blame]188 # Apache proxies for openstack aren't used as HA proxies, they are
189 # simply ssl terminators in case of setup of ssl on internal endpoints
190 # for services which don't support running under apache and wsgi.
191 # So retry parameter is set 0, to eliminate maintenance mode for backend
192 # which is 60 seconds by default.
193 apache_proxy_openstack_api_retry: 0
194 apache_proxy_openstack_cinder_retry: ${_param:apache_proxy_openstack_api_retry}
195 apache_proxy_openstack_designate_retry: ${_param:apache_proxy_openstack_api_retry}
196 apache_proxy_openstack_glance_retry: ${_param:apache_proxy_openstack_api_retry}
197 apache_proxy_openstack_heat_retry: ${_param:apache_proxy_openstack_api_retry}
198 apache_proxy_openstack_ironic_retry: ${_param:apache_proxy_openstack_api_retry}
199 apache_proxy_openstack_nova_retry: ${_param:apache_proxy_openstack_api_retry}
200 apache_proxy_openstack_neutron_retry: ${_param:apache_proxy_openstack_api_retry}
201 apache_proxy_openstack_aodh_retry: ${_param:apache_proxy_openstack_api_retry}
202 apache_proxy_openstack_placement_retry: ${_param:apache_proxy_openstack_api_retry}
Vasyl Saienko3cdc7682019-01-28 11:38:28 +0200[diff] [blame]203 apache_proxy_openstack_octavia_retry: ${_param:apache_proxy_openstack_api_retry}
Dmitry Kalashnik4c9f3432019-03-14 18:42:59 +0400[diff] [blame]204 # Formats for logs for openstack apache sites
205 apache_site_openstack_api_log_format: >-
206 %v:%p %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
207 apache_site_openstack_aodh_log_format: ${_param:apache_site_openstack_api_log_format}
208 apache_site_openstack_barbican_log_format: ${_param:apache_site_openstack_api_log_format}
209 apache_site_openstack_cinder_log_format: ${_param:apache_site_openstack_api_log_format}
210 apache_site_openstack_gnocchi_log_format: ${_param:apache_site_openstack_api_log_format}
211 apache_site_openstack_horizon_log_format: >-
212 %v:%p %{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
213 apache_site_openstack_manila_log_format: ${_param:apache_site_openstack_api_log_format}
214 apache_site_openstack_placement_log_format: ${_param:apache_site_openstack_api_log_format}
215 apache_site_openstack_panko_log_format: ${_param:apache_site_openstack_api_log_format}
Vasyl Saienko0e5c1052018-11-06 17:35:51 +0200[diff] [blame]216 # Horizon
217 # 'direct' mode will require cors on glance side to be enabled.
Vasyl Saienkoebe90622018-11-12 11:03:18 +0200[diff] [blame]218 horizon_images_upload_mode: 'direct'
219 # TODO (vsaineko): switch to openstack_cluster_public_host
220 horizon_public_host: ${_param:cluster_public_host}
221 horizon_public_port: 443
222 horizon_public_protocol: https
Oleh Hryhorov2368cdb2018-12-04 14:43:44 +0200[diff] [blame]223 horizon_server_bind_address: ${_param:single_address}
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200[diff] [blame]224 horizon_old_version: ${_param:openstack_old_version}
225 horizon_version: ${_param:openstack_version}
226 horizon_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Ann Kamyshnikova119d3ec2018-11-28 14:32:29 +0400[diff] [blame]227 # Octavia
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]228 mysql_octavia_username: octavia
229 keystone_octavia_username: octavia
Ann Kamyshnikova119d3ec2018-11-28 14:32:29 +0400[diff] [blame]230 octavia_health_manager_node01_address: 192.168.10.10
231 octavia_health_manager_node02_address: 192.168.10.11
232 octavia_health_manager_node03_address: 192.168.10.12
azvyagintsev9b91ef92019-01-21 18:46:02 +0200[diff] [blame]233 #
234 amphora_image_name: amphora-x64-haproxy
azvyagintsevef97bfe2019-01-22 13:12:53 +0200[diff] [blame]235 amphora_image_url: "${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/${_param:openstack_version}/amphora-x64-haproxy.qcow2"
sgarbuz5f58dd72019-05-20 14:10:11 +0300[diff] [blame]236 # Sahara
237 mysql_sahara_username: sahara
238 keystone_sahara_username: sahara
239 # Swift
240 keystone_swift_username: swift
241 # Tacker
242 mysql_tacker_username: tacker
243 keystone_tacker_username: tacker
Oleh Hryhorov81c4c212018-11-23 17:23:15 +0200[diff] [blame]244 # HAproxy
245 haproxy_openstack_web_bind_port: ${_param:horizon_public_port}
246 #
247 # haproxy_openstack_web_sticks_params is defined for SSL by default
248 # if cluster_protocolr HTTP is going to be used then haproxy_openstack_web_sticks_params
249 # should be redefined peroperly. For example empty list.
250 #
251 haproxy_openstack_web_sticks_params:
252 - stick-table type binary len 32 size 30k expire 30m
253 - acl clienthello req_ssl_hello_type 1
254 - acl serverhello rep_ssl_hello_type 2
255 - tcp-request inspect-delay 5s
256 - tcp-request content accept if clienthello
257 - tcp-response content accept if serverhello
258 - stick on payload_lv(43,1) if clienthello
259 - stick store-response payload_lv(43,1) if serverhello