blob: 5adb1a742a0541280c1676067158dace7a463637 [file] [log] [blame]
azvyagintsevf94ab8c2018-10-12 20:48:59 +03001parameters:
2 _param:
Vasyl Saienko1cc05de2018-11-19 16:49:27 +02003 # Enable barbican integration in other services nova,glance,cinder
4 barbican_integration_enabled: False
azvyagintsev3f736c42018-11-01 20:04:29 +02005 # General
6 cluster_public_protocol: https
7 cluster_internal_protocol: http
Vasyl Saienko71e8c542018-11-16 16:19:17 +02008 openstack_service_hostname: os-ctl-vip
Vasyl Saienkob0931af2019-01-15 15:42:12 +02009 openstack_share_service_hostname: os-share-vip
10 openstack_kmn_service_hostname: os-kmn-vip
11 openstack_telemetry_service_hostname: os-telemetry-vip
Vasyl Saienko71e8c542018-11-16 16:19:17 +020012 openstack_service_host: ${_param:openstack_service_hostname}.${linux:system:domain}
Vasyl Saienkob0931af2019-01-15 15:42:12 +020013 openstack_share_service_host: ${_param:openstack_share_service_hostname}.${linux:system:domain}
14 openstack_kmn_service_host: ${_param:openstack_kmn_service_hostname}.${linux:system:domain}
15 openstack_telemetry_service_host: ${_param:openstack_telemetry_service_hostname}.${linux:system:domain}
azvyagintsevf94ab8c2018-10-12 20:48:59 +030016 # SSL
17 ceilometer_agent_ssl_enabled: False
18 openstack_mysql_x509_enabled: False
19 # for non-ssl use 5672 / for ssl 5671
20 openstack_rabbitmq_port: 5672
21 openstack_rabbitmq_x509_enabled: False
azvyagintsev3f736c42018-11-01 20:04:29 +020022 # Openstack memcache
Oleh Hryhorov26e8d6f2018-11-21 16:18:57 +020023 openstack_memcached_server_bind_address: 0.0.0.0
Oleksandr Bryndzii87f24232018-10-02 09:51:13 +000024 openstack_memcache_security_enabled: False
25 openstack_memcache_security_strategy: 'ENCRYPT'
azvyagintsev3f736c42018-11-01 20:04:29 +020026 openstack_memcached_proto_tcp_enabled: True
27 openstack_memcached_proto_udp_enabled: False
Vasyl Saienko26763162019-01-22 18:55:48 +020028 openstack_version: queens
Mykyta Karpin569ac8f2018-12-11 11:33:55 +020029 openstack_old_version: ${_param:openstack_version}
Mykyta Karpin882dcac2018-11-30 16:37:28 +020030 openstack_upgrade_enabled: False
Oleksandr Bryndzii256f63e2018-10-02 11:36:05 +000031 # Cinder
32 cinder_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
33 cinder_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +020034 cinder_old_version: ${_param:openstack_old_version}
35 cinder_version: ${_param:openstack_version}
36 cinder_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii48cf31f2018-10-24 16:08:46 +030037 # Nova
38 nova_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
39 nova_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +020040 nova_old_version: ${_param:openstack_old_version}
41 nova_version: ${_param:openstack_version}
42 nova_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii61d8db82018-10-24 16:03:12 +030043 # Glance
44 glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
45 glance_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +020046 glance_old_version: ${_param:openstack_old_version}
47 glance_version: ${_param:openstack_version}
48 glance_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Vasyl Saienkoebe90622018-11-12 11:03:18 +020049 # Allow CORS from horizon, needed for direct upload
50 glance_cors_allowed_origin: '${_param:horizon_public_protocol}://${_param:horizon_public_host}'
Oleksandr Bryndziib7c92172018-10-24 12:02:20 +030051 # Heat
52 heat_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
53 heat_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +020054 heat_old_version: ${_param:openstack_old_version}
55 heat_version: ${_param:openstack_version}
56 heat_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndziic72982c2018-10-24 11:50:20 +030057 # Aodh
58 aodh_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
59 aodh_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +020060 aodh_old_version: ${_param:openstack_old_version}
61 aodh_version: ${_param:openstack_version}
62 aodh_upgrade_enabled: ${_param:openstack_upgrade_enabled}
63 # Ceilometer
64 ceilometer_old_version: ${_param:openstack_old_version}
65 ceilometer_version: ${_param:openstack_version}
66 ceilometer_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii0b5809e2018-11-01 18:23:35 +020067 # Gnocchi
68 gnocchi_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
69 gnocchi_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +020070 gnocchi_version: 4.0
Mykyta Karpin569ac8f2018-12-11 11:33:55 +020071 gnocchi_old_version: ${_param:gnocchi_version}
Mykyta Karpin882dcac2018-11-30 16:37:28 +020072 gnocchi_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii0bf966d2018-11-01 18:36:54 +020073 # Panko
74 panko_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
75 panko_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +020076 panko_old_version: ${_param:openstack_old_version}
77 panko_version: ${_param:openstack_version}
78 panko_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii43fed5f2018-11-01 19:26:19 +020079 # Barbican
80 barbican_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
81 barbican_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +020082 barbican_old_version: ${_param:openstack_old_version}
83 barbican_version: ${_param:openstack_version}
84 barbican_upgrade_enabled: ${_param:openstack_upgrade_enabled}
85 # Designate
86 designate_old_version: ${_param:openstack_old_version}
87 designate_version: ${_param:openstack_version}
88 designate_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii242b2d12018-11-07 13:49:15 +020089 # Ironic
90 ironic_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
91 ironic_memcache_secret_key: ''
Mykyta Karpin882dcac2018-11-30 16:37:28 +020092 # Keystone
93 keystone_old_version: ${_param:openstack_old_version}
94 keystone_version: ${_param:openstack_version}
95 keystone_upgrade_enabled: ${_param:openstack_upgrade_enabled}
96 # Manila
97 manila_old_version: ${_param:openstack_old_version}
98 manila_version: ${_param:openstack_version}
99 manila_upgrade_enabled: ${_param:openstack_upgrade_enabled}
100 # Neutron
101 neutron_old_version: ${_param:openstack_old_version}
102 neutron_version: ${_param:openstack_version}
103 neutron_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Oleksandr Bryndzii1d423492018-11-06 10:35:02 +0200104 # Apache mods defaults
Oleksandr Bryndzii955e67a12018-12-13 23:31:28 +0000105 # Stacklight uses /server-status endpoint to monitor apache
Oleksandr Bryndzii1d423492018-11-06 10:35:02 +0200106 apache_mods_status_enabled: True
Oleksandr Bryndzii955e67a12018-12-13 23:31:28 +0000107 apache_mods_status_status: 'enabled'
Oleksandr Bryndziida2c7832018-12-18 12:58:36 +0000108 apache_mods_status_host_address: '127.0.0.1'
109 apache_mods_status_host_port: 80
Oleh Hryhorov1b5be042018-11-29 19:04:34 +0200110 apache_horizon_listen_address: '0.0.0.0'
Mykyta Karpin3ed24aa2018-12-21 10:58:30 +0200111 # Apache proxies for openstack aren't used as HA proxies, they are
112 # simply ssl terminators in case of setup of ssl on internal endpoints
113 # for services which don't support running under apache and wsgi.
114 # So retry parameter is set 0, to eliminate maintenance mode for backend
115 # which is 60 seconds by default.
116 apache_proxy_openstack_api_retry: 0
117 apache_proxy_openstack_cinder_retry: ${_param:apache_proxy_openstack_api_retry}
118 apache_proxy_openstack_designate_retry: ${_param:apache_proxy_openstack_api_retry}
119 apache_proxy_openstack_glance_retry: ${_param:apache_proxy_openstack_api_retry}
120 apache_proxy_openstack_heat_retry: ${_param:apache_proxy_openstack_api_retry}
121 apache_proxy_openstack_ironic_retry: ${_param:apache_proxy_openstack_api_retry}
122 apache_proxy_openstack_nova_retry: ${_param:apache_proxy_openstack_api_retry}
123 apache_proxy_openstack_neutron_retry: ${_param:apache_proxy_openstack_api_retry}
124 apache_proxy_openstack_aodh_retry: ${_param:apache_proxy_openstack_api_retry}
125 apache_proxy_openstack_placement_retry: ${_param:apache_proxy_openstack_api_retry}
Vasyl Saienko6a26e282019-01-28 11:38:28 +0200126 apache_proxy_openstack_octavia_retry: ${_param:apache_proxy_openstack_api_retry}
Vasyl Saienko0e5c1052018-11-06 17:35:51 +0200127 # Horizon
128 # 'direct' mode will require cors on glance side to be enabled.
Vasyl Saienkoebe90622018-11-12 11:03:18 +0200129 horizon_images_upload_mode: 'direct'
130 # TODO (vsaineko): switch to openstack_cluster_public_host
131 horizon_public_host: ${_param:cluster_public_host}
132 horizon_public_port: 443
133 horizon_public_protocol: https
Oleh Hryhorov2368cdb2018-12-04 14:43:44 +0200134 horizon_server_bind_address: ${_param:single_address}
Mykyta Karpin882dcac2018-11-30 16:37:28 +0200135 horizon_old_version: ${_param:openstack_old_version}
136 horizon_version: ${_param:openstack_version}
137 horizon_upgrade_enabled: ${_param:openstack_upgrade_enabled}
Ann Kamyshnikova119d3ec2018-11-28 14:32:29 +0400138 # Octavia
139 octavia_health_manager_node01_address: 192.168.10.10
140 octavia_health_manager_node02_address: 192.168.10.11
141 octavia_health_manager_node03_address: 192.168.10.12
azvyagintsev2ecced22019-01-21 18:46:02 +0200142 #
143 amphora_image_name: amphora-x64-haproxy
azvyagintsevfcdf5fe2019-01-22 18:12:00 +0200144 amphora_image_url: "${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/${_param:openstack_version}/amphora-x64-haproxy.qcow2"
Oleh Hryhorov81c4c212018-11-23 17:23:15 +0200145 # HAproxy
146 haproxy_openstack_web_bind_port: ${_param:horizon_public_port}
147 #
148 # haproxy_openstack_web_sticks_params is defined for SSL by default
149 # if cluster_protocolr HTTP is going to be used then haproxy_openstack_web_sticks_params
150 # should be redefined peroperly. For example empty list.
151 #
152 haproxy_openstack_web_sticks_params:
153 - stick-table type binary len 32 size 30k expire 30m
154 - acl clienthello req_ssl_hello_type 1
155 - acl serverhello rep_ssl_hello_type 2
156 - tcp-request inspect-delay 5s
157 - tcp-request content accept if clienthello
158 - tcp-response content accept if serverhello
159 - stick on payload_lv(43,1) if clienthello
160 - stick store-response payload_lv(43,1) if serverhello