-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.yml
294 lines (255 loc) · 10.8 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# The variables file used by the playbooks in the Heat-api group.
# These don't have to be explicitly imported by vars_files: they are autopopulated.
# Enable/Disable Ceilometer
heat_ceilometer_enabled: False
## Verbosity Options
debug: False
# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
heat_package_state: "latest"
heat_pip_package_state: "latest"
heat_git_repo: https://git.openstack.org/openstack/heat
heat_git_install_branch: master
heat_developer_mode: false
heat_developer_constraints:
- "git+{{ heat_git_repo }}@{{ heat_git_install_branch }}#egg=heat"
# Name of the virtual env to deploy into
heat_venv_tag: untagged
heat_bin: "/openstack/venvs/heat-{{ heat_venv_tag }}/bin"
# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
heat_venv_download: "{{ not heat_developer_mode | bool }}"
heat_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/heat.tgz
heat_fatal_deprecations: False
heat_clients_endpoint: internalURL
heat_clients_heat_endpoint: publicURL
## DB
heat_galera_user: heat
heat_galera_database: heat
## RabbitMQ info
## Configuration for RPC communications
heat_rabbitmq_userid: heat
heat_rabbitmq_vhost: /heat
heat_rabbitmq_servers: 127.0.0.1
heat_rabbitmq_use_ssl: False
heat_rabbitmq_port: 5672
## Configuration for notifications communication, i.e. [oslo_messaging_notifications]
heat_rabbitmq_telemetry_userid: "{{ heat_rabbitmq_userid }}"
heat_rabbitmq_telemetry_password: "{{ heat_rabbitmq_password }}"
heat_rabbitmq_telemetry_vhost: "{{ heat_rabbitmq_vhost }}"
heat_rabbitmq_telemetry_port: "{{ heat_rabbitmq_port }}"
heat_rabbitmq_telemetry_servers: "{{ heat_rabbitmq_servers }}"
heat_rabbitmq_telemetry_use_ssl: "{{ heat_rabbitmq_use_ssl }}"
## Heat User / Group
heat_system_user_name: heat
heat_system_group_name: heat
heat_system_shell: /bin/false
heat_system_comment: heat system user
heat_system_home_folder: "/var/lib/{{ heat_system_user_name }}"
## Default domain
heat_project_domain_name: Default
heat_project_name: admin
heat_user_domain_name: Default
## Stack
heat_stack_domain_admin: stack_domain_admin
heat_stack_owner_name: heat_stack_owner
heat_stack_domain_description: Owns users and projects created by heat
heat_stack_user_domain_name: heat
heat_max_nested_stack_depth: 5
heat_deferred_auth_method: trusts
heat_trusts_delegated_roles: []
## Cinder backups
heat_cinder_backups_enabled: false
# osprofiler
heat_profiler_enabled: false
heat_profiler_trace_sqlalchemy: false
## Auth
heat_service_region: RegionOne
heat_service_project_name: "service"
heat_service_user_name: "heat"
heat_service_role_name: admin
heat_service_project_domain_id: default
heat_service_user_domain_id: default
heat_keystone_auth_plugin: password
## Trustee Auth
heat_service_trustee_project_name: "service"
heat_service_trustee_user_name: "heat"
heat_service_trustee_password: "{{ heat_service_password }}"
heat_service_trustee_project_domain_id: "default"
heat_service_trustee_user_domain_id: "default"
heat_keystone_trustee_auth_plugin: "{{ heat_keystone_trustee_auth_type }}"
heat_keystone_trustee_auth_type: password
## Heat api service type and data
heat_service_name: heat
heat_service_description: "Heat Orchestration Service"
heat_service_port: 8004
heat_service_proto: http
heat_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(heat_service_proto) }}"
heat_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(heat_service_proto) }}"
heat_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(heat_service_proto) }}"
heat_service_type: orchestration
heat_service_publicuri: "{{ heat_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ heat_service_port }}"
heat_service_publicurl: "{{ heat_service_publicuri }}/v1/%(tenant_id)s"
heat_service_adminuri: "{{ heat_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ heat_service_port }}"
heat_service_adminurl: "{{ heat_service_adminuri }}/v1/%(tenant_id)s"
heat_service_internaluri: "{{ heat_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ heat_service_port }}"
heat_service_internalurl: "{{ heat_service_internaluri }}/v1/%(tenant_id)s"
## Heat api cfn service type and data
heat_cfn_service_name: heat-cfn
heat_cfn_service_description: "Heat CloudFormation Service"
heat_cfn_service_port: 8000
heat_cfn_service_proto: http
heat_cfn_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(heat_cfn_service_proto) }}"
heat_cfn_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(heat_cfn_service_proto) }}"
heat_cfn_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(heat_cfn_service_proto) }}"
heat_cfn_service_type: cloudformation
heat_cfn_service_publicuri: "{{ heat_cfn_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ heat_cfn_service_port }}"
heat_cfn_service_publicurl: "{{ heat_cfn_service_publicuri }}/v1"
heat_cfn_service_adminuri: "{{ heat_cfn_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ heat_cfn_service_port }}"
heat_cfn_service_adminurl: "{{ heat_cfn_service_adminuri }}/v1"
heat_cfn_service_internaluri: "{{ heat_cfn_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ heat_cfn_service_port }}"
heat_cfn_service_internalurl: "{{ heat_cfn_service_internaluri }}/v1"
## Heat wait and metadata server
heat_waitcondition_server_uri: "{{ heat_cfn_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ heat_cfn_service_port }}"
heat_waitcondition_server_url: "{{ heat_waitcondition_server_uri }}/v1/waitcondition"
heat_metadata_server_url: "{{ heat_cfn_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ heat_cfn_service_port }}"
## Heat watch server
heat_watch_proto: http
heat_watch_port: 8003
heat_watch_publicuri_proto: "{{ openstack_service_publicuri_proto | default(heat_watch_proto) }}"
heat_watch_server_uri: "{{ heat_watch_publicuri_proto }}://{{ external_lb_vip_address }}:{{ heat_watch_port }}"
heat_watch_server_url: "{{ heat_watch_server_uri }}"
# If the following variables are unset in user_variables, the value set will be half the number of available VCPUs
# heat_engine_workers: 4
# heat_api_workers: 4
## Cap the maximum number of threads / workers when a user value is unspecified.
heat_api_threads_max: 16
heat_api_threads: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, heat_api_threads_max] | min }}"
heat_service_in_ldap: false
## Plugin dirs
heat_plugin_dirs:
- /usr/lib/heat
- /usr/local/lib/heat
## Policy vars
# Provide a list of access controls to update the default policy.json with. These changes will be merged
# with the access controls in the default policy.json. E.g.
#heat_policy_overrides:
# "cloudformation:ListStacks": "rule:deny_stack_user"
# "cloudformation:CreateStack": "rule:deny_stack_user"
# Heat packages that must be installed before anything else
heat_requires_pip_packages:
- virtualenv
- virtualenv-tools
- python-keystoneclient # Keystoneclient needed to OSA keystone lib
- httplib2
# Common pip packages
heat_pip_packages:
- cryptography
- heat
- keystonemiddleware
- PyMySQL
- python-ceilometerclient
- python-cinderclient
- python-glanceclient
- python-heatclient
- python-keystoneclient
- python-memcached
- python-neutronclient
- python-novaclient
- python-openstackclient
- python-swiftclient
- python-troveclient
- uwsgi
heat_api_init_overrides: {}
heat_api_cfn_init_overrides: {}
heat_api_cloudwatch_init_overrides: {}
heat_engine_init_overrides: {}
## Service Name-Group Mapping
heat_services:
heat-api:
group: heat_api
service_name: heat-api
init_config_overrides: "{{ heat_api_init_overrides }}"
start_order: 2
wsgi_overrides: "{{ heat_api_uwsgi_ini_overrides }}"
wsgi_app: True
log_string: "--logto "
wsgi_name: heat-wsgi-api
uwsgi_port: "{{ heat_service_port }}"
uwsgi_bind_address: "{{ heat_api_uwsgi_bind_address }}"
program_override: "{{ heat_bin }}/uwsgi --ini /etc/uwsgi/heat-api.ini"
heat-api-cfn:
group: heat_api_cfn
service_name: heat-api-cfn
init_config_overrides: "{{ heat_api_cfn_init_overrides }}"
start_order: 3
wsgi_overrides: "{{ heat_api_cfn_uwsgi_ini_overrides }}"
wsgi_app: True
log_string: "--logto "
wsgi_name: heat-wsgi-api-cfn
uwsgi_port: "{{ heat_cfn_service_port }}"
uwsgi_bind_address: "{{ heat_api_cfn_uwsgi_bind_address }}"
program_override: "{{ heat_bin }}/uwsgi --ini /etc/uwsgi/heat-api-cfn.ini"
heat-api-cloudwatch:
group: heat_api_cloudwatch
service_name: heat-api-cloudwatch
init_config_overrides: "{{ heat_api_cloudwatch_init_overrides }}"
start_order: 3
wsgi_overrides: "{{ heat_api_cloudwatch_uwsgi_ini_overrides }}"
wsgi_app: True
log_string: "--logto "
wsgi_name: heat-wsgi-api-cloudwatch
uwsgi_port: "{{ heat_watch_port }}"
uwsgi_bind_address: "{{ heat_api_cloudwatch_uwsgi_bind_address }}"
program_override: "{{ heat_bin }}/uwsgi --ini /etc/uwsgi/heat-api-cloudwatch.ini"
heat-engine:
group: heat_engine
service_name: heat-engine
init_config_overrides: "{{ heat_engine_init_overrides }}"
start_order: 1
# Required secrets for the role
heat_required_secrets:
- keystone_auth_admin_password
- heat_stack_domain_admin_password
- heat_auth_encryption_key
- heat_container_mysql_password
- heat_rabbitmq_password
- heat_service_password
- memcached_encryption_key
# uWSGI Settings
heat_api_uwsgi_ini_overrides: {}
heat_api_cfn_uwsgi_ini_overrides: {}
heat_api_cloudwatch_uwsgi_ini_overrides: {}
heat_wsgi_processes_max: 16
heat_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, heat_wsgi_processes_max] | min }}"
heat_wsgi_threads: 1
heat_wsgi_buffer_size: 65535
heat_api_uwsgi_bind_address: 0.0.0.0
heat_api_cfn_uwsgi_bind_address: 0.0.0.0
heat_api_cloudwatch_uwsgi_bind_address: 0.0.0.0
# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
heat_role_project_group: heat_all
## Tunable overrides
heat_heat_conf_overrides: {}
heat_api_paste_ini_overrides: {}
heat_default_yaml_overrides: {}
heat_aws_cloudwatch_alarm_yaml_overrides: {}
heat_aws_rds_dbinstance_yaml_overrides: {}
heat_policy_overrides: {}