starlingx
/
config
Code Issues Proposed changes
config/puppet-manifests/src/hieradata/controller.yaml

559 lines
20 KiB
YAML
Raw Blame History

# controller specific configuration data
---
# platform
# Default hostname required for initial bootstrap of controller-0.
# Configured hostname will override this value.
platform::params::hostname: 'controller-0'
# Default controller hostname maps to the loopback address
# NOTE: Puppet doesn't support setting multiple IPs for the host resource,
# therefore setup an alias for the controller against localhost and
# then specify the IPv6 localhost as a separate entry.
# The IPv6 entry is required for LDAP clients to connect to the LDAP
# server when there are no IPv4 addresses configured, which occurs
# during the bootstrap phase.
platform::config::params::hosts:
localhost:
ip: '127.0.0.1'
host_aliases:
- localhost.localdomain
- controller
controller:
ip: '::1'
# default parameters, runtime management network configured will override
platform::network::mgmt::params::subnet_version: 4
platform::network::mgmt::params::controller0_address: 127.0.0.1
platform::network::mgmt::params::controller1_address: 127.0.0.2
# default parameters, runtime values will be based on selected link
platform::drbd::params::link_speed: 10000
platform::drbd::params::link_util: 40
platform::drbd::params::num_parallel: 1
platform::drbd::params::rtt_ms: 0.2
# Default LDAP configuration required for bootstrap of controller-0
platform::ldap::params::server_id: '001'
platform::ldap::params::provider_uri: 'ldap://controller-1'
# FIXME(mpeters): remove packstack specific variable
# workaround until openstack credentials module is updated to not reference
# hiera data
CONFIG_ADMIN_USER_DOMAIN_NAME: Default
CONFIG_ADMIN_PROJECT_DOMAIN_NAME: Default
# mtce
platform::mtce::agent::params::worker_boot_timeout: 720
platform::mtce::agent::params::controller_boot_timeout: 1200
platform::mtce::agent::params::heartbeat_period: 100
platform::mtce::agent::params::heartbeat_failure_action: 'fail'
platform::mtce::agent::params::heartbeat_failure_threshold: 10
platform::mtce::agent::params::heartbeat_degrade_threshold: 6
platform::mtce::agent::params::mnfa_threshold: 2
platform::mtce::agent::params::mnfa_timeout: 0
# influxdb configuration for collectd
platform::influxdb::params::bind_address: ':25826'
platform::influxdb::params::database: 'collectd'
platform::influxdb::params::typesdb: '/usr/share/collectd/types.db'
platform::influxdb::params::batch_size: 1000
platform::influxdb::params::batch_pending: 5
platform::influxdb::params::batch_timeout: '2s'
platform::influxdb::params::read_buffer: 0
# influxdb log ratation file
platform::influxdb::logrotate::params::log_file_name: '/var/log/influxdb/influxdb.log'
platform::influxdb::logrotate::params::log_file_size: '20M'
platform::influxdb::logrotate::params::log_file_rotate: 10
# postgresql
postgresql::globals::needs_initdb: false
postgresql::server::service_enable: false
postgresql::server::ip_mask_deny_postgres_user: '0.0.0.0/32'
postgresql::server::ip_mask_allow_all_users: '0.0.0.0/0'
postgresql::server::pg_hba_conf_path: "/etc/postgresql/pg_hba.conf"
postgresql::server::pg_ident_conf_path: "/etc/postgresql/pg_ident.conf"
postgresql::server::postgresql_conf_path: "/etc/postgresql/postgresql.conf"
postgresql::server::listen_addresses: "*"
postgresql::server::ipv4acls: ['host all all samenet md5']
postgresql::server::log_line_prefix: 'db=%d,user=%u '
# rabbitmq
rabbitmq::repos_ensure: false
rabbitmq::admin_enable: false
rabbitmq::package_provider: 'yum'
rabbitmq::default_host: 'controller'
# drbd
drbd::service_enable: false
drbd::service_ensure: 'stopped'
# haproxy
haproxy::merge_options: true
platform::haproxy::params::global_options:
log:
- '127.0.0.1:514 local1 info'
user: 'haproxy'
group: 'wrs_protected'
chroot: '/var/lib/haproxy'
pidfile: '/var/run/haproxy.pid'
maxconn: '4000'
daemon: ''
stats: 'socket /var/lib/haproxy/stats'
ca-base: '/etc/ssl/certs'
crt-base: '/etc/ssl/private'
ssl-default-bind-ciphers: 'kEECDH+aRSA+AES:kRSA+AES:+AES256:!RC4-SHA:!kEDH:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA:!LOW:!EXP:!MD5:!aNULL:!eNULL'
ssl-default-bind-options: 'no-sslv3 no-tlsv10'
haproxy::defaults_options:
log: 'global'
mode: 'http'
stats: 'enable'
option:
- 'httplog'
- 'dontlognull'
- 'forwardfor'
retries: '3'
timeout:
- 'http-request 10s'
- 'queue 10m'
- 'connect 10s'
- 'client 90s'
- 'server 90s'
- 'check 10s'
maxconn: '8000'
# memcached
# disable UDP listener to prevent DOS attack
platform::memcached::params::udp_port: 0
platform::memcached::params::max_connections: 8192
platform::memcached::params::max_memory: 782
# ceph
platform::ceph::params::restapi_public_addr: '127.0.0.1:5001'
# sysinv
sysinv::journal_max_size: 51200
sysinv::journal_min_size: 1024
sysinv::journal_default_size: 1024
sysinv::api::enabled: false
sysinv::api::keystone_tenant: 'services'
sysinv::api::keystone_user: 'sysinv'
sysinv::api::keystone_user_domain: 'Default'
sysinv::api::keystone_project_domain: 'Default'
sysinv::conductor::enabled: false
# nfvi
nfv::nfvi::infrastructure_rest_api_data_port_fault_handling_enabled: false
# keystone
keystone::service::enabled: false
keystone::token_provider: 'fernet'
keystone::max_token_size: 255,
keystone::debug: false
keystone::service_name: 'openstack-keystone'
keystone::enable_ssl: false
keystone::use_syslog: true
keystone::log_facility: 'local2'
keystone::database_idle_timeout: 60
keystone::database_max_pool_size: 1
keystone::database_max_overflow: 50
keystone::enable_bootstrap: false
keystone::sync_db: false
keystone::enable_proxy_headers_parsing: true
keystone::log_file: /dev/null
keystone::endpoint::default_domain: 'Default'
keystone::endpoint::version: 'v3'
keystone::endpoint::region: 'RegionOne'
keystone::endpoint::system_controller_region: 'SystemController'
keystone::endpoint::admin_url: 'http://127.0.0.1:5000'
keystone::ldap::identity_driver: 'sql'
keystone::ldap::assignment_driver: 'sql'
keystone::security_compliance::unique_last_password_count: 2
keystone::security_compliance::password_regex: '^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{7,}$'
keystone::security_compliance::password_regex_description: 'Password must have a minimum length of 7 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character'
keystone::roles::admin::email: 'admin@localhost'
keystone::roles::admin::admin_tenant: 'admin'
platform::client::params::identity_auth_url: 'http://localhost:5000/v3'
# glance
glance::api::enabled: false
glance::api::pipeline: 'keystone'
glance::api::database_max_pool_size: 1
glance::api::database_max_overflow: 10
glance::api::verbose: false
glance::api::debug: false
glance::api::use_syslog: true
glance::api::log_facility: 'local2'
glance::api::log_file: '/dev/null'
glance::api::multi_store: true
glance::api::cinder_catalog_info: 'volume:cinder:internalURL'
glance::api::graceful_shutdown: true
glance::api::enable_proxy_headers_parsing: true
glance::api::image_cache_dir: '/opt/cgcs/glance/image-cache'
glance::api::cache_raw_conversion_dir: '/opt/img-conversions/glance'
glance::api::scrubber_datadir: '/opt/cgcs/glance/scrubber'
glance::registry::enabled: false
glance::registry::database_max_pool_size: 1
glance::registry::database_max_overflow: 10
glance::registry::verbose: false
glance::registry::debug: false
glance::registry::use_syslog: true
glance::registry::log_facility: 'local2'
glance::registry::log_file: '/dev/null'
glance::registry::graceful_shutdown: true
glance::backend::rbd::multi_store: true
glance::backend::rbd::rbd_store_user: glance
glance::backend::file::multi_store: true
glance::backend::file::filesystem_store_datadir: '/opt/cgcs/glance/images/'
glance::notify::rabbitmq::notification_driver: 'messagingv2'
# nova
nova::conductor::enabled: false
nova::scheduler::enabled: false
nova::consoleauth::enabled: false
nova::vncproxy::enabled: false
nova::serialproxy::enabled: false
nova::scheduler::filter::ram_weight_multiplier: 0.0
nova::scheduler::filter::disk_weight_multiplier: 0.0
nova::scheduler::filter::io_ops_weight_multiplier: -5.0
nova::scheduler::filter::pci_weight_multiplier: 0.0
nova::scheduler::filter::soft_affinity_weight_multiplier: 0.0
nova::scheduler::filter::soft_anti_affinity_weight_multiplier: 0.0
nova::cron::archive_deleted_rows::hour: '*/12'
nova::cron::archive_deleted_rows::destination: '/dev/null'
nova::api::enabled: false
nova::api::enable_proxy_headers_parsing: true
# nova-api runs on an internal 18774 port and api proxy runs on 8774
nova::api::osapi_compute_listen_port: 18774
nova::api::allow_resize_to_same_host: true
nova::network::neutron::default_floating_pool: 'public'
nova_api_proxy::config::enabled: false
nova_api_proxy::config::eventlet_pool_size: 256
nova_api_proxy::config::use_syslog: true
nova_api_proxy::config::log_facility: 'local5'
# this will trigger simple_setup for cell_v2
nova::db::sync_api::cellv2_setup: true
# neutron
neutron::server::enabled: false
neutron::server::database_idle_timeout: 60
neutron::server::database_max_pool_size: 1
neutron::server::database_max_overflow: 64
neutron::server::enable_proxy_headers_parsing: true
neutron::server::network_scheduler_driver: 'neutron.scheduler.dhcp_host_agent_scheduler.HostBasedScheduler'
neutron::server::router_scheduler_driver: 'neutron.scheduler.l3_host_agent_scheduler.HostBasedScheduler'
neutron::server::notifications::endpoint_type: 'internal'
neutron::plugins::ml2::type_drivers:
- managed_flat
- managed_vlan
- managed_vxlan
neutron::plugins::ml2::tenant_network_types:
- vlan
- vxlan
neutron::plugins::ml2::mechanism_drivers:
- openvswitch
- sriovnicswitch
- l2population
neutron::plugins::ml2::enable_security_group: true
neutron::plugins::ml2::ensure_default_security_group: false
neutron::plugins::ml2::notify_interval: 10
neutron::plugins::ml2::firewall_driver: 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'
neutron::bgp::bgp_speaker_driver: 'neutron_dynamic_routing.services.bgp.agent.driver.ryu.driver.RyuBgpDriver'
neutron::services::bgpvpn::service_providers:
- 'BGPVPN:DynamicRoutingBGPVPNDriver:networking_bgpvpn.neutron.services.service_drivers.neutron_dynamic_routing.dr.DynamicRoutingBGPVPNDriver:default'
# ceilometer
ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
ceilometer::agent::notification::enabled: false
ceilometer::agent::notification::disable_non_metric_meters: false
ceilometer::agent::notification::manage_event_pipeline: true
ceilometer::agent::notification::event_pipeline_publishers: ['gnocchi://', 'direct://?dispatcher=panko']
ceilometer::agent::polling::central_namespace: true
ceilometer::agent::polling::compute_namespace: false
ceilometer::agent::polling::ipmi_namespace: true
# Do not create endpoints for ceilometer as ceilometer-api is removed
ceilometer::keystone::auth::configure_endpoint: false
# gnocchi
gnocchi::api::service_name: 'openstack-gnocchi-api'
gnocchi::api::enable_proxy_headers_parsing: true
gnocchi::metricd::enabled: false
gnocchi::storage::file::file_basepath: '/opt/gnocchi'
gnocchi::db::sync::user: 'root'
# aodh
aodh::use_syslog: true
aodh::log_facility: 'local2'
aodh::database_idle_timeout: 60
aodh::database_max_pool_size: 1
aodh::database_max_overflow: 10
aodh::alarm_history_time_to_live: 86400
aodh::auth::auth_endpoint_type: 'internalURL'
aodh::db::sync::user: 'root'
aodh::api::enabled: false
aodh::api::service_name: 'openstack-aodh-api'
aodh::api::enable_proxy_headers_parsing: true
aodh::notifier::enabled: false
aodh::evaluator::enabled: false
aodh::listener::enabled: false
# panko
openstack::panko::params::event_time_to_live: 86400
panko::api::enabled: false
panko::api::service_name: 'openstack-panko-api'
panko::api::enable_proxy_headers_parsing: true
panko::db::database_idle_timeout: 60
panko::db::database_max_pool_size: 1
panko::db::database_max_overflow: 10
panko::logging::use_syslog: true
panko::logging::syslog_log_facility: 'local2'
# cinder
cinder::use_syslog: true
cinder::log_facility: 'local2'
cinder::database_idle_timeout: 60
cinder::database_max_pool_size: 1
cinder::database_max_overflow: 50
cinder::rpc_response_timeout: 180
cinder::backend_host: 'controller'
cinder::image_conversion_dir: '/opt/img-conversions/cinder'
cinder::api::nova_interface: 'internal'
cinder::api::enable_proxy_headers_parsing: true
cinder::ceilometer::notification_driver: 'messaging'
cinder::scheduler::enabled: false
cinder::volume::enabled: false
cinder::backup::posix::backup_posix_path: '/opt/backups'
# backup_file_size should be below 500MB to allow multiple backups
# to run in parallel and not consume all RAM.
# backup_file_size must be a multiple of backup_sha_block_size_bytes
# which has a default value of 32768 bytes.
cinder::backup::posix::backup_file_size: 499974144
cinder::policy::policies:
enable_consistencygroup_create:
key: 'consistencygroup:create'
value: ''
enable_consistencygroup_delete:
key: 'consistencygroup:delete'
value: ''
enable_consistencygroup_update:
key: 'consistencygroup:update'
value: ''
enable_consistencygroup_get:
key: 'consistencygroup:get'
value: ''
enable_consistencygroup_get_all:
key: 'consistencygroup:get_all'
value: ''
enable_consistencygroup_create_cgsnapshot:
key: 'consistencygroup:create_cgsnapshot'
value: ''
enable_consistencygroup_delete_cgsnapshot:
key: 'consistencygroup:delete_cgsnapshot'
value: ''
enable_consistencygroup_get_cgsnapshot:
key: 'consistencygroup:get_cgsnapshot'
value: ''
enable_consistencygroup_get_all_cgsnapshots:
key: 'consistencygroup:get_all_cgsnapshots'
value: ''
enable_snapshot_export_attributes:
key: 'volume_extension:snapshot_export_attributes'
value: 'rule:admin_or_owner'
enable_snapshot_backup_status_attribute:
key: 'volume_extension:snapshot_backup_status_attribute'
value: 'rule:admin_or_owner'
# heat
heat::use_syslog: true
heat::log_facility: 'local6'
heat::database_idle_timeout: 60
heat::database_max_pool_size: 1
heat::database_max_overflow: 15
heat::enable_proxy_headers_parsing: true
heat::heat_clients_insecure: true
heat::api::enabled: false
heat::api_cfn::enabled: false
heat::api_cloudwatch::enabled: false
heat::engine::enabled: false
heat::engine::deferred_auth_method: 'trusts'
# trusts_delegated_roles is set to empty list so all users can use heat
heat::engine::trusts_delegated_roles: []
heat::engine::action_retry_limit: 1
heat::engine::max_resources_per_stack: -1
heat::engine::convergence_engine: false
heat::keystone::domain::domain_name: 'heat'
heat::keystone::auth_cfn::configure_user: false
heat::keystone::auth_cfn::configure_user_role: false
# Murano
murano::db::postgresql::encoding: 'UTF8'
murano::use_syslog: true
murano::log_facility: 'local2'
murano::debug: 'False'
murano::engine::manage_service: true
murano::engine::enabled: false
openstack::murano::params::tcp_listen_options: '[binary,
{packet,raw},
{reuseaddr,true},
{backlog,128},
{nodelay,true},
{linger,{true,0}},
{exit_on_close,false},
{keepalive,true}]'
openstack::murano::params::rabbit_tcp_listen_options:
'[binary,
{packet, raw},
{reuseaddr, true},
{backlog, 128},
{nodelay, true},
{linger, {true, 0}},
{exit_on_close, false}]'
# SSL parameters
# this cipher list is taken from any cipher that is supported by rabbitmq and
# is currently in either lighttpd or haproxy's cipher lists
# constructed on 2017-04-05
openstack::murano::params::rabbit_cipher_list: ["AES128-GCM-SHA256",
"AES128-SHA",
"AES128-SHA256",
"AES256-GCM-SHA384",
"AES256-SHA",
"AES256-SHA256",
"DHE-DSS-AES128-GCM-SHA256",
"DHE-DSS-AES128-SHA256",
"DHE-DSS-AES256-GCM-SHA384",
"DHE-DSS-AES256-SHA256",
"DHE-RSA-AES128-GCM-SHA256",
"DHE-RSA-AES128-SHA256",
"DHE-RSA-AES256-GCM-SHA384",
"DHE-RSA-AES256-SHA256",
"ECDH-ECDSA-AES128-GCM-SHA256",
"ECDH-ECDSA-AES128-SHA256",
"ECDH-ECDSA-AES256-GCM-SHA384",
"ECDH-ECDSA-AES256-SHA384",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-SHA",
"ECDHE-RSA-AES128-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-SHA",
"ECDHE-RSA-AES256-SHA384",
"ECDH-RSA-AES128-GCM-SHA256",
"ECDH-RSA-AES128-SHA256",
"ECDH-RSA-AES256-GCM-SHA384",
"ECDH-RSA-AES256-SHA384"]
# Magnum
magnum::logging::use_syslog: true
magnum::logging::log_facility: 'local2'
magnum::logging::debug: 'False'
magnum::db::postgresql::encoding: 'UTF8'
magnum::notification_driver: 'messagingv2'
magnum::conductor::enabled: false
magnum::password_symbols: '23456789,ABCDEFGHJKLMNPQRSTUVWXYZ,abcdefghijkmnopqrstuvwxyz,!@#$%^&*()<>{}+'
magnum::certificates::cert_manager_type: 'x509keypair'
magnum::clients::endpoint_type: 'internalURL'
# Ironic
ironic::use_syslog: true
ironic::logging::log_facility: 'local2'
ironic::db::postgresql::encoding: 'UTF8'
ironic::logging::debug: false
ironic::api::enabled: false
ironic::conductor::enabled: false
ironic::conductor::enabled_drivers: ['pxe_ipmitool', 'pxe_ipmitool_socat']
ironic::conductor::automated_clean: true
ironic::conductor::default_boot_option: 'local'
ironic::drivers::pxe::images_path: '/opt/img-conversions/ironic/images/'
ironic::drivers::pxe::instance_master_path: '/opt/img-conversions/ironic/master_images'
# Dcorch
dcorch::use_syslog: true
dcorch::log_facility: 'local2'
dcorch::debug: false
# Dcmanager
dcmanager::use_syslog: true
dcmanager::log_facility: 'local2'
dcmanager::debug: false
# FM
fm::use_syslog: true
fm::log_facility: 'local2'
fm::api::enable_proxy_headers_parsing: true
fm::db::sync::user: 'root'
fm::database_idle_timeout: 60
fm::database_max_overflow: 20
fm::database_max_pool_size: 1
# Barbican
barbican::api::enabled: false
barbican::api::service_name: 'barbican-api'
barbican::api::enable_proxy_headers_parsing: true
barbican::api::logging::use_syslog: true
barbican::api::logging::log_facility: 'local2'
barbican::db::sync::user: 'root'
barbican::db::database_idle_timeout: 60
barbican::db::database_max_pool_size: 1
barbican::keystone-listener::enabled: false
barbican::worker::enabled: false
View Git Blame Copy Permalink