config/puppet-manifests/src/hieradata/controller.yaml

# controller specific configuration data
---

# platform

# Default hostname required for initial bootstrap of controller-0.
# Configured hostname will override this value.
platform::params::hostname: 'controller-0'

# Default controller hostname maps to the loopback address
# NOTE: Puppet doesn't support setting multiple IPs for the host resource,
#       therefore setup an alias for the controller against localhost and
#       then specify the IPv6 localhost as a separate entry.
#       The IPv6 entry is required for LDAP clients to connect to the LDAP
#       server when there are no IPv4 addresses configured, which occurs
#       during the bootstrap phase.
platform::config::params::hosts:
  localhost:
    ip: '127.0.0.1'
    host_aliases:
      - localhost.localdomain
      - controller
  controller:
    ip: '::1'

# default parameters, runtime management network configured will override
platform::network::mgmt::params::subnet_version: 4
platform::network::mgmt::params::controller0_address: 127.0.0.1
platform::network::mgmt::params::controller1_address: 127.0.0.2

# default parameters, runtime values will be based on selected link
platform::drbd::params::link_speed: 10000
platform::drbd::params::link_util: 40
platform::drbd::params::num_parallel: 1
platform::drbd::params::rtt_ms: 0.2

# Default LDAP configuration required for bootstrap of controller-0
platform::ldap::params::server_id: '001'
platform::ldap::params::provider_uri: 'ldap://controller-1'

# FIXME(mpeters): remove packstack specific variable
# workaround until openstack credentials module is updated to not reference
# hiera data
CONFIG_ADMIN_USER_DOMAIN_NAME: Default
CONFIG_ADMIN_PROJECT_DOMAIN_NAME: Default


# mtce
platform::mtce::params::auth_host: '127.0.0.1'
platform::mtce::params::auth_port: 5000
platform::mtce::params::auth_uri: 'http://127.0.0.1:5000'
platform::mtce::params::auth_user_domain: 'Default'
platform::mtce::params::auth_project_domain: 'Default'
platform::mtce::params::auth_project: 'services'
platform::mtce::params::auth_region: 'RegionOne'
platform::mtce::params::mtce_multicast: '239.1.1.2'
platform::mtce::agent::params::worker_boot_timeout: 720
platform::mtce::agent::params::controller_boot_timeout: 1200
platform::mtce::agent::params::heartbeat_period: 100
platform::mtce::agent::params::heartbeat_failure_action: 'fail'
platform::mtce::agent::params::heartbeat_failure_threshold: 10
platform::mtce::agent::params::heartbeat_degrade_threshold: 6
platform::mtce::agent::params::mnfa_threshold: 2
platform::mtce::agent::params::mnfa_timeout: 0

# influxdb configuration for collectd
platform::influxdb::params::bind_address: ':25826'
platform::influxdb::params::database: 'collectd'
platform::influxdb::params::typesdb: '/usr/share/collectd/types.db'
platform::influxdb::params::batch_size: 1000
platform::influxdb::params::batch_pending: 5
platform::influxdb::params::batch_timeout: '2s'
platform::influxdb::params::read_buffer: 0

# influxdb log ratation file
platform::influxdb::logrotate::params::log_file_name: '/var/log/influxdb/influxd.log'
platform::influxdb::logrotate::params::log_file_size: '20M'
platform::influxdb::logrotate::params::log_file_rotate: 10

# postgresql
postgresql::globals::needs_initdb: false
postgresql::server::service_enable: false
postgresql::server::ip_mask_deny_postgres_user: '0.0.0.0/32'
postgresql::server::ip_mask_allow_all_users: '0.0.0.0/0'
postgresql::server::pg_hba_conf_path: "/etc/postgresql/pg_hba.conf"
postgresql::server::pg_ident_conf_path: "/etc/postgresql/pg_ident.conf"
postgresql::server::postgresql_conf_path: "/etc/postgresql/postgresql.conf"
postgresql::server::listen_addresses: "*"
postgresql::server::ipv4acls: ['host all all samenet md5']
postgresql::server::log_line_prefix: 'db=%d,user=%u '


# rabbitmq
rabbitmq::repos_ensure: false
rabbitmq::admin_enable: false
rabbitmq::package_provider: 'yum'
rabbitmq::default_host: 'controller'


# drbd
drbd::service_enable: false
drbd::service_ensure: 'stopped'


# haproxy
haproxy::merge_options: true

platform::haproxy::params::global_options:
  log:
    - '127.0.0.1:514 local1 info'
  user: 'haproxy'
  group: 'sys_protected'
  chroot: '/var/lib/haproxy'
  pidfile: '/var/run/haproxy.pid'
  maxconn: '4000'
  daemon: ''
  stats: 'socket /var/lib/haproxy/stats'
  ca-base: '/etc/ssl/certs'
  crt-base: '/etc/ssl/private'
  ssl-default-bind-ciphers: 'kEECDH+aRSA+AES:kRSA+AES:+AES256:!RC4-SHA:!kEDH:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA:!LOW:!EXP:!MD5:!aNULL:!eNULL'
  ssl-default-bind-options: 'no-sslv3 no-tlsv10'

haproxy::defaults_options:
  log: 'global'
  mode: 'http'
  stats: 'enable'
  option:
    - 'httplog'
    - 'dontlognull'
    - 'forwardfor'
  retries: '3'
  timeout:
    - 'http-request 10s'
    - 'queue 10m'
    - 'connect 10s'
    - 'client 90s'
    - 'server 90s'
    - 'check 10s'
  maxconn: '8000'


# memcached
# disable UDP listener to prevent DOS attack
platform::memcached::params::udp_port: 0
platform::memcached::params::max_connections: 8192
platform::memcached::params::max_memory: 782

# sysinv
sysinv::journal_max_size: 51200
sysinv::journal_min_size: 1024
sysinv::journal_default_size: 1024

sysinv::api::enabled: false
sysinv::api::keystone_tenant: 'services'
sysinv::api::keystone_user: 'sysinv'
sysinv::api::keystone_user_domain: 'Default'
sysinv::api::keystone_project_domain: 'Default'

sysinv::conductor::enabled: false


# nfvi
nfv::nfvi::infrastructure_rest_api_data_port_fault_handling_enabled: false


# keystone
keystone::service::enabled: false
keystone::token_provider: 'fernet'
keystone::max_token_size: 255,
keystone::debug: false
keystone::service_name: 'openstack-keystone'
keystone::enable_ssl: false
keystone::use_syslog: true
keystone::log_facility: 'local2'
keystone::database_idle_timeout: 60
keystone::database_max_pool_size: 1
keystone::database_max_overflow: 50
keystone::enable_bootstrap: false
keystone::sync_db: false
keystone::enable_proxy_headers_parsing: true
keystone::log_file: /dev/null

keystone::endpoint::default_domain: 'Default'
keystone::endpoint::version: 'v3'
keystone::endpoint::region: 'RegionOne'
keystone::endpoint::system_controller_region: 'SystemController'
keystone::endpoint::admin_url: 'http://127.0.0.1:5000'

keystone::ldap::identity_driver: 'sql'
keystone::ldap::assignment_driver: 'sql'

keystone::security_compliance::unique_last_password_count: 2
keystone::security_compliance::password_regex: '^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{7,}$'
keystone::security_compliance::password_regex_description: 'Password must have a minimum length of 7 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character'

keystone::roles::admin::email: 'admin@localhost'
keystone::roles::admin::admin_tenant: 'admin'
keystone::roles::admin::admin_tenant_desc: 'admin project'
keystone::roles::admin::service_tenant_desc: 'project for the platform services'

platform::client::params::identity_auth_url: 'http://localhost:5000/v3'

# Dcorch
dcorch::use_syslog: true
dcorch::log_facility: 'local2'
dcorch::debug: false

# Dcmanager
dcmanager::use_syslog: true
dcmanager::log_facility: 'local2'
dcmanager::debug: false

# Dcdbsync
dbsync::use_syslog: true
dbsync::log_facility: 'local2'
dbsync::debug: false

# FM
fm::use_syslog: true
fm::log_facility: 'local2'
fm::api::enable_proxy_headers_parsing: true
fm::db::sync::user: 'root'
fm::database_idle_timeout: 60
fm::database_max_overflow: 20
fm::database_max_pool_size: 1

# Barbican
barbican::api::enabled: false
barbican::api::service_name: 'barbican-api'
barbican::api::enable_proxy_headers_parsing: true
barbican::api::logging::use_syslog: true
barbican::api::logging::log_facility: 'local2'
barbican::db::sync::user: 'root'
barbican::db::database_idle_timeout: 60
barbican::db::database_max_pool_size: 1
barbican::keystone-listener::enabled: false
barbican::worker::enabled: false