238 lines
7.7 KiB
YAML
238 lines
7.7 KiB
YAML
# controller specific configuration data
|
|
---
|
|
|
|
# platform
|
|
|
|
# Default hostname required for initial bootstrap of controller-0.
|
|
# Configured hostname will override this value.
|
|
platform::params::hostname: 'controller-0'
|
|
|
|
# Default controller hostname maps to the loopback address
|
|
# NOTE: Puppet doesn't support setting multiple IPs for the host resource,
|
|
# therefore setup an alias for the controller against localhost and
|
|
# then specify the IPv6 localhost as a separate entry.
|
|
# The IPv6 entry is required for LDAP clients to connect to the LDAP
|
|
# server when there are no IPv4 addresses configured, which occurs
|
|
# during the bootstrap phase.
|
|
platform::config::params::hosts:
|
|
localhost:
|
|
ip: '127.0.0.1'
|
|
host_aliases:
|
|
- localhost.localdomain
|
|
- controller
|
|
controller:
|
|
ip: '::1'
|
|
|
|
# default parameters, runtime management network configured will override
|
|
platform::network::mgmt::params::subnet_version: 4
|
|
platform::network::mgmt::params::controller0_address: 127.0.0.1
|
|
platform::network::mgmt::params::controller1_address: 127.0.0.2
|
|
|
|
# default parameters, runtime values will be based on selected link
|
|
platform::drbd::params::link_speed: 10000
|
|
platform::drbd::params::link_util: 40
|
|
platform::drbd::params::num_parallel: 1
|
|
platform::drbd::params::rtt_ms: 0.2
|
|
|
|
# Default LDAP configuration required for bootstrap of controller-0
|
|
platform::ldap::params::server_id: '001'
|
|
platform::ldap::params::provider_uri: 'ldap://controller-1'
|
|
|
|
# FIXME(mpeters): remove packstack specific variable
|
|
# workaround until openstack credentials module is updated to not reference
|
|
# hiera data
|
|
CONFIG_ADMIN_USER_DOMAIN_NAME: Default
|
|
CONFIG_ADMIN_PROJECT_DOMAIN_NAME: Default
|
|
|
|
|
|
# mtce
|
|
platform::mtce::params::auth_host: '127.0.0.1'
|
|
platform::mtce::params::auth_port: 5000
|
|
platform::mtce::params::auth_uri: 'http://127.0.0.1:5000'
|
|
platform::mtce::params::auth_user_domain: 'Default'
|
|
platform::mtce::params::auth_project_domain: 'Default'
|
|
platform::mtce::params::auth_project: 'services'
|
|
platform::mtce::params::auth_region: 'RegionOne'
|
|
platform::mtce::params::mtce_multicast: '239.1.1.2'
|
|
platform::mtce::agent::params::worker_boot_timeout: 720
|
|
platform::mtce::agent::params::controller_boot_timeout: 1200
|
|
platform::mtce::agent::params::heartbeat_period: 100
|
|
platform::mtce::agent::params::heartbeat_failure_action: 'fail'
|
|
platform::mtce::agent::params::heartbeat_failure_threshold: 10
|
|
platform::mtce::agent::params::heartbeat_degrade_threshold: 6
|
|
platform::mtce::agent::params::mnfa_threshold: 2
|
|
platform::mtce::agent::params::mnfa_timeout: 0
|
|
|
|
# influxdb configuration for collectd
|
|
platform::influxdb::params::bind_address: ':25826'
|
|
platform::influxdb::params::database: 'collectd'
|
|
platform::influxdb::params::typesdb: '/usr/share/collectd/types.db'
|
|
platform::influxdb::params::batch_size: 1000
|
|
platform::influxdb::params::batch_pending: 5
|
|
platform::influxdb::params::batch_timeout: '2s'
|
|
platform::influxdb::params::read_buffer: 0
|
|
|
|
# influxdb log ratation file
|
|
platform::influxdb::logrotate::params::log_file_name: '/var/log/influxdb/influxd.log'
|
|
platform::influxdb::logrotate::params::log_file_size: '20M'
|
|
platform::influxdb::logrotate::params::log_file_rotate: 10
|
|
|
|
# postgresql
|
|
postgresql::globals::needs_initdb: false
|
|
postgresql::server::service_enable: false
|
|
postgresql::server::ip_mask_deny_postgres_user: '0.0.0.0/32'
|
|
postgresql::server::ip_mask_allow_all_users: '0.0.0.0/0'
|
|
postgresql::server::pg_hba_conf_path: "/etc/postgresql/pg_hba.conf"
|
|
postgresql::server::pg_ident_conf_path: "/etc/postgresql/pg_ident.conf"
|
|
postgresql::server::postgresql_conf_path: "/etc/postgresql/postgresql.conf"
|
|
postgresql::server::listen_addresses: "*"
|
|
postgresql::server::ipv4acls: ['host all all samenet md5']
|
|
postgresql::server::log_line_prefix: 'db=%d,user=%u '
|
|
|
|
|
|
# rabbitmq
|
|
rabbitmq::repos_ensure: false
|
|
rabbitmq::admin_enable: false
|
|
rabbitmq::package_provider: 'yum'
|
|
rabbitmq::default_host: 'controller'
|
|
|
|
|
|
# drbd
|
|
drbd::service_enable: false
|
|
drbd::service_ensure: 'stopped'
|
|
|
|
|
|
# haproxy
|
|
haproxy::merge_options: true
|
|
|
|
platform::haproxy::params::global_options:
|
|
log:
|
|
- '127.0.0.1:514 local1 info'
|
|
user: 'haproxy'
|
|
group: 'sys_protected'
|
|
chroot: '/var/lib/haproxy'
|
|
pidfile: '/var/run/haproxy.pid'
|
|
maxconn: '4000'
|
|
daemon: ''
|
|
stats: 'socket /var/lib/haproxy/stats'
|
|
ca-base: '/etc/ssl/certs'
|
|
crt-base: '/etc/ssl/private'
|
|
ssl-default-bind-ciphers: 'kEECDH+aRSA+AES:kRSA+AES:+AES256:!RC4-SHA:!kEDH:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA:!LOW:!EXP:!MD5:!aNULL:!eNULL'
|
|
ssl-default-bind-options: 'no-sslv3 no-tlsv10'
|
|
|
|
haproxy::defaults_options:
|
|
log: 'global'
|
|
mode: 'http'
|
|
stats: 'enable'
|
|
option:
|
|
- 'httplog'
|
|
- 'dontlognull'
|
|
- 'forwardfor'
|
|
retries: '3'
|
|
timeout:
|
|
- 'http-request 10s'
|
|
- 'queue 10m'
|
|
- 'connect 10s'
|
|
- 'client 90s'
|
|
- 'server 90s'
|
|
- 'check 10s'
|
|
maxconn: '8000'
|
|
|
|
|
|
# memcached
|
|
# disable UDP listener to prevent DOS attack
|
|
platform::memcached::params::udp_port: 0
|
|
platform::memcached::params::max_connections: 8192
|
|
platform::memcached::params::max_memory: 782
|
|
|
|
# sysinv
|
|
sysinv::journal_max_size: 51200
|
|
sysinv::journal_min_size: 1024
|
|
sysinv::journal_default_size: 1024
|
|
|
|
sysinv::api::enabled: false
|
|
sysinv::api::keystone_tenant: 'services'
|
|
sysinv::api::keystone_user: 'sysinv'
|
|
sysinv::api::keystone_user_domain: 'Default'
|
|
sysinv::api::keystone_project_domain: 'Default'
|
|
|
|
sysinv::conductor::enabled: false
|
|
|
|
|
|
# nfvi
|
|
nfv::nfvi::infrastructure_rest_api_data_port_fault_handling_enabled: false
|
|
|
|
|
|
# keystone
|
|
keystone::service::enabled: false
|
|
keystone::token_provider: 'fernet'
|
|
keystone::max_token_size: 255,
|
|
keystone::debug: false
|
|
keystone::service_name: 'openstack-keystone'
|
|
keystone::enable_ssl: false
|
|
keystone::use_syslog: true
|
|
keystone::log_facility: 'local2'
|
|
keystone::database_idle_timeout: 60
|
|
keystone::database_max_pool_size: 1
|
|
keystone::database_max_overflow: 50
|
|
keystone::enable_bootstrap: false
|
|
keystone::sync_db: false
|
|
keystone::enable_proxy_headers_parsing: true
|
|
keystone::log_file: /dev/null
|
|
|
|
keystone::endpoint::default_domain: 'Default'
|
|
keystone::endpoint::version: 'v3'
|
|
keystone::endpoint::region: 'RegionOne'
|
|
keystone::endpoint::system_controller_region: 'SystemController'
|
|
keystone::endpoint::admin_url: 'http://127.0.0.1:5000'
|
|
|
|
keystone::ldap::identity_driver: 'sql'
|
|
keystone::ldap::assignment_driver: 'sql'
|
|
|
|
keystone::security_compliance::unique_last_password_count: 2
|
|
keystone::security_compliance::password_regex: '^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{7,}$'
|
|
keystone::security_compliance::password_regex_description: 'Password must have a minimum length of 7 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character'
|
|
|
|
keystone::roles::admin::email: 'admin@localhost'
|
|
keystone::roles::admin::admin_tenant: 'admin'
|
|
keystone::roles::admin::admin_tenant_desc: 'admin project'
|
|
keystone::roles::admin::service_tenant_desc: 'project for the platform services'
|
|
|
|
platform::client::params::identity_auth_url: 'http://localhost:5000/v3'
|
|
|
|
# Dcorch
|
|
dcorch::use_syslog: true
|
|
dcorch::log_facility: 'local2'
|
|
dcorch::debug: false
|
|
|
|
# Dcmanager
|
|
dcmanager::use_syslog: true
|
|
dcmanager::log_facility: 'local2'
|
|
dcmanager::debug: false
|
|
|
|
# Dcdbsync
|
|
dbsync::use_syslog: true
|
|
dbsync::log_facility: 'local2'
|
|
dbsync::debug: false
|
|
|
|
# FM
|
|
fm::use_syslog: true
|
|
fm::log_facility: 'local2'
|
|
fm::api::enable_proxy_headers_parsing: true
|
|
fm::db::sync::user: 'root'
|
|
fm::database_idle_timeout: 60
|
|
fm::database_max_overflow: 20
|
|
fm::database_max_pool_size: 1
|
|
|
|
# Barbican
|
|
barbican::api::enabled: false
|
|
barbican::api::service_name: 'barbican-api'
|
|
barbican::api::enable_proxy_headers_parsing: true
|
|
barbican::api::logging::use_syslog: true
|
|
barbican::api::logging::log_facility: 'local2'
|
|
barbican::db::sync::user: 'root'
|
|
barbican::db::database_idle_timeout: 60
|
|
barbican::db::database_max_pool_size: 1
|
|
barbican::keystone-listener::enabled: false
|
|
barbican::worker::enabled: false
|