keystone_identity_uri: http://192.168.24.3:35357 keystone_auth_uri: https://192.168.24.2:13000/v3 keystone_region: 'regionOne' keystone_default_domain: 'Default' notification_driver: noop debug: True controller_host: 192.168.24.1 #local-ipv4 #local-ipv4 similar to the same hiera key in the overcloud ctlplane: 192.168.24.1 controller_host_wrapped: "192.168.24.1" controller_admin_host: 192.168.24.3 controller_public_host: 192.168.24.2 controller_public_host_wrapped: "192.168.24.2" ntp::servers: [] sysctl_settings: {"net.ipv4.ip_nonlocal_bind": {"value": 1}, "net.ipv6.ip_nonlocal_bind": {"value": 1}} # SSL tripleo::haproxy::service_certificate: /etc/pki/tls/certs/undercloud-192.168.24.2.pem generate_service_certificates: True tripleo::profile::base::haproxy::certificates_specs: undercloud-haproxy-public: service_pem: /etc/pki/tls/certs/undercloud-192.168.24.2.pem service_certificate: '/etc/pki/tls/certs/undercloud-front.crt' service_key: '/etc/pki/tls/private/undercloud-front.key' hostname: "%{hiera('controller_public_host')}" postsave_cmd: "/usr/bin/instack-haproxy-cert-update '/etc/pki/tls/certs/undercloud-front.crt' '/etc/pki/tls/private/undercloud-front.key' /etc/pki/tls/certs/undercloud-192.168.24.2.pem undercloud-haproxy-public-cert" principal: # CA defaults certmonger_ca: local # Common Hiera data gets applied to all nodes ssh::server::storeconfigs_enabled: false # memcached memcached::max_memory: '50%' memcached::verbosity: 'v' memcached::disable_cachedump: true memcached::listen_ip: '127.0.0.1' memcached::udp_port: 0 # Apache apache::server_signature: 'Off' apache::server_tokens: 'Prod' # ceilometer settings used by compute and controller ceilo auth settings ceilometer::agent::auth::auth_region: "%{hiera('keystone_region')}" aodh::auth::auth_region: "%{hiera('keystone_region')}" ceilometer::agent::auth::auth_tenant_name: 'service' aodh::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_url: https://192.168.24.2:13000 aodh::auth::auth_url: "%{hiera('keystone_auth_uri')}" # Swift swift::proxy::proxy_local_net_ip: 192.168.24.1 swift::proxy::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" swift::proxy::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" swift::proxy::node_timeout: 60 swift::proxy::workers: "%{::os_workers}" swift::proxy::log_facility: LOG_LOCAL2 swift::storage::all::storage_local_net_ip: 192.168.24.1 swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' swift::swift_hash_path_suffix: 277ff85940d20615a76c5ac24b2af52e1466aa5d swift::proxy::account_autocreate: true swift::proxy::authtoken::password: 63d2e23a9f609d8548bc99bdda438830a5461540 swift::keystone::auth::tenant: 'service' swift::keystone::auth::public_url: https://192.168.24.2:13808/v1/AUTH_%(tenant_id)s swift::keystone::auth::internal_url: http://192.168.24.3:8080/v1/AUTH_%(tenant_id)s swift::keystone::auth::admin_url: http://192.168.24.3:8080 swift::keystone::auth::password: 63d2e23a9f609d8548bc99bdda438830a5461540 swift::keystone::auth::region: "%{hiera('keystone_region')}" swift::keystone::auth::configure_s3_endpoint: false swift::keystone::auth::operator_roles: - admin - swiftoperator swift_mount_check: false swift::ringbuilder::replicas: 1 swift::ringbuilder::part_power: 10 swift::ringbuilder::min_part_hours: 1 swift::proxy::pipeline: - 'catch_errors' - 'healthcheck' - 'proxy-logging' - 'cache' - 'ratelimit' - 'bulk' - 'tempurl' - 'formpost' - 'authtoken' - 'keystone' - 'staticweb' - 'copy' - 'slo' - 'dlo' - 'versioned_writes' - 'proxy-logging' - 'proxy-server' # Glance glance::api::debug: "%{hiera('debug')}" glance::api::bind_port: 9292 glance::api::bind_host: 192.168.24.1 glance::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" glance::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" glance::api::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" glance::api::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" glance::api::registry_host: 192.168.24.1 glance::api::authtoken::password: c1b7d3d6cc36b6c75c9d4134f7858a235d57528c glance::api::workers: "%{::os_workers}" glance::api::stores: - glance.store.filesystem.Store - glance.store.swift.Store glance::api::default_store: 'glance.store.swift.Store' glance::api::pipeline: 'keystone' # used to construct glance_api_servers glance_log_file: '' glance::api::database_connection: mysql+pymysql://glance:c1b7d3d6cc36b6c75c9d4134f7858a235d57528c@192.168.24.1/glance glance::api::enable_v1_api: false glance::api::enable_v2_api: true glance::keystone::auth::tenant: 'service' glance::keystone::auth::public_url: https://192.168.24.2:13292 glance::keystone::auth::internal_url: http://192.168.24.3:9292 glance::keystone::auth::admin_url: http://192.168.24.3:9292 glance::keystone::auth::password: c1b7d3d6cc36b6c75c9d4134f7858a235d57528c glance::keystone::auth::region: "%{hiera('keystone_region')}" glance::backend::swift::swift_store_auth_address: "%{hiera('keystone_auth_uri')}" glance::backend::swift::swift_store_auth_version: 3 glance::backend::swift::swift_store_user: service:glance glance::backend::swift::swift_store_key: c1b7d3d6cc36b6c75c9d4134f7858a235d57528c glance::backend::swift::swift_store_create_container_on_put: true glance::notify::rabbitmq::rabbit_userid: 06aa1a181f4eafe469d9e4b6bd29334f4e9331c1 glance::notify::rabbitmq::rabbit_password: 82bf8aa8672a9253c21ebaee955dd2ac213283a0 glance::notify::rabbitmq::rabbit_host: "192.168.24.1" glance::registry::debug: "%{hiera('debug')}" # Heat heat::debug: "%{hiera('debug')}" heat_stack_domain_admin_password: 5eceeacd48dde83b8b4874cec7d18dceeefb7475 heat::engine::configure_delegated_roles: false heat::engine::heat_stack_user_role: 'heat_stack_user' heat::engine::heat_watch_server_url: http://192.168.24.1:8003 heat::engine::heat_metadata_server_url: http://192.168.24.1:8000 heat::engine::heat_waitcondition_server_url: http://192.168.24.1:8000/v1/waitcondition heat::engine::reauthentication_auth_method: 'trusts' heat::engine::trusts_delegated_roles: [] heat::engine::auth_encryption_key: 9906fe0c5ad3877d9e956d5c83427ab9 heat::engine::max_resources_per_stack: -1 heat::engine::convergence_engine: true heat::engine::num_engine_workers: "%{::os_workers_heat_engine}" heat::engine::max_nested_stack_depth: 7 heat::instance_user: heat-admin heat::default_transport_url: "rabbit://06aa1a181f4eafe469d9e4b6bd29334f4e9331c1:82bf8aa8672a9253c21ebaee955dd2ac213283a0@192.168.24.1//" heat::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" heat::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" heat::keystone::authtoken::password: 4d0aea65cff49fda57184f17e3133d98356a801f heat::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" heat::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" heat::keystone::domain::domain_name: 'heat_stack' heat::keystone::domain::domain_password: 5eceeacd48dde83b8b4874cec7d18dceeefb7475 heat::policy::policies: heat-deny-action: key: 'actions:action' value: 'rule:deny_everybody' heat::api::bind_host: 192.168.24.1 heat::api::workers: "%{::os_workers}" heat::api::service_name: 'httpd' heat::api_cfn::bind_host: 192.168.24.1 heat::api_cfn::workers: "%{::os_workers}" heat::api_cfn::service_name: 'httpd' heat::wsgi::apache_api::ssl: false heat::wsgi::apache_api::bind_host: 192.168.24.1 heat::wsgi::apache_api::workers: "%{hiera('heat::api::workers')}" heat::wsgi::apache_api_cfn::ssl: false heat::wsgi::apache_api_cfn::bind_host: 192.168.24.1 heat::wsgi::apache_api_cfn::workers: "%{hiera('heat::api_cfn::workers')}" heat::database_connection: mysql+pymysql://heat:4d0aea65cff49fda57184f17e3133d98356a801f@192.168.24.1/heat heat_dsn: mysql+pymysql://heat:4d0aea65cff49fda57184f17e3133d98356a801f@192.168.24.1/heat heat::rpc_response_timeout: 600 heat::keystone::auth::tenant: 'service' heat::keystone::auth::public_url: https://192.168.24.2:13004/v1/%(tenant_id)s heat::keystone::auth::internal_url: http://192.168.24.3:8004/v1/%(tenant_id)s heat::keystone::auth::admin_url: http://192.168.24.3:8004/v1/%(tenant_id)s heat::keystone::auth::password: 4d0aea65cff49fda57184f17e3133d98356a801f heat::keystone::auth::region: "%{hiera('keystone_region')}" heat::keystone::auth_cfn::tenant: 'service' heat::keystone::auth_cfn::region: "%{hiera('keystone_region')}" heat::keystone::auth_cfn::password: dcee6b75acb986dfc3cecb8e0c29bd8f1853c043 heat::keystone::auth_cfn::public_url: https://192.168.24.2:13800/v1/%(tenant_id)s heat::keystone::auth_cfn::internal_url: http://192.168.24.3:8000/v1/%(tenant_id)s heat::keystone::auth_cfn::admin_url: http://192.168.24.3:8000/v1/%(tenant_id)s heat::cron::purge_deleted::age: 1 heat::cron::purge_deleted::age_type: 'days' heat::cron::purge_deleted::destination: '/dev/null' heat::notification_driver: "%{hiera('notification_driver')}" heat::yaql_memory_quota: 100000 heat::yaql_limit_iterators: 1000 heat::max_json_body_size: 4194304 # Keystone keystone::debug: "%{hiera('debug')}" keystone::admin_token: 6b24046184436f2af62c35bbf862fbf46a3c1a21 keystone::admin_password: ed98a4fef8e6e20f1259ff8b626843da06bde84c keystone::admin_workers: "%{::os_workers}" keystone::public_workers: "%{::os_workers}" keystone::public_bind_host: 192.168.24.1 keystone::admin_bind_host: 192.168.24.1 keystone::public_endpoint: https://192.168.24.2:13000 keystone::service_name: 'httpd' keystone_ca_certificate: '' keystone_signing_key: '' keystone_signing_certificate: '' keystone::database_connection: mysql+pymysql://keystone:6b24046184436f2af62c35bbf862fbf46a3c1a21@192.168.24.1/keystone keystone::cron::token_flush::destination: '/dev/null' keystone::roles::admin::password: ed98a4fef8e6e20f1259ff8b626843da06bde84c keystone::roles::admin::email: 'root@localhost' keystone::roles::admin::admin_tenant: 'admin' keystone::roles::admin::service_tenant: 'service' keystone::token_expiration: 14400 keystone::endpoint::public_url: https://192.168.24.2:13000 keystone::endpoint::internal_url: http://192.168.24.3:5000 keystone::endpoint::admin_url: "%{hiera('keystone_identity_uri')}" keystone::endpoint::region: "%{hiera('keystone_region')}" keystone::endpoint::version: '' keystone::wsgi::apache::ssl: false keystone::wsgi::apache::bind_host: 192.168.24.1 keystone::notification_driver: "%{hiera('notification_driver')}" keystone::notification_topics: notifications keystone::rabbit_userid: 06aa1a181f4eafe469d9e4b6bd29334f4e9331c1 keystone::rabbit_password: 82bf8aa8672a9253c21ebaee955dd2ac213283a0 keystone::rabbit_host: "192.168.24.1" keystone::enable_credential_setup: true keystone::fernet_max_active_keys: 2 keystone::cache_memcache_servers: "%{hiera('memcached::listen_ip')}:11211" keystone::cache_backend: "dogpile.cache.memcached" # MySQL admin_password: ed98a4fef8e6e20f1259ff8b626843da06bde84c enable_galera: true mysql_max_connections: '4096' tripleo::profile::base::database::mysql::step: 2 tripleo::profile::base::database::mysql::manage_resources: true tripleo::profile::base::database::mysql::remove_default_accounts: true tripleo::profile::base::database::mysql::innodb_log_file_size: 256M tripleo::profile::base::database::mysql::mysql_server_options: 'mysqld': bind-address: "%{hiera('controller_host')}" innodb_file_per_table: 'ON' connect_timeout: 60 mysql::server::restart: true mysql::server::root_password: b6b8921727b05175a0f8cfc0ef8c9a80cd6b6694 # Neutron neutron::debug: "%{hiera('debug')}" neutron::bind_host: 192.168.24.1 neutron::core_plugin: ml2 neutron::service_plugins: ['router'] neutron::dhcp_agents_per_network: 2 neutron::dns_domain: localdomain neutron::notification_driver: "%{hiera('notification_driver')}" neutron::server::api_workers: "%{::os_workers}" neutron::server::rpc_workers: "%{::os_workers}" neutron::rabbit_password: 82bf8aa8672a9253c21ebaee955dd2ac213283a0 neutron::rabbit_user: 06aa1a181f4eafe469d9e4b6bd29334f4e9331c1 neutron::keystone::authtoken::project_name: "%{hiera('neutron::keystone::auth::tenant')}" neutron::server::notifications::project_name: "%{hiera('neutron::keystone::auth::tenant')}" neutron::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" neutron::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" neutron::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" neutron::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" neutron::server::database_connection: mysql+pymysql://neutron:09be6a282ed334fe6e95114648d16aa94bf7956a@192.168.24.1/neutron neutron::server::sync_db: true neutron::agents::ml2::ovs::local_ip: 192.168.24.1 neutron::plugins::ml2::mechanism_drivers: ['openvswitch', 'baremetal'] neutron_bridge_mappings: ctlplane:br-ctlplane neutron_public_interface: br-ex neutron_physical_bridge: br-ctlplane neutron::global_physnet_mtu: 1350 neutron::keystone::authtoken::password: 09be6a282ed334fe6e95114648d16aa94bf7956a neutron::agents::metadata::auth_password: 09be6a282ed334fe6e95114648d16aa94bf7956a neutron::agents::metadata::metadata_workers: "%{::os_workers}" neutron::quota::quota_port: -1 neutron::server::notifications::auth_url: "%{hiera('keystone_auth_uri')}" neutron::server::notifications::tenant_name: service neutron::server::notifications::password: 4bcbc63c56c7522ad77488f08d23d1f11cb13481 neutron::keystone::auth::tenant: 'service' neutron::keystone::auth::public_url: https://192.168.24.2:13696 neutron::keystone::auth::internal_url: http://192.168.24.3:9696 neutron::keystone::auth::admin_url: http://192.168.24.3:9696 neutron::keystone::auth::password: 09be6a282ed334fe6e95114648d16aa94bf7956a neutron::keystone::auth::region: "%{hiera('keystone_region')}" neutron::plugins::ml2::extension_drivers: 'port_security' neutron::service_plugins: ['segments'] neutron::agents::ml2::networking_baremetal::user: 'ironic' neutron::agents::ml2::networking_baremetal::password: a1a348b50edfe16d0ffe711a53e03edddee0d927 neutron::agents::ml2::networking_baremetal::auth_url: https://192.168.24.2:13000 neutron::agents::ml2::networking_baremetal::project_name: "%{hiera('neutron::keystone::auth::tenant')}" neutron::agents::ml2::networking_baremetal::user_domain_name: "%{hiera('keystone_default_domain')}" neutron::agents::ml2::networking_baremetal::project_domain_name: "%{hiera('keystone_default_domain')}" neutron::agents::ml2::networking_baremetal::region_name: "%{hiera('keystone_region')}" # Ceilometer ceilometer::debug: "%{hiera('debug')}" ceilometer::metering_secret: a15de81b9a72917ba4dc1443ed312e544580439f ceilometer::rabbit_userid: 06aa1a181f4eafe469d9e4b6bd29334f4e9331c1 ceilometer::rabbit_password: 82bf8aa8672a9253c21ebaee955dd2ac213283a0 ceilometer::rabbit_host: "192.168.24.1" ceilometer::notification_driver: "%{hiera('notification_driver')}" ceilometer::keystone::authtoken::password: 1c5538bcbd2da446e7f9fb525aa3b41c87b870f9 ceilometer::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" ceilometer::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" ceilometer::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" ceilometer::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" ceilometer::db::database_connection: mysql+pymysql://ceilometer:1c5538bcbd2da446e7f9fb525aa3b41c87b870f9@192.168.24.1/ceilometer ceilometer::agent::auth::auth_password: 1c5538bcbd2da446e7f9fb525aa3b41c87b870f9 ceilometer_compute_agent: '' ceilometer::snmpd_readonly_username: ro_snmp_user ceilometer::snmpd_readonly_user_password: a1d3905d24b3508767c991576b411df6f92f80b8 ceilometer::keystone::auth::tenant: 'service' ceilometer::keystone::auth::public_url: ceilometer::keystone::auth::internal_url: ceilometer::keystone::auth::admin_url: ceilometer::keystone::auth::password: 1c5538bcbd2da446e7f9fb525aa3b41c87b870f9 ceilometer::keystone::auth::region: "%{hiera('keystone_region')}" ceilometer::dispatcher::gnocchi::url: http://192.168.24.3:8041 ceilometer::dispatcher::gnocchi::filter_project: 'service' ceilometer::dispatcher::gnocchi::archive_policy: 'low' ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' # events dispatcher config ceilometer::agent::notification::event_pipeline_publishers: ['gnocchi://', 'panko://'] ceilometer::agent::notification::manage_event_pipeline: true # Aodh aodh::debug: "%{hiera('debug')}" aodh::rabbit_userid: 06aa1a181f4eafe469d9e4b6bd29334f4e9331c1 aodh::rabbit_password: 82bf8aa8672a9253c21ebaee955dd2ac213283a0 aodh::rabbit_host: "192.168.24.1" aodh::notification_driver: "%{hiera('notification_driver')}" aodh::api::host: 192.168.24.1 aodh::keystone::authtoken::password: e1a8b43403a7db26e64283b3990801d64ea462d6 aodh::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" aodh::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" ceilometer::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" ceilometer::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" aodh::api::service_name: 'httpd' aodh::wsgi::apache::ssl: false aodh::wsgi::apache::bind_host: 192.168.24.1 aodh::db::database_connection: mysql+pymysql://aodh:e1a8b43403a7db26e64283b3990801d64ea462d6@192.168.24.1/aodh aodh::auth::auth_password: e1a8b43403a7db26e64283b3990801d64ea462d6 aodh::keystone::auth::tenant: 'service' aodh::keystone::auth::public_url: https://192.168.24.2:13042 aodh::keystone::auth::internal_url: http://192.168.24.3:8042 aodh::keystone::auth::admin_url: http://192.168.24.3:8042 aodh::keystone::auth::password: e1a8b43403a7db26e64283b3990801d64ea462d6 aodh::keystone::auth::region: "%{hiera('keystone_region')}" # Gnocchi gnocchi::debug: "%{hiera('debug')}" gnocchi_backend: 'file' gnocchi::wsgi::apache::ssl: false gnocchi::wsgi::apache::bind_host: 192.168.24.1 gnocchi::api::service_name: 'httpd' gnocchi::api::host: 192.168.24.1 gnocchi::keystone::authtoken::password: 7ce6a3f7ba8794385e2795f3d92c77a1db75f50d gnocchi::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" gnocchi::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" gnocchi::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" gnocchi::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" gnocchi::keystone::auth::tenant: 'service' gnocchi::keystone::auth::public_url: https://192.168.24.2:13041 gnocchi::keystone::auth::internal_url: http://192.168.24.3:8041 gnocchi::keystone::auth::admin_url: http://192.168.24.3:8041 gnocchi::keystone::auth::password: 7ce6a3f7ba8794385e2795f3d92c77a1db75f50d gnocchi::keystone::auth::region: "%{hiera('keystone_region')}" gnocchi::db::mysql::password: 7ce6a3f7ba8794385e2795f3d92c77a1db75f50d gnocchi::db::database_connection: mysql+pymysql://gnocchi:7ce6a3f7ba8794385e2795f3d92c77a1db75f50d@192.168.24.1/gnocchi gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 gnocchi::storage::swift::swift_authurl: "%{hiera('keystone_auth_uri')}" gnocchi::storage::swift::swift_key: 7ce6a3f7ba8794385e2795f3d92c77a1db75f50d #Gnocchi statsd gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26' gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3' gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616' gnocchi::statsd::flush_delay: 10 gnocchi::statsd::archive_policy_name: 'low' gnocchi_healthcheck_url: https://192.168.24.2:13041/healthcheck # Panko panko::logging::debug: "%{hiera('debug')}" panko::wsgi::apache::ssl: false panko::wsgi::apache::bind_host: 192.168.24.1 panko::api::service_name: 'httpd' panko::api::host: 192.168.24.1 panko::db::mysql::password: 49ad86e7fc3fa24978c6fab1e11ded0f2c7d433d panko::db::database_connection: mysql+pymysql://panko:49ad86e7fc3fa24978c6fab1e11ded0f2c7d433d@192.168.24.1/panko panko::keystone::authtoken::password: 49ad86e7fc3fa24978c6fab1e11ded0f2c7d433d panko::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" panko::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" panko::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" panko::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" panko::keystone::auth::tenant: 'service' panko::keystone::auth::public_url: https://192.168.24.2:13977 panko::keystone::auth::internal_url: http://192.168.24.3:8977 panko::keystone::auth::admin_url: http://192.168.24.3:8977 panko::keystone::auth::password: 49ad86e7fc3fa24978c6fab1e11ded0f2c7d433d panko::keystone::auth::region: "%{hiera('keystone_region')}" panko::keystone::authtoken::project_name: 'service' # Nova nova::debug: "%{hiera('debug')}" nova::default_transport_url: "rabbit://06aa1a181f4eafe469d9e4b6bd29334f4e9331c1:82bf8aa8672a9253c21ebaee955dd2ac213283a0@192.168.24.1//" nova::notification_driver: "%{hiera('notification_driver')}" nova::rpc_response_timeout: '600' nova::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" nova::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" nova::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" nova::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" nova::api::service_name: 'httpd' nova::api::api_bind_address: 192.168.24.1 nova::api::enabled: true nova::api::metadata_listen: 192.168.24.1 nova::keystone::authtoken::password: 4bcbc63c56c7522ad77488f08d23d1f11cb13481 nova::api::enabled_apis: - metadata nova::api::sync_db_api: true nova::api::osapi_compute_workers: "%{::os_workers}" nova::api::metadata_workers: "%{::os_workers}" nova::wsgi::apache_api::ssl: false nova::wsgi::apache_api::bind_host: 192.168.24.1 nova::wsgi::apache_placement::ssl: false nova::wsgi::apache_placement::bind_host: 192.168.24.1 nova::wsgi::apache_placement::api_port: '8778' nova::placement::auth_url: "%{hiera('keystone_identity_uri')}" nova::placement::password: 4bcbc63c56c7522ad77488f08d23d1f11cb13481 nova::placement::project_name: 'service' nova::placement::os_region_name: "%{hiera('keystone_region')}" nova::conductor::enabled: true nova::conductor::workers: "%{::os_workers}" nova::database_connection: mysql+pymysql://nova:4bcbc63c56c7522ad77488f08d23d1f11cb13481@192.168.24.1/nova nova::api_database_connection: mysql+pymysql://nova_api:4bcbc63c56c7522ad77488f08d23d1f11cb13481@192.168.24.1/nova_api nova::placement_database_connection: mysql+pymysql://nova_placement:4bcbc63c56c7522ad77488f08d23d1f11cb13481@192.168.24.1/nova_placement nova::notify_on_state_change: 'vm_and_task_state' nova::scheduler::enabled: true nova::network::neutron::dhcp_domain: '' nova::compute::force_config_drive: true nova::compute::reserved_host_memory: '0' nova::compute::vnc_enabled: false nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' nova::compute::consecutive_build_service_disable_threshold: 0 nova::cron::archive_deleted_rows::destination: '/dev/null' nova_sync_power_state_interval: -1 nova::ironic::common::username: 'ironic' nova::ironic::common::password: a1a348b50edfe16d0ffe711a53e03edddee0d927 nova::ironic::common::project_name: 'service' nova::ironic::common::api_endpoint: "https://192.168.24.2:13385/v1" nova::ironic::common::auth_url: "%{hiera('keystone_identity_uri')}" nova::network::neutron::neutron_auth_url: "%{hiera('keystone_auth_uri')}" nova::network::neutron::neutron_url: https://192.168.24.2:13696 nova::network::neutron::neutron_password: "%{hiera('neutron::keystone::authtoken::password')}" nova::network::neutron::neutron_project_name: "%{hiera('neutron::keystone::auth::tenant')}" nova::network::neutron::neutron_region_name: '' nova::ram_allocation_ratio: '1.0' nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager' nova::scheduler::filter::scheduler_max_attempts: 30 nova::scheduler::filter::scheduler_available_filters: ['tripleo_common.filters.list.tripleo_filters'] nova::scheduler::filter::scheduler_default_filters: ['RetryFilter', 'TripleOCapabilitiesFilter', 'ComputeCapabilitiesFilter', 'AvailabilityZoneFilter', 'ComputeFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter'] nova::keystone::auth::tenant: 'service' nova::keystone::auth::public_url: https://192.168.24.2:13774/v2.1 nova::keystone::auth::internal_url: http://192.168.24.3:8774/v2.1 nova::keystone::auth::admin_url: http://192.168.24.3:8774/v2.1 nova::keystone::auth::password: 4bcbc63c56c7522ad77488f08d23d1f11cb13481 nova::keystone::auth::region: "%{hiera('keystone_region')}" nova::keystone::auth::configure_ec2_endpoint: false nova::keystone::auth_placement::tenant: 'service' nova::keystone::auth_placement::public_url: https://192.168.24.2:13778/placement nova::keystone::auth_placement::internal_url: http://192.168.24.3:8778/placement nova::keystone::auth_placement::admin_url: http://192.168.24.3:8778/placement nova::keystone::auth_placement::password: 4bcbc63c56c7522ad77488f08d23d1f11cb13481 nova::keystone::auth_placement::region: "%{hiera('keystone_region')}" nova::glance_api_servers: http://192.168.24.3:9292 # NOTE(aschultz): raise upper limit on nova DB syncs for undercloud only. # There is no way this should take 15 minutes and if it does we now have way # different problems. But rather than block undercloud installs let's increase # the timeout for these actions. See LP#1661396 for more details. nova::db::sync::db_sync_timeout: 900 nova::db::sync_api::db_sync_timeout: 900 # Ironic ironic::debug: "%{hiera('debug')}" ironic::my_ip: 192.168.24.1 ironic::db_online_data_migrations: true ironic::notification_driver: "%{hiera('notification_driver')}" # TODO(dtantsur): remove when support for classic drivers is removed ironic::db::online_data_migrations::migration_params: "--option migrate_to_hardware_types.reset_unsupported_interfaces=true" ironic::rpc_response_timeout: 600 ironic::api::authtoken::password: a1a348b50edfe16d0ffe711a53e03edddee0d927 ironic::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" ironic::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" ironic::api::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" ironic::api::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" ironic::api::host_ip: 192.168.24.1 ironic::api::service_name: 'httpd' ironic::api::workers: "%{::os_workers}" ironic::wsgi::apache::ssl: false ironic::wsgi::apache::bind_host: 192.168.24.1 ironic::pxe::tftp_bind_host: 192.168.24.1 ironic::database_connection: mysql+pymysql://ironic:a1a348b50edfe16d0ffe711a53e03edddee0d927@192.168.24.1/ironic ironic::default_transport_url: "rabbit://06aa1a181f4eafe469d9e4b6bd29334f4e9331c1:82bf8aa8672a9253c21ebaee955dd2ac213283a0@192.168.24.1//" ironic::drivers::inspector::enabled: true ironic::drivers::inspector::password: a1a348b50edfe16d0ffe711a53e03edddee0d927 ironic::drivers::inspector::auth_url: "%{hiera('keystone_identity_uri')}" ironic::drivers::inspector::user_domain_name: "%{hiera('keystone_default_domain')}" ironic::drivers::inspector::project_domain_name: "%{hiera('keystone_default_domain')}" ironic::glance::password: a1a348b50edfe16d0ffe711a53e03edddee0d927 ironic::glance::auth_url: "%{hiera('keystone_identity_uri')}" ironic::neutron::password: a1a348b50edfe16d0ffe711a53e03edddee0d927 ironic::neutron::auth_url: "%{hiera('keystone_identity_uri')}" ironic::service_catalog::password: a1a348b50edfe16d0ffe711a53e03edddee0d927 ironic::service_catalog::auth_url: "%{hiera('keystone_identity_uri')}" ironic::swift::password: a1a348b50edfe16d0ffe711a53e03edddee0d927 ironic::swift::auth_url: "%{hiera('keystone_identity_uri')}" # Ironic conductor forces deployments to use http # https://bugs.launchpad.net/tripleo/+bug/1613088 ironic::conductor::api_url: http://192.168.24.3:6385 ironic::conductor::force_power_state_during_sync: false ironic::conductor::automated_clean: False ironic::conductor::cleaning_disk_erase: 'metadata' ironic::conductor::cleaning_network: 'ctlplane' ironic::conductor::provisioning_network: 'ctlplane' ironic::conductor::default_boot_option: 'local' ironic::conductor::enabled_drivers: ["pxe_drac", "pxe_ilo", "pxe_ipmitool"] ironic::conductor::enabled_hardware_types: ["redfish", "ipmi", "idrac", "ilo"] ironic::drivers::interfaces::default_inspect_interface: inspector ironic::drivers::interfaces::enabled_boot_interfaces: ["ilo-pxe", "pxe"] ironic::drivers::interfaces::enabled_console_interfaces: ['no-console', 'ipmitool-socat'] ironic::drivers::interfaces::enabled_deploy_interfaces: ['iscsi', 'direct', 'ansible'] ironic::drivers::interfaces::enabled_inspect_interfaces: ['no-inspect', 'inspector'] ironic::drivers::interfaces::enabled_management_interfaces: ["redfish", "ilo", "idrac", "ipmitool", "fake"] ironic::drivers::interfaces::enabled_power_interfaces: ["redfish", "ilo", "idrac", "ipmitool", "fake"] ironic::drivers::interfaces::enabled_raid_interfaces: ["no-raid", "idrac"] ironic::drivers::interfaces::enabled_vendor_interfaces: ["idrac", "ipmitool", "no-vendor"] # Make sure new nodes default to 'baremetal' resource class ironic::default_resource_class: 'baremetal' ironic::keystone::auth::tenant: 'service' ironic::keystone::auth::public_url: https://192.168.24.2:13385 ironic::keystone::auth::internal_url: http://192.168.24.3:6385 ironic::keystone::auth::admin_url: http://192.168.24.3:6385 ironic::keystone::auth::password: a1a348b50edfe16d0ffe711a53e03edddee0d927 ironic::keystone::auth::region: "%{hiera('keystone_region')}" ironic::keystone::auth_inspector::tenant: 'service' ironic::keystone::auth_inspector::public_url: https://192.168.24.2:13050 ironic::keystone::auth_inspector::internal_url: http://192.168.24.3:5050 ironic::keystone::auth_inspector::admin_url: http://192.168.24.3:5050 ironic::keystone::auth_inspector::password: a1a348b50edfe16d0ffe711a53e03edddee0d927 ironic::keystone::auth_inspector::region: "%{hiera('keystone_region')}" # Ironic Inspector ironic::inspector::listen_address: 192.168.24.1 ironic::inspector::debug: "%{hiera('debug')}" ironic::inspector::pxe_transfer_protocol: 'http' ironic::inspector::enable_uefi: True ironic::inspector::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" ironic::inspector::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" ironic::inspector::authtoken::username: 'ironic' ironic::inspector::authtoken::password: "%{hiera('ironic::api::authtoken::password')}" ironic::inspector::authtoken::project_name: 'service' ironic::inspector::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" ironic::inspector::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" ironic::inspector::db::database_connection: mysql+pymysql://ironic-inspector:a1a348b50edfe16d0ffe711a53e03edddee0d927@192.168.24.1/ironic-inspector ironic::inspector::keep_ports: 'added' ironic::inspector::ironic_username: 'ironic' ironic::inspector::ironic_password: "%{hiera('ironic::api::authtoken::password')}" ironic::inspector::ironic_tenant_name: 'service' ironic::inspector::ironic_project_domain_name: 'Default' ironic::inspector::ironic_user_domain_name: 'Default' ironic::inspector::ironic_auth_url: "%{hiera('keystone_auth_uri')}" ironic::inspector::ironic_max_retries: 6 ironic::inspector::ironic_retry_interval: 10 ironic::inspector::store_data: 'swift' ironic::inspector::swift_username: 'ironic' ironic::inspector::swift_password: "%{hiera('ironic::api::authtoken::password')}" ironic::inspector::swift_tenant_name: 'service' ironic::inspector::swift_project_domain_name: 'Default' ironic::inspector::swift_user_domain_name: 'Default' ironic::inspector::swift_auth_url: "%{hiera('keystone_auth_uri')}" ironic::inspector::dnsmasq_local_ip: 192.168.24.1 ironic::inspector::dnsmasq_interface: br-ctlplane ironic::inspector::dnsmasq_ip_subnets: [{"mtu": 1350, "netmask": "255.255.255.0", "tag": "ctlplane-subnet", "ip_range": "192.168.24.100,192.168.24.120", "gateway": "192.168.24.1"}] ironic::inspector::pxe_filter::driver: dnsmasq ironic::inspector::pxe_filter::dnsmasq::dnsmasq_start_command: 'systemctl start openstack-ironic-inspector-dnsmasq.service' ironic::inspector::pxe_filter::dnsmasq::dnsmasq_stop_command: 'systemctl stop openstack-ironic-inspector-dnsmasq.service' ironic::inspector::dnsmasq_dhcp_hostsdir: '/var/lib/ironic-inspector/dhcp-hostsdir' ironic::inspector::ramdisk_collectors: default,extra-hardware,numa-topology,logs ironic::inspector::additional_processing_hooks: 'extra_hardware,lldp_basic,local_link_connection' ironic::inspector::ramdisk_kernel_args: ipa-debug=1 ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 ironic::inspector::ipxe_timeout: 60 ironic::inspector::node_not_found_hook: ironic::inspector::discovery_default_driver: ipmi ironic::inspector::detect_boot_mode: true # Ironic PXE driver ironic::drivers::pxe::ipxe_timeout: 60 # Ironic deploy utils ironic_ipxe_port: 8088 ironic::conductor::http_url: "http://192.168.24.1:%{hiera('ironic_ipxe_port')}" ironic::conductor::http_boot: '/httpboot' ironic::inspector::http_port: "%{hiera('ironic_ipxe_port')}" # Ironic pxe ironic::drivers::pxe::ipxe_enabled: True # NOTE(dtantsur): UEFI only works with iPXE currently for us ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template' ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi' # Ironic agent ironic::drivers::agent::deploy_logs_collect: 'always' ironic::drivers::agent::deploy_logs_storage_backend: 'local' ironic::drivers::agent::deploy_logs_local_path: '/var/log/ironic/deploy/' # Ironic power and management drivers tuning ironic::drivers::ilo::default_boot_mode: 'bios' # Customisations for ppc64le # Rabbit rabbit_cookie: 94bc871a21d7f6b625fe2a3c82bf597ce6f711b4 rabbitmq::delete_guest_user: false rabbitmq::node_ip_address: 192.168.24.1 rabbitmq::management_ip_address: 192.168.24.1 rabbitmq::package_source: undef rabbitmq::port: 5672 rabbitmq::repos_ensure: false rabbitmq::wipe_db_on_cookie_change: true rabbitmq::default_user: 06aa1a181f4eafe469d9e4b6bd29334f4e9331c1 rabbitmq::default_pass: 82bf8aa8672a9253c21ebaee955dd2ac213283a0 # Mistral mistral::debug: "%{hiera('debug')}" mistral::notification_driver: "%{hiera('notification_driver')}" mistral::api::bind_host: 192.168.24.1 mistral::api::api_workers: "%{::os_workers}" mistral::rabbit_userid: 06aa1a181f4eafe469d9e4b6bd29334f4e9331c1 mistral::rabbit_password: 82bf8aa8672a9253c21ebaee955dd2ac213283a0 mistral::rabbit_host: "192.168.24.1" mistral::database_connection: mysql+pymysql://mistral:14a4a2de738c5c56a33dae011a7df6b22d47da14@192.168.24.1/mistral mistral::rpc_backend: rabbit mistral::rpc_response_timeout: 120 mistral::cron_trigger::execution_interval: 600 mistral::keystone::authtoken::password: 14a4a2de738c5c56a33dae011a7df6b22d47da14 mistral::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" mistral::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" mistral::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" mistral::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" mistral::keystone::auth::public_url: https://192.168.24.2:13989/v2 mistral::keystone::auth::internal_url: http://192.168.24.3:8989/v2 mistral::keystone::auth::admin_url: http://192.168.24.3:8989/v2 mistral::keystone::auth::region: "%{hiera('keystone_region')}" mistral::keystone::auth::password: 14a4a2de738c5c56a33dae011a7df6b22d47da14 mistral::keystone::auth::tenant: 'service' mistral::engine::older_than: 2880 mistral::engine::evaluation_interval: 120 mistral::engine::execution_field_size_limit_kb: 16384 # Zaqar zaqar::keystone::authtoken::project_name: 'service' zaqar::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" zaqar::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" zaqar::keystone::authtoken::password: f7bfef3a53200f5cb9e58bc0d6324ee9e59c2466 zaqar::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" zaqar::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" zaqar::keystone::auth::tenant: 'service' zaqar::keystone::auth::public_url: https://192.168.24.2:13888 zaqar::keystone::auth::internal_url: http://192.168.24.3:8888 zaqar::keystone::auth::admin_url: http://192.168.24.3:8888 zaqar::keystone::auth::region: "%{hiera('keystone_region')}" zaqar::keystone::auth::password: f7bfef3a53200f5cb9e58bc0d6324ee9e59c2466 zaqar::keystone::auth::roles: - admin - ResellerAdmin zaqar::keystone::auth_websocket::tenant: 'service' zaqar::keystone::auth_websocket::public_url: wss://192.168.24.2:9000 zaqar::keystone::auth_websocket::internal_url: ws://192.168.24.3:9000 zaqar::keystone::auth_websocket::admin_url: ws://192.168.24.3:9000 zaqar::keystone::auth_websocket::region: "%{hiera('keystone_region')}" zaqar::keystone::auth_websocket::password: f7bfef3a53200f5cb9e58bc0d6324ee9e59c2466 zaqar::server::service_name: 'httpd' zaqar::unreliable: true zaqar::transport::websocket::bind: 192.168.24.1 zaqar::transport::websocket::notification_bind: 192.168.24.1 zaqar::wsgi::apache::bind_host: 192.168.24.1 zaqar::wsgi::apache::ssl: false zaqar::message_store: swift zaqar::management_store: sqlalchemy zaqar::management::sqlalchemy::uri: mysql+pymysql://zaqar:f7bfef3a53200f5cb9e58bc0d6324ee9e59c2466@192.168.24.1/zaqar zaqar::messaging::swift::uri: swift://zaqar:f7bfef3a53200f5cb9e58bc0d6324ee9e59c2466@/service zaqar::messaging::swift::auth_url: "%{hiera('keystone_auth_uri')}" zaqar::message_pipeline: 'zaqar.notification.notifier' zaqar::max_messages_post_size: 1048576 # Cinder cinder::debug: "%{hiera('debug')}" cinder_backend_name: 'undercloud_iscsi' cinder_enable_test_volume: false cinder_iscsi_address: 192.168.24.1 cinder::api::enable_proxy_headers_parsing: true cinder::api::service_name: 'httpd' cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' cinder::backends::enabled_backends: ["%{hiera('cinder_backend_name')}"] cinder::cron::db_purge::destination: "/dev/null" cinder::database_connection: mysql+pymysql://cinder:a81ab522436fd3e5cc4c364fb6730f2a6f365c88@192.168.24.1/cinder cinder::db::database_db_max_retries: -1 cinder::db::database_max_retries: -1 cinder::debug: "%{hiera('debug')}" cinder::glance::glance_api_servers: http://192.168.24.3:9292 cinder::keystone::auth::tenant: 'service' cinder::keystone::auth::public_url: https://192.168.24.2:13776/v1/%(tenant_id)s cinder::keystone::auth::internal_url: http://192.168.24.3:8776/v1/%(tenant_id)s cinder::keystone::auth::admin_url: http://192.168.24.3:8776/v1/%(tenant_id)s cinder::keystone::auth::public_url_v2: https://192.168.24.2:13776/v2/%(tenant_id)s cinder::keystone::auth::internal_url_v2: http://192.168.24.3:8776/v2/%(tenant_id)s cinder::keystone::auth::admin_url_v2: http://192.168.24.3:8776/v2/%(tenant_id)s cinder::keystone::auth::public_url_v3: https://192.168.24.2:13776/v3/%(tenant_id)s cinder::keystone::auth::internal_url_v3: http://192.168.24.3:8776/v3/%(tenant_id)s cinder::keystone::auth::admin_url_v3: http://192.168.24.3:8776/v3/%(tenant_id)s cinder::keystone::auth::region: "%{hiera('keystone_region')}" cinder::keystone::auth::password: a81ab522436fd3e5cc4c364fb6730f2a6f365c88 cinder::keystone::authtoken::project_name: 'service' cinder::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" cinder::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" cinder::keystone::authtoken::password: a81ab522436fd3e5cc4c364fb6730f2a6f365c88 cinder::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" cinder::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" cinder::rabbit_userid: 06aa1a181f4eafe469d9e4b6bd29334f4e9331c1 cinder::rabbit_password: 82bf8aa8672a9253c21ebaee955dd2ac213283a0 cinder::rabbit_host: "192.168.24.1" cinder::notification_driver: "%{hiera('notification_driver')}" cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler cinder::setup_test_volume::size: '10280M' cinder::wsgi::apache::bind_host: 192.168.24.1 cinder::wsgi::apache::ssl: false cinder::wsgi::apache::workers: "%{::os_workers}" # HAproxy tripleo::profile::base::haproxy::step: 1 tripleo::haproxy::haproxy_stats_password: c2affebe23d5dfe2a26eb0f2ec888cc3088d0ea2 tripleo::haproxy::controller_virtual_ip: "%{hiera('controller_admin_host')}" tripleo::haproxy::controller_hosts: "%{hiera('controller_host')}" tripleo::haproxy::public_virtual_ip: "%{hiera('controller_public_host')}" tripleo::haproxy::public_virtual_interface: 'br-ctlplane' tripleo::haproxy::keystone_admin: true tripleo::haproxy::keystone_public: true tripleo::haproxy::neutron: true tripleo::haproxy::glance_api: true tripleo::haproxy::glance_registry: true tripleo::haproxy::nova_osapi: true tripleo::haproxy::nova_placement: true tripleo::haproxy::nova_metadata: true tripleo::haproxy::swift_proxy_server: true tripleo::haproxy::heat_api: true tripleo::haproxy::ceilometer: "%{hiera('enable_telemetry')}" tripleo::haproxy::aodh: "%{hiera('enable_telemetry')}" tripleo::haproxy::gnocchi: "%{hiera('enable_telemetry')}" tripleo::haproxy::panko: "%{hiera('enable_telemetry')}" tripleo::haproxy::ironic: true tripleo::haproxy::ironic_inspector: true tripleo::haproxy::rabbitmq: true tripleo::haproxy::mistral: true tripleo::haproxy::zaqar_api: true tripleo::haproxy::zaqar_ws: true tripleo::haproxy::docker_registry: true # Docker tripleo::profile::base::docker::step: 1 # Undercloud should not have --iptables=false by default hence this override (LP#1709325) tripleo::profile::base::docker::docker_options: '--log-driver=journald --signature-verification=false' tripleo::profile::base::docker::registry_mirror: http://mirror.regionone.vexxhost-nodepool-tripleo.rdoproject.org:8082/ tripleo::profile::base::docker::debug: "%{hiera('debug')}" tripleo::profile::base::docker::insecure_registries: ["192.168.24.1:8787", "192.168.24.3:8787"] # Keepalived tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}" tripleo::keepalived::control_virtual_interface: 'br-ctlplane' tripleo::keepalived::public_virtual_ip: "%{hiera('controller_public_host')}" tripleo::keepalived::public_virtual_interface: 'br-ctlplane' tripleo::keepalived::virtual_router_id_base: 40 # UI keystone::cors::allowed_origin: '*' nova::cors::allowed_origin: '*' nova::cors::max_age: 3600 nova::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH' nova::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' nova::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' ironic::cors::allowed_origin: '*' ironic::cors::max_age: 3600 ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH' ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' ironic::inspector::cors::allowed_origin: '*' ironic::inspector::cors::max_age: 3600 ironic::inspector::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH' ironic::inspector::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' ironic::inspector::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' heat::cors::allowed_origin: '*' heat::cors::max_age: 3600 heat::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' heat::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' mistral::cors::allowed_origin: '*' mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' swift::proxy::cors_allow_origin: '*' tripleo::ui::endpoint_proxy_zaqar: ws://192.168.24.3:9000 tripleo::ui::endpoint_proxy_keystone: http://192.168.24.3:5000 tripleo::ui::endpoint_proxy_heat: http://192.168.24.3:8004 tripleo::ui::endpoint_proxy_ironic: http://192.168.24.3:6385 tripleo::ui::endpoint_proxy_ironic_inspector: http://192.168.24.3:5050 tripleo::ui::endpoint_proxy_mistral: http://192.168.24.3:8989 tripleo::ui::endpoint_proxy_nova: http://192.168.24.3:8774 tripleo::ui::endpoint_proxy_swift: http://192.168.24.3:8080 tripleo::ui::endpoint_config_zaqar: wss://192.168.24.2:443/zaqar tripleo::ui::endpoint_config_keystone: https://192.168.24.2:443/keystone/v3 tripleo::ui::endpoint_config_heat: https://192.168.24.2:443/heat/v1/%(project_id)s tripleo::ui::endpoint_config_ironic: https://192.168.24.2:443/ironic tripleo::ui::endpoint_config_ironic_inspector: https://192.168.24.2:443/ironic-inspector tripleo::ui::endpoint_config_mistral: https://192.168.24.2:443/mistral/v2 tripleo::ui::endpoint_config_nova: https://192.168.24.2:443/nova/v2.1 tripleo::ui::endpoint_config_swift: https://192.168.24.2:443/swift/v1/AUTH_%(project_id)s # service tenant ceilometer::keystone::authtoken::project_name: 'service' aodh::keystone::authtoken::project_name: 'service' gnocchi::keystone::authtoken::project_name: 'service' cinder::keystone::authtoken::project_name: 'service' heat::keystone::authtoken::project_name: 'service' glance::api::authtoken::project_name: 'service' glance::registry::authtoken::project_name: 'service' ironic::api::authtoken::project_name: 'service' ironic::drivers::inspector::project_name: 'service' ironic::glance::project_name: 'service' ironic::neutron::project_name: 'service' ironic::service_catalog::project_name: 'service' ironic::swift::project_name: 'service' nova::keystone::authtoken::project_name: 'service' swift::proxy::authtoken::project_name: 'service' mistral::keystone::authtoken::project_name: 'service' swift::proxy::workers: "%{::os_workers}" # Options enable_tempest: False enable_validations: False enable_telemetry: False enable_ui: True enable_cinder: False enable_container_images_build: True # Path to install configuration files tripleo_install_user: zuul tripleo_undercloud_conf_file: /home/zuul/undercloud.conf tripleo_undercloud_password_file: /home/zuul/undercloud-passwords.conf # Novajoin # Firewall tripleo::firewall::manage_firewall: true tripleo::firewall::firewall_rules: '003 ssh': dport: - 22 '105 ntp': dport: 123 proto: udp '106 vrrp': proto: vrrp '107 haproxy stats': dport: 1993 '108 redis': dport: - 6379 - 26379 '110 ceph': dport: - 6789 - '6800-6810' '111 keystone': dport: - 5000 - 13000 - 35357 - 13357 '112 glance': dport: - 9292 - 9191 - 13292 '113 nova': dport: - 6080 - 13080 - 8773 - 13773 - 8774 - 13774 - 8778 - 13778 - 8775 - 13775 '114 neutron server': dport: - 9696 - 13696 '115 neutron dhcp input': proto: 'udp' dport: 67 '116 neutron dhcp output': proto: 'udp' chain: 'OUTPUT' dport: 68 '118 neutron vxlan networks': proto: 'udp' dport: 4789 '119 cinder': dport: - 8776 - 13776 '120 iscsi initiator': dport: 3260 '121 memcached': dport: 11211 proto: tcp source: '127.0.0.1' '122 swift proxy': dport: - 8080 - 13808 '123 swift storage': dport: - 873 - 6000 - 6001 - 6002 '125 heat': dport: - 8000 - 13800 - 8003 - 13003 - 8004 - 13004 '127 snmp': dport: 161 proto: 'udp' '128 aodh': dport: - 8042 - 13042 '129 gnocchi-api': dport: - 8041 - 13041 '130 tftp': dport: 69 proto: udp '131 novnc': dport: 5900-5999 proto: tcp '132 mistral': dport: - 8989 - 13989 '133 zaqar': dport: - 8888 - 13888 '134 zaqar websockets': dport: 9000 '135 ironic': dport: - 6385 - 13385 '136 trove': dport: - 8779 - 13779 '137 ironic-inspector': dport: 5050 '138 docker registry': dport: - 8787 - 13787 '139 apache vhost': dport: "%{hiera('ironic_ipxe_port')}" # 140 network cidr nat rules "140 destination ctlplane-subnet cidr nat": {"chain": "FORWARD", "destination": "192.168.24.0/24", "proto": "all", "action": "accept"} "140 source ctlplane-subnet cidr nat": {"chain": "FORWARD", "source": "192.168.24.0/24", "proto": "all", "action": "accept"} '142 tripleo-ui': dport: - 3000 - 443 '143 panko-api': dport: - 8977 - 13977