-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathundercloud.conf
420 lines (344 loc) · 15.5 KB
/
undercloud.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
[DEFAULT]
#
# From undercloud_config
#
# List of additional architectures enabled in your cloud environment.
# The list of supported values is: ppc64le (list value)
#additional_architectures =
# Authentication token expiration time in seconds. Note reducing this
# can have impacts on long running undercloud processes. (string
# value)
#auth_token_lifetime = 14400
# The certmonger nickname of the CA from which the certificate will be
# requested. This is used only if the generate_service_certificate
# option is set. Note that if the "local" CA is selected the
# certmonger's local CA certificate will be extracted to /etc/pki/ca-
# trust/source/anchors/cm-local-ca.pem and subsequently added to the
# trust chain. (string value)
#certificate_generation_ca = local
# Whether to clean overcloud nodes (wipe the hard drive) between
# deployments and after the introspection. (boolean value)
#clean_nodes = false
# Cleanup temporary files. Setting this to False will leave the
# temporary files used during deployment in place after the command is
# run. This is useful for debugging the generated files or if errors
# occur. (boolean value)
#cleanup = true
# Container CLI used for deployment; Can be docker or podman. (string
# value)
#container_cli = podman
# Whether or not we disable the container healthchecks. (boolean
# value)
#container_healthcheck_disabled = false
# REQUIRED if authentication is needed to fetch containers. This file
# should contain values for "ContainerImagePrepare" and
# "ContainerImageRegistryCredentials" that will be used to fetch the
# containers for the undercloud installation. `openstack tripleo
# container image prepare default` can be used to provide a sample
# "ContainerImagePrepare" value. Alternatively this file can contain
# all the required Heat parameters for the containers for advanced
# configurations. (string value)
#container_images_file =
# Used to add custom insecure registries for containers. (list value)
# Deprecated group/name - [DEFAULT]/docker_insecure_registries
#container_insecure_registries =
# An optional container registry mirror that will be used. (string
# value)
# Deprecated group/name - [DEFAULT]/docker_registry_mirror
#container_registry_mirror =
# List of any custom environment yaml files to use. These are applied
# after any other configuration and can be used to override any
# derived values. This should be used only by advanced users. (list
# value)
#custom_env_files =
# User used to run openstack undercloud install command which will be
# used to add the user to the docker group, required to upload
# containers (string value)
#deployment_user = <None>
# The default driver or hardware type to use for newly discovered
# nodes (requires enable_node_discovery set to True). It is
# automatically added to enabled_hardware_types. (string value)
#discovery_default_driver = ipmi
# Whether to install the cinder service. (boolean value)
#enable_cinder = false
# Whether to enable the frr service. (boolean value)
#enable_frr = false
# DEPRECATED: Whether to enable the heat service. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: Heat has been replaced by the heat-ephemeral service and
# this option has been deprecated.
#enable_heat = false
# Whether to enable the ironic service. (boolean value)
#enable_ironic = true
# Whether to enable the ironic inspector service. (boolean value)
#enable_ironic_inspector = true
# Whether to enable the neutron service. (boolean value)
#enable_neutron = true
# Makes ironic-inspector enroll any unknown node that PXE-boots
# introspection ramdisk in Ironic. By default, the "fake" driver is
# used for new nodes (it is automatically enabled when this option is
# set to True). Set discovery_default_driver to override.
# Introspection rules can also be used to specify driver information
# for newly enrolled nodes. (boolean value)
#enable_node_discovery = false
# DEPRECATED: Whether to enable the nova service. (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: Nova can no longer be enabled via the config settings.
#enable_nova = false
# DEPRECATED: Whether to install the novajoin metadata service
# (boolean value)
# This option is deprecated for removal.
# Its value may be silently ignored in the future.
# Reason: Support for the novajoin metadata service has been
# deprecated.
#enable_novajoin = false
# Enable support for routed ctlplane networks. (boolean value)
#enable_routed_networks = false
# Whether to install the swift services (boolean value)
#enable_swift = false
# Whether to enable Swift encryption at-rest or not. (boolean value)
#enable_swift_encryption = false
# Whether to install Telemetry services (ceilometer, gnocchi, aodh).
# (boolean value)
#enable_telemetry = false
# Whether to install requirements to run the TripleO validations.
# (boolean value)
#enable_validations = true
# List of enabled bare metal hardware types (next generation drivers).
# (list value)
#enabled_hardware_types = ipmi,redfish,ilo,idrac
# When set to True, an SSL certificate will be generated as part of
# the undercloud install and this certificate will be used in place of
# the value for undercloud_service_certificate. The resulting
# certificate will be written to
# /etc/pki/tls/private/overcloud_endpoint.pem. This certificate is
# signed by CA selected by the "certificate_generation_ca" option.
# (boolean value)
#generate_service_certificate = true
# Custom URL for the heat-all container image to use as part of the
# undercloud deployment. If not specified, the default
# "quay.io/tripleowallaby/openstack-heat-all:current-tripleo" is used.
# If this location requires authentication, run podman login prior to
# running the undercloud install. (string value)
#heat_container_image =
# Execute the heat-all process natively on this host. This option
# requires that the heat-all binaries be installed locally on this
# machine. This option is enabled by default which means heat-all is
# executed on the host OS directly If this is set to false, a
# containerized version of heat-all is used. (boolean value)
#heat_native = true
# Path to hieradata override file. Relative paths get computed inside
# of $HOME. When it points to a heat env file, it is passed in t-h-t
# via "-e <file>", as is. When the file contains legacy instack data,
# it is wrapped with UndercloudExtraConfig and also passed in for
# t-h-t as a temp file created in output_dir. Note, instack hiera data
# may be not t-h-t compatible and will highly likely require a manual
# revision. (string value)
#hieradata_override =
# Whether to enable extra hardware collection during the inspection
# process. Requires python-hardware or python-hardware-detect package
# on the introspection image. (boolean value)
#inspection_extras = true
# Network interface on which inspection dnsmasq will listen. If in
# doubt, use the default value. (string value)
# Deprecated group/name - [DEFAULT]/discovery_interface
#inspection_interface = br-ctlplane
# Whether to run benchmarks when inspecting nodes. Requires
# inspection_extras set to True. (boolean value)
# Deprecated group/name - [DEFAULT]/discovery_runbench
#inspection_runbench = false
# One Time Password to register Undercloud node with an IPA server.
# (string value)
#ipa_otp =
# IPv6 address configuration mode for the undercloud provisioning
# network. (string value)
# Possible values:
# dhcpv6-stateless - Address configuration using RA and optional
# information using DHCPv6.
# dhcpv6-stateful - Address configuration and optional information
# using DHCPv6.
#ipv6_address_mode = dhcpv6-stateless
# Whether to use iPXE for inspection. (boolean value)
# Deprecated group/name - [DEFAULT]/ipxe_deploy
#ipxe_enabled = true
# Ironic network interface implementation to use by default. (string
# value)
# Possible values:
# flat - Use one flat provider network.
# neutron - Ironic interacts with Neutron to enable other network
# types and advanced networking features.
#ironic_default_network_interface = flat
# Enabled ironic network interface implementations. Each hardware type
# must have at least one valid implementation enabled. (list value)
#ironic_enabled_network_interfaces = flat
# Network interface on the Undercloud that will be handling the PXE
# boots and DHCP for Overcloud instances. (string value)
#local_interface = eth1
local_interface = enp3s0f1np1
# IP information for the interface on the Undercloud that will be
# handling the PXE boots and DHCP for Overcloud instances. The IP
# portion of the value will be assigned to the network interface
# defined by local_interface, with the netmask defined by the prefix
# portion of the value. (string value)
#local_ip = 192.168.24.1/24
# MTU to use for the local_interface. (integer value)
#local_mtu = 1500
# Name of the local subnet, where the PXE boot and DHCP interfaces for
# overcloud instances is located. The IP address of the
# local_ip/local_interface should reside in this subnet. (string
# value)
#local_subnet = ctlplane-subnet
# Path to network config override template. Relative paths get
# computed inside of $HOME. Must be in the json or yaml format. Its
# content overrides anything in t-h-t <role>NetConfigOverride. The
# processed template is then passed in Heat via the generated
# parameters file created in output_dir and used to configure the
# networking via run-os-net-config. If you wish to disable you can set
# this location to an empty file. Templated for instack j2 tags may be
# used, for example:
#
# "network_config": [
# {
# "type": "ovs_bridge",
# "name": "br-ctlplane",
# "ovs_extra": [
# "br-set-external-id br-ctlplane bridge-id br-ctlplane"
# ],
# "members": [
# {
# "type": "interface",
# "name": "{{LOCAL_INTERFACE}}",
# "primary": "true",
# "mtu": {{LOCAL_MTU}},
# "dns_servers": {{UNDERCLOUD_NAMESERVERS}}
# }
# ],
# "addresses": [
# {
# "ip_netmask": "{{PUBLIC_INTERFACE_IP}}"
# }
# ],
# "routes": {{SUBNETS_STATIC_ROUTES}},
# "mtu": {{LOCAL_MTU}}
# }
# ]
# (string value)
#net_config_override =
# Networks file to override for heat. May be an absolute path or the
# path relative to the t-h-t templates directory used for deployment
# (string value)
#networks_file = <None>
# Directory to output state, processed heat templates, ansible
# deployment files.Defaults to ~/tripleo-deploy/<stack> (string value)
#output_dir = <None>
# DNS domain name to use when deploying the overcloud. The overcloud
# parameter "CloudDomain" must be set to a matching value. (string
# value)
#overcloud_domain_name = localdomain
# Roles file to override for heat. May be an absolute path or the path
# relative to the t-h-t templates directory used for deployment
# (string value)
#roles_file = <None>
# Maximum number of attempts the scheduler will make when deploying
# the instance. You should keep it greater or equal to the number of
# bare metal nodes you expect to deploy at once to work around
# potential race condition when scheduling. (integer value)
# Minimum value: 1
#scheduler_max_attempts = 30
# The kerberos principal for the service that will use the
# certificate. This is only needed if your CA requires a kerberos
# principal. e.g. with FreeIPA. (string value)
#service_principal =
# List of routed network subnets for provisioning and introspection.
# Comma separated list of names/tags. For each network a section/group
# needs to be added to the configuration file with these parameters
# set: cidr, dhcp_start, dhcp_end, inspection_iprange, gateway and
# masquerade_network. Note: The section/group must be placed before or
# after any other section. (See the example section [ctlplane-subnet]
# in the sample configuration file.) (list value)
#subnets = ctlplane-subnet
# heat templates file to override. (string value)
#templates =
# Virtual IP or DNS address to use for the admin endpoints of
# Undercloud services. Only used with SSL. (string value)
# Deprecated group/name - [DEFAULT]/undercloud_admin_vip
#undercloud_admin_host = 192.168.24.3
# Whether to enable the debug log level for Undercloud OpenStack
# services and Container Image Prepare step. (boolean value)
#undercloud_debug = true
# Enable or disable SELinux during the deployment. (boolean value)
#undercloud_enable_selinux = true
# Fully qualified hostname (including domain) to set on the
# Undercloud. If left unset, the current hostname will be used, but
# the user is responsible for configuring all system hostname settings
# appropriately. If set, the undercloud install will configure all
# system hostname settings. (string value)
#undercloud_hostname = <None>
# The path to a log file to store the undercloud install/upgrade logs.
# (string value)
#undercloud_log_file = install-undercloud.log
# DNS nameserver(s). Use for the undercloud node and for the overcloud
# nodes. (NOTE: To use different nameserver(s) for the overcloud,
# override the DnsServers parameter in overcloud environment.) (list
# value)
#undercloud_nameservers =
# List of ntp servers to use. (list value)
#undercloud_ntp_servers = 0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org
# Virtual IP or DNS address to use for the public endpoints of
# Undercloud services. Only used with SSL. (string value)
# Deprecated group/name - [DEFAULT]/undercloud_public_vip
#undercloud_public_host = 192.168.24.2
# Certificate file to use for OpenStack service SSL connections.
# Setting this enables SSL for the OpenStack API endpoints, leaving it
# unset disables SSL. (string value)
#undercloud_service_certificate =
# Host timezone to be used. If no timezone is specified, the existing
# timezone configuration is used. (string value)
#undercloud_timezone = <None>
[ctlplane-subnet]
#
# From undercloud_config
#
# Network CIDR for the Neutron-managed subnet for Overcloud instances.
# (string value)
# Deprecated group/name - [DEFAULT]/network_cidr
#cidr = 192.168.24.0/24
# End of DHCP allocation range for PXE and DHCP of Overcloud instances
# on this network. (list value)
# Deprecated group/name - [DEFAULT]/dhcp_end
#dhcp_end = 192.168.24.24
# List of IP addresses or IP ranges to exclude from the subnets
# allocation pool. Example: 192.168.24.50,192.168.24.80-192.168.24.90
# (list value)
#dhcp_exclude =
# Start of DHCP allocation range for PXE and DHCP of Overcloud
# instances on this network. (list value)
# Deprecated group/name - [DEFAULT]/dhcp_start
#dhcp_start = 192.168.24.5
# DNS nameservers for the Neutron-managed subnet for the Overcloud
# instances on this network. If no nameservers are defined for the
# subnet, the nameservers defined for undercloud_nameservers will be
# used. (list value)
#dns_nameservers =
# Network gateway for the Neutron-managed network for Overcloud
# instances on this network. (string value)
# Deprecated group/name - [DEFAULT]/network_gateway
#gateway = 192.168.24.1
# Host routes for the Neutron-managed subnet for the Overcloud
# instances on this network. The host routes on the local_subnet will
# also be configured on the undercloud. (list value)
#
# This option has a sample default set, which means that
# its actual default value may vary from the one documented
# below.
#host_routes = [{destination: 10.10.10.0/24, nexthop: 192.168.24.1}]
# Temporary IP range that will be given to nodes on this network
# during the inspection process. Should not overlap with the range
# defined by dhcp_start and dhcp_end, but should be in the same ip
# subnet. (string value)
# Deprecated group/name - [DEFAULT]/inspection_iprange
#inspection_iprange = 192.168.24.100,192.168.24.120
# The network will be masqueraded for external access. (boolean value)
#masquerade = false