{"id":538,"sha1":"41d3880b183e455e5f5d459ae7e32ea8e85831d6","playbook":{"id":4,"items":{"plays":107,"tasks":2438,"results":2413,"hosts":13,"files":511,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":4,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-openstack.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-14T10:21:40.790759Z","ended":"2025-12-14T11:05:36.775743Z","duration":"00:43:55.984984","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.13.5","server_version":"1.7.4","status":"completed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2016, Tata Consultancy Services\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n## Verbosity Options\ndebug: false\n\n# Enable/Disable Ceilometer\ndesignate_ceilometer_enabled: \"{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}\"\n\n# Set the host which will execute the shade modules\n# for the service setup. The host must already have\n# clouds.yaml properly configured.\ndesignate_service_setup_host: \"{{ openstack_service_setup_host | default('localhost') }}\"\ndesignate_service_setup_host_python_interpreter: >-\n {{\n openstack_service_setup_host_python_interpreter | default(\n (designate_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))\n }}\n\n# Set the package install state for distribution packages\n# Options are 'present' and 'latest'\ndesignate_package_state: \"{{ package_state | default('latest') }}\"\n\n# Set installation method.\ndesignate_install_method: \"{{ service_install_method | default('source') }}\"\ndesignate_venv_python_executable: \"{{ openstack_venv_python_executable | default('python3') }}\"\n\n## The git source/branch\ndesignate_git_repo: https://opendev.org/openstack/designate\ndesignate_git_install_branch: master\ndesignate_upper_constraints_url: >-\n {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}\ndesignate_git_constraints:\n - \"--constraint {{ designate_upper_constraints_url }}\"\n\ndesignate_pip_install_args: \"{{ pip_install_options | default('') }}\"\n\n# Name of the virtual env to deploy into\ndesignate_venv_tag: \"{{ venv_tag | default('untagged') }}\"\ndesignate_bin: \"{{ _designate_bin }}\"\n\n# Set the etc dir path where designate is installed.\n# This is used for role access to the db migrations.\n# Example:\n# designate_etc_dir: \"/usr/local/etc/designate\"\ndesignate_etc_dir: \"{{ _designate_etc }}/designate\"\n\n## System info\ndesignate_system_user_name: designate\ndesignate_system_group_name: designate\ndesignate_system_shell: /bin/false\ndesignate_system_comment: designate system user\ndesignate_system_user_home: \"/var/lib/{{ designate_system_user_name }}\"\n\n## Coordination info\ndesignate_coordination_driver: \"{{ coordination_driver | default('zookeeper') }}\"\ndesignate_coordination_group: \"{{ coordination_host_group | default('zookeeper_all') }}\"\ndesignate_coordination_enable: \"{{ designate_coordination_group in groups and groups[designate_coordination_group] | length > 0 }}\"\ndesignate_coordination_namespace: designate\ndesignate_coordination_client_ssl: \"{{ coordination_client_ssl | default(False) }}\"\ndesignate_coordination_verify_cert: \"{{ coordination_verify_cert | default(True) }}\"\ndesignate_coordination_port: \"{{ coordination_port | default(designate_coordination_client_ssl | ternary('2281', '2181')) }}\"\ndesignate_coordination_url: \"{{ _designate_coordination_url | default() }}\"\n\n## Database info\ndesignate_db_setup_host: \"{{ openstack_db_setup_host | default('localhost') }}\"\ndesignate_db_setup_python_interpreter: >-\n {{\n openstack_db_setup_python_interpreter | default(\n (designate_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))\n }}\ndesignate_galera_address: \"{{ galera_address | default('127.0.0.1') }}\"\ndesignate_galera_user: designate\ndesignate_galera_database: designate\ndesignate_galera_use_ssl: \"{{ galera_use_ssl | default(False) }}\"\ndesignate_galera_ssl_ca_cert: \"{{ galera_ssl_ca_cert | default('') }}\"\ndesignate_galera_port: \"{{ galera_port | default('3306') }}\"\ndesignate_db_max_overflow: \"{{ openstack_db_max_overflow | default('50') }}\"\ndesignate_db_max_pool_size: \"{{ openstack_db_max_pool_size | default('5') }}\"\ndesignate_db_pool_timeout: \"{{ openstack_db_pool_timeout | default('30') }}\"\ndesignate_db_connection_recycle_time: \"{{ openstack_db_connection_recycle_time | default('600') }}\"\n\n## Oslo Messaging\n# RPC\ndesignate_oslomsg_rpc_host_group: \"{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}\"\ndesignate_oslomsg_rpc_setup_host: \"{{ (designate_oslomsg_rpc_host_group in groups) | ternary(groups[designate_oslomsg_rpc_host_group][0], 'localhost') }}\"\ndesignate_oslomsg_rpc_transport: \"{{ oslomsg_rpc_transport | default('rabbit') }}\"\ndesignate_oslomsg_rpc_servers: \"{{ oslomsg_rpc_servers | default('127.0.0.1') }}\"\ndesignate_oslomsg_rpc_port: \"{{ oslomsg_rpc_port | default('5672') }}\"\ndesignate_oslomsg_rpc_use_ssl: \"{{ oslomsg_rpc_use_ssl | default(False) }}\"\ndesignate_oslomsg_rpc_userid: designate-rpc\n# vhost name depends on value of oslomsg_rabbit_quorum_queues. In case quorum queues\n# are not used - vhost name will be prefixed with leading `/`.\ndesignate_oslomsg_rpc_vhost:\n - name: /designate\n state: \"{{ designate_oslomsg_rabbit_quorum_queues | ternary('absent', 'present') }}\"\n - name: designate\n state: \"{{ designate_oslomsg_rabbit_quorum_queues | ternary('present', 'absent') }}\"\ndesignate_oslomsg_rpc_ssl_version: \"{{ oslomsg_rpc_ssl_version | default('TLSv1_2') }}\"\ndesignate_oslomsg_rpc_ssl_ca_file: \"{{ oslomsg_rpc_ssl_ca_file | default('') }}\"\ndesignate_oslomsg_rpc_policies: []\n\n# Notify\ndesignate_oslomsg_notify_configure: \"{{ oslomsg_notify_configure | default(designate_ceilometer_enabled) }}\"\ndesignate_oslomsg_notify_host_group: \"{{ oslomsg_notify_host_group | default('rabbitmq_all') }}\"\ndesignate_oslomsg_notify_setup_host: >-\n {{ (designate_oslomsg_notify_host_group in groups) | ternary(groups[designate_oslomsg_notify_host_group][0], 'localhost') }}\ndesignate_oslomsg_notify_transport: \"{{ oslomsg_notify_transport | default('rabbit') }}\"\ndesignate_oslomsg_notify_servers: \"{{ oslomsg_notify_servers | default('127.0.0.1') }}\"\ndesignate_oslomsg_notify_port: \"{{ oslomsg_notify_port | default('5672') }}\"\ndesignate_oslomsg_notify_use_ssl: \"{{ oslomsg_notify_use_ssl | default(False) }}\"\ndesignate_oslomsg_notify_userid: \"{{ designate_oslomsg_rpc_userid }}\"\ndesignate_oslomsg_notify_password: \"{{ designate_oslomsg_rpc_password }}\"\ndesignate_oslomsg_notify_vhost: \"{{ designate_oslomsg_rpc_vhost }}\"\ndesignate_oslomsg_notify_ssl_version: \"{{ oslomsg_notify_ssl_version | default('TLSv1_2') }}\"\ndesignate_oslomsg_notify_ssl_ca_file: \"{{ oslomsg_notify_ssl_ca_file | default('') }}\"\ndesignate_oslomsg_notify_policies: []\n\n## RabbitMQ integration\ndesignate_oslomsg_rabbit_quorum_queues: \"{{ oslomsg_rabbit_quorum_queues | default(True) }}\"\ndesignate_oslomsg_rabbit_stream_fanout: \"{{ oslomsg_rabbit_stream_fanout | default(designate_oslomsg_rabbit_quorum_queues) }}\"\ndesignate_oslomsg_rabbit_transient_quorum_queues: \"{{ oslomsg_rabbit_transient_quorum_queues | default(designate_oslomsg_rabbit_stream_fanout) }}\"\ndesignate_oslomsg_rabbit_qos_prefetch_count: \"{{ oslomsg_rabbit_qos_prefetch_count | default(designate_oslomsg_rabbit_stream_fanout | ternary(10, 0)) }}\"\ndesignate_oslomsg_rabbit_queue_manager: \"{{ oslomsg_rabbit_queue_manager | default(designate_oslomsg_rabbit_quorum_queues) }}\"\ndesignate_oslomsg_rabbit_quorum_delivery_limit: \"{{ oslomsg_rabbit_quorum_delivery_limit | default(0) }}\"\ndesignate_oslomsg_rabbit_quorum_max_memory_bytes: \"{{ oslomsg_rabbit_quorum_max_memory_bytes | default(0) }}\"\n\n## DNS Backend Configuration\n# Configuration for the DNS backend that Designate will talk to, Designate\n# supports lots of backends, bind9, powerdns, nsd, djb, dyn, akamai, etc.\n# DNS Backends are configured via a YAML file that Designate reads. The DNS\n# server need not be in the actual Designate container, but for development,\n# or for some internal addressing use cases, it may make sense.\n\n# YAML to use for the Designate pools.yaml file. If this variable is defined,\n# a pools.yaml file will be written to /etc/designate/pools.yaml with the\n# provided YAML data.\n#\n# This is some example pools.yaml information that will work with a\n# simple bind9 installation in the same container as Designate.\n# designate_pools_yaml:\n# - name: \"default\"\n# description: Default BIND9 Pool\n# attributes: {}\n# ns_records:\n# - hostname: ns1.example.org.\n# priority: 1\n# nameservers:\n# - host: 127.0.0.1\n# port: 53\n# targets:\n# - type: bind9\n# description: BIND9 Server\n# masters:\n# - host: 127.0.0.1\n# port: 5354\n# options:\n# host: 127.0.0.1\n# port: 53\n# rndc_host: 127.0.0.1\n# rndc_port: 953\n\n## rndc keys for authenticating with bind9\n# define this to create as many key files as are required\n# designate_rndc_keys\n# - name: \"rndc-key\"\n# file: /etc/designate/rndc.key\n# algorithm: \"hmac-md5\"\n# secret: \"\"\n\n# Owner of all managed resources - like auto-created records etc.\ndesignate_managed_resource_project_name: \"{{ designate_service_project_name }}\"\n\n## Service Type and Data\ndesignate_service_region: \"{{ service_region | default('RegionOne') }}\"\ndesignate_service_endpoint_type: internalURL\ndesignate_service_name: designate\ndesignate_bind_address: \"{{ openstack_service_bind_address | default('0.0.0.0') }}\"\ndesignate_service_port: 9001\ndesignate_service_proto: http\ndesignate_service_type: dns\ndesignate_service_description: \"Designate DNS as a Service\"\ndesignate_service_project_domain_id: default\ndesignate_service_user_domain_id: default\ndesignate_service_user_name: designate\ndesignate_keystone_auth_type: password\ndesignate_service_project_name: service\ndesignate_service_role_names:\n - admin\n - service\ndesignate_service_token_roles:\n - service\ndesignate_service_token_roles_required: \"{{ openstack_service_token_roles_required | default(True) }}\"\ndesignate_service_publicuri_proto: \"{{ openstack_service_publicuri_proto | default(designate_service_proto) }}\"\ndesignate_service_internaluri_proto: \"{{ openstack_service_internaluri_proto | default(designate_service_proto) }}\"\ndesignate_service_adminuri_proto: \"{{ openstack_service_adminuri_proto | default(designate_service_proto) }}\"\n\ndesignate_service_publicuri: \"{{ designate_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ designate_service_port }}\"\ndesignate_service_internaluri: \"{{ designate_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}\"\ndesignate_service_adminuri: \"{{ designate_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ designate_service_port }}\"\n\ndesignate_service_in_ldap: \"{{ service_ldap_backend_enabled | default(False) }}\"\n\n# memcache override\ndesignate_memcached_servers: \"{{ memcached_servers }}\"\n\n# Common pip packages\ndesignate_pip_packages:\n - cryptography\n - \"git+{{ designate_git_repo }}@{{ designate_git_install_branch }}#egg=designate\"\n - osprofiler\n - python-designateclient\n - PyMySQL\n - pymemcache\n - python-memcached\n - systemd-python\n - \"tooz[{{ designate_coordination_driver }}]\"\n - warlock\ndesignate_user_pip_packages: []\n\ndesignate_central_init_overrides: {}\ndesignate_worker_init_overrides: {}\ndesignate_producer_init_overrides: {}\ndesignate_mdns_init_overrides: {}\ndesignate_sink_init_overrides: {}\ndesignate_api_init_overrides: {}\n\n## Service Name-Group Mapping\ndesignate_services:\n designate-central:\n group: designate_central\n service_name: designate-central\n init_config_overrides: \"{{ designate_central_init_overrides }}\"\n execstarts: \"{{ designate_bin }}/designate-central\"\n start_order: 3\n designate-worker:\n group: designate_worker\n service_name: designate-worker\n init_config_overrides: \"{{ designate_worker_init_overrides }}\"\n execstarts: \"{{ designate_bin }}/designate-worker\"\n start_order: 2\n designate-producer:\n group: designate_producer\n service_name: designate-producer\n init_config_overrides: \"{{ designate_producer_init_overrides }}\"\n execstarts: \"{{ designate_bin }}/designate-producer\"\n start_order: 5\n designate-mdns:\n group: designate_mdns\n service_name: designate-mdns\n init_config_overrides: \"{{ designate_mdns_init_overrides }}\"\n execstarts: \"{{ designate_bin }}/designate-mdns\"\n start_order: 4\n designate-sink:\n group: designate_sink\n service_name: designate-sink\n init_config_overrides: \"{{ designate_sink_init_overrides }}\"\n execstarts: \"{{ designate_bin }}/designate-sink\"\n start_order: 6\n designate-api:\n group: designate_api\n service_name: designate-api\n init_config_overrides: \"{{ designate_api_init_overrides }}\"\n execstarts: \"{{ designate_bin }}/designate-api\"\n start_order: 1\n\n## Tunable overrides\ndesignate_policy_overrides: {}\ndesignate_designate_conf_overrides: {}\ndesignate_api_paste_ini_overrides: {}\ndesignate_rootwrap_conf_overrides: {}\n\n###\n### Backend TLS\n###\n\n# Define if communication between haproxy and service backends should be\n# encrypted with TLS.\ndesignate_backend_ssl: \"{{ openstack_service_backend_ssl | default(False) }}\"\n\n# Storage location for SSL certificate authority\ndesignate_pki_dir: \"{{ openstack_pki_dir | default('/etc/openstack_deploy/pki') }}\"\n\n# Delegated host for operating the certificate authority\ndesignate_pki_setup_host: \"{{ openstack_pki_setup_host | default('localhost') }}\"\n\n# designate server certificate\ndesignate_pki_keys_path: \"{{ designate_pki_dir ~ '/certs/private/' }}\"\ndesignate_pki_certs_path: \"{{ designate_pki_dir ~ '/certs/certs/' }}\"\ndesignate_pki_intermediate_cert_name: \"{{ openstack_pki_service_intermediate_cert_name | default('ExampleCorpIntermediate') }}\"\ndesignate_pki_regen_cert: \"\"\ndesignate_pki_san: \"{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}\"\ndesignate_pki_certificates:\n - name: \"designate_{{ ansible_facts['hostname'] }}\"\n provider: ownca\n cn: \"{{ ansible_facts['hostname'] }}\"\n san: \"{{ designate_pki_san }}\"\n signed_by: \"{{ designate_pki_intermediate_cert_name }}\"\n\n# designate destination files for SSL certificates\ndesignate_ssl_cert: /etc/designate/designate.pem\ndesignate_ssl_key: /etc/designate/designate.key\n\n# Installation details for SSL certificates\ndesignate_pki_install_certificates:\n - src: \"{{ designate_user_ssl_cert | default(designate_pki_certs_path ~ 'designate_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}\"\n dest: \"{{ designate_ssl_cert }}\"\n owner: \"{{ designate_system_user_name }}\"\n group: \"{{ designate_system_user_name }}\"\n mode: \"0644\"\n - src: \"{{ designate_user_ssl_key | default(designate_pki_keys_path ~ 'designate_' ~ ansible_facts['hostname'] ~ '.key.pem') }}\"\n dest: \"{{ designate_ssl_key }}\"\n owner: \"{{ designate_system_user_name }}\"\n group: \"{{ designate_system_user_name }}\"\n mode: \"0600\"\n\n# Define user-provided SSL certificates\n# designate_user_ssl_cert: \n# designate_user_ssl_key: \n","created":"2025-12-14T10:21:47.516796Z","updated":"2025-12-14T10:21:47.516807Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible-os_designate/defaults/main.yml"}