{"id":660,"sha1":"e3d166451eff24ac58f8439144253338b239e84f","playbook":{"id":4,"items":{"plays":107,"tasks":2438,"results":2413,"hosts":13,"files":511,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":4,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-openstack.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-14T10:21:40.790759Z","ended":"2025-12-14T11:05:36.775743Z","duration":"00:43:55.984984","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.13.5","server_version":"1.7.4","status":"completed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# (C)2016 Brocade Communications Systems, Inc.\n# 130 Holger Way, San Jose, CA 95134.\n# All rights reserved.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n## Verbosity Options\ndebug: false\n\n# python venv executable\ntacker_venv_python_executable: \"{{ openstack_venv_python_executable | default('python3') }}\"\n\n# Enable/Disable Ceilometer\ntacker_ceilometer_enabled: \"{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}\"\n\n# Set the host which will execute the shade modules\n# for the service setup. The host must already have\n# clouds.yaml properly configured.\ntacker_service_setup_host: \"{{ openstack_service_setup_host | default('localhost') }}\"\ntacker_service_setup_host_python_interpreter: >-\n {{\n openstack_service_setup_host_python_interpreter | default(\n (tacker_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))\n }}\n\n# Set the package install state for distribution packages\n# Options are 'present' and 'latest'\ntacker_package_state: \"{{ package_state | default('latest') }}\"\n\ntacker_git_repo: https://opendev.org/openstack/tacker\ntacker_git_install_branch: master\ntacker_upper_constraints_url: >-\n {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}\ntacker_git_constraints:\n - \"--constraint {{ tacker_upper_constraints_url }}\"\n\ntacker_pip_install_args: \"{{ pip_install_options | default('') }}\"\n\n# Name of the virtual env to deploy into\ntacker_venv_tag: \"{{ venv_tag | default('untagged') }}\"\ntacker_bin: \"/openstack/venvs/tacker-{{ tacker_venv_tag }}/bin\"\n\n# Set the etc dir path where tacker is installed.\n# This is used for role access to the db migrations.\n# Example:\n# tacker_etc_dir: \"/usr/local/etc/tacker\"\ntacker_etc_dir: \"/etc/tacker\"\n\n## System info\ntacker_system_user_name: tacker\ntacker_system_group_name: tacker\ntacker_system_shell: /bin/false\ntacker_system_comment: tacker system user\ntacker_system_user_home: \"/var/lib/{{ tacker_system_user_name }}\"\n\n## Configuration for Oslo Messaging\n\n# RPC\ntacker_oslomsg_rpc_host_group: \"{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}\"\ntacker_oslomsg_rpc_setup_host: \"{{ (tacker_oslomsg_rpc_host_group in groups) | ternary(groups[tacker_oslomsg_rpc_host_group][0], 'localhost') }}\"\ntacker_oslomsg_rpc_transport: \"{{ oslomsg_rpc_transport | default('rabbit') }}\"\ntacker_oslomsg_rpc_servers: \"{{ oslomsg_rpc_servers | default('127.0.0.1') }}\"\ntacker_oslomsg_rpc_port: \"{{ oslomsg_rpc_port | default('5672') }}\"\ntacker_oslomsg_rpc_use_ssl: \"{{ oslomsg_rpc_use_ssl | default(False) }}\"\ntacker_oslomsg_rpc_userid: tacker\ntacker_oslomsg_rpc_policies: []\n# vhost name depends on value of oslomsg_rabbit_quorum_queues. In case quorum queues\n# are not used - vhost name will be prefixed with leading `/`.\ntacker_oslomsg_rpc_vhost:\n - name: /tacker\n state: \"{{ tacker_oslomsg_rabbit_quorum_queues | ternary('absent', 'present') }}\"\n - name: tacker\n state: \"{{ tacker_oslomsg_rabbit_quorum_queues | ternary('present', 'absent') }}\"\ntacker_oslomsg_rpc_ssl_version: \"{{ oslomsg_rpc_ssl_version | default('TLSv1_2') }}\"\ntacker_oslomsg_rpc_ssl_ca_file: \"{{ oslomsg_rpc_ssl_ca_file | default('') }}\"\n\n# Notify\ntacker_oslomsg_notify_configure: \"{{ oslomsg_notify_configure | default(tacker_ceilometer_enabled) }}\"\ntacker_oslomsg_notify_host_group: \"{{ oslomsg_notify_host_group | default('rabbitmq_all') }}\"\ntacker_oslomsg_notify_setup_host: \"{{ (tacker_oslomsg_notify_host_group in groups) | ternary(groups[tacker_oslomsg_notify_host_group][0], 'localhost') }}\"\ntacker_oslomsg_notify_transport: \"{{ oslomsg_notify_transport | default('rabbit') }}\"\ntacker_oslomsg_notify_servers: \"{{ oslomsg_notify_servers | default('127.0.0.1') }}\"\ntacker_oslomsg_notify_port: \"{{ oslomsg_notify_port | default('5672') }}\"\ntacker_oslomsg_notify_use_ssl: \"{{ oslomsg_notify_use_ssl | default(False) }}\"\ntacker_oslomsg_notify_userid: \"{{ tacker_oslomsg_rpc_userid }}\"\ntacker_oslomsg_notify_password: \"{{ tacker_oslomsg_rpc_password }}\"\ntacker_oslomsg_notify_vhost: \"{{ tacker_oslomsg_rpc_vhost }}\"\ntacker_oslomsg_notify_ssl_version: \"{{ oslomsg_notify_ssl_version | default('TLSv1_2') }}\"\ntacker_oslomsg_notify_ssl_ca_file: \"{{ oslomsg_notify_ssl_ca_file | default('') }}\"\ntacker_oslomsg_notify_policies: []\n\n## RabbitMQ integration\ntacker_oslomsg_rabbit_quorum_queues: \"{{ oslomsg_rabbit_quorum_queues | default(True) }}\"\ntacker_oslomsg_rabbit_stream_fanout: \"{{ oslomsg_rabbit_stream_fanout | default(tacker_oslomsg_rabbit_quorum_queues) }}\"\ntacker_oslomsg_rabbit_transient_quorum_queues: \"{{ oslomsg_rabbit_transient_quorum_queues | default(tacker_oslomsg_rabbit_stream_fanout) }}\"\ntacker_oslomsg_rabbit_qos_prefetch_count: \"{{ oslomsg_rabbit_qos_prefetch_count | default(tacker_oslomsg_rabbit_stream_fanout | ternary(10, 0)) }}\"\ntacker_oslomsg_rabbit_queue_manager: \"{{ oslomsg_rabbit_queue_manager | default(tacker_oslomsg_rabbit_quorum_queues) }}\"\ntacker_oslomsg_rabbit_quorum_delivery_limit: \"{{ oslomsg_rabbit_quorum_delivery_limit | default(0) }}\"\ntacker_oslomsg_rabbit_quorum_max_memory_bytes: \"{{ oslomsg_rabbit_quorum_max_memory_bytes | default(0) }}\"\n\n## Database info\ntacker_db_setup_host: \"{{ openstack_db_setup_host | default('localhost') }}\"\ntacker_db_setup_python_interpreter: >-\n {{\n openstack_db_setup_python_interpreter | default(\n (tacker_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))\n }}\ntacker_galera_address: \"{{ galera_address | default('127.0.0.1') }}\"\ntacker_galera_database: tacker\ntacker_galera_user: tacker\ntacker_galera_use_ssl: \"{{ galera_use_ssl | default(False) }}\"\ntacker_galera_ssl_ca_cert: \"{{ galera_ssl_ca_cert | default('') }}\"\ntacker_galera_port: \"{{ galera_port | default('3306') }}\"\ntacker_db_max_overflow: \"{{ openstack_db_max_overflow | default('50') }}\"\ntacker_db_max_pool_size: \"{{ openstack_db_max_pool_size | default('5') }}\"\ntacker_db_pool_timeout: \"{{ openstack_db_pool_timeout | default('30') }}\"\ntacker_db_connection_recycle_time: \"{{ openstack_db_connection_recycle_time | default('600') }}\"\n\ntacker_bind_address: \"{{ openstack_service_bind_address | default('0.0.0.0') }}\"\ntacker_service_port: 9890\ntacker_program_name: tacker-server\ntacker_conductor_program_name: tacker-conductor\n\n## Service Type and Data\ntacker_service_region: \"{{ service_region | default('RegionOne') }}\"\ntacker_service_name: tacker-server\ntacker_service_proto: http\ntacker_service_type: nfv-orchestration\ntacker_service_description: \"tacker service\"\ntacker_service_publicuri: \"{{ tacker_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ tacker_service_port }}\"\ntacker_service_publicurl: \"{{ tacker_service_publicuri }}\"\ntacker_service_internaluri: \"{{ tacker_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ tacker_service_port }}\"\ntacker_service_internalurl: \"{{ tacker_service_internaluri }}\"\ntacker_service_adminuri: \"{{ tacker_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ tacker_service_port }}\"\ntacker_service_adminurl: \"{{ tacker_service_adminuri }}\"\ntacker_service_registry_proto: \"{{ tacker_service_proto }}\"\ntacker_service_publicuri_proto: \"{{ openstack_service_publicuri_proto | default(tacker_service_proto) }}\"\ntacker_service_adminuri_proto: \"{{ openstack_service_adminuri_proto | default(tacker_service_proto) }}\"\ntacker_service_internaluri_proto: \"{{ openstack_service_internaluri_proto | default(tacker_service_proto) }}\"\n\ntacker_services:\n tacker-server:\n group: tacker_server\n service_name: \"{{ tacker_service_name }}\"\n enabled: true\n state: started\n execstarts: \"{{ tacker_bin }}/{{ tacker_program_name }} {{ tacker_config_options | default('') }}\"\n config_overrides: \"{{ tacker_init_config_overrides }}\"\n tacker-conductor:\n group: tacker_server\n service_name: \"{{ tacker_conductor_program_name }}\"\n enabled: true\n state: started\n execstarts: \"{{ tacker_bin }}/{{ tacker_conductor_program_name }} {{ tacker_conductor_config_options | default('') }}\"\n config_overrides: \"{{ tacker_conductor_init_config_overrides }}\"\n\n## Barbican service\nbarbican_keys_backend: false\n\n# NOTE: move password to tests/test-vars.yml\ntacker_service_password: password\n\n## Keystone\ntacker_service_project_domain_id: default\ntacker_service_project_name: service\ntacker_service_user_domain_id: default\ntacker_service_user_name: tacker\ntacker_keystone_auth_plugin: password\ntacker_service_role_names:\n - admin\n - service\ntacker_service_token_roles:\n - service\ntacker_service_token_roles_required: \"{{ openstack_service_token_roles_required | default(True) }}\"\n\ntacker_service_in_ldap: \"{{ service_ldap_backend_enabled | default(False) }}\"\n\n## Common pip packages\ntacker_pip_packages:\n - networking-sfc\n - osprofiler\n - PyMySQL\n - python-heatclient\n - python-tackerclient\n - systemd-python\n - \"git+{{ tacker_git_repo }}@{{ tacker_git_install_branch }}#egg=tacker\"\n\ntacker_config_options: --config-file {{ tacker_etc_dir }}/tacker.conf\ntacker_conductor_config_options: \"{{ tacker_config_options }}\"\ntacker_init_config_overrides: {}\ntacker_conductor_init_config_overrides: {}\n\n## tacker config\ntacker_heat_stack_retires: 60\ntacker_heat_stack_retry_wait: 5\n\n# heat service paramter for tacker.conf\nheat_service_adminurl: \"{{ tacker_service_publicuri_proto }}://{{ external_lb_vip_address }}:8004/v1\"\n\n## Tunable overrides\ntacker_tacker_conf_overrides: {}\ntacker_api_paste_ini_overrides: {}\ntacker_policy_overrides: {}\ntacker_rootwrap_overrides: {}\n\n###\n### Backend TLS\n###\n\n# Define if communication between haproxy and service backends should be\n# encrypted with TLS.\ntacker_backend_ssl: \"{{ openstack_service_backend_ssl | default(False) }}\"\n\n# Storage location for SSL certificate authority\ntacker_pki_dir: \"{{ openstack_pki_dir | default('/etc/openstack_deploy/pki') }}\"\n\n# Delegated host for operating the certificate authority\ntacker_pki_setup_host: \"{{ openstack_pki_setup_host | default('localhost') }}\"\n\n# tacker server certificate\ntacker_pki_keys_path: \"{{ tacker_pki_dir ~ '/certs/private/' }}\"\ntacker_pki_certs_path: \"{{ tacker_pki_dir ~ '/certs/certs/' }}\"\ntacker_pki_intermediate_cert_name: \"{{ openstack_pki_service_intermediate_cert_name | default('ExampleCorpIntermediate') }}\"\ntacker_pki_regen_cert: \"\"\ntacker_pki_san: \"{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}\"\ntacker_pki_certificates:\n - name: \"tacker_{{ ansible_facts['hostname'] }}\"\n provider: ownca\n cn: \"{{ ansible_facts['hostname'] }}\"\n san: \"{{ tacker_pki_san }}\"\n signed_by: \"{{ tacker_pki_intermediate_cert_name }}\"\n\n# tacker destination files for SSL certificates\ntacker_ssl_cert: /etc/tacker/tacker.pem\ntacker_ssl_key: /etc/tacker/tacker.key\n\n# Installation details for SSL certificates\ntacker_pki_install_certificates:\n - src: \"{{ tacker_user_ssl_cert | default(tacker_pki_certs_path ~ 'tacker_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}\"\n dest: \"{{ tacker_ssl_cert }}\"\n owner: \"{{ tacker_system_user_name }}\"\n group: \"{{ tacker_system_user_name }}\"\n mode: \"0644\"\n - src: \"{{ tacker_user_ssl_key | default(tacker_pki_keys_path ~ 'tacker_' ~ ansible_facts['hostname'] ~ '.key.pem') }}\"\n dest: \"{{ tacker_ssl_key }}\"\n owner: \"{{ tacker_system_user_name }}\"\n group: \"{{ tacker_system_user_name }}\"\n mode: \"0600\"\n\n# Define user-provided SSL certificates\n# tacker_user_ssl_cert: \n# tacker_user_ssl_key: \n","created":"2025-12-14T10:21:53.448213Z","updated":"2025-12-14T10:21:53.448224Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible-os_tacker/defaults/main.yml"}