{"id":551,"sha1":"57fa2f6b1451b2cc29774fef38974ae4dac6248c","playbook":{"id":4,"items":{"plays":32,"tasks":1505,"results":1497,"hosts":12,"files":487,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":4,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-openstack.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:57:07.871967Z","ended":"2025-12-08T14:21:54.049657Z","duration":"00:24:46.177690","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.11","server_version":"1.7.4","status":"failed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2014, Rackspace US, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n# Enable/Disable Telemetry projects\nswift_ceilometer_enabled: \"{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}\"\n\n## Verbosity Options\ndebug: false\n\n# Set the host which will execute the shade modules\n# for the service setup. The host must already have\n# clouds.yaml properly configured.\nswift_service_setup_host: \"{{ openstack_service_setup_host | default('localhost') }}\"\nswift_service_setup_host_python_interpreter: >-\n {{\n openstack_service_setup_host_python_interpreter | default(\n (swift_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))\n }}\n\n# Set the package install state for distribution packages\n# Options are 'present' and 'latest'\nswift_package_state: \"{{ package_state | default('latest') }}\"\n\n# Set installation method.\nswift_install_method: \"{{ service_install_method | default('source') }}\"\nswift_venv_python_executable: \"{{ openstack_venv_python_executable | default('python3') }}\"\n\n# Git repo details for swift\nswift_git_repo: https://opendev.org/openstack/swift\nswift_git_install_branch: master\n\nswift_upper_constraints_url: >-\n {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}\nswift_git_constraints:\n - \"--constraint {{ swift_upper_constraints_url }}\"\n\nswift_pip_install_args: \"{{ pip_install_options | default('') }}\"\n\n# Name of the virtual env to deploy into\nswift_venv_tag: \"{{ venv_tag | default('untagged') }}\"\nswift_bin: \"{{ _swift_bin }}\"\n\n# Set the full path to the swift recon cron\nrecon_cron_path: \"{{ swift_bin }}/swift-recon-cron\"\n\n## Swift User / Group\nswift_system_user_name: swift\nswift_system_group_name: swift\nswift_system_shell: /bin/bash\nswift_system_comment: swift system user\nswift_system_home_folder: \"/var/lib/{{ swift_system_user_name }}\"\nswift_system_slice_name: swift\nswift_lock_dir: \"{{ openstack_lock_dir | default('/run/lock') }}\"\nswift_cache_path: /var/cache/swift\n## Auth token\nswift_delay_auth_decision: true\n\n## Swift middleware\n# NB: The order is important!\nswift_middleware_list:\n - catch_errors\n - gatekeeper\n - healthcheck\n - proxy-logging\n - \"{% if swift_ceilometer_enabled | bool %}ceilometer{% endif %}\"\n - cache\n - container_sync\n - bulk\n - tempurl\n - ratelimit\n - authtoken\n - keystoneauth\n - staticweb\n - copy\n - container-quotas\n - account-quotas\n - slo\n - dlo\n - versioned_writes\n - proxy-logging\n - proxy-server\n\n# Setup tempauth users list (user__ = )\nswift_tempauth_users:\n - \"user_admin_admin = admin .admin .reseller_admin\"\n\n## Swift default ports\nswift_proxy_bind_address: \"{{ openstack_service_bind_address | default('0.0.0.0') }}\"\nswift_proxy_port: \"8080\"\n# You can change the object, container, account ports.\n# This will update the ring, on the next playbook run,\n# without requiring a rebalance.\n# NB: There is service downtime, during the run, between\n# the service restart and the ring updating.\nswift_object_port: \"6000\"\nswift_container_port: \"6001\"\nswift_account_port: \"6002\"\n\n# Default swift ring settings:\nswift_default_replication_number: 3\nswift_default_min_part_hours: 1\nswift_default_host_zone: 0\nswift_default_host_region: 1\nswift_default_drive_weight: 100\n\n## Swift service defaults\nswift_service_name: swift\nswift_service_user_name: swift\nswift_service_project_name: service\nswift_service_project_domain_id: \"default\"\nswift_service_project_domain_name: \"Default\"\nswift_service_user_domain_id: \"default\"\nswift_service_role_names:\n - admin\n - service\nswift_service_token_roles:\n - service\nswift_service_token_roles_required: \"{{ openstack_service_token_roles_required | default(True) }}\"\nswift_service_type: object-store\nswift_service_proto: http\nswift_service_publicuri_proto: \"{{ openstack_service_publicuri_proto | default(swift_service_proto) }}\"\nswift_service_adminuri_proto: \"{{ openstack_service_adminuri_proto | default(swift_service_proto) }}\"\nswift_service_internaluri_proto: \"{{ openstack_service_internaluri_proto | default(swift_service_proto) }}\"\nswift_service_description: \"Object Storage Service\"\nswift_service_publicuri: \"{{ swift_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ swift_proxy_port }}\"\nswift_service_publicurl: \"{{ swift_service_publicuri }}/v1/AUTH_%(tenant_id)s\"\nswift_service_adminuri: \"{{ swift_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ swift_proxy_port }}\"\nswift_service_adminurl: \"{{ swift_service_adminuri }}/v1/AUTH_%(tenant_id)s\"\nswift_service_internaluri: \"{{ swift_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ swift_proxy_port }}\"\nswift_service_internalurl: \"{{ swift_service_internaluri }}/v1/AUTH_%(tenant_id)s\"\nswift_service_region: \"{{ service_region | default('RegionOne') }}\"\nstatsd_host:\nstatsd_port: 8125\nstatsd_default_sample_rate: 1.0\nstatsd_sample_rate_factor: 1.0\nstatsd_metric_prefix:\n\n# Set the file limits\nswift_hard_open_file_limits: 10240\nswift_soft_open_file_limits: 4096\nswift_max_file_limits: \"{{ swift_hard_open_file_limits * 24 }}\"\n\n## Keystone authentication middleware\nswift_keystone_auth_plugin: \"{{ swift_keystone_auth_type }}\"\nswift_keystone_auth_type: \"password\"\n\nswift_dispersion_user: dispersion\nswift_dispersion_user_domain_name: \"Default\"\n\nswift_operator_role: swiftoperator\nswift_allow_versions: true\n# This will allow all users to create containers and upload to swift if set to True\nswift_allow_all_users: false\n# If you want to regenerate the swift keys, on a run, for rsync purposes set this var to True\n# otherwise keys will be generated on the first run and not regenerated each run.\nswift_recreate_keys: false\nswift_sorting_method: shuffle\n# Set the fallocate_reserve value which will reserve space and fail on PUTs above this value in bytes (Default 10GB)\nswift_fallocate_reserve: \"1%\"\nswift_account_fallocate_reserve: \"{{ swift_fallocate_reserve }}\"\nswift_container_fallocate_reserve: \"{{ swift_fallocate_reserve }}\"\nswift_object_fallocate_reserve: \"{{ swift_fallocate_reserve }}\"\n# Set this to true to disable fallocate\nswift_disable_fallocate: false\nswift_account_disable_fallocate: \"{{ swift_disable_fallocate }}\"\nswift_container_disable_fallocate: \"{{ swift_disable_fallocate }}\"\nswift_object_disable_fallocate: \"{{ swift_disable_fallocate }}\"\n\n# This variable will protect against changing swift_hash_path_* variables unintentionally.\n# If you wish to change them intentionally set the swift_force_change_hashes variable to True.\nswift_force_change_hashes: false\n\n## Swift ceilometer variables\nswift_reselleradmin_role: ResellerAdmin\n\n## Oslo Messaging\n\n# Notify\nswift_oslomsg_notify_policies: []\nswift_oslomsg_notify_host_group: \"{{ oslomsg_notify_host_group | default('rabbitmq_all') }}\"\nswift_oslomsg_notify_setup_host: \"{{ (swift_oslomsg_notify_host_group in groups) | ternary(groups[swift_oslomsg_notify_host_group][0], 'localhost') }}\"\nswift_oslomsg_notify_transport: \"{{ oslomsg_notify_transport | default('rabbit') }}\"\nswift_oslomsg_notify_servers: \"{{ oslomsg_notify_servers | default('127.0.0.1') }}\"\nswift_oslomsg_notify_port: \"{{ oslomsg_notify_port | default('5672') }}\"\nswift_oslomsg_notify_use_ssl: \"{{ oslomsg_notify_use_ssl | default(False) }}\"\nswift_oslomsg_notify_userid: swift\nswift_oslomsg_notify_vhost:\n - name: /swift\n state: \"{{ swift_oslomsg_rabbit_quorum_queues | ternary('absent', 'present') }}\"\n - name: swift\n state: \"{{ swift_oslomsg_rabbit_quorum_queues | ternary('present', 'absent') }}\"\n\nswift_oslomsg_notify_ssl_version: \"{{ oslomsg_notify_ssl_version | default('TLSv1_2') }}\"\nswift_oslomsg_notify_ssl_ca_file: \"{{ oslomsg_notify_ssl_ca_file | default('') }}\"\n\nswift_oslomsg_rabbit_quorum_queues: \"{{ oslomsg_rabbit_quorum_queues | default(True) }}\"\nswift_oslomsg_rabbit_quorum_delivery_limit: \"{{ oslomsg_rabbit_quorum_delivery_limit | default(0) }}\"\nswift_oslomsg_rabbit_quorum_max_memory_bytes: \"{{ oslomsg_rabbit_quorum_max_memory_bytes | default(0) }}\"\n\n## General Swift configuration\n# We are not capping the default value for these swift variables which define\n# the number of worker threads for each of the swift services (except the swift\n# proxy workers when proxy is in a container) because of the performace impact\n# that may be seen due to capping worker threads for swift services.\n# We would like to calculate the default value using vCPUs for good performance\n# of swift services.\n\n# If ``swift_account_server_replicator_workers`` is unset the system will use half the number\n# of available VCPUS to compute the number of api workers to use.\n# swift_account_server_replicator_workers: 16\n\n# If ``swift_server_replicator_workers`` is unset the system will use half the number\n# of available VCPUS to compute the number of api workers to use.\n# swift_server_replicator_workers: 16\n\n# If ``swift_object_replicator_workers`` is unset the system will use half the number\n# of available VCPUS to compute the number of api workers to use.\n# swift_object_replicator_workers: 16\n\n# If ``swift_account_server_workers`` is unset the system will use half the number\n# of available VCPUS to compute the number of api workers to use.\n# swift_account_server_workers: 16\n\n# If ``swift_container_server_workers`` is unset the system will use half the number\n# of available VCPUS to compute the number of api workers to use.\n# swift_container_server_workers: 16\n\n# If ``swift_object_server_workers`` is unset the system will use half the number\n# of available VCPUS to compute the number of api workers to use.\n# swift_object_server_workers: 16\n\n# If ``swift_proxy_server_workers`` is unset the system will use half the number\n# of available VCPUS to compute the number of api workers to use. Capping this\n# value at 16 if the swift proxy is in a container and user did not define\n# this variable.\nswift_proxy_server_workers_max: 16\nswift_proxy_server_workers_not_capped: \"{{ [(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2 }}\"\nswift_proxy_server_workers_capped: \"{{ [swift_proxy_server_workers_max, swift_proxy_server_workers_not_capped | int] | min }}\"\nswift_proxy_server_workers: \"{{ (inventory_hostname == physical_host) | ternary(swift_proxy_server_workers_not_capped, swift_proxy_server_workers_capped) }}\"\n\n# These are the storage addresses used to define the networks for swift storage and replication\n# These are calculated by the tasks based on the \"storage_network\" and \"replication_network\" values\n# set in the swift variables, if you set these per host the value won't be calculated.\n# Setting swift_vars.storage_ip or swift_vars.repl_ip will take precedence.\n# If none are set it will default to the \"ansible_host\" value.\n# swift_storage_address: 127.0.0.1\n# swift_replication_address: 127.0.0.1\n\n# This var is calculated by the play itself, and should not need to be set\n# It is defaulted for the benefit of the swift_proxy host which needs it\n# for the swift-init-systemd.j2 template file.\nswift_dedicated_replication: false\n\nswift_service_in_ldap: \"{{ service_ldap_backend_enabled | default(False) }}\"\n\n# Basic swift configuration for the cluster\nswift: {}\nswift_vars: {}\nswift_proxy_vars: {}\n\n# Example basic swift configuration for the cluster\n# swift:\n# part_power: 8\n# storage_network: 'br-storage'\n# replication_network: 'br-storage'\n# drives:\n# - name: swift1.img\n# - name: swift2.img\n# - name: swift3.img\n# mount_point: /srv\n# storage_policies:\n# - policy:\n# name: default\n# index: 0\n# default: True\n\n# Set rsync max_connections vars\nswift_max_rsync_connections: 4\nswift_account_max_rsync_connections: \"{{ swift_max_rsync_connections }}\"\nswift_container_max_rsync_connections: \"{{ swift_max_rsync_connections }}\"\nswift_object_max_rsync_connections: \"{{ swift_max_rsync_connections }}\"\n\n# Set Swift to use rsync module per object server drive\nswift_rsync_module_per_drive: false\n\n# Set Swift to use reverse lookup - requires name resolution or hosts entries\nswift_rsync_reverse_lookup: false\n\n# Set the managed regions as a list of swift regions to manage\n# Use for global clusters, default when not set is all regions.\n# swift_managed_regions:\n# - 1\n# - 2\n\n# swift_do_setup and swift_do_sync control which parts of the swift\n# role get run. You should never need to adjust these, they are set\n# within the swift-setup and swift-sync roles to ensure only the\n# appropriate tasks within the os-swift role are run.\nswift_do_setup: true\nswift_do_sync: true\n\n# Example swift_container_sync_realms to specify container_sync realms\n# This can exist for multiple realms (in a list)\n# swift_container_sync_realms:\n# - name: realm1\n# # You may want to put swift_realm_keyx in user_secrets.yml or ansible-vault\n# # Otherwise specify it manually below.\n# key1: {{ swift_realm_key1 }}\n# # key2 is optional and used for rotating/deprecated keys\n# key2: {{ swift_realm_key2 }}\n# clustername1: https:///v1\n# clustername2: https:///v1\n\nswift_pip_packages:\n - ceilometermiddleware\n - cryptography\n - dnspython\n - ecdsa\n - keystonemiddleware\n - osprofiler\n - pyeclib\n - python-keystoneclient\n - pymemcache\n - python-memcached\n - python-swiftclient\n - \"git+{{ swift_git_repo }}@{{ swift_git_install_branch }}#egg=swift\"\n - systemd-python\n\n# Memcached override\nswift_memcached_servers: \"{{ memcached_servers }}\"\n\nswift_account_replicator_init_overrides: {}\nswift_account_replicator_server_init_overrides: {}\nswift_account_server_init_overrides: {}\nswift_account_auditor_init_overrides: {}\nswift_account_reaper_init_overrides: {}\nswift_container_replicator_init_overrides: {}\nswift_container_replicator_server_init_overrides: {}\nswift_container_server_init_overrides: {}\nswift_container_auditor_init_overrides: {}\nswift_container_sync_init_overrides: {}\nswift_container_updater_init_overrides: {}\nswift_container_reconciler_init_overrides: {}\nswift_object_replicator_init_overrides: {}\nswift_object_replicator_server_init_overrides: {}\nswift_object_server_init_overrides: {}\nswift_object_auditor_init_overrides: {}\nswift_object_updater_init_overrides: {}\nswift_object_expirer_init_overrides: {}\nswift_object_reconstructor_init_overrides: {}\nswift_proxy_server_init_overrides: {}\n\n# Default options applied to all swift service units\nswift_service_defaults:\n Service:\n LimitNOFILE: \"{{ swift_soft_open_file_limits }}:{{ swift_hard_open_file_limits }}\"\n Environment:\n ? \"PYPY_GC_MIN={{ swift_pypy_gc_min }}\"\n ? \"PYPY_GC_MAX={{ swift_pypy_gc_max }}\"\n\nswift_services:\n swift-proxy-server:\n group: swift_proxy\n service_name: \"swift-proxy-server\"\n execstarts: \"{{ swift_bin }}/swift-proxy-server /etc/swift/proxy-server/proxy-server.conf\"\n init_config_overrides: \"{{ swift_proxy_server_init_overrides }}\"\n start_order: 1\n swift-account-server:\n group: swift_acc\n service_name: \"swift-account-server\"\n execstarts: \"{{ swift_bin }}/swift-account-server /etc/swift/account-server/account-server.conf\"\n init_config_overrides: \"{{ swift_account_server_init_overrides }}\"\n start_order: 2\n swift-account-replicator-server:\n group: swift_acc\n service_name: \"swift-account-replicator-server\"\n execstarts: \"{{ swift_bin }}/swift-account-server /etc/swift/account-server/account-server-replicator.conf\"\n service_en: \"{{ swift_dedicated_replication | bool }}\"\n init_config_overrides: \"{{ swift_account_replicator_server_init_overrides }}\"\n start_order: 3\n swift-container-server:\n group: swift_cont\n service_name: swift-container-server\n execstarts: \"{{ swift_bin }}/swift-container-server /etc/swift/container-server/container-server.conf\"\n init_config_overrides: \"{{ swift_container_server_init_overrides }}\"\n start_order: 4\n swift-container-replicator-server:\n group: swift_cont\n service_name: \"swift-container-replicator-server\"\n execstarts: \"{{ swift_bin }}/swift-container-server /etc/swift/container-server/container-server-replicator.conf\"\n service_en: \"{{ swift_dedicated_replication | bool }}\"\n init_config_overrides: \"{{ swift_container_replicator_server_init_overrides }}\"\n start_order: 5\n swift-object-server:\n group: swift_obj\n service_name: swift-object-server\n execstarts: \"{{ swift_bin }}/swift-object-server /etc/swift/object-server/object-server.conf\"\n init_config_overrides: \"{{ swift_object_server_init_overrides }}\"\n start_order: 6\n swift-object-replicator-server:\n group: swift_obj\n service_name: \"swift-object-replicator-server\"\n execstarts: \"{{ swift_bin }}/swift-object-server /etc/swift/object-server/object-server-replicator.conf\"\n service_en: \"{{ swift_dedicated_replication | bool }}\"\n init_config_overrides: \"{{ swift_object_replicator_server_init_overrides }}\"\n start_order: 7\n\n swift-account-auditor:\n group: swift_acc\n service_name: swift-account-auditor\n execstarts: >-\n {{ swift_bin }}/swift-account-auditor {{ swift_dedicated_replication | ternary(\n '/etc/swift/account-server/account-server-replicator.conf', '/etc/swift/account-server/account-server.conf'\n ) }}\n init_config_overrides: \"{{ swift_account_auditor_init_overrides }}\"\n start_order: 8\n swift-account-reaper:\n group: swift_acc\n service_name: swift-account-reaper\n execstarts: \"{{ swift_bin }}/swift-account-reaper /etc/swift/account-server/account-server.conf\"\n init_config_overrides: \"{{ swift_account_reaper_init_overrides }}\"\n start_order: 9\n swift-account-replicator:\n group: swift_acc\n service_name: swift-account-replicator\n execstarts: >-\n {{ swift_bin }}/swift-account-replicator {{ swift_dedicated_replication | ternary(\n '/etc/swift/account-server/account-server-replicator.conf', '/etc/swift/account-server/account-server.conf'\n ) }}\n init_config_overrides: \"{{ swift_account_replicator_init_overrides }}\"\n start_order: 10\n\n swift-container-auditor:\n group: swift_cont\n service_name: \"swift-container-auditor\"\n execstarts: >-\n {{ swift_bin }}/swift-container-auditor {{ swift_dedicated_replication | ternary(\n '/etc/swift/container-server/container-server-replicator.conf', '/etc/swift/container-server/container-server.conf'\n ) }}\n init_config_overrides: \"{{ swift_container_auditor_init_overrides }}\"\n start_order: 11\n swift-container-reconciler:\n group: swift_cont\n service_name: \"swift-container-reconciler\"\n execstarts: \"{{ swift_bin }}/swift-container-reconciler /etc/swift/container-server/container-reconciler.conf\"\n init_config_overrides: \"{{ swift_container_reconciler_init_overrides }}\"\n start_order: 12\n swift-container-replicator:\n group: swift_cont\n service_name: \"swift-container-replicator\"\n execstarts: >-\n {{ swift_bin }}/swift-container-replicator {{ swift_dedicated_replication | ternary(\n '/etc/swift/container-server/container-server-replicator.conf', '/etc/swift/container-server/container-server.conf'\n ) }}\n init_config_overrides: \"{{ swift_container_replicator_init_overrides }}\"\n start_order: 13\n swift-container-sync:\n group: swift_cont\n service_name: \"swift-container-sync\"\n execstarts: \"{{ swift_bin }}/swift-container-sync /etc/swift/container-server/container-server.conf\"\n init_config_overrides: \"{{ swift_container_sync_init_overrides }}\"\n start_order: 14\n swift-container-updater:\n group: swift_cont\n service_name: \"swift-container-updater\"\n execstarts: \"{{ swift_bin }}/swift-container-updater /etc/swift/container-server/container-server.conf\"\n init_config_overrides: \"{{ swift_container_updater_init_overrides }}\"\n start_order: 15\n\n swift-object-auditor:\n group: swift_obj\n service_name: \"swift-object-auditor\"\n execstarts: >-\n {{ swift_bin }}/swift-object-auditor {{ swift_dedicated_replication | ternary(\n '/etc/swift/object-server/object-server-replicator.conf', '/etc/swift/object-server/object-server.conf'\n ) }}\n init_config_overrides: \"{{ swift_object_auditor_init_overrides }}\"\n start_order: 16\n swift-object-expirer:\n group: swift_obj\n service_name: \"swift-object-expirer\"\n execstarts: \"{{ swift_bin }}/swift-object-expirer /etc/swift/object-server/object-expirer.conf\"\n init_config_overrides: \"{{ swift_object_expirer_init_overrides }}\"\n start_order: 17\n swift-object-reconstructor:\n group: swift_obj\n service_name: \"swift-object-reconstructor\"\n execstarts: >-\n {{ swift_bin }}/swift-object-reconstructor {{ swift_dedicated_replication | ternary(\n '/etc/swift/object-server/object-server-replicator.conf', '/etc/swift/object-server/object-server.conf'\n ) }}\n init_config_overrides: \"{{ swift_object_reconstructor_init_overrides }}\"\n start_order: 18\n swift-object-replicator:\n group: swift_obj\n service_name: \"swift-object-replicator\"\n execstarts: >-\n {{ swift_bin }}/swift-object-replicator {{ swift_dedicated_replication | ternary(\n '/etc/swift/object-server/object-server-replicator.conf', '/etc/swift/object-server/object-server.conf'\n ) }}\n init_config_overrides: \"{{ swift_object_replicator_init_overrides }}\"\n start_order: 19\n swift-object-updater:\n group: swift_obj\n service_name: \"swift-object-updater\"\n execstarts: \"{{ swift_bin }}/swift-object-updater /etc/swift/object-server/object-server.conf\"\n init_config_overrides: \"{{ swift_object_updater_init_overrides }}\"\n start_order: 20\n\n# Set to True to reset the clock on the last time a rebalance happened,\n# circumventing the min_part_hours check.\n# USE WITH EXTREME CAUTION\n# If you run the swift playbook with this option enabled, before a swift\n# replication pass completes, you may introduce unavailability in your\n# cluster. This has an end-user impact.\nswift_pretend_min_part_hours_passed: false\n\n# Set this option to enable or disable the pypy interpreter for swift\nswift_pypy_enabled: false\nswift_pypy_archive:\n url: \"https://bitbucket.org/pypy/pypy/downloads/pypy2-v5.9.0-linux64.tar.bz2\"\n checksum: \"sha256:790febd4f09e22d6e2f81154efc7dc4b2feec72712aaf4f82aa91b550abb4b48\"\nswift_pypy_version: \"{{ swift_pypy_archive['url'] | basename | replace('.tar.bz2', '') }}\"\nswift_pypy_env: \"/opt/pypy-runtime/{{ swift_pypy_version }}/bin/pypy\"\n# Set the Garbage Collection (GC) options for pypy if you would like to tune these\n# More info on pypy garbage collection can be found here:\n# http://doc.pypy.org/en/latest/gc_info.html\nswift_pypy_gc_min: \"15M\"\nswift_pypy_gc_max: \"1GB\"\n\n## Tunable overrides\nswift_swift_conf_overrides: {}\nswift_swift_dispersion_conf_overrides: {}\nswift_proxy_server_conf_overrides: {}\nswift_account_server_conf_overrides: {}\nswift_account_server_replicator_conf_overrides: {}\nswift_container_server_conf_overrides: {}\nswift_container_reconciler_conf_overrides: {}\nswift_container_server_replicator_conf_overrides: {}\nswift_container_sync_realms_conf_overrides: {}\nswift_drive_audit_conf_overrides: {}\nswift_internal_client_conf_overrides: {}\nswift_object_server_conf_overrides: {}\nswift_object_expirer_conf_overrides: {}\nswift_object_server_replicator_conf_overrides: {}\nswift_memcache_conf_overrides: {}\n\n###\n### Backend TLS\n###\n\n# Define if communication between haproxy and service backends should be\n# encrypted with TLS.\n# `openstack_service_backend_ssl` is not taken into account\n# because TLS in swift-proxy is only for testing purposes:\n# https://opendev.org/openstack/swift/src/commit/c78a5962b5f6c9e75f154cac924a226815236e98/etc/proxy-server.conf-sample\nswift_backend_ssl: false\n\n# Storage location for SSL certificate authority\nswift_pki_dir: \"{{ openstack_pki_dir | default('/etc/openstack_deploy/pki') }}\"\n\n# Delegated host for operating the certificate authority\nswift_pki_setup_host: \"{{ openstack_pki_setup_host | default('localhost') }}\"\n\n# swift server certificate\nswift_pki_keys_path: \"{{ swift_pki_dir ~ '/certs/private/' }}\"\nswift_pki_certs_path: \"{{ swift_pki_dir ~ '/certs/certs/' }}\"\nswift_pki_intermediate_cert_name: \"{{ openstack_pki_service_intermediate_cert_name | default('ExampleCorpIntermediate') }}\"\nswift_pki_regen_cert: \"\"\nswift_pki_san: \"{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}\"\nswift_pki_certificates:\n - name: \"swift_{{ ansible_facts['hostname'] }}\"\n provider: ownca\n cn: \"{{ ansible_facts['hostname'] }}\"\n san: \"{{ swift_pki_san }}\"\n signed_by: \"{{ swift_pki_intermediate_cert_name }}\"\n\n# swift destination files for SSL certificates\nswift_ssl_cert: /etc/swift/swift.pem\nswift_ssl_key: /etc/swift/swift.key\n\n# Installation details for SSL certificates\nswift_pki_install_certificates:\n - src: \"{{ swift_user_ssl_cert | default(swift_pki_certs_path ~ 'swift_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}\"\n dest: \"{{ swift_ssl_cert }}\"\n owner: \"{{ swift_system_user_name }}\"\n group: \"{{ swift_system_user_name }}\"\n mode: \"0644\"\n - src: \"{{ swift_user_ssl_key | default(swift_pki_keys_path ~ 'swift_' ~ ansible_facts['hostname'] ~ '.key.pem') }}\"\n dest: \"{{ swift_ssl_key }}\"\n owner: \"{{ swift_system_user_name }}\"\n group: \"{{ swift_system_user_name }}\"\n mode: \"0600\"\n\n# Define user-provided SSL certificates\n# swift_user_ssl_cert: \n# swift_user_ssl_key: \n\nswift_sysctl_file: \"{{ openstack_sysctl_file | default('/etc/sysctl.conf') }}\"\n\n# host which holds the ssh certificate authority\nswift_ssh_keypairs_setup_host: \"{{ openstack_ssh_keypairs_setup_host | default('localhost') }}\"\n# directory on the deploy host to create and store SSH keypairs\nswift_ssh_keypairs_dir: \"{{ openstack_ssh_keypairs_dir }}\"\n# Each swift host needs a signed ssh certificate to log into the others\nswift_ssh_keypairs:\n - name: \"swift-{{ inventory_hostname }}\"\n cert:\n signed_by: \"{{ openstack_ssh_signing_key }}\"\n principals: \"{{ swift_ssh_key_principals | default('swift') }}\"\n valid_from: \"{{ swift_ssh_key_valid_from | default('always') }}\"\n valid_to: \"{{ swift_ssh_key_valid_to | default('forever') }}\"\n# Each swift host needs the signed ssh certificate installing to the swift user\nswift_ssh_keypairs_install_keys:\n owner: \"{{ swift_system_user_name }}\"\n group: \"{{ swift_system_group_name }}\"\n keys:\n - cert: \"swift-{{ inventory_hostname }}\"\n dest: \"{{ swift_system_home_folder }}/.ssh/id_rsa\"\n# Each swift host must trust the SSHD certificate authoritiy in the sshd configuration\nswift_ssh_keypairs_install_ca: \"{{ openstack_ssh_keypairs_authorities }}\"\n# Each swift host must allow SSH certificates with the appropriate principal to log into the swift user\nswift_ssh_keypairs_principals:\n - user: \"{{ swift_system_user_name }}\"\n principals: \"{{ swift_ssh_key_principals | default(['swift']) }}\"\n","created":"2025-12-08T13:57:14.907251Z","updated":"2025-12-08T13:57:14.907263Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible-os_swift/defaults/main.yml"}