{"id":643,"sha1":"84a4cc0017ac38022002107ada8eade0f53f58dc","playbook":{"id":4,"items":{"plays":32,"tasks":1505,"results":1497,"hosts":12,"files":487,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":4,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-openstack.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:57:07.871967Z","ended":"2025-12-08T14:21:54.049657Z","duration":"00:24:46.177690","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.11","server_version":"1.7.4","status":"failed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2016 Internet Solutions (Pty) Ltd\n# Copyright 2017 IBM Corp\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n#\n# (c) 2016 Donovan Francesco \n# (c) 2016 Paul Stevens \n\n# python venv executable\ntrove_venv_python_executable: \"{{ openstack_venv_python_executable | default('python3') }}\"\n\n# Set the host which will execute the shade modules\n# for the service setup. The host must already have\n# clouds.yaml properly configured.\ntrove_service_setup_host: \"{{ openstack_service_setup_host | default('localhost') }}\"\ntrove_service_setup_host_python_interpreter: >-\n {{\n openstack_service_setup_host_python_interpreter | default(\n (trove_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))\n }}\n\ntrove_package_state: \"{{ package_state | default('latest') }}\"\n\ndebug: false\ntrove_system_group_name: trove\ntrove_system_user_name: trove\ntrove_system_user_comment: Trove System User\ntrove_system_user_shell: /bin/false\ntrove_system_user_home: \"/var/lib/{{ trove_system_user_name }}\"\ntrove_log_directory: /var/log/trove\ntrove_etc_directory: /etc/trove\n\ntrove_service_name: trove\ntrove_service_user_name: trove\ntrove_service_type: database\ntrove_service_description: \"OpenStack DBaaS (Trove)\"\ntrove_service_project_name: service\ntrove_service_admin_role_names:\n - admin\n - service\ntrove_service_token_roles:\n - service\ntrove_service_token_roles_required: \"{{ openstack_service_token_roles_required | default(True) }}\"\ntrove_service_region: \"{{ service_region | default('RegionOne') }}\"\ntrove_service_endpoint_type: internal\ntrove_service_host: \"{{ openstack_service_bind_address | default('0.0.0.0') }}\"\ntrove_service_port: 8779\ntrove_service_proto: http\ntrove_service_publicuri_proto: \"{{ openstack_service_publicuri_proto | default(trove_service_proto) }}\"\ntrove_service_internaluri_proto: \"{{ openstack_service_internaluri_proto | default(trove_service_proto) }}\"\ntrove_service_adminuri_proto: \"{{ openstack_service_adminuri_proto | default(trove_service_proto) }}\"\ntrove_service_publicurl: \"{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s\"\ntrove_service_internalurl: \"{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s\"\ntrove_service_adminurl: \"{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s\"\ntrove_auth_url: \"{{ keystone_service_internalurl }}\"\n\ntrove_service_in_ldap: \"{{ service_ldap_backend_enabled | default(False) }}\"\n\ntrove_profiler_enabled: false\n\n## Cap the maximum number of threads / workers when a user value is unspecified.\ntrove_api_workers_max: 16\ntrove_api_workers: >-\n {{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, trove_api_workers_max] | min }}\n\n# uWSGI settings\ntrove_wsgi_threads: 1\ntrove_use_uwsgi: true\ntrove_uwsgi_tls:\n crt: \"{{ trove_ssl_cert }}\"\n key: \"{{ trove_ssl_key }}\"\n\n## Cap the maximum number of threads / workers when a user value is unspecified.\ntrove_conductor_workers_max: 16\ntrove_conductor_workers: >-\n {{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, trove_conductor_workers_max] | min }}\n\n# Enable/Disable Ceilometer\ntrove_ceilometer_enabled: \"{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}\"\n\ntrove_pip_install_args: \"{{ pip_install_options | default('') }}\"\n\n# Name of the virtual env to deploy into\ntrove_venv_tag: \"{{ venv_tag | default('untagged') }}\"\ntrove_bin: \"/openstack/venvs/trove-{{ trove_venv_tag }}/bin\"\n\ntrove_git_repo: \"https://opendev.org/openstack/trove\"\ntrove_git_install_branch: master\ntrove_upper_constraints_url: >-\n {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}\ntrove_git_constraints:\n - \"--constraint {{ trove_upper_constraints_url }}\"\n\n# Database vars\ntrove_db_setup_host: \"{{ openstack_db_setup_host | default('localhost') }}\"\ntrove_db_setup_python_interpreter: >-\n {{\n openstack_db_setup_python_interpreter | default(\n (trove_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))\n }}\ntrove_galera_address: \"{{ galera_address | default('127.0.0.1') }}\"\ntrove_galera_database_name: trove\ntrove_galera_user: trove\ntrove_galera_use_ssl: \"{{ galera_use_ssl | default(False) }}\"\ntrove_galera_ssl_ca_cert: \"{{ galera_ssl_ca_cert | default('') }}\"\ntrove_galera_port: \"{{ galera_port | default('3306') }}\"\ntrove_galera_connection_string: >-\n mysql+pymysql://{{ trove_galera_user}}:{{ trove_galera_password }}@{{ trove_galera_address }}:{{ trove_galera_port }}/{{ trove_galera_database_name\n }}?charset=utf8{% if trove_galera_use_ssl | bool %}&ssl_verify_cert=true{%\n if trove_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ trove_galera_ssl_ca_cert }}{% endif %}{% endif %}\ntrove_db_max_overflow: \"{{ openstack_db_max_overflow | default('50') }}\"\ntrove_db_max_pool_size: \"{{ openstack_db_max_pool_size | default('5') }}\"\ntrove_db_pool_timeout: \"{{ openstack_db_pool_timeout | default('30') }}\"\ntrove_db_connection_recycle_time: \"{{ openstack_db_connection_recycle_time | default('600') }}\"\n\n## Oslo Messaging vars\n# RPC\ntrove_oslomsg_rpc_host_group: \"{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}\"\ntrove_oslomsg_rpc_setup_host: \"{{ (trove_oslomsg_rpc_host_group in groups) | ternary(groups[trove_oslomsg_rpc_host_group][0], 'localhost') }}\"\ntrove_oslomsg_rpc_transport: \"{{ oslomsg_rpc_transport | default('rabbit') }}\"\ntrove_oslomsg_rpc_servers: \"{{ oslomsg_rpc_servers | default('127.0.0.1') }}\"\ntrove_oslomsg_rpc_port: \"{{ oslomsg_rpc_port | default('5672') }}\"\ntrove_oslomsg_rpc_use_ssl: \"{{ oslomsg_rpc_use_ssl | default(False) }}\"\ntrove_oslomsg_rpc_userid: trove\ntrove_oslomsg_rpc_policies: []\n# vhost name depends on value of oslomsg_rabbit_quorum_queues. In case quorum queues\n# are not used - vhost name will be prefixed with leading `/`.\ntrove_oslomsg_rpc_vhost:\n - name: /trove\n state: \"{{ trove_oslomsg_rabbit_quorum_queues | ternary('absent', 'present') }}\"\n - name: trove\n state: \"{{ trove_oslomsg_rabbit_quorum_queues | ternary('present', 'absent') }}\"\ntrove_oslomsg_rpc_ssl_version: \"{{ oslomsg_rpc_ssl_version | default('TLSv1_2') }}\"\ntrove_oslomsg_rpc_ssl_ca_file: \"{{ oslomsg_rpc_ssl_ca_file | default('') }}\"\n\n# Notify\ntrove_oslomsg_notify_configure: \"{{ oslomsg_notify_configure | default(trove_ceilometer_enabled) }}\"\ntrove_oslomsg_notify_host_group: \"{{ oslomsg_notify_host_group | default('rabbitmq_all') }}\"\ntrove_oslomsg_notify_setup_host: \"{{ (trove_oslomsg_notify_host_group in groups) | ternary(groups[trove_oslomsg_notify_host_group][0], 'localhost') }}\"\ntrove_oslomsg_notify_transport: \"{{ oslomsg_notify_transport | default('rabbit') }}\"\ntrove_oslomsg_notify_servers: \"{{ oslomsg_notify_servers | default('127.0.0.1') }}\"\ntrove_oslomsg_notify_port: \"{{ oslomsg_notify_port | default('5672') }}\"\ntrove_oslomsg_notify_use_ssl: \"{{ oslomsg_notify_use_ssl | default(False) }}\"\ntrove_oslomsg_notify_userid: \"{{ trove_oslomsg_rpc_userid }}\"\ntrove_oslomsg_notify_password: \"{{ trove_oslomsg_rpc_password }}\"\ntrove_oslomsg_notify_vhost: \"{{ trove_oslomsg_rpc_vhost }}\"\ntrove_oslomsg_notify_ssl_version: \"{{ oslomsg_notify_ssl_version | default('TLSv1_2') }}\"\ntrove_oslomsg_notify_ssl_ca_file: \"{{ oslomsg_notify_ssl_ca_file | default('') }}\"\ntrove_oslomsg_notify_policies: []\n\n## RabbitMQ integration\ntrove_oslomsg_rabbit_quorum_queues: \"{{ oslomsg_rabbit_quorum_queues | default(True) }}\"\ntrove_oslomsg_rabbit_stream_fanout: \"{{ oslomsg_rabbit_stream_fanout | default(trove_oslomsg_rabbit_quorum_queues) }}\"\ntrove_oslomsg_rabbit_transient_quorum_queues: \"{{ oslomsg_rabbit_transient_quorum_queues | default(trove_oslomsg_rabbit_stream_fanout) }}\"\ntrove_oslomsg_rabbit_qos_prefetch_count: \"{{ oslomsg_rabbit_qos_prefetch_count | default(trove_oslomsg_rabbit_stream_fanout | ternary(10, 0)) }}\"\ntrove_oslomsg_rabbit_queue_manager: \"{{ oslomsg_rabbit_queue_manager | default(trove_oslomsg_rabbit_quorum_queues) }}\"\ntrove_oslomsg_rabbit_quorum_delivery_limit: \"{{ oslomsg_rabbit_quorum_delivery_limit | default(0) }}\"\ntrove_oslomsg_rabbit_quorum_max_memory_bytes: \"{{ oslomsg_rabbit_quorum_max_memory_bytes | default(0) }}\"\ntrove_guest_oslomsg_rabbit_quorum_queues: \"{{ oslomsg_rabbit_quorum_queues | default(True) }}\"\ntrove_guest_oslomsg_rabbit_stream_fanout: \"{{ oslomsg_rabbit_stream_fanout | default(trove_guest_oslomsg_rabbit_quorum_queues) }}\"\ntrove_guest_oslomsg_rabbit_transient_quorum_queues: \"{{ oslomsg_rabbit_transient_quorum_queues | default(trove_guest_oslomsg_rabbit_stream_fanout) }}\"\ntrove_guest_oslomsg_rabbit_qos_prefetch_count: \"{{ oslomsg_rabbit_qos_prefetch_count | default(trove_guest_oslomsg_rabbit_stream_fanout | ternary(10, 0)) }}\"\ntrove_guest_oslomsg_rabbit_queue_manager: \"{{ oslomsg_rabbit_queue_manager | default(trove_guest_oslomsg_rabbit_quorum_queues) }}\"\n\n# Specific pip packages provided by the user\ntrove_user_pip_packages: []\n\n# Rabbit vars\ntrove_control_exchange: trove\ntrove_rabbit_notification_topic: notification\n\n# The trove guest agent in the deployed DB VMs need access to OpenStack services (keystone, swift, etc)\n# and also to rabbitmq. The way it gets access (networking) these services may differ.\n# By default assume:\n# OpenStack services are accesses through public interfaces\n# Infrastructure services (rabbitmq) are accessed through the defined provider network.\n#\n# The value of 'net_name' field of the provider network network to use for infrastructure services\ntrove_provider_net_name: dbaas-mgmt\ntrove_provider_network: >-\n {{\n provider_networks | map(attribute='network') | selectattr('net_name','defined') | selectattr(\n 'net_name', 'equalto', trove_provider_net_name\n ) | list | first\n }}\n# The name of the network interface\ntrove_provider_net_iface: \"{{ (is_metal | bool) | ternary(trove_provider_network['container_bridge'], trove_provider_network['container_interface']) }}\"\ntrove_guest_endpoint_type: public\n\n# Guestagent RPC configuration\ntrove_guest_rpc_host_group: \"{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}\"\ntrove_guest_oslomsg_rpc_setup_host: \"{{ (trove_guest_rpc_host_group in groups) | ternary(groups[trove_guest_rpc_host_group][0], 'localhost') }}\"\ntrove_guest_oslomsg_rpc_servers: >-\n {{\n groups[trove_guest_rpc_host_group] | map('extract', hostvars, 'ansible_facts') | map(attribute=trove_provider_net_iface | replace('-','_')\n ) | map(attribute='ipv4.address') | join(',')\n }}\ntrove_guest_oslomsg_rpc_use_ssl: \"{{ trove_oslomsg_rpc_use_ssl }}\"\ntrove_guest_oslomsg_rpc_port: \"{{ trove_oslomsg_rpc_port }}\"\ntrove_guest_oslomsg_rpc_userid: \"{{ trove_oslomsg_rpc_userid }}\"\ntrove_guest_oslomsg_rpc_password: \"{{ trove_oslomsg_rpc_password }}\"\ntrove_guest_oslomsg_rpc_ssl_version: \"{{ trove_oslomsg_rpc_ssl_version }}\"\ntrove_guest_oslomsg_rpc_ssl_ca_file: \"{{ trove_oslomsg_rpc_ssl_ca_file }}\"\ntrove_guest_oslomsg_rpc_policies: []\ntrove_guest_oslomsg_rpc_vhost:\n - name: /trove\n state: \"{{ trove_guest_oslomsg_rabbit_quorum_queues | ternary('absent', 'present') }}\"\n - name: trove\n state: \"{{ trove_guest_oslomsg_rabbit_quorum_queues | ternary('present', 'absent') }}\"\n\ntrove_guest_oslomsg_notify_configure: \"{{ oslomsg_notify_configure | default(trove_ceilometer_enabled) }}\"\ntrove_guest_notify_host_group: \"{{ oslomsg_notify_host_group | default('rabbitmq_all') }}\"\ntrove_guest_oslomsg_notify_servers: >-\n {{\n groups[trove_guest_notify_host_group] | map('extract', hostvars, 'ansible_facts') | map(attribute=trove_provider_net_iface | replace('-','_')\n ) | map(attribute='ipv4.address') | join(',')\n }}\ntrove_guest_oslomsg_notify_use_ssl: \"{{ trove_oslomsg_notify_use_ssl }}\"\ntrove_guest_oslomsg_notify_port: \"{{ trove_oslomsg_notify_port }}\"\ntrove_guest_oslomsg_notify_userid: \"{{ trove_oslomsg_notify_userid }}\"\ntrove_guest_oslomsg_notify_password: \"{{ trove_oslomsg_notify_password }}\"\ntrove_guest_oslomsg_notify_vhost: \"{{ trove_guest_oslomsg_rpc_vhost }}\"\ntrove_guest_oslomsg_notify_ssl_version: \"{{ trove_oslomsg_notify_ssl_version }}\"\ntrove_guest_oslomsg_notify_ssl_ca_file: \"{{ trove_oslomsg_notify_ssl_ca_file }}\"\ntrove_guest_oslomsg_notify_policies: []\n\n# Trove image settings.\n# Set the directory where the downloaded images will be stored\n# on the trove_service_setup_host host. If the host is localhost,\n# then the user running the playbook must have access to it.\ntrove_image_local_path: \"{{ lookup('env', 'HOME') }}/openstack-ansible/trove\"\ntrove_image_path_owner: \"{{ lookup('env', 'USER') }}\"\n## Example Glance Image - Fedora Atomic\n# - name: ubuntu-bionic #Name of the image in Glance\n# disk_format: qcow2 #Disk format (e.g. qcow2)\n# image_format: bare #Image format\n# public: true #Boolean - is the image public\n# file: https://tarballs.opendev.org/openstack/trove/images/trove-master-guest-ubuntu-bionic.qcow2\n# tags:\n# - trove\n# checksum: \"sha256:9a5252e24b82a5edb1ce75b05653f59895685b0f1028112462e908a12deae518\"\ntrove_guestagent_images: []\n\n# For OpenStack services that have public, admin, and internal access, use the public ones for the guest VMs.\ntrove_guest_auth_url: \"{{ keystone_service_publicurl }}\"\ntrove_guest_swift_url: \"{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ swift_proxy_port | default(8080) }}/v1/AUTH_\"\n\ntrove_resources_deploy_host: localhost\ntrove_resources_deploy_python_interpreter: \"{{ ansible_playbook_python }}\"\ntrove_guest_ssh_enabled: false\ntrove_guest_ssh_key_manage: true\ntrove_guest_ssh_key_name: trove_guestagent_key\ntrove_guest_ssh_key_dir: \"{{ openstack_ssh_keypairs_dir | default(lookup('env', 'HOME') ~ '/.ssh') }}\"\ntrove_guest_ssh_key_comment: \"Generated-By-OpenStack-Ansible\"\n# Options: ssh, pkcs1 and pkcs8\ntrove_guest_ssh_key_format: ssh\n# Options: rsa, dsa, rsa1, ecdsa, ed25519\ntrove_guest_ssh_key_type: rsa\ntrove_guest_ssh_key_size: 4096\n# Security group which will allow SSH connections\ntrove_guest_ssh_security_group_name: trove_guest_management\ntrove_guest_ssh_security_group_extra_rules: []\n\ntrove_swift_enabled: >-\n {{\n (groups['swift_all'] is defined and groups['swift_all'] | length > 0) or\n (groups['ceph-rgw'] is defined and groups['ceph-rgw'] | length > 0) or\n (ceph_rgws is defined and ceph_rgws | length > 0)\n }}\ntrove_designate_enabled: \"{{ (groups['designate_all'] is defined and groups['designate_all'] | length > 0) }}\"\ntrove_cinder_enabled: \"{{ (groups['cinder_volume'] is defined and groups['cinder_volume'] | length > 0) }}\"\n\ntrove_service_neutron_endpoint_type: \"{{ trove_service_endpoint_type }}\"\ntrove_service_cinder_endpoint_type: \"{{ trove_service_endpoint_type }}\"\ntrove_service_nova_endpoint_type: \"{{ trove_service_endpoint_type }}\"\ntrove_service_glance_endpoint_type: \"{{ trove_service_endpoint_type }}\"\ntrove_service_swift_endpoint_type: \"{{ trove_service_endpoint_type }}\"\n\ntrove_dns_domain_name: \"trove.com.\"\ntrove_dns_domain_id: \"00000000-0000-0000-0000-000000000000\"\n# Notification topics for designate.\ntrove_notifications_designate: notifications_designate\n\n# Trove service network settings.\n# These values are used when creating an OpenStack network to be used by Trove. By default the network will\n# not be created.\ntrove_service_net_setup: false\ntrove_service_net_validate_certs: \"False\"\ntrove_service_net_phys_net: dbaas-mgmt\ntrove_service_net_type: flat\ntrove_service_net_name: dbaas_service_net\n# Network segmentation ID if vlan, gre...\n# trove_service_net_segmentation_id:\ntrove_service_subnet_name: dbaas_subnet\ntrove_service_net_subnet_cidr: \"172.29.252.0/22\"\ntrove_service_net_dhcp: \"True\"\ntrove_service_net_allocation_pool_start: \"172.29.252.110\"\ntrove_service_net_allocation_pool_end: \"172.29.255.254\"\ntrove_service_net_endpoint_type: \"{{ trove_service_endpoint_type }}\"\n\n# UUID of security groups that will be attached to the management net of guests\ntrove_management_security_groups: []\n\n# A set of datastores which will be populated and maintained for the deployment.\n# trove_datastores:\n# mariadb: # name of the manager\n# - name: MariaDB # name of the datastore\n# versions:\n# - name: 11.4\n# enabled: true\n# version-number: 11.4.7\n# default: true\n# - name: 11.4\n# enabled: false\n# version-number: 11.4.6\n\ntrove_datastores: {}\n\n# RPC encryption keys\n# See the Trove documentation as to the significance of the rpc encryption keys\n# Trove supplies default values but we enforce they not be left to their default values\ntrove_enable_secure_rpc_messaging: \"True\"\ntrove_required_secrets:\n - trove_galera_password\n - trove_oslomsg_rpc_password\n - trove_oslomsg_notify_password\n - trove_service_password\n - trove_admin_user_password\n - trove_taskmanager_rpc_encr_key\n - trove_inst_rpc_key_encr_key\n - trove_instance_rpc_encr_key\n\n# Keystone AuthToken/Middleware\ntrove_keystone_auth_plugin: \"{{ trove_keystone_auth_type }}\"\ntrove_keystone_auth_type: password\ntrove_service_project_domain_name: Default\ntrove_service_user_domain_name: Default\ntrove_service_project_domain_id: default\ntrove_service_user_domain_id: default\n\n# Glance images\ntrove_glance_images: []\n\ntrove_pip_packages:\n - cryptography\n - os-client-config\n - osprofiler\n - pexpect\n - PyMySQL\n - pymemcache\n - python-troveclient\n - python-memcached\n - systemd-python\n - \"git+{{ trove_git_repo }}@{{ trove_git_install_branch }}#egg=trove\"\n\n# Memcached override\ntrove_memcached_servers: \"{{ memcached_servers }}\"\n\n## Tunable overrides\ntrove_config_overrides: {}\ntrove_api_paste_ini_overrides: {}\ntrove_guestagent_config_overrides: {}\ntrove_policy_overrides: {}\ntrove_api_init_config_overrides: {}\ntrove_api_uwsgi_ini_overrides: {}\ntrove_conductor_init_config_overrides: {}\ntrove_taskmanager_init_config_overrides: {}\n\n## Service Name-Group Mapping\ntrove_services:\n trove-api:\n group: trove_api\n service_name: trove-api\n execstarts: \"{{ trove_bin }}/trove-api\"\n init_config_overrides: \"{{ trove_api_init_config_overrides }}\"\n wsgi_app: \"{{ trove_use_uwsgi }}\"\n wsgi_name: trove-api-wsgi\n uwsgi_overrides: \"{{ trove_api_uwsgi_ini_overrides }}\"\n uwsgi_bind_address: \"{{ trove_service_host }}\"\n uwsgi_port: \"{{ trove_service_port }}\"\n uwsgi_tls: \"{{ trove_backend_ssl | ternary(trove_uwsgi_tls, {}) }}\"\n start_order: 1\n trove-conductor:\n group: trove_conductor\n service_name: trove-conductor\n execstarts: \"{{ trove_bin }}/trove-conductor\"\n init_config_overrides: \"{{ trove_conductor_init_config_overrides }}\"\n start_order: 2\n trove-taskmanager:\n group: trove_taskmanager\n service_name: trove-taskmanager\n execstarts: \"{{ trove_bin }}/trove-taskmanager\"\n init_config_overrides: \"{{ trove_taskmanager_init_config_overrides }}\"\n start_order: 3\n\n###\n### Backend TLS\n###\n\n# Define if communication between haproxy and service backends should be\n# encrypted with TLS.\ntrove_backend_ssl: \"{{ openstack_service_backend_ssl | default(False) }}\"\n\n# Storage location for SSL certificate authority\ntrove_pki_dir: \"{{ openstack_pki_dir | default('/etc/openstack_deploy/pki') }}\"\n\n# Delegated host for operating the certificate authority\ntrove_pki_setup_host: \"{{ openstack_pki_setup_host | default('localhost') }}\"\n\n# trove server certificate\ntrove_pki_keys_path: \"{{ trove_pki_dir ~ '/certs/private/' }}\"\ntrove_pki_certs_path: \"{{ trove_pki_dir ~ '/certs/certs/' }}\"\ntrove_pki_intermediate_cert_name: \"{{ openstack_pki_service_intermediate_cert_name | default('ExampleCorpIntermediate') }}\"\ntrove_pki_regen_cert: \"\"\ntrove_pki_san: \"{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}\"\ntrove_pki_certificates:\n - name: \"trove_{{ ansible_facts['hostname'] }}\"\n provider: ownca\n cn: \"{{ ansible_facts['hostname'] }}\"\n san: \"{{ trove_pki_san }}\"\n signed_by: \"{{ trove_pki_intermediate_cert_name }}\"\n\n# trove destination files for SSL certificates\ntrove_ssl_cert: /etc/trove/trove.pem\ntrove_ssl_key: /etc/trove/trove.key\n\n# Installation details for SSL certificates\ntrove_pki_install_certificates:\n - src: \"{{ trove_user_ssl_cert | default(trove_pki_certs_path ~ 'trove_' ~ ansible_facts['hostname'] ~ '-chain.crt') }}\"\n dest: \"{{ trove_ssl_cert }}\"\n owner: \"{{ trove_system_user_name }}\"\n group: \"{{ trove_system_user_name }}\"\n mode: \"0644\"\n - src: \"{{ trove_user_ssl_key | default(trove_pki_keys_path ~ 'trove_' ~ ansible_facts['hostname'] ~ '.key.pem') }}\"\n dest: \"{{ trove_ssl_key }}\"\n owner: \"{{ trove_system_user_name }}\"\n group: \"{{ trove_system_user_name }}\"\n mode: \"0600\"\n\n# Define user-provided SSL certificates\n# trove_user_ssl_cert: \n# trove_user_ssl_key: \n","created":"2025-12-08T13:57:19.235193Z","updated":"2025-12-08T13:57:19.235205Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible-os_trove/defaults/main.yml"}