---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Set the package install state for distribution packages
# Options are 'present' and 'latest'
lxc_hosts_package_state: "{{ package_state | default('present') }}"

# Define a list of extra distribuition packages to install onto the host
# at the discretion of the deployer
lxc_hosts_extra_distro_packages: []

# Define the total list of packages which to install onto the host combining
# distibution specific and deployers extra package lists
lxc_hosts_distro_packages: "{{ (_lxc_hosts_distro_packages | select) + lxc_hosts_extra_distro_packages }}"

# Mappings from Ansible reported architecture to distro release architecture
lxc_architecture_mapping:
  x86_64: amd64
  ppc64le: ppc64el
  s390x: s390x
  armv7l: armhf
  aarch64: arm64

# Set the volume size for the machine image caches. We only use the
# most specific mountpoint from the hierarchy.
# NOTE: Size is set in Gigabytes.
lxc_host_machine_volume_size: |-
  {%- set mounts = [] -%}
  {%- set mount_points = ['/var/lib/machines', '/var/lib/', '/var', '/'] -%}
  {%- for mount in mount_points -%}
  {%-   for dev in ansible_facts['mounts'] -%}
  {%-     if mount == dev.mount -%}
  {%-       set _ = mounts.append(dev.size_total // (1024**3)) -%}
  {%-     endif -%}
  {%-   endfor -%}
  {%- endfor -%}
  {{ mounts[0] }}

# Enable or Disable the BTRFS quota system for the "/var/lib/machines" mount
# point. More information on the BTRFS quota system can be found here:
#  * https://btrfs.wiki.kernel.org/index.php/Quota_support
lxc_host_machine_quota_disabled: false

# Set the default qgroup limits used for file system quotas. The default is
# "none". See the following documentation for more information:
#  * https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs-qgroup
lxc_host_machine_qgroup_space_limit: none
lxc_host_machine_qgroup_compression_limit: none

# DefaultTasksMax systemd value. It's not recommended to change this value as it
# could prevent new processes from starting on busy containers.
lxc_default_tasks_max: 8192

# lxc container rootfs directory and cache path
lxc_container_directory: "/var/lib/lxc"
lxc_container_cache_path: "/var/cache/lxc/download"

lxc_container_common_config:
  lxc.mount.entry:
    - /sys/kernel/debug sys/kernel/debug none bind,optional 0 0
    - /sys/kernel/security sys/kernel/security none bind,optional 0 0
    - /sys/fs/pstore sys/fs/pstore none bind,optional 0 0
    - mqueue dev/mqueue mqueue rw,relatime,create=dir,optional 0 0
  lxc.cgroup.devices.allow:
    - c 254:0 rm  # rtc
    - c 10:228 rwm # hpet

# The container backing store can be set to 'overlayfs' to use overlayfs
# This should only be done for production use with a linux kernel > 3.14
# which is when overlayfs was merged into the mainline kernel
lxc_container_backing_store: dir

# The container backing method can be set to 'copy-on-write' to use LVM
# snapshot-backed containers when the container backing store is set to
# 'lvm'.
# lxc_container_backing_method: copy-on-write

# When using a base container to snapshot from for the overlayfs or LVM
# copy-on-write backing stored, the base container can be set.
lxc_container_base_name: >-
  {{ ansible_facts['distribution'] | lower ~ '-' ~
     ansible_facts['distribution_major_version'] ~ '-' ~
     lxc_architecture_mapping.get(ansible_facts['architecture']) }}

# Set the default zfs root name
lxc_container_zfs_root_name: "pool/lxc"

# Allow OSA to generate the LXC network configuration and manage the interface state.
lxc_net_managed: true

# lxc container net network
lxc_net_bridge: lxcbr0
# Can be 'linuxbridge' or 'openvswitch'
lxc_net_bridge_type: linuxbridge
lxc_net_address: 10.0.3.1
lxc_net_netmask: 255.255.255.0
lxc_net_cidr: 24
lxc_net_gateway: ## if null, no gateway will be on the LXC bridge. lxc_net_nat must be "false" to use a gateway.
lxc_net_mtu: 1500

# lxc container nat enabled
lxc_net_nat: true ## If "true", nat rules will be created with the lxc network.

# Enable iptables for lxc network
lxc_net_manage_iptables: true ## If "true" iptables rules will be added when the bridge is up and deleted when bridge is down

# lxc container dhcp settings
lxc_net_dhcp_range: 10.0.3.2,10.0.3.253
lxc_net_dhcp_max: 253
lxc_net_dhcp_config: ""
lxc_net_dnsmasq_user: lxc-dnsmasq
lxc_net_domain: ""

# lxc network ipv6 settings
lxc_net6_address: ## ie. fd05:ffb8:32b4:1212::1
lxc_net6_netmask: ## ie. 64
lxc_net6_nat: false

# System control kernel tuning
lxc_kernel_options:
  - { key: "fs.inotify.max_user_instances", value: 1024 }

# The compression ratio used when creating the container cache rootfs archive
lxc_image_compression_ratio: 0

# A list of files may be copied into the container image cache from the
# deployment host during its preparation.
# Example:
#   lxc_container_cache_files:
#     - src: "/etc/openstack_deploy/files/etc/issue"
#       dest: "/etc/issue"
lxc_container_cache_files: []

# A list of files may be copied into the container image cache from the
# LXC host during its preparation.
# Example:
#   lxc_container_cache_files_from_host:
#     - "/etc/apt/sources.list.d/myrepo.list"
lxc_container_cache_files_from_host: []

# LXC container shutdown delay before force-killing running container
lxc_container_shutdown_delay: 60

# DNS servers to use during cache preparation
lxc_cache_prep_dns:
  - "{{ lxc_net_address }}"

# Custom shell commands to run before/after the LXC cache prep process has taken
# place.
lxc_cache_prep_pre_commands: "## pre command skipped ##"
lxc_cache_prep_post_commands: "## post command skipped ##"

# Full path to the base image prep script. By default this will use the
# named script for a given OS within the "templates/prep-scripts" directory.
# If a deployer wishes to override this script with something else they can
# do so by defining a user variable with the full path to the local script
# which will be templated onto the deployment targets.
lxc_cache_prep_template: "{{ _lxc_cache_prep_template }}"

## Define a list of extra distribuition packages to install in the container
# cache at the discretion of the deployer
lxc_cache_extra_distro_packages: []

# List of packages to be installed into the base container cache
# Combines the distribution specific list with deployers extra list
lxc_cache_distro_packages: "{{ _lxc_cache_distro_packages + lxc_cache_extra_distro_packages }}"

# The maximum amount of time (in seconds) to wait until failing the cache
# preparation process. This is necessary to mitigate the issue that can
# arise where the cache prep hangs and never fails.
# The value is specified in seconds, with the default being 20 minutes.
lxc_cache_prep_timeout: "{{ _lxc_cache_prep_timeout | default(1200) }}"

# Command to build a chroot for the container rootfs
lxc_hosts_container_build_command: "{{ _lxc_hosts_container_build_command | default('') }}"

# Local path to cached image
lxc_image_cache_path: "/var/lib/machines/{{ lxc_container_base_name }}"

# Expiration timeout for the cached image
# Should be in format supported by the to_time_unit filter
lxc_image_cache_expiration: "1year"

# Set this option to true to pull a new cached image.
lxc_image_cache_refresh: false

## Default download template options
##  This can be customized to use a local build server and options.
##  By default these options will be fulfilled by the distro specific
##  variable files found in vars/
# lxc_cache_download_template_options: >
#   --dist NAME_OF_DISTRO
#   --release DISTRO_RELEASE
#   --arch CONTAINER_ARCH
#   --force-cache
#   --server SERVER_TO_GET_IMAGES_FROM
lxc_cache_default_variant: default
lxc_cache_download_template_extra_options: ""
lxc_cache_download_template_options: >-
  --dist {{ ansible_facts['distribution'] | lower }}
  --release {{ ansible_facts['distribution_major_version'] }}
  --arch {{ lxc_architecture_mapping.get(ansible_facts['architecture']) }}
  --force-cache
  --server localhost
  --variant {{ lxc_cache_default_variant }}
  {{ lxc_cache_download_template_extra_options }}

# Locales to populate in the LXC base cache
lxc_cache_locales: "{{ _lxc_cache_locales | default(['en_US.UTF-8']) }}"

# EL EPEL repository options
lxc_centos_epel_mirror: "{{ centos_epel_mirror | default('http://download.fedoraproject.org/pub/epel') }}"
lxc_centos_epel_key: >-
  {{ centos_epel_key | default('http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-' ~ ansible_facts['distribution_major_version']) }}
lxc_hosts_epel_packages: "{{ _lxc_hosts_epel_packages | default([]) }}"

lxc_centos_repo_keys: "{{ _lxc_centos_repo_keys }}"
lxc_centos_repos: "{{ _lxc_centos_repos }}"

# DEB repository options
lxc_ubuntu_mirror: "{{ (ansible_facts['architecture'] == 'x86_64') | ternary('http://archive.ubuntu.com/ubuntu', 'http://ports.ubuntu.com/ubuntu-ports') }}"
lxc_apt_mirror: "{{ (ansible_facts['distribution'] == 'Ubuntu') | ternary(lxc_ubuntu_mirror, 'http://deb.debian.org/debian') }}"
lxc_apt_mirror_gpg_check: true
lxc_apt_mirror_gpg_file: ''

lxc_sysctl_file: "{{ openstack_sysctl_file | default('/etc/sysctl.conf') }}"