Execution
Date
08 Dec 2025 13:33:24 +0000
Duration
00:06:14.05
Controller
aio1.openstack.local
User
root
Versions
Ansible
2.18.6
ara
1.7.4 / 1.7.4
Python
3.12.3
Summary
2
Hosts
374
Tasks
364
Results
37
Plays
208
Files
0
Records
File: /home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/group_vars/all/all.yml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 | --- # Copyright 2016, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ## OpenStack Source Code Release openstack_release: "{{ lookup('env', 'OSA_VERSION') | default('undefined', true) }}" ## OpenStack Configuration directory openstack_config_dir: "{{ lookup('env', 'OSA_CONFIG_DIR') | default('/etc/openstack_deploy', true) }}" ## OpenStack Clone directory openstack_clone_root: "{{ (lookup('env', 'OSA_CLONE_ROOT') | default('/opt/openstack-ansible', true)) }}" ## OpenDev base URL openstack_opendev_base_url: https://opendev.org ## Github base URL openstack_github_base_url: https://github.com ## OpenStack service python version openstack_venv_python_executable: "python3" ## Define default EPEL location centos_epel_mirror: https://dl.fedoraproject.org/pub/epel ## Verbosity Options debug: False ## SSH connection wait time ssh_delay: 5 openstack_service_bind_address: "{{ management_address }}" package_state: "present" # Set "/var/log" to be a bind mount to the physical host. default_bind_mount_logs: true # Set distro variable # NOTE(hwoarang): ansible_facts['distribution'] may return a string with spaces # such as "openSUSE Leap" so we need to replace the space with underscore # in order to create a more sensible repo name for the distro. os_distro_version: "{{ (ansible_facts['distribution'] | lower) | replace(' ', '_') }}-{{ ansible_facts['distribution_version'].split('.')[:2] | join('.') }}-{{ ansible_facts['architecture'] | lower }}" openstack_lock_dir: "/run/lock" # URL for the frozen internal openstack repo. repo_server_port: 8181 ## Default installation method for OpenStack services install_method: "source" service_install_method: "{{ install_method }}" ## DNS resolution (resolvconf) options #Group containing resolvers to configure resolvconf_resolver_group: unbound # Disable /etc/hosts management if unbound DNS resolution containers exist openstack_host_manage_hosts_file: "{{ groups['unbound'] is not defined or groups['unbound'] | length < 1 }}" ## Enable external SSL handling for general OpenStack services openstack_external_ssl: true ## Control whether traffic between haproxy and service backends should ## be encrypted. openstack_service_backend_ssl: False ## Allows haproxy frontend to accept both HTTP and HTTPS traffic. openstack_service_accept_both_protocols: False ## OpenStack global Endpoint Protos openstack_service_publicuri_proto: https openstack_service_adminuri_proto: http openstack_service_internaluri_proto: http ## Region Name service_region: RegionOne ## OpenStack Domain openstack_domain: openstack.local lxc_container_domain: "{{ container_domain }}" container_domain: "{{ openstack_domain }}" ## DHCP Domain Name dhcp_domain: openstacklocal ## LDAP enabled toggle service_ldap_backend_enabled: "{{ keystone_ldap is defined and keystone_ldap.Default is defined }}" ## Base venv configuration venv_tag: "{{ openstack_release }}" ## OpenStack Openrc openrc_os_auth_url: "{{ keystone_service_internalurl }}" openrc_os_password: "{{ keystone_auth_admin_password }}" openrc_os_domain_name: "Default" openrc_region_name: "{{ service_region }}" ## Host security hardening # The ansible-hardening role provides security hardening for hosts # by applying security configurations from the STIG. Hardening is enabled by # default, but an option to opt out is available by setting the following # variable to 'false'. # Docs: https://docs.openstack.org/ansible-hardening/latest/ apply_security_hardening: true ## Ansible ssh configuration ansible_ssh_extra_args: >- -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ServerAliveInterval=64 -o ServerAliveCountMax=1024 -o Compression=no -o TCPKeepAlive=yes -o VerifyHostKeyDNS=no -o ForwardX11=no -o ForwardAgent=yes -T # Toggle whether the service is deployed in a container or not is_metal: >- {{ (properties is defined) and (properties.is_metal is defined) and (properties.is_metal | bool) }} _global_pins_file_path: "{{ openstack_clone_root }}/global-requirement-pins.txt" venv_build_global_constraints: >- {{ lookup('file', _global_pins_file_path).splitlines() | reject('match','^#.*$') | reject('equalto', '') | list }} deployment_extra_facts_subset: hardware deployment_extra_facts_filter: ansible_processor_* # Set permissions for repo server and files built on it _repo_service_user_mapping: debian: www-data redhat: apache repo_service_user_name: "{{ _repo_service_user_mapping[ansible_facts['os_family'] | lower] }}" repo_service_group_name: "{{ _repo_service_user_mapping[ansible_facts['os_family'] | lower] }}" venv_build_host_user_name: "{{ repo_service_user_name }}" venv_build_host_group_name: "{{ repo_service_group_name }}" # Set RabbitMQ management UI to use TLS rabbitmq_management_ssl: "{{ haproxy_ssl }}" |