Overcloud Parameters
Parameters for customizing the core template collection for a Red Hat OpenStack Platform overcloud
Abstract
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Providing feedback on Red Hat documentation
We appreciate your input on our documentation. Tell us how we can make it better.
Providing documentation feedback in Jira
Use the Create Issue form to provide feedback on the documentation. The Jira issue will be created in the Red Hat OpenStack Platform Jira project, where you can track the progress of your feedback.
- Ensure that you are logged in to Jira. If you do not have a Jira account, create an account to submit feedback.
- Click the following link to open a the Create Issue page: Create Issue
- Complete the Summary and Description fields. In the Description field, include the documentation URL, chapter or section number, and a detailed description of the issue. Do not modify any other fields in the form.
- Click Create.
Chapter 1. Overcloud Parameters
You can modify overcloud features with overcloud parameters. To set a parameter, include the chosen parameter and its value in an environment file under the parameter_defaults section and include the environment file with your openstack overcloud deploy command.
Chapter 2. Core Overcloud Parameters
You can modify general overcloud configuration with the core overcloud parameters.
| Parameter | Description |
|---|---|
|
|
Set to true to append per network VIPs to |
|
|
The DNS domain used for the hosts. This must match the overcloud_domain_name configured on the undercloud. The default value is |
|
|
The DNS name of this cloud. The default value is |
|
|
The DNS name of this cloud’s control plane endpoint. The default value is |
|
|
The DNS name of this cloud’s internal API endpoint. The default value is |
|
|
The DNS name of this cloud’s storage endpoint. For example, ci-overcloud.storage.tripleo.org. The default value is |
|
|
The DNS name of this cloud’s storage management endpoint. The default value is |
|
|
Defines a fixed VIP for the Control Plane. Value uses the following format: |
|
|
The name of the undercloud OpenStack Networking (neutron) control plane subnet. The default value is |
|
|
The subnet CIDR of the control plane network. The parameter is automatically resolved from the |
|
|
Setting this to a unique value will re-run any deployment tasks that perform configuration on a OpenStack Orchestration (heat) |
|
| List of server hostnames to blocklist from any triggered deployments. |
|
| Can be used to override the calcluated EndpointMap. |
|
| Control the IP allocation for the ExternalVirtualInterface port. For example, [{ip_address:'1.2.3.4'}]. |
|
| Additional hiera configuration to inject into the cluster. |
|
| List of extra hosts entries to be appended to /etc/hosts. |
|
| Map of extra global_config_settings data to set on each node. |
|
|
An Open vSwitch bridge to create on each hypervisor. This defaults to |
|
|
What interface to add to the |
|
|
Control the IP allocation for the InternalApiVirtualInterface port. Value uses the following format: |
|
|
OpenStack Orchestration (heat) action when to apply network configuration changes. The default value is |
|
|
ID or name for Control Plane ctlplane network. The default value is |
|
|
An OVS bridge to create for accessing external networks. The default value is |
|
|
The interface to attach to the external bridge. The default value is |
|
|
Maximum batch size for creating nodes. It is recommended to not exceed a batch size of 32 nodes. The default value is |
|
|
Whether this is an cell additional to the default cell. The default value is |
|
|
Indicates that the nova-metadata API service has been deployed per-cell, so that we can have better performance and data isolation in a multi-cell deployment. Users should consider the use of this configuration depending on how OpenStack Networking (neutron) is setup. If networks span cells, you might need to run nova-metadata API service globally. If your networks are segmented along cell boundaries, then you can run nova-metadata API service per cell. When running nova-metadata API service per cell, you should also configure each OpenStack Networking (neutron) metadata-agent to point to the corresponding nova-metadata API service. The default value is |
|
| Control the IP allocation for the virtual IP used by OVN DBs. For example, [{ip_address:'1.2.3.4'}]. |
|
|
Control the IP allocation for the PublicVirtualInterface port. Value uses the following format: |
|
|
Salt for the RabbitMQ cookie. Change to force the randomly generated RabbitMQ cookie to change. The default value is |
|
|
Control the IP allocation for the virtual IP used by Redis. Value uses the following format: |
|
| The name of the stack/plan. |
|
| Extra properties or metadata passed to OpenStack Compute (nova) for the created nodes in the overcloud. Accessible through the OpenStack Compute (nova) metadata API. |
|
|
Control the IP allocation for the StorageMgmgVirtualInterface port. Value uses the following format: |
|
|
Control the IP allocation for the StorageVirtualInterface port. Value uses the following format: |
|
| List of undercloud hosts entries to be appended to /etc/hosts. The value is populated with the HEAT_HOSTS entries on the undercloud by tripleoclient when running deploy. |
|
|
Set to a previously unused value during |
Chapter 3. Role-Based Parameters
You can modify the bevavior of specific overcloud composable roles with overcloud role-based parameters. Substitute _ROLE_ with the name of the role. For example, for _ROLE_Count use ControllerCount.
| Parameter | Description |
|---|---|
|
|
Sets the |
|
|
Name of the subnet on ctlplane network for this role. The default value is |
|
|
The number of nodes to deploy in a role. The default value is |
|
| Role specific additional hiera configuration to inject into the cluster. |
|
| Optional extra Ansible group vars. |
|
|
Format for node hostnames. Note that |
|
|
Sets the |
|
| OpenStack Orchestration (heat) action when to apply network configuration changes. |
|
| Optional Role Specific parameters to be provided to service. |
|
|
List of resources to be removed from the role’s |
|
|
How to handle change to RemovalPolicies for ROLE ResourceGroup when doing an update. Default mode append will append to the existing blocklist and update would replace the blocklist. The default value is |
|
| Optional scheduler hints to pass to OpenStack Compute (nova). |
|
| Role specific ServiceNetMap overrides, the map provided will be merged with the global ServiceNetMap when passing the ServiceNetMap to the ROLE_ServiceChain resource and the _ROLE resource group. For example: _ROLE_ServiceNetMap: NovaLibvirtNetwork: internal_api_leaf2. |
|
| A list of service resources (configured in the OpenStack Orchestration (heat) resource_registry) which represent nested stacks for each service that should get installed on the ROLE role. |
Chapter 4. Debug Parameters
These parameters allow you to set debug mode on a per-service basis. The Debug parameter acts as a global parameter for all services and the per-service parameters can override the effects of global parameter on individual services.
| Parameter | Description |
|---|---|
|
| Set to True to enable debugging OpenStack Key Manager (barbican) service. |
|
| Set to True to enable debugging on OpenStack Block Storage (cinder) services. |
|
|
Whether to run configuration management (e.g. Puppet) in debug mode. The default value is |
|
|
Set to True to enable debugging on all services. The default value is |
|
| Set to True to enable debugging OpenStack Image Storage (glance) service. |
|
| Set to True to enable debugging OpenStack Orchestration (heat) services. |
|
| Set to True to enable debugging OpenStack Dashboard (horizon) service. |
|
| Set to True to enable debugging OpenStack Bare Metal (ironic) services. |
|
| Set to True to enable debugging OpenStack Identity (keystone) service. |
|
| Set to True to enable debugging OpenStack Shared File Systems (manila) services. |
|
| Set to True to enable debugging Memcached service. |
|
| Set to True to enable debugging OpenStack Networking (neutron) services. |
|
| Set to True to enable debugging OpenStack Compute (nova) services. |
|
| Set to True to enable debugging OpenStack Load Balancing-as-a-Service (octavia) services. |
|
| Set to True to enable debugging OpenStack Clustering (sahara) services. |
Chapter 5. Kernel parameters
You can modify the kernel behaviour with kernel parameters.
| Parameter | Description |
|---|---|
|
|
Configures sysctl net.bridge.bridge-nf-call-arptables key. The default value is |
|
|
Configures sysctl net.bridge.bridge-nf-call-ip6tables key. The default value is |
|
|
Configures sysctl net.bridge.bridge-nf-call-iptables key. The default value is |
|
| Hash of extra kernel modules to load. |
|
| List of extra kernel related packages to install. |
|
| Hash of extra sysctl settings to apply. |
|
|
The kernel allocates aio memory on demand, and this number limits the number of parallel aio requests; the only drawback of a larger limit is that a malicious guest could issue parallel requests to cause the kernel to set aside memory. Set this number at least as large as 128 * (number of virtual disks on the host) Libvirt uses a default of 1M requests to allow 8k disks, with at most 64M of kernel memory if all disks hit an aio request at the same time. The default value is |
|
|
Configures sysctl fs.inotify.max_user_instances key. The default value is |
|
|
Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys. The default value is |
|
|
Configures net.ipv4.ip_forward key. The default value is |
|
|
Configures net.ipv{4,6}.ip_nonlocal_bind key. The default value is |
|
|
Configures sysctl kernel.pid_max key. The default value is |
|
|
Configures sysctl net.ipv4.neigh.default.gc_thresh1 value. This is the minimum number of entries to keep in the ARP cache. The garbage collector will not run if there are fewer than this number of entries in the cache. The default value is |
|
|
Configures sysctl net.ipv4.neigh.default.gc_thresh2 value. This is the soft maximum number of entries to keep in the ARP cache. The garbage collector will allow the number of entries to exceed this for 5 seconds before collection will be performed. The default value is |
|
|
Configures sysctl net.ipv4.neigh.default.gc_thresh3 value. This is the hard maximum number of entries to keep in the ARP cache. The garbage collector will always run if there are more than this number of entries in the cache. The default value is |
Chapter 6. Bare Metal (ironic) Parameters
You can modify the ironic service with bare metal parameters.
| Parameter | Description |
|---|---|
|
| List of additional architectures to enable. |
|
| Override the private key size used when creating the certificate for this service. |
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
| IPA image URLs, the format should be ["http://path/to/kernel", "http://path/to/ramdisk"]. |
|
|
Enables or disables automated cleaning. Disabling automated cleaning might result in security problems and deployment failures on rebuilds. Do not set to |
|
|
Type of disk cleaning before and between deployments. |
|
|
Name or UUID of the overcloud network used for cleaning bare metal nodes. Set to |
|
| The name of an OpenStack Bare Metal (ironic) Conductor Group. |
|
|
Whether to configure Swift temporary URLs for use with the "direct" and "ansible" deploy interfaces. The default value is |
|
| Indicate whether this resource may be shared with the domain received in the request "origin" header. |
|
|
How to boot the bare metal instances. Set to |
|
| Deploy interface implementation to use by default. Leave empty to use the hardware type default. |
|
| Inspect interface implementation to use by default. Leave empty to use the hardware type default. |
|
|
Network interface implementation to use by default. Set to |
|
|
Default rescue implementation to use. The "agent" rescue requires a compatible ramdisk to be used. The default value is |
|
| Default resource class to use for new nodes. |
|
|
Backend to use to store ramdisk logs, either "local" or "swift". The default value is |
|
|
Number of IPv6 addresses to allocate for ports created for provisioning, cleaning, rescue or inspection on DHCPv6-stateful networks. Different stages of the chain-loading process will request addresses with different CLID/IAID. Due to non- identical identifiers multiple addresses must be reserved for the host to ensure each step of the boot process can successfully lease addresses. The default value is |
|
|
Enabled BIOS interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled boot interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled console interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled deploy interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled OpenStack Bare Metal (ironic) hardware types. The default value is |
|
|
Enabled inspect interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled management interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled network interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled power interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled RAID interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled rescue interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled storage interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled vendor interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Whether to enable use of staging drivers. The default value is |
|
|
Whether to force power state during sync. The default value is |
|
|
Image delivery method for the "direct" deploy interface. Use "swift" for the Object Storage temporary URLs, use "http" for the local HTTP server (the same as for iPXE). The default value is |
|
|
Comma-separated list of IPA inspection collectors. The default value is |
|
|
The default driver to use for newly discovered nodes (requires IronicInspectorEnableNodeDiscovery set to True). This driver is automatically added to enabled_drivers. The default value is |
|
|
Makes ironic-inspector enroll any unknown node that PXE-boots introspection ramdisk in OpenStack Bare Metal (ironic). The default driver to use for new nodes is specified by the IronicInspectorDiscoveryDefaultDriver parameter. Introspection rules can also be used to specify it. The default value is |
|
|
Comma-separated list of processing hooks to append to the default list. The default value is |
|
|
Network interface on which inspection dnsmasq will listen. The default value is |
|
|
Temporary IP range that will be given to nodes during the inspection process. This should not overlap with any range that OpenStack Networking (neutron) DHCP allocates, but it has to be routeable back to |
|
|
Whether to use iPXE for inspection. The default value is |
|
|
Kernel args for the OpenStack Bare Metal (ironic) inspector. The default value is |
|
|
Temporary IP ranges that will be given to nodes during the inspection process. These ranges should not overlap with any range that OpenStack Networking (neutron) DHCP provides, but they need to be routeable back to the |
|
|
Whether to use Swift for storing introspection data. The default value is |
|
|
The IP version that will be used for PXE booting. The default value is |
|
|
Whether to use iPXE instead of PXE for deployment. The default value is |
|
|
Port to use for serving images when iPXE is used. The default value is |
|
|
IPXE timeout in second. Set to 0 for infinite timeout. The default value is |
|
|
Whether to use SNP (Simple Network Protocol) iPXE EFI, or not. When set to true |
|
| The password for the Bare Metal service and database account. |
|
|
Number of seconds to wait for power operations to complete, i.e., so that a baremetal node is in the desired power state. If timed out, the power operation is considered a failure. The default value is |
|
|
Name or UUID of the overcloud network used for provisioning of bare metal nodes if |
|
|
Name or UUID of the overcloud network used for rescuing of bare metal nodes, if IronicDefaultRescueInterface is not set to "no-rescue". The default value of "provisioning" can be left during the initial deployment (when no networks are created yet) and should be changed to an actual UUID in a post-deployment stack update. The default value is |
|
| The remote procedure call transport between conductor and API processes, such as a messaging broker or JSON RPC. |
|
|
Use the advanced (eventlet safe) memcached client pool. The default value is |
Chapter 7. Block Storage (cinder) Parameters
You can modify the cinder service with block storage parameters.
| Parameter | Description |
|---|---|
|
| Override the private key size used when creating the certificate for this service. |
|
| The Ceph cluster FSID. Must be a UUID. |
|
|
The Ceph cluster name. The default value is |
|
|
List of maps describing extra overrides which will be applied when configuring extra external Ceph clusters. If this list is non-empty, |
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
|
The number of seconds until a OpenStack Block Storage (cinder) API WSGI connection times out. The default value is |
|
| List of optional volumes to be mounted. |
|
|
Cron to move deleted instances to another table - Age. The default value is |
|
|
Cron to move deleted instances to another table - Log destination. The default value is |
|
|
Cron to move deleted instances to another table - Hour. The default value is |
|
|
Cron to move deleted instances to another table - Max Delay. The default value is |
|
|
Cron to move deleted instances to another table - Minute. The default value is |
|
|
Cron to move deleted instances to another table - Month. The default value is |
|
|
Cron to move deleted instances to another table - Month Day. The default value is |
|
|
Cron to move deleted instances to another table - User. The default value is |
|
|
Cron to move deleted instances to another table - Week Day. The default value is |
|
|
The name of the OpenStack Block Storage (cinder) default volume type. The default value is |
|
|
Whether to create cron job for purging soft deleted rows in OpenStack Block Storage (cinder) database. The default value is |
|
|
Whether to enable or not the Iscsi backend for OpenStack Block Storage (cinder). The default value is |
|
|
Whether to enable or not the NFS backend for OpenStack Block Storage (cinder). The default value is |
|
|
Whether to enable or not the Rbd backend for OpenStack Block Storage (cinder). The default value is |
|
|
When running OpenStack Block Storage (cinder) A/A, whether to connect to Etcd via the local IP for the Etcd network. If set to true, the ip on the local node will be used. If set to false, the VIP on the Etcd network will be used instead. Defaults to false. The default value is |
|
|
NFS mount options when using an NFS share for the OpenStack Block Storage (cinder) image conversion directory. The default value is |
|
| When set, the NFS share to be used for the OpenStack Block Storage (cinder) image conversion directory. |
|
| The availability zone of the Iscsi OpenStack Block Storage (cinder) backend. When set, it overrides the default CinderStorageAvailabilityZone. |
|
|
The iSCSI helper to use with cinder. The default value is |
|
|
Whether to use TCP (iscsi) or iSER RDMA (iser) for iSCSI. The default value is |
|
|
The size of the loopback file used by the cinder LVM driver. The default value is |
|
|
Controls whether security enhanced NFS file operations are enabled. Valid values are auto, true or false. Effective when CinderEnableNfsBackend is true. The default value is |
|
|
Controls whether security enhanced NFS file permissions are enabled. Valid values are auto, true or false. Effective when CinderEnableNfsBackend is true. The default value is |
|
| The availability zone of the NFS OpenStack Block Storage (cinder) backend. When set, it overrides the default CinderStorageAvailabilityZone. |
|
|
Mount options for NFS mounts used by OpenStack Block Storage (cinder) NFS backend. Effective when CinderEnableNfsBackend is true. The default value is |
|
| NFS servers used by OpenStack Block Storage (cinder) NFS backend. Effective when CinderEnableNfsBackend is true. |
|
|
Whether to enable support for snapshots in the NFS driver. Effective when CinderEnableNfsBackend is true. The default value is |
|
| The password for the cinder service and database account. |
|
| The availability zone of the RBD OpenStack Block Storage (cinder) backend. When set, it overrides the default CinderStorageAvailabilityZone. |
|
| List of extra Ceph pools for use with RBD backends for OpenStack Block Storage (cinder). An extra OpenStack Block Storage (cinder) RBD backend driver is created for each pool in the list. This is in addition to the standard RBD backend driver associated with the CinderRbdPoolName. |
|
|
Whether RBD volumes created from a snapshot should be flattened in order to remove a dependency on the snapshot. The default value is |
|
|
The Ceph pool to use for cinder volumes. The default value is |
|
|
Cinder’s RPC response timeout, in seconds. The default value is |
|
|
The OpenStack Block Storage (cinder) service’s storage availability zone. The default value is |
|
| The cluster name used for deploying the cinder-volume service in an active-active (A/A) configuration. This configuration requires the OpenStack Block Storage (cinder) backend drivers support A/A, and the cinder-volume service not be managed by pacemaker. If these criteria are not met then the cluster name must be left blank. |
|
| Hash of optional environment variables. |
|
| List of optional volumes to be mounted. |
|
|
Set the number of workers for the block storage service. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts. |
|
|
Ulimit for OpenStack Block Storage (cinder) Volume Container. The default value is |
|
|
Controls whether etcd and the cinder-volume service use TLS for cinder’s lock manager, even when the rest of the internal API network is using TLS. The default value is |
|
|
Use the advanced (eventlet safe) memcached client pool. The default value is |
|
|
Whether to enable the multipath daemon. The default value is |
|
|
Driver or drivers to handle sending notifications. The default value is |
Chapter 8. Ceph Storage Parameters
You can modify your Ceph Storage cluster with Ceph Storage parameters.
| Parameter | Description |
|---|---|
|
|
Parameter used for pausing all ceph osds and skip transfer data check during a special case of upgrade called AllInOne. This causes workload outage! The default value is |
|
|
Disks configuration settings for |
|
| Mapping of Ansible environment variables to override defaults. |
|
|
Extra vars for the |
|
|
List of paths to the |
|
|
The number of -v, -vv, etc. passed to ansible-playbook command. The default value is |
|
|
The repository that should be used to install the right |
|
|
List of |
|
|
In particular scenarios we want this validation to show the warning but don’t fail because the package is installed on the system but repos are disabled. The default value is |
|
| Override the private key size used when creating the certificate for this service. |
|
|
The Ceph client key. Currently only used for external Ceph deployments to create the openstack user keyring. Can be created with: |
|
| The Ceph cluster FSID. Must be a UUID. |
|
|
The Ceph cluster name. The default value is |
|
| Extra configuration settings to dump into ceph.conf. |
|
| Admin password for the dashboard component. |
|
|
Parameter used to set a read-only admin user. The default value is |
|
|
Admin user for the dashboard component. The default value is |
|
|
Parameter used to trigger the dashboard deployment. The default value is |
|
| List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments. |
|
|
List of maps describing extra overrides which will be applied when configuring extra external Ceph clusters. If this list is non-empty, |
|
|
List of maps describing extra keys which will be created on the deployed Ceph cluster. Uses |
|
| Admin password for grafana component. |
|
|
Enables Ceph daemons to bind to IPv6 addresses. The default value is |
|
|
The Ceph client key. Can be created with: |
|
|
Enable Ceph msgr2 secure mode to enable on-wire encryption between Ceph daemons and also between Ceph clients and daemons. The default value is |
|
|
The minimum percentage of Ceph OSDs which must be running and in the Ceph cluster, according to ceph osd stat, for the deployment not to fail. Used to catch deployment errors early. Set this value to 0 to disable this check. The default value is |
|
|
Default placement group size to use for the RBD pools. The default value is |
|
|
Default minimum replication for RBD copies. The default value is |
|
|
Override settings for one of the predefined pools or to create additional ones. Example: |
|
|
Perform mirror configuration between local and remote pool. The default value is |
|
|
Copy the admin key to all nodes. The default value is |
|
| Name of the local pool to mirror to remote cluster. |
|
|
The name given to the remote Ceph cluster from the local cluster. Keys reside in the |
|
| The rbd-mirror daemon needs a user to authenticate with the remote cluster. By default, this key should be available under /etc/ceph/<remote_cluster>.client.<remote_user>.keyring. |
|
| Override the private key size used when creating the certificate for this service. |
|
|
The client name for the RADOSGW service." The default value is |
|
| The cephx key for the RADOSGW client. Can be created with ceph-authtool --gen-print-key. |
|
|
Interval (in seconds) in between validation checks. The default value is |
|
|
Number of retry attempts for Ceph validation. The default value is |
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
|
The short name of the OpenStack Block Storage (cinder) Backup backend to use. The default value is |
|
|
Pool to use if Block Storage (cinder) Backup is enabled. The default value is |
|
|
Whether to enable or not the Rbd backend for OpenStack Block Storage (cinder). The default value is |
|
| List of extra Ceph pools for use with RBD backends for OpenStack Block Storage (cinder). An extra OpenStack Block Storage (cinder) RBD backend driver is created for each pool in the list. This is in addition to the standard RBD backend driver associated with the CinderRbdPoolName. |
|
|
Pool to use for Block Storage (cinder) service. The default value is |
|
| List of server hostnames to blocklist from any triggered deployments. |
|
|
The short name of the OpenStack Image Storage (glance) backend to use. Set to |
|
|
Pool to use for Image Storage (glance) service. The default value is |
|
|
The short name of the OpenStack Telemetry Metrics (gnocchi) backend to use. Should be one of swift, rbd, file or s3. The default value is |
|
|
Pool to use for Telemetry storage. The default value is |
|
|
Filesystem path on undercloud to persist a copy of the data from the |
|
|
The CephFS user ID for Shared Filesystem Service (manila). The default value is |
|
|
Pool to use for file share storage. The default value is |
|
|
Placement group count for the CephFS data pool for file share storage. The default value is |
|
|
Pool to use for file share metadata storage. The default value is |
|
|
Placement group count for the CephFS metadata pool for file share storage. The default value is |
|
|
Backend name of the CephFS share for file share storage. The default value is |
|
| Ceph NodeExporter container image. |
|
|
Whether to enable the Ceph backend for Compute (nova). The default value is |
|
|
Pool to use for Compute storage. The default value is |
Chapter 9. Compute (nova) Parameters
You can modify the nova service with compute parameters.
| Parameter | Description |
|---|---|
|
| Override the private key size used when creating the certificate for this service. |
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
|
Limit the specific CPUs or cores a container can use. The default value is |
|
|
Tune nova_libvirt container PID limit (set to 0 for unlimited) (defaults to 65536). The default value is |
|
|
Ulimit for OpenStack Compute (nova) Libvirt Container. The default value is |
|
| Optional. The IP Address and Port of an insecure docker namespace that will be configured in /etc/sysconfig/docker. The value can be multiple addresses separated by commas. |
|
|
Ulimit for OpenStack Compute (nova) Compute Container. The default value is |
|
|
Port that dockerized nova migration target sshd service binds to. The default value is |
|
|
Enable caching with memcached. The default value is |
|
|
Remove configuration that is not generated by the director. Used to avoid configuration remnants after upgrades. The default value is |
|
|
Whether to enable an Instance Ha configurarion or not. This setup requires the Compute role to have the PacemakerRemote service added to it. The default value is |
|
|
Set to true to enable the SQLAlchemy-collectd server plugin. The default value is |
|
|
Set to True when deploying the extracted Placement service. The default value is |
|
| Dictionary of settings when configuring additional glance backends. The hash key is the backend ID, and the value is a dictionary of parameter values unique to that backend. Multiple rbd backends are allowed, but cinder, file and swift backends are limited to one each. Example: # Default glance store is rbd. GlanceBackend: rbd GlanceStoreDescription: Default rbd store # GlanceMultistoreConfig specifies a second rbd backend, plus a cinder # backend. GlanceMultistoreConfig: rbd2_store: GlanceBackend: rbd GlanceStoreDescription: Second rbd store CephClusterName: ceph2 # Override CephClientUserName if this cluster uses a different # client name. CephClientUserName: client2 cinder_store: GlanceBackend: cinder GlanceStoreDescription: OpenStack Block Storage (cinder) store. |
|
|
Template string to be used to generate instance names. The default value is |
|
|
Specifies the CA cert to use for NBD TLS. The default value is |
|
|
Specifies the CA cert to use for qemu. The default value is |
|
|
Specifies the CA cert to use for VNC TLS. The default value is |
|
|
Specifies the CA cert to use for VNC TLS. The default value is |
|
| Kernel Args to apply to the host. |
|
| This specifies the CA certificate to use for TLS in libvirt. This file will be symlinked to the default CA path in libvirt, which is /etc/pki/CA/cacert.pem. Note that due to limitations GNU TLS, which is the TLS backend for libvirt, the file must be less than 65K (so we can’t use the system’s CA bundle). This parameter should be used if the default (which comes from the InternalTLSCAFile parameter) is not desired. The current default reflects TripleO’s default CA, which is FreeIPA. It will only be used if internal TLS is enabled. |
|
| Override the private key size used when creating the certificate for this service. |
|
|
This is a performance event list which could be used as monitor. For example: |
|
|
Defines a filter to select a different logging level for a given category log outputs, as specified in https://libvirt.org/logging.html . The default value is |
|
| This specifies the CA certificate to use for NBD TLS. This file will be symlinked to the default CA path, which is /etc/pki/libvirt-nbd/ca-cert.pem. This parameter should be used if the default (which comes from the InternalTLSNbdCAFile parameter) is not desired. The current default reflects TripleO’s default CA, which is FreeIPA. It will only be used if internal TLS is enabled. |
|
| The password for the libvirt service when TLS is enabled. |
|
|
Override the compile time default TLS priority string. The default value is |
|
| This specifies the CA certificate to use for VNC TLS. This file will be symlinked to the default CA path, which is /etc/pki/libvirt-vnc/ca-cert.pem. This parameter should be used if the default (which comes from the InternalTLSVncCAFile parameter) is not desired. The current default reflects TripleO’s default CA, which is FreeIPA. It will only be used if internal TLS is enabled. |
|
| Override the private key size used when creating the certificate for this service. |
|
| Override the private key size used when creating the certificate for this service. |
|
|
Set to True to enable TLS on Memcached service. Because not all services support Memcached TLS, during the migration period, Memcached will listen on 2 ports - on the port set with MemcachedPort parameter (above) and on 11211, without TLS. The default value is |
|
|
Use the advanced (eventlet safe) memcached client pool. The default value is |
|
|
SSH key for migration. Expects a dictionary with keys public_key and private_key. Values should be identical to SSH public/private key files. The default value is |
|
|
Target port for migration over ssh. The default value is |
|
|
Whether to enable the multipath daemon. The default value is |
|
|
Enable IPv6 in MySQL. The default value is |
|
| Shared secret to prevent spoofing. |
|
|
Map of phynet name as key and NUMA nodes as value. For example: |
|
| Used to configure NUMA affinity for all tunneled networks. |
|
|
Driver or drivers to handle sending notifications. The default value is |
|
|
Whether this is an cell additional to the default cell. The default value is |
|
|
Allow destination machine to match source for resize. The default value is |
|
|
Max number of objects returned per API query. The default value is |
|
|
Max number of consecutive build failures before the nova-compute will disable itself. The default value is |
|
|
A comma-separated list or range of physical host CPU numbers to which processes for pinned instance CPUs can be scheduled. For example, |
|
|
If the deprecated |
|
|
Whether to disable irqbalance on compute nodes or not. Especially in Realtime Compute role one wants to keep it disabled. The default value is |
|
|
Whether to enable KSM on compute nodes or not. Especially in NFV use case one wants to keep it disabled. The default value is |
|
|
Libvirt domain type. Defaults to kvm. The default value is |
|
| List of optional environment variables. |
|
| List of optional volumes. |
|
|
Virtual CPU to physical CPU allocation ratio. The default value is |
|
|
Archive deleted instances from all cells. The default value is |
|
|
Cron to archive deleted instances - Age. This will define the retention policy when archiving the deleted instances entries in days. 0 means archive data older than today in shadow tables. The default value is |
|
|
Cron to move deleted instances to another table - Log destination. The default value is |
|
|
Cron to move deleted instances to another table - Hour. The default value is |
|
|
Cron to move deleted instances to another table - Max Delay. The default value is |
|
|
Cron to move deleted instances to another table - Max Rows. The default value is |
|
|
Cron to move deleted instances to another table - Minute. The default value is |
|
|
Cron to move deleted instances to another table - Month. The default value is |
|
|
Cron to move deleted instances to another table - Month Day. The default value is |
|
|
Purge shadow tables immediately after scheduled archiving. The default value is |
|
|
Cron to move deleted instances to another table - Until complete. The default value is |
|
|
Cron to move deleted instances to another table - User. The default value is |
|
|
Cron to move deleted instances to another table - Week Day. The default value is |
|
|
Cron to purge shadow tables - Age This will define the retention policy when purging the shadow tables in days. 0 means, purge data older than today in shadow tables. The default value is |
|
|
Cron to purge shadow tables - All cells. The default value is |
|
|
Cron to purge shadow tables - Log destination. The default value is |
|
|
Cron to purge shadow tables - Hour. The default value is |
|
|
Cron to purge shadow tables - Max Delay. The default value is |
|
|
Cron to purge shadow tables - Minute. The default value is |
|
|
Cron to purge shadow tables - Month. The default value is |
|
|
Cron to purge shadow tables - Month Day. The default value is |
|
|
Cron to purge shadow tables - User. The default value is |
|
|
Cron to purge shadow tables - Verbose. The default value is |
|
|
Cron to purge shadow tables - Week Day. The default value is |
|
|
Whether instances can attach cinder volumes from a different availability zone. The default value is |
|
|
Timeout for OpenStack Compute (nova) database synchronization in seconds. The default value is |
|
|
Default pool for floating IP addresses. The default value is |
|
|
Refuse to boot an instance if it would require downloading from glance and uploading to ceph instead of a COW clone. The default value is |
|
|
Virtual disk to physical disk allocation ratio. The default value is |
|
|
Whether to create cron job for archiving soft deleted rows in OpenStack Compute (nova) database. The default value is |
|
|
Whether to create cron job for purging soft deleted rows in OpenStack Compute (nova) database. The default value is |
|
|
Whether to enable or not the live migration for NUMA topology instances. The default value is |
|
|
Enable download of OpenStack Image Storage (glance) images directly via RBD. The default value is |
|
| The hash key, which is the backend ID, of the GlanceMultistoreConfig to be used for the role where NovaGlanceEnableRbdDownload is enabled and defaults should be overridden. If CephClientUserName or GlanceRbdPoolName are not set in the GlanceMultistoreConfig, the global values of those parameters will be used. |
|
|
Specifies the default machine type for each host architecture. Red Hat recommends setting the default to the lowest RHEL minor release in your environment, for backwards compatibility during live migration. The default value is |
|
|
Time in seconds that nova compute should continue caching an image once it is no longer used by any instances on the host. The default value is |
|
| List of image formats that should not be advertised as supported by the compute service. |
|
|
The libvirt CPU mode to configure. Defaults to host-model if virt_type is set to kvm, otherwise defaults to none. The default value is |
|
| This allows specifying granular CPU feature flags when specifying CPU models. Only has effect if cpu_mode is not set to none. |
|
| The named libvirt CPU model (see names listed in /usr/share/libvirt/cpu_map.xml). Only has effect if cpu_mode="custom" and virt_type="kvm|qemu". |
|
|
Available capacity in MiB for file-backed memory. When configured, the |
|
|
Add parameter to configure the libvirt max_queues. The maximum number of virtio queue pairs that can be enabled when creating a multiqueue guest. The number of virtio queues allocated will be the lesser of the CPUs requested by the guest and the max value defined. Default 0 corresponds to not set. The default value is |
|
|
A number of seconds to memory usage statistics period, zero or negative value mean to disable memory usage statistics. The default value is |
|
|
Set |
|
| List of optional volumes to be mounted. |
|
|
Virtio-net RX queue size. Valid values are 256, 512, 1024. The default value is |
|
|
Virtio-net TX queue size. Valid values are 256, 512, 1024. The default value is |
|
|
Whether to enable or not the multipath connection of the volumes. The default value is |
|
|
Defaults to "True" to slow down the instance CPU until the memory copy process is faster than the instance’s memory writes when the migration performance is slow and might not complete. Auto converge will only be used if this flag is set to True and post copy is not permitted or post copy is unavailable due to the version of libvirt and QEMU. The default value is |
|
|
If "True" activates the instance on the destination node before migration is complete, and to set an upper bound on the memory that needs to be transferred. Post copy gets enabled per default if the compute roles is not a realtime role or disabled by this parameter. The default value is |
|
|
Whether to wait for |
|
|
Indicates that the nova-metadata API service has been deployed per-cell, so that we can have better performance and data isolation in a multi-cell deployment. Users should consider the use of this configuration depending on how OpenStack Networking (neutron) is setup. If networks span cells, you might need to run nova-metadata API service globally. If your networks are segmented along cell boundaries, then you can run nova-metadata API service per cell. When running nova-metadata API service per cell, you should also configure each OpenStack Networking (neutron) metadata-agent to point to the corresponding nova-metadata API service. The default value is |
|
|
Whether to enable or not the NFS backend for OpenStack Compute (nova). The default value is |
|
|
NFS mount options for nova storage (when NovaNfsEnabled is true). The default value is |
|
| NFS share to mount for nova storage (when NovaNfsEnabled is true). |
|
|
NFS version used for nova storage (when NovaNfsEnabled is true). Since NFSv3 does not support full locking a NFSv4 version need to be used. To not break current installations the default is the previous hard coded version 4. The default value is |
|
|
Name of integration bridge used by Open vSwitch. The default value is |
|
| OVS DB connection string to used by OpenStack Compute (nova). |
|
| The password for the OpenStack Compute (nova) service and database account. |
|
| YAML list of PCI passthrough whitelist parameters. |
|
|
PMEM namespace mappings as backend for vPMEM feature. This parameter sets Nova’s |
|
|
Creates PMEM namespaces on the host server using |
|
|
Virtual RAM to physical RAM allocation ratio. The default value is |
|
|
Reserved RAM for host processes. The default value is |
|
| A list of valid key=value which reflect NUMA node ID, page size (Default unit is KiB) and number of pages to be reserved. Example - NovaReservedHugePages: ["node:0,size:2048,count:64","node:1,size:1GB,count:1"] will reserve on NUMA node 0 64 pages of 2MiB and on NUMA node 1 1 page of 1GiB. |
|
|
Number of seconds we’re willing to wait for a guest to shut down. If this is 0, then there is no time out (use with caution, as guests might not respond to a shutdown request). The default value is 300 seconds (5 minutes). The default value is |
|
|
Whether to start running instance on compute host reboot. The default value is |
|
| List of available filters for OpenStack Compute (nova) to use to filter nodes. |
|
| An array of filters OpenStack Compute (nova) uses to filter a node. OpenStack Compute applies these filters in the order they are listed. Place your most restrictive filters first to make the filtering process more efficient. |
|
|
This value controls how often (in seconds) the scheduler should attempt to discover new hosts that have been added to cells. The default value of -1 disables the periodic task completely. It is recommended to set this parameter for deployments using OpenStack Bare Metal (ironic). The default value is |
|
|
This setting allows the scheduler to restrict hosts in aggregates based on matching required traits in the aggregate metadata and the instance flavor/image. If an aggregate is configured with a property with key trait:$TRAIT_NAME and value required, the instance flavor extra_specs and/or image metadata must also contain trait:$TRAIT_NAME=required to be eligible to be scheduled to hosts in that aggregate. The default value is |
|
|
This value allows to have tenant isolation with placement. It ensures hosts in tenant-isolated host aggregate and availability zones will only be available to specific set of tenants. The default value is |
|
|
Maximum number of attempts the scheduler will make when deploying the instance. You should keep it greater or equal to the number of bare metal nodes you expect to deploy at once to work around potential race conditions when scheduling. The default value is |
|
|
This setting, when |
|
|
This setting causes the scheduler to ask placement only for compute hosts that support the disk_format of the image used in the request. The default value is |
|
|
This setting allows the scheduler to look up a host aggregate with metadata key of availability zone set to the value provided by incoming request, and request result from placement be limited to that aggregate. The default value is |
|
|
Number of workers for OpenStack Compute (nova) Scheduler services. The default value is |
|
|
List of paths relative to nova_statedir to ignore when recursively setting the ownership and selinux context. The default value is |
|
|
Interval to sync power states between the database and the hypervisor. Set to -1 to disable. Setting this to 0 will run at the default rate. The default value is |
|
|
(Deprecated) A list or range of physical CPU cores to reserve for virtual machine processes. For example, |
|
| Override the private key size used when creating the certificate for this service. |
|
| OpenSSL cipher preference string that specifies what ciphers to allow for TLS connections from clients. See the man page for the OpenSSL ciphers command for details of the cipher preference string format and allowed values. |
|
|
Minimum allowed SSL/TLS protocol version. Valid values are default, tlsv1_1, tlsv1_2, and tlsv1_3. A value of default will use the underlying system OpenSSL defaults. The default value is |
|
|
Number of workers for the Compute’s Conductor service. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. |
|
| Sets the amount of hugepage memory to assign per NUMA node. It is recommended to use the socket closest to the PCIe slot used for the desired DPDK NIC. The format should be in "<socket 0 mem>, <socket 1 mem>, <socket n mem>", where the value is specified in MB. For example: "1024,0". |
|
|
Endpoint interface to be used for the placement API. The default value is |
|
| The password for the Placement service and database account. |
|
| This specifies the CA certificate to use for qemu. This file will be symlinked to the default CA path, which is /etc/pki/qemu/ca-cert.pem. This parameter should be used if the default (which comes from the InternalTLSQemuCAFile parameter) is not desired. The current default reflects TripleO’s default CA, which is FreeIPA. It will only be used if internal TLS is enabled. |
|
| Override the private key size used when creating the certificate for this service. |
|
|
Whether to enable or disable TLS client certificate verification. Enabling this option will reject any client who does not have a certificate signed by the CA in /etc/pki/qemu/ca-cert.pem. The default value is |
|
| Directory used for memoryBacking source if configured as file. NOTE: big files will be stored here. |
|
| Override the private key size used when creating the certificate for this service. |
|
| Type of update, to differentiate between UPGRADE and UPDATE cases when StackAction is UPDATE (both are the same stack action). |
|
| OpenStack Compute upgrade level. |
|
|
If set to true and if EnableInternalTLS is enabled, it will enable TLS transport for libvirt NBD and configure the relevant keys for libvirt. The default value is |
|
|
If set to true and if EnableInternalTLS is enabled, it will enable TLS transport for libvirt VNC and configure the relevant keys for libvirt. The default value is |
|
|
Whether to verify image signatures. The default value is |
|
|
The vhost-user socket directory group name. Defaults to qemu. When vhostuser mode is dpdkvhostuserclient (which is the default mode), the vhost socket is created by qemu. The default value is |
Chapter 10. Dashboard (horizon) Parameters
You can modify the horizon service with dashboard parameters.
| Parameter | Description |
|---|---|
|
|
A list of IP/Hostname for the server OpenStack Dashboard (horizon) is running on. Used for header checks. The default value is |
|
| OpenStack Dashboard (horizon) has a global overrides mechanism available to perform customizations. |
|
|
On top of dashboard there is a Help button. This button could be used to re-direct user to vendor documentation or dedicated help portal. The default value is |
|
| Regex for password validation. |
|
| Help text for password validation. |
|
| Secret key for the webserver. |
|
|
Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in OpenStack Dashboard (horizon). The default value is |
|
|
Extra parameters for OpenStack Dashboard (horizon) vhost configuration. The default value is |
|
|
Enable IPv6 features in Memcached. The default value is |
|
|
The timezone to be set on the overcloud. The default value is |
|
|
Specifies the list of SSO authentication choices to present. Each item is a list of an SSO choice identifier and a display message. The default value is |
|
|
Enable support for Web Single Sign-On. The default value is |
|
|
Specifies a mapping from SSO authentication choice to identity provider and protocol. The identity provider and protocol names must match the resources defined in keystone. The default value is |
|
|
The initial authentication choice to select by default. The default value is |
Chapter 11. Identity (keystone) Parameters
You can modify the keystone service with identity parameters.
| Parameter | Description |
|---|---|
|
|
The email for the OpenStack Identity (keystone) admin account. The default value is |
|
| The OpenStack Identity (keystone) secret and database password. |
|
| Override the private key size used when creating the certificate for this service. |
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
|
Enable caching with memcached. The default value is |
|
|
Whether to enable TLS on the public interface or not. The default value is |
|
| A list of methods used for authentication. |
|
| Enabling this option requires users to change their password when the user is created, or upon administrative reset. |
|
| Indicate whether this resource may be shared with the domain received in the request "origin" header. |
|
| The first OpenStack Identity (keystone) credential key. Must be a valid key. |
|
| The second OpenStack Identity (keystone) credential key. Must be a valid key. |
|
| The maximum number of days a user can go without authenticating before being considered "inactive" and automatically disabled (locked). |
|
|
Create the member role, useful for undercloud deployment. The default value is |
|
|
Enable support for federated authentication. The default value is |
|
| Mapping containing OpenStack Identity (keystone) fernet keys and their paths. |
|
|
The maximum active keys in the OpenStack Identity (keystone) fernet key repository. The default value is |
|
| Hash containing the configurations for the LDAP backends configured in keystone. |
|
|
Trigger to call ldap_backend puppet keystone define. The default value is |
|
| The number of seconds a user account will be locked when the maximum number of failed authentication attempts (as specified by KeystoneLockoutFailureAttempts) is exceeded. |
|
| The maximum number of times that a user can fail to authenticate before the user account is locked for the number of seconds specified by KeystoneLockoutDuration. |
|
| The number of days that a password must be used before the user can change it. This prevents users from changing their passwords immediately in order to wipe out their password history and reuse an old password. |
|
| Comma-separated list of Oslo notification drivers used by OpenStack Identity (keystone). |
|
|
The OpenStack Identity (keystone) notification format. The default value is |
|
| OpenStack Identity (keystone) notification topics to enable. |
|
| The client ID to use when handshaking with your OpenID Connect provider. |
|
| The client secret to use when handshaking with your OpenID Connect provider. |
|
|
Passphrase to use when encrypting data for OpenID Connect handshake. The default value is |
|
|
Enable support for OpenIDC federation. The default value is |
|
|
Enable OAuth 2.0 integration. The default value is |
|
| The name associated with the IdP in OpenStack Identity (keystone). |
|
| OAuth 2.0 introspection endpoint for mod_auth_openidc. |
|
| The url that points to your OpenID Connect provider metadata. |
|
|
Attribute to be used to obtain the entity ID of the Identity Provider from the environment. The default value is |
|
|
Response type to be expected from the OpenID Connect provider. The default value is |
|
| The number of days for which a password will be considered valid before requiring it to be changed. |
|
| The regular expression used to validate password strength requirements. |
|
| Describe your password regular expression here in language for humans. |
|
| OpenStack Identity (keystone) certificate for verifying token validity. |
|
| OpenStack Identity (keystone) key for signing tokens. |
|
|
The OpenStack Identity (keystone) token format. The default value is |
|
| A list of dashboard URLs trusted for single sign-on. |
|
| This controls the number of previous user password iterations to keep in history, in order to enforce that newly created passwords are unique. |
|
|
Set the number of workers for the OpenStack Identity (keystone) service. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts. |
|
|
Whether director should manage the OpenStack Identity (keystone) fernet keys or not. If set to True, the fernet keys will get the values from the saved keys repository in OpenStack Workflow (mistral) from the |
|
|
Set to True to enable TLS on Memcached service. Because not all services support Memcached TLS, during the migration period, Memcached will listen on 2 ports - on the port set with MemcachedPort parameter (above) and on 11211, without TLS. The default value is |
|
|
Driver or drivers to handle sending notifications. The default value is |
|
|
Whether the public SSL certificate was autogenerated or not. The default value is |
|
| Specifies the default CA cert to use if TLS is used for services in the public network. |
|
| The content of the SSL certificate (without Key) in PEM format. |
|
|
Set a token expiration time in seconds. The default value is |
Chapter 12. Image Storage (glance) Parameters
You can modify the glance service with image service parameters.
| Parameter | Description |
|---|---|
|
|
The Ceph cluster name. The default value is |
|
| List of optional volumes to be mounted. |
|
|
The short name of the OpenStack Image Storage (glance) backend to use. Should be one of swift, rbd, cinder, or file. The default value is |
|
|
The default backend’s identifier. The default value is |
|
|
Enable OpenStack Image Storage (glance) Image Cache. The default value is |
|
|
The mount point base when glance is using cinder as store and cinder backend is NFS. This mount point is where the NFS volume is mounted on the glance node. The default value is |
|
| List of allowed disk formats in Glance; all formats are allowed when left unset. |
|
|
List of enabled Image Import Methods. Valid values in the list are glance-direct and web-download. The default value is |
|
|
List of user roles to be ignored for injecting image metadata properties. The default value is |
|
|
Base directory that the Image Cache uses. The default value is |
|
|
The upper limit on cache size, in bytes, after which the cache-pruner cleans up the image cache. The default value is |
|
|
The amount of time, in seconds, to let an image remain in the cache without being accessed. The default value is |
|
|
Desired output format for image conversion plugin. The default value is |
|
|
List of enabled Image Import Plugins. Valid values in the list are image_conversion, inject_metadata, no_op. The default value is |
|
|
Maximum number of image members per image. Negative values evaluate to unlimited. The default value is |
|
|
The interval in seconds to run periodic job cache_images. The default value is |
|
| Metadata properties to be injected in image. |
|
| The filepath of the file to use for logging messages from OpenStack Image Storage (glance). |
|
| Dictionary of settings when configuring additional glance backends. The hash key is the backend ID, and the value is a dictionary of parameter values unique to that backend. Multiple rbd backends are allowed, but cinder, file and swift backends are limited to one each. Example: # Default glance store is rbd. GlanceBackend: rbd GlanceStoreDescription: Default rbd store # GlanceMultistoreConfig specifies a second rbd backend, plus a cinder # backend. GlanceMultistoreConfig: rbd2_store: GlanceBackend: rbd GlanceStoreDescription: Second rbd store CephClusterName: ceph2 # Override CephClientUserName if this cluster uses a different # client name. CephClientUserName: client2 cinder_store: GlanceBackend: cinder GlanceStoreDescription: OpenStack Block Storage (cinder) store. |
|
|
When using |
|
|
When using |
|
|
NFS mount options for image storage when |
|
|
NFS share to mount for image storage when |
|
|
URI that specifies the staging location to use when importing images. The default value is |
|
|
Strategy to use for OpenStack Image Storage (glance) notification queue. The default value is |
|
| The password for the image storage service and database account. |
|
|
Whether to show multiple image locations e.g for copy-on-write support on RBD or Netapp backends. Potential security risk, see glance.conf for more information. The default value is |
|
|
When using GlanceBackend file and rbd to enable or not sparse upload. The default value is |
|
|
NFS mount options for NFS image import staging. The default value is |
|
| NFS share to mount for image import staging. |
|
|
User facing description for the OpenStack Image Storage (glance) backend. The default value is |
|
|
Set the number of workers for the image storage service. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts. |
|
|
Use the advanced (eventlet safe) memcached client pool. The default value is |
|
|
Whether to enable the multipath daemon. The default value is |
|
| Netapp share to mount for image storage (when GlanceNetappNfsEnabled is true). |
|
|
Driver or drivers to handle sending notifications. The default value is |
Chapter 13. Key Manager (barbican) Parameters
You can modify the barbican service with key manager parameters.
| Parameter | Description |
|---|---|
|
| Override the private key size used when creating the certificate for this service. |
|
| Hash of atos-hsm role variables used to install ATOS client software. |
|
|
Whether this plugin is the global default plugin. The default value is |
|
| Hostname of the Dogtag server. |
|
| Password for the NSS DB. |
|
|
Path for the PEM file used to authenticate requests. The default value is |
|
|
Port for the Dogtag server. The default value is |
|
|
Whether this plugin is the global default plugin. The default value is |
|
| Host for KMIP device. |
|
| Password to connect to KMIP device. |
|
| Port for KMIP device. |
|
| Username to connect to KMIP device. |
|
| The password for the OpenStack Key Manager (barbican) service account. |
|
|
Always set CKA_SENSITIVE=CK_TRUE. The default value is |
|
|
Generate IVs for CKM_AES_GCM encryption mechanism. The default value is |
|
|
Enable ATOS for PKCS11. The default value is |
|
|
Enable PKCS11. The default value is |
|
|
Cryptoki Mechanism used for encryption. The default value is |
|
|
Whether this plugin is the global default plugin. The default value is |
|
|
Cryptoki Mechanism used to generate Master HMAC Key. The default value is |
|
|
Cryptoki Key Type for Master HMAC key. The default value is |
|
| Label for the HMAC key. |
|
| Path to vendor PKCS11 library. |
|
| Password (PIN) to login to PKCS#11 session. |
|
|
Enable Luna SA HSM for PKCS11. The default value is |
|
| Label for Master KEK. |
|
|
Length of Master KEK in bytes. The default value is |
|
|
Set CKF_OS_LOCKING_OK flag when initializing the client library. The default value is |
|
|
Cryptoki Mechanism used to generate Master HMAC Key. The default value is |
|
|
Slot Id for the PKCS#11 token to be used. The default value is |
|
|
Enable Thales for PKCS11. The default value is |
|
| (DEPRECATED) Use BarbicanPkcs11CryptoTokenLabels instead. |
|
| List of comma separated labels for the tokens to be used. This is typically a single label, but some devices may require more than one label for Load Balancing and High Availability configurations. |
|
| Serial number for PKCS#11 token to be used. |
|
|
Whether this plugin is the global default plugin. The default value is |
|
| KEK used to encrypt secrets. |
|
|
Set the number of workers for barbican::wsgi::apache. The default value is |
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
| (Optional) When set OpenStack Key Manager (barbican) nodes will be registered with the HSMs using the IP from this network instead of the FQDN. |
|
| Hash of lunasa-hsm role variables used to install Lunasa client software. |
|
|
Use the advanced (eventlet safe) memcached client pool. The default value is |
|
|
Driver or drivers to handle sending notifications. The default value is |
|
|
The network that the HSM is listening on. The default value is |
|
| Hash of thales-hsm role variables used to install Thales client software. |
Chapter 14. Load balancer (octavia) parameters
| Parameter | Description |
|---|---|
|
|
The syslog "LOG_LOCAL" facility to use for the administrative log messages. The default value is |
|
| List of syslog endpoints, host:port comma separated list, to receive administrative log messages. |
|
|
The interval in seconds after which an unused Amphora will be considered expired and cleaned up. If left to 0, the configuration will not be set and the system will use the service defaults. The default value is |
|
| Public key file path. User will be able to SSH into amphorae with the provided key. User may, in most cases, also elevate to root from user centos (CentOS), ubuntu (Ubuntu) or cloud-user (RHEL) (depends on how amphora image was created). Logging in to amphorae provides a convenient way to e.g. debug load balancing services. |
|
|
SSH key name. The default value is |
|
|
Flag to indicate if anti-affinity feature is turned on. The default value is |
|
| OpenStack Load Balancing-as-a-Service (octavia) CA certificate data. If provided, this will create or update a file on the host with the path provided in OctaviaCaCertFile with the certificate data. |
|
| The private key for the certificate provided in OctaviaCaCert. If provided, this will create or update a file on the host with the path provided in OctaviaCaKeyFile with the key data. |
|
| CA private key passphrase. |
|
| OpenStack Load Balancing-as-a-Service (octavia) client certificate data. If provided, this will create or update a file on the host with the path provided in OctaviaClientCertFile with the certificate data. |
|
|
When false, tenant connection flows will not be logged. The default value is |
|
|
When true, logs will not be stored on the amphora filesystem. This includes all kernel, system, and security logs. The default value is |
|
|
Set to false if the driver agent needs to be disabled for some reason. The default value is |
|
|
OpenStack Compute (nova) flavor ID to be used when creating the nova flavor for amphora. The default value is |
|
|
When true, all log messages from the amphora will be forwarded to the administrative log endponts, including non-load balancing related logs. The default value is |
|
|
Enable internal generation of certificates for secure communication with amphorae for isolated private clouds or systems where security is not a concern. Otherwise, use OctaviaCaCert, OctaviaCaKey, OctaviaCaKeyPassphrase, OctaviaClientCert and OctaviaServerCertsKeyPassphrase to configure OpenStack Load Balancing-as-a-Service (octavia). The default value is |
|
| Load balancer topology configuration. |
|
|
When true, log messages from the amphora will be forwarded to the administrative log endponts and will be stored with the controller logs. The default value is |
|
|
The syslog "LOG_LOCAL" facility to use for the tenant traffic flow log messages. The default value is |
|
| List of syslog endpoints, host:port comma separated list, to receive tenant traffic flow log messages. |
|
|
Frontend client inactivity timeout. The default value is |
|
|
Backend member inactivity timeout. The default value is |
Chapter 15. Messaging Parameters
You can modify the message queue service with messaging parameters.
| Parameter | Description |
|---|---|
|
| Override the private key size used when creating the certificate for this service. |
|
| The password for messaging backend. |
|
|
The network port for messaging backend. The default value is |
|
|
The username for messaging backend. The default value is |
|
|
Messaging client subscriber parameter to specify an SSL connection to the messaging host. The default value is |
Chapter 16. Networking (neutron) Parameters
You can modify the neutron service with networking parameters.
| Parameter | Description |
|---|---|
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
| Override the private key size used when creating the certificate for this service. |
|
|
Enables DHCP agent notifications. The default value is |
|
|
Additional domain sockets for the docker daemon to bind to (useful for mounting into containers that launch other containers). The default value is |
|
| Optional. The IP Address and Port of an insecure docker namespace that will be configured in /etc/sysconfig/docker. The value can be multiple addresses separated by commas. |
|
|
If True, then allow plugins that support it to create VLAN transparent networks. The default value is |
|
|
Use the advanced (eventlet safe) memcached client pool. The default value is |
|
|
Seconds to regard the agent as down; should be at least twice NeutronGlobalReportInterval, to be sure the agent is down for good. The default value is |
|
|
Allow automatic l3-agent failover. The default value is |
|
| Hash of optional environment variables. |
|
| List of optional volumes to be mounted. |
|
|
The logical to physical bridge mappings to use. The default ( |
|
| Override the private key size used when creating the certificate for this service. |
|
|
The core plugin for networking. The value should be the entrypoint to be loaded from |
|
|
String of extra command line parameters to append to the |
|
| Comma-separated list of default network availability zones to be used by OpenStack Networking (neutron) if its resource is created without availability zone hints. If not set, no AZs will be configured for OpenStack Networking (neutron) network services. |
|
|
The number of DHCP agents to schedule per network. The default value is |
|
|
Additional to the availability zones aware network scheduler. The default value is |
|
|
Domain to use for building the hostnames. The default value is |
|
| Enable Distributed Virtual Router. |
|
|
Enable IGMP Snooping. The default value is |
|
|
Firewall driver for realizing OpenStack Networking (neutron) security group function. The default value is |
|
|
Sets the flat network name to configure in plugins. The default value is |
|
|
Geneve encapsulation header size. The default value is |
|
|
MTU of the underlying physical network. OpenStack Networking (neutron) uses this value to calculate MTU for all virtual network components. For flat and VLAN networks, OpenStack Networking uses this value without modification. For overlay networks such as VXLAN, OpenStack Networking automatically subtracts the overlay protocol overhead from this value. The default value is |
|
|
Seconds between nodes reporting state to server; should be less than NeutronAgentDownTime, best if it is half or less than NeutronAgentDownTime. The default value is |
|
|
The mechanism drivers for the OpenStack Networking (neutron) tenant network. The default value is |
|
| Shared secret to prevent spoofing. |
|
| Sets the number of worker processes for the OpenStack Networking (neutron) OVN metadata agent. The default value results in the configuration being left unset and a system-dependent default will be chosen (usually the number of processors). Please note that this can result in a large number of processes and memory consumption on systems with a large core count. On such systems it is recommended that a non-default value be selected that matches the load requirements. |
|
|
A list of mappings of physical networks to MTU values. The format of the mapping is |
|
|
The network schedule driver to use for availability zones. The default value is |
|
|
The tenant network type for OpenStack Networking (neutron). The default value is |
|
|
The OpenStack Networking (neutron) ML2 and Open vSwitch VLAN mapping range to support. Defaults to permitting any VLAN on the |
|
|
IP version used for all overlay network endpoints. The default value is |
|
|
Maximum number of packets per rate_limit. The default value is |
|
| Output logfile path on agent side, default syslog file. |
|
|
Maximum number of packets logging per second. The default value is |
|
| Name of Open vSwitch bridge to use. |
|
| Comma-separated list of VNIC types for which support in OpenStack Networking (neutron) is administratively prohibited by the OVS mechanism driver. |
|
| The password for the OpenStack Networking (neutron) service and database account. |
|
|
Comma-separated list of enabled extension plugins. The default value is |
|
|
Puppet resource tag names that are used to generate configuration files with puppet. The default value is |
|
|
Number of ports allowed per tenant, and minus means unlimited. The default value is |
|
|
The router schedule driver to use for availability zones. The default value is |
|
| Sets the number of RPC workers for the OpenStack Networking (neutron) service. If not specified, it’ll take the value of NeutronWorkers and if this is not specified either, the default value results in the configuration being left unset and a system-dependent default will be chosen (usually 1). |
|
|
Comma-separated list of service plugin entrypoints. The default value is |
|
| Comma-separated list of VNIC types for which support in OpenStack Networking (neutron) is administratively prohibited by the SR-IOV mechanism driver. |
|
|
Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation. The default value is |
|
|
Comma-separated list of network type driver entrypoints to be loaded. The default value is |
|
| The vhost-user socket directory for OVS. |
|
|
Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of VXLAN VNI IDs that are available for tenant network allocation. The default value is |
|
|
Sets the number of API and RPC workers for the OpenStack Networking service. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts. |
|
|
Driver or drivers to handle sending notifications. The default value is |
|
| The az options to configure in ovs db. eg. [az-0, az-1, az-2]. |
|
| The CMS options to configure in ovs db. |
|
|
During update, how long we wait for the container image to be updated, in seconds. The default value is |
|
|
During update, how long we wait for the container to be updated, in seconds. The default value is |
|
|
Timeout in seconds for the OVSDB connection transaction. The default value is |
|
| List of servers to use as as dns forwarders. |
|
|
Generate a wrapper script so that haproxy is launched in a separate container. The default value is |
|
|
Type of encapsulation used in OVN. Type of encapsulation used in OVN. It can be |
|
|
Name of the OVS bridge to use as integration bridge by OVN Controller. The default value is |
|
| Override the private key size used when creating the certificate for this service. |
|
|
Whether Metadata Service has to be enabled. The default value is |
|
|
The synchronization mode of OVN with OpenStack Networking (neutron) DB. The default value is |
|
|
Port of the OVN Northbound DB server. The default value is |
|
|
Sets the time ovn-controller will wait on startup before clearing all openflow rules and installing the new ones, in ms. The default value is |
|
|
The inactivity probe interval of the OpenFlow connection to the OpenvSwitch integration bridge, in seconds. The default value is |
|
|
Probe interval in ms for the OVSDB session. The default value is |
|
|
OVN notification driver for OpenStack Networking (neutron) QOS service plugin. The default value is |
|
|
Probe interval in ms. The default value is |
|
|
Port of the OVN Southbound DB server. The default value is |
|
|
Type of VIF to be used for ports. The default value is |
|
|
Enable OVS Hardware Offload. This feature supported from OVS 2.8.0. The default value is |
|
|
MTU of the underlying physical network. OpenStack Networking (neutron) uses this value to calculate MTU for all virtual network components. For flat and VLAN networks, OpenStack Networking (neutron) uses this value without modification. For overlay networks such as VXLAN, OpenStack Networking (neutron) automatically subtracts the overlay protocol overhead from this value. (The mtu setting of the Tenant network in network_data.yaml control’s this parameter.). The default value is |
Chapter 17. Object Storage (swift) Parameters
You can modify the swift service with object storage parameters.
| Parameter | Description |
|---|---|
|
|
Set to True to enable TLS on Memcached service. Because not all services support Memcached TLS, during the migration period, Memcached will listen on 2 ports - on the port set with MemcachedPort parameter (above) and on 11211, without TLS. The default value is |
|
|
Number of workers for Swift account service. The default value is |
|
|
Comma-seperated list of project names to ignore. The default value is |
|
|
Set to |
|
|
Set to True to enable Swift container sharder service. The default value is |
|
|
Number of workers for Swift account service. The default value is |
|
| Indicate whether this resource may be shared with the domain received in the request "origin" header. |
|
|
Set to True to enable data-at-rest encryption in Swift. The default value is |
|
| A random string to be used as a salt when hashing to determine mappings in the ring. |
|
|
The minimum time (in hours) before a partition in a ring can be moved following a rebalance. The default value is |
|
|
Check if the devices are mounted to prevent accidentally writing to the root device. The default value is |
|
|
Number of workers for Swift account service. The default value is |
|
|
Partition power to use when building object storage rings. The default value is |
|
| The password for the object storage service account. |
|
|
Timeout for requests going from |
|
|
Additional raw devices to use for the object storage backend. For example: |
|
|
Number of replicas to use in the object storage rings. The default value is |
|
|
Whether to manage object storage rings or not. The default value is |
|
| A temporary Swift URL to download rings from. |
|
| A temporary Swift URL to upload rings to. |
|
|
Use a local directory for object storage services when building rings. The default value is |
|
|
Number of workers for object storage service. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts. |
Chapter 18. Orchestration (heat) Parameters
You can modify the heat service with orchestration parameters.
| Parameter | Description |
|---|---|
|
| Override the private key size used when creating the certificate for this service. |
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
|
Enable caching with memcached. The default value is |
|
| Hash of optional environment variables. |
|
| List of optional volumes to be mounted. |
|
| Auth encryption key for heat-engine. |
|
|
Create delegated roles. The default value is |
|
|
Enables the heat engine with the convergence architecture. The default value is |
|
| Indicate whether this resource may be shared with the domain received in the request "origin" header. |
|
|
Cron to purge database entries marked as deleted and older than $age - Age. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Age type. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Log destination. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Ensure. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Hour. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Max Delay. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Minute. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Month. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Month Day. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - User. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Week Day. The default value is |
|
|
Whether to create cron job for purging soft deleted rows in the OpenStack Orchestration (heat) database. The default value is |
|
| Hash of optional environment variables. |
|
| List of optional volumes to be mounted. |
|
| An array of directories to search for plug-ins. |
|
|
Maximum raw byte size of the OpenStack Orchestration (heat) API JSON request body. The default value is |
|
|
Maximum number of nested stack depth. The default value is |
|
|
Maximum resources allowed per top-level stack. -1 stands for unlimited. The default value is |
|
| The password for the Orchestration service and database account. |
|
| Allow reauthentication on token expiry, such that long-running tasks may complete. Note this defeats the expiry of any provided user tokens. |
|
| The admin password for the OpenStack Orchestration (heat) domain in OpenStack Identity (keystone). |
|
|
Number of workers for OpenStack Orchestration (heat) service. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts. |
|
|
The maximum number of elements in collection yaql expressions can take for its evaluation. The default value is |
|
|
The maximum size of memory in bytes that yaql exrpessions can take for its evaluation. The default value is |
|
|
Set to True to enable TLS on Memcached service. Because not all services support Memcached TLS, during the migration period, Memcached will listen on 2 ports - on the port set with MemcachedPort parameter (above) and on 11211, without TLS. The default value is |
|
|
Use the advanced (eventlet safe) memcached client pool. The default value is |
|
|
Driver or drivers to handle sending notifications. The default value is |
Chapter 20. Time Parameters
You can modify the time synchronization service with time parameters.
| Parameter | Description |
|---|---|
|
|
Access Control List of NTP clients. By default no clients are permitted. The default value is |
|
| Default pool options for the configured NTP pools in chrony.conf. If this is specified, NtpIburstEnable, MaxPoll, and MinPoll are ignored. |
|
| Default server options for the configured NTP servers in chrony.conf. If this is specified, NtpIburstEnable, MaxPoll, and MinPoll are ignored. |
|
|
Set to true to enable package installation at deploy time. The default value is |
|
|
Specify maximum poll interval of upstream servers for NTP messages, in seconds to the power of two. Allowed values are 4 to 17. The default value is |
|
|
Specify minimum poll interval of upstream servers for NTP messages, in seconds to the power of two. The minimum poll interval defaults to 6 (64 s). Allowed values are 4 to 17. The default value is |
|
|
Specifies whether to enable the iburst option for every NTP peer. If iburst is enabled, when the NTP server is unreachable NTP will send a burst of eight packages instead of one. This is designed to speed up the initial syncrhonization. The default value is |
|
| NTP pool list. Defaults to [], so only NtpServer is used by default. |
|
|
NTP servers list. The default value is |
|
|
The timezone to be set on the overcloud. The default value is |
Chapter 21. Upgrade parameters
You can modify the behavior of the upgrade process with upgrade parameters.
| Parameter | Description |
|---|---|
|
| Command or script snippet to run on all overcloud nodes to initialize the upgrade process. For example, a repository switch. |
|
| Common commands required by the upgrades process. This should not normally be modified by the operator and is set and unset in the major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. |
|
| Additional command line options to append to the Leapp command. |
|
|
Print debugging output when running Leapp. The default value is |
|
| Skip Leapp checks by setting env variables when running Leapp in development/testing. For example, LEAPP_DEVEL_SKIP_RHSM=1. |
|
|
Use Leapp for operating system upgrade. The default value is |
|
|
Maximum (seconds) to wait for machine to reboot and respond to a test command. The default value is |
|
|
Timeout (seconds) for the OS upgrade phase via Leapp. The default value is |
|
| List of packages to install after Leapp upgrade. |
|
| List of packages to remove during Leapp upgrade. |
