all.yml

---
# The options in this file can be overridden in 'globals.yml'

# The "temp" files that are created before merge need to stay persistent due
# to the fact that ansible will register a "change" if it has to create them
# again. Persistent files allow for idempotency
container_config_directory: "/var/lib/kolla/config_files"

# The directory on the deploy host containing globals.yml.
node_config: "{{ CONFIG_DIR | default('/etc/kolla') }}"

# The directory to merge custom config files the kolla's config files
node_custom_config: "{{ node_config }}/config"

# The directory to store the config files on the destination node
node_config_directory: "/etc/kolla"

# The group which own node_config_directory, you can use a non-root
# user to deploy kolla
config_owner_user: "root"
config_owner_group: "root"

###################
# Ansible options
###################

# This variable is used as the "filter" argument for the setup module.  For
# instance, if one wants to remove/ignore all Neutron interface facts:
# kolla_ansible_setup_filter: "ansible_[!qt]*"
# By default, we do not provide a filter.
kolla_ansible_setup_filter: "{{ omit }}"

# This variable is used as the "gather_subset" argument for the setup module.
# For instance, if one wants to avoid collecting facts via facter:
# kolla_ansible_setup_gather_subset: "all,!facter"
# By default, we do not provide a gather subset.
kolla_ansible_setup_gather_subset: "{{ omit }}"

# This variable is used as "any_errors_fatal" setting for the setup (gather
# facts) plays.
# This is useful for weeding out failing hosts early to avoid late failures
# due to missing facts (especially cross-host).
# Do note this still supports host fact caching and it will not affect
# scenarios with all facts cached (as there is no task to fail).
kolla_ansible_setup_any_errors_fatal: false

###################
# Kolla options
###################
# Valid options are [ COPY_ONCE, COPY_ALWAYS ]
config_strategy: "COPY_ALWAYS"

# Valid options are ['centos', 'debian', 'rocky', 'ubuntu']
kolla_base_distro: "rocky"

kolla_internal_vip_address: "{{ kolla_internal_address | default('') }}"
kolla_internal_fqdn: "{{ kolla_internal_vip_address }}"
kolla_external_vip_address: "{{ kolla_internal_vip_address }}"
kolla_same_external_internal_vip: "{{ kolla_external_vip_address == kolla_internal_vip_address }}"
kolla_external_fqdn: "{{ kolla_internal_fqdn if kolla_same_external_internal_vip | bool else kolla_external_vip_address }}"

kolla_dev_repos_directory: "/opt/stack/"
kolla_dev_repos_git: "https://opendev.org/openstack"
kolla_dev_repos_pull: "no"
kolla_dev_mode: "no"
kolla_source_version: "{% if openstack_release == 'master' %}master{% else %}stable/{{ openstack_release }}{% endif %}"

# Proxy settings for containers such as magnum that need internet access
container_http_proxy: ""
container_https_proxy: ""
container_no_proxy: "localhost,127.0.0.1"

container_proxy_no_proxy_entries:
  - "{{ container_no_proxy }}"
  - "{{ api_interface_address }}"
  - "{{ kolla_internal_vip_address | default('') }}"

container_proxy:
  http_proxy: "{{ container_http_proxy }}"
  https_proxy: "{{ container_https_proxy }}"
  no_proxy: "{{ container_proxy_no_proxy_entries | select | join(',') }}"

# By default, Kolla API services bind to the network address assigned
# to the api_interface.  Allow the bind address to be an override.
api_interface_address: "{{ 'api' | kolla_address }}"


####################
# Database options
####################
database_address: "{{ kolla_internal_fqdn }}"
database_user: "root"
database_port: "3306"
database_connection_recycle_time: 10
database_max_pool_size: 1

####################
# Container engine options
####################
kolla_container_engine: "docker"

####################
# Docker options
####################
docker_registry_email:
docker_registry: "quay.io"
docker_namespace: "openstack.kolla"
docker_registry_username:
# Please read the docs carefully before applying docker_registry_insecure.
docker_registry_insecure: "no"
docker_runtime_directory: ""
# Docker client timeout in seconds.
docker_client_timeout: 120

# Docker networking options
docker_disable_default_iptables_rules: "yes"
docker_disable_default_network: "{{ docker_disable_default_iptables_rules }}"
docker_disable_ip_forward: "{{ docker_disable_default_iptables_rules }}"

# Retention settings for Docker logs
docker_log_max_file: "5"
docker_log_max_size: "50m"

# Valid options are [ no, on-failure, always, unless-stopped ]
docker_restart_policy: "unless-stopped"

# '0' means unlimited retries (applies only to 'on-failure' policy)
docker_restart_policy_retry: "10"

# Extra docker options for Zun
docker_configure_for_zun: "no"
docker_zun_options: -H tcp://{{ api_interface_address | put_address_in_context('url') }}:2375
docker_zun_config:
  cluster-store: etcd://{% for host in groups.get('etcd', []) %}{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ hostvars[host]['etcd_client_port'] }}{% if not loop.last %},{% endif %}{% endfor %}

# Extra containerd options for Zun
containerd_configure_for_zun: "no"

# Enable Ceph backed Cinder Volumes for zun
zun_configure_for_cinder_ceph: "no"

# 42463 is the static group id of the zun user in the Zun image.
# If users customize this value on building the Zun images,
# they need to change this config accordingly.
containerd_grpc_gid: 42463

# Timeout after Docker sends SIGTERM before sending SIGKILL.
docker_graceful_timeout: 60

# Common options used throughout Docker
docker_common_options:
  auth_email: "{{ docker_registry_email }}"
  auth_password: "{{ docker_registry_password }}"
  auth_registry: "{{ docker_registry }}"
  auth_username: "{{ docker_registry_username }}"
  environment:
    KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
  restart_policy: "{{ docker_restart_policy }}"
  restart_retries: "{{ docker_restart_policy_retry }}"
  graceful_timeout: "{{ docker_graceful_timeout }}"
  client_timeout: "{{ docker_client_timeout }}"
  container_engine: "{{ kolla_container_engine }}"

# Container engine specific volume paths
docker_volumes_path: "{{ docker_runtime_directory or '/var/lib/docker' }}/volumes"
podman_volumes_path: "{{ docker_runtime_directory or '/var/lib/containers' }}/storage/volumes"
container_engine_volumes_path: "{{ docker_volumes_path if kolla_container_engine == 'docker' else podman_volumes_path }}"

#####################
# Volumes under /run
#####################
# Podman has problem with mounting whole /run directory
# described here: https://github.com/containers/podman/issues/16305
run_default_volumes_podman:
  - '/run/netns:/run/netns:shared'
  - '/run/lock/nova:/run/lock/nova:shared'
  - "/run/libvirt:/run/libvirt:shared"
  - "/run/nova:/run/nova:shared"
  - "/run/openvswitch:/run/openvswitch:shared"

run_default_volumes_docker: []

run_default_subdirectories:
  - '/run/netns'
  - '/run/lock/nova'
  - "/run/libvirt"
  - "/run/nova"
  - "/run/openvswitch"

####################
# Dimensions options
####################
# Dimension options for Docker Containers
# NOTE(mnasiadka): Lower 1073741816 nofile limit on EL9 (RHEL9/CentOS Stream 9/Rocky Linux 9)
#                  fixes at least rabbitmq and mariadb
default_container_dimensions: "{{ default_container_dimensions_el9 if ansible_facts.os_family == 'RedHat' else '{}' }}"
default_container_dimensions_el9: "{{ default_docker_dimensions_el9 if kolla_container_engine == 'docker' else default_podman_dimensions_el9 }}"
default_docker_dimensions_el9:
  ulimits:
    nofile: