Red Hat Training

A Red Hat training course is available for Red Hat OpenStack Platform

Overcloud Parameters

Red Hat OpenStack Platform 12

Parameters for customizing the core template collection for a Red Hat OpenStack Platform overcloud

OpenStack Documentation Team

Abstract

This guide provides parameters for customizing the overcloud in Red Hat OpenStack Platform. Use this guide in conjunction with the Advanced Overcloud Customization guide.

Chapter 1. Core Overcloud Parameters

ParameterDescription

AddVipsToEtcHosts

Set to true to append per network VIPs to /etc/hosts on each node. The default value is: True

CloudDomain

The DNS domain used for the hosts. This should match the dhcp_domain configured in the undercloud. The default value is: localdomain

CloudName

The DNS name of this cloud. The default value is: overcloud.localdomain

CloudNameCtlplane

The DNS name of this cloud’s control plane endpoint. The default value is: overcloud.ctlplane.localdomain

CloudNameInternal

The DNS name of this cloud’s internal API endpoint. The default value is: overcloud.internalapi.localdomain

CloudNameStorage

The DNS name of this cloud’s storage endpoint. E.g. ci-overcloud.storage.tripleo.org. The default value is: overcloud.storage.localdomain

CloudNameStorageManagement

The DNS name of this cloud’s storage management endpoint. The default value is: overcloud.storagemgmt.localdomain

ControlFixedIPs

Defines a fixed VIP for the Control Plane. Value uses the following format: [{ip_address:'1.2.3.4'}]

DeployIdentifier

Setting this to a unique value will re-run any deployment tasks that perform configuration on a Heat stack-update.

DeploymentServerBlacklist

List of server hostnames to blacklist from any triggered deployments.

ExtraConfig

Additional hiera configuration to inject into the cluster.

HypervisorNeutronPhysicalBridge

An Open vSwitch bridge to create on each hypervisor. This defaults to br-ex, which is the same as the control plane nodes. This ensures uniform configuration of the Open vSwitch agent. Typically should not need to be changed. The default value is: br-ex

HypervisorNeutronPublicInterface

What interface to add to the HypervisorNeutronPhysicalBridge. The default value is: nic1

InternalApiVirtualFixedIPs

Control the IP allocation for the InternalApiVirtualInterface port. Value uses the following format: [{ip_address:'1.2.3.4'}]

NeutronControlPlaneID

ID or name for Control Plane ctlplane network. The default value is: ctlplane

NeutronPublicInterface

The interface to attach to the external bridge. The default value is: nic1

NodeCreateBatchSize

Maximum batch size for creating nodes. It is recommended to not exceed a batch size of 32 nodes. The default value is: 30

PublicVirtualFixedIPs

Control the IP allocation for the PublicVirtualInterface port. Value uses the following format: [{ip_address:'1.2.3.4'}]

RabbitCookieSalt

Salt for the RabbitMQ cookie. Change to force the randomly generated RabbitMQ cookie to change. The default value is: unset

RedisVirtualFixedIPs

Control the IP allocation for the virtual IP used by Redis. Value uses the following format: [{ip_address:'1.2.3.4'}]

ServerMetadata

Extra properties or metadata passed to Nova for the created nodes in the overcloud. Accessible through the Nova metadata API.

StorageMgmtVirtualFixedIPs

Control the IP allocation for the StorageMgmgVirtualInterface port. Value uses the following format: [{ip_address:'1.2.3.4'}]

StorageVirtualFixedIPs

Control the IP allocation for the StorageVirtualInterface port. Value uses the following format: [{ip_address:'1.2.3.4'}]

UpdateIdentifier

Set to a previously unused value during stack-update triggers package update on all nodes.

Chapter 2. Role-Based Parameters

Substitute _ROLE_ with the name of the role. For example, for _ROLE_Count use ControllerCount.

ParameterDescription

_ROLE_Count

The number of nodes to deploy in a role.

_ROLE_ExtraConfig

Role specific additional hiera configuration to inject into the cluster.

_ROLE_HostnameFormat

Format for node hostnames. Note that %index% is translated into the index of the node (e.g 0/1/2) and %stackname% is replaced with the stack name (e.g overcloud). The default value is: %stackname%-_ROLE_-%index%

_ROLE_Parameters

Optional Role Specific parameters to be provided to service.

_ROLE_RemovalPolicies

List of resources to be removed from the role’s ResourceGroup when doing an update that requires removal of specific resources.

_ROLE_SchedulerHints

Optional scheduler hints to pass to OpenStack Compute (nova).

_ROLE_Services

A list of service resources (configured in the OpenStack Orchestration (heat) resource_registry) which represent nested stacks for each service that should get installed on the ROLE role.

Chapter 3. Debug Parameters

These parameters allow you to set debug mode on a per-service basis. The Debug parameter acts as a global parameter for all services and the per-service parameters can override the effects of global parameter on individual services.

ParameterDescription

AodhDebug

Set to True to enable debugging OpenStack Telemetry Alarming (aodh) services.

BarbicanDebug

Set to True to enable debugging OpenStack Key Manager (barbican) service.

CeilometerDebug

Set to True to enable debugging OpenStack Telemetry (ceilometer) services.

CinderDebug

Set to True to enable debugging on OpenStack Block Storage (cinder) services.

CongressDebug

Set to True to enable debugging for OpenStack Policy-as-a-Service (congress) service.

Debug

Set to True to enable debugging on all services.

GlanceDebug

Set to True to enable debugging OpenStack Image Storage (glance) service.

GnocchiDebug

Set to True to enable debugging OpenStack Telemetry Metrics (gnocchi) services.

HeatDebug

Set to True to enable debugging OpenStack Orchestration (heat) services.

HorizonDebug

Set to True to enable debugging OpenStack Dashboard (horizon) service.

IronicDebug

Set to True to enable debugging OpenStack Bare Metal (ironic) services.

KeystoneDebug

Set to True to enable debugging OpenStack Identity (keystone) service.

ManilaDebug

Set to True to enable debugging OpenStack Shared File Systems (manila) services.

MistralDebug

Set to True to enable debugging OpenStack Workflow (mistral) services.

NeutronDebug

Set to True to enable debugging OpenStack Networking (neutron) services.

NovaDebug

Set to True to enable debugging OpenStack Compute (nova) services.

OctaviaDebug

Set to True to enable debugging OpenStack Load Balancing-as-a-Service (octavia) services.

PankoDebug

Set to True to enable debugging OpenStack Telemetry Event Storage (panko) services.

SaharaDebug

Set to True to enable debugging OpenStack Clustering (sahara) services.

ZaqarDebug

Set to True to enable debugging OpenStack Messaging (zaqar) service.

Chapter 4. Policy Parameters

These parameters allow you to set policies on a per-service basis.

ParameterDescription

AodhApiPolicies

A hash of policies to configure for OpenStack Telemetry Alarming (aodh) API.

BarbicanPolicies

A hash of policies to configure for OpenStack Key Manager (barbican).

CeilometerApiPolicies

A hash of policies to configure for OpenStack Telemetry (ceilometer) API.

CinderApiPolicies

A hash of policies to configure for OpenStack Block Storage (cinder) API.

CongressPolicies

A hash of policies to configure for OpenStack Policy Framework (congress).

Ec2ApiPolicies

A hash of policies to configure for EC2-API.

GlanceApiPolicies

A hash of policies to configure for OpenStack Image Storage (glance) API.

GnocchiApiPolicies

A hash of policies to configure for OpenStack Telemetry Metrics (gnocchi) API.

HeatApiPolicies

A hash of policies to configure for OpenStack Orchestration (heat) API.

IronicApiPolicies

A hash of policies to configure for OpenStack Bare Metal (ironic) API.

KeystonePolicies

A hash of policies to configure for OpenStack Identity (keystone).

MistralApiPolicies

A hash of policies to configure for OpenStack Workflow (mistral) API.

NeutronApiPolicies

A hash of policies to configure for OpenStack Networking (neutron) API.

NovaApiPolicies

A hash of policies to configure for OpenStack Compute (nova) API.

OctaviaApiPolicies

A hash of policies to configure for OpenStack Load Balancing-as-a-Service (octavia) API.

PankoApiPolicies

A hash of policies to configure for OpenStack Telemetry Event Storage (panko) API.

SaharaApiPolicies

A hash of policies to configure for OpenStack Clustering (sahara) API.

ZaqarPolicies

A hash of policies to configure for OpenStack Messaging (zaqar).

Chapter 5. Ceph Storage Parameters

ParameterDescription

CephAdminKey

The Ceph admin client key. Can be created with: ceph-authtool --gen-print-key

CephClientKey

The Ceph client key. Currently only used for external Ceph deployments to create the openstack user keyring. Can be created with: ceph-authtool --gen-print-key

CephClusterFSID

The Ceph cluster FSID. Must be a UUID.

CephIPv6

Enables Ceph daemons to bind to IPv6 addresses. The default is: false

CephManilaClientKey

The Ceph client key. Can be created with: ceph-authtool --gen-print-key

CephMonKey

The Ceph monitors key. Can be created with: ceph-authtool --gen-print-key

CephPoolDefaultSize

Default minimum replication for RBD copies. The default value is: 3

CephPools

Override settings for one of the predefined pools or to create additional ones. Example: { "volumes": { "size": 5, "pg_num": 128, "pgp_num": 128 } }

CephValidationDelay

Interval (in seconds) in between validation checks. The default value is: 30

CephValidationRetries

Number of retry attempts for Ceph validation. The default value is: 40

CinderBackupRbdPoolName

Pool to use if Block Storage (cinder) Backup is enabled. The default is: backups

CinderRbdPoolName

Pool to use for Block Storage (cinder) service. The default is: volumes

ControllerEnableCephStorage

Whether to deploy Ceph Storage (OSD) on the Controller. The default value is: False

GlanceRbdPoolName

Pool to use for Image Storage (glance) service. The default is: images

GnocchiRbdPoolName

Pool to use for Telemetry storage. The default is: metrics

IgnoreCephUpgradeWarnings

If enabled, Ceph upgrade will be forced even though cluster or PGs status is not clean. The default value is: False

ManilaCephFSDataPoolName

Pool to use for file share storage. The default is: manila_data

ManilaCephFSMetadataPoolName

Pool to use for file share metadata storage. The default is: manila_metadata

ManilaCephFSNativeCephFSAuthId

The Cephx user id for manila. The default is: manila

NovaRbdPoolName

Pool to use for Compute storage. The default is: vms

Chapter 6. Ceph RadosGW Parameters

ParameterDescription

CephRgwKey

The cephx key for the radosgw client. Can be created with: ceph-authtool --gen-print-key

Chapter 7. Block Storage (cinder) Parameters

ParameterDescription

CinderCronDbPurgeAge

Cron to move deleted instances to another table - Age. The default value is: 0

CinderCronDbPurgeDestination

Cron to move deleted instances to another table - Log destination. The default value is: /var/log/cinder/cinder-rowsflush.log

CinderCronDbPurgeHour

Cron to move deleted instances to another table - Hour. The default value is: 0

CinderCronDbPurgeMinute

Cron to move deleted instances to another table - Minute. The default value is: 1

CinderCronDbPurgeMonth

Cron to move deleted instances to another table - Month. The default value is: *

CinderCronDbPurgeMonthday

Cron to move deleted instances to another table - Month Day. The default value is: *

CinderCronDbPurgeUser

Cron to move deleted instances to another table - User. The default value is: cinder

CinderCronDbPurgeWeekday

Cron to move deleted instances to another table - Week Day. The default value is: *

CinderEnableDBPurge

Whether to create cron job for purging soft deleted rows in OpenStack Block Storage (cinder) database. The default value is: True

CinderPassword

The password for the cinder service account, used by cinder-api.

CinderWorkers

Set the number of workers for the block storage service. The default value is equal to the number of CPU cores on the node. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

Chapter 8. Image Storage (glance) Parameters

ParameterDescription

GlanceBackend

The short name of the backend to use. Should be one of swift, rbd, or file. The default value is: swift

GlanceImageMemberQuota

Maximum number of image members per image. Negative values evaluate to unlimited. The default value is: 128

GlanceLogFile

The filepath of the file to use for logging messages from OpenStack Image Storage (glance).

GlanceNfsEnabled

When using GlanceBackend: file, mount NFS share for image storage. The default value is: False

GlanceNfsOptions

NFS mount options for image storage when GlanceNfsEnabled is true. The default value is: intr,context=system_u:object_r:glance_var_lib_t:s0

GlanceNfsShare

NFS share to mount for image storage when GlanceNfsEnabled is true.

GlanceNotifierStrategy

Strategy to use for OpenStack Image Storage (glance) notification queue. The default value is: noop

GlancePassword

The password for the image storage service and database account.

GlanceWorkers

Set the number of workers for the image storage service. The default value is equal to the number of CPU cores on the node. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

Chapter 9. Orchestration (heat) Parameters

ParameterDescription

HeatAuthEncryptionKey

Auth encryption key for heat-engine.

HeatConvergenceEngine

Enables the heat engine with the convergence architecture. The default value is: True

HeatCronPurgeDeletedAge

Cron to purge db entries marked as deleted and older than $age - Age. The default value is: 30

HeatCronPurgeDeletedAgeType

Cron to purge db entries marked as deleted and older than $age - Age type. The default value is: days

HeatCronPurgeDeletedDestination

Cron to purge db entries marked as deleted and older than $age - Log destination. The default value is: /dev/null

HeatCronPurgeDeletedEnsure

Cron to purge db entries marked as deleted and older than $age - Ensure. The default value is: present

HeatCronPurgeDeletedHour

Cron to purge db entries marked as deleted and older than $age - Hour. The default value is: 0

HeatCronPurgeDeletedMaxDelay

Cron to purge db entries marked as deleted and older than $age - Max Delay. The default value is: 3600

HeatCronPurgeDeletedMinute

Cron to purge db entries marked as deleted and older than $age - Minute. The default value is: 1

HeatCronPurgeDeletedMonth

Cron to purge db entries marked as deleted and older than $age - Month. The default value is: *

HeatCronPurgeDeletedMonthday

Cron to purge db entries marked as deleted and older than $age - Month Day. The default value is: *

HeatCronPurgeDeletedUser

Cron to purge db entries marked as deleted and older than $age - User. The default value is: heat

HeatCronPurgeDeletedWeekday

Cron to purge db entries marked as deleted and older than $age - Week Day. The default value is: *

HeatEnableDBPurge

Whether to create cron job for purging soft deleted rows in the OpenStack Orchestration (heat) database. The default value is: True

HeatMaxJsonBodySize

Maximum raw byte size of the OpenStack Orchestration (heat) API JSON request body. The default value is: 1048576

HeatMaxResourcesPerStack

Maximum resources allowed per top-level stack. -1 stands for unlimited. The default value is: 1000

HeatPassword

The password for the Orchestration service and database account.

HeatStackDomainAdminPassword

The admin password for the OpenStack Orchestration (heat) domain in OpenStack Identity (keystone).

HeatWorkers

Number of workers for Heat service. The default value is: 0. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

Chapter 10. Dashboard (horizon) Parameters

ParameterDescription

HorizonAllowedHosts

A list of IP/Hostname for the server OpenStack Dashboard (horizon) is running on. Used for header checks. The default value is: *

HorizonCustomizationModule

OpenStack Dashboard (horizon) has a global overrides mechanism available to perform customizations.

HorizonPasswordValidator

Regex for password validation.

HorizonPasswordValidatorHelp

Help text for password validation.

HorizonSecret

Secret key for the webserver.

HorizonSecureCookies

Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in OpenStack Dashboard (horizon). The default value is: False

HorizonVhostExtraParams

Extra parameters for OpenStack Dashboard (horizon) vhost configuration. The default value is: {'priority': 10, 'access_log_format': '%a %l %u %t \\"%r\\" %>s %b \\"%%{}{Referer}i\\" \\"%%{}{User-Agent}i\\"', 'options': ['FollowSymLinks', 'MultiViews']}

InternalTLSCAFile

Specifies the default CA cert to use if TLS is used for services in the internal network. The default value is: /etc/ipa/ca.crt

MemcachedIPv6

Enable IPv6 features in Memcached. The default value is: False

Chapter 11. Bare Metal (ironic) Parameters

ParameterDescription

IronicCleaningDiskErase

Type of disk cleaning before and between deployments. full for full cleaning. metadata to clean only disk metadata (partition table). The default value is: full

IronicCleaningNetwork

Name or UUID of the overcloud network used for cleaning bare metal nodes. The default value of provisioning can be left during the initial deployment (when no networks are created yet) and should be changed to an actual UUID in a post-deployment stack update.

IronicDefaultBootOption

How to boot the bare metal instances. Set to local to use local bootloader (requires grub2 for partition images). Set to netboot to make the instances boot from controllers using PXE/iPXE. The default value is: local

IronicDefaultNetworkInterface

Network interface implementation to use by default. Set to flat to use one flat provider network. Set to neutron to make OpenStack Bare Metal (ironic) interact with the OpenStack Networking (neutron) ML2 driver to enable other network types and certain advanced networking features. Requires IronicProvisioningNetwork to be correctly set. The default value is: flat

IronicEnabledDrivers

Enabled OpenStack Bare Metal (ironic) drivers. The default value is: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo']

IronicEnabledHardwareTypes

Enabled OpenStack Bare Metal (ironic) hardware types. The default value is: ['ipmi', 'redfish']

IronicEnabledManagementInterfaces

Enabled management interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is: ['ipmitool', 'redfish']

IronicEnabledPowerInterfaces

Enabled power interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is: ['ipmitool', 'redfish']

IronicIPXEEnabled

Whether to use iPXE instead of PXE for deployment. The default value is: True

IronicIPXEPort

Port to use for serving images when iPXE is used. The default value is: 8088

IronicInspectorIPXEEnabled

Whether to use iPXE for inspection. The default value is: True

IronicInspectorInterface

Network interface on which inspection dnsmasq will listen. The default value is: br-ex

IronicInspectorIpRange

Temporary IP range that will be given to nodes during the inspection process. This should not overlap with any range that OpenStack Networking (neutron) DHCP allocates, but it has to be routeable back to ironic-inspector. This option has no meaningful defaults, and thus is required.

IronicInspectorUseSwift

Whether to use Swift for storing introspection data. The default value is: True

IronicPassword

The password for the Bare Metal service and database account.

IronicProvisioningNetwork

Name or UUID of the overcloud network used for provisioning of bare metal nodes if IronicDefaultNetworkInterface is set to neutron. The default value of provisioning can be left during the initial deployment (when no networks are created yet) and should be changed to an actual UUID in a post-deployment stack update. The default value is: provisioning

Chapter 12. Identity (keystone) Parameters

ParameterDescription

AdminEmail

The email for the OpenStack Identity (keystone) admin account. The default value is: admin@example.com

AdminPassword

The password for the OpenStack Identity (keystone) admin account.

AdminToken

The OpenStack Identity (keystone) secret and database password.

KeystoneCredential0

The first OpenStack Identity (keystone) credential key. Must be a valid key.

KeystoneCredential1

The second OpenStack Identity (keystone) credential key. Must be a valid key.

KeystoneCronTokenFlushDestination

Cron to purge expired tokens - Log destination. The default value is: /var/log/keystone/keystone-tokenflush.log

KeystoneCronTokenFlushEnsure

Cron to purge expired tokens - Ensure. The default value is: present

KeystoneCronTokenFlushHour

Cron to purge expired tokens - Hour. The default value is: *

KeystoneCronTokenFlushMaxDelay

Cron to purge expired tokens - Max Delay. The default value is: 0

KeystoneCronTokenFlushMinute

Cron to purge expired tokens - Minute. The default value is: 1

KeystoneCronTokenFlushMonth

Cron to purge expired tokens - Month. The default value is: *

KeystoneCronTokenFlushMonthday

Cron to purge expired tokens - Month Day. The default value is: *

KeystoneCronTokenFlushUser

Cron to purge expired tokens - User. The default value is: keystone

KeystoneCronTokenFlushWeekday

Cron to purge expired tokens - Week Day. The default value is: *

KeystoneEnableDBPurge

Whether to create cron job for purging soft deleted rows in OpenStack Identity (keystone) database. The default value is: True

KeystoneFernetKey0

The first OpenStack Identity (keystone) fernet key. Must be a valid key.

KeystoneFernetKey1

The second OpenStack Identity (keystone) fernet key. Must be a valid key.

KeystoneFernetKeys

Mapping containing OpenStack Identity (keystone) fernet keys and their paths.

KeystoneFernetMaxActiveKeys

The maximum active keys in the OpenStack Identity (keystone) fernet key repository. The default value is: 5

KeystoneLDAPBackendConfigs

Hash containing the configurations for the LDAP backends configured in keystone.

KeystoneLDAPDomainEnable

Trigger to call ldap_backend puppet keystone define. The default value is: False

KeystoneNotificationDriver

Comma-separated list of Oslo notification drivers used by Keystone. The default value is: ['messaging']

KeystoneNotificationFormat

The OpenStack Identity (keystone) notification format. The default value is: basic

KeystoneNotificationTopics

OpenStack Identity (keystone) notification topics to enable.

KeystoneSSLCertificate

Keystone certificate for verifying token validity.

KeystoneSSLCertificateKey

Keystone key for signing tokens.

KeystoneTokenProvider

The OpenStack Identity (keystone) token format. The default value is: fernet

KeystoneWorkers

Set the number of workers for the OpenStack Identity (keystone) service. The default value is equal to the number of CPU cores on the node. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

ManageKeystoneFernetKeys

Whether director should manage the OpenStack Identity (keystone) fernet keys or not. If set to True, the fernet keys will get the values from the saved keys repository in OpenStack Workflow (mistral) from the KeystoneFernetKeys variable. If set to false, only the stack creation initializes the keys, but subsequent updates will not touch them. The default value is: True

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

Chapter 13. Shared File Service (manila) Parameters

ParameterDescription

ManilaPassword

The password for the shared file service account.

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

Chapter 14. Networking (neutron) Parameters

ParameterDescription

DatabaseSyncTimeout

Database synchronization timeout default. The default value is: 300

DhcpAgentNotification

Enables DHCP agent notifications. The default value is: True

EnableConfigPurge

Remove configuration that is not generated by the director. Used to avoid configuration remnants after upgrades. The default value is: False

NeutronAgentExtensions

Comma-separated list of extensions enabled for the OpenStack Networking (neutron) agents. The default value is: qos

NeutronAllowL3AgentFailover

Allow automatic l3-agent failover. The default value is: True

NeutronBridgeMappings

The logical to physical bridge mappings to use. The default (datacentre:br-ex) maps br-ex (the external bridge on hosts) to a physical name datacentre, which provider networks can use (for example, the default floating network). If changing this, either use different post-install network scripts or be sure to keep datacentre as a mapping network name.

NeutronCorePlugin

The core plugin for networking. The value should be the entrypoint to be loaded from neutron.core_plugins namespace. The default value is: ml2

NeutronDBSyncExtraParams

String of extra command line parameters to append to the neutron-db-manage upgrade head command.

NeutronDhcpAgentDnsmasqDnsServers

List of servers to use as dnsmasq forwarders.

NeutronDhcpAgentsPerNetwork

The number of DHCP agents to schedule per network. The default value is: 0

NeutronDnsDomain

Domain to use for building the hostnames. The default value is: openstacklocal

NeutronEnableARPResponder

Enable ARP responder feature in the OVS Agent. The default value is: False

NeutronEnableDVR

Enable Distributed Virtual Router. The default value is: False

NeutronEnableForceMetadata

If True, DHCP always provides metadata route to VM. The default value is: False

NeutronEnableIsolatedMetadata

If True, DHCP allows metadata support on isolated networks. The default value is: False

NeutronEnableL2Pop

Enable/disable the L2 population feature in the OpenStack Networking (neutron) agents. The default value is: False

NeutronEnableMetadataNetwork

If True, DHCP provides metadata network. Requires either NeutronEnableIsolatedMetadata or NeutronEnableForceMetadata parameters to also be True. The default value is: False

NeutronExternalNetworkBridge

Name of bridge used for external network traffic. Usually L2 agent handles port wiring into external bridge, and hence the parameter should be unset.

NeutronFirewallDriver

Firewall driver for realizing OpenStack Networking (neutron) security group function. The default value is: openvswitch

NeutronFlatNetworks

Sets the flat network name to configure in plugins. The default value is: datacentre

NeutronGlobalPhysnetMtu

MTU of the underlying physical network. OpenStack Networking (neutron) uses this value to calculate MTU for all virtual network components. For flat and VLAN networks, OpenStack Networking uses this value without modification. For overlay networks such as VXLAN, OpenStack Networking automatically subtracts the overlay protocol overhead from this value. The default value is: 1500

NeutronL3AgentMode

Agent mode for L3 agent. Must be legacy or dvr_snat. The default value is: legacy

NeutronMechanismDrivers

The mechanism drivers for the tenant network. The default value is: openvswitch

NeutronMetadataProxySharedSecret

Shared secret to prevent spoofing.

NeutronNetworkType

The tenant network type. The default value is: vxlan

NeutronNetworkVLANRanges

The OpenStack Networking (neutron) ML2 and Open vSwitch VLAN mapping range to support. Defaults to permitting any VLAN on the datacentre physical network (See NeutronBridgeMappings). The default value is: datacentre:1:1000

NeutronOVSFirewallDriver

Configure the classname of the firewall driver to use for implementing security groups. Possible values depend on system configuration. Some examples are: noop, openvswitch, iptables_hybrid. The default value of an empty string results in a default supported configuration.

NeutronOverlayIPVersion

IP version used for all overlay network endpoints. The default value is: 4

NeutronPassword

The password for the OpenStack Networking (neutron) service and database account.

NeutronPluginExtensions

Comma-separated list of enabled extension plugins. The default value is: qos,port_security

NeutronServicePlugins

Comma-separated list of service plugin entrypoints. The default value is: router,qos,trunk

NeutronTunnelIdRanges

Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation. The default value is: ['1:4094']

NeutronTunnelTypes

The tunnel types for the tenant network. The default value is: vxlan

NeutronTypeDrivers

Comma-separated list of network type driver entrypoints to be loaded. The default value is: vxlan,vlan,flat,gre

NeutronVniRanges

Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of VXLAN VNI IDs that are available for tenant network allocation. The default value is: ['1:4094']

NeutronWorkers

Sets the number of API and RPC workers for the OpenStack Networking service. The default value is equal to the number of CPU cores on the node. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

Chapter 15. Compute (nova) Parameters

ParameterDescription

DatabaseSyncTimeout

Database synchronization timeout default. The default value is: 300

EnableConfigPurge

Remove configuration that is not generated by the director. Used to avoid configuration remnants after upgrades. The default value is: False

InstanceNameTemplate

Template string to be used to generate instance names. The default value is: instance-%08x

InternalTLSCAFile

Specifies the default CA cert to use if TLS is used for services in the internal network. The default value is: /etc/ipa/ca.crt

LibvirtCACert

This specifies the CA certificate to use for TLS in libvirt. This file will be symlinked to the default CA path in libvirt, which is /etc/pki/CA/cacert.pem. Note that due to limitations GNU TLS, which is the TLS backend for libvirt, the file must be less than 65K (so we can’t use the system’s CA bundle). This parameter should be used if the default (which comes from the InternalTLSCAFile parameter) is not desired. The current default reflects TripleO’s default CA, which is FreeIPA. It will only be used if internal TLS is enabled.

LibvirtEnabledPerfEvents

This is a performance event list which could be used as monitor. For example: cmt,mbml,mbmt. Make sure you are using Red Hat Enterprise Linux 7.4 as the base and libvirt version is 1.3.3 or above. Also ensure you have enabled the notifications and are using hardware with a CPU that supports the cmt flag.

LibvirtTLSPassword

The password for the libvirt service when TLS is enabled.

MigrationSshKey

SSH key for migration. Expects a dictionary with keys public_key and private_key. Values should be identical to SSH public/private key files. The default value is: {'public_key': '', 'private_key': ''}

MigrationSshPort

Target port for migration over ssh. The default value is: 2022

NeutronMetadataProxySharedSecret

Shared secret to prevent spoofing.

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

NovaComputeLibvirtType

Libvirt domain type. Defaults to kvm.

NovaComputeLibvirtVifDriver

Libvirt VIF driver configuration for the network.

NovaCronArchiveDeleteRowsDestination

Cron to move deleted instances to another table - Log destination. The default value is: /var/log/nova/nova-rowsflush.log

NovaCronArchiveDeleteRowsHour

Cron to move deleted instances to another table - Hour. The default value is: 0

NovaCronArchiveDeleteRowsMaxRows

Cron to move deleted instances to another table - Max Rows. The default value is: 100

NovaCronArchiveDeleteRowsMinute

Cron to move deleted instances to another table - Minute. The default value is: 1

NovaCronArchiveDeleteRowsMonth

Cron to move deleted instances to another table - Month. The default value is: *

NovaCronArchiveDeleteRowsMonthday

Cron to move deleted instances to another table - Month Day. The default value is: *

NovaCronArchiveDeleteRowsUntilComplete

Cron to move deleted instances to another table - Until complete. The default value is: False

NovaCronArchiveDeleteRowsUser

Cron to move deleted instances to another table - User. The default value is: nova

NovaCronArchiveDeleteRowsWeekday

Cron to move deleted instances to another table - Week Day. The default value is: *

NovaDbSyncTimeout

Timeout for OpenStack Compute (nova) database synchronization in seconds. The default value is: 300

NovaDefaultFloatingPool

Default pool for floating IP addresses. The default value is: public

NovaEnableDBPurge

Whether to create cron job for purging soft deleted rows in OpenStack Compute (nova) database. The default value is: True

NovaIPv6

Enable IPv6 features for OpenStack Compute (nova). The default is: false

NovaOVSBridge

Name of integration bridge used by Open vSwitch. The default value is: br-int

NovaPCIPassthrough

YAML list of PCI passthrough whitelist parameters.

NovaPassword

The password for the OpenStack Compute (nova) service and database account.

NovaPlacementAPIInterface

Endpoint interface to be used for the placement API. The default value is: internal

NovaReservedHostMemory

Reserved RAM for host processes. The default value is: 4096

NovaSchedulerAvailableFilters

List of available filters for OpenStack Compute (nova) to use to filter nodes.

NovaSchedulerDefaultFilters

An array of filters OpenStack Compute (nova) uses to filter a node. OpenStack Compute applies these filters in the order they are listed. Place your most restrictive filters first to make the filtering process more efficient.

NovaSchedulerDiscoverHostsInCellsInterval

This value controls how often (in seconds) the scheduler should attempt to discover new hosts that have been added to cells. The default value of -1 disables the periodic task completely. It is recommended to set this parameter for deployments using OpenStack Bare Metal (ironic). The default value is: -1

NovaVcpuPinSet

A list or range of physical CPU cores to reserve for virtual machine processes. For example, NovaVcpuPinSet: [4-12,^8] reserves cores from 4-12 excluding 8.

NovaWorkers

Number of workers for the Compute’s Conductor service. The default value is: 0. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption.

UpgradeLevelNovaCompute

OpenStack Compute upgrade level. The default value is: auto

Chapter 16. Clustering (sahara) Parameters

ParameterDescription

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

SaharaPassword

The password for the clusting service and database account.

SaharaPlugins

Clustering enabled plugin list. The default value is: ['ambari', 'cdh', 'mapr', 'vanilla', 'spark', 'storm']

SaharaWorkers

Set the number of workers for the clustering service. The default value is: 0. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

Chapter 17. Object Storage (swift) Parameters

ParameterDescription

ControllerEnableSwiftStorage

Whether to enable object storage on Controller nodes. The default value is: True

SwiftCeilometerIgnoreProjects

Comma-separated list of project names to ignore. The default value is: ['service']

SwiftCeilometerPipelineEnabled

Set to False to disable the object storage proxy ceilometer pipeline. The default value is: True

SwiftHashSuffix

A random string to be used as a salt when hashing to determine mappings in the ring.

SwiftMinPartHours

The minimum time (in hours) before a partition in a ring can be moved following a rebalance. The default value is: 1

SwiftMountCheck

Check if the devices are mounted to prevent accidentally writing to the root device. The default value is: False

SwiftPartPower

Partition power to use when building object storage rings. The default value is: 10

SwiftPassword

The password for the object storage service account.

SwiftProxyNodeTimeout

Timeout for requests going from swift-proxy to account, container, and object services. The default value is: 60

SwiftRawDisks

Additional raw devices to use for the object storage backend. For example: {sdb: {}}

SwiftReplicas

Number of replicas to use in the object storage rings. The default value is: 3

SwiftRingBuild

Whether to manage object storage rings or not. The default value is: True

SwiftRingGetTempurl

A temporary Swift URL to download rings from.

SwiftRingPutTempurl

A temporary Swift URL to upload rings to.

SwiftUseLocalDir

Use a local directory for object storage services when building rings. The default value is: True

SwiftWorkers

Number of workers for object storage service. The default value is: 0. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

Chapter 18. Telemetry (ceilometer, gnocchi, aodh) Parameters

ParameterDescription

AodhPassword

The password for the OpenStack Telemetry Alarming (aodh) services.

CeilometerApiEndpoint

Whether to create or skip legacy Telemetry API endpoint. The default value is: False. Set this parameter to true to enable legacy Telemetry API service.

CeilometerBackend

The Telemetry backend type. The default value is: mongodb

CeilometerEventDispatcher

Comma-separated list of Dispatchers to process events data. Note that the database option is deprecated and will not be supported in the future. The default value is: ['panko', 'gnocchi']

CeilometerEventTTL

Number of seconds that events are kept in the database for (⇐ 0 means forever). The default value is: 86400

CeilometerMeterDispatcher

Comma-separated list of Dispatcher to process meter data. Note that the database option is deprecated and will not be supported in the future. The default value is: ['gnocchi']

CeilometerMeteringSecret

Secret shared by the Telemetry services.

CeilometerMeteringTTL

Number of seconds that samples are kept in the database for (⇐ 0 means forever). The default value is: 86400

CeilometerPassword

The password for the Telemetry service account.

CeilometerWorkers

Number of workers for the Telemetry service. The default value is: 0. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

GnocchiArchivePolicy

Archive policy to use with OpenStack Telemetry Metrics (gnocchi) backend. The default value is: low

GnocchiBackend

The short name of the OpenStack Telemetry Metrics (gnocchi) backend to use. Should be one of swift, rbd, or file. The default value is: swift

GnocchiExternalProject

Project name of resources creator in OpenStack Telemetry Metrics (gnocchi). The default value is: service

GnocchiIndexerBackend

The short name of the OpenStack Telemetry Metrics (gnocchi) indexer backend to use. The default value is: mysql

GnocchiMetricdWorkers

Number of workers for OpenStack Telemetry Metrics (gnocchi). The default value is equal to the number of CPU cores on the node. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

GnocchiPassword

The password for the OpenStack Telemetry Metrics (gnocchi) service and database account.

InternalTLSCAFile

Specifies the default CA cert to use if TLS is used for services in the internal network. The default value is: /etc/ipa/ca.crt

ManageEventPipeline

Whether to manage event_pipeline.yaml. The default value is: True

ManagePipeline

Whether to manage pipeline.yaml. The default value is: False

ManagePolling

Whether to manage polling.yaml. The default value is: False

MetricProcessingDelay

Delay between processing metrics. The default value is: 30

MongoDbIPv6

Enable IPv6 if MongoDB VIP is IPv6. The default value is: False

MongoDbNoJournal

Should MongoDb journaling be disabled. The default value is: False

MongodbMemoryLimit

Limit the amount of memory mongodb uses with systemd. The default value is: 20G

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

NumberOfStorageSacks

Number of storage sacks to create. The default value is: 128

PankoPassword

The password for the panko services.

PipelinePublishers

A list of publishers to put in pipeline.yaml. When the collector is used, override this with notifier:// publisher. Set ManagePipeline to true for override to take effect. The default value is: ['gnocchi://']

SnmpdReadonlyUserName

The user name for SNMPd with readonly rights running on all Overcloud nodes. The default value is: ro_snmp_user

SnmpdReadonlyUserPassword

The user password for SNMPd with readonly rights running on all Overcloud nodes.

Chapter 19. Time Parameters

ParameterDescription

NtpIburstEnable

Specifies whether to enable the iburst option for every NTP peer. If iburst is enabled, when the NTP server is unreachable NTP will send a burst of eight packages instead of one. This is designed to speed up the initial syncrhonization. The default value is: True

NtpServer

NTP servers list. The default value is: ['pool.ntp.org']

TimeZone

The timezone to be set on the overcloud. The default value is: UTC