Overcloud Parameters

Red Hat OpenStack Platform 15-Beta

Parameters for customizing the core template collection for a Red Hat OpenStack Platform overcloud

OpenStack Documentation Team

Abstract

This guide provides parameters for customizing the overcloud in Red Hat OpenStack Platform. Use this guide in conjunction with the Advanced Overcloud Customization guide.

Chapter 1. Core Overcloud Parameters

ParameterDescription

AddVipsToEtcHosts

Set to true to append per network VIPs to /etc/hosts on each node. The default value is: True

CloudDomain

The DNS domain used for the hosts. This should match the dhcp_domain configured in the undercloud. The default value is: localdomain

CloudName

The DNS name of this cloud. The default value is: overcloud.localdomain

CloudNameCtlplane

The DNS name of this cloud’s control plane endpoint. The default value is: overcloud.ctlplane.localdomain

CloudNameInternal

The DNS name of this cloud’s internal API endpoint. The default value is: overcloud.internalapi.localdomain

CloudNameStorage

The DNS name of this cloud’s storage endpoint. E.g. ci-overcloud.storage.tripleo.org. The default value is: overcloud.storage.localdomain

CloudNameStorageManagement

The DNS name of this cloud’s storage management endpoint. The default value is: overcloud.storagemgmt.localdomain

ControlFixedIPs

Defines a fixed VIP for the Control Plane. Value uses the following format: [{ip_address:'1.2.3.4'}]

ControlPlaneSubnet

The name of the undercloud OpenStack Networking (neutron) control plane subnet. The default value is: ctlplane-subnet

ControlPlaneSubnetCidr

The subnet CIDR of the control plane network. The parameter is automatically resolved from the ctlplane subnet’s cidr attribute.

DeployIdentifier

Setting this to a unique value will re-run any deployment tasks that perform configuration on a Heat stack-update.

DeploymentServerBlacklist

List of server hostnames to blacklist from any triggered deployments.

EndpointMapOverride

Can be used to override the calcluated EndpointMap.

ExternalVirtualFixedIPs

Control the IP allocation for the For example,ernalVirtualInterface port. E.g. [{ip_address:'1.2.3.4'}].

ExtraConfig

Additional hiera configuration to inject into the cluster.

ExtraHostFileEntries

List of extra hosts entries to be appended to /etc/hosts.

GlobalConfigExtraMapData

Map of extra global_config_settings data to set on each node.

HypervisorNeutronPhysicalBridge

An Open vSwitch bridge to create on each hypervisor. This defaults to br-ex, which is the same as the control plane nodes. This ensures uniform configuration of the Open vSwitch agent. Typically should not need to be changed. The default value is: br-ex

HypervisorNeutronPublicInterface

What interface to add to the HypervisorNeutronPhysicalBridge. The default value is: nic1

InternalApiVirtualFixedIPs

Control the IP allocation for the InternalApiVirtualInterface port. Value uses the following format: [{ip_address:'1.2.3.4'}]

NeutronControlPlaneID

ID or name for Control Plane ctlplane network. The default value is: ctlplane

NeutronPublicInterface

The interface to attach to the external bridge. The default value is: nic1

NodeCreateBatchSize

Maximum batch size for creating nodes. It is recommended to not exceed a batch size of 32 nodes. The default value is: 30

NovaAdditionalCell

Whether this is an cell additional to the default cell. The default value is: False

PublicVirtualFixedIPs

Control the IP allocation for the PublicVirtualInterface port. Value uses the following format: [{ip_address:'1.2.3.4'}]

RabbitCookieSalt

Salt for the RabbitMQ cookie. Change to force the randomly generated RabbitMQ cookie to change. The default value is: unset

RedisVirtualFixedIPs

Control the IP allocation for the virtual IP used by Redis. Value uses the following format: [{ip_address:'1.2.3.4'}]

ServerMetadata

Extra properties or metadata passed to Nova for the created nodes in the overcloud. Accessible through the Nova metadata API.

StorageMgmtVirtualFixedIPs

Control the IP allocation for the StorageMgmgVirtualInterface port. Value uses the following format: [{ip_address:'1.2.3.4'}]

StorageVirtualFixedIPs

Control the IP allocation for the StorageVirtualInterface port. Value uses the following format: [{ip_address:'1.2.3.4'}]

UpdateIdentifier

Set to a previously unused value during stack-update triggers package update on all nodes.

Chapter 2. Role-Based Parameters

Substitute _ROLE_ with the name of the role. For example, for _ROLE_Count use ControllerCount.

ParameterDescription

_ROLE_Count

The number of nodes to deploy in a role.

_ROLE_ExtraConfig

Role specific additional hiera configuration to inject into the cluster.

_ROLE_HostnameFormat

Format for node hostnames. Note that %index% is translated into the index of the node (e.g 0/1/2) and %stackname% is replaced with the stack name (e.g overcloud). The default value is: %stackname%-_ROLE_-%index%

_ROLE_Parameters

Optional Role Specific parameters to be provided to service.

_ROLE_RemovalPolicies

List of resources to be removed from the role’s ResourceGroup when doing an update that requires removal of specific resources.

_ROLE_RemovalPoliciesMode

How to handle change to RemovalPolicies for ROLE ResourceGroup when doing an update. Default mode append will append to the existing blacklist and update would replace the blacklist. The default value is: append

_ROLE_SchedulerHints

Optional scheduler hints to pass to OpenStack Compute (nova).

_ROLE_Services

A list of service resources (configured in the OpenStack Orchestration (heat) resource_registry) which represent nested stacks for each service that should get installed on the ROLE role.

Chapter 3. Debug Parameters

These parameters allow you to set debug mode on a per-service basis. The Debug parameter acts as a global parameter for all services and the per-service parameters can override the effects of global parameter on individual services.

ParameterDescription

AodhDebug

Set to True to enable debugging OpenStack Telemetry Alarming (aodh) services.

BarbicanDebug

Set to True to enable debugging OpenStack Key Manager (barbican) service.

CeilometerDebug

Set to True to enable debugging OpenStack Telemetry (ceilometer) services.

CinderDebug

Set to True to enable debugging on OpenStack Block Storage (cinder) services.

ConfigDebug

Whether to run configuration management (e.g. Puppet) in debug mode. The default value is: False

Debug

Set to True to enable debugging on all services. The default value is: False

GlanceDebug

Set to True to enable debugging OpenStack Image Storage (glance) service.

GnocchiDebug

Set to True to enable debugging OpenStack Telemetry Metrics (gnocchi) services.

HeatDebug

Set to True to enable debugging OpenStack Orchestration (heat) services.

HorizonDebug

Set to True to enable debugging OpenStack Dashboard (horizon) service.

IronicDebug

Set to True to enable debugging OpenStack Bare Metal (ironic) services.

KeystoneDebug

Set to True to enable debugging OpenStack Identity (keystone) service.

ManilaDebug

Set to True to enable debugging OpenStack Shared File Systems (manila) services.

MistralDebug

Set to True to enable debugging OpenStack Workflow (mistral) services.

NeutronDhcpAgentDebug

Set to True to enable debugging for OpenStack Networking (neutron) DHCP agent.

NeutronL2gwAgentDebug

Set to True to enable debugging for OpenStack Networking (neutron) L2gw agent.

NeutronL3AgentDebug

Set to True to enable debugging for OpenStack Networking (neutron) L3 agent.

NeutronMetadataAgentDebug

Set to True to enable debugging for OpenStack Networking (neutron) Metadata agent.

NeutronWrapperDebug

Controls debugging for the wrapper scripts. The default value is: False

NovaDebug

Set to True to enable debugging OpenStack Compute (nova) services.

SaharaDebug

Set to True to enable debugging OpenStack Clustering (sahara) services.

ZaqarDebug

Set to True to enable debugging OpenStack Messaging (zaqar) service.

Chapter 4. Policy Parameters

These parameters allow you to set policies on a per-service basis.

ParameterDescription

AodhApiPolicies

A hash of policies to configure for OpenStack Telemetry Alarming (aodh) API.

BarbicanPolicies

A hash of policies to configure for OpenStack Key Manager (barbican).

CinderApiPolicies

A hash of policies to configure for OpenStack Block Storage (cinder) API.

GlanceApiPolicies

A hash of policies to configure for OpenStack Image Storage (glance) API.

GnocchiApiPolicies

A hash of policies to configure for OpenStack Telemetry Metrics (gnocchi) API.

HeatApiPolicies

A hash of policies to configure for OpenStack Orchestration (heat) API.

IronicApiPolicies

A hash of policies to configure for OpenStack Bare Metal (ironic) API.

KeystonePolicies

A hash of policies to configure for OpenStack Identity (keystone).

MistralApiPolicies

A hash of policies to configure for OpenStack Workflow (mistral) API.

NeutronApiPolicies

A hash of policies to configure for OpenStack Networking (neutron) API.

NovaApiPolicies

A hash of policies to configure for OpenStack Compute (nova) API.

SaharaApiPolicies

A hash of policies to configure for OpenStack Clustering (sahara) API.

ZaqarPolicies

A hash of policies to configure for OpenStack Messaging (zaqar).

Chapter 5. Ceph Storage Parameters

ParameterDescription

CephAdminKey

The Ceph admin client key. Can be created with: ceph-authtool --gen-print-key

CephAnsibleDisksConfig

Disks configuration settings for ceph-ansible. The default value is: {'osd_scenario': 'collocated', 'devices': ['/dev/vdb'], 'journal_size': 512}

CephAnsibleEnvironmentVariables

Mapping of Ansible environment variables to override defaults.

CephAnsibleExtraConfig

For example,ra vars for the ceph-ansible playbook.

CephAnsiblePlaybook

List of paths to the ceph-ansible playbooks to execute. If not specified, the playbook will be determined automatically depending on type of operation being performed (deploy/update/upgrade). The default value is: ['default']

CephAnsiblePlaybookVerbosity

The number of -v, -vv, etc. passed to ansible-playbook command. The default value is: 1

CephAnsibleSkipTags

List of ceph-ansible tags to skip. The default value is: package-install,with_pkg

CephClientKey

The Ceph client key. Currently only used for external Ceph deployments to create the openstack user keyring. Can be created with: ceph-authtool --gen-print-key

CephClusterFSID

The Ceph cluster FSID. Must be a UUID.

CephClusterName

The Ceph cluster name. The default value is: ceph

CephConfigOverrides

For example,ra configuration settings to dump into ceph.conf.

CephExternalMonHost

List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments.

CephIPv6

Enables Ceph daemons to bind to IPv6 addresses. The default is: false

CephManilaClientKey

The Ceph client key. Can be created with: ceph-authtool --gen-print-key

CephMdsKey

The cephx key for the MDS service. Can be created with ceph-authtool --gen-print-key.

CephMonKey

The Ceph monitors key. Can be created with: ceph-authtool --gen-print-key

CephPoolDefaultPgNum

Default pg_num to use for the RBD pools. The default value is: 128

CephPoolDefaultSize

Default minimum replication for RBD copies. The default value is: 3

CephPools

Override settings for one of the predefined pools or to create additional ones. Example: { "volumes": { "size": 5, "pg_num": 128, "pgp_num": 128 } }

CephRbdMirrorConfigure

Perform mirror configuration between local and remote pool. The default value is: True

CephRbdMirrorCopyAdminKey

Copy the admin key to all nodes. The default value is: False

CephRbdMirrorPool

Name of the local pool to mirror to remote cluster.

CephRbdMirrorRemoteCluster

The name given to the remote Ceph cluster from the local cluster. Keys reside in the /etc/ceph directory. The default value is: not-ceph

CephRbdMirrorRemoteUser

The rbd-mirror daemon needs a user to authenticate with the remote cluster. By default, this key should be available under /etc/ceph/<remote_cluster>.client.<remote_user>.keyring.

CephRgwClientName

The client name for the RADOSGW service.

CephRgwKey

The cephx key for the RADOSGW client. Can be created with ceph-authtool --gen-print-key.

CephValidationDelay

Interval (in seconds) in between validation checks. The default value is: 30

CephValidationRetries

Number of retry attempts for Ceph validation. The default value is: 40

CinderBackupRbdPoolName

Pool to use if Block Storage (cinder) Backup is enabled. The default is: backups

CinderRbdExtraPools

List of extra Ceph pools for use with RBD backends for OpenStack Block Storage (cinder). An extra OpenStack Block Storage (cinder) RBD backend driver is created for each pool in the list. This is in addition to the standard RBD backend driver associated with the CinderRbdPoolName.

CinderRbdPoolName

Pool to use for Block Storage (cinder) service. The default is: volumes

ContainerCli

CLI tool used to manage containers. The default value is: podman

DeploymentServerBlacklist

List of server hostnames to blacklist from any triggered deployments.

GlanceRbdPoolName

Pool to use for Image Storage (glance) service. The default is: images

GnocchiRbdPoolName

Pool to use for Telemetry storage. The default is: metrics

LocalCephAnsibleFetchDirectoryBackup

Filesystem path on undercloud to persist a copy of the data from the ceph-ansible fetch directory. Used as an alternative to backing up the fetch_directory in Swift. Path must be writable and readable by the user running ansible from config-download, e.g. the mistral user in the mistral-executor container is able to read/write to /var/lib/mistral/ceph_fetch.

ManilaCephFSCephFSAuthId

The CephFS user ID for Shared Filesystem Service (manila). The default is: manila

ManilaCephFSDataPoolName

Pool to use for file share storage. The default is: manila_data

ManilaCephFSDataPoolPGNum

Placement group count for the CephFS data pool for file share storage.

ManilaCephFSMetadataPoolName

Pool to use for file share metadata storage. The default is: manila_metadata

ManilaCephFSMetadataPoolPGNum

Placement group count for the CephFS metadata pool for file share storage.

ManilaCephFSShareBackendName

Backend name of the CephFS share for file share storage.

NovaRbdPoolName

Pool to use for Compute storage. The default is: vms

Chapter 6. Block Storage (cinder) Parameters

ParameterDescription

CephClusterFSID

The Ceph cluster FSID. Must be a UUID.

CephClusterName

The Ceph cluster name. The default value is: ceph

CinderBackupBackend

The short name of the OpenStack Block Storage (cinder) Backup backend to use. The default value is: swift

CinderBackupNfsMountOptions

Mount options passed to the NFS client. See NFS man page for details.

CinderBackupNfsShare

NFS share to be mounted.

CinderBackupRbdPoolName

The Ceph pool to use for cinder backups. The default value is: backups.

CinderCronDbPurgeAge

Cron to move deleted instances to another table - Age. The default value is: 30

CinderCronDbPurgeDestination

Cron to move deleted instances to another table - Log destination. The default value is: /var/log/cinder/cinder-rowsflush.log

CinderCronDbPurgeHour

Cron to move deleted instances to another table - Hour. The default value is: 0

CinderCronDbPurgeMaxDelay

Cron to move deleted instances to another table - Max Delay. The default value is: 3600

CinderCronDbPurgeMinute

Cron to move deleted instances to another table - Minute. The default value is: 1

CinderCronDbPurgeMonth

Cron to move deleted instances to another table - Month. The default value is: *

CinderCronDbPurgeMonthday

Cron to move deleted instances to another table - Month Day. The default value is: *

CinderCronDbPurgeUser

Cron to move deleted instances to another table - User. The default value is: cinder

CinderCronDbPurgeWeekday

Cron to move deleted instances to another table - Week Day. The default value is: *

CinderDefaultVolumeType

The name of the OpenStack Block Storage (cinder) default volume type. The default value is: tripleo

CinderEnableDBPurge

Whether to create cron job for purging soft deleted rows in OpenStack Block Storage (cinder) database. The default value is: True

CinderEnableIscsiBackend

Whether to enable or not the Iscsi backend for OpenStack Block Storage (cinder). The default value is: True

CinderEnableNfsBackend

Whether to enable or not the NFS backend for OpenStack Block Storage (cinder). The default value is: False

CinderEnableRbdBackend

Whether to enable or not the Rbd backend for OpenStack Block Storage (cinder). The default value is: False

CinderEtcdLocalConnect

When running OpenStack Block Storage (cinder) A/A, whether to connect to Etcd via the local IP for the Etcd network. If set to true, the ip on the local node will be used. If set to false, the VIP on the Etcd network will be used instead. Defaults to false. The default value is: False

CinderISCSIAvailabilityZone

The availability zone of the Iscsi OpenStack Block Storage (cinder) backend. When set, it overrides the default CinderStorageAvailabilityZone.

CinderISCSIHelper

The iSCSI helper to use with cinder. The default value is: lioadm

CinderISCSIProtocol

Whether to use TCP (iscsi) or iSER RDMA (iser) for iSCSI. The default value is: iscsi

CinderLVMLoopDeviceSize

The size of the loopback file used by the cinder LVM driver. The default value is: 10280

CinderNasSecureFileOperations

Controls whether security enhanced NFS file operations are enabled. Valid values are auto, true or false. Effective when CinderEnableNfsBackend is true. The default value is: False

CinderNasSecureFilePermissions

Controls whether security enhanced NFS file permissions are enabled. Valid values are auto, true or false. Effective when CinderEnableNfsBackend is true. The default value is: False

CinderNfsAvailabilityZone

The availability zone of the NFS OpenStack Block Storage (cinder) backend. When set, it overrides the default CinderStorageAvailabilityZone.

CinderNfsMountOptions

Mount options for NFS mounts used by OpenStack Block Storage (cinder) NFS backend. Effective when CinderEnableNfsBackend is true.

CinderNfsServers

NFS servers used by OpenStack Block Storage (cinder) NFS backend. Effective when CinderEnableNfsBackend is true.

CinderNfsSnapshotSupport

Whether to enable support for snapshots in the NFS driver. Effective when CinderEnableNfsBackend is true. The default value is: True

CinderPassword

The password for the cinder service and database account.

CinderRbdAvailabilityZone

The availability zone of the RBD OpenStack Block Storage (cinder) backend. When set, it overrides the default CinderStorageAvailabilityZone.

CinderRbdExtraPools

List of extra Ceph pools for use with RBD backends for OpenStack Block Storage (cinder). An extra OpenStack Block Storage (cinder) RBD backend driver is created for each pool in the list. This is in addition to the standard RBD backend driver associated with the CinderRbdPoolName.

CinderRbdPoolName

The Ceph pool to use for cinder volumes. The default value is: volumes.

CinderStorageAvailabilityZone

The OpenStack Block Storage (cinder) service’s storage availability zone. The default value is: nova

CinderVolumeCluster

The cluster name used for deploying the cinder-volume service in an active-active (A/A) configuration. This configuration requires the OpenStack Block Storage (cinder) backend drivers support A/A, and the cinder-volume service not be managed by pacemaker. If these criteria are not met then the cluster name must be left blank.

CinderVolumeOptEnvVars

List of optional environment variables.

CinderVolumeOptVolumes

List of optional volumes to be mounted.

CinderWorkers

Set the number of workers for the block storage service. The default value is equal to the number of CPU cores on the node. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

ContainerCli

CLI tool used to manage containers. The default value is: podman

DeployIdentifier

Setting this to a unique value will re-run any deployment tasks which perform configuration on a OpenStack Orchestration (heat) stack-update.

DockerCinderVolumeUlimit

Ulimit for OpenStack Block Storage (cinder) Volume Container. The default value is: ['nofile=131072']

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

PcmkConfigRestartTimeout

Time in seconds to wait for a pcmk resource to restart when a configuration change is detected and the resource is being restarted. The default value is: 600

Chapter 7. Image Storage (glance) Parameters

ParameterDescription

CephClusterName

The Ceph cluster name. The default value is: ceph

GlanceApiOptVolumes

List of optional volumes to be mounted.

GlanceBackend

The short name of the backend to use. Should be one of swift, rbd, or file. The default value is: swift

GlanceCacheEnabled

Enable OpenStack Image Storage (glance) Image Cache. The default value is: False

GlanceEnabledImportMethods

List of enabled Image Import Methods. Valid values in the list are glance-direct and web-download. The default value is: web-download

GlanceIgnoreUserRoles

List of user roles to be ignored for injecting image metadata properties. The default value is: admin

GlanceImageCacheDir

Base directory that the Image Cache uses. The default value is: /var/lib/glance/image-cache

GlanceImageCacheMaxSize

The upper limit on cache size, in bytes, after which the cache-pruner cleans up the image cache. The default value is: 10737418240

GlanceImageCacheStallTime

The amount of time, in seconds, to let an image remain in the cache without being accessed. The default value is: 86400

GlanceImageConversionOutputFormat

Desired output format for image conversion plugin. The default value is: raw

GlanceImageImportPlugins

List of enabled Image Import Plugins. Valid values in the list are image_conversion, inject_metadata, no_op.

GlanceImageMemberQuota

Maximum number of image members per image. Negative values evaluate to unlimited. The default value is: 128

GlanceInjectMetadataProperties

Metadata properties to be injected in image.

GlanceLogFile

The filepath of the file to use for logging messages from OpenStack Image Storage (glance).

GlanceNetappNfsEnabled

When using GlanceBackend: file, Netapp mounts NFS share for image storage. The default value is: False

GlanceNfsEnabled

When using GlanceBackend: file, mount NFS share for image storage. The default value is: False

GlanceNfsOptions

NFS mount options for image storage when GlanceNfsEnabled is true. The default value is: intr,context=system_u:object_r:glance_var_lib_t:s0

GlanceNfsShare

NFS share to mount for image storage when GlanceNfsEnabled is true.

GlanceNodeStagingUri

URI that specifies the staging location to use when importing images. The default value is: file:///var/lib/glance/staging

GlanceNotifierStrategy

Strategy to use for OpenStack Image Storage (glance) notification queue. The default value is: noop

GlancePassword

The password for the image storage service and database account.

GlanceStagingNfsOptions

NFS mount options for NFS image import staging. The default value is: _netdev,bg,intr,context=system_u:object_r:glance_var_lib_t:s0

GlanceStagingNfsShare

NFS share to mount for image import staging.

GlanceWorkers

Set the number of workers for the image storage service. The default value is equal to the number of CPU cores on the node. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

NetappShareLocation

Netapp share to mount for image storage (when GlanceNetappNfsEnabled is true).

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

Chapter 8. Orchestration (heat) Parameters

ParameterDescription

HeatApiOptEnvVars

List of optional environment variables.

HeatApiOptVolumes

List of optional volumes to be mounted.

HeatAuthEncryptionKey

Auth encryption key for heat-engine.

HeatConvergenceEngine

Enables the heat engine with the convergence architecture. The default value is: True

HeatCorsAllowedOrigin

Indicate whether this resource may be shared with the domain received in the request "origin" header.

HeatCronPurgeDeletedAge

Cron to purge database entries marked as deleted and older than $age - Age. The default value is: 30

HeatCronPurgeDeletedAgeType

Cron to purge database entries marked as deleted and older than $age - Age type. The default value is: days

HeatCronPurgeDeletedDestination

Cron to purge database entries marked as deleted and older than $age - Log destination. The default value is: /dev/null

HeatCronPurgeDeletedEnsure

Cron to purge database entries marked as deleted and older than $age - Ensure. The default value is: present

HeatCronPurgeDeletedHour

Cron to purge database entries marked as deleted and older than $age - Hour. The default value is: 0

HeatCronPurgeDeletedMaxDelay

Cron to purge database entries marked as deleted and older than $age - Max Delay. The default value is: 3600

HeatCronPurgeDeletedMinute

Cron to purge database entries marked as deleted and older than $age - Minute. The default value is: 1

HeatCronPurgeDeletedMonth

Cron to purge database entries marked as deleted and older than $age - Month. The default value is: *

HeatCronPurgeDeletedMonthday

Cron to purge database entries marked as deleted and older than $age - Month Day. The default value is: *

HeatCronPurgeDeletedUser

Cron to purge database entries marked as deleted and older than $age - User. The default value is: heat

HeatCronPurgeDeletedWeekday

Cron to purge database entries marked as deleted and older than $age - Week Day. The default value is: *

HeatEnableDBPurge

Whether to create cron job for purging soft deleted rows in the OpenStack Orchestration (heat) database. The default value is: True

HeatEngineOptEnvVars

List of optional environment variables.

HeatEngineOptVolumes

List of optional volumes to be mounted.

HeatEnginePluginDirs

An array of directories to search for plug-ins.

HeatMaxJsonBodySize

Maximum raw byte size of the OpenStack Orchestration (heat) API JSON request body. The default value is: 4194304

HeatMaxNestedStackDepth

Maximum number of nested stack depth. The default value is: 6

HeatMaxResourcesPerStack

Maximum resources allowed per top-level stack. -1 stands for unlimited. The default value is: 1000

HeatPassword

The password for the Orchestration service and database account.

HeatReauthenticationAuthMethod

Allow reauthentication on token expiry, such that long-running tasks may complete. Note this defeats the expiry of any provided user tokens.

HeatStackDomainAdminPassword

The admin password for the OpenStack Orchestration (heat) domain in OpenStack Identity (keystone).

HeatWorkers

Number of workers for Heat service. The default value is: 0. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

HeatYaqlLimitIterators

The maximum number of elements in collection yaql expressions can take for its evaluation. The default value is: 1000

HeatYaqlMemoryQuota

The maximum size of memory in bytes that yaql exrpessions can take for its evaluation. The default value is: 100000

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

Chapter 9. Dashboard (horizon) Parameters

ParameterDescription

HorizonAllowedHosts

A list of IP/Hostname for the server OpenStack Dashboard (horizon) is running on. Used for header checks. The default value is: *

HorizonCustomizationModule

OpenStack Dashboard (horizon) has a global overrides mechanism available to perform customizations.

HorizonPasswordValidator

Regex for password validation.

HorizonPasswordValidatorHelp

Help text for password validation.

HorizonSecret

Secret key for the webserver.

HorizonSecureCookies

Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in OpenStack Dashboard (horizon). The default value is: False

HorizonVhostExtraParams

For example,ra parameters for OpenStack Dashboard (horizon) vhost configuration. The default value is: {'priority': 10, 'access_log_format': '%a %l %u %t \\"%r\\" %>s %b \\"%%{}{Referer}i\\" \\"%%{}{User-Agent}i\\"', 'options': ['FollowSymLinks', 'MultiViews'], 'add_listen': True}

InternalTLSCAFile

Specifies the default CA cert to use if TLS is used for services in the internal network. The default value is: /etc/ipa/ca.crt

MemcachedIPv6

Enable IPv6 features in Memcached. The default value is: False

WebSSOChoices

Specifies the list of SSO authentication choices to present. Each item is a list of an SSO choice identifier and a display message. The default value is: [['OIDC', 'OpenID Connect']]

WebSSOEnable

Enable support for Web Single Sign-On. The default value is: False

WebSSOIDPMapping

Specifies a mapping from SSO authentication choice to identity provider and protocol. The identity provider and protocol names must match the resources defined in keystone. The default value is: {'OIDC': ['myidp', 'openid']}

WebSSOInitialChoice

The initial authentication choice to select by default. The default value is: OIDC

Chapter 10. Bare Metal (ironic) Parameters

ParameterDescription

AdditionalArchitectures

List of additional architectures to enable.

IPAImageURLs

IPA image URLs, the format should be ["http://path/to/kernel", "http://path/to/ramdisk"].

IronicAutomatedClean

Enables or disables automated cleaning. Disabling automated cleaning might result in security problems and deployment failures on rebuilds. Do not set to False unless you understand the consequences of disabling this feature. The default value is: True

IronicCleaningDiskErase

Type of disk cleaning before and between deployments. full for full cleaning. metadata to clean only disk metadata (partition table). The default value is: full

IronicCleaningNetwork

Name or UUID of the overcloud network used for cleaning bare metal nodes. The default value of provisioning can be left during the initial deployment (when no networks are created yet) and should be changed to an actual UUID in a post-deployment stack update.

IronicConfigureSwiftTempUrlKey

Whether to configure Swift temporary URLs for use with the "direct" and "ansible" deploy interfaces. The default value is: True

IronicCorsAllowedOrigin

Indicate whether this resource may be shared with the domain received in the request "origin" header.

IronicDefaultBootOption

How to boot the bare metal instances. Set to local to use local bootloader (requires grub2 for partition images). Set to netboot to make the instances boot from controllers using PXE/iPXE. The default value is: local

IronicDefaultDeployInterface

Deploy interface implementation to use by default. Leave empty to use the hardware type default.

IronicDefaultInspectInterface

Inspect interface implementation to use by default. Leave empty to use the hardware type default.

IronicDefaultNetworkInterface

Network interface implementation to use by default. Set to flat to use one flat provider network. Set to neutron to make OpenStack Bare Metal (ironic) interact with the OpenStack Networking (neutron) ML2 driver to enable other network types and certain advanced networking features. Requires IronicProvisioningNetwork to be correctly set. The default value is: flat

IronicDefaultRescueInterface

Default rescue implementation to use. The "agent" rescue requires a compatible ramdisk to be used. The default value is: agent

IronicDefaultResourceClass

Default resource class to use for new nodes.

IronicDeployLogsStorageBackend

Backend to use to store ramdisk logs, either "local" or "swift". The default value is: local

IronicEnableStagingDrivers

Whether to enable use of staging drivers. The default value is: False

IronicEnabledBiosInterfaces

Enabled BIOS interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is: ['no-bios']

IronicEnabledBootInterfaces

Enabled boot interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is: ['ipxe', 'pxe']

IronicEnabledConsoleInterfaces

Enabled console interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is: ['ipmitool-socat', 'no-console']

IronicEnabledDeployInterfaces

Enabled deploy interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is: ['iscsi', 'direct']

IronicEnabledHardwareTypes

Enabled OpenStack Bare Metal (ironic) hardware types. The default value is: ['ipmi', 'redfish']

IronicEnabledInspectInterfaces

Enabled inspect interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is: ['no-inspect']

IronicEnabledManagementInterfaces

Enabled management interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is: ['ipmitool', 'noop', 'redfish']

IronicEnabledNetworkInterfaces

Enabled network interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is: ['flat', 'neutron']

IronicEnabledPowerInterfaces

Enabled power interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is: ['ipmitool', 'redfish']

IronicEnabledRaidInterfaces

Enabled RAID interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is: ['no-raid', 'agent']

IronicEnabledRescueInterfaces

Enabled rescue interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is: ['no-rescue', 'agent']

IronicEnabledStorageInterfaces

Enabled storage interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is: ['cinder', 'noop']

IronicEnabledVendorInterfaces

Enabled vendor interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is: ['ipmitool', 'no-vendor']

IronicForcePowerStateDuringSync

Whether to force power state during sync. The default value is: True

IronicIPXEEnabled

Whether to use iPXE instead of PXE for deployment. The default value is: True

IronicIPXEPort

Port to use for serving images when iPXE is used. The default value is: 8088

IronicIPXETimeout

IPXE timeout in second. Set to 0 for infinite timeout. The default value is: 60

IronicImageDownloadSource

Image delivery method for the "direct" deploy interface. Use "swift" for the Object Storage temporary URLs, use "http" for the local HTTP server (the same as for iPXE). The default value is: swift

IronicInspectorCollectors

Comma-separated list of IPA inspection collectors. The default value is: default,logs

IronicInspectorDiscoveryDefaultDriver

The default driver to use for newly discovered nodes (requires IronicInspectorEnableNodeDiscovery set to True). This driver is automatically added to enabled_drivers. The default value is: ipmi

IronicInspectorEnableNodeDiscovery

Makes ironic-inspector enroll any unknown node that PXE-boots introspection ramdisk in OpenStack Bare Metal (ironic). The default driver to use for new nodes is specified by the IronicInspectorDiscoveryDefaultDriver parameter. Introspection rules can also be used to specify it. The default value is: False

IronicInspectorExtraProcessingHooks

Comma-separated list of processing hooks to append to the default list. The default value is: extra_hardware,lldp_basic,local_link_connection

IronicInspectorIPXEEnabled

Whether to use iPXE for inspection. The default value is: True

IronicInspectorInterface

Network interface on which inspection dnsmasq will listen. The default value is: br-ex

IronicInspectorIpRange

Temporary IP range that will be given to nodes during the inspection process. This should not overlap with any range that OpenStack Networking (neutron) DHCP allocates, but it has to be routeable back to ironic-inspector. This option has no meaningful defaults, and thus is required.

IronicInspectorKernelArgs

Kernel args for the OpenStack Bare Metal (ironic) inspector. The default value is: ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 ipa-debug=1

IronicInspectorSubnets

Temporary IP ranges that will be given to nodes during the inspection process. These ranges should not overlap with any range that OpenStack Networking (neutron) DHCP provides, but they need to be routeable back to the ironic-inspector API. This option has no meaningful defaults and is required.

IronicInspectorUseSwift

Whether to use Swift for storing introspection data. The default value is: True

IronicPassword

The password for the Bare Metal service and database account.

IronicProvisioningNetwork

Name or UUID of the overcloud network used for provisioning of bare metal nodes if IronicDefaultNetworkInterface is set to neutron. The default value of provisioning can be left during the initial deployment (when no networks are created yet) and should be changed to an actual UUID in a post-deployment stack update. The default value is: provisioning

IronicRescuingNetwork

Name or UUID of the overcloud network used for resucing of bare metal nodes, if IronicDefaultRescueInterface is not set to "no-rescue". The default value of "provisioning" can be left during the initial deployment (when no networks are created yet) and should be changed to an actual UUID in a post-deployment stack update. The default value is: provisioning

Chapter 11. Identity (keystone) Parameters

ParameterDescription

AdminEmail

The email for the OpenStack Identity (keystone) admin account. The default value is: admin@example.com

AdminPassword

The password for the OpenStack Identity (keystone) admin account.

AdminToken

The OpenStack Identity (keystone) secret and database password.

KeystoneAuthMethods

A list of methods used for authentication.

KeystoneChangePasswordUponFirstUse

Enabling this option requires users to change their password when the user is created, or upon administrative reset.

KeystoneCorsAllowedOrigin

Indicate whether this resource may be shared with the domain received in the request "origin" header.

KeystoneCredential0

The first OpenStack Identity (keystone) credential key. Must be a valid key.

KeystoneCredential1

The second OpenStack Identity (keystone) credential key. Must be a valid key.

KeystoneCronTokenFlushDestination

Cron to purge expired tokens - Log destination. The default value is: /var/log/keystone/keystone-tokenflush.log

KeystoneCronTokenFlushEnsure

Cron to purge expired tokens - Ensure. The default value is: present

KeystoneCronTokenFlushHour

Cron to purge expired tokens - Hour. The default value is: *

KeystoneCronTokenFlushMaxDelay

Cron to purge expired tokens - Max Delay. The default value is: 0

KeystoneCronTokenFlushMinute

Cron to purge expired tokens - Minute. The default value is: 1

KeystoneCronTokenFlushMonth

Cron to purge expired tokens - Month. The default value is: *

KeystoneCronTokenFlushMonthday

Cron to purge expired tokens - Month Day. The default value is: *

KeystoneCronTokenFlushUser

Cron to purge expired tokens - User. The default value is: keystone

KeystoneCronTokenFlushWeekday

Cron to purge expired tokens - Week Day. The default value is: *

KeystoneDisableUserAccountDaysInactive

The maximum number of days a user can go without authenticating before being considered "inactive" and automatically disabled (locked).

KeystoneEnableDBPurge

Whether to create cron job for purging soft deleted rows in OpenStack Identity (keystone) database. The default value is: True

KeystoneEnableMember

Create the member role, useful for undercloud deployment. The default value is: False

KeystoneFederationEnable

Enable support for federated authentication. The default value is: False

KeystoneFernetKeys

Mapping containing OpenStack Identity (keystone) fernet keys and their paths.

KeystoneFernetMaxActiveKeys

The maximum active keys in the OpenStack Identity (keystone) fernet key repository. The default value is: 5

KeystoneLDAPBackendConfigs

Hash containing the configurations for the LDAP backends configured in keystone.

KeystoneLDAPDomainEnable

Trigger to call ldap_backend puppet keystone define. The default value is: False

KeystoneLockoutDuration

The number of seconds a user account will be locked when the maximum number of failed authentication attempts (as specified by KeystoneLockoutFailureAttempts) is exceeded.

KeystoneLockoutFailureAttempts

The maximum number of times that a user can fail to authenticate before the user account is locked for the number of seconds specified by KeystoneLockoutDuration.

KeystoneMinimumPasswordAge

The number of days that a password must be used before the user can change it. This prevents users from changing their passwords immediately in order to wipe out their password history and reuse an old password.

KeystoneNotificationFormat

The OpenStack Identity (keystone) notification format. The default value is: basic

KeystoneNotificationTopics

OpenStack Identity (keystone) notification topics to enable.

KeystoneOpenIdcClientId

The client ID to use when handshaking with your OpenID Connect provider.

KeystoneOpenIdcClientSecret

The client secret to use when handshaking with your OpenID Connect provider.

KeystoneOpenIdcCryptoPassphrase

Passphrase to use when encrypting data for OpenID Connect handshake. The default value is: openstack

KeystoneOpenIdcEnable

Enable support for OpenIDC federation. The default value is: False

KeystoneOpenIdcIdpName

The name associated with the IdP in OpenStack Identity (keystone).

KeystoneOpenIdcProviderMetadataUrl

The url that points to your OpenID Connect provider metadata.

KeystoneOpenIdcRemoteIdAttribute

Attribute to be used to obtain the entity ID of the Identity Provider from the environment. The default value is: HTTP_OIDC_ISS

KeystoneOpenIdcResponseType

Response type to be expected from the OpenID Connect provider. The default value is: id_token

KeystonePasswordExpiresDays

The number of days for which a password will be considered valid before requiring it to be changed.

KeystonePasswordRegex

The regular expression used to validate password strength requirements.

KeystonePasswordRegexDescription

Describe your password regular expression here in language for humans.

KeystoneSSLCertificate

Keystone certificate for verifying token validity.

KeystoneSSLCertificateKey

Keystone key for signing tokens.

KeystoneTokenProvider

The OpenStack Identity (keystone) token format. The default value is: fernet

KeystoneTrustedDashboards

A list of dashboard URLs trusted for single sign-on.

KeystoneUniqueLastPasswordCount

This controls the number of previous user password iterations to keep in history, in order to enforce that newly created passwords are unique.

KeystoneWorkers

Set the number of workers for the OpenStack Identity (keystone) service. The default value is equal to the number of CPU cores on the node. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

ManageKeystoneFernetKeys

Whether director should manage the OpenStack Identity (keystone) fernet keys or not. If set to True, the fernet keys will get the values from the saved keys repository in OpenStack Workflow (mistral) from the KeystoneFernetKeys variable. If set to false, only the stack creation initializes the keys, but subsequent updates will not touch them. The default value is: True

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

TokenExpiration

Set a token expiration time in seconds. The default value is: 3600

Chapter 12. Key Manager (barabican) Parameters

ParameterDescription

ATOSVars

Hash of atos-hsm role variables used to install ATOS client software.

BarbicanDogtagStoreGlobalDefault

Whether this plugin is the global default plugin. The default value is: False

BarbicanDogtagStoreHost

Hostname of the Dogtag server.

BarbicanDogtagStoreNSSPassword

Password for the NSS DB.

BarbicanDogtagStorePEMPath

Path for the PEM file used to authenticate requests. The default value is: /etc/barbican/kra_admin_cert.pem

BarbicanDogtagStorePort

Port for the Dogtag server. The default value is: 8443

BarbicanKmipStoreGlobalDefault

Whether this plugin is the global default plugin. The default value is: False

BarbicanKmipStoreHost

Host for KMIP device.

BarbicanKmipStorePassword

Password to connect to KMIP device.

BarbicanKmipStorePort

Port for KMIP device.

BarbicanKmipStoreUsername

Username to connect to KMIP device.

BarbicanPassword

The password for the OpenStack Key Manager (barbican) service account.

BarbicanPkcs11AlwaysSetCkaSensitive

Always set CKA_SENSITIVE=CK_TRUE. The default value is: True

BarbicanPkcs11CryptoAESGCMGenerateIV

Generate IVs for CKM_AES_GCM encryption mechanism. The default value is: True

BarbicanPkcs11CryptoATOSEnabled

Enable ATOS for PKCS11.

BarbicanPkcs11CryptoEnabled

Enable PKCS11.

BarbicanPkcs11CryptoEncryptionMechanism

Cryptoki Mechanism used for encryption. The default value is: CKM_AES_CBC

BarbicanPkcs11CryptoGlobalDefault

Whether this plugin is the global default plugin. The default value is: False

BarbicanPkcs11CryptoHMACKeyType

Cryptoki Key Type for Master HMAC key. The default value is: CKK_AES

BarbicanPkcs11CryptoHMACKeygenMechanism

Cryptoki Mechanism used to generate Master HMAC Key. The default value is: CKM_AES_KEY_GEN

BarbicanPkcs11CryptoHMACLabel

Label for the HMAC key.

BarbicanPkcs11CryptoLibraryPath

Path to vendor PKCS11 library.

BarbicanPkcs11CryptoLogin

Password to login to PKCS11 session.

BarbicanPkcs11CryptoMKEKLabel

Label for Master KEK.

BarbicanPkcs11CryptoMKEKLength

Length of Master KEK in bytes. The default value is: 256

BarbicanPkcs11CryptoRewrapKeys

Cryptoki Mechanism used to generate Master HMAC Key. The default value is: False

BarbicanPkcs11CryptoSlotId

Slot Id for the HSM. The default value is: 0

BarbicanPkcs11CryptoThalesEnabled

Enable Thales for PKCS11.

BarbicanSimpleCryptoGlobalDefault

Whether this plugin is the global default plugin. The default value is: False

BarbicanSimpleCryptoKek

KEK used to encrypt secrets.

BarbicanWorkers

Set the number of workers for barbican::wsgi::apache. The default value is: %{::processorcount}

DeployIdentifier

Setting this to a unique value will re-run any deployment tasks which perform configuration on a OpenStack Orchestration (heat) stack-update.

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

ThalesHSMNetworkName

The network that the HSM is listening on. The default value is: internal_api

ThalesVars

Hash of thales-hsm role variables used to install Thales client software.

Chapter 13. Shared File Service (manila) Parameters

ParameterDescription

CephClusterName

The Ceph cluster name. The default value is: ceph

ManilaCephClientUserName

Ceph client username for manila integration.

ManilaCephFSCephFSProtocolHelperType

Protocol type (CEPHFS or NFS) when cephfs back end is enabled. Set via manila cephfs environment files. The default value is: CEPHFS

ManilaIPv6

Set to True to enable IPv6 access in manila. The default value is: False

ManilaPassword

The password for the shared file service account.

ManilaWorkers

Set the number of workers for manila::wsgi::apache. The default value is: %{::os_workers}

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

Chapter 14. Messaging Parameters

ParameterDescription

RpcPassword

The password for messaging backend.

RpcPort

The network port for messaging backend. The default value is: 5672

RpcUseSSL

Messaging client subscriber parameter to specify an SSL connection to the messaging host. The default value is: False

RpcUserName

The username for messaging backend. The default value is: guest

Chapter 15. Networking (neutron) Parameters

ParameterDescription

BagpipeApiPort

BGP component API port. The default value is: 8084

BagpipeDataplaneDriverIpVpn

IP VPN dataplane drvier class. The default value is: ovs

BagpipeEnableRtc

Enable Route Target Constraint. The default value is: True

BagpipeMyAs

Private Autonomous System number.

BagpipeOvsBridge

OVS bridge to use. The default value is: br-mpls

BagpipePeers

List of peers' IPs to establish BGP connections.

BgpvpnServiceProvider

Backend to use as a service provider for BGPVPN. The default value is: BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default

ContainerCli

CLI tool used to manage containers. The default value is: podman

DefaultBridgeCluster

Name or UUID of the default NSX bridge cluster that will be used to perform L2 gateway bridging between VXLAN and VLAN networks.

DefaultOverlayTz

Name or UUID of the default NSX overlay transport zone.

DefaultTier0Router

UUID of the default tier0 router that will be used for connecting to tier1 logical routers and configuring external networks.

DefaultVlanTz

Name or UUID of the default NSX VLAN transport zone.

DhcpProfile

This is the name or UUID of the NSX DHCP Profile that will be used to enable native DHCP service.

DhcpRelayService

This is the name or UUID of the NSX relay service that will be used to enable DHCP relay on router ports.

DockerNeutronDHCPAgentUlimit

Ulimit for OpenStack Networking (neutron) DHCP Agent Container. The default value is: ['nofile=16384']

DockerNeutronL3AgentUlimit

Ulimit for OpenStack Networking (neutron) L3 Agent Container. The default value is: ['nofile=16384']

DockerOpenvswitchUlimit

Ulimit for Openvswitch Container. The default value is: ['nofile=16384']

DockerPuppetMountHostPuppet

Whether containerized puppet executions use modules from the baremetal host. Defaults to true. Can be set to false to consume puppet modules from containers directly. The default value is: True

DockerSRIOVUlimit

Ulimit for SR-IOV Container. The default value is: ['nofile=16384']

InternalTLSCAFile

Specifies the default CA cert to use if TLS is used for services in the internal network. The default value is: /etc/ipa/ca.crt

L2gwAgentEnableManager

Connection can be initiated by the ovsdb server. The default value is: False

L2gwAgentManagerTableListeningPort

Port number for L2 gateway agent, so that it can listen. The default value is: 6632

L2gwAgentMaxConnectionRetries

The L2 gateway agent retries to connect to the OVSDB server. The default value is: 10

L2gwAgentOvsdbHosts

L2 gateway agent OVSDB server list.

L2gwAgentPeriodicInterval

The L2 gateway agent checks connection state with the OVSDB servers. The interval is number of seconds between attempts. The default value is: 20

L2gwAgentSocketTimeout

Socket timeout. The default value is: 30

L2gwServiceDefaultDeviceName

Default device name of the L2 gateway. The default value is: Switch1

L2gwServiceDefaultInterfaceName

Default interface name of the L2 gateway. The default value is: FortyGigE1/0/1

L2gwServicePeriodicMonitoringInterval

The periodic interval at which the plugin. The default value is: 5

L2gwServiceProvider

Backend to use as a service provider for L2 Gateway. The default value is: ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default']

L2gwServiceQuotaL2Gateway

Quota of the L2 gateway. The default value is: 5

ML2HostConfigs

ML2 configuration for switches.

MetadataProxy

This is the name or UUID of the NSX Metadata Proxy that will be used to enable native metadata service.

MlnxSDNDomain

SDN server domain. The default value is: cloudx

MlnxSDNPassword

The password for the SDN server.

MlnxSDNUrl

SDN server URL.

MlnxSDNUsername

The username for the SDN server.

NativeDhcpMetadata

This is the flag to indicate if using native DHCP/Metadata or not. The default value is: True

NeutronAgentExtensions

Comma-separated list of extensions enabled for the OpenStack Networking (neutron) agents. The default value is: qos

NeutronAllowL3AgentFailover

Allow automatic l3-agent failover. The default value is: True

NeutronApiOptEnvVars

List of optional environment variables.

NeutronApiOptVolumes

List of optional volumes to be mounted.

NeutronBridgeMappings

The logical to physical bridge mappings to use. The default (datacentre:br-ex) maps br-ex (the external bridge on hosts) to a physical name datacentre, which provider networks can use (for example, the default floating network). If changing this, either use different post-install network scripts or be sure to keep datacentre as a mapping network name.

NeutronDatapathType

Datapath type for ovs bridges.

NeutronDhcpAgentDnsmasqDnsServers

List of servers to use as dnsmasq forwarders.

NeutronDhcpOvsIntegrationBridge

Name of Open vSwitch bridge to use.

NeutronDhcpServerBroadcastReply

OpenStack Networking (neutron) DHCP agent to use broadcast in DHCP replies. The default value is: False

NeutronEnableARPResponder

Enable ARP responder feature in the OVS Agent. The default value is: False

NeutronEnableDVR

Enable Distributed Virtual Router. The default value is: False

NeutronEnableDibblerDockerWrapper

Generate a wrapper script so OpenStack Networking (neutron) launches the dibbler client in a separate container. The default value is: True

NeutronEnableDnsmasqDockerWrapper

Generate a dnsmasq wrapper script so that OpenStack Networking (neutron) launches dnsmasq in a separate container. The default value is: True

NeutronEnableForceMetadata

If True, DHCP always provides metadata route to VM. The default value is: False

NeutronEnableHaproxyDockerWrapper

Generate a wrapper script so OpenStack Networking (neutron) launches haproxy in a separate container. The default value is: True

NeutronEnableInternalDNS

If True, enable the internal OpenStack Networking (neutron) DNS server that provides name resolution between VMs. This parameter has no effect if NeutronDhcpAgentDnsmasqDnsServers is set. The default value is: False

NeutronEnableIsolatedMetadata

If True, DHCP allows metadata support on isolated networks. The default value is: False

NeutronEnableKeepalivedWrapper

Generate a wrapper script so OpenStack Networking (neutron) launches keepalived processes in a separate container. The default value is: True

NeutronEnableL2Pop

Enable/disable the L2 population feature in the OpenStack Networking (neutron) agents. The default value is: False

NeutronEnableMetadataNetwork

If True, DHCP provides metadata network. Requires either NeutronEnableIsolatedMetadata or NeutronEnableForceMetadata parameters to also be True. The default value is: False

NeutronEnableRadvdDockerWrapper

Generate a wrapper script so OpenStack Networking (neutron) launches radvd in a separate container. Note that is currently disabled by default pending availability of a fix to radvd (see https://bugzilla.redhat.com/show_bug.cgi?id=1564391). It will be enabled by default once the fix to radvd is generally available across target distributions. The default value is: False

NeutronExcludeDevices

List of <network_device>:<excluded_devices> mapping network_device to the agent’s node-specific list of virtual functions that should not be used for virtual networking. excluded_devices is a semicolon separated list of virtual functions to exclude from network_device. The network_device in the mapping should appear in the physical_device_mappings list.

NeutronExternalNetworkBridge

Name of bridge used for external network traffic. Usually L2 agent handles port wiring into external bridge, and hence the parameter should be unset.

NeutronFcDriver

Default driver for Flow Classifier. The default value is: dummy

NeutronInterfaceDriver

OpenStack Networking (neutron) DHCP Agent interface driver. The default value is: neutron.agent.linux.interface.OVSInterfaceDriver

NeutronL3AgentMode

Agent mode for L3 agent. Must be legacy or dvr_snat. The default value is: legacy

NeutronMetadataProxySharedSecret

Shared secret to prevent spoofing.

NeutronOVSFirewallDriver

Configure the classname of the firewall driver to use for implementing security groups. Possible values depend on system configuration. Some examples are: noop, openvswitch, iptables_hybrid. The default value of an empty string results in a default supported configuration.

NeutronOVSTunnelCsum

Set or un-set the tunnel header checksum on outgoing IP packet carrying GRE/VXLAN tunnel. The default value is: False

NeutronOvsIntegrationBridge

Name of Open vSwitch bridge to use.

NeutronPassword

The password for the OpenStack Networking (neutron) service and database account.

NeutronPhysicalDevMappings

List of <physical_network>:<physical device> All physical networks listed in network_vlan_ranges on the server should have mappings to appropriate interfaces on each agent. For example,mple "tenant0:ens2f0,tenant1:ens2f1".

NeutronPluginMl2PuppetTags

Puppet resource tag names that are used to generate configuration files with puppet. The default value is: neutron_plugin_ml2

NeutronPluginNsxPuppetTags

Puppet resource tag names that are used to generate configuration files with puppet. The default value is: neutron_plugin_nsx

NeutronPortQuota

Number of ports allowed per tenant, and minus means unlimited. The default value is: 500

NeutronRpcWorkers

Sets the number of RPC workers for the OpenStack Networking (neutron) service. If not specified, it’ll take the value of NeutronWorkers and if this is not specified either, the default value results in the configuration being left unset and a system-dependent default will be chosen (usually 1).

NeutronServiceProviders

Global list of service providers used by neutron. This list should be passed in to ensure all service providers desired by the user are included. The provided default value only set the provider for the LBaaSv2 subsystem.This is currently incompatible with enabling octavia-api as one service or the other will break because the defaults are different. The default value is: LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default

NeutronSfcDriver

Default driver for Service Function Chaining. The default value is: dummy

NeutronSriovAgentExtensions

Comma-separated list of extensions enabled for the OpenStack Networking (neutron) SR-IOV agents.

NeutronSriovNumVFs

Provide the list of VFs to be reserved for each SR-IOV interface. Format ["<interface_name1>:<numvfs1>:<mode>","<interface_name2>:<numvfs2>"] For example,mple ["eth1:4096:switchdev","eth2:128:legacy","eth3:30"].

NeutronTunnelTypes

The tunnel types for the tenant network. The default value is: vxlan

NeutronVhostuserSocketDir

The vhost-user socket directory for OVS.

NeutronWorkers

Sets the number of API and RPC workers for the OpenStack Networking service. The default value is equal to the number of CPU cores on the node. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

NsxApiManagers

IP address of one or more NSX managers separated by commas.

NsxApiPassword

Password of NSX Manager.

NsxApiUser

User name of NSX Manager.

OvsDisableEMC

Disable OVS For example,ct Match Cache. The default value is: False

OvsHwOffload

Enable OVS Hardware Offload. This feature supported from OVS 2.8.0. The default value is: False

PythonInterpreter

The python interpreter to use for python and ansible actions. The default value is: /usr/bin/python

VTSPassword

The password for the VTS server.

VTSPort

Port of the VTS Server. The default value is: 8888

VTSServer

VTS Server IP address.

VTSSiteId

VTS Site Id of the controller.

VTSTimeout

Timeout for VTS server. The default value is: 120

VTSUsername

The username for the VTS server.

VTSVMMID

VMM ID used on VTS.

VhostuserSocketGroup

The vhost-user socket directory group name. Defaults to qemu. When vhostuser mode is dpdkvhostuserclient (which is the default mode), the vhost socket is created by qemu. The default value is: qemu

VhostuserSocketUser

The vhost-user socket directory user name. Defaults to qemu. When vhostuser mode is dpdkvhostuserclient (which is the default mode), the vhost socket is created by qemu. The default value is: qemu

Chapter 16. Compute (nova) Parameters

ParameterDescription

AdminPassword

The password for the keystone admin account, used for monitoring, querying OpenStack Networking (neutron) etc.

ContainerCli

CLI tool used to manage containers. The default value is: podman

ContainerNovaLibvirtUlimit

Ulimit for OpenStack Compute (nova) Libvirt Container. The default value is: ['nofile=131072', 'nproc=126960']

DatabaseSyncTimeout

Database synchronization timeout default. The default value is: 300

DeployIdentifier

Setting this to a unique value will re-run any deployment tasks which perform configuration on a OpenStack Orchestration (heat) stack-update.

DockerNovaComputeUlimit

Ulimit for OpenStack Compute (nova) Compute Container. The default value is: ['nofile=131072', 'memlock=67108864']

DockerNovaMigrationSshdPort

Port that dockerized nova migration target sshd service binds to. The default value is: 2022

EnableConfigPurge

Remove configuration that is not generated by the director. Used to avoid configuration remnants after upgrades. The default value is: False

EnableInstanceHA

Whether to enable an Instance Ha configurarion or not. This setup requires the Compute role to have the PacemakerRemote service added to it. The default value is: False

InstanceNameTemplate

Template string to be used to generate instance names. The default value is: instance-%08x

InternalTLSCAFile

Specifies the default CA cert to use if TLS is used for services in the internal network. The default value is: /etc/ipa/ca.crt

InternalTLSNbdCAFile

Specifies the CA cert to use for NBD TLS. The default value is: /etc/pki/qemu/ca-cert.pem

InternalTLSQemuCAFile

Specifies the CA cert to use for qemu. The default value is: /etc/pki/CA/certs/qemu.pem

InternalTLSVncCAFile

Specifies the CA cert to use for VNC TLS. The default value is: /etc/pki/CA/certs/vnc.crt

IronicPassword

The password for the OpenStack Bare Metal (ironic) service and database account, used by the OpenStack Bare Metal (ironic) services.

LibvirtCACert

This specifies the CA certificate to use for TLS in libvirt. This file will be symlinked to the default CA path in libvirt, which is /etc/pki/CA/cacert.pem. Note that due to limitations GNU TLS, which is the TLS backend for libvirt, the file must be less than 65K (so we can’t use the system’s CA bundle). This parameter should be used if the default (which comes from the InternalTLSCAFile parameter) is not desired. The current default reflects TripleO’s default CA, which is FreeIPA. It will only be used if internal TLS is enabled.

LibvirtEnabledPerfEvents

This is a performance event list which could be used as monitor. For example: cmt,mbml,mbmt. Make sure you are using Red Hat Enterprise Linux 7.4 as the base and libvirt version is 1.3.3 or above. Also ensure you have enabled the notifications and are using hardware with a CPU that supports the cmt flag.

LibvirtNbdCACert

This specifies the CA certificate to use for NBD TLS. This file will be symlinked to the default CA path, which is /etc/pki/libvirt-nbd/ca-cert.pem. This parameter should be used if the default (which comes from the InternalTLSNbdCAFile parameter) is not desired. The current default reflects TripleO’s default CA, which is FreeIPA. It will only be used if internal TLS is enabled.

LibvirtTLSPassword

The password for the libvirt service when TLS is enabled.

LibvirtVncCACert

This specifies the CA certificate to use for VNC TLS. This file will be symlinked to the default CA path, which is /etc/pki/libvirt-vnc/ca-cert.pem. This parameter should be used if the default (which comes from the InternalTLSVncCAFile parameter) is not desired. The current default reflects TripleO’s default CA, which is FreeIPA. It will only be used if internal TLS is enabled.

MetadataNATRule

When true we create the NAT rule for the metadata service. The default value is: False

MigrationSshKey

SSH key for migration. For example,ects a dictionary with keys public_key and private_key. Values should be identical to SSH public/private key files. The default value is: {'public_key': '', 'private_key': ''}

MigrationSshPort

Target port for migration over ssh. The default value is: 2022

MysqlIPv6

Enable IPv6 in MySQL. The default value is: False

NeutronMechanismDrivers

The mechanism drivers for the OpenStack Networking (neutron) tenant network. The default value is: ovn

NeutronMetadataProxySharedSecret

Shared secret to prevent spoofing.

NeutronPhysnetNUMANodesMapping

Map of phynet name as key and NUMA nodes as value. For example: NeutronPhysnetNUMANodesMapping: {'foo': [0, 1], 'bar': [1]} where foo and bar are physnet names and corresponding values are list of associated numa_nodes.

NeutronTunnelNUMANodes

Used to configure NUMA affinity for all tunneled networks.

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

NovaAdditionalCell

Whether this is an cell additional to the default cell. The default value is: False

NovaAutoDisabling

Max number of consecutive build failures before the nova-compute will disable itself. The default value is: 10

NovaComputeAvailabilityZone

The availability zone where new OpenStack Compute (nova) compute nodes will be added. If the zone does not already exist, it will be created.

NovaComputeCpuSharedSet

A list or range of physical CPU cores will be used for best-effort guest vCPU resources (e.g. emulator threads in libvirt/QEMU). For example, NovaComputeCpuSharedSet: [4-12,^8,15] will reserve cores from 4-12 and 15, excluding 8.

NovaComputeEnableKsm

Whether to enable KSM on compute nodes or not. Especially in NFV use case one wants to keep it disabled. The default value is: False

NovaComputeLibvirtType

Libvirt domain type. Defaults to kvm.

NovaComputeLibvirtVifDriver

Libvirt VIF driver configuration for the network.

NovaComputeOptEnvVars

List of optional environment variables.

NovaComputeOptVolumes

List of optional volumes.

NovaCronArchiveDeleteRowsDestination

Cron to move deleted instances to another table - Log destination. The default value is: /var/log/nova/nova-rowsflush.log

NovaCronArchiveDeleteRowsHour

Cron to move deleted instances to another table - Hour. The default value is: 0

NovaCronArchiveDeleteRowsMaxRows

Cron to move deleted instances to another table - Max Rows. The default value is: 100

NovaCronArchiveDeleteRowsMinute

Cron to move deleted instances to another table - Minute. The default value is: 1

NovaCronArchiveDeleteRowsMonth

Cron to move deleted instances to another table - Month. The default value is: *

NovaCronArchiveDeleteRowsMonthday

Cron to move deleted instances to another table - Month Day. The default value is: *

NovaCronArchiveDeleteRowsPurge

Purge shadow tables immediately after scheduled archiving. The default value is: False

NovaCronArchiveDeleteRowsUntilComplete

Cron to move deleted instances to another table - Until complete. The default value is: True

NovaCronArchiveDeleteRowsUser

Cron to move deleted instances to another table - User. The default value is: nova

NovaCronArchiveDeleteRowsWeekday

Cron to move deleted instances to another table - Week Day. The default value is: *

NovaCronDBArchivedHour

Cron to move deleted instances to another table that doesn’t need backup - Hour. The default value is: 0

NovaCronDBArchivedMaxDelay

Cron to move deleted instances to another table that doesn’t need backup - Max Delay. The default value is: 3600

NovaCronDBArchivedMinute

Cron to move deleted instances to another table that doesn’t need backup - Minute. The default value is: 1

NovaCronDBArchivedMonth

Cron to move deleted instances to another table that doesn’t need backup - Month. The default value is: *

NovaCronDBArchivedMonthday

Cron to move deleted instances to another table that doesn’t need backup - Month Day. The default value is: *

NovaCronDBArchivedWeekday

Cron to move deleted instances to another table that doesn’t need backup - Week Day. The default value is: *

NovaCronPurgeShadowTablesAge

Cron to purge shadow tables - Age This will define the retention policy when purging the shadow tables in days. 0 means, purge data older than today in shadow tables. The default value is: 14

NovaCronPurgeShadowTablesAllCells

Cron to purge shadow tables - All cells. The default value is: False

NovaCronPurgeShadowTablesDestination

Cron to purge shadow tables - Log destination. The default value is: /var/log/nova/nova-rowspurge.log

NovaCronPurgeShadowTablesHour

Cron to purge shadow tables - Hour. The default value is: 5

NovaCronPurgeShadowTablesMinute

Cron to purge shadow tables - Minute. The default value is: 0

NovaCronPurgeShadowTablesMonth

Cron to purge shadow tables - Month. The default value is: *

NovaCronPurgeShadowTablesMonthday

Cron to purge shadow tables - Month Day. The default value is: *

NovaCronPurgeShadowTablesUser

Cron to purge shadow tables - User. The default value is: nova

NovaCronPurgeShadowTablesVerbose

Cron to purge shadow tables - Verbose. The default value is: False

NovaCronPurgeShadowTablesWeekday

Cron to purge shadow tables - Week Day. The default value is: *

NovaDbSyncTimeout

Timeout for OpenStack Compute (nova) database synchronization in seconds. The default value is: 300

NovaDefaultFloatingPool

Default pool for floating IP addresses. The default value is: public

NovaEnableDBArchive

Whether to create cron job for archiving soft deleted rows in OpenStack Compute (nova) database. The default value is: True

NovaEnableDBPurge

Whether to create cron job for purging soft deleted rows in OpenStack Compute (nova) database. The default value is: True

NovaEnableNUMALiveMigration

Whether to enable or not the live migration for NUMA topology instances. The default value is: False

NovaHWMachineType

To specify a default machine type per host architecture. The default value is: x86_64=pc-i440fx-rhel7.6.0,aarch64=virt-rhel7.6.0,ppc64=pseries-rhel7.6.0,ppc64le=pseries-rhel7.6.0

NovaIPv6

Enable IPv6 features for OpenStack Compute (nova). The default is: false

NovaLibvirtFileBackedMemory

Available capacity in MiB for file-backed memory. The default value is: 0

NovaLibvirtNumPciePorts

Set num_pcie_ports to specify the number of PCIe ports an instance will get. Libvirt allows a custom number of PCIe ports (pcie-root-port controllers) a target instance will get. Some will be used by default, rest will be available for hotplug use. The default value is: 16

NovaLibvirtRxQueueSize

Virtio-net RX queue size. Valid values are 256, 512, 1024. The default value is: 512

NovaLibvirtTxQueueSize

Virtio-net TX queue size. Valid values are 256, 512, 1024. The default value is: 512

NovaLibvirtVolumeUseMultipath

Whether to enable or not the multipath connection of the volumes. The default value is: False

NovaLiveMigrationWaitForVIFPlug

Whether to wait for network-vif-plugged events before starting guest transfer. The default value is: True

NovaNfsEnabled

Whether to enable or not the NFS backend for OpenStack Compute (nova). The default value is: False

NovaNfsOptions

NFS mount options for nova storage (when NovaNfsEnabled is true). The default value is: context=system_u:object_r:nfs_t:s0

NovaNfsShare

NFS share to mount for nova storage (when NovaNfsEnabled is true).

NovaNfsVersion

NFS version used for nova storage (when NovaNfsEnabled is true). Since NFSv3 does not support full locking a NFSv4 version need to be used. To not break current installations the default is the previous hard coded version 4. The default value is: 4

NovaOVSBridge

Name of integration bridge used by Open vSwitch. The default value is: br-int

NovaOVSDBConnection

OVS DB connection string to used by OpenStack Compute (nova).

NovaPCIPassthrough

YAML list of PCI passthrough whitelist parameters.

NovaPassword

The password for the OpenStack Compute (nova) service and database account.

NovaPlacementAPIInterface

Endpoint interface to be used for the placement API. The default value is: internal

NovaReservedHostMemory

Reserved RAM for host processes. The default value is: 4096

NovaResumeGuestsShutdownTimeout

Number of seconds we’re willing to wait for a guest to shut down. If this is 0, then there is no time out (use with caution, as guests might not respond to a shutdown request). The default value is 300 seconds (5 minutes). The default value is: 300

NovaResumeGuestsStateOnHostBoot

Whether to start running instance on compute host reboot. The default value is: False

NovaSchedulerAvailableFilters

List of available filters for OpenStack Compute (nova) to use to filter nodes.

NovaSchedulerDefaultFilters

An array of filters OpenStack Compute (nova) uses to filter a node. OpenStack Compute applies these filters in the order they are listed. Place your most restrictive filters first to make the filtering process more efficient.

NovaSchedulerDiscoverHostsInCellsInterval

This value controls how often (in seconds) the scheduler should attempt to discover new hosts that have been added to cells. The default value of -1 disables the periodic task completely. It is recommended to set this parameter for deployments using OpenStack Bare Metal (ironic). The default value is: -1

NovaSchedulerMaxAttempts

Maximum number of attempts the scheduler will make when deploying the instance. You should keep it greater or equal to the number of bare metal nodes you expect to deploy at once to work around potential race conditions when scheduling. The default value is: 3

NovaSchedulerWorkers

Number of workers for OpenStack Compute (nova) Scheduler services. The default value is: 0

NovaSyncPowerStateInterval

Interval to sync power states between the database and the hypervisor. Set to -1 to disable. Setting this to 0 will run at the default rate. The default value is: 0

NovaVcpuPinSet

A list or range of physical CPU cores to reserve for virtual machine processes. For example, NovaVcpuPinSet: [4-12,^8] reserves cores from 4-12 excluding 8.

NovaWorkers

Number of workers for the Compute’s Conductor service. The default value is: 0. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption.

NovajoinIpaOtp

The OTP to use to enroll to FreeIPA.

NovajoinPassword

The password for the Novajoin service account.

NovajoinVendordataTimeout

The timeout for both the vendordata dynamic connect and read values. The default value is: 30

QemuCACert

This specifies the CA certificate to use for qemu. This file will be symlinked to the default CA path, which is /etc/pki/qemu/ca-cert.pem. This parameter should be used if the default (which comes from the InternalTLSQemuCAFile parameter) is not desired. The current default reflects TripleO’s default CA, which is FreeIPA. It will only be used if internal TLS is enabled.

QemuMemoryBackingDir

Directory used for memoryBacking source if configured as file. NOTE: big files will be stored here.

RootStackName

The name of the stack/plan.

StackUpdateType

Type of update, to differentiate between UPGRADE and UPDATE cases when StackAction is UPDATE (both are the same stack action).

UpgradeLevelNovaCompute

OpenStack Compute upgrade level. The default value is: auto

UseTLSTransportForNbd

If set to true and if EnableInternalTLS is enabled, it will enable TLS transport for libvirt NBD and configure the relevant keys for libvirt. The default value is: True

UseTLSTransportForVnc

If set to true and if EnableInternalTLS is enabled, it will enable TLS transport for libvirt VNC and configure the relevant keys for libvirt. The default value is: True

VerifyGlanceSignatures

Whether to verify image signatures. The default value is: False

VhostuserSocketGroup

The vhost-user socket directory group name. Defaults to qemu. When vhostuser mode is dpdkvhostuserclient (which is the default mode), the vhost socket is created by qemu. The default value is: qemu

Chapter 17. Clustering (sahara) Parameters

ParameterDescription

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

NtpServer

NTP servers list. Defaulted to a set of pool.ntp.org servers in order to have a sane default for Pacemaker deployments when not configuring this parameter by default. The default value is: ['0.pool.ntp.org', '1.pool.ntp.org', '2.pool.ntp.org', '3.pool.ntp.org']

SaharaPassword

The password for the clusting service and database account.

SaharaPlugins

Clustering enabled plugin list. The default value is: ['ambari', 'cdh', 'mapr', 'vanilla', 'spark', 'storm']

SaharaWorkers

Set the number of workers for the clustering service. The default value is: 0. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

Chapter 18. Object Storage (swift) Parameters

ParameterDescription

ControllerEnableSwiftStorage

Whether to enable object storage on Controller nodes. The default value is: True

DeployIdentifier

Setting this to a unique value will re-run any deployment tasks which perform configuration on a OpenStack Orchestration (heat) stack-update.

SwiftAccountWorkers

Number of workers for Swift account service. The default value is: 0

SwiftCeilometerIgnoreProjects

Comma-separated list of project names to ignore. The default value is: ['service']

SwiftCeilometerPipelineEnabled

Set to False to disable the object storage proxy ceilometer pipeline. The default value is: True

SwiftContainerSharderEnabled

Set to True to enable Swift container sharder service. The default value is: False

SwiftContainerWorkers

Number of workers for Swift account service. The default value is: 0

SwiftCorsAllowedOrigin

Indicate whether this resource may be shared with the domain received in the request "origin" header.

SwiftEncryptionEnabled

Set to True to enable data-at-rest encryption in Swift. The default value is: False

SwiftHashSuffix

A random string to be used as a salt when hashing to determine mappings in the ring.

SwiftMinPartHours

The minimum time (in hours) before a partition in a ring can be moved following a rebalance. The default value is: 1

SwiftMountCheck

Check if the devices are mounted to prevent accidentally writing to the root device. The default value is: False

SwiftObjectWorkers

Number of workers for Swift account service. The default value is: 0

SwiftPartPower

Partition power to use when building object storage rings. The default value is: 10

SwiftPassword

The password for the object storage service account.

SwiftProxyNodeTimeout

Timeout for requests going from swift-proxy to account, container, and object services. The default value is: 60

SwiftRawDisks

Additional raw devices to use for the object storage backend. For example: {sdb: {}}

SwiftReplicas

Number of replicas to use in the object storage rings. The default value is: 3

SwiftRingBuild

Whether to manage object storage rings or not. The default value is: True

SwiftRingGetTempurl

A temporary Swift URL to download rings from.

SwiftRingPutTempurl

A temporary Swift URL to upload rings to.

SwiftUseLocalDir

Use a local directory for object storage services when building rings. The default value is: True

SwiftWorkers

Number of workers for object storage service. The default value is: 0. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

Chapter 19. Telemetry Parameters

ParameterDescription

AmqpNotifyAddressPrefix

Address prefix for Notification addresses.

AmqpRpcAddressPrefix

Address prefix for RPC addresses.

AodhPassword

The password for the OpenStack Telemetry Alarming (aodh) services.

CeilometerEnablePanko

Check if panko need to be enabled or not. The default value is: True

CeilometerMeteringSecret

Secret shared by the Telemetry services.

CeilometerPassword

The password for the Telemetry service account.

CeilometerQdrPublish

Whether to send telemetry data to Qdr. The default value is: False

CephClusterName

The Ceph cluster name. The default value is: ceph

GnocchiArchivePolicy

(DEPRECATED) archive policy to use with OpenStack Telemetry Metrics (gnocchi) backend. The default value is: ceilometer-low-rate

GnocchiBackend

The short name of the OpenStack Telemetry Metrics (gnocchi) backend to use. Should be one of swift, rbd, or file. The default value is: swift

GnocchiCorsAllowedOrigin

Indicate whether this resource may be shared with the domain received in the request "origin" header.

GnocchiExternalProject

Project name of resources creator in OpenStack Telemetry Metrics (gnocchi). The default value is: service

GnocchiFileBasePath

Path to use when file driver is used. This could be NFS or a flat file. The default value is: /var/lib/gnocchi

GnocchiIncomingStorageDriver

Storage driver to use for incoming metric data. The default value is: redis

GnocchiIndexerBackend

The short name of the OpenStack Telemetry Metrics (gnocchi) indexer backend to use. The default value is: mysql

GnocchiMetricdWorkers

Number of workers for OpenStack Telemetry Metrics (gnocchi). The default value is equal to the number of CPU cores on the node. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts.

GnocchiPassword

The password for the OpenStack Telemetry Metrics (gnocchi) service and database account.

GnocchiStorageS3AccessKeyId

S3 storage access key Id.

GnocchiStorageS3AccessSecret

S3 storage access key secret.

GnocchiStorageS3BucketPrefix

S3 storage bucket prefix.

GnocchiStorageS3Endpoint

The endpoint url for S3 storage.

GnocchiStorageS3RegionName

S3 Region name.

GnocchiStorageSwiftEndpointType

Set to modify which endpoint type is OpenStack Telemetry Metrics (gnocchi) accessing swift from. The default value is: internalURL

ManageEventPipeline

Whether to manage event_pipeline.yaml. The default value is: True

ManagePipeline

Whether to manage pipeline.yaml. The default value is: False

ManagePolling

Whether to manage polling.yaml. The default value is: False

MetricProcessingDelay

Delay between processing metrics. The default value is: 30

MetricsQdrPort

Service name or port number on which the qdrouterd will accept connections. This argument must be string, even if the numeric form is used. The default value is: 5666

NotificationDriver

Driver or drivers to handle sending notifications. The default value is: messagingv2

NumberOfStorageSacks

Number of storage sacks to create. The default value is: 128

PipelinePublishers

A list of publishers to put in pipeline.yaml. When the collector is used, override this with notifier:// publisher. Set ManagePipeline to true for override to take effect. The default value is: ['gnocchi://?filter_project=service&archive_policy=low']

SnmpdReadonlyUserName

The user name for SNMPd with readonly rights running on all Overcloud nodes. The default value is: ro_snmp_user

SnmpdReadonlyUserPassword

The user password for SNMPd with readonly rights running on all Overcloud nodes.

Chapter 20. Time Parameters

ParameterDescription

EnablePackageInstall

Set to true to enable package installation at deploy time. The default value is: false

MaxPoll

Specify maximum poll interval of upstream servers for NTP messages, in seconds to the power of two. Allowed values are 4 to 17. The default value is: 10

MinPoll

Specify minimum poll interval of upstream servers for NTP messages, in seconds to the power of two. The minimum poll interval defaults to 6 (64 s). Allowed values are 4 to 17. The default value is: 6

NtpIburstEnable

Specifies whether to enable the iburst option for every NTP peer. If iburst is enabled, when the NTP server is unreachable NTP will send a burst of eight packages instead of one. This is designed to speed up the initial syncrhonization. The default value is: True

NtpServer

NTP servers list. The default value is: ['pool.ntp.org']

PtpInterface

PTP interface name. The default value is: nic1

PtpMessageTransport

Configure PTP message transport protocol. The default value is: UDPv4

PtpSlaveMode

Configure PTP clock in slave mode. The default value is: 1

TimeZone

The timezone to be set on the overcloud. The default value is: UTC