Overcloud Parameters
Parameters for customizing the core template collection for a Red Hat OpenStack Platform overcloud
OpenStack Documentation Team
rhos-docs@redhat.comAbstract
About this guide
This guide is automatically generated from comments embedded in the upstream OpenStack source code. Therefore, not all of the parameters listed in this guide are supported in a production environment. To locate information about actual supported parameters, see the relevant guide that describes your supported use-case.
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Chapter 1. Overcloud Parameters
You can modify overcloud features with overcloud parameters. To set a parameter, include the chosen parameter and its value in an environment file under the parameter_defaults section and include the environment file with your openstack overcloud deploy command.
Chapter 2. Core Overcloud Parameters
You can modify general overcloud configuration with the core overcloud parameters.
| Parameter | Description |
|---|---|
|
|
Set to true to append per network VIPs to |
|
| The password for the keystone admin account, used for monitoring, querying OpenStack Networking (neutron) etc. |
|
| The ovs_options or bonding_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb for OVS bonds or like mode=4 for Linux bonds using this option. |
|
|
The DNS domain used for the hosts. This must match the overcloud_domain_name configured on the undercloud. The default value is |
|
|
The DNS name of this cloud. The default value is |
|
|
The DNS name of this cloud’s control plane endpoint. The default value is |
|
|
The DNS name of this cloud’s internal API endpoint. The default value is |
|
|
The DNS name of this cloud’s storage endpoint. For example, ci-overcloud.storage.tripleo.org. The default value is |
|
|
The DNS name of this cloud’s storage management endpoint. The default value is |
|
|
Defines a fixed VIP for the Control Plane. Value uses the following format: |
|
|
The name of the undercloud OpenStack Networking (neutron) control plane subnet. The default value is |
|
|
The subnet CIDR of the control plane network. The parameter is automatically resolved from the |
|
| Defines the IP addresses and subnet CIDRs that correspond to each overcloud node. |
|
|
Setting this to a unique value will re-run any deployment tasks that perform configuration on a OpenStack Orchestration (heat) |
|
| List of server hostnames to blocklist from any triggered deployments. |
|
| A list of DNS search domains to be added (in order) to resolv.conf. |
|
| DNS servers to use for the Overcloud (2 max for some implementations). If not set the nameservers configured in the ctlplane subnet’s dns_nameservers attribute will be used. |
|
| Can be used to override the calcluated EndpointMap. |
|
| Control the IP allocation for the ExternalVirtualInterface port. For example, [{ip_address:'1.2.3.4'}]. |
|
| Additional hiera configuration to inject into the cluster. |
|
| List of extra hosts entries to be appended to /etc/hosts. |
|
| Map of extra global_config_settings data to set on each node. |
|
|
An Open vSwitch bridge to create on each hypervisor. This defaults to |
|
|
What interface to add to the |
|
|
Control the IP allocation for the InternalApiVirtualInterface port. Value uses the following format: |
|
|
OpenStack Identity (keystone) region for endpoint. The default value is |
|
|
Configures |
|
|
NetworkConfig with ansible flag. The default value is |
|
|
ID or name for Control Plane ctlplane network. The default value is |
|
|
An OVS bridge to create for accessing external networks. The default value is |
|
|
The interface to attach to the external bridge. The default value is |
|
|
Maximum batch size for creating nodes. It is recommended to not exceed a batch size of 32 nodes. The default value is |
|
|
Whether this is an cell additional to the default cell. The default value is |
|
|
Indicates that the nova-metadata API service has been deployed per-cell, so that we can have better performance and data isolation in a multi-cell deployment. Users should consider the use of this configuration depending on how OpenStack Networking (neutron) is setup. If networks span cells, you might need to run nova-metadata API service globally. If your networks are segmented along cell boundaries, then you can run nova-metadata API service per cell. When running nova-metadata API service per cell, you should also configure each OpenStack Networking (neutron) metadata-agent to point to the corresponding nova-metadata API service. The default value is |
|
|
Control the IP allocation for the PublicVirtualInterface port. Value uses the following format: |
|
|
Salt for the RabbitMQ cookie. Change to force the randomly generated RabbitMQ cookie to change. The default value is |
|
| The name of the stack/plan. |
|
| Extra properties or metadata passed to OpenStack Compute (nova) for the created nodes in the overcloud. Accessible through the OpenStack Compute (nova) metadata API. |
|
|
Control the IP allocation for the StorageMgmgVirtualInterface port. Value uses the following format: |
|
|
Control the IP allocation for the StorageVirtualInterface port. Value uses the following format: |
|
| List of undercloud hosts entries to be appended to /etc/hosts. The value is populated with the HEAT_HOSTS entries on the undercloud by tripleoclient when running deploy. |
|
|
Set to a previously unused value during |
Chapter 3. Role-Based Parameters
You can modify the bevavior of specific overcloud composable roles with overcloud role-based parameters. Substitute _ROLE_ with the name of the role. For example, for _ROLE_Count use ControllerCount.
| Parameter | Description |
|---|---|
|
|
Sets the |
|
|
Name of the subnet on ctlplane network for this role. The default value is |
|
|
The number of nodes to deploy in a role. The default value is |
|
| Role specific additional hiera configuration to inject into the cluster. |
|
| Optional extra Ansible group vars. |
|
|
Format for node hostnames. Note that |
|
|
MTU to use for the Undercloud local_interface. The default value is |
|
|
Sets the |
|
| Custom JSON data to be used to override the os-net-config config. This is meant to be used by net_config_override parameter in tripleoclient to provide an easy means to pass in custom net configs for the Undercloud. |
|
| ROLE NetworkConfig Template. |
|
|
When set to "True", existing networks will be updated on the overcloud. This parameter replaces the functionality previously provided by NetworkDeploymentActions. Defaults to "False" so that only new nodes will have their networks configured. This is a role based parameter. The default value is |
|
| Optional Role Specific parameters to be provided to service. |
|
|
List of resources to be removed from the role’s |
|
|
How to handle change to RemovalPolicies for ROLE ResourceGroup when doing an update. Default mode append will append to the existing blocklist and update would replace the blocklist. The default value is |
|
| Optional scheduler hints to pass to OpenStack Compute (nova). |
|
| Role specific ServiceNetMap overrides, the map provided will be merged with the global ServiceNetMap when passing the ServiceNetMap to the ROLE_ServiceChain resource and the _ROLE resource group. For example: _ROLE_ServiceNetMap: NovaLibvirtNetwork: internal_api_leaf2. |
|
| A list of service resources (configured in the OpenStack Orchestration (heat) resource_registry) which represent nested stacks for each service that should get installed on the ROLE role. |
Chapter 4. Debug Parameters
These parameters allow you to set debug mode on a per-service basis. The Debug parameter acts as a global parameter for all services and the per-service parameters can override the effects of global parameter on individual services.
| Parameter | Description |
|---|---|
|
|
Set to True to enable debugging OpenStack Key Manager (barbican) service. The default value is |
|
|
Set to True to enable debugging on OpenStack Block Storage (cinder) services. The default value is |
|
|
Whether to run configuration management (e.g. Puppet) in debug mode. The default value is |
|
|
Set to True to enable debugging on all services. The default value is |
|
|
Set to True to enable debugging Designate services. The default value is |
|
|
Set to True to enable debugging OpenStack Image Storage (glance) service. The default value is |
|
|
Set to True to enable debugging OpenStack Orchestration (heat) services. The default value is |
|
|
Set to True to enable debugging OpenStack Dashboard (horizon) service. The default value is |
|
|
Set to True to enable debugging OpenStack Bare Metal (ironic) services. The default value is |
|
|
Set to True to enable debugging OpenStack Identity (keystone) service. The default value is |
|
|
Set to True to enable debugging OpenStack Shared File Systems (manila) services. The default value is |
|
|
Set to True to enable debugging Memcached service. The default value is |
|
|
Set to True to enable debugging OpenStack Networking (neutron) services. The default value is |
|
|
Set to True to enable debugging OpenStack Compute (nova) services. The default value is |
|
|
Set to True to enable debugging OpenStack Load Balancing-as-a-Service (octavia) services. The default value is |
Chapter 5. Kernel Parameters
You can modify the kernel behaviour with kernel parameters.
| Parameter | Description |
|---|---|
|
|
Configures sysctl net.bridge.bridge-nf-call-arptables key. The default value is |
|
|
Configures sysctl net.bridge.bridge-nf-call-ip6tables key. The default value is |
|
|
Configures sysctl net.bridge.bridge-nf-call-iptables key. The default value is |
|
| Hash of extra kernel modules to load. |
|
| List of extra kernel related packages to install. |
|
| Hash of extra sysctl settings to apply. |
|
|
The kernel allocates aio memory on demand, and this number limits the number of parallel aio requests; the only drawback of a larger limit is that a malicious guest could issue parallel requests to cause the kernel to set aside memory. Set this number at least as large as 128 * (number of virtual disks on the host) Libvirt uses a default of 1M requests to allow 8k disks, with at most 64M of kernel memory if all disks hit an aio request at the same time. The default value is |
|
|
Configures sysctl fs.inotify.max_user_instances key. The default value is |
|
|
Configures sysctl fs.inotify.max_user_instances key. The default value is |
|
|
Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys. The default value is |
|
|
Configures net.ipv4.ip_forward key. The default value is |
|
|
Configures net.ipv{4,6}.ip_nonlocal_bind key. The default value is |
|
|
Configures the net.ipv4.conf.all.rp_filter key. The default value is |
|
|
Configures the net.ipv6.conf.all.forwarding key. The default value is |
|
|
Configures sysctl kernel.pid_max key. The default value is |
|
|
Configures sysctl net.ipv4.neigh.default.gc_thresh1 value. This is the minimum number of entries to keep in the ARP cache. The garbage collector will not run if there are fewer than this number of entries in the cache. The default value is |
|
|
Configures sysctl net.ipv4.neigh.default.gc_thresh2 value. This is the soft maximum number of entries to keep in the ARP cache. The garbage collector will allow the number of entries to exceed this for 5 seconds before collection will be performed. The default value is |
|
|
Configures sysctl net.ipv4.neigh.default.gc_thresh3 value. This is the hard maximum number of entries to keep in the ARP cache. The garbage collector will always run if there are more than this number of entries in the cache. The default value is |
Chapter 6. DNS-as-a-service (designate) parameters
You can modify the designate service with DNS parameters.
| Parameter | Description |
|---|---|
|
|
Set to true to enable logging of queries on BIND. The default value is |
|
| Configure email address to be set in zone SOAs. Leaving unset results in service defaults being used. |
|
|
Configure the base port for the MiniDNS proxy endpoints on the external/public access network. The default value is |
|
|
Configure the minimum allowable TTL in seconds. The default value is 0 which leaves the parameter unset. The default value is |
|
|
Number of workers for Designate services. The default value is |
|
| A list of CIDRs allowed to make queries through Unbound. Example, [192.0.2.0/24, 198.51.100.0/24]. |
|
|
When false, Unbound will not attempt to recursively resolve the request. It will only answer for queries using local information. The default value is |
|
|
Set to false to disable configuring neutron using the deployed unbound server as the default resolver. The default value is |
|
|
When true, if the forwarded query receives a SERVFAIL, Unbound will process the request as a standard recursive resolution. The default value is |
|
| A list of DNS resolver IP addresses, with optional port, that Unbound will forward resolution requests to if Unbound does not have the answer. Example, [192.0.2.10, 192.0.2.20@53]. |
|
|
If true, Unbound will log the query requests. The default value is |
|
|
When true, Unbound will block certain queries that could have security implications to the Unbound service. The default value is |
Chapter 7. Bare Metal (ironic) Parameters
You can modify the ironic service with bare metal parameters.
| Parameter | Description |
|---|---|
|
| List of additional architectures to enable. |
|
| Override the private key size used when creating the certificate for this service. |
|
|
The timeout in seconds for Apache, which defines duration Apache waits for I/O operations. The default value is |
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
|
Set to true to enable the SQLAlchemy-collectd server plugin. The default value is |
|
| IPA image URLs, the format should be ["http://path/to/kernel", "http://path/to/ramdisk"]. |
|
|
Enables or disables automated cleaning. Disabling automated cleaning might result in security problems and deployment failures on rebuilds. Do not set to |
|
|
Type of disk cleaning before and between deployments. |
|
|
Name or UUID of the overcloud network used for cleaning bare metal nodes. Set to |
|
| The name of an OpenStack Bare Metal (ironic) Conductor Group. |
|
|
Whether to configure Swift temporary URLs for use with the "direct" and "ansible" deploy interfaces. The default value is |
|
| Indicate whether this resource may be shared with the domain received in the request "origin" header. |
|
| Boot interface implementation to use by default. Leave empty to set none. This may not work if a hardware type does not support the set boot interface. This overrides create-time defaults. The ordered union of the enabled boot interfaces and hardware type determines, under normal circumstances, what the default will be. |
|
|
Default boot mode to use when no boot mode is explicitly requested in node’s driver_info, capabilities or in the "instance_info" configuration. One of bios or uefi. The default value is |
|
|
How to boot the bare metal instances. Set to |
|
| Deploy interface implementation to use by default. Leave empty to use the hardware type default. |
|
| Inspect interface implementation to use by default. Leave empty to use the hardware type default. |
|
|
Network interface implementation to use by default. Set to |
|
|
Default rescue implementation to use. The "agent" rescue requires a compatible ramdisk to be used. The default value is |
|
| Default resource class to use for new nodes. |
|
|
Backend to use to store ramdisk logs, either "local" or "swift". The default value is |
|
|
Number of IPv6 addresses to allocate for ports created for provisioning, cleaning, rescue or inspection on DHCPv6-stateful networks. Different stages of the chain-loading process will request addresses with different CLID/IAID. Due to non- identical identifiers multiple addresses must be reserved for the host to ensure each step of the boot process can successfully lease addresses. The default value is |
|
|
Enabled BIOS interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled boot interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled console interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled deploy interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled OpenStack Bare Metal (ironic) hardware types. The default value is |
|
|
Enabled inspect interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled management interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled network interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled power interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled RAID interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled rescue interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled storage interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Enabled vendor interface implementations. Each hardware type must have at least one valid implementation enabled. The default value is |
|
|
Whether to enable use of staging drivers. The default value is |
|
|
Whether to force power state during sync. The default value is |
|
|
Image delivery method for the "direct" deploy interface. Use "swift" for the Object Storage temporary URLs, use "http" for the local HTTP server (the same as for iPXE). The default value is |
|
|
Comma-separated list of IPA inspection collectors. The default value is |
|
|
The default driver to use for newly discovered nodes (requires IronicInspectorEnableNodeDiscovery set to True). This driver is automatically added to enabled_drivers. The default value is |
|
|
Makes ironic-inspector enroll any unknown node that PXE-boots introspection ramdisk in OpenStack Bare Metal (ironic). The default driver to use for new nodes is specified by the IronicInspectorDiscoveryDefaultDriver parameter. Introspection rules can also be used to specify it. The default value is |
|
|
Comma-separated list of processing hooks to append to the default list. The default value is |
|
|
Network interface on which inspection dnsmasq will listen. The default value is |
|
|
Temporary IP range that will be given to nodes during the inspection process. This should not overlap with any range that OpenStack Networking (neutron) DHCP allocates, but it has to be routeable back to |
|
|
Whether to use iPXE for inspection. The default value is |
|
|
Kernel args for the OpenStack Bare Metal (ironic) inspector. The default value is |
|
|
Storage backend for storing introspection data. The default value is |
|
|
Temporary IP ranges that will be given to nodes during the inspection process. These ranges should not overlap with any range that OpenStack Networking (neutron) DHCP provides, but they need to be routeable back to the |
|
|
DEPRECATED: Use IronicInspectorStorageBackend instead. Whether to use Swift for storing introspection data. The default value is |
|
|
The IP version that will be used for PXE booting. The default value is |
|
|
Whether to use iPXE instead of PXE for deployment. The default value is |
|
|
Port to use for serving images when iPXE is used. The default value is |
|
|
IPXE timeout in second. Set to 0 for infinite timeout. The default value is |
|
|
Wheater to use SNP (Simple Network Protocol) iPXE EFI, or not. When set to true |
|
| The password for the Bare Metal service and database account. |
|
|
Number of seconds to wait for power operations to complete, i.e., so that a baremetal node is in the desired power state. If timed out, the power operation is considered a failure. The default value is |
|
|
Name or UUID of the overcloud network used for provisioning of bare metal nodes if |
|
|
Name or UUID of the overcloud network used for rescuing of bare metal nodes, if IronicDefaultRescueInterface is not set to "no-rescue". The default value of "provisioning" can be left during the initial deployment (when no networks are created yet) and should be changed to an actual UUID in a post-deployment stack update. The default value is |
|
| The remote procedure call transport between conductor and API processes, such as a messaging broker or JSON RPC. |
|
|
Use the advanced (eventlet safe) memcached client pool. The default value is |
|
| Mapping of IP subnet CIDR to physical network. When the physnet_cidr_map processing hook is enabled the physical_network property of baremetal ports is populated based on this mapping. Example: PortPhysnetCidrMap: 10.10.10.0/24: physnet_a 2001:db8::/64: physnet_b. |
Chapter 8. Block Storage (cinder) Parameters
You can modify the cinder service with block storage parameters.
| Parameter | Description |
|---|---|
|
| Override the private key size used when creating the certificate for this service. |
|
|
The timeout in seconds for Apache, which defines duration Apache waits for I/O operations. The default value is |
|
| Entry in clouds.yaml to use for authentication. |
|
| The Ceph cluster FSID. Must be a UUID. |
|
|
The Ceph cluster name. The default value is |
|
|
The path where the Ceph Cluster configuration files are stored on the host. The default value is |
|
|
List of maps describing extra overrides which will be applied when configuring extra external Ceph clusters. If this list is non-empty, |
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
|
The number of seconds until a OpenStack Block Storage (cinder) API WSGI connection times out. The default value is |
|
| List of optional volumes to be mounted. |
|
|
Cron to purge database entries marked as deleted and older than $age - Age. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Log destination. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Hour. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Max Delay. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Minute. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Month. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Month Day. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - User. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Week Day. The default value is |
|
|
The name of the OpenStack Block Storage (cinder) default volume type. The default value is |
|
|
Whether to create cron job for purging soft deleted rows in OpenStack Block Storage (cinder) database. The default value is |
|
|
Whether to enable or not the Iscsi backend for OpenStack Block Storage (cinder). The default value is |
|
|
Whether to enable or not the NFS backend for OpenStack Block Storage (cinder). The default value is |
|
|
Whether to enable or not the Rbd backend for OpenStack Block Storage (cinder). The default value is |
|
|
When running OpenStack Block Storage (cinder) A/A, whether to connect to Etcd via the local IP for the Etcd network. If set to true, the ip on the local node will be used. If set to false, the VIP on the Etcd network will be used instead. Defaults to false. The default value is |
|
|
NFS mount options when using an NFS share for the OpenStack Block Storage (cinder) image conversion directory. The default value is |
|
| When set, the NFS share to be used for the OpenStack Block Storage (cinder) image conversion directory. |
|
| The availability zone of the Iscsi OpenStack Block Storage (cinder) backend. When set, it overrides the default CinderStorageAvailabilityZone. |
|
|
The iSCSI helper to use with cinder. The default value is |
|
|
Whether to use TCP (iscsi) or iSER RDMA (iser) for iSCSI. The default value is |
|
|
The size of the loopback file used by the cinder LVM driver. The default value is |
|
|
Controls whether security enhanced NFS file operations are enabled. Valid values are auto, true or false. Effective when CinderEnableNfsBackend is true. The default value is |
|
|
Controls whether security enhanced NFS file permissions are enabled. Valid values are auto, true or false. Effective when CinderEnableNfsBackend is true. The default value is |
|
| The availability zone of the NFS OpenStack Block Storage (cinder) backend. When set, it overrides the default CinderStorageAvailabilityZone. |
|
|
Mount options for NFS mounts used by OpenStack Block Storage (cinder) NFS backend. Effective when CinderEnableNfsBackend is true. The default value is |
|
| NFS servers used by OpenStack Block Storage (cinder) NFS backend. Effective when CinderEnableNfsBackend is true. |
|
|
Whether to enable support for snapshots in the NFS driver. Effective when CinderEnableNfsBackend is true. The default value is |
|
| The password for the cinder service and database account. |
|
| The availability zone of the RBD OpenStack Block Storage (cinder) backend. When set, it overrides the default CinderStorageAvailabilityZone. |
|
|
A list of OpenStack Block Storage (cinder) RBD backend names. The default value is |
|
| List of extra Ceph pools for use with RBD backends for OpenStack Block Storage (cinder). An extra OpenStack Block Storage (cinder) RBD backend driver is created for each pool in the list. This is in addition to the standard RBD backend driver associated with the CinderRbdPoolName. |
|
|
Whether RBD volumes created from a snapshot should be flattened in order to remove a dependency on the snapshot. The default value is |
|
| Dictionary of settings when configuring multiple RBD backends. The hash key is the backend name, and the value is a dictionary of parameter values unique to that backend. The following parameters are required, and must match the corresponding value defined in CephExternalMultiConfig. CephClusterName (must match the CephExternalMultiConfig entry’s cluster) CephClusterFSID (must match the CephExternalMultiConfig entry’s fsid) The following parameters are optional, and override the corresponding parameter’s default value. CephClientUserName CinderRbdPoolName CinderRbdExtraPools CinderRbdAvailabilityZone CinderRbdFlattenVolumeFromSnapshot. |
|
|
The Ceph pool to use for cinder volumes. The default value is |
|
|
Cinder’s RPC response timeout, in seconds. The default value is |
|
|
The OpenStack Block Storage (cinder) service’s storage availability zone. The default value is |
|
| The cluster name used for deploying the cinder-volume service in an active-active (A/A) configuration. This configuration requires the OpenStack Block Storage (cinder) backend drivers support A/A, and the cinder-volume service not be managed by pacemaker. If these criteria are not met then the cluster name must be left blank. |
|
| Hash of optional environment variables. |
|
| List of optional volumes to be mounted. |
|
|
Set the number of workers for the block storage service. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts. |
|
|
When set to false, a pacemaker service is configured to use a floating tag for its container image name, e.g. REGISTRY/NAMESPACE/IMAGENAME:pcmklatest. When set to true, the service uses a floating prefix as well, e.g. cluster.common.tag/IMAGENAME:pcmklatest. The default value is |
|
|
When set to true, the pacemaker service uses a fully constant tag for its container image name, e.g. cluster.common.tag/SERVICENAME:pcmklatest. The default value is |
|
|
Ulimit for OpenStack Block Storage (cinder) Volume Container. The default value is |
|
|
Controls whether etcd and the cinder-volume service use TLS for cinder’s lock manager, even when the rest of the internal API network is using TLS. The default value is |
|
|
Set to true to enable the SQLAlchemy-collectd server plugin. The default value is |
|
|
Use the advanced (eventlet safe) memcached client pool. The default value is |
|
|
Whether to enable the multipath daemon. The default value is |
|
|
Driver or drivers to handle sending notifications. The default value is |
Chapter 9. Ceph Storage Parameters
You can modify your Ceph Storage cluster with Ceph Storage parameters.
| Parameter | Description |
|---|---|
|
|
Disks configuration settings. The default value is |
|
| Mapping of Ansible environment variables to override defaults. |
|
|
Extra vars for the |
|
|
List of paths to the |
|
|
The number of -v, -vv, etc. passed to ansible-playbook command. The default value is |
|
|
The repository that should be used to install the right |
|
|
This boolean (when true) prevents the |
|
|
List of |
|
|
In particular scenarios we want this validation to show the warning but don’t fail because the package is installed on the system but repos are disabled. The default value is |
|
| Override the private key size used when creating the certificate for this service. |
|
|
The Ceph client key. Currently only used for external Ceph deployments to create the openstack user keyring. Can be created with: |
|
| The Ceph cluster FSID. Must be a UUID. |
|
|
The Ceph cluster name. The default value is |
|
| Extra configuration settings to dump into ceph.conf. |
|
|
The path where the Ceph Cluster configuration files are stored on the host. The default value is |
|
| Admin password for the dashboard component. |
|
|
Parameter used to set a read-only admin user. The default value is |
|
|
Admin user for the dashboard component. The default value is |
|
|
Parameter that defines the ceph dashboard port. The default value is |
|
|
Parameter used to trigger the dashboard deployment. The default value is |
|
| List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments. |
|
|
List of maps describing extra overrides which will be applied when configuring extra external Ceph clusters. If this list is non-empty, |
|
|
List of maps describing extra keys which will be created on the deployed Ceph cluster. Uses |
|
| Admin password for grafana component. |
|
|
Enables Ceph daemons to bind to IPv6 addresses. The default value is |
|
|
The Ceph client key. Can be created with: |
|
|
Enable Ceph msgr2 secure mode to enable on-wire encryption between Ceph daemons and also between Ceph clients and daemons. The default value is |
|
|
The minimum percentage of Ceph OSDs which must be running and in the Ceph cluster, according to ceph osd stat, for the deployment not to fail. Used to catch deployment errors early. Set this value to 0 to disable this check. Deprecated in Wallaby because of the move from |
|
|
Default placement group size to use for the RBD pools. The default value is |
|
|
Default minimum replication for RBD copies. The default value is |
|
|
Override settings for one of the predefined pools or to create additional ones. Example: |
|
|
Perform mirror configuration between local and remote pool. The default value is |
|
|
Copy the admin key to all nodes. The default value is |
|
| Name of the local pool to mirror to remote cluster. |
|
|
The name given to the remote Ceph cluster from the local cluster. Keys reside in the |
|
| The rbd-mirror daemon needs a user to authenticate with the remote cluster. By default, this key should be available under /etc/ceph/<remote_cluster>.client.<remote_user>.keyring. |
|
| Override the private key size used when creating the certificate for this service. |
|
|
The client name for the RADOSGW service." The default value is |
|
| The cephx key for the RADOSGW client. Can be created with ceph-authtool --gen-print-key. |
|
|
Interval (in seconds) in between validation checks. The default value is |
|
|
Number of retry attempts for Ceph validation. The default value is |
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
|
The short name of the OpenStack Block Storage (cinder) Backup backend to use. The default value is |
|
|
Pool to use if Block Storage (cinder) Backup is enabled. The default value is |
|
|
Whether to enable or not the Rbd backend for OpenStack Block Storage (cinder). The default value is |
|
| List of extra Ceph pools for use with RBD backends for OpenStack Block Storage (cinder). An extra OpenStack Block Storage (cinder) RBD backend driver is created for each pool in the list. This is in addition to the standard RBD backend driver associated with the CinderRbdPoolName. |
|
|
Pool to use for Block Storage (cinder) service. The default value is |
|
| List of server hostnames to blocklist from any triggered deployments. |
|
|
The short name of the OpenStack Image Storage (glance) backend to use. Set to |
|
| Dictionary of settings when configuring additional glance backends. The hash key is the backend ID, and the value is a dictionary of parameter values unique to that backend. Multiple rbd and cinder backends are allowed, but file and swift backends are limited to one each. Example: # Default glance store is rbd. GlanceBackend: rbd GlanceStoreDescription: Default rbd store # GlanceMultistoreConfig specifies a second rbd backend, plus a cinder # backend. GlanceMultistoreConfig: rbd2_store: GlanceBackend: rbd GlanceStoreDescription: Second rbd store CephClusterName: ceph2 # Override CephClientUserName if this cluster uses a different # client name. CephClientUserName: client2 cinder1_store: GlanceBackend: cinder GlanceCinderVolumeType: volume-type-1 GlanceStoreDescription: First cinder store cinder2_store: GlanceBackend: cinder GlanceCinderVolumeType: volume-type-2 GlanceStoreDescription: Seconde cinder store. |
|
|
Pool to use for Image Storage (glance) service. The default value is |
|
|
The short name of the OpenStack Telemetry Metrics (gnocchi) backend to use. Should be one of swift, rbd, file or s3. The default value is |
|
|
Pool to use for Telemetry storage. The default value is |
|
|
Filesystem path on undercloud to persist a copy of the data from the |
|
|
The CephFS user ID for Shared Filesystem Service (manila). The default value is |
|
|
Pool to use for file share storage. The default value is |
|
|
Pool to use for file share metadata storage. The default value is |
|
|
Backend name of the CephFS share for file share storage. The default value is |
|
| Ceph NodeExporter container image. |
|
|
Whether to enable the Ceph backend for Compute (nova). The default value is |
|
|
Pool to use for Compute storage. The default value is |
Chapter 10. Compute (nova) Parameters
You can modify the nova service with compute parameters.
| Parameter | Description |
|---|---|
|
| Override the private key size used when creating the certificate for this service. |
|
|
The timeout in seconds for Apache, which defines duration Apache waits for I/O operations. The default value is |
|
| Entry in clouds.yaml to use for authentication. |
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
|
Tune nova_libvirt container PID limit (set to 0 for unlimited) (defaults to 65536). The default value is |
|
|
Ulimit for OpenStack Compute (nova) Libvirt Container. The default value is |
|
| Array of hashes describing the custom providers for the compute role. Format: name/uuid - Resource providers to target can be identified by either UUID or name. In addition, the value $COMPUTE_NODE can be used in the UUID field to identify all nodes managed by the service. Exactly one of uuid or name is mandatory. If neither uuid or name is provided, the special uuid $COMPUTE_NODE gets set in the template. inventories - (Optional) Hash of custom provider inventories. total is a mandatory property. Any other optional properties not populated will be given a default value by placement. If overriding a pre-existing provider values will not be preserved from the existing inventory. traits - (Optional) Array of additional traits. Example: ComputeParameters: CustomProviderInventories: - uuid: $COMPUTE_NODE inventories: CUSTOM_EXAMPLE_RESOURCE_CLASS: total: 100 reserved: 0 min_unit: 1 max_unit: 10 step_size: 1 allocation_ratio: 1.0 CUSTOM_ANOTHER_EXAMPLE_RESOURCE_CLASS: total: 100 traits: - CUSTOM_P_STATE_ENABLED - CUSTOM_C_STATE_ENABLED. |
|
|
Ulimit for OpenStack Compute (nova) Compute Container. The default value is |
|
|
Port that dockerized nova migration target sshd service binds to. The default value is |
|
|
Enable caching with memcached. The default value is |
|
|
Remove configuration that is not generated by the director. Used to avoid configuration remnants after upgrades. The default value is |
|
|
Whether to enable an Instance Ha configurarion or not. This setup requires the Compute role to have the PacemakerRemote service added to it. The default value is |
|
|
Set to true to enable the SQLAlchemy-collectd server plugin. The default value is |
|
|
Setting this option to True will configure each OpenStack service to enforce Secure RBAC by setting |
|
|
The default backend’s identifier. The default value is |
|
| Dictionary of settings when configuring additional glance backends. The hash key is the backend ID, and the value is a dictionary of parameter values unique to that backend. Multiple rbd and cinder backends are allowed, but file and swift backends are limited to one each. Example: # Default glance store is rbd. GlanceBackend: rbd GlanceStoreDescription: Default rbd store # GlanceMultistoreConfig specifies a second rbd backend, plus a cinder # backend. GlanceMultistoreConfig: rbd2_store: GlanceBackend: rbd GlanceStoreDescription: Second rbd store CephClusterName: ceph2 # Override CephClientUserName if this cluster uses a different # client name. CephClientUserName: client2 cinder1_store: GlanceBackend: cinder GlanceCinderVolumeType: volume-type-1 GlanceStoreDescription: First cinder store cinder2_store: GlanceBackend: cinder GlanceCinderVolumeType: volume-type-2 GlanceStoreDescription: Seconde cinder store. |
|
|
Template string to be used to generate instance names. The default value is |
|
|
Specifies the CA cert to use for VNC TLS. The default value is |
|
| Kernel Args to apply to the host. |
|
| This specifies the CA certificate to use for TLS in libvirt. This file will be symlinked to the default CA path in libvirt, which is /etc/pki/CA/cacert.pem. Note that due to limitations GNU TLS, which is the TLS backend for libvirt, the file must be less than 65K (so we can’t use the system’s CA bundle). This parameter should be used if the default (which comes from the InternalTLSCAFile parameter) is not desired. The current default reflects TripleO’s default CA, which is FreeIPA. It will only be used if internal TLS is enabled. |
|
| Override the private key size used when creating the certificate for this service. |
|
|
This is a performance event list which could be used as monitor. For example: |
|
|
Defines a filter in libvirt daemon to select a different logging level for a given category log outputs, as specified in https://libvirt.org/logging.html . The default value is |
|
| The password for the libvirt service when TLS is enabled. |
|
|
Override the compile time default TLS priority string. The default value is |
|
|
Defines a filter in virtlogd to select a different logging level for a given category log outputs, as specified in https://libvirt.org/logging.html . The default value is |
|
|
Defines a filter in virtnodedevd to select a different logging level for a given category log outputs, as specified in https://libvirt.org/logging.html . The default value is |
|
|
Defines a filter in virtproxyd to select a different logging level for a given category log outputs, as specified in https://libvirt.org/logging.html . The default value is |
|
|
Defines a filter in virtqemud to select a different logging level for a given category log outputs, as specified in https://libvirt.org/logging.html . The default value is |
|
|
Defines a filter in virtsecretd to select a different logging level for a given category log outputs, as specified in https://libvirt.org/logging.html . The default value is |
|
|
Defines a filter in virtstoraged to select a different logging level for a given category log outputs, as specified in https://libvirt.org/logging.html . The default value is |
|
| This specifies the CA certificate to use for VNC TLS. This file will be symlinked to the default CA path, which is /etc/pki/CA/certs/vnc.crt. This parameter should be used if the default (which comes from the InternalTLSVncProxyCAFile parameter) is not desired. The current default reflects TripleO’s default CA, which is FreeIPA. It will only be used if internal TLS is enabled. |
|
| Override the private key size used when creating the certificate for this service. |
|
|
Set to True to enable TLS on Memcached service. Because not all services support Memcached TLS, during the migration period, Memcached will listen on 2 ports - on the port set with MemcachedPort parameter (above) and on 11211, without TLS. The default value is |
|
|
Use the advanced (eventlet safe) memcached client pool. The default value is |
|
|
SSH key for migration. Expects a dictionary with keys public_key and private_key. Values should be identical to SSH public/private key files. The default value is |
|
|
Target port for migration over ssh. The default value is |
|
|
Whether to enable the multipath daemon. The default value is |
|
|
Enable IPv6 in MySQL. The default value is |
|
| Shared secret to prevent spoofing. |
|
|
Map of phynet name as key and NUMA nodes as value. For example: |
|
| Used to configure NUMA affinity for all tunneled networks. |
|
|
Driver or drivers to handle sending notifications. The default value is |
|
|
Whether this is an cell additional to the default cell. The default value is |
|
|
Allow destination machine to match source for resize. The default value is |
|
|
Max number of objects returned per API query. The default value is |
|
|
Max number of consecutive build failures before the nova-compute will disable itself. The default value is |
|
|
A comma-separated list or range of physical host CPU numbers to which processes for pinned instance CPUs can be scheduled. For example, |
|
|
If the deprecated |
|
|
Whether to disable irqbalance on compute nodes or not. Especially in Realtime Compute role one wants to keep it disabled. The default value is |
|
|
Whether to enable KSM on compute nodes or not. Especially in NFV use case one wants to keep it disabled. The default value is |
|
|
Set to "True" to convert non-raw cached base images to raw format. Set to "False" if you have a system with slow I/O or low available space, trading the higher CPU requirements of compression for that of minimized input bandwidth. Notes:: - The Compute service removes any compression from the base image during compression, to avoid CPU bottlenecks. Converted images cannot have backing files, which might be a security issue. - The raw image format uses more space than other image formats, for example, qcow2. Raw base images are always used with libvirt_images_type=lvm. The default value is |
|
| Specifies the number of seconds to wait between runs of the image cache manager, which impacts base image caching on Compute nodes. This period is used in the auto removal of unused cached images configured with remove_unused_base_images and remove_unused_original_minimum_age_seconds.
Set to "0" to run at the default interval of 60 seconds (not recommended). The default value is |
|
| Maximum number of Compute nodes to trigger image precaching in parallel. When an image precache request is made, Compute nodes are contacted {by who/which service} to initiate the download.
Higher numbers will cause more computes to work in parallel and may result in reduced time to complete the operation, but may also DDoS the image service. Lower numbers will result in more sequential operation, lower image service load, but likely longer runtime to completion. The default value is |
|
|
Set to "True" to automatically remove unused base images from the cache at intervals configured by using image_cache_manager_interval. Images are defined as unused if they have not been accessed during the time specified by using remove_unused_original_minimum_age_seconds. The default value is |
|
|
Specifies the minimum age that an unused resized base image must be to be removed from the cache, in seconds. Unused unresized base images younger than this will not be removed. The default value is |
|
| Specifies the preallocation mode for libvirt instance disks. Set to one of the following valid values:: - none - No storage is provisioned at instance start. - space - Storage is fully allocated at instance start using fallocate, which can help with both space guarantees and I/O performance.
Even when not using CoW instance disks, the copy each instance gets is sparse and so the instance might fail unexpectedly at run time with ENOSPC. By running fallocate(1) on the instance disk images, the Compute service immediately and efficiently allocates the space for them in the file system, if supported. Run time performance should also be improved because the file system does not have to dynamically allocate blocks at run time, which reduces CPU overhead and file fragmentation. The default value is |
|
|
Libvirt domain type. Defaults to kvm. The default value is |
|
| List of optional environment variables. |
|
| List of optional volumes. |
|
|
Delays the startup of nova-compute service after compute node is booted. This is to give a chance to ceph to get back healthy before booting instances after and overcloud reboot. The default value is |
|
|
Set to "True" to use CoW (Copy on Write) images in cqow2 format for libvirt instance disks. With CoW, depending on the backing store and host caching, there might be better concurrency achieved by having each instance operate on its own copy. Set to "False" to use the raw format. Raw format uses more space for common parts of the disk image. The default value is |
|
|
Virtual CPU to physical CPU allocation ratio. The default value is |
|
|
Archive deleted instances from all cells. The default value is |
|
|
Cron to archive deleted instances - Age. This will define the retention policy when archiving the deleted instances entries in days. 0 means archive data older than today in shadow tables. The default value is |
|
|
Cron to move deleted instances to another table - Log destination. The default value is |
|
|
Cron to move deleted instances to another table - Hour. The default value is |
|
|
Cron to move deleted instances to another table - Max Delay. The default value is |
|
|
Cron to move deleted instances to another table - Max Rows. The default value is |
|
|
Cron to move deleted instances to another table - Minute. The default value is |
|
|
Cron to move deleted instances to another table - Month. The default value is |
|
|
Cron to move deleted instances to another table - Month Day. The default value is |
|
|
Purge shadow tables immediately after scheduled archiving. The default value is |
|
|
Cron to move deleted instances to another table - Until complete. The default value is |
|
|
Cron to move deleted instances to another table - User. The default value is |
|
|
Cron to move deleted instances to another table - Week Day. The default value is |
|
|
Cron to purge shadow tables - Age This will define the retention policy when purging the shadow tables in days. 0 means, purge data older than today in shadow tables. The default value is |
|
|
Cron to purge shadow tables - All cells. The default value is |
|
|
Cron to purge shadow tables - Log destination. The default value is |
|
|
Cron to purge shadow tables - Hour. The default value is |
|
|
Cron to purge shadow tables - Max Delay. The default value is |
|
|
Cron to purge shadow tables - Minute. The default value is |
|
|
Cron to purge shadow tables - Month. The default value is |
|
|
Cron to purge shadow tables - Month Day. The default value is |
|
|
Cron to purge shadow tables - User. The default value is |
|
|
Cron to purge shadow tables - Verbose. The default value is |
|
|
Cron to purge shadow tables - Week Day. The default value is |
|
|
Whether instances can attach cinder volumes from a different availability zone. The default value is |
|
|
Default pool for floating IP addresses. The default value is |
|
|
Facilitate a Fast-Forward upgrade where new control services are being started before compute nodes have been able to update their service record. The default value is |
|
|
Refuse to boot an instance if it would require downloading from glance and uploading to ceph instead of a COW clone. The default value is |
|
|
Virtual disk to physical disk allocation ratio. The default value is |
|
|
Whether to create cron job for archiving soft deleted rows in OpenStack Compute (nova) database. The default value is |
|
|
Whether to create cron job for purging soft deleted rows in OpenStack Compute (nova) database. The default value is |
|
|
Generate a virtlogd wrapper script so that virtlogd launches in a separate container and won’t get restarted e.g. on minor updates. The default value is |
|
|
Whether to enable support for enumlated Trusted Platform Module (TPM) devices. The default value is |
|
|
Enable download of OpenStack Image Storage (glance) images directly via RBD. The default value is |
|
|
The interval in seconds with which to poll OpenStack Image Storage (glance) after asking for it to copy an image to the local rbd store. The default value is |
|
|
The overall maximum time we will wait for OpenStack Image Storage (glance) to complete an image copy to our local rbd store. The default value is |
|
| The hash key, which is the backend ID, of the GlanceMultistoreConfig to be used for the role where NovaGlanceEnableRbdDownload is enabled and defaults should be overridden. If CephClientUserName or GlanceRbdPoolName are not set in the GlanceMultistoreConfig, the global values of those parameters will be used. |
|
|
Specifies the default machine type for each host architecture. Red Hat recommends setting the default to the lowest RHEL minor release in your environment, for backwards compatibility during live migration. The default value is |
|
|
Time in seconds that nova compute should continue caching an image once it is no longer used by any instances on the host. The default value is |
|
| List of image formats that should not be advertised as supported by the compute service. |
|
|
The libvirt CPU mode to configure. Defaults to host-model if virt_type is set to kvm, otherwise defaults to none. The default value is |
|
| This allows specifying granular CPU feature flags when specifying CPU models. Only has effect if cpu_mode is not set to none. |
|
| The named libvirt CPU model (see names listed in /usr/share/libvirt/cpu_map.xml). Only has effect if cpu_mode="custom" and virt_type="kvm|qemu". |
|
|
Available capacity in MiB for file-backed memory. When configured, the |
|
|
Add parameter to configure the libvirt max_queues. The maximum number of virtio queue pairs that can be enabled when creating a multiqueue guest. The number of virtio queues allocated will be the lesser of the CPUs requested by the guest and the max value defined. Default 0 corresponds to not set. The default value is |
|
|
A number of seconds to memory usage statistics period, zero or negative value mean to disable memory usage statistics. The default value is |
|
|
Set |
|
| List of optional volumes to be mounted. |
|
|
Virtio-net RX queue size. Valid values are 256, 512, 1024. The default value is |
|
|
Virtio-net TX queue size. Valid values are 256, 512, 1024. The default value is |
|
|
Whether to enable or not the multipath connection of the volumes. The default value is |
|
|
Defaults to "True" to slow down the instance CPU until the memory copy process is faster than the instance’s memory writes when the migration performance is slow and might not complete. Auto converge will only be used if this flag is set to True and post copy is not permitted or post copy is unavailable due to the version of libvirt and QEMU. The default value is |
|
|
If "True" activates the instance on the destination node before migration is complete, and to set an upper bound on the memory that needs to be transferred. Post copy gets enabled per default if the compute roles is not a realtime role or disabled by this parameter. The default value is |
|
|
Whether to wait for |
|
|
Indicates that the nova-metadata API service has been deployed per-cell, so that we can have better performance and data isolation in a multi-cell deployment. Users should consider the use of this configuration depending on how OpenStack Networking (neutron) is setup. If networks span cells, you might need to run nova-metadata API service globally. If your networks are segmented along cell boundaries, then you can run nova-metadata API service per cell. When running nova-metadata API service per cell, you should also configure each OpenStack Networking (neutron) metadata-agent to point to the corresponding nova-metadata API service. The default value is |
|
|
Maximum number of disk devices allowed to attach to a single server. Note that the number of disks supported by an server depends on the bus used. For example, the ide disk bus is limited to 4 attached devices. The configured maximum is enforced during server create, rebuild, evacuate, unshelve, live migrate, and attach volume. Operators changing this parameter on a compute service that is hosting servers should be aware that it could cause rebuilds to fail, if the maximum is decreased lower than the number of devices already attached to servers. Operators should also be aware that during a cold migration, the configured maximum is only enforced in-place and the destination is not checked before the move. -1 means unlimited. The default value is |
|
|
Name or path of the tool used for ISO image creation. The default value is |
|
|
Whether to enable or not the NFS backend for OpenStack Compute (nova). The default value is |
|
|
NFS mount options for nova storage (when NovaNfsEnabled is true). The default value is |
|
| NFS share to mount for nova storage (when NovaNfsEnabled is true). |
|
|
NFS version used for nova storage (when NovaNfsEnabled is true). Since NFSv3 does not support full locking a NFSv4 version need to be used. The default value is |
|
|
Name of integration bridge used by Open vSwitch. The default value is |
|
| OVS DB connection string to used by OpenStack Compute (nova). |
|
| The password for the OpenStack Compute (nova) service and database account. |
|
| YAML list of PCI passthrough whitelist parameters. |
|
|
PMEM namespace mappings as backend for vPMEM feature. This parameter sets Nova’s |
|
|
Creates PMEM namespaces on the host server using |
|
|
Virtual RAM to physical RAM allocation ratio. The default value is |
|
|
Reserved RAM for host processes. The default value is |
|
| A list of valid key=value which reflect NUMA node ID, page size (Default unit is KiB) and number of pages to be reserved. Example - NovaReservedHugePages: ["node:0,size:2048,count:64","node:1,size:1GB,count:1"] will reserve on NUMA node 0 64 pages of 2MiB and on NUMA node 1 1 page of 1GiB. |
|
|
Number of seconds we’re willing to wait for a guest to shut down. If this is 0, then there is no time out (use with caution, as guests might not respond to a shutdown request). The default value is 300 seconds (5 minutes). The default value is |
|
|
Whether to start running instance on compute host reboot. The default value is |
|
| List of available filters for OpenStack Compute (nova) to use to filter nodes. |
|
| (DEPRECATED) An array of filters used by OpenStack Compute (nova) to filter a node. These filters will be applied in the order they are listed, so place your most restrictive filters first to make the filtering process more efficient. |
|
|
This value controls how often (in seconds) the scheduler should attempt to discover new hosts that have been added to cells. The default value of -1 disables the periodic task completely. It is recommended to set this parameter for deployments using OpenStack Bare Metal (ironic). The default value is |
|
| An array of filters that OpenStack Compute (nova) uses to filter a node. OpenStack Compute applies these filters in the order they are listed. Place your most restrictive filters first to make the filtering process more efficient. |
|
|
This setting allows the scheduler to restrict hosts in aggregates based on matching required traits in the aggregate metadata and the instance flavor/image. If an aggregate is configured with a property with key trait:$TRAIT_NAME and value required, the instance flavor extra_specs and/or image metadata must also contain trait:$TRAIT_NAME=required to be eligible to be scheduled to hosts in that aggregate. The default value is |
|
|
Size of subset of best hosts selected by scheduler. The default value is |
|
|
This value allows to have tenant isolation with placement. It ensures hosts in tenant-isolated host aggregate and availability zones will only be available to specific set of tenants. The default value is |
|
|
Maximum number of attempts the scheduler will make when deploying the instance. You should keep it greater or equal to the number of bare metal nodes you expect to deploy at once to work around potential race conditions when scheduling. The default value is |
|
|
This setting, when |
|
|
This setting causes the scheduler to ask placement only for compute hosts that support the disk_format of the image used in the request. The default value is |
|
|
This setting allows the scheduler to look up a host aggregate with metadata key of availability zone set to the value provided by incoming request, and request result from placement be limited to that aggregate. The default value is |
|
|
This setting allows the scheduler to verify if the requested networks or port are related to OpenStack Networking (neutron) routed network. This requires that the related aggregates to be reported in placement, so only hosts within the asked aggregates would be accepted. The default value is |
|
|
Enable spreading the instances between hosts with the same best weight. The default value is |
|
|
Number of workers for OpenStack Compute (nova) Scheduler services. The default value is |
|
|
List of paths relative to nova_statedir to ignore when recursively setting the ownership and selinux context. The default value is |
|
|
Interval to sync power states between the database and the hypervisor. Set to -1 to disable. Setting this to 0 will run at the default rate(60) defined in oslo.service. The default value is |
|
|
(Deprecated) A list or range of physical CPU cores to reserve for virtual machine processes. For example, |
|
|
Map of vgpu type(s) the instances can get as key and list of corresponding device addresses as value. For example, NovaVGPUTypesDeviceAddressesMapping: {nvidia-35: [0000:84:00.0, 0000:85:00.0], nvidia-36: [0000:86:00.0]} where |
|
| Override the private key size used when creating the certificate for this service. |
|
| OpenSSL cipher preference string that specifies what ciphers to allow for TLS connections from clients. See the man page for the OpenSSL ciphers command for details of the cipher preference string format and allowed values. |
|
|
Minimum allowed SSL/TLS protocol version. Valid values are default, tlsv1_1, tlsv1_2, and tlsv1_3. A value of default will use the underlying system OpenSSL defaults. The default value is |
|
|
Number of workers for the Compute’s Conductor service. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. |
|
| Sets the amount of hugepage memory to assign per NUMA node. It is recommended to use the socket closest to the PCIe slot used for the desired DPDK NIC. The format should be in "<socket 0 mem>, <socket 1 mem>, <socket n mem>", where the value is specified in MB. For example: "1024,0". |
|
|
Endpoint interface to be used for the placement API. The default value is |
|
| The password for the Placement service and database account. |
|
| This specifies the CA certificate to use for qemu. This file will be symlinked to the default CA path, which is /etc/pki/qemu/ca-cert.pem. This parameter should be used if the default (which comes from the InternalTLSCAFile parameter) is not desired. The current default reflects TripleO’s default CA, which is FreeIPA. It will only be used if internal TLS is enabled. |
|
| Override the private key size used when creating the certificate for this service. |
|
|
Whether to enable or disable TLS client certificate verification. Enabling this option will reject any client who does not have a certificate signed by the CA in /etc/pki/qemu/ca-cert.pem. The default value is |
|
| Directory used for memoryBacking source if configured as file. NOTE: big files will be stored here. |
|
| Override the private key size used when creating the certificate for this service. |
|
|
Disk cachemodes for RBD backend. The default value is |
|
| OpenStack Compute upgrade level. |
|
|
If set to true and if EnableInternalTLS is enabled, it will enable TLS transport for libvirt NBD and configure the relevant keys for libvirt. The default value is |
|
|
If set to true and if EnableInternalTLS is enabled, it will enable TLS transport for libvirt VNC and configure the relevant keys for libvirt. The default value is |
|
|
Whether to verify image signatures. The default value is |
|
|
The vhost-user socket directory group name. Defaults to qemu. When vhostuser mode is dpdkvhostuserclient (which is the default mode), the vhost socket is created by qemu. The default value is |
Chapter 11. Dashboard (horizon) Parameters
You can modify the horizon service with dashboard parameters.
| Parameter | Description |
|---|---|
|
|
A list of IP/Hostname for the server OpenStack Dashboard (horizon) is running on. Used for header checks. The default value is |
|
| OpenStack Dashboard (horizon) has a global overrides mechanism available to perform customizations. |
|
| Specifies available domains to choose from. We expect an array of hashes, and the hashes should have two items each (name, display) containing OpenStack Identity (keystone) domain name and a human-readable description of the domain respectively. |
|
|
On top of dashboard there is a Help button. This button could be used to re-direct user to vendor documentation or dedicated help portal. The default value is |
|
| Regex for password validation. |
|
| Help text for password validation. |
|
| Secret key for the webserver. |
|
|
Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in OpenStack Dashboard (horizon). The default value is |
|
|
Set session timeout for horizon in seconds. The default value is |
|
|
Extra parameters for OpenStack Dashboard (horizon) vhost configuration. The default value is |
|
|
Enable IPv6 features in Memcached. The default value is |
|
|
The timezone to be set on the overcloud. The default value is |
|
|
Specifies the list of SSO authentication choices to present. Each item is a list of an SSO choice identifier and a display message. The default value is |
|
|
Enable support for Web Single Sign-On. The default value is |
|
|
Specifies a mapping from SSO authentication choice to identity provider and protocol. The identity provider and protocol names must match the resources defined in keystone. The default value is |
|
|
The initial authentication choice to select by default. The default value is |
Chapter 12. Identity (keystone) Parameters
You can modify the keystone service with identity parameters.
| Parameter | Description |
|---|---|
|
| The OpenStack Identity (keystone) secret and database password. |
|
| Override the private key size used when creating the certificate for this service. |
|
|
The timeout in seconds for Apache, which defines duration Apache waits for I/O operations. The default value is |
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
|
Enable caching with memcached. The default value is |
|
|
Whether to enable TLS on the public interface or not. The default value is |
|
|
Set to true to enable the SQLAlchemy-collectd server plugin. The default value is |
|
|
Setting this option to True will configure each OpenStack service to enforce Secure RBAC by setting |
|
| A list of methods used for authentication. |
|
| Enabling this option requires users to change their password when the user is created, or upon administrative reset. |
|
| Indicate whether this resource may be shared with the domain received in the request "origin" header. |
|
| The first OpenStack Identity (keystone) credential key. Must be a valid key. |
|
| The second OpenStack Identity (keystone) credential key. Must be a valid key. |
|
|
Cron to purge expired or soft-deleted trusts - Log destination. The default value is |
|
|
Cron to purge expired or soft-deleted trusts - Ensure. The default value is |
|
|
Cron to purge expired or soft-deleted trusts - Hour. The default value is |
|
|
Cron to purge expired or soft-deleted trusts - Max Delay. The default value is |
|
|
Cron to purge expired or soft-deleted trusts - Minute. The default value is |
|
|
Cron to purge expired or soft-deleted trusts - Month. The default value is |
|
|
Cron to purge expired or soft-deleted trusts - Month Day. The default value is |
|
|
Cron to purge expired or soft-deleted trusts - User. The default value is |
|
|
Cron to purge expired or soft-deleted trusts - Week Day. The default value is |
|
| The maximum number of days a user can go without authenticating before being considered "inactive" and automatically disabled (locked). |
|
|
Whether to create cron job for purging soft deleted rows in OpenStack Identity (keystone) database. The default value is |
|
|
Create the member role, useful for undercloud deployment. The default value is |
|
|
Enable support for federated authentication. The default value is |
|
| Mapping containing OpenStack Identity (keystone) fernet keys and their paths. |
|
|
The maximum active keys in the OpenStack Identity (keystone) fernet key repository. The default value is |
|
| Hash containing the configurations for the LDAP backends configured in keystone. |
|
|
Trigger to call ldap_backend puppet keystone define. The default value is |
|
| The number of seconds a user account will be locked when the maximum number of failed authentication attempts (as specified by KeystoneLockoutFailureAttempts) is exceeded. |
|
| The maximum number of times that a user can fail to authenticate before the user account is locked for the number of seconds specified by KeystoneLockoutDuration. |
|
| The number of days that a password must be used before the user can change it. This prevents users from changing their passwords immediately in order to wipe out their password history and reuse an old password. |
|
| Comma-separated list of Oslo notification drivers used by OpenStack Identity (keystone). |
|
|
The OpenStack Identity (keystone) notification format. The default value is |
|
| OpenStack Identity (keystone) notification topics to enable. |
|
| The client ID to use when handshaking with your OpenID Connect provider. |
|
| The client secret to use when handshaking with your OpenID Connect provider. |
|
|
Passphrase to use when encrypting data for OpenID Connect handshake. The default value is |
|
|
Enable support for OpenIDC federation. The default value is |
|
|
Enable OAuth 2.0 integration. The default value is |
|
| The name associated with the IdP in OpenStack Identity (keystone). |
|
| OAuth 2.0 introspection endpoint for mod_auth_openidc. |
|
| The url that points to your OpenID Connect provider metadata. |
|
|
Attribute to be used to obtain the entity ID of the Identity Provider from the environment. The default value is |
|
|
Response type to be expected from the OpenID Connect provider. The default value is |
|
| The number of days for which a password will be considered valid before requiring it to be changed. |
|
| The regular expression used to validate password strength requirements. |
|
| Describe your password regular expression here in language for humans. |
|
| OpenStack Identity (keystone) certificate for verifying token validity. |
|
| OpenStack Identity (keystone) key for signing tokens. |
|
|
The OpenStack Identity (keystone) token format. The default value is |
|
| A list of dashboard URLs trusted for single sign-on. |
|
| This controls the number of previous user password iterations to keep in history, in order to enforce that newly created passwords are unique. |
|
|
Set the number of workers for the OpenStack Identity (keystone) service. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts. |
|
|
Whether director should manage the OpenStack Identity (keystone) fernet keys or not. If set to True, the fernet keys will get the values from the saved keys repository in OpenStack Workflow (mistral) from the |
|
|
Set to True to enable TLS on Memcached service. Because not all services support Memcached TLS, during the migration period, Memcached will listen on 2 ports - on the port set with MemcachedPort parameter (above) and on 11211, without TLS. The default value is |
|
|
Driver or drivers to handle sending notifications. The default value is |
|
|
Whether the public SSL certificate was autogenerated or not. The default value is |
|
| Specifies the default CA cert to use if TLS is used for services in the public network. |
|
| The content of the SSL certificate (without Key) in PEM format. |
|
|
Set a token expiration time in seconds. The default value is |
Chapter 13. Image Storage (glance) Parameters
You can modify the glance service with image service parameters.
| Parameter | Description |
|---|---|
|
|
The Ceph cluster name. The default value is |
|
|
The path where the Ceph Cluster configuration files are stored on the host. The default value is |
|
|
Set to true to enable the SQLAlchemy-collectd server plugin. The default value is |
|
|
Setting this option to True will configure each OpenStack service to enforce Secure RBAC by setting |
|
| List of optional volumes to be mounted. |
|
|
The short name of the OpenStack Image Storage (glance) backend to use. Should be one of swift, rbd, cinder, or file. The default value is |
|
|
The default backend’s identifier. The default value is |
|
|
Enable OpenStack Image Storage (glance) Image Cache. The default value is |
|
|
The mount point base when glance is using cinder as store and cinder backend is NFS. This mount point is where the NFS volume is mounted on the glance node. The default value is |
|
| A unique volume type required for each cinder store while configuring multiple cinder stores as glance backends. The same volume types must be configured in OpenStack Block Storage (cinder) as well. The volume type must exist in cinder prior to any attempt to add an image in the associated cinder store. If no volume type is specified then cinder’s default volume type will be used. |
|
|
Cron to purge database entries marked as deleted and older than $age - Age. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Log destination. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Hour. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Max Delay. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Max Rows. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Minute. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Month. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Month Day. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - User. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Week Day. The default value is |
|
| List of allowed disk formats in Glance; all formats are allowed when left unset. |
|
|
List of enabled Image Import Methods. Valid values in the list are glance-direct, web-download, or copy-image. The default value is |
|
|
List of user roles to be ignored for injecting image metadata properties. The default value is |
|
|
Base directory that the Image Cache uses. The default value is |
|
|
The upper limit on cache size, in bytes, after which the cache-pruner cleans up the image cache. The default value is |
|
|
The amount of time, in seconds, to let an image remain in the cache without being accessed. The default value is |
|
|
Desired output format for image conversion plugin. The default value is |
|
|
List of enabled Image Import Plugins. Valid values in the list are image_conversion, inject_metadata, no_op. The default value is |
|
|
Maximum number of image members per image. Negative values evaluate to unlimited. The default value is |
|
|
The interval in seconds to run periodic job cache_images. The default value is |
|
| Metadata properties to be injected in image. |
|
| The filepath of the file to use for logging messages from OpenStack Image Storage (glance). |
|
| Dictionary of settings when configuring additional glance backends. The hash key is the backend ID, and the value is a dictionary of parameter values unique to that backend. Multiple rbd and cinder backends are allowed, but file and swift backends are limited to one each. Example: # Default glance store is rbd. GlanceBackend: rbd GlanceStoreDescription: Default rbd store # GlanceMultistoreConfig specifies a second rbd backend, plus a cinder # backend. GlanceMultistoreConfig: rbd2_store: GlanceBackend: rbd GlanceStoreDescription: Second rbd store CephClusterName: ceph2 # Override CephClientUserName if this cluster uses a different # client name. CephClientUserName: client2 cinder1_store: GlanceBackend: cinder GlanceCinderVolumeType: volume-type-1 GlanceStoreDescription: First cinder store cinder2_store: GlanceBackend: cinder GlanceCinderVolumeType: volume-type-2 GlanceStoreDescription: Seconde cinder store. |
|
|
When using |
|
|
When using |
|
|
NFS mount options for image storage when |
|
|
NFS share to mount for image storage when |
|
|
URI that specifies the staging location to use when importing images. The default value is |
|
|
Strategy to use for OpenStack Image Storage (glance) notification queue. The default value is |
|
| The password for the image storage service and database account. |
|
|
Whether to show multiple image locations e.g for copy-on-write support on RBD or Netapp backends. Potential security risk, see glance.conf for more information. The default value is |
|
|
When using GlanceBackend file and rbd to enable or not sparse upload. The default value is |
|
|
NFS mount options for NFS image import staging. The default value is |
|
| NFS share to mount for image import staging. |
|
|
User facing description for the OpenStack Image Storage (glance) backend. The default value is |
|
|
Set the number of workers for the image storage service. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts. |
|
|
Use the advanced (eventlet safe) memcached client pool. The default value is |
|
|
Whether to enable the multipath daemon. The default value is |
|
| Netapp share to mount for image storage (when GlanceNetappNfsEnabled is true). |
|
|
Driver or drivers to handle sending notifications. The default value is |
Chapter 14. Key Manager (barbican) Parameters
You can modify the barbican service with key manager parameters.
| Parameter | Description |
|---|---|
|
| Override the private key size used when creating the certificate for this service. |
|
|
The timeout in seconds for Apache, which defines duration Apache waits for I/O operations. The default value is |
|
| Hash of atos-hsm role variables used to install ATOS client software. |
|
|
Whether this plugin is the global default plugin. The default value is |
|
| Hostname of the Dogtag server. |
|
| Password for the NSS DB. |
|
|
Path for the PEM file used to authenticate requests. The default value is |
|
|
Port for the Dogtag server. The default value is |
|
|
Whether this plugin is the global default plugin. The default value is |
|
| Host for KMIP device. |
|
| Password to connect to KMIP device. |
|
| Port for KMIP device. |
|
| Username to connect to KMIP device. |
|
| The password for the OpenStack Key Manager (barbican) service account. |
|
|
Always set CKA_SENSITIVE=CK_TRUE. The default value is |
|
|
Generate IVs for CKM_AES_GCM encryption mechanism. The default value is |
|
|
Enable ATOS for PKCS11. The default value is |
|
|
Enable PKCS11. The default value is |
|
|
Cryptoki Mechanism used for encryption. The default value is |
|
|
Whether this plugin is the global default plugin. The default value is |
|
|
Cryptoki Mechanism used to generate Master HMAC Key. The default value is |
|
|
Cryptoki Key Type for Master HMAC key. The default value is |
|
| Label for the HMAC key. |
|
| Path to vendor PKCS11 library. |
|
| Password (PIN) to login to PKCS#11 session. |
|
|
Enable Luna SA HSM for PKCS11. The default value is |
|
| Label for Master KEK. |
|
|
Length of Master KEK in bytes. The default value is |
|
|
Set CKF_OS_LOCKING_OK flag when initializing the client library. The default value is |
|
|
Cryptoki Mechanism used to generate Master HMAC Key. The default value is |
|
|
Slot Id for the PKCS#11 token to be used. The default value is |
|
|
Enable Thales for PKCS11. The default value is |
|
| (DEPRECATED) Use BarbicanPkcs11CryptoTokenLabels instead. |
|
| List of comma separated labels for the tokens to be used. This is typically a single label, but some devices may require more than one label for Load Balancing and High Availability configurations. |
|
| Serial number for PKCS#11 token to be used. |
|
|
Whether this plugin is the global default plugin. The default value is |
|
| KEK used to encrypt secrets. |
|
|
Set the number of workers for barbican::wsgi::apache. The default value is |
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
|
Set to true to enable the SQLAlchemy-collectd server plugin. The default value is |
|
| (Optional) When set OpenStack Key Manager (barbican) nodes will be registered with the HSMs using the IP from this network instead of the FQDN. |
|
| Hash of lunasa-hsm role variables used to install Lunasa client software. |
|
|
Use the advanced (eventlet safe) memcached client pool. The default value is |
|
|
Driver or drivers to handle sending notifications. The default value is |
|
|
The network that the HSM is listening on. The default value is |
|
| Hash of thales_hsm role variables used to install Thales client software. |
Chapter 15. Load Balancer (octavia) Parameters
| Parameter | Description |
|---|---|
|
|
The syslog "LOG_LOCAL" facility to use for the administrative log messages. The default value is |
|
| List of syslog endpoints, host:port comma separated list, to receive administrative log messages. |
|
|
The interval in seconds after which an unused Amphora will be considered expired and cleaned up. If left to 0, the configuration will not be set and the system will use the service defaults. The default value is |
|
|
OpenStack Load Balancing-as-a-Service (octavia) generated SSH key directory. The default value is |
|
| Public key file path. User will be able to SSH into amphorae with the provided key. User may, in most cases, also elevate to root from user centos (CentOS), ubuntu (Ubuntu) or cloud-user (RHEL) (depends on how amphora image was created). Logging in to amphorae provides a convenient way to e.g. debug load balancing services. |
|
|
SSH key name. The default value is |
|
|
Flag to indicate if anti-affinity feature is turned on. The default value is |
|
| OpenStack Load Balancing-as-a-Service (octavia) CA certificate data. If provided, this will create or update a file on the host with the path provided in OctaviaCaCertFile with the certificate data. |
|
| The private key for the certificate provided in OctaviaCaCert. If provided, this will create or update a file on the host with the path provided in OctaviaCaKeyFile with the key data. |
|
| CA private key passphrase. |
|
| OpenStack Load Balancing-as-a-Service (octavia) client certificate data. If provided, this will create or update a file on the host with the path provided in OctaviaClientCertFile with the certificate data. |
|
|
When false, tenant connection flows will not be logged. The default value is |
|
|
Default list of OpenSSL ciphers for new TLS-enabled listeners. The default value is |
|
|
Default list of OpenSSL ciphers for new TLS-enabled pools. The default value is |
|
|
When true, logs will not be stored on the amphora filesystem. This includes all kernel, system, and security logs. The default value is |
|
|
Set to false if the driver agent needs to be disabled for some reason. The default value is |
|
|
OpenStack Compute (nova) flavor ID to be used when creating the nova flavor for amphora. The default value is |
|
|
When true, all log messages from the amphora will be forwarded to the administrative log endponts, including non-load balancing related logs. The default value is |
|
|
Enable internal generation of certificates for secure communication with amphorae for isolated private clouds or systems where security is not a concern. Otherwise, use OctaviaCaCert, OctaviaCaKey, OctaviaCaKeyPassphrase, OctaviaClientCert and OctaviaServerCertsKeyPassphrase to configure OpenStack Load Balancing-as-a-Service (octavia). The default value is |
|
|
List of OpenSSL cipher string of TLS versions to use for new TLS-enabled listeners. The default value is |
|
| Load balancer topology configuration. |
|
|
When true, log messages from the amphora will be forwarded to the administrative log endponts and will be stored with the controller logs. The default value is |
|
| Minimum allowed TLS version for listeners and pools. |
|
|
List of TLS versions to use for new TLS-enabled pools. The default value is |
|
|
The syslog "LOG_LOCAL" facility to use for the tenant traffic flow log messages. The default value is |
|
| List of syslog endpoints, host:port comma separated list, to receive tenant traffic flow log messages. |
|
|
Frontend client inactivity timeout. The default value is |
|
|
Backend member inactivity timeout. The default value is |
|
| List of OpenSSL ciphers. Usage of these ciphers will be blocked. |
Chapter 16. Messaging Parameters
You can modify the message queue service with messaging parameters.
| Parameter | Description |
|---|---|
|
| Override the private key size used when creating the certificate for this service. |
|
| The password for messaging backend. |
|
|
The network port for messaging backend. The default value is |
|
|
The username for messaging backend. The default value is |
|
|
Messaging client subscriber parameter to specify an SSL connection to the messaging host. The default value is |
Chapter 17. Networking (neutron) Parameters
You can modify the neutron service with networking parameters.
| Parameter | Description |
|---|---|
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
| Override the private key size used when creating the certificate for this service. |
|
|
Whether to enable or not the pci passthrough whitelist automation. The default value is |
|
|
Enables DHCP agent notifications. The default value is |
|
|
Additional domain sockets for the docker daemon to bind to (useful for mounting into containers that launch other containers). The default value is |
|
|
Ulimit for OpenStack Networking (neutron) DHCP Agent Container. The default value is |
|
|
Ulimit for OpenStack Networking (neutron) L3 Agent Container. The default value is |
|
|
Ulimit for Openvswitch Container. The default value is |
|
|
Whether containerized puppet executions use modules from the baremetal host. Defaults to true. Can be set to false to consume puppet modules from containers directly. The default value is |
|
|
Ulimit for SR-IOV Container. The default value is |
|
|
Set to true to enable the SQLAlchemy-collectd server plugin. The default value is |
|
|
If True, then allow plugins that support it to create VLAN transparent networks. The default value is |
|
|
Setting this option to True will configure each OpenStack service to enforce Secure RBAC by setting |
|
|
Use the advanced (eventlet safe) memcached client pool. The default value is |
|
|
Seconds to regard the agent as down; should be at least twice NeutronGlobalReportInterval, to be sure the agent is down for good. The default value is |
|
|
Comma-separated list of extensions enabled for the OpenStack Networking (neutron) agents. The default value is |
|
|
Allow automatic l3-agent failover. The default value is |
|
| Hash of optional environment variables. |
|
| List of optional volumes to be mounted. |
|
|
The logical to physical bridge mappings to use. The default ( |
|
| Override the private key size used when creating the certificate for this service. |
|
|
The core plugin for networking. The value should be the entrypoint to be loaded from |
|
|
String of extra command line parameters to append to the |
|
| Comma-separated list of default network availability zones to be used by OpenStack Networking (neutron) if its resource is created without availability zone hints. If not set, no AZs will be configured for OpenStack Networking (neutron) network services. |
|
| Availability zone for OpenStack Networking (neutron) DHCP agent. If not set, no AZs will be configured for OpenStack Networking (neutron) network services. |
|
| List of servers to use as dnsmasq forwarders. |
|
|
Enable dhcp-host entry with list of addresses when port has multiple IPv6 addresses in the same subnet. The default value is |
|
|
The number of DHCP agents to schedule per network. The default value is |
|
| Override the private key size used when creating the certificate for this service. |
|
|
Additional to the availability zones aware network scheduler. The default value is |
|
| Name of Open vSwitch bridge to use. |
|
|
OpenStack Networking (neutron) DHCP agent to use broadcast in DHCP replies. The default value is |
|
|
Domain to use for building the hostnames. The default value is |
|
|
Enable ARP responder feature in the OVS Agent. The default value is |
|
|
Generate a wrapper script so OpenStack Networking (neutron) launches the dibbler client in a separate container. The default value is |
|
|
Generate a dnsmasq wrapper script so that OpenStack Networking (neutron) launches dnsmasq in a separate container. The default value is |
|
| Enable Distributed Virtual Router. |
|
|
If True, DHCP always provides metadata route to VM. The default value is |
|
|
Generate a wrapper script so OpenStack Networking (neutron) launches haproxy in a separate container. The default value is |
|
|
Enable IGMP Snooping. The default value is |
|
|
If True, enable the internal OpenStack Networking (neutron) DNS server that provides name resolution between VMs. This parameter has no effect if NeutronDhcpAgentDnsmasqDnsServers is set. The default value is |
|
|
If True, DHCP allows metadata support on isolated networks. The default value is |
|
|
Generate a wrapper script so OpenStack Networking (neutron) launches keepalived processes in a separate container. The default value is |
|
|
Enable/disable the L2 population feature in the OpenStack Networking (neutron) agents. The default value is |
|
|
If True, DHCP provides metadata network. Requires either |
|
| List of <network_device>:<excluded_devices> mapping network_device to the agent’s node-specific list of virtual functions that should not be used for virtual networking. excluded_devices is a semicolon separated list of virtual functions to exclude from network_device. The network_device in the mapping should appear in the physical_device_mappings list. |
|
| Firewall driver for realizing OpenStack Networking (neutron) security group function. |
|
|
Sets the flat network name to configure in plugins. The default value is |
|
|
Geneve encapsulation header size. The default value is |
|
|
MTU of the underlying physical network. OpenStack Networking (neutron) uses this value to calculate MTU for all virtual network components. For flat and VLAN networks, OpenStack Networking uses this value without modification. For overlay networks such as VXLAN, OpenStack Networking automatically subtracts the overlay protocol overhead from this value. The default value is |
|
|
Seconds between nodes reporting state to server; should be less than NeutronAgentDownTime, best if it is half or less than NeutronAgentDownTime. The default value is |
|
|
OpenStack Networking (neutron) DHCP Agent interface driver. The default value is |
|
| Availability zone for OpenStack Networking (neutron) L3 agent. If not set, no AZs will be configured for OpenStack Networking (neutron) network services. |
|
| Comma-separated list of extensions enabled for the OpenStack Networking (neutron) L3 agent. |
|
|
Maximum number of packets per rate_limit. The default value is |
|
| Output logfile path on agent side, default syslog file. |
|
|
Maximum number of packets logging per second. The default value is |
|
|
Agent mode for L3 agent. Must be |
|
|
The username passed to radvd, used to drop root privileges and change user ID to username and group ID to the primary group of username. If no user specified, the user executing the L3 agent will be passed. If "root" specified, because radvd is spawned as root, no "username" parameter will be passed. The default value is |
|
|
The mechanism drivers for the OpenStack Networking (neutron) tenant network. The default value is |
|
| Shared secret to prevent spoofing. |
|
| Sets the number of worker processes for the OpenStack Networking (neutron) OVN metadata agent. The default value results in the configuration being left unset and a system-dependent default will be chosen (usually the number of processors). Please note that this can result in a large number of processes and memory consumption on systems with a large core count. On such systems it is recommended that a non-default value be selected that matches the load requirements. |
|
|
A list of mappings of physical networks to MTU values. The format of the mapping is |
|
|
The network schedule driver to use for availability zones. The default value is |
|
|
The tenant network type for OpenStack Networking (neutron). The default value is |
|
|
The OpenStack Networking (neutron) ML2 and Open vSwitch VLAN mapping range to support. Defaults to permitting any VLAN on the |
|
|
IP version used for all overlay network endpoints. The default value is |
|
|
Maximum number of packets per rate_limit. The default value is |
|
| Output logfile path on agent side, default syslog file. |
|
|
Maximum number of packets logging per second. The default value is |
|
|
Maximum number of packets per rate_limit. The default value is |
|
| Output logfile path on agent side, default syslog file. |
|
|
Maximum number of packets logging per second. The default value is |
|
|
Configure the classname of the firewall driver to use for implementing security groups. Possible values depend on system configuration. Some examples are: |
|
| Name of Open vSwitch bridge to use. |
|
| Comma-separated list of <bridge>:<egress_bw>:<ingress_bw> tuples, showing the available bandwidth for the given bridge in the given direction. The direction is meant from VM perspective. Bandwidth is measured in kilobits per second (kbps). The bridge must appear in bridge_mappings as the value. |
|
|
Set or un-set the tunnel header checksum on outgoing IP packet carrying GRE/VXLAN tunnel. The default value is |
|
| Comma-separated list of VNIC types for which support in OpenStack Networking (neutron) is administratively prohibited by the OVS mechanism driver. |
|
| The password for the OpenStack Networking (neutron) service and database account. |
|
| Set additional ethertypes to to be configured on OpenStack Networking (neutron) firewalls. |
|
| List of <physical_network>:<physical device> All physical networks listed in network_vlan_ranges on the server should have mappings to appropriate interfaces on each agent. Example "tenant0:ens2f0,tenant1:ens2f1". |
|
|
Comma-separated list of enabled extension plugins. The default value is |
|
|
Puppet resource tag names that are used to generate configuration files with puppet. The default value is |
|
|
Number of ports allowed per tenant, and minus means unlimited. The default value is |
|
|
The router schedule driver to use for availability zones. The default value is |
|
| Sets the number of RPC workers for the OpenStack Networking (neutron) service. If not specified, it’ll take the value of NeutronWorkers and if this is not specified either, the default value results in the configuration being left unset and a system-dependent default will be chosen (usually 1). |
|
|
Number of security groups allowed per tenant, and minus means unlimited. The default value is |
|
|
Comma-separated list of service plugin entrypoints. The default value is |
|
| Comma-separated list of extensions enabled for the OpenStack Networking (neutron) SR-IOV agents. |
|
| Comma-separated list of <network_device>:<egress_bw>:<ingress_bw> tuples, showing the available bandwidth for the given device in the given direction. The direction is meant from VM perspective. Bandwidth is measured in kilobits per second (kbps). The device must appear in physical_device_mappings as the value. |
|
| Comma-separated list of VNIC types for which support in OpenStack Networking (neutron) is administratively prohibited by the SR-IOV mechanism driver. |
|
|
Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation. The default value is |
|
|
The tunnel types for the OpenStack Networking (neutron) tenant network. The default value is |
|
|
Comma-separated list of network type driver entrypoints to be loaded. The default value is |
|
| The vhost-user socket directory for OVS. |
|
|
Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges of VXLAN VNI IDs that are available for tenant network allocation. The default value is |
|
|
Sets the number of API and RPC workers for the OpenStack Networking service. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts. |
|
|
Driver or drivers to handle sending notifications. The default value is |
|
| The az options to configure in ovs db. eg. [az-0, az-1, az-2]. |
|
| The CMS options to configure in ovs db. |
|
| Limit the specific CPUs or cores a container can use. It can be specified as a single core (ex. 0), as a comma-separated list (ex. 0,1), as a range (ex. 0-3) or a combination if previous methods (ex 0-3,7,11-15). The selected cores should be isolated from guests and hypervisor in order to obtain best possible performance. |
|
|
During update, how long we wait for the container image to be updated, in seconds. The default value is |
|
|
During update, how long we wait for the container to be updated, in seconds. The default value is |
|
|
Timeout in seconds for the OVSDB connection transaction. The default value is |
|
| Override the private key size used when creating the certificate for this service. |
|
| List of servers to use as as dns forwarders. |
|
|
Configure OVN to emit "need to frag" packets in case of MTU mismatch. Before enabling this configuration make sure that it’s supported by the host kernel (version >= 5.2) or by checking the output of the following command ovs-appctl -t ovs-vswitchd dpif/show-dp-features br-int | grep "Check pkt length action". The default value is |
|
|
Generate a wrapper script so that haproxy is launched in a separate container. The default value is |
|
|
Type of encapsulation used in OVN. It can be "geneve" or "vxlan". The default value is |
|
|
Name of the OVS bridge to use as integration bridge by OVN Controller. The default value is |
|
| Override the private key size used when creating the certificate for this service. |
|
|
Whether Metadata Service has to be enabled. The default value is |
|
|
The synchronization mode of OVN with OpenStack Networking (neutron) DB. The default value is |
|
|
Cluster port of the OVN Northbound DB server. The default value is |
|
|
Port of the OVN Northbound DB server. The default value is |
|
|
The inactivity probe interval of the OpenFlow connection to the OpenvSwitch integration bridge, in seconds. The default value is |
|
|
Probe interval in ms for the OVSDB session. The default value is |
|
|
OVN notification driver for OpenStack Networking (neutron) QOS service plugin. The default value is |
|
|
Probe interval in ms. The default value is |
|
|
Cluster port of the OVN Southbound DB server. The default value is |
|
|
Port of the OVN Southbound DB server. The default value is |
|
| Static OVN Bridge MAC address mappings. Unique OVN bridge mac addresses is dynamically allocated by creating OpenStack Networking (neutron) ports. When OpenStack Networking (neutron) isn’t available, for instance in the standalone deployment, use this parameter to provide static OVN bridge mac addresses. For example: controller-0: datacenter: 00:00:5E:00:53:00 provider: 00:00:5E:00:53:01 compute-0: datacenter: 00:00:5E:00:54:00 provider: 00:00:5E:00:54:01. |
|
|
Disable OVS Exact Match Cache. The default value is |
|
|
Enable OVS Hardware Offload. This feature supported from OVS 2.8.0. The default value is |
|
| The python interpreter to use for python and ansible actions. The default value is `$(command -v python3 |
| command -v python)`. | |
|
|
MTU of the underlying physical network. OpenStack Networking (neutron) uses this value to calculate MTU for all virtual network components. For flat and VLAN networks, OpenStack Networking (neutron) uses this value without modification. For overlay networks such as VXLAN, OpenStack Networking (neutron) automatically subtracts the overlay protocol overhead from this value. (The mtu setting of the Tenant network in network_data.yaml control’s this parameter.). The default value is |
Chapter 18. Object Storage (swift) Parameters
You can modify the swift service with object storage parameters.
| Parameter | Description |
|---|---|
|
|
Setting this option to True will configure each OpenStack service to enforce Secure RBAC by setting |
|
|
Set to True to enable TLS on Memcached service. Because not all services support Memcached TLS, during the migration period, Memcached will listen on 2 ports - on the port set with MemcachedPort parameter (above) and on 11211, without TLS. The default value is |
|
|
Number of workers for Swift account service. The default value is |
|
|
Comma-seperated list of project names to ignore. The default value is |
|
|
Set to |
|
|
Set to True to enable Swift container sharder service. The default value is |
|
|
Number of workers for Swift account service. The default value is |
|
| Indicate whether this resource may be shared with the domain received in the request "origin" header. |
|
|
Set to True to enable data-at-rest encryption in Swift. The default value is |
|
| A random string to be used as an extra salt when hashing to determine mappings in the ring. |
|
| A random string to be used as a salt when hashing to determine mappings in the ring. |
|
|
The minimum time (in hours) before a partition in a ring can be moved following a rebalance. The default value is |
|
|
Check if the devices are mounted to prevent accidentally writing to the root device. The default value is |
|
|
Number of workers for Swift account service. The default value is |
|
|
Partition power to use when building object storage rings. The default value is |
|
| The password for the object storage service account. |
|
|
Timeout for requests going from |
|
|
Timeout for GET/HEAD requests going from swift-proxy to swift a/c/o services. The default value is |
|
|
Additional raw devices to use for the object storage backend. For example: |
|
|
Number of replicas to use in the object storage rings. The default value is |
|
|
Whether to manage object storage rings or not. The default value is |
|
| A temporary Swift URL to download rings from. |
|
| A temporary Swift URL to upload rings to. |
|
|
Use a local directory for object storage services when building rings. The default value is |
|
|
Use NodeDataLookup for disk devices in order to use persistent naming. The default value is |
|
|
Number of workers for object storage service. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts. |
Chapter 19. Orchestration (heat) Parameters
You can modify the heat service with orchestration parameters.
| Parameter | Description |
|---|---|
|
| Override the private key size used when creating the certificate for this service. |
|
|
The timeout in seconds for Apache, which defines duration Apache waits for I/O operations. The default value is |
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
|
Client retries for transient errors. The default value is |
|
|
Enable caching with memcached. The default value is |
|
|
Set to true to enable the SQLAlchemy-collectd server plugin. The default value is |
|
|
Setting this option to True will configure each OpenStack service to enforce Secure RBAC by setting |
|
| Hash of optional environment variables. |
|
| List of optional volumes to be mounted. |
|
| Auth encryption key for heat-engine. |
|
|
Create delegated roles. The default value is |
|
|
Enables the heat engine with the convergence architecture. The default value is |
|
| Indicate whether this resource may be shared with the domain received in the request "origin" header. |
|
|
Cron to purge database entries marked as deleted and older than $age - Age. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Age type. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Log destination. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Ensure. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Hour. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Max Delay. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Minute. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Month. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Month Day. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - User. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Week Day. The default value is |
|
|
Whether to create cron job for purging soft deleted rows in the OpenStack Orchestration (heat) database. The default value is |
|
| Hash of optional environment variables. |
|
| List of optional volumes to be mounted. |
|
| An array of directories to search for plug-ins. |
|
|
Maximum raw byte size of the OpenStack Orchestration (heat) API JSON request body. The default value is |
|
|
Maximum number of nested stack depth. The default value is |
|
|
Maximum resources allowed per top-level stack. -1 stands for unlimited. The default value is |
|
| The password for the Orchestration service and database account. |
|
| Allow reauthentication on token expiry, such that long-running tasks may complete. Note this defeats the expiry of any provided user tokens. |
|
| The admin password for the OpenStack Orchestration (heat) domain in OpenStack Identity (keystone). |
|
|
Number of workers for OpenStack Orchestration (heat) service. Note that more workers creates a larger number of processes on systems, which results in excess memory consumption. It is recommended to choose a suitable non-default value on systems with high CPU core counts. |
|
|
The maximum number of elements in collection yaql expressions can take for its evaluation. The default value is |
|
|
The maximum size of memory in bytes that yaql exrpessions can take for its evaluation. The default value is |
|
|
Set to True to enable TLS on Memcached service. Because not all services support Memcached TLS, during the migration period, Memcached will listen on 2 ports - on the port set with MemcachedPort parameter (above) and on 11211, without TLS. The default value is |
|
|
Use the advanced (eventlet safe) memcached client pool. The default value is |
|
|
Driver or drivers to handle sending notifications. The default value is |
Chapter 20. Shared File Service (manila) Parameters
You can modify the manila service with shared file service parameters.
| Parameter | Description |
|---|---|
|
| Override the private key size used when creating the certificate for this service. |
|
|
The timeout in seconds for Apache, which defines duration Apache waits for I/O operations. The default value is |
|
|
The Ceph cluster name. The default value is |
|
|
The path where the Ceph Cluster configuration files are stored on the host. The default value is |
|
|
Specifies the private key size used when creating the certificate. The default value is |
|
|
Set to true to enable the SQLAlchemy-collectd server plugin. The default value is |
|
|
Ceph client username for manila integration. The default value is |
|
|
Protocol type (CEPHFS or NFS) when cephfs back end is enabled. Set via manila cephfs environment files. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Age. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Log destination. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Hour. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Max Delay. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Minute. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Month. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Month Day. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - User. The default value is |
|
|
Cron to purge database entries marked as deleted and older than $age - Week Day. The default value is |
|
| List of protocols to be allowed for share creation in manila. When not set, the list is inferred via the storage back end/s enabled. |
|
|
Set to True to enable IPv6 access in manila. The default value is |
|
| The password for the shared file service account. |
|
|
The OpenStack Shared File Systems (manila) service’s storage availability zone. The default value is |
|
| Set the number of workers for manila::wsgi::apache. The default value is equal to the number of vCPU cores on the physical node. |
|
|
Use the advanced (eventlet safe) memcached client pool. The default value is |
|
|
Driver or drivers to handle sending notifications. The default value is |
Chapter 21. Time Parameters
You can modify the time synchronization service with time parameters.
| Parameter | Description |
|---|---|
|
|
Access Control List of NTP clients. By default no clients are permitted. The default value is |
|
| Default pool options for the configured NTP pools in chrony.conf. If this is specified, NtpIburstEnable, MaxPoll, and MinPoll are ignored. |
|
| Default server options for the configured NTP servers in chrony.conf. If this is specified, NtpIburstEnable, MaxPoll, and MinPoll are ignored. |
|
|
Set to true to enable package installation at deploy time. The default value is |
|
|
Specify maximum poll interval of upstream servers for NTP messages, in seconds to the power of two. Allowed values are 4 to 17. The default value is |
|
|
Specify minimum poll interval of upstream servers for NTP messages, in seconds to the power of two. The minimum poll interval defaults to 6 (64 s). Allowed values are 4 to 17. The default value is |
|
|
Specifies whether to enable the iburst option for every NTP peer. If iburst is enabled, when the NTP server is unreachable NTP will send a burst of eight packages instead of one. This is designed to speed up the initial syncrhonization. The default value is |
|
| NTP pool list. Defaults to [], so only NtpServer is used by default. |
|
|
NTP servers list. The default value is |
|
|
The timezone to be set on the overcloud. The default value is |
Chapter 22. Upgrade Parameters
You can modify the behavior of the upgrade process with upgrade parameters.
| Parameter | Description |
|---|---|
|
| Command or script snippet to run on all overcloud nodes to initialize the upgrade process. For example, a repository switch. |
|
| Common commands required by the upgrades process. This should not normally be modified by the operator and is set and unset in the major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. |
|
| Additional command line options to append to the Leapp command. |
|
|
Print debugging output when running Leapp. The default value is |
|
| Skip Leapp checks by setting env variables when running Leapp in development/testing. For example, LEAPP_DEVEL_SKIP_RHSM=1. |
|
|
Use Leapp for operating system upgrade. The default value is |
|
|
Maximum (seconds) to wait for machine to reboot and respond to a test command. The default value is |
|
|
Timeout (seconds) for the OS upgrade phase via Leapp. The default value is |
|
| List of packages to install after Leapp upgrade. |
|
| List of packages to remove during Leapp upgrade. |
