本文為大概個人用kolla搭建openstack思路簿煌，有問題敬請指正

前期準(zhǔn)備（其實就為連個ssh）

#!/bin/bash

sed -i's/^#\?PermitRootLogin.*/PermitRootLogin yes/g' /etc/ssh/sshd_config

sed -i's/^#\?PasswordAuthentication.*/PasswordAuthentication yes/g'/etc/ssh/sshd_config

service sshd restart

echo student | passwd --stdin root

sed -i "/^SELINUX/s/enforcing/disabled/g"/etc/selinux/config

hostnamectl set-hostname openstack

創(chuàng)建實例（帶ssh秘鑰）

安全組

ip route add 172.17.144.0/22 via10.10.10.254

172.17.147.32

mkdir .pip

vi .pip/pip.conf

內(nèi)容為：

[global]

index-url =https://pypi.tuna.tsinghua.edu.cn/simple

[install]

trusted-host=mirrors.aliyun.com

vi key.pem

-----BEGIN RSA PRIVATE KEY-----

MIIEowIBAAKCAQEA4QOlN12/BIOmHScBTHdPyTh1Xnq6ursE7D97l7iC9zcNLP3j

RvLU17Qyh/nwehTWxFfv1hH044ZLbGUdgmPZPunryFU8Gm+7t1YGTEWJwLiZPxEV

rKdMFSjAC+F5DO+Q9f1v5/1QOHf88r0vjpvQIdWbckjApa8gwA0H6BSPIcUNvZpY

2XyTPsp0MZGe/r5Gj+y1VLnE+3lcBEUqGDlGiPqxxdsuAnpixJKWvWx/DtN7ZMzz

COWLKqfIc0P3YpEcoEwNhzcdrCyU02StkdnA4vppNo2XU5LHntzu2+50KURXBygH

0Jo+lfI0jLW9Ff0G42AEZH1ah6km8VPlLgzX3QIDAQABAoIBAD7EDo0QKF1w/6A4

JiOXUHk3t32gTIAT9P6VgrtCq72b7J/1PjWnPPnieQn3DT5wm6vvP6Z+IcppxpY4

6m9ZvNrQ04VxSS+ypTEx3NXfu9o3Y//0mxArJozsbg2iWmriVJRZmqKixYLK7ZMk

dKSaEAewFwldA+fznvYTbHYvbfGkCNT/462Sb1sjuO1Tt38e6LKcu83JLcEsrk7V

zQqnPmMEAn4e/97bpeahhedlaQnDdvNdHAMVOr/xbF3tcqYUnnKhYyDQUe3C/MD8

bWQEGtoNTsqFPzTZBdxN79ewf5Iagnx29UH7Gb4SysFuwcyXJr2m1YuNwSMnNHdC

egfHDj0CgYEA/4RsVfFTqEDIjFnl+wGeiQzG8yfk236PMRcVyQXfpgUNs+SxMbmv

SCz7qa0x2ODbOLgkw2ZePMs/B7waKFB3xfSk/7NyiTQGcyRlba/zMFTCb06ctlvU

7lMAWTc2ySAwNgcMqVZyxjgtDp1Tp/VI0EcRzrx3rOoKI94BzLkOXjsCgYEA4XB4

SoA5NIRijsA0lZhnguZe/ETR8yGpPXzx0i+9XDO8S0aSPhNHP89RZ5UFW/xq/vu/

n3N1goiiJjVvvB3NYCXAmZgtHtoTzsEr1O4+sPUrxGolXj4icNpSvrUODYAbslSK

3qOZj7xikK50iToQsEM/nXWszTWKoMqoITETSMcCgYAXLbMKJMca9y16FdmX6HCy

K/eMLS1Ef/mLUXXHc4HzNHgmvnMYeKie2n3FyZFBBDy+q22iUBHyX9mK4RRaXdpP

mb6x91xHd/Gx1jZhOdnMo5OztyTeIfxx1hOtBCYzHnlhHUiXv+DPfF8R+VGSZdzC

EABciZotlFlxIX12Tb8w6wKBgBmCmJoVmGOQ93Yf2dNzw4LUfrsdLoTMslH66YJX

VJ4yXIRIIBRWKiHWW+fUvR6Dmbfw1OY+MnXq8C5Sraoj1TGkE/9NcQ2kr8kdotAd

hYqQs7suJ7xaW5tZmTNrWYO9k2TCnFRFPwM81gp5M0a0A19uvKwcvMkb3ewEArJ+

0yfRAoGBALLJ84hnkvj5EsdAJh1tU0wpachIvLFzNVgxfm7D684brZH8fc8jFlMT

XlfMsxTQXfNASUZ/WrHjPd4GPS4ihzTsaZReehz6P/r6KriYmI1X4i5J/3M13Hk7

ywcA6AMlT7kpu91kNY2Cp61z2k2VsQIpaxRYlMj+ZyT/qh2Pagln

-----END RSA PRIVATE KEY-----

ssh -i key.pem root@172.17.147.32

?

通過kolla部署openstack（all-in-one）

參考：

kolla:

https://docs.openstack.org/project-deploy-guide/kolla-ansible/train/

docker:

https://docs.docker.com/install/linux/docker-ce/centos/

1 更新系統(tǒng)

yum update -y

reboot

2 安裝docker-ce

21 追加路由(網(wǎng)關(guān)地址10.0.0.254根據(jù)實際網(wǎng)絡(luò)修改)

ip route add 172.17.144.0/22 via 10.0.0.254

22 安裝docker-ce

yum remove docker \

?????????????????docker-client \

?????????????????docker-client-latest \

?????????????????docker-common \

?????????????????docker-latest \

?????????????????docker-latest-logrotate \

?????????????????docker-logrotate \

?????????????????docker-engine? -y

yum install -y yum-utils \

?device-mapper-persistent-data \

? lvm2 -y

yum-config-manager \

??? --add-repo \

https://download.docker.com/linux/centos/docker-ce.repo

yum install docker-ce docker-ce-cli containerd.io -y

systemctl start docker

systemctl enable docker

3 部署準(zhǔn)備

31 修改主機(jī)名

hostnamectl set-hostname openstack

32 修改/etc/hosts

追加：

172.17.141.200 manager

10.0.0.167?? openstack

#10.0.0.167根據(jù)實際地址修改

vi /etc/hosts

33 修改/etc/docker/daemon.json（配置使用本地鏡像倉庫）

[root@openstack~]#vi /etc/docker/daemon.json

[root@openstack~]#cat /etc/docker/daemon.json

{

??? "insecure-registries":[

???????"manager:5000"

??? ],

??? "log-opts": {

??????? "max-file": "5",

??????? "max-size": "50m"

??? }

}

34 重啟docker

?

systemctl restart docker

4 安裝kolla and kolla-ansible

41 Install Python builddependencies

yum install python-devel libffi-devel gcc openssl-devellibselinux-python -y

?

easy_install pip

pip install -U pip

yum install ansible -y

pip install kolla-ansible

可能錯誤1：

? Attempting uninstall: requests

??? Found existing installation: requests 2.6.0

ERROR:Cannot uninstall 'requests'. It is a distutils installed project and thus wecannot accurately determine which files belong to it which would lead to only apartial uninstall.

解決辦法：卸載requests

rpm -qa|grep requests

yum erase python-requests -y

反饋信息如下：

ResolvingDependencies

-->Running transaction check

--->Package python-requests.noarch 0:2.6.0-8.el7_7 will be erased

-->Processing Dependency: python-requests for package:cloud-init-18.5-3.el7.centos.x86_64

-->Running transaction check

--->Package cloud-init.x86_64 0:18.5-3.el7.centos will be erased

-->Finished Dependency Resolution

DependenciesResolved

======================================================================================================================

?Package??????????????????????? Arch????????????????? Version?????????????????????????? Repository?????????????? Size

======================================================================================================================

Removing:

?python-requests??????????????? noarch??????????????? 2.6.0-8.el7_7???????????????????? @updates??? ????????????344 k

Removingfor dependencies:

?cloud-init???????????????????? x86_64??????????????? 18.5-3.el7.centos???????????????? @base?????????????????? 3.0 M

TransactionSummary

======================================================================================================================

Remove? 1 Package (+1 Dependent package)

Installedsize: 3.3 M

Isthis ok [y/N]: y

Downloadingpackages:

Runningtransaction check

Runningtransaction test

Transactiontest succeeded

Runningtransaction

? Erasing???: cloud-init-18.5-3.el7.centos.x86_64???????????????????????????????????????????????????????????????1/2

? Erasing???: python-requests-2.6.0-8.el7_7.noarch?????????????????? ????????????????????????????????????????????2/2

? Verifying?: python-requests-2.6.0-8.el7_7.noarch??????????????????????????????????????????????????????????????1/2

? Verifying?: cloud-init-18.5-3.el7.centos.x86_64????????????????????????????????????? ??????????????????????????2/2

Removed:

? python-requests.noarch 0:2.6.0-8.el7_7?????????????????????????????????????????????????????????????????????????????

DependencyRemoved:

? cloud-init.x86_64 0:18.5-3.el7.centos??????????????????????????????????? ???????????????????????????????????????????

Complete!

重新執(zhí)行安裝：

pip install kolla-ansible

可能錯誤2：

? Attempting uninstall: PyYAML

??? Found existing installation: PyYAML 3.10

ERROR:Cannot uninstall 'PyYAML'. It is a distutils installed project and thus we cannotaccurately determine which files belong to it which would lead to only apartial uninstall.

解決辦法：卸載PyYAML

rpm -qa|grep PyYAML

yum erase PyYAML

...

Removed:

? PyYAML.x86_64 0:3.10-11.el7????????????????????????????????????????????????????????????????????????????????????????

DependencyRemoved:

? ansible.noarch 0:2.4.2.0-2.el7??

再次重新執(zhí)行安裝：

pip install kolla-ansible

...

Successfullyinstalled PyYAML-5.3 cffi-1.14.0 cryptography-2.8 iso8601-0.1.12 jmespath-0.9.5kolla-ansible-9.0.1 monotonic-1.5 netaddr-0.7.19 netifaces-0.10.9oslo.config-7.0.0 oslo.utils-3.42.1 pyparsing-2.4.6 rfc3986-1.3.2setuptools-44.0.0

46? ReInstall ansible

pip install ansible

...

Successfullyinstalled ansible-2.9.6

可見從原來的2.4.2.0-2.el7更新為ansible-2.9.6

5 創(chuàng)建配置文件夾湖苞、拷貝文件

51 Create the /etc/kolladirectory and change owner

mkdir -p /etc/kolla

chown $USER:$USER /etc/kolla

52 Copy globals.yml andpasswords.yml to /etc/kolla directory.

cp -r /usr/share/kolla-ansible/etc_examples/kolla/* /etc/kolla

53 Copy all-in-one and multinodeinventory files to the current directory.

cp /usr/share/kolla-ansible/ansible/inventory/*? .

6 配置Configure Ansible

61

修改/etc/ansible/ansible.cfg，追加如下內(nèi)容：

mkdir /etc/ansible

vi /etc/ansible/ansible.cfg

[defaults]

host_key_checking=False

pipelining=True

forks=100

62 Inventory

63 Kolla passwords

執(zhí)行如下命令湿痢，創(chuàng)建密碼文件：

kolla-genpwd

查看生成的密碼文件：

cat/etc/kolla/passwords.yml

修改密碼文件：

vi /etc/kolla/passwords.yml

通過/快速定位修改蜈彼。

為方便后續(xù)管理终娃，可修改相關(guān)用戶密碼服傍。

比如：

database_password: student

keystone_admin_password: student

rabbitmq_password: student

64 Kolla globals.yml

vi /etc/kolla/globals.yml

?

需要修改的配置選項解釋：

#Image

options（配置發(fā)行版本）

kolla_base_distro: "centos"

kolla_install_type: "source"

openstack_release: "train"

#配置鏡像倉庫：

docker_registry: "manager:5000"

docker_registry_insecure: "yes"

配置網(wǎng)絡(luò)接口:

network_interface: "eth0"

neutron_external_interface: "eth1"

#配置額外支持的服務(wù)

enable_cinder:

"no"

#配置openstack核心服務(wù)（默認(rèn)支持）

enable_openstack_core: "yes"

#配置虛擬ip

kolla_internal_vip_address: "10.0.0.167"

#These roles are required for Kolla to be operation, however a savvy deployer

#could disable some of these required roles and run their own services.

#enable_glance:"{{ enable_openstack_core | bool }}"

#all-in-one安裝，禁用haproxy

enable_haproxy: "no"

#Valid options are [ qemu, kvm, vmware, xenapi ]

#由于嵌套虛擬化（在虛擬機(jī)里部署openstack）节猿，配置

nova_compute_virt_type: "qemu"

修改配置文件票从，按上述解讀配置相關(guān)選項：

vi /etc/kolla/globals.yml

7 部署Deployment

Afterconfiguration is set, we can proceed to the deployment phase. First we need tosetup basic host-level dependencies, like docker.

Kolla-Ansibleprovides a playbook that will install all required services in the correctversions.

Thefollowing assumes the use of the multinode inventory. If using a differentinventory, such as all-in-one, replace the -i argument accordingly.

??? For deployment or evaluation, run:

針對部署或測試環(huán)境，執(zhí)行如下命令：

#Bootstrap servers with kolladeploy dependencies:

#安裝部署依賴包

#定位all-in-one文件

locate all-in-one

yum installmlocate -y

updatedb

locate all-in-one

拷貝文件all-in-one到當(dāng)前目錄：

cp/usr/share/kolla-ansible/ansible/inventory/all-in-one .

kolla-ansible -i ./all-in-one bootstrap-servers

#Dopre-deployment checks for hosts:

#部署前檢查

kolla-ansible -i ./all-in-one prechecks

#Finally proceed to actualOpenStack deployment:

#部署

kolla-ansible -i ./all-in-one deploy

8 完成部署并使用openstack

81#Install the OpenStack CLIclient:

yuminstall centos-release-openstack-train -y

yuminstall python-openstackclient -y

kolla-ansible post-deploy

.?/etc/kolla/admin-openrc.sh

?82創(chuàng)建網(wǎng)絡(luò)滨嘱、鏡像峰鄙、規(guī)格等????

??. /usr/share/kolla-ansible/init-runonce

?83創(chuàng)建虛擬機(jī)

? openstack server create\

??? --image cirros \

??? --flavor m1.tiny \

??? --key-name mykey \

??? --network demo-net \

demo1

失敗

[if !vml]

[endif]

原因：MTU

補(bǔ)充配置：(在安裝配置網(wǎng)絡(luò)服務(wù)時，需要在控制節(jié)點補(bǔ)充如下配置）

由于openstack in openstack部署太雨，網(wǎng)絡(luò)mtu需要設(shè)置先馆，將默認(rèn)的mtu=1500改為1450.

修改配置文件/etc/kolla/neutron-openvswitch-agent/neutron.conf

vi/etc/kolla/neutron-openvswitch-agent/neutron.conf

[DEFAULT]

global_physnet_mtu =1450

[if !vml]

[endif]

修改配置文件/etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]

path_mtu = 1450

[if !vml]

[endif]

將修改好的文件復(fù)制到/etc/kolla/neutron-server文件夾下

cp?/etc/kolla/neutron-openvswitch-agent/neutron.conf?/etc/kolla/neutron-server/

cp? /etc/kolla/neutron-openvswitch-agent/ ml2_conf.ini?/etc/kolla/neutron-server/

重啟neutron_server和neutron_openvswitch_agent容器

docker restartneutron_server

docker restartneutron_openvswitch_agent

重新部署實例

openstackserver create \

??? --image cirros \

??? --flavor m1.tiny \

??? --key-name mykey \

??? --network demo-net \

demo1

[if !vml]

[endif]

?84運(yùn)維

??查看相關(guān)資源

? openstack service list

? openstack image list

? openstack network list

? openstack server list

? 或者瀏覽器訪問

??http://10.0.0.167

??查看日志log:?????

cd /var/log/kolla

查看配置文件Config：

cd /etc/kolla/

1? vi.pip/pip.conf

???2? ls

???3? mkdir .pip

???4? vi .pip/pip.conf

???5? yum remove docker?????????????????? docker-client?????????????????? docker-client-latest?????????????????? docker-common?????????????????? docker-latest?????????????????? docker-latest-logrotate?????????????????? docker-logrotate?????????????????? docker-engine? -y

???6? yum install -y yum-utils?? device-mapper-persistent-data?? lvm2 -y

???7? yum-config-manager???? --add-repohttps://download.docker.com/linux/centos/docker-ce.repo

???8? yum install docker-cedocker-ce-cli containerd.io -y

???9? systemctl start docker

??10? hostnamectl set-hostnameopenstack

??11? vi /etc/hosts

??12? vi /etc/docker/daemon.json

??13? systemctl restart docker

??14? yum install python-devellibffi-devel gcc openssl-devel libselinux-python -y

??15? easy_install pip

??16? pip install -U pip

??17? pip install kolla-ansible

??18? rpm -qa|grep requests

??19? yum erase python-requests -y

??20? pip install kolla-ansible

??21? rpm -qa|grep PyYAML

??22? yum erase PyYAML

??23? pip install kolla-ansible

??24? pip install ansible

??25? mkdir -p /etc/kolla

??26? chown $USER:$USER /etc/kolla

??27? cp -r/usr/share/kolla-ansible/etc_examples/kolla/* /etc/kolla

??28? cp/usr/share/kolla-ansible/ansible/inventory/*?.

??29? vi /etc/ansible/ansible.cfg

??30? mkdir /etc/ansible

??31? vi /etc/ansible/ansible.cfg

??32? kolla-genpwd

??33? vi /etc/kolla/passwords.yml

??34? vi /etc/kolla/globals.yml

??35? locate all-in-one

??36? yum install mlocate -y

??37? updatedb

??38? locate all-in-one

??39? cp /usr/share/kolla-ansible/ansible/inventory/all-in-one.

??40? ls

??41? kolla-ansible -i ./all-in-onebootstrap-servers

??42? kolla-ansible -i ./all-in-oneprechecks

??43? vi /etc/kolla/passwords.yml

??44? vi /etc/kolla/globals.yml

??45? kolla-ansible -i ./all-in-oneprechecks

??46? kolla-ansible -i ./all-in-onedeploy

??47? yum installcentos-release-openstack-train -y

??48? yum installpython-openstackclient -y

??49? kolla-ansible post-deploy

??50? .? /etc/kolla/admin-openrc.sh

??51? . /usr/share/kolla-ansible/init-runonce

??52? openstack server create???? --image cirros???? --flavor m1.tiny???? --key-name mykey???? --network demo-net???? demo1

??53? openstack server list

??54? history

[centos@openstack ~]$ cat/etc/kolla/globals.yml

---

# You can use this file to override _any_variable throughout Kolla.

# Additional options can be found in the

#'kolla-ansible/ansible/group_vars/all.yml' file. Default value of all the

# commented parameters are shown here, Tooverride the default value uncomment

# the parameter and change its value.

###############

# Kolla options

###############

# Valid options are [ COPY_ONCE,COPY_ALWAYS ]

#config_strategy: "COPY_ALWAYS"

# Valid options are ['centos', 'debian','rhel', 'ubuntu']

kolla_base_distro: "centos"

# Valid options are [ binary, source ]

kolla_install_type: "source"

# Valid option is Docker repository tag

openstack_release: "train"

# Location of configuration overrides

#node_custom_config:"/etc/kolla/config"

# This should be a VIP, an unused IP onyour network that will float between

# the hosts running keepalived forhigh-availability. If you want to run an

# All-In-One without haproxy andkeepalived, you can set enable_haproxy to no

# in "OpenStack options" section,and set this value to the IP of your

# 'network_interface' as set in theNetworking section below.p.

kolla_internal_vip_address: "10.0.0.227"

# This is the DNS name that maps to thekolla_internal_vip_address VIP. By

# default it is the same askolla_internal_vip_address.

#kolla_internal_fqdn: "{{kolla_internal_vip_address }}"

# This should be a VIP, an unused IP onyour network that will float between

# the hosts running keepalived forhigh-availability. It defaults to the

# kolla_internal_vip_address, allowinginternal and external communication to

# share the same address.? Specify a kolla_external_vip_address toseparate

# internal and external requests betweentwo VIPs.

#kolla_external_vip_address: "{{kolla_internal_vip_address }}"

# The Public address used to communicatewith OpenStack as set in the public_url

# for the endpoints that will be created.This DNS name should map to

# kolla_external_vip_address.

#kolla_external_fqdn: "{{kolla_external_vip_address }}"

################

# Docker options

################

# Below is an example of a privaterepository with authentication. Note the

# Docker registry password can also be setin the passwords.yml file.

docker_registry: "manager:5000"

#docker_namespace: "companyname"

docker_registry_insecure: "yes"

#docker_registry_username: "sam"

#docker_registry_password: "correcthorsebatterystaple"

# Docker client timeout in seconds.

#docker_client_timeout: 120

#docker_configure_for_zun: "no"

###################

# Messaging options

###################

# Below is an example of an separatebackend that provides brokerless

# messaging for oslo.messaging RPCcommunications

#om_rpc_transport: "amqp"

#om_rpc_user: "{{ qdrouterd_user}}"

#om_rpc_password: "{{qdrouterd_password }}"

#om_rpc_port: "{{ qdrouterd_port}}"

#om_rpc_group: "qdrouterd"

##############################

# Neutron - Networking Options

##############################

# This interface is what all your apiservices will be bound to by default.

# Additionally, all vxlan/tunnel andstorage network traffic will go over this

# interface by default. This interface mustcontain an IP address.

# It is possible for hosts to havenon-matching names of interfaces - these can

# be set in an inventory file per host orper group or stored separately, see

#????http://docs.ansible.com/ansible/intro_inventory.html

# Yet another way to workaround the namingproblem is to create a bond for the

# interface on all hosts and give the bondname here. Similar strategy can be

# followed for other types of interfaces.

network_interface: "eth0"

# These can be adjusted for even morecustomization. The default is the same as

# the 'network_interface'. These interfacesmust contain an IP address.

#kolla_external_vip_interface: "{{network_interface }}"

#api_interface: "{{ network_interface}}"

#storage_interface: "{{network_interface }}"

#cluster_interface: "{{network_interface }}"

#swift_storage_interface: "{{storage_interface }}"

#swift_replication_interface: "{{swift_storage_interface }}"

#tunnel_interface: "{{network_interface }}"

#dns_interface: "{{ network_interface}}"

#octavia_network_interface: "{{api_interface }}"

# Configure the address family (AF) pernetwork.

# Valid options are [ ipv4, ipv6 ]

#network_address_family: "ipv4"

#api_address_family: "{{network_address_family }}"

#storage_address_family: "{{network_address_family }}"

#cluster_address_family: "{{network_address_family }}"

#swift_storage_address_family: "{{storage_address_family }}"

#swift_replication_address_family: "{{swift_storage_address_family }}"

#migration_address_family: "{{network_address_family }}"

#tunnel_address_family: "{{network_address_family }}"

#octavia_network_address_family: "{{api_address_family }}"

#bifrost_network_address_family: "{{network_address_family }}"

#dns_address_family: "{{network_address_family }}"

# This is the raw interface given toneutron as its external network port. Even

# though an IP address can exist on thisinterface, it will be unusable in most

# configurations. It is recommended thisinterface not be configured with any IP

# addresses for that reason.

neutron_external_interface:"eth1"

# Valid options are [ openvswitch,linuxbridge, vmware_nsxv, vmware_nsxv3, vmware_dvs, opendaylight ]

# if vmware_nsxv3 is selected,enable_openvswitch MUST be set to "no" (default is yes)

#neutron_plugin_agent:"openvswitch"

# Valid options are [ internal, infoblox ]

#neutron_ipam_driver: "internal"

# Configure Neutron upgrade option,currently Kolla support

# two upgrade ways for Neutron:legacy_upgrade and rolling_upgrade

# The variable"neutron_enable_rolling_upgrade: yes" is meaning rolling_upgrade

# were enabled and opposite

# Neutron rolling upgrade were enable bydefault

#neutron_enable_rolling_upgrade:"yes"

####################

# keepalived options

####################

# Arbitrary unique number from 0..255

# This should be changed from the defaultin the event of a multi-region deployment

# where the VIPs of different regionsreside on a common subnet.

#keepalived_virtual_router_id:"51"

###################

# Dimension options

###################

# This is to provide an extra option todeploy containers with Resource constraints.

# We call it dimensions here.

# The dimensions for each container aredefined by a mapping, where each dimension value should be a

# string.

# Reference_Docs

# https://docs.docker.com/config/containers/resource_constraints/

# eg:

# _dimensions:

#???blkio_weight:

#???cpu_period:

#???cpu_quota:

#???cpu_shares:

#???cpuset_cpus:

#???cpuset_mems:

#???mem_limit:

#???mem_reservation:

#???memswap_limit:

#? ??kernel_memory:

#???ulimits:

#############

# TLS options

#############

# To provide encryption and authenticationon the kolla_external_vip_interface,

# TLS can be enabled.? When TLS is enabled, certificates must beprovided to

# allow clients to perform authentication.

#kolla_enable_tls_internal: "no"

#kolla_enable_tls_external: "{{kolla_enable_tls_internal if kolla_same_external_internal_vip | bool else 'no'}}"

#kolla_external_fqdn_cert: "{{node_config }}/certificates/haproxy.pem"

#kolla_internal_fqdn_cert: "{{node_config }}/certificates/haproxy-internal.pem"

#kolla_external_fqdn_cacert: "{{node_config }}/certificates/haproxy-ca.crt"

#kolla_internal_fqdn_cacert: "{{node_config }}/certificates/haproxy-ca-internal.crt"

################

# Region options

################

# Use this option to change the name ofthis region.

#openstack_region_name:"RegionOne"

# Use this option to define a list ofregion names - only needs to be configured

# in a multi-region deployment, and thenonly in the *first* region.

#multiple_regions_names: ["{{openstack_region_name }}"]

##############

# OpenDaylight

##############

#enable_opendaylight_qos: "no"

#enable_opendaylight_l3: "yes"

###################

# OpenStack options

###################

# Use these options to set the various loglevels across all OpenStack projects

# Valid options are [ True, False ]

#openstack_logging_debug: "False"

# Enable core OpenStack services. Thisincludes:

# glance, keystone, neutron, nova, heat,and horizon.

enable_openstack_core: "yes"

# These roles are required for Kolla to beoperation, however a savvy deployer

# could disable some of these requiredroles and run their own services.

#enable_glance: "{{enable_openstack_core | bool }}"

enable_haproxy: "no"

#enable_keepalived: "{{ enable_haproxy| bool }}"

#enable_keystone: "{{enable_openstack_core | bool }}"

#enable_mariadb: "yes"

#enable_memcached: "yes"

#enable_neutron: "{{enable_openstack_core | bool }}"

#enable_nova: "{{enable_openstack_core | bool }}"

#enable_rabbitmq: "{{ 'yes' ifom_rpc_transport == 'rabbit' or om_notify_transport == 'rabbit' else 'no'}}"

#enable_outward_rabbitmq: "{{enable_murano | bool }}"

# OpenStack services can be enabled ordisabled with these options

#enable_aodh: "no"

#enable_barbican: "no"

#enable_blazar: "no"

# NOTE: This variable has been deprecatedand will be removed in the U cycle.

#enable_cadf_notifications: "no"

#enable_ceilometer: "no"

#enable_ceilometer_ipmi: "no"

#enable_cells: "no"

#enable_central_logging: "no"

#enable_ceph: "no"

#enable_ceph_mds: "no"

#enable_ceph_rgw: "no"

#enable_ceph_nfs: "no"

#enable_ceph_dashboard: "{{enable_ceph | bool }}"

#enable_chrony: "yes"

enable_cinder: "no"

#enable_cinder_backup: "yes"

#enable_cinder_backend_hnas_nfs:"no"

#enable_cinder_backend_iscsi: "{{enable_cinder_backend_lvm | bool or enable_cinder_backend_zfssa_iscsi | bool}}"

#enable_cinder_backend_lvm: "no"

#enable_cinder_backend_nfs: "no"

#enable_cinder_backend_zfssa_iscsi: "no"

#enable_cinder_backend_quobyte:"no"

#enable_cloudkitty: "no"

#enable_collectd: "no"

#enable_congress: "no"

#enable_cyborg: "no"

#enable_designate: "no"

#enable_destroy_images: "no"

#enable_elasticsearch: "{{ 'yes' ifenable_central_logging | bool or enable_osprofiler | bool or enable_skydive |bool or enable_monasca | bool else 'no' }}"

#enable_etcd: "no"

#enable_fluentd: "yes"

#enable_freezer: "no"

#enable_gnocchi: "no"

#enable_grafana: "no"

#enable_heat: "{{enable_openstack_core | bool }}"

#enable_horizon: "{{enable_openstack_core | bool }}"

#enable_horizon_blazar: "{{enable_blazar | bool }}"

#enable_horizon_cloudkitty: "{{enable_cloudkitty | bool }}"

#enable_horizon_congress: "{{enable_congress | bool }}"

#enable_horizon_designate: "{{enable_designate | bool }}"

#enable_horizon_fwaas: "{{enable_neutron_fwaas | bool }}"

#enable_horizon_freezer: "{{enable_freezer | bool }}"

#enable_horizon_heat: "{{ enable_heat| bool }}"

#enable_horizon_ironic: "{{ enable_ironic| bool }}"

#enable_horizon_karbor: "{{enable_karbor | bool }}"

#enable_horizon_magnum: "{{enable_magnum | bool }}"

#enable_horizon_manila: "{{enable_manila | bool }}"

#enable_horizon_masakari: "{{enable_masakari | bool }}"

#enable_horizon_mistral: "{{enable_mistral | bool }}"

#enable_horizon_murano: "{{enable_murano | bool }}"

#enable_horizon_neutron_vpnaas: "{{enable_neutron_vpnaas | bool }}"

#enable_horizon_octavia: "{{enable_octavia | bool }}"

#enable_horizon_qinling: "{{enable_qinling | bool }}"

#enable_horizon_sahara: "{{enable_sahara | bool }}"

#enable_horizon_searchlight: "{{enable_searchlight | bool }}"

#enable_horizon_senlin: "{{enable_senlin | bool }}"

#enable_horizon_solum: "{{enable_solum | bool }}"

#enable_horizon_tacker: "{{enable_tacker | bool }}"

#enable_horizon_trove: "{{enable_trove | bool }}"

#enable_horizon_vitrage: "{{enable_vitrage | bool }}"

#enable_horizon_watcher: "{{enable_watcher | bool }}"

#enable_horizon_zun: "{{ enable_zun |bool }}"

#enable_hyperv: "no"

#enable_influxdb: "{{ enable_monasca |bool or (enable_cloudkitty | bool and cloudkitty_storage_backend == 'influxdb')}}"

#enable_ironic: "no"

#enable_ironic_ipxe: "no"

#enable_ironic_neutron_agent: "{{enable_neutron | bool and enable_ironic | bool }}"

#enable_ironic_pxe_uefi: "no"

#enable_iscsid: "{{ (enable_cinder |bool and enable_cinder_backend_iscsi | bool) or enable_ironic | bool }}"

#enable_karbor: "no"

#enable_kafka: "{{ enable_monasca |bool }}"

#enable_kibana: "{{ 'yes' ifenable_central_logging | bool or enable_monasca | bool else 'no' }}"

#enable_kuryr: "no"

#enable_magnum: "no"

#enable_manila: "no"

#enable_manila_backend_generic:"no"

#enable_manila_backend_hnas: "no"

#enable_manila_backend_cephfs_native:"no"

#enable_manila_backend_cephfs_nfs:"no"

#enable_mariabackup: "no"

#enable_masakari: "no"

#enable_mistral: "no"

#enable_monasca: "no"

#enable_mongodb: "no"

#enable_multipathd: "no"

#enable_murano: "no"

#enable_neutron_vpnaas: "no"

#enable_neutron_sriov: "no"

#enable_neutron_dvr: "no"

#enable_neutron_fwaas: "no"

#enable_neutron_qos: "no"

#enable_neutron_agent_ha: "no"

#enable_neutron_bgp_dragent: "no"

#enable_neutron_provider_networks:"no"

#enable_neutron_segments: "no"

#enable_neutron_sfc: "no"

#enable_neutron_metering: "no"

#enable_neutron_infoblox_ipam_agent:"no"

#enable_neutron_port_forwarding:"no"

#enable_nova_serialconsole_proxy:"no"

#enable_nova_ssh: "yes"

#enable_octavia: "no"

#enable_onos: "no"

#enable_opendaylight: "no"

#enable_openvswitch: "{{enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}"

#enable_ovs_dpdk: "no"

#enable_osprofiler: "no"

#enable_panko: "no"

#enable_placement: "{{ enable_nova |bool or enable_zun | bool }}"

#enable_prometheus: "no"

#enable_qdrouterd: "{{ 'yes' ifom_rpc_transport == 'amqp' else 'no' }}"

#enable_qinling: "no"

#enable_rally: "no"

#enable_redis: "no"

#enable_sahara: "no"

#enable_searchlight: "no"

#enable_senlin: "no"

#enable_skydive: "no"

#enable_solum: "no"

#enable_storm: "{{ enable_monasca |bool }}"

#enable_swift: "no"

#enable_swift_s3api: "no"

#enable_tacker: "no"

#enable_telegraf: "no"

#enable_tempest: "no"

#enable_trove: "no"

#enable_trove_singletenant: "no"

#enable_vitrage: "no"

#enable_vmtp: "no"

#enable_watcher: "no"

#enable_zookeeper: "{{ enable_kafka |bool }}"

#enable_zun: "no"

##################

# RabbitMQ options

##################

# Options passed to RabbitMQ server startupscript via the

# RABBITMQ_SERVER_ADDITIONAL_ERL_ARGSenvironment var.

# See Kolla Ansible docs RabbitMQ sectionfor details.

# These are appended to args alreadyprovided by Kolla Ansible

# to configure IPv6 in RabbitMQ server.

#rabbitmq_server_additional_erl_args:""

##############

# Ceph options

##############

# Ceph can be setup with a caching toimprove performance. To use the cache you

# must provide separate disks than thosefor the OSDs

#ceph_enable_cache: "no"

# Set to no if using external Ceph withoutcephx.

#external_ceph_cephx_enabled:"yes"

# Ceph is not able to determine the size ofa cache pool automatically,

# so the configuration on the absolute sizeis required here, otherwise the flush/evict will not work.

#ceph_target_max_bytes: ""

#ceph_target_max_objects: ""

# Valid options are [ forward, none,writeback ]

#ceph_cache_mode: "writeback"

# A requirement for using the erasure-codedpools is you must setup a cache tier

# Valid options are [ erasure, replicated ]

#ceph_pool_type: "replicated"

# Integrate ceph rados object gateway withopenstack keystone

#enable_ceph_rgw_keystone: "no"

# Set the pgs and pgps for pool

# WARNING! These values are dependant onthe size and shape of your cluster -

# the default values are not suitable forproduction use. Please refer to the

# Kolla Ceph documentation for moreinformation.

#ceph_pool_pg_num: 8

#ceph_pool_pgp_num: 8

#############################

# Keystone - Identity Options

#############################

# Valid options are [ fernet ]

#keystone_token_provider: 'fernet'

#keystone_admin_user: "admin"

#keystone_admin_project: "admin"

# Interval to rotate fernet keys by (inseconds). Must be an interval of

# 60(1 min), 120(2 min), 180(3 min), 240(4min), 300(5 min), 360(6 min),

# 600(10 min), 720(12 min), 900(15 min),1200(20 min), 1800(30 min),

# 3600(1 hour), 7200(2 hour), 10800(3hour), 14400(4 hour), 21600(6 hour),

# 28800(8 hour), 43200(12 hour), 86400(1day), 604800(1 week).

#fernet_token_expiry: 86400

########################

# Glance - Image Options

########################

# Configure image backend.

#glance_backend_ceph: "no"

#glance_backend_file: "yes"

#glance_backend_swift: "no"

#glance_backend_vmware: "no"

#enable_glance_image_cache: "no"

# Configure glance upgrade option.

# Due to this feature being experimental inglance,

# the default value is "no".

#glance_enable_rolling_upgrade:"no"

####################

# Osprofiler options

####################

# valid values: ["elasticsearch","redis"]

#osprofiler_backend:"elasticsearch"

##################

# Barbican options

##################

# Valid options are [ simple_crypto,p11_crypto ]

#barbican_crypto_plugin:"simple_crypto"

#barbican_library_path:"/usr/lib/libCryptoki2_64.so"

################

## Panko options

################

# Valid options are [ mongodb, mysql ]

#panko_database_type: "mysql"

#################

# Gnocchi options

#################

# Valid options are [ file, ceph ]

#gnocchi_backend_storage: "{{ 'ceph'if enable_ceph|bool else 'file' }}"

# Valid options are [redis, '']

#gnocchi_incoming_storage: "{{ 'redis'if enable_redis | bool else '' }}"

################################

# Cinder - Block Storage Options

################################

# Enable / disable Cinder backends

#cinder_backend_ceph: "{{ enable_ceph}}"

#cinder_backend_vmwarevc_vmdk:"no"

#cinder_volume_group:"cinder-volumes"

# Valid options are [ '', redis, etcd ]

#cinder_coordination_backend: "{{'redis' if enable_redis|bool else 'etcd' if enable_etcd|bool else '' }}"

# Valid options are [ nfs, swift, ceph ]

#cinder_backup_driver: "ceph"

#cinder_backup_share: ""

#cinder_backup_mount_options_nfs:""

#######################

# Cloudkitty options

#######################

# Valid option is gnocchi

#cloudkitty_collector_backend:"gnocchi"

# Valid options are 'sqlalchemy' or'influxdb'. The default value is

# 'influxdb', which matches the default inCloudkitty since the Stein release.

# When the backend is "influxdb",we also enable Influxdb.

# Also, when using 'influxdb' as thebackend, we trigger the configuration/use

# of Cloudkitty storage backend version 2.

#cloudkitty_storage_backend:"influxdb"

###################

# Designate options

###################

# Valid options are [ bind9 ]

#designate_backend: "bind9"

#designate_ns_record:"sample.openstack.org"

# Valid options are [ '', redis, etcd ]

#designate_coordination_backend: "{{'redis' if enable_redis|bool else 'etcd' if enable_etcd|bool else '' }}"

########################

# Nova - Compute Options

########################

#nova_backend_ceph: "{{ enable_ceph}}"

# Valid options are [ qemu, kvm, vmware,xenapi ]

nova_compute_virt_type: "qemu"

# The number of fake driver per computenode

#num_nova_fake_per_node: 5

# The flag "nova_safety_upgrade"need to be consider when

# "nova_enable_rolling_upgrade"is enabled. The "nova_safety_upgrade"

# controls whether the nova services areall stopped before rolling

# upgrade to the new version, for thesafety and availability.

# If "nova_safety_upgrade" is"yes", that will stop all nova services (except

# nova-compute) for no failed APIoperations before upgrade to the

# new version. And opposite.

#nova_safety_upgrade: "no"

# Valid options are [ none, novnc, spice,rdp ]

#nova_console: "novnc"

#################

# Hyper-V options

#################

# Hyper-V can be used as hypervisor

#hyperv_username: "user"

#hyperv_password: "password"

#vswitch_name: "vswitch"

# URL from which Nova Hyper-V MSI isdownloaded

#nova_msi_url:"https://www.cloudbase.it/downloads/HyperVNovaCompute_Beta.msi"

#############################

# Horizon - Dashboard Options

#############################

#horizon_backend_database: "{{enable_murano | bool }}"

#############################

# Ironic options

#############################

# dnsmasq bind interface for IronicInspector, by default is network_interface

#ironic_dnsmasq_interface: "{{network_interface }}"

# The following value must be set whenenabling ironic,

# the value format is"192.168.0.10,192.168.0.100".

#ironic_dnsmasq_dhcp_range:

# PXE bootloader file for Ironic Inspector,relative to /tftpboot.

#ironic_dnsmasq_boot_file:"pxelinux.0"

# Configure ironic upgrade option, due tocurrently kolla support

# two upgrade ways for ironic:legacy_upgrade and rolling_upgrade

# The variable"ironic_enable_rolling_upgrade: yes" is meaning rolling_upgrade

# were enabled and opposite

# Rolling upgrade were enable by default

#ironic_enable_rolling_upgrade:"yes"

# List of extra kernel parameters passed tothe kernel used during inspection

#ironic_inspector_kernel_cmdline_extras: []

######################################

# Manila - Shared File Systems Options

######################################

# HNAS backend configuration

#hnas_ip:

#hnas_user:

#hnas_password:

#hnas_evs_id:

#hnas_evs_ip:

#hnas_file_system_name:

################################

# Swift - Object Storage Options

################################

# Swift expects block devices to be availablefor storage. Two types of storage

# are supported: 1 - storage device with aspecial partition name and filesystem

# label, 2 - unpartitioned disk? with a filesystem. The label of thisfilesystem

# is used to detect the disk which Swiftwill be using.

# Swift support two matching modes, validoptions are [ prefix, strict ]

#swift_devices_match_mode:"strict"

# This parameter defines matching pattern:if "strict" mode was selected,

# for swift_devices_match_mode thenswift_device_name should specify the name of

# the special swift partition for example:"KOLLA_SWIFT_DATA", if "prefix" mode was

# selected then swift_devices_name shouldspecify a pattern which would match to

# filesystems' labels prepared for swift.

#swift_devices_name:"KOLLA_SWIFT_DATA"

# Configure swift upgrade option, due tocurrently kolla support

# two upgrade ways for swift:legacy_upgrade and rolling_upgrade

# The variable"swift_enable_rolling_upgrade: yes" is meaning rolling_upgrade

# were enabled and opposite

# Rolling upgrade were enable by default

#swift_enable_rolling_upgrade:"yes"

################################################

# Tempest - The OpenStack Integration TestSuite

################################################

# The following values must be set whenenabling tempest

#tempest_image_id:

#tempest_flavor_ref_id:

#tempest_public_network_id:

#tempest_floating_network_name:

# tempest_image_alt_id: "{{tempest_image_id }}"

# tempest_flavor_ref_alt_id: "{{tempest_flavor_ref_id }}"

###################################

# VMware - OpenStack VMware support

###################################

#vmware_vcenter_host_ip:

#vmware_vcenter_host_username:

#vmware_vcenter_host_password:

#vmware_datastore_name:

#vmware_vcenter_name:

#vmware_vcenter_cluster_name:

#######################################

# XenAPI - Support XenAPI for XenServer

#######################################

# XenAPI driver use HIMN(Host InternalManagement Network)

# to communicate with XenServer host.

#xenserver_himn_ip:

#xenserver_username:

#xenserver_connect_protocol:

############

# Prometheus

############

#enable_prometheus_haproxy_exporter:"{{ enable_haproxy | bool }}"

#enable_prometheus_mysqld_exporter:"{{ enable_mariadb | bool }}"

#enable_prometheus_node_exporter: "{{enable_prometheus | bool }}"

#enable_prometheus_cadvisor: "{{enable_prometheus | bool }}"

#enable_prometheus_memcached: "{{enable_prometheus | bool }}"

#enable_prometheus_alertmanager: "{{enable_prometheus | bool }}"

#enable_prometheus_ceph_mgr_exporter:"{{ enable_prometheus | bool and enable_ceph | bool }}"

#enable_prometheus_openstack_exporter:"{{ enable_prometheus | bool }}"

#enable_prometheus_elasticsearch_exporter:"{{ enable_prometheus | bool and enable_elasticsearch | bool }}"

#enable_prometheus_blackbox_exporter:"{{ enable_prometheus | bool }}"

# List of extra parameters passed toprometheus. You can add as many to the list.

#prometheus_cmdline_extras:

#########

# Freezer

#########

# Freezer can utilize two differentdatabase backends, elasticsearch or mariadb.

# Elasticsearch is preferred, however it isnot compatible with the version deployed

# by kolla-ansible. You must first setup anexternal elasticsearch with 2.3.0.

# By default, kolla-ansible deployedmariadb is the used database backend.

#freezer_database_backend:"mariadb"

##########

# Telegraf

##########

# Configure telegraf to use the dockerdaemon itself as an input for

# telemetry data.

#telegraf_enable_docker_input: "no"

[centos@openstack ~]$