2016-02-29 23:35:07 +08:00
---
# Variables here are applicable to all host groups NOT roles
# This sample file generated by generate_group_vars_sample.sh
# Dummy variable to avoid error because ansible does not recognize the
# file as a good configuration file when no variable in it.
dummy:
# You can override vars by using host or group vars
###########
# GENERAL #
###########
#mon_group_name: mons
# ACTIVATE BOTH FSID AND MONITOR_SECRET VARIABLES FOR NON-VAGRANT DEPLOYMENT
#monitor_secret: "{{ monitor_keyring.stdout }}"
2017-07-05 17:07:00 +08:00
#admin_secret: 'admin_secret'
2016-02-29 23:35:07 +08:00
# Secure your cluster
# This will set the following flags on all the pools:
# * nosizechange
# * nopgchange
# * nodelete
#secure_cluster: false
#secure_cluster_flags:
# - nopgchange
# - nodelete
# - nosizechange
2016-03-10 04:15:11 +08:00
# Enable the Calamari-backed REST API on a Monitor
#calamari: false
2016-02-29 23:35:07 +08:00
2017-03-13 20:46:38 +08:00
# Enable debugging for Calamari
#calamari_debug: false
2017-06-12 16:36:29 +08:00
2017-10-12 20:55:53 +08:00
##########
# CEPHFS #
##########
#cephfs: cephfs # name of the ceph filesystem
#cephfs_data: cephfs_data # name of the data pool for a given filesystem
#cephfs_metadata: cephfs_metadata # name of the metadata pool for a given filesystem
#cephfs_pools:
# - { name: "{{ cephfs_data }}", pgs: "" }
# - { name: "{{ cephfs_metadata }}", pgs: "" }
###############
# CRUSH RULES #
###############
2017-06-12 16:36:29 +08:00
#crush_rule_config: false
#crush_rule_hdd:
# name: HDD
# root: HDD
# type: rack
# default: true
#crush_rule_ssd:
# name: SSD
# root: SSD
# type: host
# default: false
#crush_rules:
# - "{{ crush_rule_hdd }}"
# - "{{ crush_rule_ssd }}"
2017-10-12 20:55:53 +08:00
2016-02-29 23:35:07 +08:00
#############
# OPENSTACK #
#############
#openstack_config: false
#openstack_glance_pool:
# name: images
2016-12-05 21:21:54 +08:00
# pg_num: "{{ osd_pool_default_pg_num }}"
2017-06-12 16:36:29 +08:00
# rule_name: ""
2016-02-29 23:35:07 +08:00
#openstack_cinder_pool:
# name: volumes
2016-12-05 21:21:54 +08:00
# pg_num: "{{ osd_pool_default_pg_num }}"
2017-06-12 16:36:29 +08:00
# rule_name: ""
2016-02-29 23:35:07 +08:00
#openstack_nova_pool:
# name: vms
2016-12-05 21:21:54 +08:00
# pg_num: "{{ osd_pool_default_pg_num }}"
2017-06-12 16:36:29 +08:00
# rule_name: ""
2016-02-29 23:35:07 +08:00
#openstack_cinder_backup_pool:
# name: backups
2016-12-05 21:21:54 +08:00
# pg_num: "{{ osd_pool_default_pg_num }}"
2017-06-12 16:36:29 +08:00
# rule_name: ""
2017-06-20 02:25:59 +08:00
#openstack_gnocchi_pool:
# name: metrics
# pg_num: "{{ osd_pool_default_pg_num }}"
2017-06-12 16:36:29 +08:00
# rule_name: ""
2016-02-29 23:35:07 +08:00
2016-09-21 20:21:41 +08:00
#openstack_pools:
# - "{{ openstack_glance_pool }}"
# - "{{ openstack_cinder_pool }}"
# - "{{ openstack_nova_pool }}"
# - "{{ openstack_cinder_backup_pool }}"
2017-06-20 02:25:59 +08:00
# - "{{ openstack_gnocchi_pool }}"
2016-09-21 20:21:41 +08:00
2017-06-23 18:35:39 +08:00
# The value for 'key' can be a pre-generated key,
# e.g key: "AQDC2UxZH4yeLhAAgTaZb+4wDUlYOsr1OfZSpQ=="
# By default, keys will be auto-generated.
2017-09-06 16:53:30 +08:00
#
2017-07-20 06:20:18 +08:00
# To have have ansible setfacl the generated key, set the acls var like so:
# acls: ["u:nova:r--", "u:cinder:r--", "u:glance:r--", "u:gnocchi:r--"]
2016-02-29 23:35:07 +08:00
#openstack_keys:
2017-08-10 04:52:18 +08:00
# - { name: client.glance, key: "$(ceph-authtool --gen-print-key)", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool={{ openstack_glance_pool.name }}", mode: "0600", acls: [] }
# - { name: client.cinder, key: "$(ceph-authtool --gen-print-key)", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool={{ openstack_cinder_pool.name }}, allow rwx pool={{ openstack_nova_pool.name }}, allow rx pool={{ openstack_glance_pool.name }}", mode: "0600", acls: [] }
# - { name: client.cinder-backup, key: "$(ceph-authtool --gen-print-key)", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool={{ openstack_cinder_backup_pool.name }}", mode: "0600", acls: [] }
# - { name: client.gnocchi, key: "$(ceph-authtool --gen-print-key)", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool={{ openstack_gnocchi_pool.name }}", mode: "0600", acls: [] }
2017-11-27 18:21:05 +08:00
# - { name: client.openstack, key: "$(ceph-authtool --gen-print-key)", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool={{ openstack_glance_pool.name }}, allow rwx pool={{ openstack_nova_pool.name }}, allow rwx pool={{ openstack_cinder_pool.name }}, allow rwx pool={{ openstack_cinder_backup_pool.name }}", mode: "0600", acls: [] }
2016-02-29 23:35:07 +08:00
2017-10-12 20:55:53 +08:00
2016-02-29 23:35:07 +08:00
##########
# DOCKER #
##########
2017-07-07 21:48:53 +08:00
2017-09-06 16:53:30 +08:00
# Resource limitation
# For the whole list of limits you can apply see: docs.docker.com/engine/admin/resource_constraints
# Default values are based from: https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/2/html/red_hat_ceph_storage_hardware_guide/minimum_recommendations
# These options can be passed using the 'ceph_mon_docker_extra_env' variable.
#ceph_mon_docker_memory_limit: 1g
#ceph_mon_docker_cpu_limit: 1
2017-07-07 21:48:53 +08:00
# Use this variable to add extra env configuration to run your mon container.
# If you want to set a custom admin keyring you can set this variable like following:
2017-08-31 18:04:40 +08:00
# ceph_mon_docker_extra_env: -e ADMIN_SECRET={{ admin_secret }}
#ceph_mon_docker_extra_env:
2016-03-31 22:39:02 +08:00
#mon_docker_privileged: false
#mon_docker_net_host: true
2016-11-03 17:16:33 +08:00
#ceph_config_keys: [] # DON'T TOUCH ME
2016-02-29 23:35:07 +08:00
2017-08-07 17:23:32 +08:00
2017-07-05 21:47:48 +08:00
###########
# SYSTEMD #
###########
# ceph_mon_systemd_overrides will override the systemd settings
# for the ceph-mon services.
# For example,to set "PrivateDevices=false" you can specify:
#ceph_mon_systemd_overrides:
# Service:
# PrivateDevices: False