Overriding OpenStack configuration defaults

Overriding OpenStack configuration defaults

OpenStack has many configuration options available in .conf files (in a standard INI file format), policy files (in a standard JSON format) and YAML files.

 
Note

YAML files are only in the ceilometer project at this time.

OpenStack-Ansible enables you to reference any options in the OpenStack Configuration Reference through the use of a simple set of configuration entries in the /etc/openstack_deploy/user_variables.yml.

This section describes how to use the configuration entries in the /etc/openstack_deploy/user_variables.yml file to override default configuration settings. For more information, see the Setting overrides in configuration files section in the developer documentation.

Overriding .conf files

Most often, overrides are implemented for the <service>.conf files (for example, nova.conf). These files use a standard INI file format.

For example, you might want to add the following parameters to the nova.conf file:

[DEFAULT]
remove_unused_original_minimum_age_seconds = 43200

[libvirt]
cpu_mode = host-model
disk_cachemodes = file=directsync,block=none

[database]
idle_timeout = 300
max_pool_size = 10

To do this, you use the following configuration entry in the /etc/openstack_deploy/user_variables.yml file:

nova_nova_conf_overrides:
  DEFAULT:
    remove_unused_original_minimum_age_seconds: 43200
  libvirt:
    cpu_mode: host-model
    disk_cachemodes: file=directsync,block=none
  database:
    idle_timeout: 300
    max_pool_size: 10

 
Note

The general format for the variable names used for overrides is <service>_<filename>_<file extension>_overrides. For example, the variable name used in these examples to add parameters to the nova.conf file is nova_nova_conf_overrides.

You can also apply overrides on a per-host basis with the following configuration in the /etc/openstack_deploy/openstack_user_config.yml file:

compute_hosts:
  900089-compute001:
    ip: 192.0.2.10
    host_vars:
      nova_nova_conf_overrides:
        DEFAULT:
          remove_unused_original_minimum_age_seconds: 43200
        libvirt:
          cpu_mode: host-model
          disk_cachemodes: file=directsync,block=none
        database:
          idle_timeout: 300
          max_pool_size: 10

Use this method for any files with the INI format for in OpenStack projects deployed in OpenStack-Ansible.

Overriding .json files

To implement access controls that are different from the ones in a standard OpenStack environment, you can adjust the default policies applied by services. Policy files are in a JSON format.

For example, you might want to add the following policy in the policy.json file for the Identity service (keystone):

{
    "identity:foo": "rule:admin_required",
    "identity:bar": "rule:admin_required"
}

To do this, you use the following configuration entry in the /etc/openstack_deploy/user_variables.yml file:

keystone_policy_overrides:
  identity:foo: "rule:admin_required"
  identity:bar: "rule:admin_required"

 
Note

The general format for the variable names used for overrides is <service>_policy_overrides. For example, the variable name used in this example to add a policy to the Identity service (keystone) policy.json file is keystone_policy_overrides.

Use this method for any files with the JSON format in OpenStack projects deployed in OpenStack-Ansible.

To assist you in finding the appropriate variable name to use for overrides, the general format for the variable name is <service>_policy_overrides.

Overriding .yml files

You can override .yml file values by supplying replacement YAML content.

 
Note

All default YAML file content is completely overwritten by the overrides, so the entire YAML source (both the existing content and your changes) must be provided.

For example, you might want to define a meter exclusion for all hardware items in the default content of the pipeline.yml file for the Telemetry service (ceilometer):

sources:
    - name: meter_source
    interval: 600
    meters:
        - "!hardware.*"
    sinks:
        - meter_sink
    - name: foo_source
    value: foo

To do this, you use the following configuration entry in the /etc/openstack_deploy/user_variables.yml file:

ceilometer_pipeline_yaml_overrides:
  sources:
      - name: meter_source
      interval: 600
      meters:
          - "!hardware.*"
      sinks:
          - meter_sink
      - name: source_foo
      value: foo

 
Note

The general format for the variable names used for overrides is <service>_<filename>_<file extension>_overrides. For example, the variable name used in this example to define a meter exclusion in the pipeline.yml file for the Telemetry service (ceilometer) is ceilometer_pipeline_yaml_overrides.

Currently available overrides

The following override variables are available.

Galera:
  • galera_client_my_cnf_overrides
  • galera_my_cnf_overrides
  • galera_cluster_cnf_overrides
  • galera_debian_cnf_overrides
Telemetry service (ceilometer):
  • ceilometer_policy_overrides
  • ceilometer_ceilometer_conf_overrides
  • ceilometer_event_definitions_yaml_overrides
  • ceilometer_event_pipeline_yaml_overrides
  • ceilometer_pipeline_yaml_overrides
Block Storage (cinder):
  • cinder_policy_overrides
  • cinder_rootwrap_conf_overrides
  • cinder_api_paste_ini_overrides
  • cinder_cinder_conf_overrides
Image service (glance):
  • glance_glance_api_paste_ini_overrides
  • glance_glance_api_conf_overrides
  • glance_glance_cache_conf_overrides
  • glance_glance_manage_conf_overrides
  • glance_glance_registry_paste_ini_overrides
  • glance_glance_registry_conf_overrides
  • glance_glance_scrubber_conf_overrides
  • glance_glance_scheme_json_overrides
  • glance_policy_overrides
Orchestration service (heat):
  • heat_heat_conf_overrides
  • heat_api_paste_ini_overrides
  • heat_default_yaml_overrides
  • heat_aws_cloudwatch_alarm_yaml_overrides
  • heat_aws_rds_dbinstance_yaml_overrides
  • heat_policy_overrides
Identity service (keystone):
  • keystone_keystone_conf_overrides
  • keystone_keystone_default_conf_overrides
  • keystone_keystone_paste_ini_overrides
  • keystone_policy_overrides
Networking service (neutron):
  • neutron_neutron_conf_overrides
  • neutron_ml2_conf_ini_overrides
  • neutron_dhcp_agent_ini_overrides
  • neutron_api_paste_ini_overrides
  • neutron_rootwrap_conf_overrides
  • neutron_policy_overrides
  • neutron_dnsmasq_neutron_conf_overrides
  • neutron_l3_agent_ini_overrides
  • neutron_metadata_agent_ini_overrides
  • neutron_metering_agent_ini_overrides
Compute service (nova):
  • nova_nova_conf_overrides
  • nova_rootwrap_conf_overrides
  • nova_api_paste_ini_overrides
  • nova_policy_overrides
Object Storage service (swift):
  • swift_swift_conf_overrides
  • swift_swift_dispersion_conf_overrides
  • swift_proxy_server_conf_overrides
  • swift_account_server_conf_overrides
  • swift_account_server_replicator_conf_overrides
  • swift_container_server_conf_overrides
  • swift_container_server_replicator_conf_overrides
  • swift_object_server_conf_overrides
  • swift_object_server_replicator_conf_overrides
Tempest:
  • tempest_tempest_conf_overrides
pip:
  • pip_global_conf_overrides

 
Note

Possible additional overrides can be found in the “Tunable Section” of each role’s main.yml file, such as /etc/ansible/roles/role_name/defaults/main.yml.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.