user_variables.yml

## Ceilometer Options
ceilometer_db_type: mongodb
ceilometer_db_ip: localhost
ceilometer_db_port: 27017
swift_ceilometer_enabled: False
heat_ceilometer_enabled: False
cinder_ceilometer_enabled: False
glance_ceilometer_enabled: False
nova_ceilometer_enabled: False

## Glance Options
# Set glance_default_store to "swift" if using Cloud Files or swift backend
# or "rbd" if using ceph backend; the latter will trigger ceph to get
# installed on glance
glance_default_store: file

# `internalURL` will cause glance to speak to swift via ServiceNet, use
# `publicURL` to communicate with swift over the public network
glance_swift_store_endpoint_type: internalURL

## Glance Options 
# Set default_store to "swift" if using Cloud Files 
# or swift backend or file to use NFS or local filesystem
glance_notification_driver: noop

## Nova options
nova_virt_type: qemu
nova_cpu_allocation_ratio: 3.0 
nova_ram_allocation_ratio: 1.0
# As this is a virtual env, don't lose precious memory to the VM itself!
nova_reserved_host_memory_mb: 1024

# Neutron options
neutron_l2_population: true


## SSL Settings
# Adjust these settings to change how SSL connectivity is configured for
# various services.  For more information, see the openstack-ansible
# documentation section titled "Securing services with SSL certificates".
#
## SSL: Keystone
# These do not need to be configured unless you're creating certificates for
# services running behind Apache (currently, Horizon and Keystone).
ssl_protocol: "ALL -SSLv2 -SSLv3"
# Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
# To override for Keystone only:
#   - keystone_ssl_protocol
#   - keystone_ssl_cipher_suite
# To override for Horizon only:
#   - horizon_ssl_protocol
#   - horizon_ssl_cipher_suite
#
## SSL: RabbitMQ
# Set these variables if you prefer to use existing SSL certificates, keys and
# CA certificates with the RabbitMQ SSL/TLS Listener
#
#rabbitmq_user_ssl_cert: <path to cert on ansible deployment host>
#rabbitmq_user_ssl_key: <path to cert on ansible deployment host>
#rabbitmq_user_ssl_ca_cert: <path to cert on ansible deployment host>

## Repo server
#repo_service_user_name: nginx
#repo_service_home_folder: /var/www
#repo_server_port: 80
#repo_pip_default_index: "http://{{ openstack_upstream_domain }}/mirror/pools"
#pip_install_options: "--trusted-host 172.29.236.10"
pip_validate_certs: "no"


## OpenStack source options
# URL for the frozen internal openstack repo.
# openstack_repo_url: "http://{{ internal_lb_vip_address }}:{{ repo_server_port }}"
#openstack_upstream_domain: "172.29.236.1"
#openstack_upstream_url: "http://{{ openstack_upstream_domain }}/mirror"
#openstack_repo_url: "{{ openstack_upstream_url }}"

#repo_mirror_source_host: "{{ openstack_upstream_domain }}"


## LXC options
#lxc_container_caches:
#  - url: "{{ openstack_upstream_url }}/container_images/rpc-trusty-container.tgz"
#  - url: "172.29.236.1/mirror/container_images/rpc-trusty-container.tgz"
#    name: "trusty.tgz"

## Example environment variable setup:
#proxy_env_url: http://nas:3128/
#no_proxy_env: "localhost,127.0.0.1,{% for host in groups['all_containers'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}"
## global_environment_variables:
#HTTP_PROXY: "{{ proxy_env_url }}"
#HTTPS_PROXY: "{{ proxy_env_url }}"
#NO_PROXY: "{{ no_proxy_env }}"

#global_environment_variables:
#   HTTP_PROXY: "http://172.29.236.1:3128"
#   HTTPS_PROXY: "http://172.29.236.1:3128"
#   NO_PROXY: "localhost,127.0.0.1,172.29.236.1,172.29.236.0/24"
#   http_proxy: "http://172.29.236.1:3128"
#   https_proxy: "http://172.29.236.1:3128"
#   no_proxy: "localhost,127.0.0.1,172.29.236.1,172.29.236.0/24"

apply_security_hardening: false

neutron_plugin_base:
  - router
  - neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2