"base URL for repo with helm charts & other binaries"
default: "https://binary.mirantis.com"
"base URL for docker images"
default: "mirantis.azurecr.io"
settings passed to every helm chart
list of helm chart repositories
symbolic name to reference this repo
helm charts repo url
JSON of values passed to all charts
version of charts to install for infra components
JSON of values passed to all infra charts
version of charts to install for openstack components
JSON of values passed to all openstack charts
trigger to process osdpl resource
default: false
Specifies the app role ID
Specifies the secret ID created for the app role
Indicates if simple_crypto backend is enabled
default: false
Mountpoint of KV store in Vault to use.
Vault Namespace to use for all requests to Vault.
This is available only in Vault Enterprise and
is supported only since OpenStack Victoria release.
The path to CA cert file
Specifies whether to use SSL
URL of the Vault server
Backend to perform backup to. Could be: pvc, pv_nfs. Default is pvc.
Type of backup. Possible values: incremental or full.
incremental: If newest full backup is older then fullbackupcycle seconds,
perform full backup, else perform incremental backup to the newest full.
full: perform always only full backup. Default is incremental.
How many full backups to keep.
Indicates whether cron job will launch backup jobs. When set to true suspend
flag in cron job will be switched to false.
default: false
Number of seconds that defines a period between 2 full backups.
During this period incremental backups will be performed. The parameter
is taken into account only if backuptype is set to 'incremental', otherwise
it is ignored. For example with fullbackup_cycle set to 604800 seconds full
backup will be taken every week and if cron is set to 0 0 * * *, incremental backup
will be performed on daily basis.
Path to the nfs share on the server.
Ip address or domain name of nfs server
Unix style cron expression indicates how often to run backup
cron job. Default is '0 1 * * *' - every day at 01:00.
Number of days that alarm histories are kept in the database for (<= 0 means forever)
Enable periodic cleanup of expired alarm history data for Aodh
default: true
Cron schedule for periodic cleanup
default: "1 6 * * 1"
Number of days to keep deleted entries. When set to 0 all entries from shadow tables
are deleted.
default: 30
Enable periodic cleanup of database for Barbican.
default: true
Cron schedule for periodic cleanup.
default: "1 4 * * 1"
Number of days to keep deleted entries. When set to 0 all entries from shadow tables
are deleted.
default: 30
Enable periodic cleanup of database for Cinder.
default: true
Cron schedule for periodic cleanup.
default: "1 0 * * 1"
Number of days to keep deleted entries. When set to 0 all entries from shadow tables
are deleted.
default: 30
The batch size for each iteration.
default: 1000
Enable periodic cleanup of database for Glance.
default: true
Cron schedule for periodic cleanup.
default: "1 2 * * 1"
Number of days to keep deleted entries. When set to 0 all entries from shadow tables
are deleted.
default: 30
Number of stacks to delete at a time (per transaction).
default: 10
Enable periodic cleanup of database for Heat.
default: true
Cron schedule for periodic cleanup.
default: "1 5 * * 1"
Number of days to keep deleted entries. When set to 0 all entries from shadow tables
are deleted.
default: 30
The batch size for each iteration.
default: 1000
Enable periodic cleanup of database for Masakari.
default: true
Cron schedule for periodic cleanup.
default: "1 3 * * 1"
Number of days to keep deleted entries. When set to 0 all entries from shadow tables
are deleted.
default: 30
The batch size for each iteration.
default: 1000
Enable periodic cleanup of database for Nova.
default: true
Cron schedule for periodic cleanup.
default: "1 1 * * 1"
Optional field to define IP address for LoadBalancer service.
Protocol for Designate backend in Kubernetes Service. Could be udp|tcp|tcp+udp.
default: udp
Type of the backend for Designate. For example: powerdns.
default: powerdns
Set of backeds are going to be used by glance as multi backends.
Section to configure cinder backends.
Section to configure rbd (Ceph) backends
Enable certificate validation when verifying signatures.
default: false
Enforce signature validation for images on upload. Upload of images without signature
metadata is rejected. When image signature is not valid compute service will not allow
to start instance and block storage service will not allow to create volumes.
The default theme name.
default: "default"
Theme description showed to user
Custom theme name
The sha256 checksumm of arhive with theme
Link to archive with theme
base URL for ironic agent images
default: "https://binary.mirantis.com/openstack/bin/ironic/tinyipa"
name of baremetal provisioning/cleaning network
default: true
the MTU for cleaning network
name of baremetal network
default: "baremetal"
type of provisioning/cleaning baremetal network
default: "vlan"
name of physical network to associate
default: "ironic"
the vlan number of cleaning network in case of VLAN segmentation is used
the gateway for baremetal network
baremetal subnet name
the end range of allocation pool for baremetal network
the start range of allocation pool for baremetal network
the cidr of baremetal network
name of physical interface to bind PXE services
default: "ironic-pxe"
ks_domains instead.
Domain specific configuration options.
Enable domain specific keystone configuration
Domain name
Enable domain specific keystone configuration
Domain specific configuration
Trigger to enable keycloak integration
default: false
The delimiter to use when setting multi-valued claims (openid-connect or oauth20) in the HTTP
headers/environment variables.
Client identifier used in calls to the statically configured OpenID Connect Provider
default: "os"
Require a valid SSL server certificate when communicating with the Authorization Server
Override for URL where OpenID Connect Provider metadata can be found
The redirect_uri for this OpenID Connect client
Define one or more regular expressions that specify URLs (or domains) allowed for post logout and
other redirects such as the "return_to" value on refresh token requests
Require a valid SSL server certificate when communicating with the OP
Used to request specific scopes
default: "openid email profile"
Url for keycloak
Domain ID for admin of OpenStack deployment
default: "default"
Project domain name for admin of OpenStack deployment
default: "default"
Project name for admin of OpenStack deployment
default: "admin"
Domain name for admin of OpenStack deployment
default: "default"
Service logging level
default: "INFO"
Service logging level
default: "INFO"
List of drivers to handle sending audit notifications
default: messagingv2
Enable CADF audit notifications
default: false
Service logging level
default: "INFO"
Service logging level
default: "INFO"
Service logging level
default: "INFO"
Service logging level
default: "INFO"
Service logging level
default: "INFO"
Service logging level
default: "INFO"
Service logging level
default: "INFO"
Service logging level
default: "INFO"
Service logging level
default: "INFO"
Service logging level
default: "INFO"
Service logging level
default: "INFO"
Service logging level
default: "INFO"
Service logging level
default: "INFO"
Array of components need to be set up with dedicated rabbitmq server for migration
Neutron backend
default: "ml2"
Netmiko device type
IP address of switch
Switch name
Credential password
RAW config for device.
Enable secret
SSH private key for switch.
Credential username
Autonomous System number
IP address or interface used for BGP peerings
IP address or interface used to send VPN traffic
Enable BGPVPN plugin/service
default: false
UDP port toward which send VXLAN traffic
IP addresses of BGP peers, when not specified will be picked from secret
The object describes RouteReflector settings
Enable BGPVPN route reflector on controller nodes
BGP sessions allowed from neighbors in this subnet
The list with the IP addresses of DNS servers reachable from Virtual Networks
Enable distributed routers
default: false
OVS bridge name to map with physnet.
Physical interface mapped with physnet
Network types allowed on particular physnet
Neutron physnet name
default: "physnet1"
Range of vlans allowed on physnet
enable floating network creation
default: false
The name of floating network
default: "public"
network physical mechanism
name of physical network to associate
"The name of public router"
default: "r1"
vlan id for vlan networks
IP address of subnet gateway
"The name of floating subnet"
default: "public-subnet"
end IP address ie: 1.2.3.200
start IP address ie: 1.2.3.100
IP address range ie: 1.2.3.0/24
Enable IPsec authentication and encryption of tenant traffic
default: false
Ordered list of network_types to allocate as tenant networks
Physical interface used for tunnel traffic
Backend for nova images can be ceph or local
Cipher-mode string to be used.
default: "aes-xts-plain64"
Enable ephemeral disk encryption, only available with lvm backend.
default: false
Encryption key length in bits.
default: 256
Volume group used when images backend is lvm. Default to nova-vol
Physical interface used for live migration.
Default provider driver used for loadbalancers.
end IP address ie: 1.2.3.200
start IP address ie: 1.2.3.100
IP address range ie: 1.2.3.0/24
Values of policies to override.
Values of policies to override.
Values of policies to override.
Values of policies to override.
Values of policies to override.
Values of policies to override.
Values of policies to override.
Values of policies to override.
Values of policies to override.
Values of policies to override.
Values of policies to override.
Values of policies to override.
Values of policies to override.
Values of policies to override.
Values of policies to override.
Trigger to use built in policies provided by OpenStack components.
List of enabled openstack and auxiliary services
API server certificate
API server private key
CA certificate
Enable FIPS compliant TLS proxy for public endpoints.
enable StackLight operations support system
The option is no longer handled, the password is autogenerated.
The option is no longer handled, the username is autogenerated.
Which telemetry mode is going to be used for telemetry.
internal k8s domain name
default: "cluster.local"
Default storage class with local volumes, used by services with built in clustering
mechanism like mariadb, etcd, redis.
default: "openstack-operator-bind-mounts"
this is arbitrary JSON of parameters for migration
All property whose name matches the following regular expression must respect the following conditions
Property name regular expression:.*::.* All property whose name matches the following regular expression must respect the following conditions
Property name regular expression:.* Volume group used by lvm backend. Default to cinder-vol
Additional Properties of any type are allowed.
Type: objectAdditional Properties of any type are allowed.
Type: objectEnable BGPVPN plugin/service
Additional Properties of any type are allowed.
Type: objectThe name of bridge to plug bond.
The name of dpdk bond.
The name of ovs port created for corresponding NIC
The PCI id of NIC
Bond openvswitch options, for example bond_mode=active-backup
IP address to assign to the bridge.
The name of dpdk bridge
The dpdk driver to use for NICs
Trigger to enable dpdk on the node.
The amount of hugepages, default 1Gi
The page size to use, default 2Mi
The name of bridge to plug NIC
The name of ovs port created for corresponding NIC
The PCI id of NIC
Memory to allocate for numa node, default: 1024 MB to first numa node
Additional Properties of any type are allowed.
Type: objectTrigger to enable sriov on the node.
Additional Properties of any type are allowed.
Type: objectThe name of sriov NIC
The pre init hooks
Each additional property must conform to the following schema
Type: objectThe init hook for specific NIC.
The NIC MTU
The number of VF to activate
The name of neutron physnet for SRIOV NIC.
Enable trusted mode on sriov VIF
Physical interface used for tunnel traffic
Backend for nova images can be ceph, local or lvm
Cipher-mode string to be used.
Enable ephemeral disk encryption, only available with lvm backend.
Encryption key length in bits.
Volume group used when images backend is lvm. Default to nova-vol
Physical interface used for live migration.
cpu mode and model to create instances with
All property whose name matches the following regular expression must respect the following conditions
Property name regular expression:.* Additional Properties of any type are allowed.
Type: objectAll property whose name matches the following regular expression must respect the following conditions
Property name regular expression:.* Additional Properties of any type are allowed.