capabilities-map.yaml

   1 # This file holds metadata about the capabilities of the tripleo-heat-templates
   2 # repository for deployment using puppet. It groups configuration by topic,
   3 # describes possible combinations of environments and resource capabilities.
   4
   5 # topics:
   6 # High Level grouping by purpose of environments
   7 # Attributes:
   8 #  title: (required)
   9 #  description: (optional)
  10 #  environment_groups: (required)
  11
  12 # environment_groups:
  13 # Identifies an environment choice. If group includes multiple environments it
  14 # indicates that environments in group are mutually exclusive.
  15 # Attributes:
  16 #  title: (optional)
  17 #  description: (optional)
  18 #  tags: a list of tags to provide additional information for e.g. filtering (optional)
  19 #  environments: (required)
  20
  21 # environments:
  22 # List of environments in environment group
  23 # Attributes:
  24 #  file: a file name including path within repository (required)
  25 #  title: (required)
  26 #  description: (optional)
  27 #  requires: an array of environments which are required by this environment (optional)
  28 #  resource_registry: [tbd] (optional)
  29
  30 # resource_registry:
  31 # [tbd] Each environment can provide options on resource_registry level applicable
  32 # only when that given environment is used. (resource_type of that environment can
  33 # be implemented using multiple templates).
  34
  35 topics:
  36   - title: Base Resources Configuration
  37     description:
  38     environment_groups:
  39       - title:
  40         description: Enable base configuration for all resources required for OpenStack Deployment
  41         environments:
  42           - file: overcloud-resource-registry-puppet.yaml
  43             title: Base resources configuration
  44             description:
  45
  46   - title: Deployment Options
  47     description:
  48     environment_groups:
  49       - title: High Availability
  50         description: Enables configuration of an Overcloud controller with Pacemaker
  51         environments:
  52           - file: environments/puppet-pacemaker.yaml
  53             title: Pacemaker
  54             description: Enable configuration of an Overcloud controller with Pacemaker
  55             requires:
  56               - overcloud-resource-registry-puppet.yaml
  57       - title: Pacemaker options
  58         description:
  59         environments:
  60           - file: environments/puppet-pacemaker-no-restart.yaml
  61             title: Pacemaker No Restart
  62             description:
  63             requires:
  64               - environments/puppet-pacemaker.yaml
  65               - overcloud-resource-registry-puppet.yaml
  66       - title: Docker RDO
  67         description: >
  68           Docker container with heat agents for containerized compute node
  69         environments:
  70           - file: environments/docker.yaml
  71             title: Docker RDO
  72             description:
  73             requires:
  74               - overcloud-resource-registry-puppet.yaml
  75       - title: Enable TLS
  76         description: >
  77         environments:
  78           - file: environments/enable-tls.yaml
  79             title: TLS
  80             description: >
  81               Use this option to pass in certificates for SSL deployments.
  82               For these values to take effect, one of the TLS endpoints
  83               environments must also be used.
  84             requires:
  85               - overcloud-resource-registry-puppet.yaml
  86       - title: TLS Endpoints
  87         description: >
  88         environments:
  89           - file: environments/tls-endpoints-public-dns.yaml
  90             title: SSL-enabled deployment with DNS name as public endpoint
  91             description: >
  92               Use this environment when deploying an SSL-enabled overcloud where the public
  93               endpoint is a DNS name.
  94             requires:
  95               - environments/enable-tls.yaml
  96               - overcloud-resource-registry-puppet.yaml
  97           - file: environments/tls-endpoints-public-ip.yaml
  98             title: SSL-enabled deployment with IP address as public endpoint
  99             description: >
 100               Use this environment when deploying an SSL-enabled overcloud where the public
 101               endpoint is an IP address.
 102             requires:
 103               - environments/enable-tls.yaml
 104               - overcloud-resource-registry-puppet.yaml
 105       - title: External load balancer
 106         description: >
 107           Enable external load balancer
 108         environments:
 109           - file: environments/external-loadbalancer-vip-v6.yaml
 110             title: External load balancer IPv6
 111             description: >
 112             requires:
 113               - overcloud-resource-registry-puppet.yaml
 114           - file: environments/external-loadbalancer-vip.yaml
 115             title: External load balancer IPv4
 116             description: >
 117             requires:
 118               - overcloud-resource-registry-puppet.yaml
 119
 120   - title: Additional Services
 121     description: Deploy additional Overcloud services
 122     environment_groups:
 123       - title: Manila
 124         description:
 125         environments:
 126           - file: environments/manila-generic-config.yaml
 127             title: Manila
 128             description: Enable Manila generic driver backend
 129             requires:
 130               - overcloud-resource-registry-puppet.yaml
 131       - title: Sahara
 132         description:
 133         environments:
 134           - file: environments/services/sahara.yaml
 135             title: Sahara
 136             description: Deploy Sahara service
 137             requires:
 138               - overcloud-resource-registry-puppet.yaml
 139       - title: Ironic
 140         description:
 141         environments:
 142           - file: environments/services/ironic.yaml
 143             title: Ironic
 144             description: Deploy Ironic service
 145             requires:
 146               - overcloud-resource-registry-puppet.yaml
 147       - title: Mistral
 148         description:
 149         environments:
 150           - file: environments/services/mistral.yaml
 151             title: Mistral
 152             description: Deploy Mistral service
 153             requires:
 154               - overcloud-resource-registry-puppet.yaml
 155       - title: Ceilometer Api
 156         description:
 157         environments:
 158           - file: environments/services/disable-ceilometer-api.yaml
 159             title: Ceilometer Api
 160             description: Disable Ceilometer Api service. This service is
 161               deprecated and will be removed in future releases. Please move
 162               to using gnocchi/aodh/panko apis instead.
 163             requires:
 164               - overcloud-resource-registry-puppet.yaml
 165
 166   # - title: Network Interface Configuration
 167   #   description:
 168   #   environment_groups:
 169
 170   - title: Overlay Network Configuration
 171     description:
 172     environment_groups:
 173       - title: Network Isolation
 174         description:
 175         environments:
 176           - file: environments/network-isolation.yaml
 177             title: Network Isolation
 178             description: >
 179               Enable the creation of Neutron networks for
 180               isolated Overcloud traffic and configure each role to assign ports
 181               (related to that role) on these networks.
 182             requires:
 183               - overcloud-resource-registry-puppet.yaml
 184           - file: environments/network-isolation-v6.yaml
 185             title: Network Isolation IPv6
 186             description: >
 187               Enable the creation of IPv6 Neutron networks for isolated Overcloud
 188               traffic and configure each role to assign ports (related
 189               to that role) on these networks.
 190             requires:
 191               - overcloud-resource-registry-puppet.yaml
 192       - title: Single NIC or Bonding
 193         description: >
 194           Configure roles to use pair of bonded nics or to use Vlans on a
 195           single nic. This option assumes use of Network Isolation.
 196         environments:
 197           - file: environments/net-bond-with-vlans.yaml
 198             title: Bond with Vlans
 199             description: >
 200               Configure each role to use a pair of bonded nics (nic2 and
 201               nic3) and configures an IP address on each relevant isolated network
 202               for each role. This option assumes use of Network Isolation.
 203             requires:
 204               - environments/network-isolation.yaml
 205               - overcloud-resource-registry-puppet.yaml
 206           - file: environments/net-bond-with-vlans-no-external.yaml
 207             title: Bond with Vlans No External Ports
 208             description: >
 209               Configure each role to use a pair of bonded nics (nic2 and
 210               nic3) and configures an IP address on each relevant isolated network
 211               for each role. This option assumes use of Network Isolation.
 212               Sets external ports to noop.
 213             requires:
 214               - environments/network-isolation.yaml
 215               - overcloud-resource-registry-puppet.yaml
 216           - file: environments/net-bond-with-vlans-v6.yaml
 217             title: Bond with Vlans IPv6
 218             description: >
 219               Configure each role to use a pair of bonded nics (nic2 and
 220               nic3) and configures an IP address on each relevant isolated network
 221               for each role, with IPv6 on the External network.
 222               This option assumes use of Network Isolation IPv6.
 223             requires:
 224               - environments/network-isolation-v6.yaml
 225               - overcloud-resource-registry-puppet.yaml
 226           - file: environments/net-multiple-nics.yaml
 227             title: Multiple NICs
 228             description: >
 229               Configures each role to use a separate NIC for
 230               each isolated network.
 231               This option assumes use of Network Isolation.
 232             requires:
 233               - environments/network-isolation.yaml
 234               - overcloud-resource-registry-puppet.yaml
 235           - file: environments/net-multiple-nics-v6.yaml
 236             title: Multiple NICs IPv6
 237             description: >
 238               Configure each role to use a separate NIC for
 239               each isolated network with IPv6 on the External network.
 240               This option assumes use of Network Isolation IPv6.
 241             requires:
 242               - environments/network-isolation-v6.yaml
 243               - overcloud-resource-registry-puppet.yaml
 244           - file: environments/net-single-nic-with-vlans.yaml
 245             title: Single NIC with Vlans
 246             description: >
 247               Configure each role to use Vlans on a single NIC for
 248               each isolated network. This option assumes use of Network Isolation.
 249             requires:
 250               - environments/network-isolation.yaml
 251               - overcloud-resource-registry-puppet.yaml
 252           - file: environments/net-single-nic-with-vlans-no-external.yaml
 253             title: Single NIC with Vlans No External Ports
 254             description: >
 255               Configure each role to use Vlans on a single NIC for
 256               each isolated network. This option assumes use of Network Isolation.
 257               Sets external ports to noop.
 258             requires:
 259               - environments/network-isolation.yaml
 260               - overcloud-resource-registry-puppet.yaml
 261           - file: environments/net-single-nic-linux-bridge-with-vlans.yaml
 262             title: Single NIC with Linux Bridge Vlans
 263             description: >
 264               Configure each role to use Vlans on a single NIC for
 265               each isolated network. This option assumes use of Network Isolation.
 266             requires:
 267               - environments/network-isolation.yaml
 268               - overcloud-resource-registry-puppet.yaml
 269           - file: environments/net-single-nic-with-vlans-v6.yaml
 270             title: Single NIC with Vlans IPv6
 271             description: >
 272               Configures each role to use Vlans on a single NIC for
 273               each isolated network with IPv6 on the External network.
 274               This option assumes use of Network Isolation IPv6
 275             requires:
 276               - environments/network-isolation-v6.yaml
 277               - overcloud-resource-registry-puppet.yaml
 278       - title: Management Network
 279         description: >
 280           Enable the creation of a system management network. This
 281           creates a Neutron network for isolated Overcloud
 282           system management traffic and configures each role to
 283           assign a port (related to that role) on that network.
 284         environments:
 285           - file: environments/network-management.yaml
 286             title: Management Network
 287             description:
 288             requires:
 289               - overcloud-resource-registry-puppet.yaml
 290           - file: environments/network-management-v6.yaml
 291             title: Management Network IPv6
 292             description:
 293             requires:
 294               - overcloud-resource-registry-puppet.yaml
 295
 296   - title: Neutron Plugin Configuration
 297     description:
 298     environment_groups:
 299       - title: Neutron Plugins
 300         description: >
 301           Enable various Neutron plugins and backends
 302         environments:
 303           - file: environments/neutron-bgpvpn.yaml
 304             title: Neutron BGPVPN Service Plugin
 305             description: Enables Neutron BGPVPN Service Plugin
 306             requires:
 307               - overcloud-resource-registry-puppet.yaml
 308           - file: environments/neutron-ml2-bigswitch.yaml
 309             title: BigSwitch Extensions
 310             description: >
 311               Enable Big Switch extensions, configured via puppet
 312             requires:
 313               - overcloud-resource-registry-puppet.yaml
 314           - file: environments/neutron-ml2-cisco-n1kv.yaml
 315             title: Cisco N1KV backend
 316             description: >
 317               Enable a Cisco N1KV backend, configured via puppet
 318             requires:
 319               - overcloud-resource-registry-puppet.yaml
 320           - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
 321             title: Cisco Neutron plugin
 322             description:
 323             requires:
 324               - overcloud-resource-registry-puppet.yaml
 325           - file: environments/neutron-midonet.yaml
 326             title: Deploy MidoNet Services
 327             description:
 328             requires:
 329               - overcloud-resource-registry-puppet.yaml
 330           - file: environments/neutron-nuage-config.yaml
 331             title: Neutron Nuage backend
 332             description: Enables Neutron Nuage backend on the controller
 333             requires:
 334               - overcloud-resource-registry-puppet.yaml
 335           - file: environments/neutron-opendaylight.yaml
 336             title: OpenDaylight
 337             description: Enables OpenDaylight
 338             requires:
 339               - overcloud-resource-registry-puppet.yaml
 340           - file: environments/neutron-ovs-dpdk.yaml
 341             title: DPDK with OVS
 342             description: Deploy DPDK with OVS
 343             requires:
 344               - overcloud-resource-registry-puppet.yaml
 345           - file: environments/neutron-ovs-dvr.yaml
 346             title: DVR
 347             description: Enables DVR in the Overcloud
 348             requires:
 349               - overcloud-resource-registry-puppet.yaml
 350           - file: environments/neutron-plumgrid.yaml
 351             title: PLUMgrid extensions
 352             description: Enables PLUMgrid extensions
 353             requires:
 354               - overcloud-resource-registry-puppet.yaml
 355           - file: environments/neutron-ml2-fujitsu-cfab.yaml
 356             title: Fujitsu Neutron plugin for C-Fabric
 357             description: Enable C-Fabric in the overcloud
 358             requires:
 359               - overcloud-resource-registry-puppet.yaml
 360           - file: environments/neutron-ml2-fujitsu-fossw.yaml
 361             title: Fujitsu Neutron plugin for FOS
 362             description: Enable FOS in the overcloud
 363             requires:
 364               - overcloud-resource-registry-puppet.yaml
 365           - file: environments/neutron-nsx.yaml
 366             title: Deploy NSX Services
 367             description:
 368             requires:
 369               - overcloud-resource-registry-puppet.yaml
 370           - file: environments/neutron-l2gw.yaml
 371             title: Neutron L2 gateway Service Plugin
 372             description: Enables Neutron L2 gateway Service Plugin
 373             requires:
 374               - overcloud-resource-registry-puppet.yaml
 375
 376   - title: Nova Extensions
 377     description:
 378     environment_groups:
 379       - title: Nova Extensions
 380         description:
 381         environments:
 382           - file: environments/nova-nuage-config.yaml
 383             title: Nuage backend
 384             description: >
 385               Enables Nuage backend on the Compute
 386             requires:
 387               - overcloud-resource-registry-puppet.yaml
 388
 389   - title: Storage
 390     description:
 391     environment_groups:
 392       - title: Cinder backup service
 393         description:
 394         environments:
 395           - file: environments/cinder-backup.yaml
 396             title: Cinder backup service
 397             description: >
 398               OpenStack Cinder Backup service with Pacemaker configured
 399               with Puppet
 400             requires:
 401               - environments/puppet-pacemaker.yaml
 402               - overcloud-resource-registry-puppet.yaml
 403       - title: Cinder backend
 404         description: >
 405           Enable various Cinder backends
 406         environments:
 407           - file: environments/cinder-netapp-config.yaml
 408             title: Cinder NetApp backend
 409             description:
 410             requires:
 411               - overcloud-resource-registry-puppet.yaml
 412           - file: environments/cinder-dellsc-config.yaml
 413             title: Cinder Dell EMC Storage Center ISCSI backend
 414             description: >
 415               Enables a Cinder Dell EMC Storage Center ISCSI backend,
 416               configured via puppet
 417             requires:
 418               - overcloud-resource-registry-puppet.yaml
 419           - file: environments/cinder-hpelefthand-config.yaml
 420             title: Cinder HPELeftHandISCSI backend
 421             description: >
 422               Enables a Cinder HPELeftHandISCSI backend, configured
 423               via puppet
 424             requires:
 425               - overcloud-resource-registry-puppet.yaml
 426           - file: environments/cinder-dellps-config.yaml
 427             title: Cinder Dell EMC PS Series backend
 428             description: >
 429               Enables a Cinder Dell EMC PS Series backend,
 430               configured via puppet
 431             requires:
 432               - overcloud-resource-registry-puppet.yaml
 433           - file: environments/cinder-iser.yaml
 434             title: Cinder iSER backend
 435             description: >
 436               Enable a Cinder iSER RDMA backend, configured via puppet
 437           - file: environments/cinder-scaleio-config.yaml
 438             title: Cinder Dell EMC ScaleIO backend
 439             description: >
 440               Enables a Cinder Dell EMC ScaleIO backend,
 441               configured via puppet
 442             requires:
 443               - overcloud-resource-registry-puppet.yaml
 444       - title: Ceph
 445         description: >
 446           Enable the use of Ceph in the overcloud
 447         environments:
 448           - file: environments/puppet-ceph-external.yaml
 449             title: Externally managed Ceph
 450             description: >
 451               Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
 452             requires:
 453               - overcloud-resource-registry-puppet.yaml
 454           - file: environments/puppet-ceph.yaml
 455             title: TripleO managed Ceph
 456             description: >
 457               Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
 458               use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
 459               colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
 460             requires:
 461               - overcloud-resource-registry-puppet.yaml
 462       - title: CephMDS
 463         description: >
 464           Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
 465           filesystems hosted in Ceph.
 466         environments:
 467           - file: environments/services/ceph-mds.yaml
 468             title: Deploys CephMDS
 469             description:
 470             requires:
 471               - environments/puppet-ceph.yaml
 472       - title: Ceph Rados Gateway
 473         description: >
 474           Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
 475           which stores data in the Ceph cluster.
 476         environments:
 477           - file: environments/ceph-radosgw.yaml
 478             title: Deploys CephRGW
 479             description:
 480             requires:
 481               - environments/puppet-ceph.yaml
 482       - title: Manila with CephFS
 483         description: >
 484           Deploys Manila and configures it with the CephFS driver. This requires the deployment of
 485           Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
 486         environments:
 487           - file: environments/manila-cephfsnative-config.yaml
 488             title: Deploys Manila with CephFS driver
 489             description: Deploys Manila and configures CephFS as its default backend.
 490             requires:
 491               - overcloud-resource-registry-puppet.yaml
 492       - title: Storage Environment
 493         description: >
 494           Can be used to set up storage backends. Defaults to Ceph used as a
 495           backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It
 496           configures which services will use Ceph, or if any of the services
 497           will use NFS. And more. Usually requires to be edited by user first.
 498         tags:
 499           - no-gui
 500         environments:
 501           - file: environments/storage-environment.yaml
 502             title: Storage Environment
 503             description:
 504             requires:
 505               - overcloud-resource-registry-puppet.yaml
 506
 507   - title: Utilities
 508     description:
 509     environment_groups:
 510       - title: Config Debug
 511         description: Enable config management (e.g. Puppet) debugging
 512         environments:
 513           - file: environments/config-debug.yaml
 514             title: Config Debug
 515             description:
 516             requires:
 517               - overcloud-resource-registry-puppet.yaml
 518       - title: Disable journal in MongoDb
 519         description: >
 520           Since, when journaling is enabled, MongoDb will create big journal
 521           file it can take time. In a CI environment for example journaling is
 522           not necessary.
 523         environments:
 524           - file: environments/mongodb-nojournal.yaml
 525             title: Disable journal in MongoDb
 526             description:
 527             requires:
 528               - overcloud-resource-registry-puppet.yaml
 529       - title: Overcloud Steps
 530         description: >
 531           Specifies hooks/breakpoints where overcloud deployment should stop
 532           Allows operator validation between steps, and/or more granular control.
 533           Note: the wildcards relate to naming convention for some resource suffixes,
 534           e.g see puppet/*-post.yaml, enabling this will mean we wait for
 535           a user signal on every *Deployment_StepN resource defined in those files.
 536         tags:
 537           - no-gui
 538         environments:
 539           - file: environments/overcloud-steps.yaml
 540             title: Overcloud Steps
 541             description:
 542             requires:
 543               - overcloud-resource-registry-puppet.yaml
 544
 545   - title: Operational Tools
 546     description:
 547     environment_groups:
 548       - title: Monitoring agents
 549         description: Enable monitoring agents
 550         environments:
 551           - file: environments/monitoring-environment.yaml
 552             title: Enable monitoring agents
 553             description:
 554             requires:
 555               - overcloud-resource-registry-puppet.yaml
 556       - title: Centralized logging support
 557         description: Enable centralized logging clients (fluentd)
 558         environments:
 559           - file: environments/logging-environment.yaml
 560             title: Enable fluentd client
 561             description:
 562             requires:
 563               - overcloud-resource-registry-puppet.yaml
 564       - title: Performance monitoring
 565         description: Enable performance monitoring agents
 566         environments:
 567           - file: environments/collectd-environment.yaml
 568             title: Enable performance monitoring agents
 569             description:
 570             requires:
 571               - overcloud-resource-registry-puppet.yaml
 572
 573   - title: Security Options
 574     description: Security Hardening Options
 575     environment_groups:
 576       - title: SSH Banner Text
 577         description: Enables population of SSH Banner Text
 578         environments:
 579           - file: environments/sshd-banner.yaml
 580             title: SSH Banner Text
 581             description:
 582             requires:
 583               - overcloud-resource-registry-puppet.yaml
 584       - title: Horizon Password Validation
 585         description: Enable Horizon Password validation
 586         environments:
 587           - file: environments/horizon_password_validation.yaml
 588             title: Horizon Password Validation
 589             description:
 590             requires:
 591               - overcloud-resource-registry-puppet.yaml
 592       - title: AuditD Rules
 593         description:  Management of AuditD rules
 594         environments:
 595           - file: environments/auditd.yaml
 596             title: AuditD Rule Management
 597             description:
 598             requires:
 599               - overcloud-resource-registry-puppet.yaml
 600       - title: Keystone CADF auditing
 601         description: Enable CADF notifications in Keystone for auditing
 602         environments:
 603           - file: environments/cadf.yaml
 604             title: Keystone CADF auditing
 605       - title: SecureTTY Values
 606         description: Set values within /etc/securetty
 607         environments:
 608           - file: environments/securetty.yaml
 609             title: SecureTTY Values