capabilities-map.yaml

   1 # This file holds metadata about the capabilities of the tripleo-heat-templates
   2 # repository for deployment using puppet. It groups configuration by topic,
   3 # describes possible combinations of environments and resource capabilities.
   4
   5 # topics:
   6 # High Level grouping by purpose of environments
   7 # Attributes:
   8 #  title: (required)
   9 #  description: (optional)
  10 #  environment_groups: (required)
  11
  12 # environment_groups:
  13 # Identifies an environment choice. If group includes multiple environments it
  14 # indicates that environments in group are mutually exclusive.
  15 # Attributes:
  16 #  title: (optional)
  17 #  description: (optional)
  18 #  tags: a list of tags to provide additional information for e.g. filtering (optional)
  19 #  environments: (required)
  20
  21 # environments:
  22 # List of environments in environment group
  23 # Attributes:
  24 #  file: a file name including path within repository (required)
  25 #  title: (required)
  26 #  description: (optional)
  27 #  requires: an array of environments which are required by this environment (optional)
  28 #  resource_registry: [tbd] (optional)
  29
  30 # resource_registry:
  31 # [tbd] Each environment can provide options on resource_registry level applicable
  32 # only when that given environment is used. (resource_type of that environment can
  33 # be implemented using multiple templates).
  34
  35 topics:
  36   - title: Base Resources Configuration
  37     description:
  38     environment_groups:
  39       - title:
  40         description: Enable base configuration for all resources required for OpenStack Deployment
  41         environments:
  42           - file: overcloud-resource-registry-puppet.yaml
  43             title: Base resources configuration
  44             description:
  45
  46   - title: Deployment Options
  47     description:
  48     environment_groups:
  49       - title: High Availability
  50         description: Enables configuration of an Overcloud controller with Pacemaker
  51         environments:
  52           - file: environments/puppet-pacemaker.yaml
  53             title: Pacemaker
  54             description: Enable configuration of an Overcloud controller with Pacemaker
  55             requires:
  56               - overcloud-resource-registry-puppet.yaml
  57       - title: Pacemaker options
  58         description:
  59         environments:
  60           - file: environments/puppet-pacemaker-no-restart.yaml
  61             title: Pacemaker No Restart
  62             description:
  63             requires:
  64               - environments/puppet-pacemaker.yaml
  65               - overcloud-resource-registry-puppet.yaml
  66       - title: Docker RDO
  67         description: >
  68           Docker container with heat agents for containerized compute node
  69         environments:
  70           - file: environments/docker.yaml
  71             title: Docker RDO
  72             description:
  73             requires:
  74               - overcloud-resource-registry-puppet.yaml
  75       - title: Enable TLS
  76         description: >
  77         environments:
  78           - file: environments/enable-tls.yaml
  79             title: TLS
  80             description: >
  81               Use this option to pass in certificates for SSL deployments.
  82               For these values to take effect, one of the TLS endpoints
  83               environments must also be used.
  84             requires:
  85               - overcloud-resource-registry-puppet.yaml
  86       - title: TLS Endpoints
  87         description: >
  88         environments:
  89           - file: environments/tls-endpoints-public-dns.yaml
  90             title: SSL-enabled deployment with DNS name as public endpoint
  91             description: >
  92               Use this environment when deploying an SSL-enabled overcloud where the public
  93               endpoint is a DNS name.
  94             requires:
  95               - environments/enable-tls.yaml
  96               - overcloud-resource-registry-puppet.yaml
  97           - file: environments/tls-endpoints-public-ip.yaml
  98             title: SSL-enabled deployment with IP address as public endpoint
  99             description: >
 100               Use this environment when deploying an SSL-enabled overcloud where the public
 101               endpoint is an IP address.
 102             requires:
 103               - environments/enable-tls.yaml
 104               - overcloud-resource-registry-puppet.yaml
 105       - title: External load balancer
 106         description: >
 107           Enable external load balancer
 108         environments:
 109           - file: environments/external-loadbalancer-vip-v6.yaml
 110             title: External load balancer IPv6
 111             description: >
 112             requires:
 113               - overcloud-resource-registry-puppet.yaml
 114           - file: environments/external-loadbalancer-vip.yaml
 115             title: External load balancer IPv4
 116             description: >
 117             requires:
 118               - overcloud-resource-registry-puppet.yaml
 119
 120   - title: Additional Services
 121     description: Deploy additional Overcloud services
 122     environment_groups:
 123       - title: Manila
 124         description:
 125         environments:
 126           - file: environments/manila-generic-config.yaml
 127             title: Manila
 128             description: Enable Manila generic driver backend
 129             requires:
 130               - overcloud-resource-registry-puppet.yaml
 131       - title: Sahara
 132         description:
 133         environments:
 134           - file: environments/services/sahara.yaml
 135             title: Sahara
 136             description: Deploy Sahara service
 137             requires:
 138               - overcloud-resource-registry-puppet.yaml
 139       - title: Ironic
 140         description:
 141         environments:
 142           - file: environments/services/ironic.yaml
 143             title: Ironic
 144             description: Deploy Ironic service
 145             requires:
 146               - overcloud-resource-registry-puppet.yaml
 147       - title: Mistral
 148         description:
 149         environments:
 150           - file: environments/services/mistral.yaml
 151             title: Mistral
 152             description: Deploy Mistral service
 153             requires:
 154               - overcloud-resource-registry-puppet.yaml
 155       - title: Ceilometer Api
 156         description:
 157         environments:
 158           - file: environments/services/disable-ceilometer-api.yaml
 159             title: Ceilometer Api
 160             description: Disable Ceilometer Api service. This service is
 161               deprecated and will be removed in future releases. Please move
 162               to using gnocchi/aodh/panko apis instead.
 163             requires:
 164               - overcloud-resource-registry-puppet.yaml
 165
 166   # - title: Network Interface Configuration
 167   #   description:
 168   #   environment_groups:
 169
 170   - title: Overlay Network Configuration
 171     description:
 172     environment_groups:
 173       - title: Network Isolation
 174         description:
 175         environments:
 176           - file: environments/network-isolation.yaml
 177             title: Network Isolation
 178             description: >
 179               Enable the creation of Neutron networks for
 180               isolated Overcloud traffic and configure each role to assign ports
 181               (related to that role) on these networks.
 182             requires:
 183               - overcloud-resource-registry-puppet.yaml
 184           - file: environments/network-isolation-v6.yaml
 185             title: Network Isolation IPv6
 186             description: >
 187               Enable the creation of IPv6 Neutron networks for isolated Overcloud
 188               traffic and configure each role to assign ports (related
 189               to that role) on these networks.
 190             requires:
 191               - overcloud-resource-registry-puppet.yaml
 192       - title: Single NIC or Bonding
 193         description: >
 194           Configure roles to use pair of bonded nics or to use Vlans on a
 195           single nic. This option assumes use of Network Isolation.
 196         environments:
 197           - file: environments/net-bond-with-vlans.yaml
 198             title: Bond with Vlans
 199             description: >
 200               Configure each role to use a pair of bonded nics (nic2 and
 201               nic3) and configures an IP address on each relevant isolated network
 202               for each role. This option assumes use of Network Isolation.
 203             requires:
 204               - environments/network-isolation.yaml
 205               - overcloud-resource-registry-puppet.yaml
 206           - file: environments/net-bond-with-vlans-no-external.yaml
 207             title: Bond with Vlans No External Ports
 208             description: >
 209               Configure each role to use a pair of bonded nics (nic2 and
 210               nic3) and configures an IP address on each relevant isolated network
 211               for each role. This option assumes use of Network Isolation.
 212               Sets external ports to noop.
 213             requires:
 214               - environments/network-isolation.yaml
 215               - overcloud-resource-registry-puppet.yaml
 216           - file: environments/net-bond-with-vlans-v6.yaml
 217             title: Bond with Vlans IPv6
 218             description: >
 219               Configure each role to use a pair of bonded nics (nic2 and
 220               nic3) and configures an IP address on each relevant isolated network
 221               for each role, with IPv6 on the External network.
 222               This option assumes use of Network Isolation IPv6.
 223             requires:
 224               - environments/network-isolation-v6.yaml
 225               - overcloud-resource-registry-puppet.yaml
 226           - file: environments/net-multiple-nics.yaml
 227             title: Multiple NICs
 228             description: >
 229               Configures each role to use a separate NIC for
 230               each isolated network.
 231               This option assumes use of Network Isolation.
 232             requires:
 233               - environments/network-isolation.yaml
 234               - overcloud-resource-registry-puppet.yaml
 235           - file: environments/net-multiple-nics-v6.yaml
 236             title: Multiple NICs IPv6
 237             description: >
 238               Configure each role to use a separate NIC for
 239               each isolated network with IPv6 on the External network.
 240               This option assumes use of Network Isolation IPv6.
 241             requires:
 242               - environments/network-isolation-v6.yaml
 243               - overcloud-resource-registry-puppet.yaml
 244           - file: environments/net-single-nic-with-vlans.yaml
 245             title: Single NIC with Vlans
 246             description: >
 247               Configure each role to use Vlans on a single NIC for
 248               each isolated network. This option assumes use of Network Isolation.
 249             requires:
 250               - environments/network-isolation.yaml
 251               - overcloud-resource-registry-puppet.yaml
 252           - file: environments/net-single-nic-with-vlans-no-external.yaml
 253             title: Single NIC with Vlans No External Ports
 254             description: >
 255               Configure each role to use Vlans on a single NIC for
 256               each isolated network. This option assumes use of Network Isolation.
 257               Sets external ports to noop.
 258             requires:
 259               - environments/network-isolation.yaml
 260               - overcloud-resource-registry-puppet.yaml
 261           - file: environments/net-single-nic-linux-bridge-with-vlans.yaml
 262             title: Single NIC with Linux Bridge Vlans
 263             description: >
 264               Configure each role to use Vlans on a single NIC for
 265               each isolated network. This option assumes use of Network Isolation.
 266             requires:
 267               - environments/network-isolation.yaml
 268               - overcloud-resource-registry-puppet.yaml
 269           - file: environments/net-single-nic-with-vlans-v6.yaml
 270             title: Single NIC with Vlans IPv6
 271             description: >
 272               Configures each role to use Vlans on a single NIC for
 273               each isolated network with IPv6 on the External network.
 274               This option assumes use of Network Isolation IPv6
 275             requires:
 276               - environments/network-isolation-v6.yaml
 277               - overcloud-resource-registry-puppet.yaml
 278       - title: Management Network
 279         description: >
 280           Enable the creation of a system management network. This
 281           creates a Neutron network for isolated Overcloud
 282           system management traffic and configures each role to
 283           assign a port (related to that role) on that network.
 284         environments:
 285           - file: environments/network-management.yaml
 286             title: Management Network
 287             description:
 288             requires:
 289               - overcloud-resource-registry-puppet.yaml
 290           - file: environments/network-management-v6.yaml
 291             title: Management Network IPv6
 292             description:
 293             requires:
 294               - overcloud-resource-registry-puppet.yaml
 295
 296   - title: Neutron Plugin Configuration
 297     description:
 298     environment_groups:
 299       - title: Neutron Plugins
 300         description: >
 301           Enable various Neutron plugins and backends
 302         environments:
 303           - file: environments/neutron-bgpvpn.yaml
 304             title: Neutron BGPVPN Service Plugin
 305             description: Enables Neutron BGPVPN Service Plugin
 306             requires:
 307               - overcloud-resource-registry-puppet.yaml
 308           - file: environments/neutron-ml2-bigswitch.yaml
 309             title: BigSwitch Extensions
 310             description: >
 311               Enable Big Switch extensions, configured via puppet
 312             requires:
 313               - overcloud-resource-registry-puppet.yaml
 314           - file: environments/neutron-ml2-cisco-n1kv.yaml
 315             title: Cisco N1KV backend
 316             description: >
 317               Enable a Cisco N1KV backend, configured via puppet
 318             requires:
 319               - overcloud-resource-registry-puppet.yaml
 320           - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
 321             title: Cisco Neutron plugin
 322             description:
 323             requires:
 324               - overcloud-resource-registry-puppet.yaml
 325           - file: environments/neutron-midonet.yaml
 326             title: Deploy MidoNet Services
 327             description:
 328             requires:
 329               - overcloud-resource-registry-puppet.yaml
 330           - file: environments/neutron-nuage-config.yaml
 331             title: Neutron Nuage backend
 332             description: Enables Neutron Nuage backend on the controller
 333             requires:
 334               - overcloud-resource-registry-puppet.yaml
 335           - file: environments/neutron-opendaylight.yaml
 336             title: OpenDaylight
 337             description: Enables OpenDaylight
 338             requires:
 339               - overcloud-resource-registry-puppet.yaml
 340           - file: environments/neutron-ovs-dpdk.yaml
 341             title: DPDK with OVS
 342             description: Deploy DPDK with OVS
 343             requires:
 344               - overcloud-resource-registry-puppet.yaml
 345           - file: environments/neutron-ovs-dvr.yaml
 346             title: DVR
 347             description: Enables DVR in the Overcloud
 348             requires:
 349               - overcloud-resource-registry-puppet.yaml
 350           - file: environments/neutron-plumgrid.yaml
 351             title: PLUMgrid extensions
 352             description: Enables PLUMgrid extensions
 353             requires:
 354               - overcloud-resource-registry-puppet.yaml
 355           - file: environments/neutron-ml2-fujitsu-cfab.yaml
 356             title: Fujitsu Neutron plugin for C-Fabric
 357             description: Enable C-Fabric in the overcloud
 358             requires:
 359               - overcloud-resource-registry-puppet.yaml
 360           - file: environments/neutron-ml2-fujitsu-fossw.yaml
 361             title: Fujitsu Neutron plugin for FOS
 362             description: Enable FOS in the overcloud
 363             requires:
 364               - overcloud-resource-registry-puppet.yaml
 365           - file: environments/neutron-nsx.yaml
 366             title: Deploy NSX Services
 367             description:
 368             requires:
 369               - overcloud-resource-registry-puppet.yaml
 370           - file: environments/neutron-l2gw.yaml
 371             title: Neutron L2 gateway Service Plugin
 372             description: Enables Neutron L2 gateway Service Plugin
 373             requires:
 374               - overcloud-resource-registry-puppet.yaml
 375
 376   - title: Nova Extensions
 377     description:
 378     environment_groups:
 379       - title: Nova Extensions
 380         description:
 381         environments:
 382           - file: environments/nova-nuage-config.yaml
 383             title: Nuage backend
 384             description: >
 385               Enables Nuage backend on the Compute
 386             requires:
 387               - overcloud-resource-registry-puppet.yaml
 388
 389   - title: Storage
 390     description:
 391     environment_groups:
 392       - title: Cinder backup service
 393         description:
 394         environments:
 395           - file: environments/cinder-backup.yaml
 396             title: Cinder backup service
 397             description: >
 398               OpenStack Cinder Backup service with Pacemaker configured
 399               with Puppet
 400             requires:
 401               - environments/puppet-pacemaker.yaml
 402               - overcloud-resource-registry-puppet.yaml
 403       - title: Cinder backend
 404         description: >
 405           Enable various Cinder backends
 406         environments:
 407           - file: environments/cinder-pure-config.yaml
 408             title: Cinder Pure Storage FlashArray backend
 409             description:
 410             requires:
 411               - overcloud-resource-registry-puppet.yaml
 412           - file: environments/cinder-netapp-config.yaml
 413             title: Cinder NetApp backend
 414             description:
 415             requires:
 416               - overcloud-resource-registry-puppet.yaml
 417           - file: environments/cinder-dellsc-config.yaml
 418             title: Cinder Dell EMC Storage Center ISCSI backend
 419             description: >
 420               Enables a Cinder Dell EMC Storage Center ISCSI backend,
 421               configured via puppet
 422             requires:
 423               - overcloud-resource-registry-puppet.yaml
 424           - file: environments/cinder-hpelefthand-config.yaml
 425             title: Cinder HPELeftHandISCSI backend
 426             description: >
 427               Enables a Cinder HPELeftHandISCSI backend, configured
 428               via puppet
 429             requires:
 430               - overcloud-resource-registry-puppet.yaml
 431           - file: environments/cinder-dellps-config.yaml
 432             title: Cinder Dell EMC PS Series backend
 433             description: >
 434               Enables a Cinder Dell EMC PS Series backend,
 435               configured via puppet
 436             requires:
 437               - overcloud-resource-registry-puppet.yaml
 438           - file: environments/cinder-iser.yaml
 439             title: Cinder iSER backend
 440             description: >
 441               Enable a Cinder iSER RDMA backend, configured via puppet
 442           - file: environments/cinder-scaleio-config.yaml
 443             title: Cinder Dell EMC ScaleIO backend
 444             description: >
 445               Enables a Cinder Dell EMC ScaleIO backend,
 446               configured via puppet
 447             requires:
 448               - overcloud-resource-registry-puppet.yaml
 449       - title: Ceph
 450         description: >
 451           Enable the use of Ceph in the overcloud
 452         environments:
 453           - file: environments/puppet-ceph-external.yaml
 454             title: Externally managed Ceph
 455             description: >
 456               Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
 457             requires:
 458               - overcloud-resource-registry-puppet.yaml
 459           - file: environments/puppet-ceph.yaml
 460             title: TripleO managed Ceph
 461             description: >
 462               Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
 463               use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
 464               colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
 465             requires:
 466               - overcloud-resource-registry-puppet.yaml
 467       - title: CephMDS
 468         description: >
 469           Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
 470           filesystems hosted in Ceph.
 471         environments:
 472           - file: environments/services/ceph-mds.yaml
 473             title: Deploys CephMDS
 474             description:
 475             requires:
 476               - environments/puppet-ceph.yaml
 477       - title: Ceph Rados Gateway
 478         description: >
 479           Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
 480           which stores data in the Ceph cluster.
 481         environments:
 482           - file: environments/ceph-radosgw.yaml
 483             title: Deploys CephRGW
 484             description:
 485             requires:
 486               - environments/puppet-ceph.yaml
 487       - title: Manila with CephFS
 488         description: >
 489           Deploys Manila and configures it with the CephFS driver. This requires the deployment of
 490           Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
 491         environments:
 492           - file: environments/manila-cephfsnative-config.yaml
 493             title: Deploys Manila with CephFS driver
 494             description: Deploys Manila and configures CephFS as its default backend.
 495             requires:
 496               - overcloud-resource-registry-puppet.yaml
 497       - title: Storage Environment
 498         description: >
 499           Can be used to set up storage backends. Defaults to Ceph used as a
 500           backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It
 501           configures which services will use Ceph, or if any of the services
 502           will use NFS. And more. Usually requires to be edited by user first.
 503         tags:
 504           - no-gui
 505         environments:
 506           - file: environments/storage-environment.yaml
 507             title: Storage Environment
 508             description:
 509             requires:
 510               - overcloud-resource-registry-puppet.yaml
 511
 512   - title: Utilities
 513     description:
 514     environment_groups:
 515       - title: Config Debug
 516         description: Enable config management (e.g. Puppet) debugging
 517         environments:
 518           - file: environments/config-debug.yaml
 519             title: Config Debug
 520             description:
 521             requires:
 522               - overcloud-resource-registry-puppet.yaml
 523       - title: Disable journal in MongoDb
 524         description: >
 525           Since, when journaling is enabled, MongoDb will create big journal
 526           file it can take time. In a CI environment for example journaling is
 527           not necessary.
 528         environments:
 529           - file: environments/mongodb-nojournal.yaml
 530             title: Disable journal in MongoDb
 531             description:
 532             requires:
 533               - overcloud-resource-registry-puppet.yaml
 534       - title: Overcloud Steps
 535         description: >
 536           Specifies hooks/breakpoints where overcloud deployment should stop
 537           Allows operator validation between steps, and/or more granular control.
 538           Note: the wildcards relate to naming convention for some resource suffixes,
 539           e.g see puppet/*-post.yaml, enabling this will mean we wait for
 540           a user signal on every *Deployment_StepN resource defined in those files.
 541         tags:
 542           - no-gui
 543         environments:
 544           - file: environments/overcloud-steps.yaml
 545             title: Overcloud Steps
 546             description:
 547             requires:
 548               - overcloud-resource-registry-puppet.yaml
 549
 550   - title: Operational Tools
 551     description:
 552     environment_groups:
 553       - title: Monitoring agents
 554         description: Enable monitoring agents
 555         environments:
 556           - file: environments/monitoring-environment.yaml
 557             title: Enable monitoring agents
 558             description:
 559             requires:
 560               - overcloud-resource-registry-puppet.yaml
 561       - title: Centralized logging support
 562         description: Enable centralized logging clients (fluentd)
 563         environments:
 564           - file: environments/logging-environment.yaml
 565             title: Enable fluentd client
 566             description:
 567             requires:
 568               - overcloud-resource-registry-puppet.yaml
 569       - title: Performance monitoring
 570         description: Enable performance monitoring agents
 571         environments:
 572           - file: environments/collectd-environment.yaml
 573             title: Enable performance monitoring agents
 574             description:
 575             requires:
 576               - overcloud-resource-registry-puppet.yaml
 577
 578   - title: Security Options
 579     description: Security Hardening Options
 580     environment_groups:
 581       - title: SSH Banner Text
 582         description: Enables population of SSH Banner Text
 583         environments:
 584           - file: environments/sshd-banner.yaml
 585             title: SSH Banner Text
 586             description:
 587             requires:
 588               - overcloud-resource-registry-puppet.yaml
 589       - title: Horizon Password Validation
 590         description: Enable Horizon Password validation
 591         environments:
 592           - file: environments/horizon_password_validation.yaml
 593             title: Horizon Password Validation
 594             description:
 595             requires:
 596               - overcloud-resource-registry-puppet.yaml
 597       - title: AuditD Rules
 598         description:  Management of AuditD rules
 599         environments:
 600           - file: environments/auditd.yaml
 601             title: AuditD Rule Management
 602             description:
 603             requires:
 604               - overcloud-resource-registry-puppet.yaml
 605       - title: Keystone CADF auditing
 606         description: Enable CADF notifications in Keystone for auditing
 607         environments:
 608           - file: environments/cadf.yaml
 609             title: Keystone CADF auditing
 610       - title: SecureTTY Values
 611         description: Set values within /etc/securetty
 612         environments:
 613           - file: environments/securetty.yaml
 614             title: SecureTTY Values