capabilities-map.yaml

   1 # This file holds metadata about the capabilities of the tripleo-heat-templates
   2 # repository for deployment using puppet. It groups configuration by topic,
   3 # describes possible combinations of environments and resource capabilities.
   4
   5 # topics:
   6 # High Level grouping by purpose of environments
   7 # Attributes:
   8 #  title: (required)
   9 #  description: (optional)
  10 #  environment_groups: (required)
  11
  12 # environment_groups:
  13 # Identifies a group of environments.
  14 # Attributes:
  15 #  title: (optional)
  16 #  description: (optional)
  17 #  tags: a list of tags to provide additional information for e.g. filtering (optional)
  18 #  environments: (required)
  19 #  mutually_exclusive: (optional) boolean to identify that environments in group are mutually exclusive
  20
  21 # environments:
  22 # List of environments in environment group
  23 # Attributes:
  24 #  file: a file name including path within repository (required)
  25 #  title: (required)
  26 #  description: (optional)
  27 #  requires: an array of environments which are required by this environment (optional)
  28
  29 topics:
  30   - title: General Deployment Options
  31     description:
  32     environment_groups:
  33       - name: general-deployment-options
  34         title:
  35         description: Enables base configuration for all resources required for OpenStack Deployment
  36         environments:
  37           - file: overcloud-resource-registry-puppet.yaml
  38             title: Base resources configuration
  39             description:
  40       - title: Containerized Deployment
  41         description: >
  42           Configures Deployment to use containerized services
  43         environments:
  44           - file: environments/docker.yaml
  45             title: Containerized Deployment
  46             description:
  47             requires:
  48               - overcloud-resource-registry-puppet.yaml
  49       - title: High Availability
  50         description: Enables configuration of an Overcloud Controller with Pacemaker
  51         environments:
  52           - file: environments/puppet-pacemaker.yaml
  53             title: High Availability (Pacemaker)
  54             description:
  55             requires:
  56               - overcloud-resource-registry-puppet.yaml
  57
  58   - title: Network Configuration
  59     description:
  60     environment_groups:
  61       - title: Network Isolation
  62         description:
  63         environments:
  64           - file: environments/network-isolation.yaml
  65             title: Network Isolation
  66             description: >
  67               Enable the creation of Neutron networks for
  68               isolated Overcloud traffic and configure each role to assign ports
  69               (related to that role) on these networks.
  70             requires:
  71               - overcloud-resource-registry-puppet.yaml
  72           - file: environments/network-isolation-v6.yaml
  73             title: Network Isolation IPv6
  74             description: >
  75               Enable the creation of IPv6 Neutron networks for isolated Overcloud
  76               traffic and configure each role to assign ports (related
  77               to that role) on these networks.
  78             requires:
  79               - overcloud-resource-registry-puppet.yaml
  80         mutually_exclusive: true
  81       - title: NICs, Bonding, VLANs Configuration
  82         description: >
  83           Choose one of the pre-defined configurations or provide custom
  84           network-environment.yaml instead. Note that pre-defined configuration work
  85           only with standard Roles and Networks. These options assume use of Network Isolation.
  86         environments:
  87           - file: environments/net-bond-with-vlans.yaml
  88             title: Bond with Vlans
  89             description: >
  90               Configure each role to use a pair of bonded nics (nic2 and
  91               nic3) and configures an IP address on each relevant isolated network
  92               for each role. This option assumes use of Network Isolation.
  93             requires:
  94               - environments/network-isolation.yaml
  95           - file: environments/net-bond-with-vlans-no-external.yaml
  96             title: Bond with Vlans No External Ports
  97             description: >
  98               Configure each role to use a pair of bonded nics (nic2 and
  99               nic3) and configures an IP address on each relevant isolated network
 100               for each role. This option assumes use of Network Isolation.
 101               Sets external ports to noop.
 102             requires:
 103               - environments/network-isolation.yaml
 104           - file: environments/net-bond-with-vlans-v6.yaml
 105             title: Bond with Vlans IPv6
 106             description: >
 107               Configure each role to use a pair of bonded nics (nic2 and
 108               nic3) and configures an IP address on each relevant isolated network
 109               for each role, with IPv6 on the External network.
 110               This option assumes use of Network Isolation IPv6.
 111             requires:
 112               - environments/network-isolation-v6.yaml
 113           - file: environments/net-multiple-nics.yaml
 114             title: Multiple NICs
 115             description: >
 116               Configures each role to use a separate NIC for
 117               each isolated network.
 118               This option assumes use of Network Isolation.
 119             requires:
 120               - environments/network-isolation.yaml
 121           - file: environments/net-multiple-nics-v6.yaml
 122             title: Multiple NICs IPv6
 123             description: >
 124               Configure each role to use a separate NIC for
 125               each isolated network with IPv6 on the External network.
 126               This option assumes use of Network Isolation IPv6.
 127             requires:
 128               - environments/network-isolation-v6.yaml
 129           - file: environments/net-single-nic-with-vlans.yaml
 130             title: Single NIC with Vlans
 131             description: >
 132               Configure each role to use Vlans on a single NIC for
 133               each isolated network. This option assumes use of Network Isolation.
 134             requires:
 135               - environments/network-isolation.yaml
 136           - file: environments/net-single-nic-with-vlans-no-external.yaml
 137             title: Single NIC with Vlans No External Ports
 138             description: >
 139               Configure each role to use Vlans on a single NIC for
 140               each isolated network. This option assumes use of Network Isolation.
 141               Sets external ports to noop.
 142             requires:
 143               - environments/network-isolation.yaml
 144           - file: environments/net-single-nic-linux-bridge-with-vlans.yaml
 145             title: Single NIC with Linux Bridge Vlans
 146             description: >
 147               Configure each role to use Vlans on a single NIC for
 148               each isolated network. This option assumes use of Network Isolation.
 149             requires:
 150               - environments/network-isolation.yaml
 151           - file: environments/net-single-nic-with-vlans-v6.yaml
 152             title: Single NIC with Vlans IPv6
 153             description: >
 154               Configures each role to use Vlans on a single NIC for
 155               each isolated network with IPv6 on the External network.
 156               This option assumes use of Network Isolation IPv6
 157             requires:
 158               - environments/network-isolation-v6.yaml
 159         mutually_exclusive: true
 160       - title: Management Network
 161         description: >
 162           Enable the creation of a system management network. This
 163           creates a Neutron network for isolated Overcloud
 164           system management traffic and configures each role to
 165           assign a port (related to that role) on that network.
 166         environments:
 167           - file: environments/network-management.yaml
 168             title: Management Network
 169             description:
 170             requires:
 171               - overcloud-resource-registry-puppet.yaml
 172           - file: environments/network-management-v6.yaml
 173             title: Management Network IPv6
 174             description:
 175             requires:
 176               - overcloud-resource-registry-puppet.yaml
 177         mutually_exclusive: true
 178
 179       - title: Docker Network
 180         description: >
 181           [Temporary] Use this option when deploying containerized deployment
 182           without network isolation
 183         environments:
 184           - file: environments/docker-network.yaml
 185             title: Docker network
 186             description:
 187             requires:
 188               - environments/docker.yaml
 189
 190       - title: External load balancer
 191         description: >
 192           Enable external load balancer, requires network Isolation to be enabled.
 193           Note that this option assumes standard isolated networks set.
 194         environments:
 195           - file: environments/external-loadbalancer-vip.yaml
 196             title: External load balancer IPv4
 197             description: >
 198             requires:
 199               - environments/network-isolation.yaml
 200           - file: environments/external-loadbalancer-vip-v6.yaml
 201             title: External load balancer IPv6
 202             description: >
 203             requires:
 204               - environments/network-isolation-v6.yaml
 205         mutually_exclusive: true
 206
 207   - title: Neutron Plugin Configuration
 208     description:
 209     environment_groups:
 210       - title: Neutron Plugins
 211         description: >
 212           Enable various Neutron plugins and backends
 213         environments:
 214           - file: environments/neutron-bgpvpn.yaml
 215             title: Neutron BGPVPN Service Plugin
 216             description: Enables Neutron BGPVPN Service Plugin
 217             requires:
 218               - overcloud-resource-registry-puppet.yaml
 219           - file: environments/services/neutron-lbaasv2.yaml
 220             title: Neutron LBaaSv2 Service Plugin
 221             description: Enables Neutron LBaaSv2 Service Plugin and Agent
 222             requires:
 223               - overcloud-resource-registry-puppet.yaml
 224           - file: environments/neutron-ml2-bigswitch.yaml
 225             title: BigSwitch Extensions
 226             description: >
 227               Enable Big Switch extensions, configured via puppet
 228             requires:
 229               - overcloud-resource-registry-puppet.yaml
 230           - file: environments/neutron-ml2-cisco-n1kv.yaml
 231             title: Cisco N1KV backend
 232             description: >
 233               Enable a Cisco N1KV backend, configured via puppet
 234             requires:
 235               - overcloud-resource-registry-puppet.yaml
 236           - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
 237             title: Cisco Neutron plugin
 238             description:
 239             requires:
 240               - overcloud-resource-registry-puppet.yaml
 241           - file: environments/networking/neutron-midonet.yaml
 242             title: Neutron MidoNet Services
 243             description:
 244             requires:
 245               - overcloud-resource-registry-puppet.yaml
 246           - file: environments/neutron-nuage-config.yaml
 247             title: Neutron Nuage backend
 248             description: Enables Neutron Nuage backend on the controller
 249             requires:
 250               - overcloud-resource-registry-puppet.yaml
 251           - file: environments/neutron-opendaylight.yaml
 252             title: OpenDaylight
 253             description: Enables OpenDaylight
 254             requires:
 255               - overcloud-resource-registry-puppet.yaml
 256           - file: environments/neutron-ovs-dpdk.yaml
 257             title: DPDK with OVS
 258             description: Deploy DPDK with OVS
 259             requires:
 260               - overcloud-resource-registry-puppet.yaml
 261           - file: environments/neutron-ovs-dvr.yaml
 262             title: DVR
 263             description: Enables DVR in the Overcloud
 264             requires:
 265               - overcloud-resource-registry-puppet.yaml
 266           - file: environments/neutron-plumgrid.yaml
 267             title: PLUMgrid extensions
 268             description: Enables PLUMgrid extensions
 269             requires:
 270               - overcloud-resource-registry-puppet.yaml
 271           - file: environments/neutron-ml2-fujitsu-cfab.yaml
 272             title: Fujitsu Neutron plugin for C-Fabric
 273             description: Enable C-Fabric in the overcloud
 274             requires:
 275               - overcloud-resource-registry-puppet.yaml
 276           - file: environments/neutron-ml2-fujitsu-fossw.yaml
 277             title: Fujitsu Neutron plugin for FOS
 278             description: Enable FOS in the overcloud
 279             requires:
 280               - overcloud-resource-registry-puppet.yaml
 281           - file: environments/neutron-nsx.yaml
 282             title: Deploy NSX Services
 283             description:
 284             requires:
 285               - overcloud-resource-registry-puppet.yaml
 286           - file: environments/neutron-l2gw.yaml
 287             title: Neutron L2 gateway Service Plugin
 288             description: Enables Neutron L2 gateway Service Plugin and Agent
 289             requires:
 290               - overcloud-resource-registry-puppet.yaml
 291
 292   - title: Storage
 293     description:
 294     environment_groups:
 295       - title: Cinder backends
 296         description: >
 297           Enable various Cinder backends
 298         environments:
 299           - file: environments/cinder-pure-config.yaml
 300             title: Cinder Pure Storage FlashArray backend
 301             description:
 302             requires:
 303               - overcloud-resource-registry-puppet.yaml
 304           - file: environments/storage/cinder-netapp-config.yaml
 305             title: Cinder NetApp backend
 306             description:
 307             requires:
 308               - overcloud-resource-registry-puppet.yaml
 309           - file: environments/cinder-dellsc-config.yaml
 310             title: Cinder Dell EMC Storage Center ISCSI backend
 311             description: >
 312               Enables a Cinder Dell EMC Storage Center ISCSI backend
 313             requires:
 314               - overcloud-resource-registry-puppet.yaml
 315           - file: environments/cinder-hpelefthand-config.yaml
 316             title: Cinder HPELeftHandISCSI backend
 317             description: >
 318               Enables a Cinder HPELeftHandISCSI backend
 319             requires:
 320               - overcloud-resource-registry-puppet.yaml
 321           - file: environments/cinder-dellps-config.yaml
 322             title: Cinder Dell EMC PS Series backend
 323             description: >
 324               Enables a Cinder Dell EMC PS Series backend
 325             requires:
 326               - overcloud-resource-registry-puppet.yaml
 327           - file: environments/cinder-iser.yaml
 328             title: Cinder iSER backend
 329             description: >
 330               Enable a Cinder iSER RDMA backend, configured via puppet
 331           - file: environments/cinder-scaleio-config.yaml
 332             title: Cinder Dell EMC ScaleIO backend
 333             description: >
 334               Enables a Cinder Dell EMC ScaleIO backend
 335             requires:
 336               - overcloud-resource-registry-puppet.yaml
 337           - file: environments/cinder-veritas-hyperscale-config.yaml
 338             title: Cinder Veritas HyperScale backend
 339             description: >
 340               Enables a Cinder Veritas HyperScale backend,
 341               configured via puppet
 342             requires:
 343               - overcloud-resource-registry-puppet.yaml
 344       - title: Cinder backup service
 345         description:
 346         environments:
 347           - file: environments/cinder-backup.yaml
 348             title: Cinder backup service
 349             description: >
 350               OpenStack Cinder Backup service with Pacemaker
 351             requires:
 352               - environments/puppet-pacemaker.yaml
 353               - overcloud-resource-registry-puppet.yaml
 354       - title: Ceph
 355         description: >
 356           Enable the use of Ceph in the overcloud
 357         environments:
 358           - file: environments/puppet-ceph.yaml
 359             title: Ceph Storage Backend
 360             description: >
 361               Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
 362               use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
 363               colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
 364             requires:
 365               - overcloud-resource-registry-puppet.yaml
 366           - file: environments/storage/external-ceph.yaml
 367             title: Externally managed Ceph
 368             description: >
 369               Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
 370             requires:
 371               - overcloud-resource-registry-puppet.yaml
 372         mutually_exclusive: true
 373       - title: Additional Ceph Options
 374         description:
 375         environments:
 376           - file: environments/services/ceph-mds.yaml
 377             title: Deploys CephMDS
 378             description: >
 379               Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
 380               filesystems hosted in Ceph.
 381             requires:
 382               - environments/puppet-ceph.yaml
 383           - file: environments/ceph-radosgw.yaml
 384             title: Ceph Rados Gateway
 385             description: >
 386               Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
 387               which stores data in the Ceph cluster.
 388             requires:
 389               - environments/puppet-ceph.yaml
 390           - file: environments/manila-cephfsnative-config.yaml
 391             title: Manila with CephFS
 392             description: >
 393               Deploys Manila and configures it with the CephFS driver. This requires the deployment of
 394               Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
 395             requires:
 396               - overcloud-resource-registry-puppet.yaml
 397       - title: Glance backends
 398         description:
 399         environments:
 400           - file: environments/storage/glance-nfs.yaml
 401             title: Glance NFS Backend
 402             description: |
 403               Configure and enable this option to enable the use of an NFS
 404               share as the backend for Glance.
 405             requires:
 406               - overcloud-resource-registry-puppet.yaml
 407
 408
 409   - title: Security
 410     description: Security Hardening Options
 411     environment_groups:
 412       - title: TLS
 413         description:
 414         environments:
 415           - file: environments/ssl/enable-tls.yaml
 416             title: SSL on OpenStack Public Endpoints
 417             description: >
 418               Use this option to pass in certificates for SSL deployments.
 419               For these values to take effect, one of the TLS endpoints
 420               options must also be used.
 421             requires:
 422               - overcloud-resource-registry-puppet.yaml
 423       - title: TLS Endpoints
 424         description:
 425         environments:
 426           - file: environments/ssl/tls-endpoints-public-dns.yaml
 427             title: SSL-enabled deployment with DNS name as public endpoint
 428             description: >
 429               Use this option when deploying an SSL-enabled overcloud where the public
 430               endpoint is a DNS name.
 431             requires:
 432               - environments/ssl/enable-tls.yaml
 433           - file: environments/ssl/tls-everywhere-endpoints-dns.yaml
 434             title: Deploy All SSL Endpoints as DNS names
 435             description: >
 436               Use this option when deploying an overcloud where all the endpoints are
 437               DNS names and there's TLS in all endpoint types.
 438             requires:
 439               - environments/ssl/enable-tls.yaml
 440           - file: environments/ssl/tls-endpoints-public-ip.yaml
 441             title: SSL-enabled deployment with IP address as public endpoint
 442             description: >
 443               Use this option when deploying an SSL-enabled overcloud where the public
 444               endpoint is an IP address.
 445             requires:
 446               - environments/ssl/enable-tls.yaml
 447         mutually_exclusive: true
 448       - title: SSH Banner Text
 449         description: Enables population of SSH Banner Text
 450         environments:
 451           - file: environments/sshd-banner.yaml
 452             title: SSH Banner Text
 453             description:
 454             requires:
 455               - overcloud-resource-registry-puppet.yaml
 456       - title: Horizon Password Validation
 457         description: Enable Horizon Password validation
 458         environments:
 459           - file: environments/horizon_password_validation.yaml
 460             title: Horizon Password Validation
 461             description:
 462             requires:
 463               - overcloud-resource-registry-puppet.yaml
 464       - title: AuditD Rules
 465         description:  Management of AuditD rules
 466         environments:
 467           - file: environments/auditd.yaml
 468             title: AuditD Rule Management
 469             description:
 470             requires:
 471               - overcloud-resource-registry-puppet.yaml
 472       - title: Keystone CADF auditing
 473         description: Enable CADF notifications in Keystone for auditing
 474         environments:
 475           - file: environments/cadf.yaml
 476             title: Keystone CADF auditing
 477       - title: SecureTTY Values
 478         description: Set values within /etc/securetty
 479         environments:
 480           - file: environments/securetty.yaml
 481             title: SecureTTY Values
 482
 483   - title: Additional Services
 484     description:
 485     environment_groups:
 486       - title:
 487         description: Deploy additional services
 488         environments:
 489           - file: environments/services/manila-generic-config.yaml
 490             title: Barbican
 491             description: Enable Barbican with the default secret store backend
 492             requires:
 493               - overcloud-resource-registry-puppet.yaml
 494           - file: environments/manila-generic-config.yaml
 495             title: Manila
 496             description: Enable Manila with generic driver backend
 497             requires:
 498               - overcloud-resource-registry-puppet.yaml
 499           - file: environments/services/sahara.yaml
 500             title: Sahara
 501             description: Deploy Sahara service
 502             requires:
 503               - overcloud-resource-registry-puppet.yaml
 504           - file: environments/services/ironic.yaml
 505             title: Ironic
 506             description: Deploy Ironic service
 507             requires:
 508               - overcloud-resource-registry-puppet.yaml
 509           - file: environments/services/mistral.yaml
 510             title: Mistral
 511             description: Deploy Mistral service
 512             requires:
 513               - overcloud-resource-registry-puppet.yaml
 514           - file: environments/services/ec2-api.yaml
 515             title: EC2 API
 516             description: Enable EC2-API service
 517             requires:
 518               - overcloud-resource-registry-puppet.yaml
 519           - file: environments/services/zaqar.yaml
 520             title: Zaqar
 521             description: Deploy Zaqar service
 522             requires:
 523               - overcloud-resource-registry-puppet.yaml
 524
 525   - title: Nova Extensions
 526     description:
 527     environment_groups:
 528       - title: Nova Extensions
 529         description:
 530         environments:
 531           - file: environments/nova-nuage-config.yaml
 532             title: Nuage backend
 533             description: >
 534               Enables Nuage backend on the Compute
 535             requires:
 536               - overcloud-resource-registry-puppet.yaml
 537
 538   - title: Operational Tools
 539     description:
 540     environment_groups:
 541       - title: Monitoring agents
 542         description: Enable monitoring agents
 543         environments:
 544           - file: environments/monitoring-environment.yaml
 545             title: Monitoring agents
 546             description:
 547             requires:
 548               - overcloud-resource-registry-puppet.yaml
 549       - title: Centralized logging support
 550         description: Enable centralized logging clients (fluentd)
 551         environments:
 552           - file: environments/logging-environment.yaml
 553             title: fluentd client
 554             description:
 555             requires:
 556               - overcloud-resource-registry-puppet.yaml
 557       - title: Performance monitoring
 558         description: Enable performance monitoring agents
 559         environments:
 560           - file: environments/collectd-environment.yaml
 561             title: Performance monitoring agents
 562             description:
 563             requires:
 564               - overcloud-resource-registry-puppet.yaml
 565
 566   - title: Utilities
 567     description:
 568     environment_groups:
 569       - title: Config Debug
 570         description: Enable config management (e.g. Puppet) debugging
 571         environments:
 572           - file: environments/config-debug.yaml
 573             title: Config Debug
 574             description:
 575             requires:
 576               - overcloud-resource-registry-puppet.yaml
 577       - title: Disable journal in MongoDb
 578         description: >
 579           Since, when journaling is enabled, MongoDb will create big journal
 580           file it can take time. In a CI environment for example journaling is
 581           not necessary.
 582         environments:
 583           - file: environments/mongodb-nojournal.yaml
 584             title: Disable journal in MongoDb
 585             description:
 586             requires:
 587               - overcloud-resource-registry-puppet.yaml
 588       - title: Overcloud Steps
 589         description: >
 590           Specifies hooks/breakpoints where overcloud deployment should stop
 591           Allows operator validation between steps, and/or more granular control.
 592           Note: the wildcards relate to naming convention for some resource suffixes,
 593           e.g see puppet/*-post.yaml, enabling this will mean we wait for
 594           a user signal on every *Deployment_StepN resource defined in those files.
 595         tags:
 596           - no-gui
 597         environments:
 598           - file: environments/overcloud-steps.yaml
 599             title: Overcloud Steps
 600             description:
 601             requires:
 602               - overcloud-resource-registry-puppet.yaml