capabilities-map.yaml

   1 # This file holds metadata about the capabilities of the tripleo-heat-templates
   2 # repository for deployment using puppet. It groups configuration by topic,
   3 # describes possible combinations of environments and resource capabilities.
   4
   5 # topics:
   6 # High Level grouping by purpose of environments
   7 # Attributes:
   8 #  title: (required)
   9 #  description: (optional)
  10 #  environment_groups: (required)
  11
  12 # environment_groups:
  13 # Identifies a group of environments.
  14 # Attributes:
  15 #  title: (optional)
  16 #  description: (optional)
  17 #  tags: a list of tags to provide additional information for e.g. filtering (optional)
  18 #  environments: (required)
  19 #  mutually_exclusive: (optional) boolean to identify that environments in group are mutually exclusive
  20
  21 # environments:
  22 # List of environments in environment group
  23 # Attributes:
  24 #  file: a file name including path within repository (required)
  25 #  title: (required)
  26 #  description: (optional)
  27 #  requires: an array of environments which are required by this environment (optional)
  28
  29 topics:
  30   - title: General Deployment Options
  31     description:
  32     environment_groups:
  33       - name: general-deployment-options
  34         title:
  35         description: Enables base configuration for all resources required for OpenStack Deployment
  36         environments:
  37           - file: overcloud-resource-registry-puppet.yaml
  38             title: Base resources configuration
  39             description:
  40       - title: Containerized Deployment
  41         description: >
  42           Configures Deployment to use containerized services
  43         environments:
  44           - file: environments/docker.yaml
  45             title: Containerized Deployment
  46             description:
  47             requires:
  48               - overcloud-resource-registry-puppet.yaml
  49       - title: High Availability
  50         description: Enables configuration of an Overcloud Controller with Pacemaker
  51         environments:
  52           - file: environments/puppet-pacemaker.yaml
  53             title: High Availability (Pacemaker)
  54             description:
  55             requires:
  56               - overcloud-resource-registry-puppet.yaml
  57
  58   - title: Network Configuration
  59     description:
  60     environment_groups:
  61       - title: Network Isolation
  62         description:
  63         environments:
  64           - file: environments/network-isolation.yaml
  65             title: Network Isolation
  66             description: >
  67               Enable the creation of Neutron networks for
  68               isolated Overcloud traffic and configure each role to assign ports
  69               (related to that role) on these networks.
  70             requires:
  71               - overcloud-resource-registry-puppet.yaml
  72           - file: environments/network-isolation-v6.yaml
  73             title: Network Isolation IPv6
  74             description: >
  75               Enable the creation of IPv6 Neutron networks for isolated Overcloud
  76               traffic and configure each role to assign ports (related
  77               to that role) on these networks.
  78             requires:
  79               - overcloud-resource-registry-puppet.yaml
  80         mutually_exclusive: true
  81       - title: NICs, Bonding, VLANs Configuration
  82         description: >
  83           Choose one of the pre-defined configurations or provide custom
  84           network-environment.yaml instead. Note that pre-defined configuration work
  85           only with standard Roles and Networks. These options assume use of Network Isolation.
  86         environments:
  87           - file: environments/net-bond-with-vlans.yaml
  88             title: Bond with Vlans
  89             description: >
  90               Configure each role to use a pair of bonded nics (nic2 and
  91               nic3) and configures an IP address on each relevant isolated network
  92               for each role. This option assumes use of Network Isolation.
  93             requires:
  94               - environments/network-isolation.yaml
  95           - file: environments/net-bond-with-vlans-no-external.yaml
  96             title: Bond with Vlans No External Ports
  97             description: >
  98               Configure each role to use a pair of bonded nics (nic2 and
  99               nic3) and configures an IP address on each relevant isolated network
 100               for each role. This option assumes use of Network Isolation.
 101               Sets external ports to noop.
 102             requires:
 103               - environments/network-isolation.yaml
 104           - file: environments/net-bond-with-vlans-v6.yaml
 105             title: Bond with Vlans IPv6
 106             description: >
 107               Configure each role to use a pair of bonded nics (nic2 and
 108               nic3) and configures an IP address on each relevant isolated network
 109               for each role, with IPv6 on the External network.
 110               This option assumes use of Network Isolation IPv6.
 111             requires:
 112               - environments/network-isolation-v6.yaml
 113           - file: environments/net-multiple-nics.yaml
 114             title: Multiple NICs
 115             description: >
 116               Configures each role to use a separate NIC for
 117               each isolated network.
 118               This option assumes use of Network Isolation.
 119             requires:
 120               - environments/network-isolation.yaml
 121           - file: environments/net-multiple-nics-v6.yaml
 122             title: Multiple NICs IPv6
 123             description: >
 124               Configure each role to use a separate NIC for
 125               each isolated network with IPv6 on the External network.
 126               This option assumes use of Network Isolation IPv6.
 127             requires:
 128               - environments/network-isolation-v6.yaml
 129           - file: environments/net-single-nic-with-vlans.yaml
 130             title: Single NIC with Vlans
 131             description: >
 132               Configure each role to use Vlans on a single NIC for
 133               each isolated network. This option assumes use of Network Isolation.
 134             requires:
 135               - environments/network-isolation.yaml
 136           - file: environments/net-single-nic-with-vlans-no-external.yaml
 137             title: Single NIC with Vlans No External Ports
 138             description: >
 139               Configure each role to use Vlans on a single NIC for
 140               each isolated network. This option assumes use of Network Isolation.
 141               Sets external ports to noop.
 142             requires:
 143               - environments/network-isolation.yaml
 144           - file: environments/net-single-nic-linux-bridge-with-vlans.yaml
 145             title: Single NIC with Linux Bridge Vlans
 146             description: >
 147               Configure each role to use Vlans on a single NIC for
 148               each isolated network. This option assumes use of Network Isolation.
 149             requires:
 150               - environments/network-isolation.yaml
 151           - file: environments/net-single-nic-with-vlans-v6.yaml
 152             title: Single NIC with Vlans IPv6
 153             description: >
 154               Configures each role to use Vlans on a single NIC for
 155               each isolated network with IPv6 on the External network.
 156               This option assumes use of Network Isolation IPv6
 157             requires:
 158               - environments/network-isolation-v6.yaml
 159         mutually_exclusive: true
 160       - title: Management Network
 161         description: >
 162           Enable the creation of a system management network. This
 163           creates a Neutron network for isolated Overcloud
 164           system management traffic and configures each role to
 165           assign a port (related to that role) on that network.
 166         environments:
 167           - file: environments/network-management.yaml
 168             title: Management Network
 169             description:
 170             requires:
 171               - overcloud-resource-registry-puppet.yaml
 172           - file: environments/network-management-v6.yaml
 173             title: Management Network IPv6
 174             description:
 175             requires:
 176               - overcloud-resource-registry-puppet.yaml
 177         mutually_exclusive: true
 178
 179       - title: Docker Network
 180         description: >
 181           [Temporary] Use this option when deploying containerized deployment
 182           without network isolation
 183         environments:
 184           - file: environments/docker-network.yaml
 185             title: Docker network
 186             description:
 187             requires:
 188               - environments/docker.yaml
 189
 190       - title: External load balancer
 191         description: >
 192           Enable external load balancer, requires network Isolation to be enabled.
 193           Note that this option assumes standard isolated networks set.
 194         environments:
 195           - file: environments/external-loadbalancer-vip.yaml
 196             title: External load balancer IPv4
 197             description: >
 198             requires:
 199               - environments/network-isolation.yaml
 200           - file: environments/external-loadbalancer-vip-v6.yaml
 201             title: External load balancer IPv6
 202             description: >
 203             requires:
 204               - environments/network-isolation-v6.yaml
 205         mutually_exclusive: true
 206
 207   - title: Neutron Plugin Configuration
 208     description:
 209     environment_groups:
 210       - title: Neutron Plugins
 211         description: >
 212           Enable various Neutron plugins and backends
 213         environments:
 214           - file: environments/neutron-bgpvpn.yaml
 215             title: Neutron BGPVPN Service Plugin
 216             description: Enables Neutron BGPVPN Service Plugin
 217             requires:
 218               - overcloud-resource-registry-puppet.yaml
 219           - file: environments/services/neutron-lbaasv2.yaml
 220             title: Neutron LBaaSv2 Service Plugin
 221             description: Enables Neutron LBaaSv2 Service Plugin and Agent
 222             requires:
 223               - overcloud-resource-registry-puppet.yaml
 224           - file: environments/neutron-ml2-bigswitch.yaml
 225             title: BigSwitch Extensions
 226             description: >
 227               Enable Big Switch extensions, configured via puppet
 228             requires:
 229               - overcloud-resource-registry-puppet.yaml
 230           - file: environments/neutron-ml2-cisco-n1kv.yaml
 231             title: Cisco N1KV backend
 232             description: >
 233               Enable a Cisco N1KV backend, configured via puppet
 234             requires:
 235               - overcloud-resource-registry-puppet.yaml
 236           - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
 237             title: Cisco Neutron plugin
 238             description:
 239             requires:
 240               - overcloud-resource-registry-puppet.yaml
 241           - file: environments/networking/neutron-midonet.yaml
 242             title: Neutron MidoNet Services
 243             description:
 244             requires:
 245               - overcloud-resource-registry-puppet.yaml
 246           - file: environments/neutron-nuage-config.yaml
 247             title: Neutron Nuage backend
 248             description: Enables Neutron Nuage backend on the controller
 249             requires:
 250               - overcloud-resource-registry-puppet.yaml
 251           - file: environments/neutron-opendaylight.yaml
 252             title: OpenDaylight
 253             description: Enables OpenDaylight
 254             requires:
 255               - overcloud-resource-registry-puppet.yaml
 256           - file: environments/neutron-ovs-dpdk.yaml
 257             title: DPDK with OVS
 258             description: Deploy DPDK with OVS
 259             requires:
 260               - overcloud-resource-registry-puppet.yaml
 261           - file: environments/neutron-ovs-dvr.yaml
 262             title: DVR
 263             description: Enables DVR in the Overcloud
 264             requires:
 265               - overcloud-resource-registry-puppet.yaml
 266           - file: environments/neutron-plumgrid.yaml
 267             title: PLUMgrid extensions
 268             description: Enables PLUMgrid extensions
 269             requires:
 270               - overcloud-resource-registry-puppet.yaml
 271           - file: environments/neutron-ml2-fujitsu-cfab.yaml
 272             title: Fujitsu Neutron plugin for C-Fabric
 273             description: Enable C-Fabric in the overcloud
 274             requires:
 275               - overcloud-resource-registry-puppet.yaml
 276           - file: environments/neutron-ml2-fujitsu-fossw.yaml
 277             title: Fujitsu Neutron plugin for FOS
 278             description: Enable FOS in the overcloud
 279             requires:
 280               - overcloud-resource-registry-puppet.yaml
 281           - file: environments/neutron-nsx.yaml
 282             title: Deploy NSX Services
 283             description:
 284             requires:
 285               - overcloud-resource-registry-puppet.yaml
 286           - file: environments/neutron-l2gw.yaml
 287             title: Neutron L2 gateway Service Plugin
 288             description: Enables Neutron L2 gateway Service Plugin and Agent
 289             requires:
 290               - overcloud-resource-registry-puppet.yaml
 291
 292   - title: Storage
 293     description:
 294     environment_groups:
 295       - title: Cinder backends
 296         description: >
 297           Enable various Cinder backends
 298         environments:
 299           - file: environments/cinder-pure-config.yaml
 300             title: Cinder Pure Storage FlashArray backend
 301             description:
 302             requires:
 303               - overcloud-resource-registry-puppet.yaml
 304           - file: environments/storage/cinder-netapp-config.yaml
 305             title: Cinder NetApp backend
 306             description:
 307             requires:
 308               - overcloud-resource-registry-puppet.yaml
 309           - file: environments/cinder-dellsc-config.yaml
 310             title: Cinder Dell EMC Storage Center ISCSI backend
 311             description: >
 312               Enables a Cinder Dell EMC Storage Center ISCSI backend
 313             requires:
 314               - overcloud-resource-registry-puppet.yaml
 315           - file: environments/cinder-dellemc-unity-config.yaml
 316             title: Cinder Dell EMC Unity backend
 317             description: >
 318               Enables a Cinder Dell EMC Unity backend,
 319           - file: environments/cinder-dellemc-vmax-iscsi-config.yaml
 320             title: Cinder Dell EMC VMAX ISCSI backend
 321             description: >
 322               Enables a Cinder Dell EMC VMAX ISCSI backend,
 323               configured via puppet
 324             requires:
 325               - overcloud-resource-registry-puppet.yaml
 326           - file: environments/cinder-hpelefthand-config.yaml
 327             title: Cinder HPELeftHandISCSI backend
 328             description: >
 329               Enables a Cinder HPELeftHandISCSI backend
 330             requires:
 331               - overcloud-resource-registry-puppet.yaml
 332           - file: environments/cinder-dellps-config.yaml
 333             title: Cinder Dell EMC PS Series backend
 334             description: >
 335               Enables a Cinder Dell EMC PS Series backend
 336             requires:
 337               - overcloud-resource-registry-puppet.yaml
 338           - file: environments/cinder-iser.yaml
 339             title: Cinder iSER backend
 340             description: >
 341               Enable a Cinder iSER RDMA backend, configured via puppet
 342           - file: environments/cinder-scaleio-config.yaml
 343             title: Cinder Dell EMC ScaleIO backend
 344             description: >
 345               Enables a Cinder Dell EMC ScaleIO backend
 346             requires:
 347               - overcloud-resource-registry-puppet.yaml
 348           - file: environments/cinder-veritas-hyperscale-config.yaml
 349             title: Cinder Veritas HyperScale backend
 350             description: >
 351               Enables a Cinder Veritas HyperScale backend,
 352               configured via puppet
 353             requires:
 354               - overcloud-resource-registry-puppet.yaml
 355       - title: Cinder backup service
 356         description:
 357         environments:
 358           - file: environments/cinder-backup.yaml
 359             title: Cinder backup service
 360             description: >
 361               OpenStack Cinder Backup service with Pacemaker
 362             requires:
 363               - environments/puppet-pacemaker.yaml
 364               - overcloud-resource-registry-puppet.yaml
 365       - title: Ceph
 366         description: >
 367           Enable the use of Ceph in the overcloud
 368         environments:
 369           - file: environments/puppet-ceph.yaml
 370             title: Ceph Storage Backend
 371             description: >
 372               Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
 373               use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
 374               colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
 375             requires:
 376               - overcloud-resource-registry-puppet.yaml
 377           - file: environments/storage/external-ceph.yaml
 378             title: Externally managed Ceph
 379             description: >
 380               Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
 381             requires:
 382               - overcloud-resource-registry-puppet.yaml
 383         mutually_exclusive: true
 384       - title: Additional Ceph Options
 385         description:
 386         environments:
 387           - file: environments/services/ceph-mds.yaml
 388             title: Deploys CephMDS
 389             description: >
 390               Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
 391               filesystems hosted in Ceph.
 392             requires:
 393               - environments/puppet-ceph.yaml
 394           - file: environments/ceph-radosgw.yaml
 395             title: Ceph Rados Gateway
 396             description: >
 397               Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
 398               which stores data in the Ceph cluster.
 399             requires:
 400               - environments/puppet-ceph.yaml
 401           - file: environments/manila-cephfsnative-config.yaml
 402             title: Manila with CephFS
 403             description: >
 404               Deploys Manila and configures it with the CephFS driver. This requires the deployment of
 405               Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
 406             requires:
 407               - overcloud-resource-registry-puppet.yaml
 408       - title: Manila with Unity
 409         description: >
 410           Deploys Manila and configures it with the Unity driver.
 411         environments:
 412           - file: environments/manila-unity-config.yaml
 413             title: Deploys Manila with Unity driver
 414             description: Deploys Manila and configures Unity as its default backend.
 415       - title: Manila with VNX
 416         description: >
 417           Deploys Manila and configures it with the VNX driver.
 418         environments:
 419           - file: environments/manila-vnx-config.yaml
 420             title: Deploys Manila with VNX driver
 421             description: Deploys Manila and configures VNX as its default backend.
 422             requires:
 423               - overcloud-resource-registry-puppet.yaml
 424       - title: Glance backends
 425         description:
 426         environments:
 427           - file: environments/storage/glance-nfs.yaml
 428             title: Glance NFS Backend
 429             description: |
 430               Configure and enable this option to enable the use of an NFS
 431               share as the backend for Glance.
 432             requires:
 433               - overcloud-resource-registry-puppet.yaml
 434
 435
 436   - title: Security
 437     description: Security Hardening Options
 438     environment_groups:
 439       - title: TLS
 440         description:
 441         environments:
 442           - file: environments/ssl/enable-tls.yaml
 443             title: SSL on OpenStack Public Endpoints
 444             description: >
 445               Use this option to pass in certificates for SSL deployments.
 446               For these values to take effect, one of the TLS endpoints
 447               options must also be used.
 448             requires:
 449               - overcloud-resource-registry-puppet.yaml
 450       - title: TLS Endpoints
 451         description:
 452         environments:
 453           - file: environments/ssl/tls-endpoints-public-dns.yaml
 454             title: SSL-enabled deployment with DNS name as public endpoint
 455             description: >
 456               Use this option when deploying an SSL-enabled overcloud where the public
 457               endpoint is a DNS name.
 458             requires:
 459               - environments/ssl/enable-tls.yaml
 460           - file: environments/ssl/tls-everywhere-endpoints-dns.yaml
 461             title: Deploy All SSL Endpoints as DNS names
 462             description: >
 463               Use this option when deploying an overcloud where all the endpoints are
 464               DNS names and there's TLS in all endpoint types.
 465             requires:
 466               - environments/ssl/enable-tls.yaml
 467           - file: environments/ssl/tls-endpoints-public-ip.yaml
 468             title: SSL-enabled deployment with IP address as public endpoint
 469             description: >
 470               Use this option when deploying an SSL-enabled overcloud where the public
 471               endpoint is an IP address.
 472             requires:
 473               - environments/ssl/enable-tls.yaml
 474         mutually_exclusive: true
 475       - title: SSH Banner Text
 476         description: Enables population of SSH Banner Text
 477         environments:
 478           - file: environments/sshd-banner.yaml
 479             title: SSH Banner Text
 480             description:
 481             requires:
 482               - overcloud-resource-registry-puppet.yaml
 483       - title: Horizon Password Validation
 484         description: Enable Horizon Password validation
 485         environments:
 486           - file: environments/horizon_password_validation.yaml
 487             title: Horizon Password Validation
 488             description:
 489             requires:
 490               - overcloud-resource-registry-puppet.yaml
 491       - title: AuditD Rules
 492         description:  Management of AuditD rules
 493         environments:
 494           - file: environments/auditd.yaml
 495             title: AuditD Rule Management
 496             description:
 497             requires:
 498               - overcloud-resource-registry-puppet.yaml
 499       - title: Keystone CADF auditing
 500         description: Enable CADF notifications in Keystone for auditing
 501         environments:
 502           - file: environments/cadf.yaml
 503             title: Keystone CADF auditing
 504       - title: SecureTTY Values
 505         description: Set values within /etc/securetty
 506         environments:
 507           - file: environments/securetty.yaml
 508             title: SecureTTY Values
 509
 510   - title: Additional Services
 511     description:
 512     environment_groups:
 513       - title:
 514         description: Deploy additional services
 515         environments:
 516           - file: environments/services/manila-generic-config.yaml
 517             title: Barbican
 518             description: Enable Barbican with the default secret store backend
 519             requires:
 520               - overcloud-resource-registry-puppet.yaml
 521           - file: environments/manila-generic-config.yaml
 522             title: Manila
 523             description: Enable Manila with generic driver backend
 524             requires:
 525               - overcloud-resource-registry-puppet.yaml
 526           - file: environments/services/sahara.yaml
 527             title: Sahara
 528             description: Deploy Sahara service
 529             requires:
 530               - overcloud-resource-registry-puppet.yaml
 531           - file: environments/services/ironic.yaml
 532             title: Ironic
 533             description: Deploy Ironic service
 534             requires:
 535               - overcloud-resource-registry-puppet.yaml
 536           - file: environments/services/mistral.yaml
 537             title: Mistral
 538             description: Deploy Mistral service
 539             requires:
 540               - overcloud-resource-registry-puppet.yaml
 541           - file: environments/services/ec2-api.yaml
 542             title: EC2 API
 543             description: Enable EC2-API service
 544             requires:
 545               - overcloud-resource-registry-puppet.yaml
 546           - file: environments/services/zaqar.yaml
 547             title: Zaqar
 548             description: Deploy Zaqar service
 549             requires:
 550               - overcloud-resource-registry-puppet.yaml
 551
 552   - title: Nova Extensions
 553     description:
 554     environment_groups:
 555       - title: Nova Extensions
 556         description:
 557         environments:
 558           - file: environments/nova-nuage-config.yaml
 559             title: Nuage backend
 560             description: >
 561               Enables Nuage backend on the Compute
 562             requires:
 563               - overcloud-resource-registry-puppet.yaml
 564
 565   - title: Operational Tools
 566     description:
 567     environment_groups:
 568       - title: Monitoring agents
 569         description: Enable monitoring agents
 570         environments:
 571           - file: environments/monitoring-environment.yaml
 572             title: Monitoring agents
 573             description:
 574             requires:
 575               - overcloud-resource-registry-puppet.yaml
 576       - title: Centralized logging support
 577         description: Enable centralized logging clients (fluentd)
 578         environments:
 579           - file: environments/logging-environment.yaml
 580             title: fluentd client
 581             description:
 582             requires:
 583               - overcloud-resource-registry-puppet.yaml
 584       - title: Performance monitoring
 585         description: Enable performance monitoring agents
 586         environments:
 587           - file: environments/collectd-environment.yaml
 588             title: Performance monitoring agents
 589             description:
 590             requires:
 591               - overcloud-resource-registry-puppet.yaml
 592
 593   - title: Utilities
 594     description:
 595     environment_groups:
 596       - title: Config Debug
 597         description: Enable config management (e.g. Puppet) debugging
 598         environments:
 599           - file: environments/config-debug.yaml
 600             title: Config Debug
 601             description:
 602             requires:
 603               - overcloud-resource-registry-puppet.yaml
 604       - title: Disable journal in MongoDb
 605         description: >
 606           Since, when journaling is enabled, MongoDb will create big journal
 607           file it can take time. In a CI environment for example journaling is
 608           not necessary.
 609         environments:
 610           - file: environments/mongodb-nojournal.yaml
 611             title: Disable journal in MongoDb
 612             description:
 613             requires:
 614               - overcloud-resource-registry-puppet.yaml
 615       - title: Overcloud Steps
 616         description: >
 617           Specifies hooks/breakpoints where overcloud deployment should stop
 618           Allows operator validation between steps, and/or more granular control.
 619           Note: the wildcards relate to naming convention for some resource suffixes,
 620           e.g see puppet/*-post.yaml, enabling this will mean we wait for
 621           a user signal on every *Deployment_StepN resource defined in those files.
 622         tags:
 623           - no-gui
 624         environments:
 625           - file: environments/overcloud-steps.yaml
 626             title: Overcloud Steps
 627             description:
 628             requires:
 629               - overcloud-resource-registry-puppet.yaml