capabilities-map.yaml

   1 # This file holds metadata about the capabilities of the tripleo-heat-templates
   2 # repository for deployment using puppet. It groups configuration by topic,
   3 # describes possible combinations of environments and resource capabilities.
   4
   5 # root_template: identifies repository's root template
   6 # root_environment: identifies root_environment, this one is special in terms of
   7 #   order in which the environments are merged before deploying. This one serves as
   8 #   a base and it's parameters/resource_registry gets overridden by other environments
   9 #   if used.
  10
  11 # topics:
  12 # High Level grouping by purpose of environments
  13 # Attributes:
  14 #  title: (required)
  15 #  description: (optional)
  16 #  environment_groups: (required)
  17
  18 # environment_groups:
  19 # Identifies an environment choice. If group includes multiple environments it
  20 # indicates that environments in group are mutually exclusive.
  21 # Attributes:
  22 #  title: (optional)
  23 #  description: (optional)
  24 #  tags: a list of tags to provide additional information for e.g. filtering (optional)
  25 #  environments: (required)
  26
  27 # environments:
  28 # List of environments in environment group
  29 # Attributes:
  30 #  file: a file name including path within repository (required)
  31 #  title: (required)
  32 #  description: (optional)
  33 #  requires: an array of environments which are required by this environment (optional)
  34 #  resource_registry: [tbd] (optional)
  35
  36 # resource_registry:
  37 # [tbd] Each environment can provide options on resource_registry level applicable
  38 # only when that given environment is used. (resource_type of that environment can
  39 # be implemented using multiple templates).
  40
  41 root_template: overcloud.yaml
  42 root_environment: overcloud-resource-registry-puppet.yaml
  43 topics:
  44   - title: Base Resources Configuration
  45     description:
  46     environment_groups:
  47       - title:
  48         description: Enable base configuration for all resources required for OpenStack Deployment
  49         environments:
  50           - file: overcloud-resource-registry-puppet.yaml
  51             title: Base resources configuration
  52             description:
  53
  54   - title: Deployment Options
  55     description:
  56     environment_groups:
  57       - title: High Availability
  58         description: Enables configuration of an Overcloud controller with Pacemaker
  59         environments:
  60           - file: environments/puppet-pacemaker.yaml
  61             title: Pacemaker
  62             description: Enable configuration of an Overcloud controller with Pacemaker
  63             requires:
  64               - overcloud-resource-registry-puppet.yaml
  65       - title: Pacemaker options
  66         description:
  67         environments:
  68           - file: environments/puppet-pacemaker-no-restart.yaml
  69             title: Pacemaker No Restart
  70             description:
  71             requires:
  72               - environments/puppet-pacemaker.yaml
  73               - overcloud-resource-registry-puppet.yaml
  74       - title: Docker RDO
  75         description: >
  76           Docker container with heat agents for containerized compute node
  77         environments:
  78           - file: environments/docker.yaml
  79             title: Docker RDO
  80             description:
  81             requires:
  82               - overcloud-resource-registry-puppet.yaml
  83       - title: Enable TLS
  84         description: >
  85         environments:
  86           - file: environments/enable-tls.yaml
  87             title: TLS
  88             description: >
  89               Use this option to pass in certificates for SSL deployments.
  90               For these values to take effect, one of the TLS endpoints
  91               environments must also be used.
  92             requires:
  93               - overcloud-resource-registry-puppet.yaml
  94       - title: TLS Endpoints
  95         description: >
  96         environments:
  97           - file: environments/tls-endpoints-public-dns.yaml
  98             title: SSL-enabled deployment with DNS name as public endpoint
  99             description: >
 100               Use this environment when deploying an SSL-enabled overcloud where the public
 101               endpoint is a DNS name.
 102             requires:
 103               - environments/enable-tls.yaml
 104               - overcloud-resource-registry-puppet.yaml
 105           - file: environments/tls-endpoints-public-ip.yaml
 106             title: SSL-enabled deployment with IP address as public endpoint
 107             description: >
 108               Use this environment when deploying an SSL-enabled overcloud where the public
 109               endpoint is an IP address.
 110             requires:
 111               - environments/enable-tls.yaml
 112               - overcloud-resource-registry-puppet.yaml
 113       - title: External load balancer
 114         description: >
 115           Enable external load balancer
 116         environments:
 117           - file: environments/external-loadbalancer-vip-v6.yaml
 118             title: External load balancer IPv6
 119             description: >
 120             requires:
 121               - overcloud-resource-registry-puppet.yaml
 122           - file: environments/external-loadbalancer-vip.yaml
 123             title: External load balancer IPv4
 124             description: >
 125             requires:
 126               - overcloud-resource-registry-puppet.yaml
 127
 128   - title: Additional Services
 129     description: Deploy additional Overcloud services
 130     environment_groups:
 131       - title: Manila
 132         description:
 133         environments:
 134           - file: environments/manila-generic-config.yaml
 135             title: Manila
 136             description: Enable Manila generic driver backend
 137             requires:
 138               - overcloud-resource-registry-puppet.yaml
 139       - title: Sahara
 140         description:
 141         environments:
 142           - file: environments/services/sahara.yaml
 143             title: Sahara
 144             description: Deploy Sahara service
 145             requires:
 146               - overcloud-resource-registry-puppet.yaml
 147       - title: Ironic
 148         description:
 149         environments:
 150           - file: environments/services/ironic.yaml
 151             title: Ironic
 152             description: Deploy Ironic service
 153             requires:
 154               - overcloud-resource-registry-puppet.yaml
 155       - title: Mistral
 156         description:
 157         environments:
 158           - file: environments/services/mistral.yaml
 159             title: Mistral
 160             description: Deploy Mistral service
 161             requires:
 162               - overcloud-resource-registry-puppet.yaml
 163       - title: Ceilometer Api
 164         description:
 165         environments:
 166           - file: environments/services/disable-ceilometer-api.yaml
 167             title: Ceilometer Api
 168             description: Disable Ceilometer Api service. This service is
 169               deprecated and will be removed in future releases. Please move
 170               to using gnocchi/aodh/panko apis instead.
 171             requires:
 172               - overcloud-resource-registry-puppet.yaml
 173
 174   # - title: Network Interface Configuration
 175   #   description:
 176   #   environment_groups:
 177
 178   - title: Overlay Network Configuration
 179     description:
 180     environment_groups:
 181       - title: Network Isolation
 182         description:
 183         environments:
 184           - file: environments/network-isolation.yaml
 185             title: Network Isolation
 186             description: >
 187               Enable the creation of Neutron networks for
 188               isolated Overcloud traffic and configure each role to assign ports
 189               (related to that role) on these networks.
 190             requires:
 191               - overcloud-resource-registry-puppet.yaml
 192           - file: environments/network-isolation-v6.yaml
 193             title: Network Isolation IPv6
 194             description: >
 195               Enable the creation of IPv6 Neutron networks for isolated Overcloud
 196               traffic and configure each role to assign ports (related
 197               to that role) on these networks.
 198             requires:
 199               - overcloud-resource-registry-puppet.yaml
 200       - title: Single NIC or Bonding
 201         description: >
 202           Configure roles to use pair of bonded nics or to use Vlans on a
 203           single nic. This option assumes use of Network Isolation.
 204         environments:
 205           - file: environments/net-bond-with-vlans.yaml
 206             title: Bond with Vlans
 207             description: >
 208               Configure each role to use a pair of bonded nics (nic2 and
 209               nic3) and configures an IP address on each relevant isolated network
 210               for each role. This option assumes use of Network Isolation.
 211             requires:
 212               - environments/network-isolation.yaml
 213               - overcloud-resource-registry-puppet.yaml
 214           - file: environments/net-bond-with-vlans-no-external.yaml
 215             title: Bond with Vlans No External Ports
 216             description: >
 217               Configure each role to use a pair of bonded nics (nic2 and
 218               nic3) and configures an IP address on each relevant isolated network
 219               for each role. This option assumes use of Network Isolation.
 220               Sets external ports to noop.
 221             requires:
 222               - environments/network-isolation.yaml
 223               - overcloud-resource-registry-puppet.yaml
 224           - file: environments/net-bond-with-vlans-v6.yaml
 225             title: Bond with Vlans IPv6
 226             description: >
 227               Configure each role to use a pair of bonded nics (nic2 and
 228               nic3) and configures an IP address on each relevant isolated network
 229               for each role, with IPv6 on the External network.
 230               This option assumes use of Network Isolation IPv6.
 231             requires:
 232               - environments/network-isolation-v6.yaml
 233               - overcloud-resource-registry-puppet.yaml
 234           - file: environments/net-multiple-nics.yaml
 235             title: Multiple NICs
 236             description: >
 237               Configures each role to use a separate NIC for
 238               each isolated network.
 239               This option assumes use of Network Isolation.
 240             requires:
 241               - environments/network-isolation.yaml
 242               - overcloud-resource-registry-puppet.yaml
 243           - file: environments/net-multiple-nics-v6.yaml
 244             title: Multiple NICs IPv6
 245             description: >
 246               Configure each role to use a separate NIC for
 247               each isolated network with IPv6 on the External network.
 248               This option assumes use of Network Isolation IPv6.
 249             requires:
 250               - environments/network-isolation-v6.yaml
 251               - overcloud-resource-registry-puppet.yaml
 252           - file: environments/net-single-nic-with-vlans.yaml
 253             title: Single NIC with Vlans
 254             description: >
 255               Configure each role to use Vlans on a single NIC for
 256               each isolated network. This option assumes use of Network Isolation.
 257             requires:
 258               - environments/network-isolation.yaml
 259               - overcloud-resource-registry-puppet.yaml
 260           - file: environments/net-single-nic-with-vlans-no-external.yaml
 261             title: Single NIC with Vlans No External Ports
 262             description: >
 263               Configure each role to use Vlans on a single NIC for
 264               each isolated network. This option assumes use of Network Isolation.
 265               Sets external ports to noop.
 266             requires:
 267               - environments/network-isolation.yaml
 268               - overcloud-resource-registry-puppet.yaml
 269           - file: environments/net-single-nic-linux-bridge-with-vlans.yaml
 270             title: Single NIC with Linux Bridge Vlans
 271             description: >
 272               Configure each role to use Vlans on a single NIC for
 273               each isolated network. This option assumes use of Network Isolation.
 274             requires:
 275               - environments/network-isolation.yaml
 276               - overcloud-resource-registry-puppet.yaml
 277           - file: environments/net-single-nic-with-vlans-v6.yaml
 278             title: Single NIC with Vlans IPv6
 279             description: >
 280               Configures each role to use Vlans on a single NIC for
 281               each isolated network with IPv6 on the External network.
 282               This option assumes use of Network Isolation IPv6
 283             requires:
 284               - environments/network-isolation-v6.yaml
 285               - overcloud-resource-registry-puppet.yaml
 286       - title: Management Network
 287         description: >
 288           Enable the creation of a system management network. This
 289           creates a Neutron network for isolated Overcloud
 290           system management traffic and configures each role to
 291           assign a port (related to that role) on that network.
 292         environments:
 293           - file: environments/network-management.yaml
 294             title: Management Network
 295             description:
 296             requires:
 297               - overcloud-resource-registry-puppet.yaml
 298           - file: environments/network-management-v6.yaml
 299             title: Management Network IPv6
 300             description:
 301             requires:
 302               - overcloud-resource-registry-puppet.yaml
 303
 304   - title: Neutron Plugin Configuration
 305     description:
 306     environment_groups:
 307       - title: Neutron Plugins
 308         description: >
 309           Enable various Neutron plugins and backends
 310         environments:
 311           - file: environments/neutron-bgpvpn.yaml
 312             title: Neutron BGPVPN Service Plugin
 313             description: Enables Neutron BGPVPN Service Plugin
 314             requires:
 315               - overcloud-resource-registry-puppet.yaml
 316           - file: environments/neutron-ml2-bigswitch.yaml
 317             title: BigSwitch Extensions
 318             description: >
 319               Enable Big Switch extensions, configured via puppet
 320             requires:
 321               - overcloud-resource-registry-puppet.yaml
 322           - file: environments/neutron-ml2-cisco-n1kv.yaml
 323             title: Cisco N1KV backend
 324             description: >
 325               Enable a Cisco N1KV backend, configured via puppet
 326             requires:
 327               - overcloud-resource-registry-puppet.yaml
 328           - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
 329             title: Cisco Neutron plugin
 330             description:
 331             requires:
 332               - overcloud-resource-registry-puppet.yaml
 333           - file: environments/neutron-midonet.yaml
 334             title: Deploy MidoNet Services
 335             description:
 336             requires:
 337               - overcloud-resource-registry-puppet.yaml
 338           - file: environments/neutron-nuage-config.yaml
 339             title: Neutron Nuage backend
 340             description: Enables Neutron Nuage backend on the controller
 341             requires:
 342               - overcloud-resource-registry-puppet.yaml
 343           - file: environments/neutron-opendaylight.yaml
 344             title: OpenDaylight
 345             description: Enables OpenDaylight
 346             requires:
 347               - overcloud-resource-registry-puppet.yaml
 348           - file: environments/neutron-ovs-dpdk.yaml
 349             title: DPDK with OVS
 350             description: Deploy DPDK with OVS
 351             requires:
 352               - overcloud-resource-registry-puppet.yaml
 353           - file: environments/neutron-ovs-dvr.yaml
 354             title: DVR
 355             description: Enables DVR in the Overcloud
 356             requires:
 357               - overcloud-resource-registry-puppet.yaml
 358           - file: environments/neutron-plumgrid.yaml
 359             title: PLUMgrid extensions
 360             description: Enables PLUMgrid extensions
 361             requires:
 362               - overcloud-resource-registry-puppet.yaml
 363           - file: environments/neutron-ml2-fujitsu-cfab.yaml
 364             title: Fujitsu Neutron plugin for C-Fabric
 365             description: Enable C-Fabric in the overcloud
 366             requires:
 367               - overcloud-resource-registry-puppet.yaml
 368           - file: environments/neutron-ml2-fujitsu-fossw.yaml
 369             title: Fujitsu Neutron plugin for FOS
 370             description: Enable FOS in the overcloud
 371             requires:
 372               - overcloud-resource-registry-puppet.yaml
 373
 374   - title: Nova Extensions
 375     description:
 376     environment_groups:
 377       - title: Nova Extensions
 378         description:
 379         environments:
 380           - file: environments/nova-nuage-config.yaml
 381             title: Nuage backend
 382             description: >
 383               Enables Nuage backend on the Compute
 384             requires:
 385               - overcloud-resource-registry-puppet.yaml
 386
 387   - title: Storage
 388     description:
 389     environment_groups:
 390       - title: Cinder backup service
 391         description:
 392         environments:
 393           - file: environments/cinder-backup.yaml
 394             title: Cinder backup service
 395             description: >
 396               OpenStack Cinder Backup service with Pacemaker configured
 397               with Puppet
 398             requires:
 399               - environments/puppet-pacemaker.yaml
 400               - overcloud-resource-registry-puppet.yaml
 401       - title: Cinder backend
 402         description: >
 403           Enable various Cinder backends
 404         environments:
 405           - file: environments/cinder-netapp-config.yaml
 406             title: Cinder NetApp backend
 407             description:
 408             requires:
 409               - overcloud-resource-registry-puppet.yaml
 410           - file: environments/cinder-dellsc-config.yaml
 411             title: Cinder Dell EMC Storage Center ISCSI backend
 412             description: >
 413               Enables a Cinder Dell EMC Storage Center ISCSI backend,
 414               configured via puppet
 415             requires:
 416               - overcloud-resource-registry-puppet.yaml
 417           - file: environments/cinder-hpelefthand-config.yaml
 418             title: Cinder HPELeftHandISCSI backend
 419             description: >
 420               Enables a Cinder HPELeftHandISCSI backend, configured
 421               via puppet
 422             requires:
 423               - overcloud-resource-registry-puppet.yaml
 424           - file: environments/cinder-dellps-config.yaml
 425             title: Cinder Dell EMC PS Series backend
 426             description: >
 427               Enables a Cinder Dell EMC PS Series backend,
 428               configured via puppet
 429             requires:
 430               - overcloud-resource-registry-puppet.yaml
 431           - file: environments/cinder-iser.yaml
 432             title: Cinder iSER backend
 433             description: >
 434               Enable a Cinder iSER RDMA backend, configured via puppet
 435           - file: environments/cinder-scaleio-config.yaml
 436             title: Cinder Dell EMC ScaleIO backend
 437             description: >
 438               Enables a Cinder Dell EMC ScaleIO backend,
 439               configured via puppet
 440             requires:
 441               - overcloud-resource-registry-puppet.yaml
 442       - title: Ceph
 443         description: >
 444           Enable the use of Ceph in the overcloud
 445         environments:
 446           - file: environments/puppet-ceph-external.yaml
 447             title: Externally managed Ceph
 448             description: >
 449               Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
 450             requires:
 451               - overcloud-resource-registry-puppet.yaml
 452           - file: environments/puppet-ceph.yaml
 453             title: TripleO managed Ceph
 454             description: >
 455               Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
 456               use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
 457               colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
 458             requires:
 459               - overcloud-resource-registry-puppet.yaml
 460       - title: CephMDS
 461         description: >
 462           Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
 463           filesystems hosted in Ceph.
 464         environments:
 465           - file: environments/services/ceph-mds.yaml
 466             title: Deploys CephMDS
 467             description:
 468             requires:
 469               - environments/puppet-ceph.yaml
 470       - title: Ceph Rados Gateway
 471         description: >
 472           Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
 473           which stores data in the Ceph cluster.
 474         environments:
 475           - file: environments/ceph-radosgw.yaml
 476             title: Deploys CephRGW
 477             description:
 478             requires:
 479               - environments/puppet-ceph.yaml
 480       - title: Manila with CephFS
 481         description: >
 482           Deploys Manila and configures it with the CephFS driver. This requires the deployment of
 483           Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
 484         environments:
 485           - file: environments/manila-cephfsnative-config.yaml
 486             title: Deploys Manila with CephFS driver
 487             description: Deploys Manila and configures CephFS as its default backend.
 488             requires:
 489               - overcloud-resource-registry-puppet.yaml
 490       - title: Storage Environment
 491         description: >
 492           Can be used to set up storage backends. Defaults to Ceph used as a
 493           backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It
 494           configures which services will use Ceph, or if any of the services
 495           will use NFS. And more. Usually requires to be edited by user first.
 496         tags:
 497           - no-gui
 498         environments:
 499           - file: environments/storage-environment.yaml
 500             title: Storage Environment
 501             description:
 502             requires:
 503               - overcloud-resource-registry-puppet.yaml
 504
 505   - title: Utilities
 506     description:
 507     environment_groups:
 508       - title: Config Debug
 509         description: Enable config management (e.g. Puppet) debugging
 510         environments:
 511           - file: environments/config-debug.yaml
 512             title: Config Debug
 513             description:
 514             requires:
 515               - overcloud-resource-registry-puppet.yaml
 516       - title: Disable journal in MongoDb
 517         description: >
 518           Since, when journaling is enabled, MongoDb will create big journal
 519           file it can take time. In a CI environment for example journaling is
 520           not necessary.
 521         environments:
 522           - file: environments/mongodb-nojournal.yaml
 523             title: Disable journal in MongoDb
 524             description:
 525             requires:
 526               - overcloud-resource-registry-puppet.yaml
 527       - title: Overcloud Steps
 528         description: >
 529           Specifies hooks/breakpoints where overcloud deployment should stop
 530           Allows operator validation between steps, and/or more granular control.
 531           Note: the wildcards relate to naming convention for some resource suffixes,
 532           e.g see puppet/*-post.yaml, enabling this will mean we wait for
 533           a user signal on every *Deployment_StepN resource defined in those files.
 534         tags:
 535           - no-gui
 536         environments:
 537           - file: environments/overcloud-steps.yaml
 538             title: Overcloud Steps
 539             description:
 540             requires:
 541               - overcloud-resource-registry-puppet.yaml
 542
 543   - title: Operational Tools
 544     description:
 545     environment_groups:
 546       - title: Monitoring agents
 547         description: Enable monitoring agents
 548         environments:
 549           - file: environments/monitoring-environment.yaml
 550             title: enable monitoring agents
 551             description:
 552             requires:
 553               - overcloud-resource-registry-puppet.yaml
 554       - title: Centralized logging support
 555         description: Enable centralized logging clients (fluentd)
 556         environments:
 557           - file: environments/logging-environment.yaml
 558             title: Enable fluentd client
 559             description:
 560             requires:
 561               - overcloud-resource-registry-puppet.yaml
 562
 563   - title: Security Options
 564     description: Security Hardening Options
 565     environment_groups:
 566       - title: SSH Banner Text
 567         description: Enables population of SSH Banner Text
 568         environments:
 569           - file: environments/sshd-banner.yaml
 570             title: SSH Banner Text
 571             description:
 572             requires:
 573               - overcloud-resource-registry-puppet.yaml
 574       - title: Horizon Password Validation
 575         description: Enable Horizon Password validation
 576         environments:
 577           - file: environments/horizon_password_validation.yaml
 578             title: Horizon Password Validation
 579             description:
 580             requires:
 581               - overcloud-resource-registry-puppet.yaml
 582       - title: AuditD Rules
 583         description:  Management of AuditD rules
 584         environments:
 585           - file: environments/auditd.yaml
 586             title: AuditD Rule Management
 587             description:
 588             requires:
 589               - overcloud-resource-registry-puppet.yaml
 590       - title: Keystone CADF auditing
 591         description: Enable CADF notifications in Keystone for auditing
 592         environments:
 593           - file: environments/cadf.yaml
 594             title: Keystone CADF auditing