capabilities-map.yaml

   1 # This file holds metadata about the capabilities of the tripleo-heat-templates
   2 # repository for deployment using puppet. It groups configuration by topic,
   3 # describes possible combinations of environments and resource capabilities.
   4
   5 # topics:
   6 # High Level grouping by purpose of environments
   7 # Attributes:
   8 #  title: (required)
   9 #  description: (optional)
  10 #  environment_groups: (required)
  11
  12 # environment_groups:
  13 # Identifies a group of environments.
  14 # Attributes:
  15 #  title: (optional)
  16 #  description: (optional)
  17 #  tags: a list of tags to provide additional information for e.g. filtering (optional)
  18 #  environments: (required)
  19 #  mutually_exclusive: (optional) boolean to identify that environments in group are mutually exclusive
  20
  21 # environments:
  22 # List of environments in environment group
  23 # Attributes:
  24 #  file: a file name including path within repository (required)
  25 #  title: (required)
  26 #  description: (optional)
  27 #  requires: an array of environments which are required by this environment (optional)
  28
  29 topics:
  30   - title: General Deployment Options
  31     description:
  32     environment_groups:
  33       - name: general-deployment-options
  34         title:
  35         description: Enables base configuration for all resources required for OpenStack Deployment
  36         environments:
  37           - file: overcloud-resource-registry-puppet.yaml
  38             title: Base resources configuration
  39             description:
  40       - title: Containerized Deployment
  41         description: >
  42           Configures Deployment to use containerized services
  43         environments:
  44           - file: environments/docker.yaml
  45             title: Containerized Deployment
  46             description:
  47             requires:
  48               - overcloud-resource-registry-puppet.yaml
  49       - title: High Availability
  50         description: Enables configuration of an Overcloud Controller with Pacemaker
  51         environments:
  52           - file: environments/puppet-pacemaker.yaml
  53             title: High Availability (Pacemaker)
  54             description:
  55             requires:
  56               - overcloud-resource-registry-puppet.yaml
  57
  58   - title: Network Configuration
  59     description:
  60     environment_groups:
  61       - title: Network Isolation
  62         description:
  63         environments:
  64           - file: environments/network-isolation.yaml
  65             title: Network Isolation
  66             description: >
  67               Enable the creation of Neutron networks for
  68               isolated Overcloud traffic and configure each role to assign ports
  69               (related to that role) on these networks.
  70             requires:
  71               - overcloud-resource-registry-puppet.yaml
  72           - file: environments/network-isolation-v6.yaml
  73             title: Network Isolation IPv6
  74             description: >
  75               Enable the creation of IPv6 Neutron networks for isolated Overcloud
  76               traffic and configure each role to assign ports (related
  77               to that role) on these networks.
  78             requires:
  79               - overcloud-resource-registry-puppet.yaml
  80         mutually_exclusive: true
  81       - title: NICs, Bonding, VLANs Configuration
  82         description: >
  83           Choose one of the pre-defined configurations or provide custom
  84           network-environment.yaml instead. Note that pre-defined configuration work
  85           only with standard Roles and Networks. These options assume use of Network Isolation.
  86         environments:
  87           - file: environments/net-bond-with-vlans.yaml
  88             title: Bond with Vlans
  89             description: >
  90               Configure each role to use a pair of bonded nics (nic2 and
  91               nic3) and configures an IP address on each relevant isolated network
  92               for each role. This option assumes use of Network Isolation.
  93             requires:
  94               - environments/network-isolation.yaml
  95           - file: environments/net-bond-with-vlans-no-external.yaml
  96             title: Bond with Vlans No External Ports
  97             description: >
  98               Configure each role to use a pair of bonded nics (nic2 and
  99               nic3) and configures an IP address on each relevant isolated network
 100               for each role. This option assumes use of Network Isolation.
 101               Sets external ports to noop.
 102             requires:
 103               - environments/network-isolation.yaml
 104           - file: environments/net-bond-with-vlans-v6.yaml
 105             title: Bond with Vlans IPv6
 106             description: >
 107               Configure each role to use a pair of bonded nics (nic2 and
 108               nic3) and configures an IP address on each relevant isolated network
 109               for each role, with IPv6 on the External network.
 110               This option assumes use of Network Isolation IPv6.
 111             requires:
 112               - environments/network-isolation-v6.yaml
 113           - file: environments/net-multiple-nics.yaml
 114             title: Multiple NICs
 115             description: >
 116               Configures each role to use a separate NIC for
 117               each isolated network.
 118               This option assumes use of Network Isolation.
 119             requires:
 120               - environments/network-isolation.yaml
 121           - file: environments/net-multiple-nics-v6.yaml
 122             title: Multiple NICs IPv6
 123             description: >
 124               Configure each role to use a separate NIC for
 125               each isolated network with IPv6 on the External network.
 126               This option assumes use of Network Isolation IPv6.
 127             requires:
 128               - environments/network-isolation-v6.yaml
 129           - file: environments/net-single-nic-with-vlans.yaml
 130             title: Single NIC with Vlans
 131             description: >
 132               Configure each role to use Vlans on a single NIC for
 133               each isolated network. This option assumes use of Network Isolation.
 134             requires:
 135               - environments/network-isolation.yaml
 136           - file: environments/net-single-nic-with-vlans-no-external.yaml
 137             title: Single NIC with Vlans No External Ports
 138             description: >
 139               Configure each role to use Vlans on a single NIC for
 140               each isolated network. This option assumes use of Network Isolation.
 141               Sets external ports to noop.
 142             requires:
 143               - environments/network-isolation.yaml
 144           - file: environments/net-single-nic-linux-bridge-with-vlans.yaml
 145             title: Single NIC with Linux Bridge Vlans
 146             description: >
 147               Configure each role to use Vlans on a single NIC for
 148               each isolated network. This option assumes use of Network Isolation.
 149             requires:
 150               - environments/network-isolation.yaml
 151           - file: environments/net-single-nic-with-vlans-v6.yaml
 152             title: Single NIC with Vlans IPv6
 153             description: >
 154               Configures each role to use Vlans on a single NIC for
 155               each isolated network with IPv6 on the External network.
 156               This option assumes use of Network Isolation IPv6
 157             requires:
 158               - environments/network-isolation-v6.yaml
 159         mutually_exclusive: true
 160       - title: Management Network
 161         description: >
 162           Enable the creation of a system management network. This
 163           creates a Neutron network for isolated Overcloud
 164           system management traffic and configures each role to
 165           assign a port (related to that role) on that network.
 166         environments:
 167           - file: environments/network-management.yaml
 168             title: Management Network
 169             description:
 170             requires:
 171               - overcloud-resource-registry-puppet.yaml
 172           - file: environments/network-management-v6.yaml
 173             title: Management Network IPv6
 174             description:
 175             requires:
 176               - overcloud-resource-registry-puppet.yaml
 177         mutually_exclusive: true
 178
 179       - title: Docker Network
 180         description: >
 181           [Temporary] Use this option when deploying containerized deployment
 182           without network isolation
 183         environments:
 184           - file: environments/docker-network.yaml
 185             title: Docker network
 186             description:
 187             requires:
 188               - environments/docker.yaml
 189
 190       - title: External load balancer
 191         description: >
 192           Enable external load balancer, requires network Isolation to be enabled.
 193           Note that this option assumes standard isolated networks set.
 194         environments:
 195           - file: environments/external-loadbalancer-vip.yaml
 196             title: External load balancer IPv4
 197             description: >
 198             requires:
 199               - environments/network-isolation.yaml
 200           - file: environments/external-loadbalancer-vip-v6.yaml
 201             title: External load balancer IPv6
 202             description: >
 203             requires:
 204               - environments/network-isolation-v6.yaml
 205         mutually_exclusive: true
 206
 207   - title: Neutron Plugin Configuration
 208     description:
 209     environment_groups:
 210       - title: Neutron Plugins
 211         description: >
 212           Enable various Neutron plugins and backends
 213         environments:
 214           - file: environments/neutron-bgpvpn.yaml
 215             title: Neutron BGPVPN Service Plugin
 216             description: Enables Neutron BGPVPN Service Plugin
 217             requires:
 218               - overcloud-resource-registry-puppet.yaml
 219           - file: environments/services/neutron-lbaasv2.yaml
 220             title: Neutron LBaaSv2 Service Plugin
 221             description: Enables Neutron LBaaSv2 Service Plugin and Agent
 222             requires:
 223               - overcloud-resource-registry-puppet.yaml
 224           - file: environments/neutron-sfc.yaml
 225             title: Neutron SFC Service Plugin
 226             description: Enables Neutron SFC Service Plugin
 227             requires:
 228               - overcloud-resource-registry-puppet.yaml
 229           - file: environments/neutron-ml2-bigswitch.yaml
 230             title: BigSwitch Extensions
 231             description: >
 232               Enable Big Switch extensions, configured via puppet
 233             requires:
 234               - overcloud-resource-registry-puppet.yaml
 235           - file: environments/neutron-ml2-cisco-n1kv.yaml
 236             title: Cisco N1KV backend
 237             description: >
 238               Enable a Cisco N1KV backend, configured via puppet
 239             requires:
 240               - overcloud-resource-registry-puppet.yaml
 241           - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
 242             title: Cisco Neutron plugin
 243             description:
 244             requires:
 245               - overcloud-resource-registry-puppet.yaml
 246           - file: environments/networking/neutron-midonet.yaml
 247             title: Neutron MidoNet Services
 248             description:
 249             requires:
 250               - overcloud-resource-registry-puppet.yaml
 251           - file: environments/neutron-nuage-config.yaml
 252             title: Neutron Nuage backend
 253             description: Enables Neutron Nuage backend on the controller
 254             requires:
 255               - overcloud-resource-registry-puppet.yaml
 256           - file: environments/neutron-opendaylight.yaml
 257             title: OpenDaylight
 258             description: Enables OpenDaylight
 259             requires:
 260               - overcloud-resource-registry-puppet.yaml
 261           - file: environments/neutron-ovs-dpdk.yaml
 262             title: DPDK with OVS
 263             description: Deploy DPDK with OVS
 264             requires:
 265               - overcloud-resource-registry-puppet.yaml
 266           - file: environments/neutron-ovs-dvr.yaml
 267             title: DVR
 268             description: Enables DVR in the Overcloud
 269             requires:
 270               - overcloud-resource-registry-puppet.yaml
 271           - file: environments/neutron-plumgrid.yaml
 272             title: PLUMgrid extensions
 273             description: Enables PLUMgrid extensions
 274             requires:
 275               - overcloud-resource-registry-puppet.yaml
 276           - file: environments/neutron-ml2-fujitsu-cfab.yaml
 277             title: Fujitsu Neutron plugin for C-Fabric
 278             description: Enable C-Fabric in the overcloud
 279             requires:
 280               - overcloud-resource-registry-puppet.yaml
 281           - file: environments/neutron-ml2-fujitsu-fossw.yaml
 282             title: Fujitsu Neutron plugin for FOS
 283             description: Enable FOS in the overcloud
 284             requires:
 285               - overcloud-resource-registry-puppet.yaml
 286           - file: environments/neutron-nsx.yaml
 287             title: Deploy NSX Services
 288             description:
 289             requires:
 290               - overcloud-resource-registry-puppet.yaml
 291           - file: environments/neutron-l2gw.yaml
 292             title: Neutron L2 gateway Service Plugin
 293             description: Enables Neutron L2 gateway Service Plugin and Agent
 294             requires:
 295               - overcloud-resource-registry-puppet.yaml
 296
 297   - title: Storage
 298     description:
 299     environment_groups:
 300       - title: Cinder backends
 301         description: >
 302           Enable various Cinder backends
 303         environments:
 304           - file: environments/cinder-pure-config.yaml
 305             title: Cinder Pure Storage FlashArray backend
 306             description:
 307             requires:
 308               - overcloud-resource-registry-puppet.yaml
 309           - file: environments/storage/cinder-netapp-config.yaml
 310             title: Cinder NetApp backend
 311             description:
 312             requires:
 313               - overcloud-resource-registry-puppet.yaml
 314           - file: environments/cinder-dellsc-config.yaml
 315             title: Cinder Dell EMC Storage Center ISCSI backend
 316             description: >
 317               Enables a Cinder Dell EMC Storage Center ISCSI backend
 318             requires:
 319               - overcloud-resource-registry-puppet.yaml
 320           - file: environments/cinder-dellemc-unity-config.yaml
 321             title: Cinder Dell EMC Unity backend
 322             description: >
 323               Enables a Cinder Dell EMC Unity backend,
 324           - file: environments/cinder-dellemc-vmax-iscsi-config.yaml
 325             title: Cinder Dell EMC VMAX ISCSI backend
 326             description: >
 327               Enables a Cinder Dell EMC VMAX ISCSI backend,
 328               configured via puppet
 329             requires:
 330               - overcloud-resource-registry-puppet.yaml
 331           - file: environments/cinder-hpelefthand-config.yaml
 332             title: Cinder HPELeftHandISCSI backend
 333             description: >
 334               Enables a Cinder HPELeftHandISCSI backend
 335             requires:
 336               - overcloud-resource-registry-puppet.yaml
 337           - file: environments/cinder-dellps-config.yaml
 338             title: Cinder Dell EMC PS Series backend
 339             description: >
 340               Enables a Cinder Dell EMC PS Series backend
 341             requires:
 342               - overcloud-resource-registry-puppet.yaml
 343           - file: environments/cinder-iser.yaml
 344             title: Cinder iSER backend
 345             description: >
 346               Enable a Cinder iSER RDMA backend, configured via puppet
 347           - file: environments/cinder-scaleio-config.yaml
 348             title: Cinder Dell EMC ScaleIO backend
 349             description: >
 350               Enables a Cinder Dell EMC ScaleIO backend
 351             requires:
 352               - overcloud-resource-registry-puppet.yaml
 353           - file: environments/cinder-veritas-hyperscale-config.yaml
 354             title: Cinder Veritas HyperScale backend
 355             description: >
 356               Enables a Cinder Veritas HyperScale backend,
 357               configured via puppet
 358             requires:
 359               - overcloud-resource-registry-puppet.yaml
 360       - title: Cinder backup service
 361         description:
 362         environments:
 363           - file: environments/cinder-backup.yaml
 364             title: Cinder backup service
 365             description: >
 366               OpenStack Cinder Backup service with Pacemaker
 367             requires:
 368               - environments/puppet-pacemaker.yaml
 369               - overcloud-resource-registry-puppet.yaml
 370       - title: Ceph
 371         description: >
 372           Enable the use of Ceph in the overcloud
 373         environments:
 374           - file: environments/puppet-ceph.yaml
 375             title: Ceph Storage Backend
 376             description: >
 377               Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
 378               use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
 379               colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
 380             requires:
 381               - overcloud-resource-registry-puppet.yaml
 382           - file: environments/storage/external-ceph.yaml
 383             title: Externally managed Ceph
 384             description: >
 385               Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
 386             requires:
 387               - overcloud-resource-registry-puppet.yaml
 388         mutually_exclusive: true
 389       - title: Additional Ceph Options
 390         description:
 391         environments:
 392           - file: environments/services/ceph-mds.yaml
 393             title: Deploys CephMDS
 394             description: >
 395               Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
 396               filesystems hosted in Ceph.
 397             requires:
 398               - environments/puppet-ceph.yaml
 399           - file: environments/ceph-radosgw.yaml
 400             title: Ceph Rados Gateway
 401             description: >
 402               Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
 403               which stores data in the Ceph cluster.
 404             requires:
 405               - environments/puppet-ceph.yaml
 406           - file: environments/manila-cephfsnative-config.yaml
 407             title: Manila with CephFS
 408             description: >
 409               Deploys Manila and configures it with the CephFS driver. This requires the deployment of
 410               Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
 411             requires:
 412               - overcloud-resource-registry-puppet.yaml
 413       - title: Manila with Unity
 414         description: >
 415           Deploys Manila and configures it with the Unity driver.
 416         environments:
 417           - file: environments/manila-unity-config.yaml
 418             title: Deploys Manila with Unity driver
 419             description: Deploys Manila and configures Unity as its default backend.
 420       - title: Manila with VNX
 421         description: >
 422           Deploys Manila and configures it with the VNX driver.
 423         environments:
 424           - file: environments/manila-vnx-config.yaml
 425             title: Deploys Manila with VNX driver
 426             description: Deploys Manila and configures VNX as its default backend.
 427       - title: Manila with VMAX
 428         description: >
 429           Deploys Manila and configures it with the VMAX driver.
 430         environments:
 431           - file: environments/manila-vmax-config.yaml
 432             title: Deploys Manila with VMAX driver
 433             description: Deploys Manila and configures VMAX as its default backend.
 434       - title: Manila with Isilon
 435         description: >
 436           Deploys Manila and configures it with the Isilon driver.
 437         environments:
 438           - file: environments/manila-isilon-config.yaml
 439             title: Deploys Manila with Isilon driver
 440             description: Deploys Manila and configures Isilon as its default backend.
 441             requires:
 442               - overcloud-resource-registry-puppet.yaml
 443       - title: Glance backends
 444         description:
 445         environments:
 446           - file: environments/storage/glance-nfs.yaml
 447             title: Glance NFS Backend
 448             description: |
 449               Configure and enable this option to enable the use of an NFS
 450               share as the backend for Glance.
 451             requires:
 452               - overcloud-resource-registry-puppet.yaml
 453
 454
 455   - title: Security
 456     description: Security Hardening Options
 457     environment_groups:
 458       - title: TLS
 459         description:
 460         environments:
 461           - file: environments/ssl/enable-tls.yaml
 462             title: SSL on OpenStack Public Endpoints
 463             description: >
 464               Use this option to pass in certificates for SSL deployments.
 465               For these values to take effect, one of the TLS endpoints
 466               options must also be used.
 467             requires:
 468               - overcloud-resource-registry-puppet.yaml
 469       - title: TLS Endpoints
 470         description:
 471         environments:
 472           - file: environments/ssl/tls-endpoints-public-dns.yaml
 473             title: SSL-enabled deployment with DNS name as public endpoint
 474             description: >
 475               Use this option when deploying an SSL-enabled overcloud where the public
 476               endpoint is a DNS name.
 477             requires:
 478               - environments/ssl/enable-tls.yaml
 479           - file: environments/ssl/tls-everywhere-endpoints-dns.yaml
 480             title: Deploy All SSL Endpoints as DNS names
 481             description: >
 482               Use this option when deploying an overcloud where all the endpoints are
 483               DNS names and there's TLS in all endpoint types.
 484             requires:
 485               - environments/ssl/enable-tls.yaml
 486           - file: environments/ssl/tls-endpoints-public-ip.yaml
 487             title: SSL-enabled deployment with IP address as public endpoint
 488             description: >
 489               Use this option when deploying an SSL-enabled overcloud where the public
 490               endpoint is an IP address.
 491             requires:
 492               - environments/ssl/enable-tls.yaml
 493         mutually_exclusive: true
 494       - title: SSH Banner Text
 495         description: Enables population of SSH Banner Text
 496         environments:
 497           - file: environments/sshd-banner.yaml
 498             title: SSH Banner Text
 499             description:
 500             requires:
 501               - overcloud-resource-registry-puppet.yaml
 502       - title: Horizon Password Validation
 503         description: Enable Horizon Password validation
 504         environments:
 505           - file: environments/horizon_password_validation.yaml
 506             title: Horizon Password Validation
 507             description:
 508             requires:
 509               - overcloud-resource-registry-puppet.yaml
 510       - title: AuditD Rules
 511         description:  Management of AuditD rules
 512         environments:
 513           - file: environments/auditd.yaml
 514             title: AuditD Rule Management
 515             description:
 516             requires:
 517               - overcloud-resource-registry-puppet.yaml
 518       - title: Keystone CADF auditing
 519         description: Enable CADF notifications in Keystone for auditing
 520         environments:
 521           - file: environments/cadf.yaml
 522             title: Keystone CADF auditing
 523       - title: SecureTTY Values
 524         description: Set values within /etc/securetty
 525         environments:
 526           - file: environments/securetty.yaml
 527             title: SecureTTY Values
 528
 529   - title: Additional Services
 530     description:
 531     environment_groups:
 532       - title:
 533         description: Deploy additional services
 534         environments:
 535           - file: environments/services/manila-generic-config.yaml
 536             title: Barbican
 537             description: Enable Barbican with the default secret store backend
 538             requires:
 539               - overcloud-resource-registry-puppet.yaml
 540           - file: environments/manila-generic-config.yaml
 541             title: Manila
 542             description: Enable Manila with generic driver backend
 543             requires:
 544               - overcloud-resource-registry-puppet.yaml
 545           - file: environments/services/sahara.yaml
 546             title: Sahara
 547             description: Deploy Sahara service
 548             requires:
 549               - overcloud-resource-registry-puppet.yaml
 550           - file: environments/services/ironic.yaml
 551             title: Ironic
 552             description: Deploy Ironic service
 553             requires:
 554               - overcloud-resource-registry-puppet.yaml
 555           - file: environments/services/mistral.yaml
 556             title: Mistral
 557             description: Deploy Mistral service
 558             requires:
 559               - overcloud-resource-registry-puppet.yaml
 560           - file: environments/services/ec2-api.yaml
 561             title: EC2 API
 562             description: Enable EC2-API service
 563             requires:
 564               - overcloud-resource-registry-puppet.yaml
 565           - file: environments/services/zaqar.yaml
 566             title: Zaqar
 567             description: Deploy Zaqar service
 568             requires:
 569               - overcloud-resource-registry-puppet.yaml
 570
 571   - title: Nova Extensions
 572     description:
 573     environment_groups:
 574       - title: Nova Extensions
 575         description:
 576         environments:
 577           - file: environments/nova-nuage-config.yaml
 578             title: Nuage backend
 579             description: >
 580               Enables Nuage backend on the Compute
 581             requires:
 582               - overcloud-resource-registry-puppet.yaml
 583
 584   - title: Operational Tools
 585     description:
 586     environment_groups:
 587       - title: Monitoring agents
 588         description: Enable monitoring agents
 589         environments:
 590           - file: environments/monitoring-environment.yaml
 591             title: Monitoring agents
 592             description:
 593             requires:
 594               - overcloud-resource-registry-puppet.yaml
 595       - title: Centralized logging support
 596         description: Enable centralized logging clients (fluentd)
 597         environments:
 598           - file: environments/logging-environment.yaml
 599             title: fluentd client
 600             description:
 601             requires:
 602               - overcloud-resource-registry-puppet.yaml
 603       - title: Performance monitoring
 604         description: Enable performance monitoring agents
 605         environments:
 606           - file: environments/collectd-environment.yaml
 607             title: Performance monitoring agents
 608             description:
 609             requires:
 610               - overcloud-resource-registry-puppet.yaml
 611
 612   - title: Utilities
 613     description:
 614     environment_groups:
 615       - title: Config Debug
 616         description: Enable config management (e.g. Puppet) debugging
 617         environments:
 618           - file: environments/config-debug.yaml
 619             title: Config Debug
 620             description:
 621             requires:
 622               - overcloud-resource-registry-puppet.yaml
 623       - title: Disable journal in MongoDb
 624         description: >
 625           Since, when journaling is enabled, MongoDb will create big journal
 626           file it can take time. In a CI environment for example journaling is
 627           not necessary.
 628         environments:
 629           - file: environments/mongodb-nojournal.yaml
 630             title: Disable journal in MongoDb
 631             description:
 632             requires:
 633               - overcloud-resource-registry-puppet.yaml
 634       - title: Overcloud Steps
 635         description: >
 636           Specifies hooks/breakpoints where overcloud deployment should stop
 637           Allows operator validation between steps, and/or more granular control.
 638           Note: the wildcards relate to naming convention for some resource suffixes,
 639           e.g see puppet/*-post.yaml, enabling this will mean we wait for
 640           a user signal on every *Deployment_StepN resource defined in those files.
 641         tags:
 642           - no-gui
 643         environments:
 644           - file: environments/overcloud-steps.yaml
 645             title: Overcloud Steps
 646             description:
 647             requires:
 648               - overcloud-resource-registry-puppet.yaml