capabilities-map.yaml

   1 # This file holds metadata about the capabilities of the tripleo-heat-templates
   2 # repository for deployment using puppet. It groups configuration by topic,
   3 # describes possible combinations of environments and resource capabilities.
   4
   5 # topics:
   6 # High Level grouping by purpose of environments
   7 # Attributes:
   8 #  title: (required)
   9 #  description: (optional)
  10 #  environment_groups: (required)
  11
  12 # environment_groups:
  13 # Identifies a group of environments.
  14 # Attributes:
  15 #  title: (optional)
  16 #  description: (optional)
  17 #  tags: a list of tags to provide additional information for e.g. filtering (optional)
  18 #  environments: (required)
  19 #  mutually_exclusive: (optional) boolean to identify that environments in group are mutually exclusive
  20
  21 # environments:
  22 # List of environments in environment group
  23 # Attributes:
  24 #  file: a file name including path within repository (required)
  25 #  title: (required)
  26 #  description: (optional)
  27 #  requires: an array of environments which are required by this environment (optional)
  28
  29 topics:
  30   - title: General Deployment Options
  31     description:
  32     environment_groups:
  33       - name: general-deployment-options
  34         title:
  35         description: Enables base configuration for all resources required for OpenStack Deployment
  36         environments:
  37           - file: overcloud-resource-registry-puppet.yaml
  38             title: Base resources configuration
  39             description:
  40       - title: Containerized Deployment
  41         description: >
  42           Configures Deployment to use containerized services
  43         environments:
  44           - file: environments/docker.yaml
  45             title: Containerized Deployment
  46             description:
  47             requires:
  48               - overcloud-resource-registry-puppet.yaml
  49       - title: High Availability
  50         description: Enables configuration of an Overcloud Controller with Pacemaker
  51         environments:
  52           - file: environments/puppet-pacemaker.yaml
  53             title: High Availability (Pacemaker)
  54             description:
  55             requires:
  56               - overcloud-resource-registry-puppet.yaml
  57
  58   - title: Network Configuration
  59     description:
  60     environment_groups:
  61       - title: Network Isolation
  62         description:
  63         environments:
  64           - file: environments/network-isolation.yaml
  65             title: Network Isolation
  66             description: >
  67               Enable the creation of Neutron networks for
  68               isolated Overcloud traffic and configure each role to assign ports
  69               (related to that role) on these networks.
  70             requires:
  71               - overcloud-resource-registry-puppet.yaml
  72           - file: environments/network-isolation-v6.yaml
  73             title: Network Isolation IPv6
  74             description: >
  75               Enable the creation of IPv6 Neutron networks for isolated Overcloud
  76               traffic and configure each role to assign ports (related
  77               to that role) on these networks.
  78             requires:
  79               - overcloud-resource-registry-puppet.yaml
  80         mutually_exclusive: true
  81       - title: NICs, Bonding, VLANs Configuration
  82         description: >
  83           Choose one of the pre-defined configurations or provide custom
  84           network-environment.yaml instead. Note that pre-defined configuration work
  85           only with standard Roles and Networks. These options assume use of Network Isolation.
  86         environments:
  87           - file: environments/net-bond-with-vlans.yaml
  88             title: Bond with Vlans
  89             description: >
  90               Configure each role to use a pair of bonded nics (nic2 and
  91               nic3) and configures an IP address on each relevant isolated network
  92               for each role. This option assumes use of Network Isolation.
  93             requires:
  94               - environments/network-isolation.yaml
  95           - file: environments/net-bond-with-vlans-no-external.yaml
  96             title: Bond with Vlans No External Ports
  97             description: >
  98               Configure each role to use a pair of bonded nics (nic2 and
  99               nic3) and configures an IP address on each relevant isolated network
 100               for each role. This option assumes use of Network Isolation.
 101               Sets external ports to noop.
 102             requires:
 103               - environments/network-isolation.yaml
 104           - file: environments/net-bond-with-vlans-v6.yaml
 105             title: Bond with Vlans IPv6
 106             description: >
 107               Configure each role to use a pair of bonded nics (nic2 and
 108               nic3) and configures an IP address on each relevant isolated network
 109               for each role, with IPv6 on the External network.
 110               This option assumes use of Network Isolation IPv6.
 111             requires:
 112               - environments/network-isolation-v6.yaml
 113           - file: environments/net-multiple-nics.yaml
 114             title: Multiple NICs
 115             description: >
 116               Configures each role to use a separate NIC for
 117               each isolated network.
 118               This option assumes use of Network Isolation.
 119             requires:
 120               - environments/network-isolation.yaml
 121           - file: environments/net-multiple-nics-v6.yaml
 122             title: Multiple NICs IPv6
 123             description: >
 124               Configure each role to use a separate NIC for
 125               each isolated network with IPv6 on the External network.
 126               This option assumes use of Network Isolation IPv6.
 127             requires:
 128               - environments/network-isolation-v6.yaml
 129           - file: environments/net-single-nic-with-vlans.yaml
 130             title: Single NIC with Vlans
 131             description: >
 132               Configure each role to use Vlans on a single NIC for
 133               each isolated network. This option assumes use of Network Isolation.
 134             requires:
 135               - environments/network-isolation.yaml
 136           - file: environments/net-single-nic-with-vlans-no-external.yaml
 137             title: Single NIC with Vlans No External Ports
 138             description: >
 139               Configure each role to use Vlans on a single NIC for
 140               each isolated network. This option assumes use of Network Isolation.
 141               Sets external ports to noop.
 142             requires:
 143               - environments/network-isolation.yaml
 144           - file: environments/net-single-nic-linux-bridge-with-vlans.yaml
 145             title: Single NIC with Linux Bridge Vlans
 146             description: >
 147               Configure each role to use Vlans on a single NIC for
 148               each isolated network. This option assumes use of Network Isolation.
 149             requires:
 150               - environments/network-isolation.yaml
 151           - file: environments/net-single-nic-with-vlans-v6.yaml
 152             title: Single NIC with Vlans IPv6
 153             description: >
 154               Configures each role to use Vlans on a single NIC for
 155               each isolated network with IPv6 on the External network.
 156               This option assumes use of Network Isolation IPv6
 157             requires:
 158               - environments/network-isolation-v6.yaml
 159         mutually_exclusive: true
 160       - title: Management Network
 161         description: >
 162           Enable the creation of a system management network. This
 163           creates a Neutron network for isolated Overcloud
 164           system management traffic and configures each role to
 165           assign a port (related to that role) on that network.
 166         environments:
 167           - file: environments/network-management.yaml
 168             title: Management Network
 169             description:
 170             requires:
 171               - overcloud-resource-registry-puppet.yaml
 172           - file: environments/network-management-v6.yaml
 173             title: Management Network IPv6
 174             description:
 175             requires:
 176               - overcloud-resource-registry-puppet.yaml
 177         mutually_exclusive: true
 178
 179       - title: Docker Network
 180         description: >
 181           [Temporary] Use this option when deploying containerized deployment
 182           without network isolation
 183         environments:
 184           - file: environments/docker-network.yaml
 185             title: Docker network
 186             description:
 187             requires:
 188               - environments/docker.yaml
 189
 190       - title: External load balancer
 191         description: >
 192           Enable external load balancer, requires network Isolation to be enabled.
 193           Note that this option assumes standard isolated networks set.
 194         environments:
 195           - file: environments/external-loadbalancer-vip.yaml
 196             title: External load balancer IPv4
 197             description: >
 198             requires:
 199               - environments/network-isolation.yaml
 200           - file: environments/external-loadbalancer-vip-v6.yaml
 201             title: External load balancer IPv6
 202             description: >
 203             requires:
 204               - environments/network-isolation-v6.yaml
 205         mutually_exclusive: true
 206
 207   - title: Neutron Plugin Configuration
 208     description:
 209     environment_groups:
 210       - title: Neutron Plugins
 211         description: >
 212           Enable various Neutron plugins and backends
 213         environments:
 214           - file: environments/neutron-bgpvpn.yaml
 215             title: Neutron BGPVPN Service Plugin
 216             description: Enables Neutron BGPVPN Service Plugin
 217             requires:
 218               - overcloud-resource-registry-puppet.yaml
 219           - file: environments/services/neutron-lbaasv2.yaml
 220             title: Neutron LBaaSv2 Service Plugin
 221             description: Enables Neutron LBaaSv2 Service Plugin and Agent
 222             requires:
 223               - overcloud-resource-registry-puppet.yaml
 224           - file: environments/neutron-ml2-bigswitch.yaml
 225             title: BigSwitch Extensions
 226             description: >
 227               Enable Big Switch extensions, configured via puppet
 228             requires:
 229               - overcloud-resource-registry-puppet.yaml
 230           - file: environments/neutron-ml2-cisco-n1kv.yaml
 231             title: Cisco N1KV backend
 232             description: >
 233               Enable a Cisco N1KV backend, configured via puppet
 234             requires:
 235               - overcloud-resource-registry-puppet.yaml
 236           - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
 237             title: Cisco Neutron plugin
 238             description:
 239             requires:
 240               - overcloud-resource-registry-puppet.yaml
 241           - file: environments/networking/neutron-midonet.yaml
 242             title: Neutron MidoNet Services
 243             description:
 244             requires:
 245               - overcloud-resource-registry-puppet.yaml
 246           - file: environments/neutron-nuage-config.yaml
 247             title: Neutron Nuage backend
 248             description: Enables Neutron Nuage backend on the controller
 249             requires:
 250               - overcloud-resource-registry-puppet.yaml
 251           - file: environments/neutron-opendaylight.yaml
 252             title: OpenDaylight
 253             description: Enables OpenDaylight
 254             requires:
 255               - overcloud-resource-registry-puppet.yaml
 256           - file: environments/neutron-ovs-dpdk.yaml
 257             title: DPDK with OVS
 258             description: Deploy DPDK with OVS
 259             requires:
 260               - overcloud-resource-registry-puppet.yaml
 261           - file: environments/neutron-ovs-dvr.yaml
 262             title: DVR
 263             description: Enables DVR in the Overcloud
 264             requires:
 265               - overcloud-resource-registry-puppet.yaml
 266           - file: environments/neutron-plumgrid.yaml
 267             title: PLUMgrid extensions
 268             description: Enables PLUMgrid extensions
 269             requires:
 270               - overcloud-resource-registry-puppet.yaml
 271           - file: environments/neutron-ml2-fujitsu-cfab.yaml
 272             title: Fujitsu Neutron plugin for C-Fabric
 273             description: Enable C-Fabric in the overcloud
 274             requires:
 275               - overcloud-resource-registry-puppet.yaml
 276           - file: environments/neutron-ml2-fujitsu-fossw.yaml
 277             title: Fujitsu Neutron plugin for FOS
 278             description: Enable FOS in the overcloud
 279             requires:
 280               - overcloud-resource-registry-puppet.yaml
 281           - file: environments/neutron-nsx.yaml
 282             title: Deploy NSX Services
 283             description:
 284             requires:
 285               - overcloud-resource-registry-puppet.yaml
 286           - file: environments/neutron-l2gw.yaml
 287             title: Neutron L2 gateway Service Plugin
 288             description: Enables Neutron L2 gateway Service Plugin and Agent
 289             requires:
 290               - overcloud-resource-registry-puppet.yaml
 291
 292   - title: Storage
 293     description:
 294     environment_groups:
 295       - title: Cinder backends
 296         description: >
 297           Enable various Cinder backends
 298         environments:
 299           - file: environments/cinder-pure-config.yaml
 300             title: Cinder Pure Storage FlashArray backend
 301             description:
 302             requires:
 303               - overcloud-resource-registry-puppet.yaml
 304           - file: environments/storage/cinder-netapp-config.yaml
 305             title: Cinder NetApp backend
 306             description:
 307             requires:
 308               - overcloud-resource-registry-puppet.yaml
 309           - file: environments/cinder-dellsc-config.yaml
 310             title: Cinder Dell EMC Storage Center ISCSI backend
 311             description: >
 312               Enables a Cinder Dell EMC Storage Center ISCSI backend
 313             requires:
 314               - overcloud-resource-registry-puppet.yaml
 315           - file: environments/cinder-dellemc-unity-config.yaml
 316             title: Cinder Dell EMC Unity backend
 317             description: >
 318               Enables a Cinder Dell EMC Unity backend,
 319               configured via puppet
 320             requires:
 321               - overcloud-resource-registry-puppet.yaml
 322           - file: environments/cinder-hpelefthand-config.yaml
 323             title: Cinder HPELeftHandISCSI backend
 324             description: >
 325               Enables a Cinder HPELeftHandISCSI backend
 326             requires:
 327               - overcloud-resource-registry-puppet.yaml
 328           - file: environments/cinder-dellps-config.yaml
 329             title: Cinder Dell EMC PS Series backend
 330             description: >
 331               Enables a Cinder Dell EMC PS Series backend
 332             requires:
 333               - overcloud-resource-registry-puppet.yaml
 334           - file: environments/cinder-iser.yaml
 335             title: Cinder iSER backend
 336             description: >
 337               Enable a Cinder iSER RDMA backend, configured via puppet
 338           - file: environments/cinder-scaleio-config.yaml
 339             title: Cinder Dell EMC ScaleIO backend
 340             description: >
 341               Enables a Cinder Dell EMC ScaleIO backend
 342             requires:
 343               - overcloud-resource-registry-puppet.yaml
 344           - file: environments/cinder-veritas-hyperscale-config.yaml
 345             title: Cinder Veritas HyperScale backend
 346             description: >
 347               Enables a Cinder Veritas HyperScale backend,
 348               configured via puppet
 349             requires:
 350               - overcloud-resource-registry-puppet.yaml
 351       - title: Cinder backup service
 352         description:
 353         environments:
 354           - file: environments/cinder-backup.yaml
 355             title: Cinder backup service
 356             description: >
 357               OpenStack Cinder Backup service with Pacemaker
 358             requires:
 359               - environments/puppet-pacemaker.yaml
 360               - overcloud-resource-registry-puppet.yaml
 361       - title: Ceph
 362         description: >
 363           Enable the use of Ceph in the overcloud
 364         environments:
 365           - file: environments/puppet-ceph.yaml
 366             title: Ceph Storage Backend
 367             description: >
 368               Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
 369               use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
 370               colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
 371             requires:
 372               - overcloud-resource-registry-puppet.yaml
 373           - file: environments/storage/external-ceph.yaml
 374             title: Externally managed Ceph
 375             description: >
 376               Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
 377             requires:
 378               - overcloud-resource-registry-puppet.yaml
 379         mutually_exclusive: true
 380       - title: Additional Ceph Options
 381         description:
 382         environments:
 383           - file: environments/services/ceph-mds.yaml
 384             title: Deploys CephMDS
 385             description: >
 386               Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
 387               filesystems hosted in Ceph.
 388             requires:
 389               - environments/puppet-ceph.yaml
 390           - file: environments/ceph-radosgw.yaml
 391             title: Ceph Rados Gateway
 392             description: >
 393               Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
 394               which stores data in the Ceph cluster.
 395             requires:
 396               - environments/puppet-ceph.yaml
 397           - file: environments/manila-cephfsnative-config.yaml
 398             title: Manila with CephFS
 399             description: >
 400               Deploys Manila and configures it with the CephFS driver. This requires the deployment of
 401               Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
 402             requires:
 403               - overcloud-resource-registry-puppet.yaml
 404       - title: Glance backends
 405         description:
 406         environments:
 407           - file: environments/storage/glance-nfs.yaml
 408             title: Glance NFS Backend
 409             description: |
 410               Configure and enable this option to enable the use of an NFS
 411               share as the backend for Glance.
 412             requires:
 413               - overcloud-resource-registry-puppet.yaml
 414
 415
 416   - title: Security
 417     description: Security Hardening Options
 418     environment_groups:
 419       - title: TLS
 420         description:
 421         environments:
 422           - file: environments/ssl/enable-tls.yaml
 423             title: SSL on OpenStack Public Endpoints
 424             description: >
 425               Use this option to pass in certificates for SSL deployments.
 426               For these values to take effect, one of the TLS endpoints
 427               options must also be used.
 428             requires:
 429               - overcloud-resource-registry-puppet.yaml
 430       - title: TLS Endpoints
 431         description:
 432         environments:
 433           - file: environments/ssl/tls-endpoints-public-dns.yaml
 434             title: SSL-enabled deployment with DNS name as public endpoint
 435             description: >
 436               Use this option when deploying an SSL-enabled overcloud where the public
 437               endpoint is a DNS name.
 438             requires:
 439               - environments/ssl/enable-tls.yaml
 440           - file: environments/ssl/tls-everywhere-endpoints-dns.yaml
 441             title: Deploy All SSL Endpoints as DNS names
 442             description: >
 443               Use this option when deploying an overcloud where all the endpoints are
 444               DNS names and there's TLS in all endpoint types.
 445             requires:
 446               - environments/ssl/enable-tls.yaml
 447           - file: environments/ssl/tls-endpoints-public-ip.yaml
 448             title: SSL-enabled deployment with IP address as public endpoint
 449             description: >
 450               Use this option when deploying an SSL-enabled overcloud where the public
 451               endpoint is an IP address.
 452             requires:
 453               - environments/ssl/enable-tls.yaml
 454         mutually_exclusive: true
 455       - title: SSH Banner Text
 456         description: Enables population of SSH Banner Text
 457         environments:
 458           - file: environments/sshd-banner.yaml
 459             title: SSH Banner Text
 460             description:
 461             requires:
 462               - overcloud-resource-registry-puppet.yaml
 463       - title: Horizon Password Validation
 464         description: Enable Horizon Password validation
 465         environments:
 466           - file: environments/horizon_password_validation.yaml
 467             title: Horizon Password Validation
 468             description:
 469             requires:
 470               - overcloud-resource-registry-puppet.yaml
 471       - title: AuditD Rules
 472         description:  Management of AuditD rules
 473         environments:
 474           - file: environments/auditd.yaml
 475             title: AuditD Rule Management
 476             description:
 477             requires:
 478               - overcloud-resource-registry-puppet.yaml
 479       - title: Keystone CADF auditing
 480         description: Enable CADF notifications in Keystone for auditing
 481         environments:
 482           - file: environments/cadf.yaml
 483             title: Keystone CADF auditing
 484       - title: SecureTTY Values
 485         description: Set values within /etc/securetty
 486         environments:
 487           - file: environments/securetty.yaml
 488             title: SecureTTY Values
 489
 490   - title: Additional Services
 491     description:
 492     environment_groups:
 493       - title:
 494         description: Deploy additional services
 495         environments:
 496           - file: environments/services/manila-generic-config.yaml
 497             title: Barbican
 498             description: Enable Barbican with the default secret store backend
 499             requires:
 500               - overcloud-resource-registry-puppet.yaml
 501           - file: environments/manila-generic-config.yaml
 502             title: Manila
 503             description: Enable Manila with generic driver backend
 504             requires:
 505               - overcloud-resource-registry-puppet.yaml
 506           - file: environments/services/sahara.yaml
 507             title: Sahara
 508             description: Deploy Sahara service
 509             requires:
 510               - overcloud-resource-registry-puppet.yaml
 511           - file: environments/services/ironic.yaml
 512             title: Ironic
 513             description: Deploy Ironic service
 514             requires:
 515               - overcloud-resource-registry-puppet.yaml
 516           - file: environments/services/mistral.yaml
 517             title: Mistral
 518             description: Deploy Mistral service
 519             requires:
 520               - overcloud-resource-registry-puppet.yaml
 521           - file: environments/services/ec2-api.yaml
 522             title: EC2 API
 523             description: Enable EC2-API service
 524             requires:
 525               - overcloud-resource-registry-puppet.yaml
 526           - file: environments/services/zaqar.yaml
 527             title: Zaqar
 528             description: Deploy Zaqar service
 529             requires:
 530               - overcloud-resource-registry-puppet.yaml
 531
 532   - title: Nova Extensions
 533     description:
 534     environment_groups:
 535       - title: Nova Extensions
 536         description:
 537         environments:
 538           - file: environments/nova-nuage-config.yaml
 539             title: Nuage backend
 540             description: >
 541               Enables Nuage backend on the Compute
 542             requires:
 543               - overcloud-resource-registry-puppet.yaml
 544
 545   - title: Operational Tools
 546     description:
 547     environment_groups:
 548       - title: Monitoring agents
 549         description: Enable monitoring agents
 550         environments:
 551           - file: environments/monitoring-environment.yaml
 552             title: Monitoring agents
 553             description:
 554             requires:
 555               - overcloud-resource-registry-puppet.yaml
 556       - title: Centralized logging support
 557         description: Enable centralized logging clients (fluentd)
 558         environments:
 559           - file: environments/logging-environment.yaml
 560             title: fluentd client
 561             description:
 562             requires:
 563               - overcloud-resource-registry-puppet.yaml
 564       - title: Performance monitoring
 565         description: Enable performance monitoring agents
 566         environments:
 567           - file: environments/collectd-environment.yaml
 568             title: Performance monitoring agents
 569             description:
 570             requires:
 571               - overcloud-resource-registry-puppet.yaml
 572
 573   - title: Utilities
 574     description:
 575     environment_groups:
 576       - title: Config Debug
 577         description: Enable config management (e.g. Puppet) debugging
 578         environments:
 579           - file: environments/config-debug.yaml
 580             title: Config Debug
 581             description:
 582             requires:
 583               - overcloud-resource-registry-puppet.yaml
 584       - title: Disable journal in MongoDb
 585         description: >
 586           Since, when journaling is enabled, MongoDb will create big journal
 587           file it can take time. In a CI environment for example journaling is
 588           not necessary.
 589         environments:
 590           - file: environments/mongodb-nojournal.yaml
 591             title: Disable journal in MongoDb
 592             description:
 593             requires:
 594               - overcloud-resource-registry-puppet.yaml
 595       - title: Overcloud Steps
 596         description: >
 597           Specifies hooks/breakpoints where overcloud deployment should stop
 598           Allows operator validation between steps, and/or more granular control.
 599           Note: the wildcards relate to naming convention for some resource suffixes,
 600           e.g see puppet/*-post.yaml, enabling this will mean we wait for
 601           a user signal on every *Deployment_StepN resource defined in those files.
 602         tags:
 603           - no-gui
 604         environments:
 605           - file: environments/overcloud-steps.yaml
 606             title: Overcloud Steps
 607             description:
 608             requires:
 609               - overcloud-resource-registry-puppet.yaml