capabilities-map.yaml

   1 # This file holds metadata about the capabilities of the tripleo-heat-templates
   2 # repository for deployment using puppet. It groups configuration by topic,
   3 # describes possible combinations of environments and resource capabilities.
   4
   5 # topics:
   6 # High Level grouping by purpose of environments
   7 # Attributes:
   8 #  title: (required)
   9 #  description: (optional)
  10 #  environment_groups: (required)
  11
  12 # environment_groups:
  13 # Identifies an environment choice. If group includes multiple environments it
  14 # indicates that environments in group are mutually exclusive.
  15 # Attributes:
  16 #  title: (optional)
  17 #  description: (optional)
  18 #  tags: a list of tags to provide additional information for e.g. filtering (optional)
  19 #  environments: (required)
  20
  21 # environments:
  22 # List of environments in environment group
  23 # Attributes:
  24 #  file: a file name including path within repository (required)
  25 #  title: (required)
  26 #  description: (optional)
  27 #  requires: an array of environments which are required by this environment (optional)
  28 #  resource_registry: [tbd] (optional)
  29
  30 # resource_registry:
  31 # [tbd] Each environment can provide options on resource_registry level applicable
  32 # only when that given environment is used. (resource_type of that environment can
  33 # be implemented using multiple templates).
  34
  35 topics:
  36   - title: Base Resources Configuration
  37     description:
  38     environment_groups:
  39       - title:
  40         description: Enable base configuration for all resources required for OpenStack Deployment
  41         environments:
  42           - file: overcloud-resource-registry-puppet.yaml
  43             title: Base resources configuration
  44             description:
  45
  46   - title: Deployment Options
  47     description:
  48     environment_groups:
  49       - title: High Availability
  50         description: Enables configuration of an Overcloud controller with Pacemaker
  51         environments:
  52           - file: environments/puppet-pacemaker.yaml
  53             title: Pacemaker
  54             description: Enable configuration of an Overcloud controller with Pacemaker
  55             requires:
  56               - overcloud-resource-registry-puppet.yaml
  57       - title: Pacemaker options
  58         description:
  59         environments:
  60           - file: environments/puppet-pacemaker-no-restart.yaml
  61             title: Pacemaker No Restart
  62             description:
  63             requires:
  64               - environments/puppet-pacemaker.yaml
  65               - overcloud-resource-registry-puppet.yaml
  66       - title: Docker RDO
  67         description: >
  68           Docker container with heat agents for containerized compute node
  69         environments:
  70           - file: environments/docker.yaml
  71             title: Docker RDO
  72             description:
  73             requires:
  74               - overcloud-resource-registry-puppet.yaml
  75       - title: Enable TLS
  76         description: >
  77         environments:
  78           - file: environments/enable-tls.yaml
  79             title: TLS
  80             description: >
  81               Use this option to pass in certificates for SSL deployments.
  82               For these values to take effect, one of the TLS endpoints
  83               environments must also be used.
  84             requires:
  85               - overcloud-resource-registry-puppet.yaml
  86       - title: TLS Endpoints
  87         description: >
  88         environments:
  89           - file: environments/tls-endpoints-public-dns.yaml
  90             title: SSL-enabled deployment with DNS name as public endpoint
  91             description: >
  92               Use this environment when deploying an SSL-enabled overcloud where the public
  93               endpoint is a DNS name.
  94             requires:
  95               - environments/enable-tls.yaml
  96               - overcloud-resource-registry-puppet.yaml
  97           - file: environments/tls-endpoints-public-ip.yaml
  98             title: SSL-enabled deployment with IP address as public endpoint
  99             description: >
 100               Use this environment when deploying an SSL-enabled overcloud where the public
 101               endpoint is an IP address.
 102             requires:
 103               - environments/enable-tls.yaml
 104               - overcloud-resource-registry-puppet.yaml
 105       - title: External load balancer
 106         description: >
 107           Enable external load balancer
 108         environments:
 109           - file: environments/external-loadbalancer-vip-v6.yaml
 110             title: External load balancer IPv6
 111             description: >
 112             requires:
 113               - overcloud-resource-registry-puppet.yaml
 114           - file: environments/external-loadbalancer-vip.yaml
 115             title: External load balancer IPv4
 116             description: >
 117             requires:
 118               - overcloud-resource-registry-puppet.yaml
 119
 120   - title: Additional Services
 121     description: Deploy additional Overcloud services
 122     environment_groups:
 123       - title: Manila
 124         description:
 125         environments:
 126           - file: environments/manila-generic-config.yaml
 127             title: Manila
 128             description: Enable Manila generic driver backend
 129             requires:
 130               - overcloud-resource-registry-puppet.yaml
 131       - title: Sahara
 132         description:
 133         environments:
 134           - file: environments/services/sahara.yaml
 135             title: Sahara
 136             description: Deploy Sahara service
 137             requires:
 138               - overcloud-resource-registry-puppet.yaml
 139       - title: Ironic
 140         description:
 141         environments:
 142           - file: environments/services/ironic.yaml
 143             title: Ironic
 144             description: Deploy Ironic service
 145             requires:
 146               - overcloud-resource-registry-puppet.yaml
 147       - title: Mistral
 148         description:
 149         environments:
 150           - file: environments/services/mistral.yaml
 151             title: Mistral
 152             description: Deploy Mistral service
 153             requires:
 154               - overcloud-resource-registry-puppet.yaml
 155       - title: Ceilometer Api
 156         description:
 157         environments:
 158           - file: environments/services/disable-ceilometer-api.yaml
 159             title: Ceilometer Api
 160             description: Disable Ceilometer Api service. This service is
 161               deprecated and will be removed in future releases. Please move
 162               to using gnocchi/aodh/panko apis instead.
 163             requires:
 164               - overcloud-resource-registry-puppet.yaml
 165
 166   # - title: Network Interface Configuration
 167   #   description:
 168   #   environment_groups:
 169
 170   - title: Overlay Network Configuration
 171     description:
 172     environment_groups:
 173       - title: Network Isolation
 174         description:
 175         environments:
 176           - file: environments/network-isolation.yaml
 177             title: Network Isolation
 178             description: >
 179               Enable the creation of Neutron networks for
 180               isolated Overcloud traffic and configure each role to assign ports
 181               (related to that role) on these networks.
 182             requires:
 183               - overcloud-resource-registry-puppet.yaml
 184           - file: environments/network-isolation-v6.yaml
 185             title: Network Isolation IPv6
 186             description: >
 187               Enable the creation of IPv6 Neutron networks for isolated Overcloud
 188               traffic and configure each role to assign ports (related
 189               to that role) on these networks.
 190             requires:
 191               - overcloud-resource-registry-puppet.yaml
 192       - title: Single NIC or Bonding
 193         description: >
 194           Configure roles to use pair of bonded nics or to use Vlans on a
 195           single nic. This option assumes use of Network Isolation.
 196         environments:
 197           - file: environments/net-bond-with-vlans.yaml
 198             title: Bond with Vlans
 199             description: >
 200               Configure each role to use a pair of bonded nics (nic2 and
 201               nic3) and configures an IP address on each relevant isolated network
 202               for each role. This option assumes use of Network Isolation.
 203             requires:
 204               - environments/network-isolation.yaml
 205               - overcloud-resource-registry-puppet.yaml
 206           - file: environments/net-bond-with-vlans-no-external.yaml
 207             title: Bond with Vlans No External Ports
 208             description: >
 209               Configure each role to use a pair of bonded nics (nic2 and
 210               nic3) and configures an IP address on each relevant isolated network
 211               for each role. This option assumes use of Network Isolation.
 212               Sets external ports to noop.
 213             requires:
 214               - environments/network-isolation.yaml
 215               - overcloud-resource-registry-puppet.yaml
 216           - file: environments/net-bond-with-vlans-v6.yaml
 217             title: Bond with Vlans IPv6
 218             description: >
 219               Configure each role to use a pair of bonded nics (nic2 and
 220               nic3) and configures an IP address on each relevant isolated network
 221               for each role, with IPv6 on the External network.
 222               This option assumes use of Network Isolation IPv6.
 223             requires:
 224               - environments/network-isolation-v6.yaml
 225               - overcloud-resource-registry-puppet.yaml
 226           - file: environments/net-multiple-nics.yaml
 227             title: Multiple NICs
 228             description: >
 229               Configures each role to use a separate NIC for
 230               each isolated network.
 231               This option assumes use of Network Isolation.
 232             requires:
 233               - environments/network-isolation.yaml
 234               - overcloud-resource-registry-puppet.yaml
 235           - file: environments/net-multiple-nics-v6.yaml
 236             title: Multiple NICs IPv6
 237             description: >
 238               Configure each role to use a separate NIC for
 239               each isolated network with IPv6 on the External network.
 240               This option assumes use of Network Isolation IPv6.
 241             requires:
 242               - environments/network-isolation-v6.yaml
 243               - overcloud-resource-registry-puppet.yaml
 244           - file: environments/net-single-nic-with-vlans.yaml
 245             title: Single NIC with Vlans
 246             description: >
 247               Configure each role to use Vlans on a single NIC for
 248               each isolated network. This option assumes use of Network Isolation.
 249             requires:
 250               - environments/network-isolation.yaml
 251               - overcloud-resource-registry-puppet.yaml
 252           - file: environments/net-single-nic-with-vlans-no-external.yaml
 253             title: Single NIC with Vlans No External Ports
 254             description: >
 255               Configure each role to use Vlans on a single NIC for
 256               each isolated network. This option assumes use of Network Isolation.
 257               Sets external ports to noop.
 258             requires:
 259               - environments/network-isolation.yaml
 260               - overcloud-resource-registry-puppet.yaml
 261           - file: environments/net-single-nic-linux-bridge-with-vlans.yaml
 262             title: Single NIC with Linux Bridge Vlans
 263             description: >
 264               Configure each role to use Vlans on a single NIC for
 265               each isolated network. This option assumes use of Network Isolation.
 266             requires:
 267               - environments/network-isolation.yaml
 268               - overcloud-resource-registry-puppet.yaml
 269           - file: environments/net-single-nic-with-vlans-v6.yaml
 270             title: Single NIC with Vlans IPv6
 271             description: >
 272               Configures each role to use Vlans on a single NIC for
 273               each isolated network with IPv6 on the External network.
 274               This option assumes use of Network Isolation IPv6
 275             requires:
 276               - environments/network-isolation-v6.yaml
 277               - overcloud-resource-registry-puppet.yaml
 278       - title: Management Network
 279         description: >
 280           Enable the creation of a system management network. This
 281           creates a Neutron network for isolated Overcloud
 282           system management traffic and configures each role to
 283           assign a port (related to that role) on that network.
 284         environments:
 285           - file: environments/network-management.yaml
 286             title: Management Network
 287             description:
 288             requires:
 289               - overcloud-resource-registry-puppet.yaml
 290           - file: environments/network-management-v6.yaml
 291             title: Management Network IPv6
 292             description:
 293             requires:
 294               - overcloud-resource-registry-puppet.yaml
 295
 296   - title: Neutron Plugin Configuration
 297     description:
 298     environment_groups:
 299       - title: Neutron Plugins
 300         description: >
 301           Enable various Neutron plugins and backends
 302         environments:
 303           - file: environments/neutron-bgpvpn.yaml
 304             title: Neutron BGPVPN Service Plugin
 305             description: Enables Neutron BGPVPN Service Plugin
 306             requires:
 307               - overcloud-resource-registry-puppet.yaml
 308           - file: environments/neutron-ml2-bigswitch.yaml
 309             title: BigSwitch Extensions
 310             description: >
 311               Enable Big Switch extensions, configured via puppet
 312             requires:
 313               - overcloud-resource-registry-puppet.yaml
 314           - file: environments/neutron-ml2-cisco-n1kv.yaml
 315             title: Cisco N1KV backend
 316             description: >
 317               Enable a Cisco N1KV backend, configured via puppet
 318             requires:
 319               - overcloud-resource-registry-puppet.yaml
 320           - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
 321             title: Cisco Neutron plugin
 322             description:
 323             requires:
 324               - overcloud-resource-registry-puppet.yaml
 325           - file: environments/neutron-midonet.yaml
 326             title: Deploy MidoNet Services
 327             description:
 328             requires:
 329               - overcloud-resource-registry-puppet.yaml
 330           - file: environments/neutron-nuage-config.yaml
 331             title: Neutron Nuage backend
 332             description: Enables Neutron Nuage backend on the controller
 333             requires:
 334               - overcloud-resource-registry-puppet.yaml
 335           - file: environments/neutron-opendaylight.yaml
 336             title: OpenDaylight
 337             description: Enables OpenDaylight
 338             requires:
 339               - overcloud-resource-registry-puppet.yaml
 340           - file: environments/neutron-ovs-dpdk.yaml
 341             title: DPDK with OVS
 342             description: Deploy DPDK with OVS
 343             requires:
 344               - overcloud-resource-registry-puppet.yaml
 345           - file: environments/neutron-ovs-dvr.yaml
 346             title: DVR
 347             description: Enables DVR in the Overcloud
 348             requires:
 349               - overcloud-resource-registry-puppet.yaml
 350           - file: environments/neutron-plumgrid.yaml
 351             title: PLUMgrid extensions
 352             description: Enables PLUMgrid extensions
 353             requires:
 354               - overcloud-resource-registry-puppet.yaml
 355           - file: environments/neutron-ml2-fujitsu-cfab.yaml
 356             title: Fujitsu Neutron plugin for C-Fabric
 357             description: Enable C-Fabric in the overcloud
 358             requires:
 359               - overcloud-resource-registry-puppet.yaml
 360           - file: environments/neutron-ml2-fujitsu-fossw.yaml
 361             title: Fujitsu Neutron plugin for FOS
 362             description: Enable FOS in the overcloud
 363             requires:
 364               - overcloud-resource-registry-puppet.yaml
 365           - file: environments/neutron-l2gw.yaml
 366             title: Neutron L2 gateway Service Plugin
 367             description: Enables Neutron L2 gateway Service Plugin
 368             requires:
 369               - overcloud-resource-registry-puppet.yaml
 370
 371   - title: Nova Extensions
 372     description:
 373     environment_groups:
 374       - title: Nova Extensions
 375         description:
 376         environments:
 377           - file: environments/nova-nuage-config.yaml
 378             title: Nuage backend
 379             description: >
 380               Enables Nuage backend on the Compute
 381             requires:
 382               - overcloud-resource-registry-puppet.yaml
 383
 384   - title: Storage
 385     description:
 386     environment_groups:
 387       - title: Cinder backup service
 388         description:
 389         environments:
 390           - file: environments/cinder-backup.yaml
 391             title: Cinder backup service
 392             description: >
 393               OpenStack Cinder Backup service with Pacemaker configured
 394               with Puppet
 395             requires:
 396               - environments/puppet-pacemaker.yaml
 397               - overcloud-resource-registry-puppet.yaml
 398       - title: Cinder backend
 399         description: >
 400           Enable various Cinder backends
 401         environments:
 402           - file: environments/cinder-netapp-config.yaml
 403             title: Cinder NetApp backend
 404             description:
 405             requires:
 406               - overcloud-resource-registry-puppet.yaml
 407           - file: environments/cinder-dellsc-config.yaml
 408             title: Cinder Dell EMC Storage Center ISCSI backend
 409             description: >
 410               Enables a Cinder Dell EMC Storage Center ISCSI backend,
 411               configured via puppet
 412             requires:
 413               - overcloud-resource-registry-puppet.yaml
 414           - file: environments/cinder-hpelefthand-config.yaml
 415             title: Cinder HPELeftHandISCSI backend
 416             description: >
 417               Enables a Cinder HPELeftHandISCSI backend, configured
 418               via puppet
 419             requires:
 420               - overcloud-resource-registry-puppet.yaml
 421           - file: environments/cinder-dellps-config.yaml
 422             title: Cinder Dell EMC PS Series backend
 423             description: >
 424               Enables a Cinder Dell EMC PS Series backend,
 425               configured via puppet
 426             requires:
 427               - overcloud-resource-registry-puppet.yaml
 428           - file: environments/cinder-iser.yaml
 429             title: Cinder iSER backend
 430             description: >
 431               Enable a Cinder iSER RDMA backend, configured via puppet
 432           - file: environments/cinder-scaleio-config.yaml
 433             title: Cinder Dell EMC ScaleIO backend
 434             description: >
 435               Enables a Cinder Dell EMC ScaleIO backend,
 436               configured via puppet
 437             requires:
 438               - overcloud-resource-registry-puppet.yaml
 439       - title: Ceph
 440         description: >
 441           Enable the use of Ceph in the overcloud
 442         environments:
 443           - file: environments/puppet-ceph-external.yaml
 444             title: Externally managed Ceph
 445             description: >
 446               Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
 447             requires:
 448               - overcloud-resource-registry-puppet.yaml
 449           - file: environments/puppet-ceph.yaml
 450             title: TripleO managed Ceph
 451             description: >
 452               Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
 453               use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
 454               colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
 455             requires:
 456               - overcloud-resource-registry-puppet.yaml
 457       - title: CephMDS
 458         description: >
 459           Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
 460           filesystems hosted in Ceph.
 461         environments:
 462           - file: environments/services/ceph-mds.yaml
 463             title: Deploys CephMDS
 464             description:
 465             requires:
 466               - environments/puppet-ceph.yaml
 467       - title: Ceph Rados Gateway
 468         description: >
 469           Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
 470           which stores data in the Ceph cluster.
 471         environments:
 472           - file: environments/ceph-radosgw.yaml
 473             title: Deploys CephRGW
 474             description:
 475             requires:
 476               - environments/puppet-ceph.yaml
 477       - title: Manila with CephFS
 478         description: >
 479           Deploys Manila and configures it with the CephFS driver. This requires the deployment of
 480           Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
 481         environments:
 482           - file: environments/manila-cephfsnative-config.yaml
 483             title: Deploys Manila with CephFS driver
 484             description: Deploys Manila and configures CephFS as its default backend.
 485             requires:
 486               - overcloud-resource-registry-puppet.yaml
 487       - title: Storage Environment
 488         description: >
 489           Can be used to set up storage backends. Defaults to Ceph used as a
 490           backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It
 491           configures which services will use Ceph, or if any of the services
 492           will use NFS. And more. Usually requires to be edited by user first.
 493         tags:
 494           - no-gui
 495         environments:
 496           - file: environments/storage-environment.yaml
 497             title: Storage Environment
 498             description:
 499             requires:
 500               - overcloud-resource-registry-puppet.yaml
 501
 502   - title: Utilities
 503     description:
 504     environment_groups:
 505       - title: Config Debug
 506         description: Enable config management (e.g. Puppet) debugging
 507         environments:
 508           - file: environments/config-debug.yaml
 509             title: Config Debug
 510             description:
 511             requires:
 512               - overcloud-resource-registry-puppet.yaml
 513       - title: Disable journal in MongoDb
 514         description: >
 515           Since, when journaling is enabled, MongoDb will create big journal
 516           file it can take time. In a CI environment for example journaling is
 517           not necessary.
 518         environments:
 519           - file: environments/mongodb-nojournal.yaml
 520             title: Disable journal in MongoDb
 521             description:
 522             requires:
 523               - overcloud-resource-registry-puppet.yaml
 524       - title: Overcloud Steps
 525         description: >
 526           Specifies hooks/breakpoints where overcloud deployment should stop
 527           Allows operator validation between steps, and/or more granular control.
 528           Note: the wildcards relate to naming convention for some resource suffixes,
 529           e.g see puppet/*-post.yaml, enabling this will mean we wait for
 530           a user signal on every *Deployment_StepN resource defined in those files.
 531         tags:
 532           - no-gui
 533         environments:
 534           - file: environments/overcloud-steps.yaml
 535             title: Overcloud Steps
 536             description:
 537             requires:
 538               - overcloud-resource-registry-puppet.yaml
 539
 540   - title: Operational Tools
 541     description:
 542     environment_groups:
 543       - title: Monitoring agents
 544         description: Enable monitoring agents
 545         environments:
 546           - file: environments/monitoring-environment.yaml
 547             title: Enable monitoring agents
 548             description:
 549             requires:
 550               - overcloud-resource-registry-puppet.yaml
 551       - title: Centralized logging support
 552         description: Enable centralized logging clients (fluentd)
 553         environments:
 554           - file: environments/logging-environment.yaml
 555             title: Enable fluentd client
 556             description:
 557             requires:
 558               - overcloud-resource-registry-puppet.yaml
 559       - title: Performance monitoring
 560         description: Enable performance monitoring agents
 561         environments:
 562           - file: environments/collectd-environment.yaml
 563             title: Enable performance monitoring agents
 564             description:
 565             requires:
 566               - overcloud-resource-registry-puppet.yaml
 567
 568   - title: Security Options
 569     description: Security Hardening Options
 570     environment_groups:
 571       - title: SSH Banner Text
 572         description: Enables population of SSH Banner Text
 573         environments:
 574           - file: environments/sshd-banner.yaml
 575             title: SSH Banner Text
 576             description:
 577             requires:
 578               - overcloud-resource-registry-puppet.yaml
 579       - title: Horizon Password Validation
 580         description: Enable Horizon Password validation
 581         environments:
 582           - file: environments/horizon_password_validation.yaml
 583             title: Horizon Password Validation
 584             description:
 585             requires:
 586               - overcloud-resource-registry-puppet.yaml
 587       - title: AuditD Rules
 588         description:  Management of AuditD rules
 589         environments:
 590           - file: environments/auditd.yaml
 591             title: AuditD Rule Management
 592             description:
 593             requires:
 594               - overcloud-resource-registry-puppet.yaml
 595       - title: Keystone CADF auditing
 596         description: Enable CADF notifications in Keystone for auditing
 597         environments:
 598           - file: environments/cadf.yaml
 599             title: Keystone CADF auditing
 600       - title: SecureTTY Values
 601         description: Set values within /etc/securetty
 602         environments:
 603           - file: environments/securetty.yaml
 604             title: SecureTTY Values