Merge "Added OvS permission workaround for enabling DPDK"
[apex-tripleo-heat-templates.git] / capabilities-map.yaml
1 # This file holds metadata about the capabilities of the tripleo-heat-templates
2 # repository for deployment using puppet. It groups configuration by topic,
3 # describes possible combinations of environments and resource capabilities.
4
5 # topics:
6 # High Level grouping by purpose of environments
7 # Attributes:
8 #  title: (required)
9 #  description: (optional)
10 #  environment_groups: (required)
11
12 # environment_groups:
13 # Identifies an environment choice. If group includes multiple environments it
14 # indicates that environments in group are mutually exclusive.
15 # Attributes:
16 #  title: (optional)
17 #  description: (optional)
18 #  tags: a list of tags to provide additional information for e.g. filtering (optional)
19 #  environments: (required)
20
21 # environments:
22 # List of environments in environment group
23 # Attributes:
24 #  file: a file name including path within repository (required)
25 #  title: (required)
26 #  description: (optional)
27 #  requires: an array of environments which are required by this environment (optional)
28 #  resource_registry: [tbd] (optional)
29
30 # resource_registry:
31 # [tbd] Each environment can provide options on resource_registry level applicable
32 # only when that given environment is used. (resource_type of that environment can
33 # be implemented using multiple templates).
34
35 topics:
36   - title: Base Resources Configuration
37     description:
38     environment_groups:
39       - title:
40         description: Enable base configuration for all resources required for OpenStack Deployment
41         environments:
42           - file: overcloud-resource-registry-puppet.yaml
43             title: Base resources configuration
44             description:
45
46   - title: Deployment Options
47     description:
48     environment_groups:
49       - title: High Availability
50         description: Enables configuration of an Overcloud controller with Pacemaker
51         environments:
52           - file: environments/puppet-pacemaker.yaml
53             title: Pacemaker
54             description: Enable configuration of an Overcloud controller with Pacemaker
55             requires:
56               - overcloud-resource-registry-puppet.yaml
57       - title: Pacemaker options
58         description:
59         environments:
60           - file: environments/puppet-pacemaker-no-restart.yaml
61             title: Pacemaker No Restart
62             description:
63             requires:
64               - environments/puppet-pacemaker.yaml
65               - overcloud-resource-registry-puppet.yaml
66       - title: Docker RDO
67         description: >
68           Docker container with heat agents for containerized compute node
69         environments:
70           - file: environments/docker.yaml
71             title: Docker RDO
72             description:
73             requires:
74               - overcloud-resource-registry-puppet.yaml
75       - title: Enable TLS
76         description: >
77         environments:
78           - file: environments/enable-tls.yaml
79             title: TLS
80             description: >
81               Use this option to pass in certificates for SSL deployments.
82               For these values to take effect, one of the TLS endpoints
83               environments must also be used.
84             requires:
85               - overcloud-resource-registry-puppet.yaml
86       - title: TLS Endpoints
87         description: >
88         environments:
89           - file: environments/tls-endpoints-public-dns.yaml
90             title: SSL-enabled deployment with DNS name as public endpoint
91             description: >
92               Use this environment when deploying an SSL-enabled overcloud where the public
93               endpoint is a DNS name.
94             requires:
95               - environments/enable-tls.yaml
96               - overcloud-resource-registry-puppet.yaml
97           - file: environments/tls-endpoints-public-ip.yaml
98             title: SSL-enabled deployment with IP address as public endpoint
99             description: >
100               Use this environment when deploying an SSL-enabled overcloud where the public
101               endpoint is an IP address.
102             requires:
103               - environments/enable-tls.yaml
104               - overcloud-resource-registry-puppet.yaml
105       - title: External load balancer
106         description: >
107           Enable external load balancer
108         environments:
109           - file: environments/external-loadbalancer-vip-v6.yaml
110             title: External load balancer IPv6
111             description: >
112             requires:
113               - overcloud-resource-registry-puppet.yaml
114           - file: environments/external-loadbalancer-vip.yaml
115             title: External load balancer IPv4
116             description: >
117             requires:
118               - overcloud-resource-registry-puppet.yaml
119
120   - title: Additional Services
121     description: Deploy additional Overcloud services
122     environment_groups:
123       - title: Manila
124         description:
125         environments:
126           - file: environments/manila-generic-config.yaml
127             title: Manila
128             description: Enable Manila generic driver backend
129             requires:
130               - overcloud-resource-registry-puppet.yaml
131       - title: Sahara
132         description:
133         environments:
134           - file: environments/services/sahara.yaml
135             title: Sahara
136             description: Deploy Sahara service
137             requires:
138               - overcloud-resource-registry-puppet.yaml
139       - title: Ironic
140         description:
141         environments:
142           - file: environments/services/ironic.yaml
143             title: Ironic
144             description: Deploy Ironic service
145             requires:
146               - overcloud-resource-registry-puppet.yaml
147       - title: Mistral
148         description:
149         environments:
150           - file: environments/services/mistral.yaml
151             title: Mistral
152             description: Deploy Mistral service
153             requires:
154               - overcloud-resource-registry-puppet.yaml
155       - title: Ceilometer Api
156         description:
157         environments:
158           - file: environments/services/disable-ceilometer-api.yaml
159             title: Ceilometer Api
160             description: Disable Ceilometer Api service. This service is
161               deprecated and will be removed in future releases. Please move
162               to using gnocchi/aodh/panko apis instead.
163             requires:
164               - overcloud-resource-registry-puppet.yaml
165
166   # - title: Network Interface Configuration
167   #   description:
168   #   environment_groups:
169
170   - title: Overlay Network Configuration
171     description:
172     environment_groups:
173       - title: Network Isolation
174         description:
175         environments:
176           - file: environments/network-isolation.yaml
177             title: Network Isolation
178             description: >
179               Enable the creation of Neutron networks for
180               isolated Overcloud traffic and configure each role to assign ports
181               (related to that role) on these networks.
182             requires:
183               - overcloud-resource-registry-puppet.yaml
184           - file: environments/network-isolation-v6.yaml
185             title: Network Isolation IPv6
186             description: >
187               Enable the creation of IPv6 Neutron networks for isolated Overcloud
188               traffic and configure each role to assign ports (related
189               to that role) on these networks.
190             requires:
191               - overcloud-resource-registry-puppet.yaml
192       - title: Single NIC or Bonding
193         description: >
194           Configure roles to use pair of bonded nics or to use Vlans on a
195           single nic. This option assumes use of Network Isolation.
196         environments:
197           - file: environments/net-bond-with-vlans.yaml
198             title: Bond with Vlans
199             description: >
200               Configure each role to use a pair of bonded nics (nic2 and
201               nic3) and configures an IP address on each relevant isolated network
202               for each role. This option assumes use of Network Isolation.
203             requires:
204               - environments/network-isolation.yaml
205               - overcloud-resource-registry-puppet.yaml
206           - file: environments/net-bond-with-vlans-no-external.yaml
207             title: Bond with Vlans No External Ports
208             description: >
209               Configure each role to use a pair of bonded nics (nic2 and
210               nic3) and configures an IP address on each relevant isolated network
211               for each role. This option assumes use of Network Isolation.
212               Sets external ports to noop.
213             requires:
214               - environments/network-isolation.yaml
215               - overcloud-resource-registry-puppet.yaml
216           - file: environments/net-bond-with-vlans-v6.yaml
217             title: Bond with Vlans IPv6
218             description: >
219               Configure each role to use a pair of bonded nics (nic2 and
220               nic3) and configures an IP address on each relevant isolated network
221               for each role, with IPv6 on the External network.
222               This option assumes use of Network Isolation IPv6.
223             requires:
224               - environments/network-isolation-v6.yaml
225               - overcloud-resource-registry-puppet.yaml
226           - file: environments/net-multiple-nics.yaml
227             title: Multiple NICs
228             description: >
229               Configures each role to use a separate NIC for
230               each isolated network.
231               This option assumes use of Network Isolation.
232             requires:
233               - environments/network-isolation.yaml
234               - overcloud-resource-registry-puppet.yaml
235           - file: environments/net-multiple-nics-v6.yaml
236             title: Multiple NICs IPv6
237             description: >
238               Configure each role to use a separate NIC for
239               each isolated network with IPv6 on the External network.
240               This option assumes use of Network Isolation IPv6.
241             requires:
242               - environments/network-isolation-v6.yaml
243               - overcloud-resource-registry-puppet.yaml
244           - file: environments/net-single-nic-with-vlans.yaml
245             title: Single NIC with Vlans
246             description: >
247               Configure each role to use Vlans on a single NIC for
248               each isolated network. This option assumes use of Network Isolation.
249             requires:
250               - environments/network-isolation.yaml
251               - overcloud-resource-registry-puppet.yaml
252           - file: environments/net-single-nic-with-vlans-no-external.yaml
253             title: Single NIC with Vlans No External Ports
254             description: >
255               Configure each role to use Vlans on a single NIC for
256               each isolated network. This option assumes use of Network Isolation.
257               Sets external ports to noop.
258             requires:
259               - environments/network-isolation.yaml
260               - overcloud-resource-registry-puppet.yaml
261           - file: environments/net-single-nic-linux-bridge-with-vlans.yaml
262             title: Single NIC with Linux Bridge Vlans
263             description: >
264               Configure each role to use Vlans on a single NIC for
265               each isolated network. This option assumes use of Network Isolation.
266             requires:
267               - environments/network-isolation.yaml
268               - overcloud-resource-registry-puppet.yaml
269           - file: environments/net-single-nic-with-vlans-v6.yaml
270             title: Single NIC with Vlans IPv6
271             description: >
272               Configures each role to use Vlans on a single NIC for
273               each isolated network with IPv6 on the External network.
274               This option assumes use of Network Isolation IPv6
275             requires:
276               - environments/network-isolation-v6.yaml
277               - overcloud-resource-registry-puppet.yaml
278       - title: Management Network
279         description: >
280           Enable the creation of a system management network. This
281           creates a Neutron network for isolated Overcloud
282           system management traffic and configures each role to
283           assign a port (related to that role) on that network.
284         environments:
285           - file: environments/network-management.yaml
286             title: Management Network
287             description:
288             requires:
289               - overcloud-resource-registry-puppet.yaml
290           - file: environments/network-management-v6.yaml
291             title: Management Network IPv6
292             description:
293             requires:
294               - overcloud-resource-registry-puppet.yaml
295
296   - title: Neutron Plugin Configuration
297     description:
298     environment_groups:
299       - title: Neutron Plugins
300         description: >
301           Enable various Neutron plugins and backends
302         environments:
303           - file: environments/neutron-bgpvpn.yaml
304             title: Neutron BGPVPN Service Plugin
305             description: Enables Neutron BGPVPN Service Plugin
306             requires:
307               - overcloud-resource-registry-puppet.yaml
308           - file: environments/services/neutron-lbaasv2.yaml
309             title: Neutron LBaaSv2 Service Plugin
310             description: Enables Neutron LBaaSv2 Service Plugin and Agent
311             requires:
312               - overcloud-resource-registry-puppet.yaml
313           - file: environments/neutron-ml2-bigswitch.yaml
314             title: BigSwitch Extensions
315             description: >
316               Enable Big Switch extensions, configured via puppet
317             requires:
318               - overcloud-resource-registry-puppet.yaml
319           - file: environments/neutron-ml2-cisco-n1kv.yaml
320             title: Cisco N1KV backend
321             description: >
322               Enable a Cisco N1KV backend, configured via puppet
323             requires:
324               - overcloud-resource-registry-puppet.yaml
325           - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
326             title: Cisco Neutron plugin
327             description:
328             requires:
329               - overcloud-resource-registry-puppet.yaml
330           - file: environments/neutron-midonet.yaml
331             title: Deploy MidoNet Services
332             description:
333             requires:
334               - overcloud-resource-registry-puppet.yaml
335           - file: environments/neutron-nuage-config.yaml
336             title: Neutron Nuage backend
337             description: Enables Neutron Nuage backend on the controller
338             requires:
339               - overcloud-resource-registry-puppet.yaml
340           - file: environments/neutron-opendaylight.yaml
341             title: OpenDaylight
342             description: Enables OpenDaylight
343             requires:
344               - overcloud-resource-registry-puppet.yaml
345           - file: environments/neutron-ovs-dpdk.yaml
346             title: DPDK with OVS
347             description: Deploy DPDK with OVS
348             requires:
349               - overcloud-resource-registry-puppet.yaml
350           - file: environments/neutron-ovs-dvr.yaml
351             title: DVR
352             description: Enables DVR in the Overcloud
353             requires:
354               - overcloud-resource-registry-puppet.yaml
355           - file: environments/neutron-plumgrid.yaml
356             title: PLUMgrid extensions
357             description: Enables PLUMgrid extensions
358             requires:
359               - overcloud-resource-registry-puppet.yaml
360           - file: environments/neutron-ml2-fujitsu-cfab.yaml
361             title: Fujitsu Neutron plugin for C-Fabric
362             description: Enable C-Fabric in the overcloud
363             requires:
364               - overcloud-resource-registry-puppet.yaml
365           - file: environments/neutron-ml2-fujitsu-fossw.yaml
366             title: Fujitsu Neutron plugin for FOS
367             description: Enable FOS in the overcloud
368             requires:
369               - overcloud-resource-registry-puppet.yaml
370           - file: environments/neutron-nsx.yaml
371             title: Deploy NSX Services
372             description:
373             requires:
374               - overcloud-resource-registry-puppet.yaml
375           - file: environments/neutron-l2gw.yaml
376             title: Neutron L2 gateway Service Plugin
377             description: Enables Neutron L2 gateway Service Plugin and Agent
378             requires:
379               - overcloud-resource-registry-puppet.yaml
380
381   - title: Nova Extensions
382     description:
383     environment_groups:
384       - title: Nova Extensions
385         description:
386         environments:
387           - file: environments/nova-nuage-config.yaml
388             title: Nuage backend
389             description: >
390               Enables Nuage backend on the Compute
391             requires:
392               - overcloud-resource-registry-puppet.yaml
393
394   - title: Storage
395     description:
396     environment_groups:
397       - title: Cinder backup service
398         description:
399         environments:
400           - file: environments/cinder-backup.yaml
401             title: Cinder backup service
402             description: >
403               OpenStack Cinder Backup service with Pacemaker configured
404               with Puppet
405             requires:
406               - environments/puppet-pacemaker.yaml
407               - overcloud-resource-registry-puppet.yaml
408       - title: Cinder backend
409         description: >
410           Enable various Cinder backends
411         environments:
412           - file: environments/cinder-pure-config.yaml
413             title: Cinder Pure Storage FlashArray backend
414             description:
415             requires:
416               - overcloud-resource-registry-puppet.yaml
417           - file: environments/cinder-netapp-config.yaml
418             title: Cinder NetApp backend
419             description:
420             requires:
421               - overcloud-resource-registry-puppet.yaml
422           - file: environments/cinder-dellsc-config.yaml
423             title: Cinder Dell EMC Storage Center ISCSI backend
424             description: >
425               Enables a Cinder Dell EMC Storage Center ISCSI backend,
426               configured via puppet
427             requires:
428               - overcloud-resource-registry-puppet.yaml
429           - file: environments/cinder-hpelefthand-config.yaml
430             title: Cinder HPELeftHandISCSI backend
431             description: >
432               Enables a Cinder HPELeftHandISCSI backend, configured
433               via puppet
434             requires:
435               - overcloud-resource-registry-puppet.yaml
436           - file: environments/cinder-dellps-config.yaml
437             title: Cinder Dell EMC PS Series backend
438             description: >
439               Enables a Cinder Dell EMC PS Series backend,
440               configured via puppet
441             requires:
442               - overcloud-resource-registry-puppet.yaml
443           - file: environments/cinder-iser.yaml
444             title: Cinder iSER backend
445             description: >
446               Enable a Cinder iSER RDMA backend, configured via puppet
447           - file: environments/cinder-scaleio-config.yaml
448             title: Cinder Dell EMC ScaleIO backend
449             description: >
450               Enables a Cinder Dell EMC ScaleIO backend,
451               configured via puppet
452             requires:
453               - overcloud-resource-registry-puppet.yaml
454       - title: Ceph
455         description: >
456           Enable the use of Ceph in the overcloud
457         environments:
458           - file: environments/puppet-ceph-external.yaml
459             title: Externally managed Ceph
460             description: >
461               Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
462             requires:
463               - overcloud-resource-registry-puppet.yaml
464           - file: environments/puppet-ceph.yaml
465             title: TripleO managed Ceph
466             description: >
467               Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
468               use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
469               colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
470             requires:
471               - overcloud-resource-registry-puppet.yaml
472       - title: CephMDS
473         description: >
474           Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
475           filesystems hosted in Ceph.
476         environments:
477           - file: environments/services/ceph-mds.yaml
478             title: Deploys CephMDS
479             description:
480             requires:
481               - environments/puppet-ceph.yaml
482       - title: Ceph Rados Gateway
483         description: >
484           Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
485           which stores data in the Ceph cluster.
486         environments:
487           - file: environments/ceph-radosgw.yaml
488             title: Deploys CephRGW
489             description:
490             requires:
491               - environments/puppet-ceph.yaml
492       - title: Manila with CephFS
493         description: >
494           Deploys Manila and configures it with the CephFS driver. This requires the deployment of
495           Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
496         environments:
497           - file: environments/manila-cephfsnative-config.yaml
498             title: Deploys Manila with CephFS driver
499             description: Deploys Manila and configures CephFS as its default backend.
500             requires:
501               - overcloud-resource-registry-puppet.yaml
502       - title: Storage Environment
503         description: >
504           Can be used to set up storage backends. Defaults to Ceph used as a
505           backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It
506           configures which services will use Ceph, or if any of the services
507           will use NFS. And more. Usually requires to be edited by user first.
508         tags:
509           - no-gui
510         environments:
511           - file: environments/storage-environment.yaml
512             title: Storage Environment
513             description:
514             requires:
515               - overcloud-resource-registry-puppet.yaml
516
517   - title: Utilities
518     description:
519     environment_groups:
520       - title: Config Debug
521         description: Enable config management (e.g. Puppet) debugging
522         environments:
523           - file: environments/config-debug.yaml
524             title: Config Debug
525             description:
526             requires:
527               - overcloud-resource-registry-puppet.yaml
528       - title: Disable journal in MongoDb
529         description: >
530           Since, when journaling is enabled, MongoDb will create big journal
531           file it can take time. In a CI environment for example journaling is
532           not necessary.
533         environments:
534           - file: environments/mongodb-nojournal.yaml
535             title: Disable journal in MongoDb
536             description:
537             requires:
538               - overcloud-resource-registry-puppet.yaml
539       - title: Overcloud Steps
540         description: >
541           Specifies hooks/breakpoints where overcloud deployment should stop
542           Allows operator validation between steps, and/or more granular control.
543           Note: the wildcards relate to naming convention for some resource suffixes,
544           e.g see puppet/*-post.yaml, enabling this will mean we wait for
545           a user signal on every *Deployment_StepN resource defined in those files.
546         tags:
547           - no-gui
548         environments:
549           - file: environments/overcloud-steps.yaml
550             title: Overcloud Steps
551             description:
552             requires:
553               - overcloud-resource-registry-puppet.yaml
554
555   - title: Operational Tools
556     description:
557     environment_groups:
558       - title: Monitoring agents
559         description: Enable monitoring agents
560         environments:
561           - file: environments/monitoring-environment.yaml
562             title: Enable monitoring agents
563             description:
564             requires:
565               - overcloud-resource-registry-puppet.yaml
566       - title: Centralized logging support
567         description: Enable centralized logging clients (fluentd)
568         environments:
569           - file: environments/logging-environment.yaml
570             title: Enable fluentd client
571             description:
572             requires:
573               - overcloud-resource-registry-puppet.yaml
574       - title: Performance monitoring
575         description: Enable performance monitoring agents
576         environments:
577           - file: environments/collectd-environment.yaml
578             title: Enable performance monitoring agents
579             description:
580             requires:
581               - overcloud-resource-registry-puppet.yaml
582
583   - title: Security Options
584     description: Security Hardening Options
585     environment_groups:
586       - title: SSH Banner Text
587         description: Enables population of SSH Banner Text
588         environments:
589           - file: environments/sshd-banner.yaml
590             title: SSH Banner Text
591             description:
592             requires:
593               - overcloud-resource-registry-puppet.yaml
594       - title: Horizon Password Validation
595         description: Enable Horizon Password validation
596         environments:
597           - file: environments/horizon_password_validation.yaml
598             title: Horizon Password Validation
599             description:
600             requires:
601               - overcloud-resource-registry-puppet.yaml
602       - title: AuditD Rules
603         description:  Management of AuditD rules
604         environments:
605           - file: environments/auditd.yaml
606             title: AuditD Rule Management
607             description:
608             requires:
609               - overcloud-resource-registry-puppet.yaml
610       - title: Keystone CADF auditing
611         description: Enable CADF notifications in Keystone for auditing
612         environments:
613           - file: environments/cadf.yaml
614             title: Keystone CADF auditing
615       - title: SecureTTY Values
616         description: Set values within /etc/securetty
617         environments:
618           - file: environments/securetty.yaml
619             title: SecureTTY Values