capabilities-map.yaml

   1 # This file holds metadata about the capabilities of the tripleo-heat-templates
   2 # repository for deployment using puppet. It groups configuration by topic,
   3 # describes possible combinations of environments and resource capabilities.
   4
   5 # topics:
   6 # High Level grouping by purpose of environments
   7 # Attributes:
   8 #  title: (required)
   9 #  description: (optional)
  10 #  environment_groups: (required)
  11
  12 # environment_groups:
  13 # Identifies an environment choice. If group includes multiple environments it
  14 # indicates that environments in group are mutually exclusive.
  15 # Attributes:
  16 #  title: (optional)
  17 #  description: (optional)
  18 #  tags: a list of tags to provide additional information for e.g. filtering (optional)
  19 #  environments: (required)
  20
  21 # environments:
  22 # List of environments in environment group
  23 # Attributes:
  24 #  file: a file name including path within repository (required)
  25 #  title: (required)
  26 #  description: (optional)
  27 #  requires: an array of environments which are required by this environment (optional)
  28 #  resource_registry: [tbd] (optional)
  29
  30 # resource_registry:
  31 # [tbd] Each environment can provide options on resource_registry level applicable
  32 # only when that given environment is used. (resource_type of that environment can
  33 # be implemented using multiple templates).
  34
  35 topics:
  36   - title: Base Resources Configuration
  37     description:
  38     environment_groups:
  39       - title:
  40         description: Enable base configuration for all resources required for OpenStack Deployment
  41         environments:
  42           - file: overcloud-resource-registry-puppet.yaml
  43             title: Base resources configuration
  44             description:
  45
  46   - title: Deployment Options
  47     description:
  48     environment_groups:
  49       - title: High Availability
  50         description: Enables configuration of an Overcloud controller with Pacemaker
  51         environments:
  52           - file: environments/puppet-pacemaker.yaml
  53             title: Pacemaker
  54             description: Enable configuration of an Overcloud controller with Pacemaker
  55             requires:
  56               - overcloud-resource-registry-puppet.yaml
  57       - title: Pacemaker options
  58         description:
  59         environments:
  60           - file: environments/puppet-pacemaker-no-restart.yaml
  61             title: Pacemaker No Restart
  62             description:
  63             requires:
  64               - environments/puppet-pacemaker.yaml
  65               - overcloud-resource-registry-puppet.yaml
  66       - title: Docker RDO
  67         description: >
  68           Docker container with heat agents for containerized compute node
  69         environments:
  70           - file: environments/docker.yaml
  71             title: Docker RDO
  72             description:
  73             requires:
  74               - overcloud-resource-registry-puppet.yaml
  75       - title: Enable TLS
  76         description: >
  77         environments:
  78           - file: environments/enable-tls.yaml
  79             title: TLS
  80             description: >
  81               Use this option to pass in certificates for SSL deployments.
  82               For these values to take effect, one of the TLS endpoints
  83               environments must also be used.
  84             requires:
  85               - overcloud-resource-registry-puppet.yaml
  86       - title: TLS Endpoints
  87         description: >
  88         environments:
  89           - file: environments/tls-endpoints-public-dns.yaml
  90             title: SSL-enabled deployment with DNS name as public endpoint
  91             description: >
  92               Use this environment when deploying an SSL-enabled overcloud where the public
  93               endpoint is a DNS name.
  94             requires:
  95               - environments/enable-tls.yaml
  96               - overcloud-resource-registry-puppet.yaml
  97           - file: environments/tls-endpoints-public-ip.yaml
  98             title: SSL-enabled deployment with IP address as public endpoint
  99             description: >
 100               Use this environment when deploying an SSL-enabled overcloud where the public
 101               endpoint is an IP address.
 102             requires:
 103               - environments/enable-tls.yaml
 104               - overcloud-resource-registry-puppet.yaml
 105       - title: External load balancer
 106         description: >
 107           Enable external load balancer
 108         environments:
 109           - file: environments/external-loadbalancer-vip-v6.yaml
 110             title: External load balancer IPv6
 111             description: >
 112             requires:
 113               - overcloud-resource-registry-puppet.yaml
 114           - file: environments/external-loadbalancer-vip.yaml
 115             title: External load balancer IPv4
 116             description: >
 117             requires:
 118               - overcloud-resource-registry-puppet.yaml
 119
 120   - title: Additional Services
 121     description: Deploy additional Overcloud services
 122     environment_groups:
 123       - title: Manila
 124         description:
 125         environments:
 126           - file: environments/manila-generic-config.yaml
 127             title: Manila
 128             description: Enable Manila generic driver backend
 129             requires:
 130               - overcloud-resource-registry-puppet.yaml
 131       - title: Sahara
 132         description:
 133         environments:
 134           - file: environments/services/sahara.yaml
 135             title: Sahara
 136             description: Deploy Sahara service
 137             requires:
 138               - overcloud-resource-registry-puppet.yaml
 139       - title: Ironic
 140         description:
 141         environments:
 142           - file: environments/services/ironic.yaml
 143             title: Ironic
 144             description: Deploy Ironic service
 145             requires:
 146               - overcloud-resource-registry-puppet.yaml
 147       - title: Mistral
 148         description:
 149         environments:
 150           - file: environments/services/mistral.yaml
 151             title: Mistral
 152             description: Deploy Mistral service
 153             requires:
 154               - overcloud-resource-registry-puppet.yaml
 155       - title: Ceilometer Api
 156         description:
 157         environments:
 158           - file: environments/services/disable-ceilometer-api.yaml
 159             title: Ceilometer Api
 160             description: Disable Ceilometer Api service. This service is
 161               deprecated and will be removed in future releases. Please move
 162               to using gnocchi/aodh/panko apis instead.
 163             requires:
 164               - overcloud-resource-registry-puppet.yaml
 165
 166   # - title: Network Interface Configuration
 167   #   description:
 168   #   environment_groups:
 169
 170   - title: Overlay Network Configuration
 171     description:
 172     environment_groups:
 173       - title: Network Isolation
 174         description:
 175         environments:
 176           - file: environments/network-isolation.yaml
 177             title: Network Isolation
 178             description: >
 179               Enable the creation of Neutron networks for
 180               isolated Overcloud traffic and configure each role to assign ports
 181               (related to that role) on these networks.
 182             requires:
 183               - overcloud-resource-registry-puppet.yaml
 184           - file: environments/network-isolation-v6.yaml
 185             title: Network Isolation IPv6
 186             description: >
 187               Enable the creation of IPv6 Neutron networks for isolated Overcloud
 188               traffic and configure each role to assign ports (related
 189               to that role) on these networks.
 190             requires:
 191               - overcloud-resource-registry-puppet.yaml
 192       - title: Single NIC or Bonding
 193         description: >
 194           Configure roles to use pair of bonded nics or to use Vlans on a
 195           single nic. This option assumes use of Network Isolation.
 196         environments:
 197           - file: environments/net-bond-with-vlans.yaml
 198             title: Bond with Vlans
 199             description: >
 200               Configure each role to use a pair of bonded nics (nic2 and
 201               nic3) and configures an IP address on each relevant isolated network
 202               for each role. This option assumes use of Network Isolation.
 203             requires:
 204               - environments/network-isolation.yaml
 205               - overcloud-resource-registry-puppet.yaml
 206           - file: environments/net-bond-with-vlans-no-external.yaml
 207             title: Bond with Vlans No External Ports
 208             description: >
 209               Configure each role to use a pair of bonded nics (nic2 and
 210               nic3) and configures an IP address on each relevant isolated network
 211               for each role. This option assumes use of Network Isolation.
 212               Sets external ports to noop.
 213             requires:
 214               - environments/network-isolation.yaml
 215               - overcloud-resource-registry-puppet.yaml
 216           - file: environments/net-bond-with-vlans-v6.yaml
 217             title: Bond with Vlans IPv6
 218             description: >
 219               Configure each role to use a pair of bonded nics (nic2 and
 220               nic3) and configures an IP address on each relevant isolated network
 221               for each role, with IPv6 on the External network.
 222               This option assumes use of Network Isolation IPv6.
 223             requires:
 224               - environments/network-isolation-v6.yaml
 225               - overcloud-resource-registry-puppet.yaml
 226           - file: environments/net-multiple-nics.yaml
 227             title: Multiple NICs
 228             description: >
 229               Configures each role to use a separate NIC for
 230               each isolated network.
 231               This option assumes use of Network Isolation.
 232             requires:
 233               - environments/network-isolation.yaml
 234               - overcloud-resource-registry-puppet.yaml
 235           - file: environments/net-multiple-nics-v6.yaml
 236             title: Multiple NICs IPv6
 237             description: >
 238               Configure each role to use a separate NIC for
 239               each isolated network with IPv6 on the External network.
 240               This option assumes use of Network Isolation IPv6.
 241             requires:
 242               - environments/network-isolation-v6.yaml
 243               - overcloud-resource-registry-puppet.yaml
 244           - file: environments/net-single-nic-with-vlans.yaml
 245             title: Single NIC with Vlans
 246             description: >
 247               Configure each role to use Vlans on a single NIC for
 248               each isolated network. This option assumes use of Network Isolation.
 249             requires:
 250               - environments/network-isolation.yaml
 251               - overcloud-resource-registry-puppet.yaml
 252           - file: environments/net-single-nic-with-vlans-no-external.yaml
 253             title: Single NIC with Vlans No External Ports
 254             description: >
 255               Configure each role to use Vlans on a single NIC for
 256               each isolated network. This option assumes use of Network Isolation.
 257               Sets external ports to noop.
 258             requires:
 259               - environments/network-isolation.yaml
 260               - overcloud-resource-registry-puppet.yaml
 261           - file: environments/net-single-nic-linux-bridge-with-vlans.yaml
 262             title: Single NIC with Linux Bridge Vlans
 263             description: >
 264               Configure each role to use Vlans on a single NIC for
 265               each isolated network. This option assumes use of Network Isolation.
 266             requires:
 267               - environments/network-isolation.yaml
 268               - overcloud-resource-registry-puppet.yaml
 269           - file: environments/net-single-nic-with-vlans-v6.yaml
 270             title: Single NIC with Vlans IPv6
 271             description: >
 272               Configures each role to use Vlans on a single NIC for
 273               each isolated network with IPv6 on the External network.
 274               This option assumes use of Network Isolation IPv6
 275             requires:
 276               - environments/network-isolation-v6.yaml
 277               - overcloud-resource-registry-puppet.yaml
 278       - title: Management Network
 279         description: >
 280           Enable the creation of a system management network. This
 281           creates a Neutron network for isolated Overcloud
 282           system management traffic and configures each role to
 283           assign a port (related to that role) on that network.
 284         environments:
 285           - file: environments/network-management.yaml
 286             title: Management Network
 287             description:
 288             requires:
 289               - overcloud-resource-registry-puppet.yaml
 290           - file: environments/network-management-v6.yaml
 291             title: Management Network IPv6
 292             description:
 293             requires:
 294               - overcloud-resource-registry-puppet.yaml
 295
 296   - title: Neutron Plugin Configuration
 297     description:
 298     environment_groups:
 299       - title: Neutron Plugins
 300         description: >
 301           Enable various Neutron plugins and backends
 302         environments:
 303           - file: environments/neutron-bgpvpn.yaml
 304             title: Neutron BGPVPN Service Plugin
 305             description: Enables Neutron BGPVPN Service Plugin
 306             requires:
 307               - overcloud-resource-registry-puppet.yaml
 308           - file: environments/services/neutron-lbaasv2.yaml
 309             title: Neutron LBaaSv2 Service Plugin
 310             description: Enables Neutron LBaaSv2 Service Plugin and Agent
 311             requires:
 312               - overcloud-resource-registry-puppet.yaml
 313           - file: environments/neutron-ml2-bigswitch.yaml
 314             title: BigSwitch Extensions
 315             description: >
 316               Enable Big Switch extensions, configured via puppet
 317             requires:
 318               - overcloud-resource-registry-puppet.yaml
 319           - file: environments/neutron-ml2-cisco-n1kv.yaml
 320             title: Cisco N1KV backend
 321             description: >
 322               Enable a Cisco N1KV backend, configured via puppet
 323             requires:
 324               - overcloud-resource-registry-puppet.yaml
 325           - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
 326             title: Cisco Neutron plugin
 327             description:
 328             requires:
 329               - overcloud-resource-registry-puppet.yaml
 330           - file: environments/neutron-midonet.yaml
 331             title: Deploy MidoNet Services
 332             description:
 333             requires:
 334               - overcloud-resource-registry-puppet.yaml
 335           - file: environments/neutron-nuage-config.yaml
 336             title: Neutron Nuage backend
 337             description: Enables Neutron Nuage backend on the controller
 338             requires:
 339               - overcloud-resource-registry-puppet.yaml
 340           - file: environments/neutron-opendaylight.yaml
 341             title: OpenDaylight
 342             description: Enables OpenDaylight
 343             requires:
 344               - overcloud-resource-registry-puppet.yaml
 345           - file: environments/neutron-ovs-dpdk.yaml
 346             title: DPDK with OVS
 347             description: Deploy DPDK with OVS
 348             requires:
 349               - overcloud-resource-registry-puppet.yaml
 350           - file: environments/neutron-ovs-dvr.yaml
 351             title: DVR
 352             description: Enables DVR in the Overcloud
 353             requires:
 354               - overcloud-resource-registry-puppet.yaml
 355           - file: environments/neutron-plumgrid.yaml
 356             title: PLUMgrid extensions
 357             description: Enables PLUMgrid extensions
 358             requires:
 359               - overcloud-resource-registry-puppet.yaml
 360           - file: environments/neutron-ml2-fujitsu-cfab.yaml
 361             title: Fujitsu Neutron plugin for C-Fabric
 362             description: Enable C-Fabric in the overcloud
 363             requires:
 364               - overcloud-resource-registry-puppet.yaml
 365           - file: environments/neutron-ml2-fujitsu-fossw.yaml
 366             title: Fujitsu Neutron plugin for FOS
 367             description: Enable FOS in the overcloud
 368             requires:
 369               - overcloud-resource-registry-puppet.yaml
 370           - file: environments/neutron-nsx.yaml
 371             title: Deploy NSX Services
 372             description:
 373             requires:
 374               - overcloud-resource-registry-puppet.yaml
 375           - file: environments/neutron-l2gw.yaml
 376             title: Neutron L2 gateway Service Plugin
 377             description: Enables Neutron L2 gateway Service Plugin and Agent
 378             requires:
 379               - overcloud-resource-registry-puppet.yaml
 380
 381   - title: Nova Extensions
 382     description:
 383     environment_groups:
 384       - title: Nova Extensions
 385         description:
 386         environments:
 387           - file: environments/nova-nuage-config.yaml
 388             title: Nuage backend
 389             description: >
 390               Enables Nuage backend on the Compute
 391             requires:
 392               - overcloud-resource-registry-puppet.yaml
 393
 394   - title: Storage
 395     description:
 396     environment_groups:
 397       - title: Cinder backup service
 398         description:
 399         environments:
 400           - file: environments/cinder-backup.yaml
 401             title: Cinder backup service
 402             description: >
 403               OpenStack Cinder Backup service with Pacemaker configured
 404               with Puppet
 405             requires:
 406               - environments/puppet-pacemaker.yaml
 407               - overcloud-resource-registry-puppet.yaml
 408       - title: Cinder backend
 409         description: >
 410           Enable various Cinder backends
 411         environments:
 412           - file: environments/cinder-pure-config.yaml
 413             title: Cinder Pure Storage FlashArray backend
 414             description:
 415             requires:
 416               - overcloud-resource-registry-puppet.yaml
 417           - file: environments/cinder-netapp-config.yaml
 418             title: Cinder NetApp backend
 419             description:
 420             requires:
 421               - overcloud-resource-registry-puppet.yaml
 422           - file: environments/cinder-dellsc-config.yaml
 423             title: Cinder Dell EMC Storage Center ISCSI backend
 424             description: >
 425               Enables a Cinder Dell EMC Storage Center ISCSI backend,
 426               configured via puppet
 427             requires:
 428               - overcloud-resource-registry-puppet.yaml
 429           - file: environments/cinder-hpelefthand-config.yaml
 430             title: Cinder HPELeftHandISCSI backend
 431             description: >
 432               Enables a Cinder HPELeftHandISCSI backend, configured
 433               via puppet
 434             requires:
 435               - overcloud-resource-registry-puppet.yaml
 436           - file: environments/cinder-dellps-config.yaml
 437             title: Cinder Dell EMC PS Series backend
 438             description: >
 439               Enables a Cinder Dell EMC PS Series backend,
 440               configured via puppet
 441             requires:
 442               - overcloud-resource-registry-puppet.yaml
 443           - file: environments/cinder-iser.yaml
 444             title: Cinder iSER backend
 445             description: >
 446               Enable a Cinder iSER RDMA backend, configured via puppet
 447           - file: environments/cinder-scaleio-config.yaml
 448             title: Cinder Dell EMC ScaleIO backend
 449             description: >
 450               Enables a Cinder Dell EMC ScaleIO backend,
 451               configured via puppet
 452             requires:
 453               - overcloud-resource-registry-puppet.yaml
 454       - title: Ceph
 455         description: >
 456           Enable the use of Ceph in the overcloud
 457         environments:
 458           - file: environments/puppet-ceph-external.yaml
 459             title: Externally managed Ceph
 460             description: >
 461               Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
 462             requires:
 463               - overcloud-resource-registry-puppet.yaml
 464           - file: environments/puppet-ceph.yaml
 465             title: TripleO managed Ceph
 466             description: >
 467               Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
 468               use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
 469               colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
 470             requires:
 471               - overcloud-resource-registry-puppet.yaml
 472       - title: CephMDS
 473         description: >
 474           Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
 475           filesystems hosted in Ceph.
 476         environments:
 477           - file: environments/services/ceph-mds.yaml
 478             title: Deploys CephMDS
 479             description:
 480             requires:
 481               - environments/puppet-ceph.yaml
 482       - title: Ceph Rados Gateway
 483         description: >
 484           Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
 485           which stores data in the Ceph cluster.
 486         environments:
 487           - file: environments/ceph-radosgw.yaml
 488             title: Deploys CephRGW
 489             description:
 490             requires:
 491               - environments/puppet-ceph.yaml
 492       - title: Manila with CephFS
 493         description: >
 494           Deploys Manila and configures it with the CephFS driver. This requires the deployment of
 495           Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
 496         environments:
 497           - file: environments/manila-cephfsnative-config.yaml
 498             title: Deploys Manila with CephFS driver
 499             description: Deploys Manila and configures CephFS as its default backend.
 500             requires:
 501               - overcloud-resource-registry-puppet.yaml
 502       - title: Storage Environment
 503         description: >
 504           Can be used to set up storage backends. Defaults to Ceph used as a
 505           backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It
 506           configures which services will use Ceph, or if any of the services
 507           will use NFS. And more. Usually requires to be edited by user first.
 508         tags:
 509           - no-gui
 510         environments:
 511           - file: environments/storage-environment.yaml
 512             title: Storage Environment
 513             description:
 514             requires:
 515               - overcloud-resource-registry-puppet.yaml
 516
 517   - title: Utilities
 518     description:
 519     environment_groups:
 520       - title: Config Debug
 521         description: Enable config management (e.g. Puppet) debugging
 522         environments:
 523           - file: environments/config-debug.yaml
 524             title: Config Debug
 525             description:
 526             requires:
 527               - overcloud-resource-registry-puppet.yaml
 528       - title: Disable journal in MongoDb
 529         description: >
 530           Since, when journaling is enabled, MongoDb will create big journal
 531           file it can take time. In a CI environment for example journaling is
 532           not necessary.
 533         environments:
 534           - file: environments/mongodb-nojournal.yaml
 535             title: Disable journal in MongoDb
 536             description:
 537             requires:
 538               - overcloud-resource-registry-puppet.yaml
 539       - title: Overcloud Steps
 540         description: >
 541           Specifies hooks/breakpoints where overcloud deployment should stop
 542           Allows operator validation between steps, and/or more granular control.
 543           Note: the wildcards relate to naming convention for some resource suffixes,
 544           e.g see puppet/*-post.yaml, enabling this will mean we wait for
 545           a user signal on every *Deployment_StepN resource defined in those files.
 546         tags:
 547           - no-gui
 548         environments:
 549           - file: environments/overcloud-steps.yaml
 550             title: Overcloud Steps
 551             description:
 552             requires:
 553               - overcloud-resource-registry-puppet.yaml
 554
 555   - title: Operational Tools
 556     description:
 557     environment_groups:
 558       - title: Monitoring agents
 559         description: Enable monitoring agents
 560         environments:
 561           - file: environments/monitoring-environment.yaml
 562             title: Enable monitoring agents
 563             description:
 564             requires:
 565               - overcloud-resource-registry-puppet.yaml
 566       - title: Centralized logging support
 567         description: Enable centralized logging clients (fluentd)
 568         environments:
 569           - file: environments/logging-environment.yaml
 570             title: Enable fluentd client
 571             description:
 572             requires:
 573               - overcloud-resource-registry-puppet.yaml
 574       - title: Performance monitoring
 575         description: Enable performance monitoring agents
 576         environments:
 577           - file: environments/collectd-environment.yaml
 578             title: Enable performance monitoring agents
 579             description:
 580             requires:
 581               - overcloud-resource-registry-puppet.yaml
 582
 583   - title: Security Options
 584     description: Security Hardening Options
 585     environment_groups:
 586       - title: SSH Banner Text
 587         description: Enables population of SSH Banner Text
 588         environments:
 589           - file: environments/sshd-banner.yaml
 590             title: SSH Banner Text
 591             description:
 592             requires:
 593               - overcloud-resource-registry-puppet.yaml
 594       - title: Horizon Password Validation
 595         description: Enable Horizon Password validation
 596         environments:
 597           - file: environments/horizon_password_validation.yaml
 598             title: Horizon Password Validation
 599             description:
 600             requires:
 601               - overcloud-resource-registry-puppet.yaml
 602       - title: AuditD Rules
 603         description:  Management of AuditD rules
 604         environments:
 605           - file: environments/auditd.yaml
 606             title: AuditD Rule Management
 607             description:
 608             requires:
 609               - overcloud-resource-registry-puppet.yaml
 610       - title: Keystone CADF auditing
 611         description: Enable CADF notifications in Keystone for auditing
 612         environments:
 613           - file: environments/cadf.yaml
 614             title: Keystone CADF auditing
 615       - title: SecureTTY Values
 616         description: Set values within /etc/securetty
 617         environments:
 618           - file: environments/securetty.yaml
 619             title: SecureTTY Values