capabilities-map.yaml

   1 # This file holds metadata about the capabilities of the tripleo-heat-templates
   2 # repository for deployment using puppet. It groups configuration by topic,
   3 # describes possible combinations of environments and resource capabilities.
   4
   5 # topics:
   6 # High Level grouping by purpose of environments
   7 # Attributes:
   8 #  title: (required)
   9 #  description: (optional)
  10 #  environment_groups: (required)
  11
  12 # environment_groups:
  13 # Identifies an environment choice. If group includes multiple environments it
  14 # indicates that environments in group are mutually exclusive.
  15 # Attributes:
  16 #  title: (optional)
  17 #  description: (optional)
  18 #  tags: a list of tags to provide additional information for e.g. filtering (optional)
  19 #  environments: (required)
  20
  21 # environments:
  22 # List of environments in environment group
  23 # Attributes:
  24 #  file: a file name including path within repository (required)
  25 #  title: (required)
  26 #  description: (optional)
  27 #  requires: an array of environments which are required by this environment (optional)
  28 #  resource_registry: [tbd] (optional)
  29
  30 # resource_registry:
  31 # [tbd] Each environment can provide options on resource_registry level applicable
  32 # only when that given environment is used. (resource_type of that environment can
  33 # be implemented using multiple templates).
  34
  35 topics:
  36   - title: Base Resources Configuration
  37     description:
  38     environment_groups:
  39       - title:
  40         description: Enable base configuration for all resources required for OpenStack Deployment
  41         environments:
  42           - file: overcloud-resource-registry-puppet.yaml
  43             title: Base resources configuration
  44             description:
  45
  46   - title: Deployment Options
  47     description:
  48     environment_groups:
  49       - title: High Availability
  50         description: Enables configuration of an Overcloud controller with Pacemaker
  51         environments:
  52           - file: environments/puppet-pacemaker.yaml
  53             title: Pacemaker
  54             description: Enable configuration of an Overcloud controller with Pacemaker
  55             requires:
  56               - overcloud-resource-registry-puppet.yaml
  57       - title: Pacemaker options
  58         description:
  59         environments:
  60           - file: environments/puppet-pacemaker-no-restart.yaml
  61             title: Pacemaker No Restart
  62             description:
  63             requires:
  64               - environments/puppet-pacemaker.yaml
  65               - overcloud-resource-registry-puppet.yaml
  66       - title: Docker RDO
  67         description: >
  68           Docker container with heat agents for containerized compute node
  69         environments:
  70           - file: environments/docker.yaml
  71             title: Docker RDO
  72             description:
  73             requires:
  74               - overcloud-resource-registry-puppet.yaml
  75       - title: Enable TLS
  76         description: >
  77         environments:
  78           - file: environments/enable-tls.yaml
  79             title: TLS
  80             description: >
  81               Use this option to pass in certificates for SSL deployments.
  82               For these values to take effect, one of the TLS endpoints
  83               environments must also be used.
  84             requires:
  85               - overcloud-resource-registry-puppet.yaml
  86       - title: TLS Endpoints
  87         description: >
  88         environments:
  89           - file: environments/tls-endpoints-public-dns.yaml
  90             title: SSL-enabled deployment with DNS name as public endpoint
  91             description: >
  92               Use this environment when deploying an SSL-enabled overcloud where the public
  93               endpoint is a DNS name.
  94             requires:
  95               - environments/enable-tls.yaml
  96               - overcloud-resource-registry-puppet.yaml
  97           - file: environments/tls-endpoints-public-ip.yaml
  98             title: SSL-enabled deployment with IP address as public endpoint
  99             description: >
 100               Use this environment when deploying an SSL-enabled overcloud where the public
 101               endpoint is an IP address.
 102             requires:
 103               - environments/enable-tls.yaml
 104               - overcloud-resource-registry-puppet.yaml
 105       - title: External load balancer
 106         description: >
 107           Enable external load balancer
 108         environments:
 109           - file: environments/external-loadbalancer-vip-v6.yaml
 110             title: External load balancer IPv6
 111             description: >
 112             requires:
 113               - overcloud-resource-registry-puppet.yaml
 114           - file: environments/external-loadbalancer-vip.yaml
 115             title: External load balancer IPv4
 116             description: >
 117             requires:
 118               - overcloud-resource-registry-puppet.yaml
 119
 120   - title: Additional Services
 121     description: Deploy additional Overcloud services
 122     environment_groups:
 123       - title: Manila
 124         description:
 125         environments:
 126           - file: environments/manila-generic-config.yaml
 127             title: Manila
 128             description: Enable Manila generic driver backend
 129             requires:
 130               - overcloud-resource-registry-puppet.yaml
 131       - title: Sahara
 132         description:
 133         environments:
 134           - file: environments/services/sahara.yaml
 135             title: Sahara
 136             description: Deploy Sahara service
 137             requires:
 138               - overcloud-resource-registry-puppet.yaml
 139       - title: Ironic
 140         description:
 141         environments:
 142           - file: environments/services/ironic.yaml
 143             title: Ironic
 144             description: Deploy Ironic service
 145             requires:
 146               - overcloud-resource-registry-puppet.yaml
 147       - title: Mistral
 148         description:
 149         environments:
 150           - file: environments/services/mistral.yaml
 151             title: Mistral
 152             description: Deploy Mistral service
 153             requires:
 154               - overcloud-resource-registry-puppet.yaml
 155       - title: Ceilometer Api
 156         description:
 157         environments:
 158           - file: environments/services/disable-ceilometer-api.yaml
 159             title: Ceilometer Api
 160             description: Disable Ceilometer Api service. This service is
 161               deprecated and will be removed in future releases. Please move
 162               to using gnocchi/aodh/panko apis instead.
 163             requires:
 164               - overcloud-resource-registry-puppet.yaml
 165
 166   # - title: Network Interface Configuration
 167   #   description:
 168   #   environment_groups:
 169
 170   - title: Overlay Network Configuration
 171     description:
 172     environment_groups:
 173       - title: Network Isolation
 174         description:
 175         environments:
 176           - file: environments/network-isolation.yaml
 177             title: Network Isolation
 178             description: >
 179               Enable the creation of Neutron networks for
 180               isolated Overcloud traffic and configure each role to assign ports
 181               (related to that role) on these networks.
 182             requires:
 183               - overcloud-resource-registry-puppet.yaml
 184           - file: environments/network-isolation-v6.yaml
 185             title: Network Isolation IPv6
 186             description: >
 187               Enable the creation of IPv6 Neutron networks for isolated Overcloud
 188               traffic and configure each role to assign ports (related
 189               to that role) on these networks.
 190             requires:
 191               - overcloud-resource-registry-puppet.yaml
 192       - title: Single NIC or Bonding
 193         description: >
 194           Configure roles to use pair of bonded nics or to use Vlans on a
 195           single nic. This option assumes use of Network Isolation.
 196         environments:
 197           - file: environments/net-bond-with-vlans.yaml
 198             title: Bond with Vlans
 199             description: >
 200               Configure each role to use a pair of bonded nics (nic2 and
 201               nic3) and configures an IP address on each relevant isolated network
 202               for each role. This option assumes use of Network Isolation.
 203             requires:
 204               - environments/network-isolation.yaml
 205               - overcloud-resource-registry-puppet.yaml
 206           - file: environments/net-bond-with-vlans-no-external.yaml
 207             title: Bond with Vlans No External Ports
 208             description: >
 209               Configure each role to use a pair of bonded nics (nic2 and
 210               nic3) and configures an IP address on each relevant isolated network
 211               for each role. This option assumes use of Network Isolation.
 212               Sets external ports to noop.
 213             requires:
 214               - environments/network-isolation.yaml
 215               - overcloud-resource-registry-puppet.yaml
 216           - file: environments/net-bond-with-vlans-v6.yaml
 217             title: Bond with Vlans IPv6
 218             description: >
 219               Configure each role to use a pair of bonded nics (nic2 and
 220               nic3) and configures an IP address on each relevant isolated network
 221               for each role, with IPv6 on the External network.
 222               This option assumes use of Network Isolation IPv6.
 223             requires:
 224               - environments/network-isolation-v6.yaml
 225               - overcloud-resource-registry-puppet.yaml
 226           - file: environments/net-multiple-nics.yaml
 227             title: Multiple NICs
 228             description: >
 229               Configures each role to use a separate NIC for
 230               each isolated network.
 231               This option assumes use of Network Isolation.
 232             requires:
 233               - environments/network-isolation.yaml
 234               - overcloud-resource-registry-puppet.yaml
 235           - file: environments/net-multiple-nics-v6.yaml
 236             title: Multiple NICs IPv6
 237             description: >
 238               Configure each role to use a separate NIC for
 239               each isolated network with IPv6 on the External network.
 240               This option assumes use of Network Isolation IPv6.
 241             requires:
 242               - environments/network-isolation-v6.yaml
 243               - overcloud-resource-registry-puppet.yaml
 244           - file: environments/net-single-nic-with-vlans.yaml
 245             title: Single NIC with Vlans
 246             description: >
 247               Configure each role to use Vlans on a single NIC for
 248               each isolated network. This option assumes use of Network Isolation.
 249             requires:
 250               - environments/network-isolation.yaml
 251               - overcloud-resource-registry-puppet.yaml
 252           - file: environments/net-single-nic-with-vlans-no-external.yaml
 253             title: Single NIC with Vlans No External Ports
 254             description: >
 255               Configure each role to use Vlans on a single NIC for
 256               each isolated network. This option assumes use of Network Isolation.
 257               Sets external ports to noop.
 258             requires:
 259               - environments/network-isolation.yaml
 260               - overcloud-resource-registry-puppet.yaml
 261           - file: environments/net-single-nic-linux-bridge-with-vlans.yaml
 262             title: Single NIC with Linux Bridge Vlans
 263             description: >
 264               Configure each role to use Vlans on a single NIC for
 265               each isolated network. This option assumes use of Network Isolation.
 266             requires:
 267               - environments/network-isolation.yaml
 268               - overcloud-resource-registry-puppet.yaml
 269           - file: environments/net-single-nic-with-vlans-v6.yaml
 270             title: Single NIC with Vlans IPv6
 271             description: >
 272               Configures each role to use Vlans on a single NIC for
 273               each isolated network with IPv6 on the External network.
 274               This option assumes use of Network Isolation IPv6
 275             requires:
 276               - environments/network-isolation-v6.yaml
 277               - overcloud-resource-registry-puppet.yaml
 278       - title: Management Network
 279         description: >
 280           Enable the creation of a system management network. This
 281           creates a Neutron network for isolated Overcloud
 282           system management traffic and configures each role to
 283           assign a port (related to that role) on that network.
 284         environments:
 285           - file: environments/network-management.yaml
 286             title: Management Network
 287             description:
 288             requires:
 289               - overcloud-resource-registry-puppet.yaml
 290           - file: environments/network-management-v6.yaml
 291             title: Management Network IPv6
 292             description:
 293             requires:
 294               - overcloud-resource-registry-puppet.yaml
 295
 296   - title: Neutron Plugin Configuration
 297     description:
 298     environment_groups:
 299       - title: Neutron Plugins
 300         description: >
 301           Enable various Neutron plugins and backends
 302         environments:
 303           - file: environments/neutron-bgpvpn.yaml
 304             title: Neutron BGPVPN Service Plugin
 305             description: Enables Neutron BGPVPN Service Plugin
 306             requires:
 307               - overcloud-resource-registry-puppet.yaml
 308           - file: environments/services/neutron-lbaasv2.yaml
 309             title: Neutron LBaaSv2 Service Plugin
 310             description: Enables Neutron LBaaSv2 Service Plugin and Agent
 311             requires:
 312               - overcloud-resource-registry-puppet.yaml
 313           - file: environments/neutron-ml2-bigswitch.yaml
 314             title: BigSwitch Extensions
 315             description: >
 316               Enable Big Switch extensions, configured via puppet
 317             requires:
 318               - overcloud-resource-registry-puppet.yaml
 319           - file: environments/neutron-ml2-cisco-n1kv.yaml
 320             title: Cisco N1KV backend
 321             description: >
 322               Enable a Cisco N1KV backend, configured via puppet
 323             requires:
 324               - overcloud-resource-registry-puppet.yaml
 325           - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
 326             title: Cisco Neutron plugin
 327             description:
 328             requires:
 329               - overcloud-resource-registry-puppet.yaml
 330           - file: environments/neutron-midonet.yaml
 331             title: Deploy MidoNet Services
 332             description:
 333             requires:
 334               - overcloud-resource-registry-puppet.yaml
 335           - file: environments/neutron-nuage-config.yaml
 336             title: Neutron Nuage backend
 337             description: Enables Neutron Nuage backend on the controller
 338             requires:
 339               - overcloud-resource-registry-puppet.yaml
 340           - file: environments/neutron-opendaylight.yaml
 341             title: OpenDaylight
 342             description: Enables OpenDaylight
 343             requires:
 344               - overcloud-resource-registry-puppet.yaml
 345           - file: environments/neutron-ovs-dpdk.yaml
 346             title: DPDK with OVS
 347             description: Deploy DPDK with OVS
 348             requires:
 349               - overcloud-resource-registry-puppet.yaml
 350           - file: environments/neutron-ovs-dvr.yaml
 351             title: DVR
 352             description: Enables DVR in the Overcloud
 353             requires:
 354               - overcloud-resource-registry-puppet.yaml
 355           - file: environments/neutron-plumgrid.yaml
 356             title: PLUMgrid extensions
 357             description: Enables PLUMgrid extensions
 358             requires:
 359               - overcloud-resource-registry-puppet.yaml
 360           - file: environments/neutron-ml2-fujitsu-cfab.yaml
 361             title: Fujitsu Neutron plugin for C-Fabric
 362             description: Enable C-Fabric in the overcloud
 363             requires:
 364               - overcloud-resource-registry-puppet.yaml
 365           - file: environments/neutron-ml2-fujitsu-fossw.yaml
 366             title: Fujitsu Neutron plugin for FOS
 367             description: Enable FOS in the overcloud
 368             requires:
 369               - overcloud-resource-registry-puppet.yaml
 370           - file: environments/neutron-nsx.yaml
 371             title: Deploy NSX Services
 372             description:
 373             requires:
 374               - overcloud-resource-registry-puppet.yaml
 375           - file: environments/neutron-l2gw.yaml
 376             title: Neutron L2 gateway Service Plugin
 377             description: Enables Neutron L2 gateway Service Plugin and Agent
 378             requires:
 379               - overcloud-resource-registry-puppet.yaml
 380
 381   - title: Nova Extensions
 382     description:
 383     environment_groups:
 384       - title: Nova Extensions
 385         description:
 386         environments:
 387           - file: environments/nova-nuage-config.yaml
 388             title: Nuage backend
 389             description: >
 390               Enables Nuage backend on the Compute
 391             requires:
 392               - overcloud-resource-registry-puppet.yaml
 393
 394   - title: Storage
 395     description:
 396     environment_groups:
 397       - title: Cinder backup service
 398         description:
 399         environments:
 400           - file: environments/cinder-backup.yaml
 401             title: Cinder backup service
 402             description: >
 403               OpenStack Cinder Backup service with Pacemaker configured
 404               with Puppet
 405             requires:
 406               - environments/puppet-pacemaker.yaml
 407               - overcloud-resource-registry-puppet.yaml
 408       - title: Cinder backend
 409         description: >
 410           Enable various Cinder backends
 411         environments:
 412           - file: environments/cinder-pure-config.yaml
 413             title: Cinder Pure Storage FlashArray backend
 414             description:
 415             requires:
 416               - overcloud-resource-registry-puppet.yaml
 417           - file: environments/cinder-netapp-config.yaml
 418             title: Cinder NetApp backend
 419             description:
 420             requires:
 421               - overcloud-resource-registry-puppet.yaml
 422           - file: environments/cinder-dellsc-config.yaml
 423             title: Cinder Dell EMC Storage Center ISCSI backend
 424             description: >
 425               Enables a Cinder Dell EMC Storage Center ISCSI backend,
 426               configured via puppet
 427             requires:
 428               - overcloud-resource-registry-puppet.yaml
 429           - file: environments/cinder-hpelefthand-config.yaml
 430             title: Cinder HPELeftHandISCSI backend
 431             description: >
 432               Enables a Cinder HPELeftHandISCSI backend, configured
 433               via puppet
 434             requires:
 435               - overcloud-resource-registry-puppet.yaml
 436           - file: environments/cinder-dellps-config.yaml
 437             title: Cinder Dell EMC PS Series backend
 438             description: >
 439               Enables a Cinder Dell EMC PS Series backend,
 440               configured via puppet
 441             requires:
 442               - overcloud-resource-registry-puppet.yaml
 443           - file: environments/cinder-iser.yaml
 444             title: Cinder iSER backend
 445             description: >
 446               Enable a Cinder iSER RDMA backend, configured via puppet
 447           - file: environments/cinder-scaleio-config.yaml
 448             title: Cinder Dell EMC ScaleIO backend
 449             description: >
 450               Enables a Cinder Dell EMC ScaleIO backend,
 451               configured via puppet
 452             requires:
 453               - overcloud-resource-registry-puppet.yaml
 454           - file: environments/cinder-veritas-hyperscale-config.yaml
 455             title: Cinder Veritas HyperScale backend
 456             description: >
 457               Enables a Cinder Veritas HyperScale backend,
 458               configured via puppet
 459             requires:
 460               - overcloud-resource-registry-puppet.yaml
 461       - title: Ceph
 462         description: >
 463           Enable the use of Ceph in the overcloud
 464         environments:
 465           - file: environments/puppet-ceph-external.yaml
 466             title: Externally managed Ceph
 467             description: >
 468               Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
 469             requires:
 470               - overcloud-resource-registry-puppet.yaml
 471           - file: environments/puppet-ceph.yaml
 472             title: TripleO managed Ceph
 473             description: >
 474               Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
 475               use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
 476               colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
 477             requires:
 478               - overcloud-resource-registry-puppet.yaml
 479       - title: CephMDS
 480         description: >
 481           Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
 482           filesystems hosted in Ceph.
 483         environments:
 484           - file: environments/services/ceph-mds.yaml
 485             title: Deploys CephMDS
 486             description:
 487             requires:
 488               - environments/puppet-ceph.yaml
 489       - title: Ceph Rados Gateway
 490         description: >
 491           Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
 492           which stores data in the Ceph cluster.
 493         environments:
 494           - file: environments/ceph-radosgw.yaml
 495             title: Deploys CephRGW
 496             description:
 497             requires:
 498               - environments/puppet-ceph.yaml
 499       - title: Manila with CephFS
 500         description: >
 501           Deploys Manila and configures it with the CephFS driver. This requires the deployment of
 502           Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
 503         environments:
 504           - file: environments/manila-cephfsnative-config.yaml
 505             title: Deploys Manila with CephFS driver
 506             description: Deploys Manila and configures CephFS as its default backend.
 507             requires:
 508               - overcloud-resource-registry-puppet.yaml
 509       - title: Storage Environment
 510         description: >
 511           Can be used to set up storage backends. Defaults to Ceph used as a
 512           backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It
 513           configures which services will use Ceph, or if any of the services
 514           will use NFS. And more. Usually requires to be edited by user first.
 515         tags:
 516           - no-gui
 517         environments:
 518           - file: environments/storage-environment.yaml
 519             title: Storage Environment
 520             description:
 521             requires:
 522               - overcloud-resource-registry-puppet.yaml
 523
 524   - title: Utilities
 525     description:
 526     environment_groups:
 527       - title: Config Debug
 528         description: Enable config management (e.g. Puppet) debugging
 529         environments:
 530           - file: environments/config-debug.yaml
 531             title: Config Debug
 532             description:
 533             requires:
 534               - overcloud-resource-registry-puppet.yaml
 535       - title: Disable journal in MongoDb
 536         description: >
 537           Since, when journaling is enabled, MongoDb will create big journal
 538           file it can take time. In a CI environment for example journaling is
 539           not necessary.
 540         environments:
 541           - file: environments/mongodb-nojournal.yaml
 542             title: Disable journal in MongoDb
 543             description:
 544             requires:
 545               - overcloud-resource-registry-puppet.yaml
 546       - title: Overcloud Steps
 547         description: >
 548           Specifies hooks/breakpoints where overcloud deployment should stop
 549           Allows operator validation between steps, and/or more granular control.
 550           Note: the wildcards relate to naming convention for some resource suffixes,
 551           e.g see puppet/*-post.yaml, enabling this will mean we wait for
 552           a user signal on every *Deployment_StepN resource defined in those files.
 553         tags:
 554           - no-gui
 555         environments:
 556           - file: environments/overcloud-steps.yaml
 557             title: Overcloud Steps
 558             description:
 559             requires:
 560               - overcloud-resource-registry-puppet.yaml
 561
 562   - title: Operational Tools
 563     description:
 564     environment_groups:
 565       - title: Monitoring agents
 566         description: Enable monitoring agents
 567         environments:
 568           - file: environments/monitoring-environment.yaml
 569             title: Enable monitoring agents
 570             description:
 571             requires:
 572               - overcloud-resource-registry-puppet.yaml
 573       - title: Centralized logging support
 574         description: Enable centralized logging clients (fluentd)
 575         environments:
 576           - file: environments/logging-environment.yaml
 577             title: Enable fluentd client
 578             description:
 579             requires:
 580               - overcloud-resource-registry-puppet.yaml
 581       - title: Performance monitoring
 582         description: Enable performance monitoring agents
 583         environments:
 584           - file: environments/collectd-environment.yaml
 585             title: Enable performance monitoring agents
 586             description:
 587             requires:
 588               - overcloud-resource-registry-puppet.yaml
 589
 590   - title: Security Options
 591     description: Security Hardening Options
 592     environment_groups:
 593       - title: SSH Banner Text
 594         description: Enables population of SSH Banner Text
 595         environments:
 596           - file: environments/sshd-banner.yaml
 597             title: SSH Banner Text
 598             description:
 599             requires:
 600               - overcloud-resource-registry-puppet.yaml
 601       - title: Horizon Password Validation
 602         description: Enable Horizon Password validation
 603         environments:
 604           - file: environments/horizon_password_validation.yaml
 605             title: Horizon Password Validation
 606             description:
 607             requires:
 608               - overcloud-resource-registry-puppet.yaml
 609       - title: AuditD Rules
 610         description:  Management of AuditD rules
 611         environments:
 612           - file: environments/auditd.yaml
 613             title: AuditD Rule Management
 614             description:
 615             requires:
 616               - overcloud-resource-registry-puppet.yaml
 617       - title: Keystone CADF auditing
 618         description: Enable CADF notifications in Keystone for auditing
 619         environments:
 620           - file: environments/cadf.yaml
 621             title: Keystone CADF auditing
 622       - title: SecureTTY Values
 623         description: Set values within /etc/securetty
 624         environments:
 625           - file: environments/securetty.yaml
 626             title: SecureTTY Values