# environment_groups: (required)
# environment_groups:
-# Identifies an environment choice. If group includes multiple environments it
-# indicates that environments in group are mutually exclusive.
+# Identifies a group of environments.
# Attributes:
# title: (optional)
# description: (optional)
# tags: a list of tags to provide additional information for e.g. filtering (optional)
# environments: (required)
+# mutually_exclusive: (optional) boolean to identify that environments in group are mutually exclusive
# environments:
# List of environments in environment group
# title: (required)
# description: (optional)
# requires: an array of environments which are required by this environment (optional)
-# resource_registry: [tbd] (optional)
-
-# resource_registry:
-# [tbd] Each environment can provide options on resource_registry level applicable
-# only when that given environment is used. (resource_type of that environment can
-# be implemented using multiple templates).
topics:
- - title: Base Resources Configuration
+ - title: General Deployment Options
description:
environment_groups:
- - title:
- description: Enable base configuration for all resources required for OpenStack Deployment
+ - name: general-deployment-options
+ title:
+ description: Enables base configuration for all resources required for OpenStack Deployment
environments:
- file: overcloud-resource-registry-puppet.yaml
title: Base resources configuration
description:
-
- - title: Deployment Options
- description:
- environment_groups:
- - title: High Availability
- description: Enables configuration of an Overcloud controller with Pacemaker
- environments:
- - file: environments/puppet-pacemaker.yaml
- title: Pacemaker
- description: Enable configuration of an Overcloud controller with Pacemaker
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: Pacemaker options
- description:
- environments:
- - file: environments/puppet-pacemaker-no-restart.yaml
- title: Pacemaker No Restart
- description:
- requires:
- - environments/puppet-pacemaker.yaml
- - overcloud-resource-registry-puppet.yaml
- - title: Docker RDO
+ - title: Containerized Deployment
description: >
- Docker container with heat agents for containerized compute node
+ Configures Deployment to use containerized services
environments:
- file: environments/docker.yaml
- title: Docker RDO
+ title: Containerized Deployment
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Enable TLS
- description: >
- environments:
- - file: environments/enable-tls.yaml
- title: TLS
- description: >
- Use this option to pass in certificates for SSL deployments.
- For these values to take effect, one of the TLS endpoints
- environments must also be used.
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: TLS Endpoints
- description: >
- environments:
- - file: environments/tls-endpoints-public-dns.yaml
- title: SSL-enabled deployment with DNS name as public endpoint
- description: >
- Use this environment when deploying an SSL-enabled overcloud where the public
- endpoint is a DNS name.
- requires:
- - environments/enable-tls.yaml
- - overcloud-resource-registry-puppet.yaml
- - file: environments/tls-endpoints-public-ip.yaml
- title: SSL-enabled deployment with IP address as public endpoint
- description: >
- Use this environment when deploying an SSL-enabled overcloud where the public
- endpoint is an IP address.
- requires:
- - environments/enable-tls.yaml
- - overcloud-resource-registry-puppet.yaml
- - title: External load balancer
- description: >
- Enable external load balancer
- environments:
- - file: environments/external-loadbalancer-vip-v6.yaml
- title: External load balancer IPv6
- description: >
- requires:
- - overcloud-resource-registry-puppet.yaml
- - file: environments/external-loadbalancer-vip.yaml
- title: External load balancer IPv4
- description: >
- requires:
- - overcloud-resource-registry-puppet.yaml
-
- - title: Additional Services
- description: Deploy additional Overcloud services
- environment_groups:
- - title: Manila
- description:
- environments:
- - file: environments/manila-generic-config.yaml
- title: Manila
- description: Enable Manila generic driver backend
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: Sahara
- description:
- environments:
- - file: environments/services/sahara.yaml
- title: Sahara
- description: Deploy Sahara service
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: Ironic
- description:
- environments:
- - file: environments/services/ironic.yaml
- title: Ironic
- description: Deploy Ironic service
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: Mistral
- description:
- environments:
- - file: environments/services/mistral.yaml
- title: Mistral
- description: Deploy Mistral service
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: Ceilometer Api
- description:
+ - title: High Availability
+ description: Enables configuration of an Overcloud Controller with Pacemaker
environments:
- - file: environments/services/disable-ceilometer-api.yaml
- title: Ceilometer Api
- description: Disable Ceilometer Api service. This service is
- deprecated and will be removed in future releases. Please move
- to using gnocchi/aodh/panko apis instead.
+ - file: environments/puppet-pacemaker.yaml
+ title: High Availability (Pacemaker)
+ description:
requires:
- overcloud-resource-registry-puppet.yaml
- # - title: Network Interface Configuration
- # description:
- # environment_groups:
-
- - title: Overlay Network Configuration
+ - title: Network Configuration
description:
environment_groups:
- title: Network Isolation
to that role) on these networks.
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Single NIC or Bonding
+ mutually_exclusive: true
+ - title: NICs, Bonding, VLANs Configuration
description: >
- Configure roles to use pair of bonded nics or to use Vlans on a
- single nic. This option assumes use of Network Isolation.
+ Choose one of the pre-defined configurations or provide custom
+ network-environment.yaml instead. Note that pre-defined configuration work
+ only with standard Roles and Networks. These options assume use of Network Isolation.
environments:
- file: environments/net-bond-with-vlans.yaml
title: Bond with Vlans
for each role. This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-bond-with-vlans-no-external.yaml
title: Bond with Vlans No External Ports
description: >
Sets external ports to noop.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-bond-with-vlans-v6.yaml
title: Bond with Vlans IPv6
description: >
This option assumes use of Network Isolation IPv6.
requires:
- environments/network-isolation-v6.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-multiple-nics.yaml
title: Multiple NICs
description: >
This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-multiple-nics-v6.yaml
title: Multiple NICs IPv6
description: >
This option assumes use of Network Isolation IPv6.
requires:
- environments/network-isolation-v6.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-with-vlans.yaml
title: Single NIC with Vlans
description: >
each isolated network. This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-with-vlans-no-external.yaml
title: Single NIC with Vlans No External Ports
description: >
Sets external ports to noop.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-linux-bridge-with-vlans.yaml
title: Single NIC with Linux Bridge Vlans
description: >
each isolated network. This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-with-vlans-v6.yaml
title: Single NIC with Vlans IPv6
description: >
This option assumes use of Network Isolation IPv6
requires:
- environments/network-isolation-v6.yaml
- - overcloud-resource-registry-puppet.yaml
+ mutually_exclusive: true
- title: Management Network
description: >
Enable the creation of a system management network. This
description:
requires:
- overcloud-resource-registry-puppet.yaml
+ mutually_exclusive: true
+
+ - title: Docker Network
+ description: >
+ [Temporary] Use this option when deploying containerized deployment
+ without network isolation
+ environments:
+ - file: environments/docker-network.yaml
+ title: Docker network
+ description:
+ requires:
+ - environments/docker.yaml
+
+ - title: External load balancer
+ description: >
+ Enable external load balancer, requires network Isolation to be enabled.
+ Note that this option assumes standard isolated networks set.
+ environments:
+ - file: environments/external-loadbalancer-vip.yaml
+ title: External load balancer IPv4
+ description: >
+ requires:
+ - environments/network-isolation.yaml
+ - file: environments/external-loadbalancer-vip-v6.yaml
+ title: External load balancer IPv6
+ description: >
+ requires:
+ - environments/network-isolation-v6.yaml
+ mutually_exclusive: true
- title: Neutron Plugin Configuration
description:
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - file: environments/neutron-midonet.yaml
- title: Deploy MidoNet Services
+ - file: environments/networking/neutron-midonet.yaml
+ title: Neutron MidoNet Services
description:
requires:
- overcloud-resource-registry-puppet.yaml
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Nova Extensions
- description:
- environment_groups:
- - title: Nova Extensions
- description:
- environments:
- - file: environments/nova-nuage-config.yaml
- title: Nuage backend
- description: >
- Enables Nuage backend on the Compute
- requires:
- - overcloud-resource-registry-puppet.yaml
-
- title: Storage
description:
environment_groups:
- - title: Cinder backup service
- description:
- environments:
- - file: environments/cinder-backup.yaml
- title: Cinder backup service
- description: >
- OpenStack Cinder Backup service with Pacemaker configured
- with Puppet
- requires:
- - environments/puppet-pacemaker.yaml
- - overcloud-resource-registry-puppet.yaml
- - title: Cinder backend
+ - title: Cinder backends
description: >
Enable various Cinder backends
environments:
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - file: environments/cinder-netapp-config.yaml
+ - file: environments/storage/cinder-netapp-config.yaml
title: Cinder NetApp backend
description:
requires:
- file: environments/cinder-dellsc-config.yaml
title: Cinder Dell EMC Storage Center ISCSI backend
description: >
- Enables a Cinder Dell EMC Storage Center ISCSI backend,
+ Enables a Cinder Dell EMC Storage Center ISCSI backend
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/cinder-dellemc-unity-config.yaml
+ title: Cinder Dell EMC Unity backend
+ description: >
+ Enables a Cinder Dell EMC Unity backend,
+ - file: environments/cinder-dellemc-vmax-iscsi-config.yaml
+ title: Cinder Dell EMC VMAX ISCSI backend
+ description: >
+ Enables a Cinder Dell EMC VMAX ISCSI backend,
configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-hpelefthand-config.yaml
title: Cinder HPELeftHandISCSI backend
description: >
- Enables a Cinder HPELeftHandISCSI backend, configured
- via puppet
+ Enables a Cinder HPELeftHandISCSI backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-dellps-config.yaml
title: Cinder Dell EMC PS Series backend
description: >
- Enables a Cinder Dell EMC PS Series backend,
- configured via puppet
+ Enables a Cinder Dell EMC PS Series backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-iser.yaml
- file: environments/cinder-scaleio-config.yaml
title: Cinder Dell EMC ScaleIO backend
description: >
- Enables a Cinder Dell EMC ScaleIO backend,
- configured via puppet
+ Enables a Cinder Dell EMC ScaleIO backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-veritas-hyperscale-config.yaml
configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Ceph
- description: >
- Enable the use of Ceph in the overcloud
+ - title: Cinder backup service
+ description:
environments:
- - file: environments/puppet-ceph-external.yaml
- title: Externally managed Ceph
+ - file: environments/cinder-backup.yaml
+ title: Cinder backup service
description: >
- Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
+ OpenStack Cinder Backup service with Pacemaker
requires:
+ - environments/puppet-pacemaker.yaml
- overcloud-resource-registry-puppet.yaml
+ - title: Ceph
+ description: >
+ Enable the use of Ceph in the overcloud
+ environments:
- file: environments/puppet-ceph.yaml
- title: TripleO managed Ceph
+ title: Ceph Storage Backend
description: >
Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
requires:
- overcloud-resource-registry-puppet.yaml
- - title: CephMDS
- description: >
- Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
- filesystems hosted in Ceph.
+ - file: environments/storage/external-ceph.yaml
+ title: Externally managed Ceph
+ description: >
+ Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ mutually_exclusive: true
+ - title: Additional Ceph Options
+ description:
environments:
- file: environments/services/ceph-mds.yaml
title: Deploys CephMDS
- description:
+ description: >
+ Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
+ filesystems hosted in Ceph.
requires:
- environments/puppet-ceph.yaml
- - title: Ceph Rados Gateway
- description: >
- Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
- which stores data in the Ceph cluster.
- environments:
- file: environments/ceph-radosgw.yaml
- title: Deploys CephRGW
- description:
+ title: Ceph Rados Gateway
+ description: >
+ Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
+ which stores data in the Ceph cluster.
requires:
- environments/puppet-ceph.yaml
- - title: Manila with CephFS
- description: >
- Deploys Manila and configures it with the CephFS driver. This requires the deployment of
- Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
- environments:
- file: environments/manila-cephfsnative-config.yaml
- title: Deploys Manila with CephFS driver
- description: Deploys Manila and configures CephFS as its default backend.
+ title: Manila with CephFS
+ description: >
+ Deploys Manila and configures it with the CephFS driver. This requires the deployment of
+ Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Storage Environment
+ - title: Manila with Unity
description: >
- Can be used to set up storage backends. Defaults to Ceph used as a
- backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It
- configures which services will use Ceph, or if any of the services
- will use NFS. And more. Usually requires to be edited by user first.
- tags:
- - no-gui
+ Deploys Manila and configures it with the Unity driver.
environments:
- - file: environments/storage-environment.yaml
- title: Storage Environment
- description:
+ - file: environments/manila-unity-config.yaml
+ title: Deploys Manila with Unity driver
+ description: Deploys Manila and configures Unity as its default backend.
+ - title: Manila with VNX
+ description: >
+ Deploys Manila and configures it with the VNX driver.
+ environments:
+ - file: environments/manila-vnx-config.yaml
+ title: Deploys Manila with VNX driver
+ description: Deploys Manila and configures VNX as its default backend.
+ - title: Manila with VMAX
+ description: >
+ Deploys Manila and configures it with the VMAX driver.
+ environments:
+ - file: environments/manila-vmax-config.yaml
+ title: Deploys Manila with VMAX driver
+ description: Deploys Manila and configures VMAX as its default backend.
+ - title: Manila with Isilon
+ description: >
+ Deploys Manila and configures it with the Isilon driver.
+ environments:
+ - file: environments/manila-isilon-config.yaml
+ title: Deploys Manila with Isilon driver
+ description: Deploys Manila and configures Isilon as its default backend.
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - title: Glance backends
+ description:
+ environments:
+ - file: environments/storage/glance-nfs.yaml
+ title: Glance NFS Backend
+ description: |
+ Configure and enable this option to enable the use of an NFS
+ share as the backend for Glance.
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Utilities
- description:
+
+ - title: Security
+ description: Security Hardening Options
environment_groups:
- - title: Config Debug
- description: Enable config management (e.g. Puppet) debugging
+ - title: TLS
+ description:
environments:
- - file: environments/config-debug.yaml
- title: Config Debug
+ - file: environments/ssl/enable-tls.yaml
+ title: SSL on OpenStack Public Endpoints
+ description: >
+ Use this option to pass in certificates for SSL deployments.
+ For these values to take effect, one of the TLS endpoints
+ options must also be used.
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - title: TLS Endpoints
+ description:
+ environments:
+ - file: environments/ssl/tls-endpoints-public-dns.yaml
+ title: SSL-enabled deployment with DNS name as public endpoint
+ description: >
+ Use this option when deploying an SSL-enabled overcloud where the public
+ endpoint is a DNS name.
+ requires:
+ - environments/ssl/enable-tls.yaml
+ - file: environments/ssl/tls-everywhere-endpoints-dns.yaml
+ title: Deploy All SSL Endpoints as DNS names
+ description: >
+ Use this option when deploying an overcloud where all the endpoints are
+ DNS names and there's TLS in all endpoint types.
+ requires:
+ - environments/ssl/enable-tls.yaml
+ - file: environments/ssl/tls-endpoints-public-ip.yaml
+ title: SSL-enabled deployment with IP address as public endpoint
+ description: >
+ Use this option when deploying an SSL-enabled overcloud where the public
+ endpoint is an IP address.
+ requires:
+ - environments/ssl/enable-tls.yaml
+ mutually_exclusive: true
+ - title: SSH Banner Text
+ description: Enables population of SSH Banner Text
+ environments:
+ - file: environments/sshd-banner.yaml
+ title: SSH Banner Text
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Disable journal in MongoDb
- description: >
- Since, when journaling is enabled, MongoDb will create big journal
- file it can take time. In a CI environment for example journaling is
- not necessary.
+ - title: Horizon Password Validation
+ description: Enable Horizon Password validation
environments:
- - file: environments/mongodb-nojournal.yaml
- title: Disable journal in MongoDb
+ - file: environments/horizon_password_validation.yaml
+ title: Horizon Password Validation
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Overcloud Steps
- description: >
- Specifies hooks/breakpoints where overcloud deployment should stop
- Allows operator validation between steps, and/or more granular control.
- Note: the wildcards relate to naming convention for some resource suffixes,
- e.g see puppet/*-post.yaml, enabling this will mean we wait for
- a user signal on every *Deployment_StepN resource defined in those files.
- tags:
- - no-gui
+ - title: AuditD Rules
+ description: Management of AuditD rules
environments:
- - file: environments/overcloud-steps.yaml
- title: Overcloud Steps
+ - file: environments/auditd.yaml
+ title: AuditD Rule Management
description:
requires:
- overcloud-resource-registry-puppet.yaml
+ - title: Keystone CADF auditing
+ description: Enable CADF notifications in Keystone for auditing
+ environments:
+ - file: environments/cadf.yaml
+ title: Keystone CADF auditing
+ - title: SecureTTY Values
+ description: Set values within /etc/securetty
+ environments:
+ - file: environments/securetty.yaml
+ title: SecureTTY Values
+
+ - title: Additional Services
+ description:
+ environment_groups:
+ - title:
+ description: Deploy additional services
+ environments:
+ - file: environments/services/manila-generic-config.yaml
+ title: Barbican
+ description: Enable Barbican with the default secret store backend
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/manila-generic-config.yaml
+ title: Manila
+ description: Enable Manila with generic driver backend
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/services/sahara.yaml
+ title: Sahara
+ description: Deploy Sahara service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/services/ironic.yaml
+ title: Ironic
+ description: Deploy Ironic service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/services/mistral.yaml
+ title: Mistral
+ description: Deploy Mistral service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/services/ec2-api.yaml
+ title: EC2 API
+ description: Enable EC2-API service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/services/zaqar.yaml
+ title: Zaqar
+ description: Deploy Zaqar service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+
+ - title: Nova Extensions
+ description:
+ environment_groups:
+ - title: Nova Extensions
+ description:
+ environments:
+ - file: environments/nova-nuage-config.yaml
+ title: Nuage backend
+ description: >
+ Enables Nuage backend on the Compute
+ requires:
+ - overcloud-resource-registry-puppet.yaml
- title: Operational Tools
description:
description: Enable monitoring agents
environments:
- file: environments/monitoring-environment.yaml
- title: Enable monitoring agents
+ title: Monitoring agents
description:
requires:
- overcloud-resource-registry-puppet.yaml
description: Enable centralized logging clients (fluentd)
environments:
- file: environments/logging-environment.yaml
- title: Enable fluentd client
+ title: fluentd client
description:
requires:
- overcloud-resource-registry-puppet.yaml
description: Enable performance monitoring agents
environments:
- file: environments/collectd-environment.yaml
- title: Enable performance monitoring agents
+ title: Performance monitoring agents
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Security Options
- description: Security Hardening Options
+ - title: Utilities
+ description:
environment_groups:
- - title: SSH Banner Text
- description: Enables population of SSH Banner Text
+ - title: Config Debug
+ description: Enable config management (e.g. Puppet) debugging
environments:
- - file: environments/sshd-banner.yaml
- title: SSH Banner Text
+ - file: environments/config-debug.yaml
+ title: Config Debug
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Horizon Password Validation
- description: Enable Horizon Password validation
+ - title: Disable journal in MongoDb
+ description: >
+ Since, when journaling is enabled, MongoDb will create big journal
+ file it can take time. In a CI environment for example journaling is
+ not necessary.
environments:
- - file: environments/horizon_password_validation.yaml
- title: Horizon Password Validation
+ - file: environments/mongodb-nojournal.yaml
+ title: Disable journal in MongoDb
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: AuditD Rules
- description: Management of AuditD rules
+ - title: Overcloud Steps
+ description: >
+ Specifies hooks/breakpoints where overcloud deployment should stop
+ Allows operator validation between steps, and/or more granular control.
+ Note: the wildcards relate to naming convention for some resource suffixes,
+ e.g see puppet/*-post.yaml, enabling this will mean we wait for
+ a user signal on every *Deployment_StepN resource defined in those files.
+ tags:
+ - no-gui
environments:
- - file: environments/auditd.yaml
- title: AuditD Rule Management
+ - file: environments/overcloud-steps.yaml
+ title: Overcloud Steps
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Keystone CADF auditing
- description: Enable CADF notifications in Keystone for auditing
- environments:
- - file: environments/cadf.yaml
- title: Keystone CADF auditing
- - title: SecureTTY Values
- description: Set values within /etc/securetty
- environments:
- - file: environments/securetty.yaml
- title: SecureTTY Values
Code Review / apex-tripleo-heat-templates.git / blobdiff