dea-base-config-metadata:
title: 'Deployment Environment Adapter Base configuration'
# DEA API version supported
- version: '0.3'
- created: 'Tue Feb 2 2016'
- comment: 'Rebased for Fuel 8'
+ version: '0.4'
+ created: 'Fri Jun 10 2016'
+ comment: 'Rebased for Fuel 10'
environment:
net_segment_type: tun
fuel:
FUEL_ACCESS:
password: admin
user: admin
-wanted_release: Liberty on Ubuntu 14.04
+wanted_release: Newton on Ubuntu 16.04
settings:
editable:
access:
weight: 40
metadata:
group: general
- label: Access
+ label: OpenStack Access
weight: 10
password:
description: Password for Administrator
weight: 10
additional_components:
ceilometer:
- description: If selected, Ceilometer component will be installed
- label: Install Ceilometer
+ description: If selected, Ceilometer and Aodh components will be installed
+ label: Install Ceilometer and Aodh
type: checkbox
value: true
weight: 60
metadata:
group: openstack_services
label: Additional Components
- weight: 20
+ weight: 10
mongo:
description: If selected, You can use external Mongo DB as ceilometer backend
label: Use external Mongo DB
restrictions:
- - settings:additional_components.ceilometer.value == false
+ - settings:additional_components.ceilometer.value == false: External Mongo
+ aims to be an external backend for Ceilometer. Without Ceilometer enabled,
+ External Mongo is useless and should not be installed.
type: checkbox
value: false
weight: 70
type: checkbox
value: false
weight: 30
- murano_glance_artifacts_plugin:
- description: If selected glance artifact repository will be enabled
- label: Enable glance artifact repository
- restrictions:
- - condition: settings:additional_components.murano.value == false
- message: Murano should be enabled
- - action: hide
- condition: not ('experimental' in version:feature_groups)
- type: checkbox
- value: false
- weight: 40
sahara:
description: If selected, Sahara component will be installed
label: Install Sahara
type: checkbox
value: false
weight: 10
+ atop:
+ interval:
+ description: Interval between the snapshots in seconds
+ label: Interval between the snapshots
+ regex:
+ error: Should be a number of seconds
+ source: ^[1-9]\d*$
+ restrictions:
+ - action: hide
+ condition: settings:atop.service_enabled.value == false
+ type: text
+ value: '20'
+ weight: 20
+ metadata:
+ enabled: true
+ group: logging
+ label: Advanced System & Process Monitor (atop)
+ toggleable: false
+ weight: 60
+ rotate:
+ description: Number of days to keep log files
+ label: Rotate days
+ regex:
+ error: Should be a number of days
+ source: ^[1-9]\d*$
+ restrictions:
+ - action: hide
+ condition: settings:atop.service_enabled.value == false
+ type: text
+ value: '7'
+ weight: 30
+ service_enabled:
+ description: 'NOTE: When enabled, the service may generate logs up to a gigabyte
+ in size per day.
+
+ This should be taken into consideration when determining the correct size
+ for the log partition.
+
+ '
+ label: Enable atop service
+ type: checkbox
+ value: true
+ weight: 10
+ cgroups:
+ metadata:
+ always_editable: true
+ group: general
+ label: Cgroups conguration for services
+ restrictions:
+ - action: hide
+ condition: 'true'
+ weight: 90
common:
auth_key:
- description: Public key(s) to include in authorized_keys on deployed nodes
group: security
- label: Public Key
- type: textarea
+ type: hidden
value: ''
weight: 70
auto_assign_floating_ip:
group: logging
label: OpenStack debug logging
type: checkbox
- value: true
+ value: false
weight: 20
libvirt_type:
group: compute
type: checkbox
value: false
weight: 30
+ propagate_task_deploy:
+ type: hidden
+ value: false
+ weight: 12
puppet_debug:
description: Debug puppet logging mode provides more information, but requires
more disk space.
type: checkbox
value: true
weight: 50
- task_deploy:
- description: Enables new deployment engine based on cross-node dependencies
- for deployment tasks which allows to deploy all nodes simultaneously. Works
- only for deployment tasks with version >= 2.0.0.
- label: Enable task based deploy
- restrictions:
- - action: hide
- condition: not ('experimental' in version:feature_groups)
+ run_ping_checker:
+ description: Uncheck this box if the public gateway will not be available
+ or will not respond to ICMP requests to the deployed cluster. If unchecked,
+ the controllers will not take public gateway availability into account as
+ part of the cluster health. If the cluster will not have internet access,
+ you will need to make sure to provide proper offline mirrors for the deployment
+ to succeed.
+ group: network
+ label: Public Gateway is Available
type: checkbox
value: false
+ weight: 50
+ task_deploy:
+ type: hidden
+ value: true
weight: 11
use_cow_images:
description: For most cases you will want qcow format. If it's disabled, raw
type: checkbox
value: false
weight: 10
+ external_dns:
+ dns_list:
+ description: List of upstream DNS servers
+ label: DNS list
+ max: 3
+ regex:
+ error: Invalid IP address
+ source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
+ type: text_list
+ value:
+ - 10.20.0.1
+ weight: 10
+ metadata:
+ group: network
+ label: Host OS DNS Servers
+ weight: 30
external_mongo:
hosts_ip:
description: IP Addresses of MongoDB. Use comma to split IPs
condition: settings:additional_components.mongo.value == false
message: Ceilometer and MongoDB are not enabled on the Additional Components
section
- weight: 20
+ weight: 30
mongo_db_name:
description: Mongo database name
label: Database name
type: text
value: ceilometer
weight: 30
+ external_ntp:
+ metadata:
+ group: network
+ label: Host OS NTP Servers
+ weight: 40
+ ntp_list:
+ description: List of upstream NTP servers
+ label: NTP server list
+ regex:
+ error: Invalid NTP server
+ source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$
+ type: text_list
+ value:
+ - 0.fuel.pool.ntp.org
+ - 1.fuel.pool.ntp.org
+ - 2.fuel.pool.ntp.org
+ weight: 10
kernel_params:
kernel:
description: Default kernel parameters
label: Initial parameters
type: text
- value: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset
+ value: console=tty0 net.ifnames=1 biosdevname=0 rootdelay=90 nomodeset
metadata:
group: general
label: Kernel parameters
condition: settings:additional_components.murano.value == false
message: Murano is not enabled on the Additional Components section
weight: 20
+ murano_glance_artifacts_plugin:
+ description: If selected glance artifact repository will be enabled
+ label: Enable glance artifact repository
+ type: checkbox
+ value: true
+ weight: 40
murano_repo_url:
description: ''
label: Murano Repository URL
type: checkbox
value: false
weight: 30
- neutron_mellanox:
+ neutron_qos:
+ description: Enable Neutron QoS advanced service plug-in
+ label: Neutron QoS
+ type: checkbox
+ value: false
+ weight: 40
+ operator_user:
+ authkeys:
+ description: Public SSH keys to include to operator user's authorized keys,
+ one per line.
+ label: Authorized SSH keys
+ type: textarea
+ value: ''
+ weight: 80
+ homedir:
+ description: Home directory for operator user
+ label: Home directory
+ regex:
+ error: Invalid path
+ source: ^/\S
+ type: text
+ value: /home/fueladmin
+ weight: 70
metadata:
- enabled: true
- group: network
- label: Mellanox Neutron components
- restrictions:
- - action: hide
- condition: not ('experimental' in version:feature_groups)
- toggleable: false
+ group: general
+ label: Operating System Access
+ weight: 15
+ name:
+ description: Username for operator user
+ label: Username
+ regex:
+ error: Empty username
+ source: \S
+ type: text
+ value: fueladmin
weight: 50
- plugin:
- label: Mellanox drivers and SR-IOV plugin
- type: radio
- value: disabled
- values:
- - data: disabled
- description: If selected, Mellanox drivers, Neutron and Cinder plugin will
- not be installed.
- label: Mellanox drivers and plugins disabled
- restrictions:
- - settings:storage.iser.value == true
- - data: drivers_only
- description: If selected, Mellanox Ethernet drivers will be installed to
- support networking over Mellanox NIC. Mellanox Neutron plugin will not
- be installed.
- label: Install only Mellanox drivers
- restrictions:
- - settings:common.libvirt_type.value != 'kvm'
- - data: ethernet
- description: If selected, both Mellanox Ethernet drivers and Mellanox network
- acceleration (Neutron) plugin will be installed.
- label: Install Mellanox drivers and SR-IOV plugin
- restrictions:
- - settings:common.libvirt_type.value != 'kvm' or not (cluster:net_provider
- == 'neutron' and networking_parameters:segmentation_type == 'vlan')
+ password:
+ description: Password for operator user
+ label: Password
+ regex:
+ error: Empty password
+ source: \S
+ type: password
+ value: sD2hWNhXxB70SJIBBmaixvvt
weight: 60
- vf_num:
- description: Note that one virtual function will be reserved to the storage
- network, in case of choosing iSER.
- label: Number of virtual NICs
- restrictions:
- - settings:neutron_mellanox.plugin.value != 'ethernet'
- type: text
- value: '16'
- weight: 70
+ sudo:
+ description: Sudoers configuration directives for operator user, one per line.
+ label: Sudoers configuration
+ type: textarea
+ value: 'ALL=(ALL) NOPASSWD: ALL'
+ weight: 90
provision:
metadata:
group: general
label: Provision
restrictions:
- action: hide
- condition: 'true'
+ condition: 'false'
weight: 80
method:
type: hidden
value: image
+ packages:
+ label: Initial packages
+ type: textarea
+ value: 'acl
+
+ anacron
+
+ bash-completion
+
+ bridge-utils
+
+ bsdmainutils
+
+ build-essential
+
+ cloud-init
+
+ curl
+
+ daemonize
+
+ debconf-utils
+
+ gdisk
+
+ grub-pc
+
+ hwloc
+
+ linux-firmware
+
+ linux-headers-generic-lts-xenial
+
+ linux-image-generic-lts-xenial
+
+ lvm2
+
+ mcollective
+
+ mdadm
+
+ multipath-tools
+
+ multipath-tools-boot
+
+ nailgun-agent
+
+ nailgun-mcagents
+
+ network-checker
+
+ ntp
+
+ ntpdate
+
+ openssh-client
+
+ openssh-server
+
+ puppet
+
+ python-amqp
+
+ ruby-augeas
+
+ ruby-ipaddress
+
+ ruby-json
+
+ ruby-netaddr
+
+ ruby-openstack
+
+ ruby-shadow
+
+ ruby-stomp
+
+ telnet
+
+ ubuntu-minimal
+
+ ubuntu-standard
+
+ uuid-runtime
+
+ vim
+
+ virt-what
+
+ vlan
+
+ '
+ weight: 10
public_network_assignment:
assign_to_all_nodes:
description: When disabled, public network will be assigned to controllers
horizon:
description: Secure access to Horizon enabling HTTPS instead of HTTP
label: HTTPS for Horizon
+ restrictions:
+ - settings:public_ssl.services.value == false: TLS for OpenStack public endpoints
+ should be enabled
type: checkbox
value: false
- weight: 10
+ weight: 20
hostname:
description: Your DNS entries should point to this name. Self-signed certificates
also will use this hostname
label: DNS hostname for public TLS endpoints
+ regex:
+ error: Invalid DNS hostname
+ source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$
restrictions:
- action: hide
condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value
label: TLS for OpenStack public endpoints
type: checkbox
value: false
- weight: 20
+ weight: 10
repo_setup:
metadata:
always_editable: true
Please make sure your Fuel master node has Internet access to the repository
before attempting to create a mirror.
- For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-8.0/operations.html#external-ubuntu-ops).
-
'
extra_priority: null
type: custom_repo_configuration
- name: ubuntu
priority: null
section: main universe multiverse
- suite: trusty
+ suite: xenial
type: deb
- uri: http://10.20.0.2:8080/mirrors/ubuntu/
+ uri: http://archive.ubuntu.com/ubuntu/
- name: ubuntu-updates
priority: null
section: main universe multiverse
- suite: trusty-updates
+ suite: xenial-updates
type: deb
- uri: http://10.20.0.2:8080/mirrors/ubuntu/
+ uri: http://archive.ubuntu.com/ubuntu/
- name: ubuntu-security
priority: null
section: main universe multiverse
- suite: trusty-security
+ suite: xenial-security
type: deb
- uri: http://10.20.0.2:8080/mirrors/ubuntu/
+ uri: http://archive.ubuntu.com/ubuntu/
- name: mos
priority: 1050
section: main restricted
- suite: mos8.0
+ suite: mos10.0
+ type: deb
+ uri: http://10.20.0.2:8080/newton-10.0/ubuntu/x86_64
+ - name: mos-updates
+ priority: 1050
+ section: main restricted
+ suite: mos10.0-updates
+ type: deb
+ uri: http://mirror.fuel-infra.org/mos-repos/ubuntu/10.0/
+ - name: mos-security
+ priority: 1050
+ section: main restricted
+ suite: mos10.0-security
+ type: deb
+ uri: http://mirror.fuel-infra.org/mos-repos/ubuntu/10.0/
+ - name: mos-holdback
+ priority: 1100
+ section: main restricted
+ suite: mos10.0-holdback
type: deb
- uri: http://10.20.0.2:8080/liberty-8.0/ubuntu/x86_64
+ uri: http://mirror.fuel-infra.org/mos-repos/ubuntu/10.0/
- name: Auxiliary
priority: 1150
section: main restricted
suite: auxiliary
type: deb
- uri: http://10.20.0.2:8080/liberty-8.0/ubuntu/auxiliary
+ uri: http://10.20.0.2:8080/newton-10.0/ubuntu/auxiliary
+ service_user:
+ homedir:
+ type: hidden
+ value: /var/lib/fuel
+ metadata:
+ group: general
+ label: Service user account
+ restrictions:
+ - action: hide
+ condition: 'true'
+ weight: 10
+ name:
+ type: hidden
+ value: fuel
+ password:
+ type: hidden
+ value: 5rkDBE1Pddi75UQuohA6E2s4
+ root_password:
+ type: hidden
+ value: r00tme
+ sudo:
+ type: hidden
+ value: 'ALL=(ALL) NOPASSWD: ALL'
+ ssh:
+ brute_force_protection:
+ description: When enabled, the access from all networks (except the provided
+ ones) will be granted, but the networks will be checked against the brute
+ force attack.
+ label: Brute force protection
+ restrictions:
+ - action: hide
+ condition: settings:ssh.security_enabled.value == false
+ type: checkbox
+ value: false
+ weight: 30
+ metadata:
+ enabled: true
+ group: security
+ label: SSH security
+ toggleable: false
+ weight: 120
+ security_enabled:
+ description: 'NOTE: When enabled, provide at least one working IP address
+ (the Fuel Master node IP is already added).
+
+ We recommend adding new addresses instead of replacing the provided Fuel
+ Master node IP.
+
+ When disabled (by default), the admin, management, and storage networks
+ are only allowed to connect to the SSH service.
+
+ '
+ label: Restrict SSH service on network
+ type: checkbox
+ value: false
+ weight: 10
+ security_networks:
+ description: IPv4/CIDR address
+ label: Restrict access to
+ regex:
+ error: Invalid IPv4/CIDR address
+ source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$
+ restrictions:
+ - action: hide
+ condition: settings:ssh.security_enabled.value == false
+ type: text_list
+ value:
+ - 10.20.0.2
+ weight: 20
storage:
+ admin_key:
+ type: hidden
+ value: AQAVkvxXAAAAABAAZzOFaGpPvF4oFOQlz7ud4g==
+ auth_s3_keystone_ceph:
+ description: This allows to authenticate S3 requests basing on EC2/S3 credentials
+ managed by Keystone. Please note that enabling the integration will increase
+ the latency of S3 requests as well as load on Keystone service. Please consult
+ with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating the
+ risks related with load.
+ label: Enable S3 API Authentication via Keystone in Ceph RadosGW
+ restrictions:
+ - action: hide
+ condition: settings:storage.objects_ceph.value == false
+ type: checkbox
+ value: false
+ weight: 82
+ bootstrap_osd_key:
+ type: hidden
+ value: AQAVkvxXAAAAABAA9pOqDPq0En8Dh1Pi6fZENA==
ephemeral_ceph:
description: Configures Nova to store ephemeral volumes in RBD. This works
best if Ceph is enabled for volumes and images, too. Enables live migration
type: checkbox
value: false
weight: 75
+ fsid:
+ type: hidden
+ value: 801bd64d-bec4-44cc-9126-16245e53f470
images_ceph:
description: Configures Glance to use the Ceph RBD backend to store images.
If enabled, this option will prevent Swift from installing.
type: checkbox
value: false
weight: 35
- iser:
- description: 'High performance block storage: Cinder volumes over iSER protocol
- (iSCSI over RDMA). This feature requires SR-IOV capabilities in the NIC,
- and will use a dedicated virtual function for the storage network.'
- label: iSER protocol for volumes (Cinder)
- restrictions:
- - settings:storage.volumes_lvm.value != true or settings:common.libvirt_type.value
- != 'kvm'
- - action: hide
- condition: not ('experimental' in version:feature_groups)
- type: checkbox
- value: false
- weight: 11
metadata:
group: storage
label: Storage Backends
weight: 60
+ mon_key:
+ type: hidden
+ value: AQAVkvxXAAAAABAA9ZxWFYdRmV+DSwKr7BKKXg==
objects_ceph:
description: Configures RadosGW front end for Ceph RBD. This exposes S3 and
Swift API Interfaces. If enabled, this option will prevent Swift from installing.
weight: 80
osd_pool_size:
description: Configures the default number of object replicas in Ceph. This
- number must be equal to or lower than the number of deployed 'Storage -
- Ceph OSD' nodes.
+ number must be equal to or lower than the number of deployed 'Ceph OSD'
+ nodes.
label: Ceph object replication factor
regex:
error: Invalid number
type: text
value: '3'
weight: 85
+ radosgw_key:
+ type: hidden
+ value: AQAVkvxXAAAAABAA1pC6F8i40b7KVCnh5Fe2GQ==
volumes_block_device:
description: High performance block device storage. It is recommended to have
- at least one Storage - Cinder Block Device
+ at least one Cinder Block Device
label: Cinder Block device driver
restrictions:
- settings:storage.volumes_ceph.value == true
value: true
weight: 20
volumes_lvm:
- description: It is recommended to have at least one Storage - Cinder LVM node.
+ description: It is recommended to have at least one Cinder node.
label: Cinder LVM over iSCSI for volumes
restrictions:
- settings:storage.volumes_ceph.value == true
type: checkbox
value: false
weight: 10
+ syslog:
+ metadata:
+ enabled: false
+ group: logging
+ label: Syslog
+ toggleable: true
+ weight: 50
+ syslog_port:
+ description: Remote syslog port
+ label: Port
+ regex:
+ error: Invalid syslog port
+ source: ^([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$
+ type: text
+ value: '514'
+ weight: 20
+ syslog_server:
+ description: Remote syslog hostname
+ label: Hostname
+ regex:
+ error: Invalid hostname
+ source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$
+ type: text
+ value: ''
+ weight: 10
+ syslog_transport:
+ label: Syslog transport protocol
+ type: radio
+ value: tcp
+ values:
+ - data: udp
+ description: ''
+ label: UDP
+ - data: tcp
+ description: ''
+ label: TCP
+ weight: 30
workloads_collector:
enabled:
type: hidden
weight: 10
password:
type: password
- value: AqEF1Aid1T5vGhP2WE7K5Yxx
+ value: uuuegVGpIeAzHsAkf1o8KEzK
tenant:
type: text
value: services