X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;ds=sidebyside;f=deploy%2Fconfig%2Fdea_base.yaml;h=14600a3723392a712f10d67bca069342dddc3a6f;hb=e0f9a679d5ec7310f872d3e332dc089bb603b003;hp=1a34d819a34b99b2a6df55933b56eed61038f435;hpb=dcd792692b565be488eb4fdadb1654bf2c2161e4;p=fuel.git diff --git a/deploy/config/dea_base.yaml b/deploy/config/dea_base.yaml index 1a34d819a..14600a372 100644 --- a/deploy/config/dea_base.yaml +++ b/deploy/config/dea_base.yaml @@ -10,16 +10,16 @@ dea-base-config-metadata: title: 'Deployment Environment Adapter Base configuration' # DEA API version supported - version: '0.3' - created: 'Tue Feb 2 2016' - comment: 'Rebased for Fuel 8' + version: '0.4' + created: 'Fri Jun 10 2016' + comment: 'Rebased for Fuel 10' environment: net_segment_type: tun fuel: FUEL_ACCESS: password: admin user: admin -wanted_release: Liberty on Ubuntu 14.04 +wanted_release: Newton on Ubuntu 16.04 settings: editable: access: @@ -34,7 +34,7 @@ settings: weight: 40 metadata: group: general - label: Access + label: OpenStack Access weight: 10 password: description: Password for Administrator @@ -67,8 +67,8 @@ settings: weight: 10 additional_components: ceilometer: - description: If selected, Ceilometer component will be installed - label: Install Ceilometer + description: If selected, Ceilometer and Aodh components will be installed + label: Install Ceilometer and Aodh type: checkbox value: true weight: 60 @@ -92,12 +92,14 @@ settings: metadata: group: openstack_services label: Additional Components - weight: 20 + weight: 10 mongo: description: If selected, You can use external Mongo DB as ceilometer backend label: Use external Mongo DB restrictions: - - settings:additional_components.ceilometer.value == false + - settings:additional_components.ceilometer.value == false: External Mongo + aims to be an external backend for Ceilometer. Without Ceilometer enabled, + External Mongo is useless and should not be installed. type: checkbox value: false weight: 70 @@ -118,29 +120,68 @@ settings: type: checkbox value: false weight: 30 - murano_glance_artifacts_plugin: - description: If selected glance artifact repository will be enabled - label: Enable glance artifact repository - restrictions: - - condition: settings:additional_components.murano.value == false - message: Murano should be enabled - - action: hide - condition: not ('experimental' in version:feature_groups) - type: checkbox - value: false - weight: 40 sahara: description: If selected, Sahara component will be installed label: Install Sahara type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a gigabyte + in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 + cgroups: + metadata: + always_editable: true + group: general + label: Cgroups conguration for services + restrictions: + - action: hide + condition: 'true' + weight: 90 common: auth_key: - description: Public key(s) to include in authorized_keys on deployed nodes group: security - label: Public Key - type: textarea + type: hidden value: '' weight: 70 auto_assign_floating_ip: @@ -160,7 +201,7 @@ settings: group: logging label: OpenStack debug logging type: checkbox - value: true + value: false weight: 20 libvirt_type: group: compute @@ -187,6 +228,10 @@ settings: type: checkbox value: false weight: 30 + propagate_task_deploy: + type: hidden + value: false + weight: 12 puppet_debug: description: Debug puppet logging mode provides more information, but requires more disk space. @@ -206,16 +251,21 @@ settings: type: checkbox value: true weight: 50 - task_deploy: - description: Enables new deployment engine based on cross-node dependencies - for deployment tasks which allows to deploy all nodes simultaneously. Works - only for deployment tasks with version >= 2.0.0. - label: Enable task based deploy - restrictions: - - action: hide - condition: not ('experimental' in version:feature_groups) + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account as + part of the cluster health. If the cluster will not have internet access, + you will need to make sure to provide proper offline mirrors for the deployment + to succeed. + group: network + label: Public Gateway is Available type: checkbox value: false + weight: 50 + task_deploy: + type: hidden + value: true weight: 11 use_cow_images: description: For most cases you will want qcow format. If it's disabled, raw @@ -256,6 +306,22 @@ settings: type: checkbox value: false weight: 10 + external_dns: + dns_list: + description: List of upstream DNS servers + label: DNS list + max: 3 + regex: + error: Invalid IP address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ + type: text_list + value: + - 10.20.0.1 + weight: 10 + metadata: + group: network + label: Host OS DNS Servers + weight: 30 external_mongo: hosts_ip: description: IP Addresses of MongoDB. Use comma to split IPs @@ -274,7 +340,7 @@ settings: condition: settings:additional_components.mongo.value == false message: Ceilometer and MongoDB are not enabled on the Additional Components section - weight: 20 + weight: 30 mongo_db_name: description: Mongo database name label: Database name @@ -308,12 +374,29 @@ settings: type: text value: ceilometer weight: 30 + external_ntp: + metadata: + group: network + label: Host OS NTP Servers + weight: 40 + ntp_list: + description: List of upstream NTP servers + label: NTP server list + regex: + error: Invalid NTP server + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ + type: text_list + value: + - 0.fuel.pool.ntp.org + - 1.fuel.pool.ntp.org + - 2.fuel.pool.ntp.org + weight: 10 kernel_params: kernel: description: Default kernel parameters label: Initial parameters type: text - value: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset + value: console=tty0 net.ifnames=1 biosdevname=0 rootdelay=90 nomodeset metadata: group: general label: Kernel parameters @@ -327,6 +410,12 @@ settings: condition: settings:additional_components.murano.value == false message: Murano is not enabled on the Additional Components section weight: 20 + murano_glance_artifacts_plugin: + description: If selected glance artifact repository will be enabled + label: Enable glance artifact repository + type: checkbox + value: true + weight: 40 murano_repo_url: description: '' label: Murano Repository URL @@ -374,62 +463,161 @@ settings: type: checkbox value: false weight: 30 - neutron_mellanox: + neutron_qos: + description: Enable Neutron QoS advanced service plug-in + label: Neutron QoS + type: checkbox + value: false + weight: 40 + operator_user: + authkeys: + description: Public SSH keys to include to operator user's authorized keys, + one per line. + label: Authorized SSH keys + type: textarea + value: '' + weight: 80 + homedir: + description: Home directory for operator user + label: Home directory + regex: + error: Invalid path + source: ^/\S + type: text + value: /home/fueladmin + weight: 70 metadata: - enabled: true - group: network - label: Mellanox Neutron components - restrictions: - - action: hide - condition: not ('experimental' in version:feature_groups) - toggleable: false + group: general + label: Operating System Access + weight: 15 + name: + description: Username for operator user + label: Username + regex: + error: Empty username + source: \S + type: text + value: fueladmin weight: 50 - plugin: - label: Mellanox drivers and SR-IOV plugin - type: radio - value: disabled - values: - - data: disabled - description: If selected, Mellanox drivers, Neutron and Cinder plugin will - not be installed. - label: Mellanox drivers and plugins disabled - restrictions: - - settings:storage.iser.value == true - - data: drivers_only - description: If selected, Mellanox Ethernet drivers will be installed to - support networking over Mellanox NIC. Mellanox Neutron plugin will not - be installed. - label: Install only Mellanox drivers - restrictions: - - settings:common.libvirt_type.value != 'kvm' - - data: ethernet - description: If selected, both Mellanox Ethernet drivers and Mellanox network - acceleration (Neutron) plugin will be installed. - label: Install Mellanox drivers and SR-IOV plugin - restrictions: - - settings:common.libvirt_type.value != 'kvm' or not (cluster:net_provider - == 'neutron' and networking_parameters:segmentation_type == 'vlan') + password: + description: Password for operator user + label: Password + regex: + error: Empty password + source: \S + type: password + value: sD2hWNhXxB70SJIBBmaixvvt weight: 60 - vf_num: - description: Note that one virtual function will be reserved to the storage - network, in case of choosing iSER. - label: Number of virtual NICs - restrictions: - - settings:neutron_mellanox.plugin.value != 'ethernet' - type: text - value: '16' - weight: 70 + sudo: + description: Sudoers configuration directives for operator user, one per line. + label: Sudoers configuration + type: textarea + value: 'ALL=(ALL) NOPASSWD: ALL' + weight: 90 provision: metadata: group: general label: Provision restrictions: - action: hide - condition: 'true' + condition: 'false' weight: 80 method: type: hidden value: image + packages: + label: Initial packages + type: textarea + value: 'acl + + anacron + + bash-completion + + bridge-utils + + bsdmainutils + + build-essential + + cloud-init + + curl + + daemonize + + debconf-utils + + gdisk + + grub-pc + + hwloc + + linux-firmware + + linux-headers-generic-lts-xenial + + linux-image-generic-lts-xenial + + lvm2 + + mcollective + + mdadm + + multipath-tools + + multipath-tools-boot + + nailgun-agent + + nailgun-mcagents + + network-checker + + ntp + + ntpdate + + openssh-client + + openssh-server + + puppet + + python-amqp + + ruby-augeas + + ruby-ipaddress + + ruby-json + + ruby-netaddr + + ruby-openstack + + ruby-shadow + + ruby-stomp + + telnet + + ubuntu-minimal + + ubuntu-standard + + uuid-runtime + + vim + + virt-what + + vlan + + ' + weight: 10 public_network_assignment: assign_to_all_nodes: description: When disabled, public network will be assigned to controllers @@ -479,13 +667,19 @@ settings: horizon: description: Secure access to Horizon enabling HTTPS instead of HTTP label: HTTPS for Horizon + restrictions: + - settings:public_ssl.services.value == false: TLS for OpenStack public endpoints + should be enabled type: checkbox value: false - weight: 10 + weight: 20 hostname: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -502,7 +696,7 @@ settings: label: TLS for OpenStack public endpoints type: checkbox value: false - weight: 20 + weight: 10 repo_setup: metadata: always_editable: true @@ -520,8 +714,6 @@ settings: Please make sure your Fuel master node has Internet access to the repository before attempting to create a mirror. - For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-8.0/operations.html#external-ubuntu-ops). - ' extra_priority: null type: custom_repo_configuration @@ -529,34 +721,140 @@ settings: - name: ubuntu priority: null section: main universe multiverse - suite: trusty + suite: xenial type: deb - uri: http://10.20.0.2:8080/mirrors/ubuntu/ + uri: http://archive.ubuntu.com/ubuntu/ - name: ubuntu-updates priority: null section: main universe multiverse - suite: trusty-updates + suite: xenial-updates type: deb - uri: http://10.20.0.2:8080/mirrors/ubuntu/ + uri: http://archive.ubuntu.com/ubuntu/ - name: ubuntu-security priority: null section: main universe multiverse - suite: trusty-security + suite: xenial-security type: deb - uri: http://10.20.0.2:8080/mirrors/ubuntu/ + uri: http://archive.ubuntu.com/ubuntu/ - name: mos priority: 1050 section: main restricted - suite: mos8.0 + suite: mos10.0 + type: deb + uri: http://10.20.0.2:8080/newton-10.0/ubuntu/x86_64 + - name: mos-updates + priority: 1050 + section: main restricted + suite: mos10.0-updates + type: deb + uri: http://mirror.fuel-infra.org/mos-repos/ubuntu/10.0/ + - name: mos-security + priority: 1050 + section: main restricted + suite: mos10.0-security + type: deb + uri: http://mirror.fuel-infra.org/mos-repos/ubuntu/10.0/ + - name: mos-holdback + priority: 1100 + section: main restricted + suite: mos10.0-holdback type: deb - uri: http://10.20.0.2:8080/liberty-8.0/ubuntu/x86_64 + uri: http://mirror.fuel-infra.org/mos-repos/ubuntu/10.0/ - name: Auxiliary priority: 1150 section: main restricted suite: auxiliary type: deb - uri: http://10.20.0.2:8080/liberty-8.0/ubuntu/auxiliary + uri: http://10.20.0.2:8080/newton-10.0/ubuntu/auxiliary + service_user: + homedir: + type: hidden + value: /var/lib/fuel + metadata: + group: general + label: Service user account + restrictions: + - action: hide + condition: 'true' + weight: 10 + name: + type: hidden + value: fuel + password: + type: hidden + value: 5rkDBE1Pddi75UQuohA6E2s4 + root_password: + type: hidden + value: r00tme + sudo: + type: hidden + value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - 10.20.0.2 + weight: 20 storage: + admin_key: + type: hidden + value: AQAVkvxXAAAAABAAZzOFaGpPvF4oFOQlz7ud4g== + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please consult + with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating the + risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 + bootstrap_osd_key: + type: hidden + value: AQAVkvxXAAAAABAA9pOqDPq0En8Dh1Pi6fZENA== ephemeral_ceph: description: Configures Nova to store ephemeral volumes in RBD. This works best if Ceph is enabled for volumes and images, too. Enables live migration @@ -566,6 +864,9 @@ settings: type: checkbox value: false weight: 75 + fsid: + type: hidden + value: 801bd64d-bec4-44cc-9126-16245e53f470 images_ceph: description: Configures Glance to use the Ceph RBD backend to store images. If enabled, this option will prevent Swift from installing. @@ -588,23 +889,13 @@ settings: type: checkbox value: false weight: 35 - iser: - description: 'High performance block storage: Cinder volumes over iSER protocol - (iSCSI over RDMA). This feature requires SR-IOV capabilities in the NIC, - and will use a dedicated virtual function for the storage network.' - label: iSER protocol for volumes (Cinder) - restrictions: - - settings:storage.volumes_lvm.value != true or settings:common.libvirt_type.value - != 'kvm' - - action: hide - condition: not ('experimental' in version:feature_groups) - type: checkbox - value: false - weight: 11 metadata: group: storage label: Storage Backends weight: 60 + mon_key: + type: hidden + value: AQAVkvxXAAAAABAA9ZxWFYdRmV+DSwKr7BKKXg== objects_ceph: description: Configures RadosGW front end for Ceph RBD. This exposes S3 and Swift API Interfaces. If enabled, this option will prevent Swift from installing. @@ -614,8 +905,8 @@ settings: weight: 80 osd_pool_size: description: Configures the default number of object replicas in Ceph. This - number must be equal to or lower than the number of deployed 'Storage - - Ceph OSD' nodes. + number must be equal to or lower than the number of deployed 'Ceph OSD' + nodes. label: Ceph object replication factor regex: error: Invalid number @@ -623,9 +914,12 @@ settings: type: text value: '3' weight: 85 + radosgw_key: + type: hidden + value: AQAVkvxXAAAAABAA1pC6F8i40b7KVCnh5Fe2GQ== volumes_block_device: description: High performance block device storage. It is recommended to have - at least one Storage - Cinder Block Device + at least one Cinder Block Device label: Cinder Block device driver restrictions: - settings:storage.volumes_ceph.value == true @@ -642,13 +936,50 @@ settings: value: true weight: 20 volumes_lvm: - description: It is recommended to have at least one Storage - Cinder LVM node. + description: It is recommended to have at least one Cinder node. label: Cinder LVM over iSCSI for volumes restrictions: - settings:storage.volumes_ceph.value == true type: checkbox value: false weight: 10 + syslog: + metadata: + enabled: false + group: logging + label: Syslog + toggleable: true + weight: 50 + syslog_port: + description: Remote syslog port + label: Port + regex: + error: Invalid syslog port + source: ^([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: text + value: '514' + weight: 20 + syslog_server: + description: Remote syslog hostname + label: Hostname + regex: + error: Invalid hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ + type: text + value: '' + weight: 10 + syslog_transport: + label: Syslog transport protocol + type: radio + value: tcp + values: + - data: udp + description: '' + label: UDP + - data: tcp + description: '' + label: TCP + weight: 30 workloads_collector: enabled: type: hidden @@ -662,7 +993,7 @@ settings: weight: 10 password: type: password - value: AqEF1Aid1T5vGhP2WE7K5Yxx + value: uuuegVGpIeAzHsAkf1o8KEzK tenant: type: text value: services