X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;ds=sidebyside;f=deploy%2Fconfig%2Fdea_base.yaml;h=2520cf580772c24230f0d06ceb6f72ed19c119bf;hb=3518e4b1a55724766e91c58f06d536a9047b8a70;hp=0b8485ba08a50c966c9b0e45c6169a2549de7543;hpb=eb299372fbb32f93cac6c92060e37bd21c7d8ba0;p=fuel.git diff --git a/deploy/config/dea_base.yaml b/deploy/config/dea_base.yaml index 0b8485ba0..2520cf580 100644 --- a/deploy/config/dea_base.yaml +++ b/deploy/config/dea_base.yaml @@ -12,14 +12,14 @@ dea-base-config-metadata: # DEA API version supported version: '0.4' created: 'Fri Jun 10 2016' - comment: 'Rebased for Fuel 9' + comment: 'Rebased for Fuel 10' environment: net_segment_type: tun fuel: FUEL_ACCESS: password: admin user: admin -wanted_release: Mitaka on Ubuntu 14.04 +wanted_release: Newton on Ubuntu 16.04 settings: editable: access: @@ -126,6 +126,49 @@ settings: type: checkbox value: false weight: 10 + atop: + interval: + description: Interval between the snapshots in seconds + label: Interval between the snapshots + regex: + error: Should be a number of seconds + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '20' + weight: 20 + metadata: + enabled: true + group: logging + label: Advanced System & Process Monitor (atop) + toggleable: false + weight: 60 + rotate: + description: Number of days to keep log files + label: Rotate days + regex: + error: Should be a number of days + source: ^[1-9]\d*$ + restrictions: + - action: hide + condition: settings:atop.service_enabled.value == false + type: text + value: '7' + weight: 30 + service_enabled: + description: 'NOTE: When enabled, the service may generate logs up to a gigabyte + in size per day. + + This should be taken into consideration when determining the correct size + for the log partition. + + ' + label: Enable atop service + type: checkbox + value: true + weight: 10 cgroups: metadata: always_editable: true @@ -208,6 +251,18 @@ settings: type: checkbox value: true weight: 50 + run_ping_checker: + description: Uncheck this box if the public gateway will not be available + or will not respond to ICMP requests to the deployed cluster. If unchecked, + the controllers will not take public gateway availability into account as + part of the cluster health. If the cluster will not have internet access, + you will need to make sure to provide proper offline mirrors for the deployment + to succeed. + group: network + label: Public Gateway is Available + type: checkbox + value: false + weight: 50 task_deploy: type: hidden value: true @@ -251,6 +306,22 @@ settings: type: checkbox value: false weight: 10 + external_dns: + dns_list: + description: List of upstream DNS servers + label: DNS list + max: 3 + regex: + error: Invalid IP address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ + type: text_list + value: + - 10.20.0.1 + weight: 10 + metadata: + group: network + label: Host OS DNS Servers + weight: 30 external_mongo: hosts_ip: description: IP Addresses of MongoDB. Use comma to split IPs @@ -303,12 +374,29 @@ settings: type: text value: ceilometer weight: 30 + external_ntp: + metadata: + group: network + label: Host OS NTP Servers + weight: 40 + ntp_list: + description: List of upstream NTP servers + label: NTP server list + regex: + error: Invalid NTP server + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ + type: text_list + value: + - 0.fuel.pool.ntp.org + - 1.fuel.pool.ntp.org + - 2.fuel.pool.ntp.org + weight: 10 kernel_params: kernel: description: Default kernel parameters label: Initial parameters type: text - value: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset + value: console=tty0 net.ifnames=1 biosdevname=0 rootdelay=90 nomodeset metadata: group: general label: Kernel parameters @@ -418,7 +506,7 @@ settings: error: Empty password source: \S type: password - value: mCKyMCwhzrt7d6E8WQzxg5WS + value: sD2hWNhXxB70SJIBBmaixvvt weight: 60 sudo: description: Sudoers configuration directives for operator user, one per line. @@ -464,19 +552,15 @@ settings: grub-pc - hpsa-dkms - hwloc i40e-dkms linux-firmware - linux-firmware-nonfree - - linux-headers-generic-lts-trusty + linux-headers-generic-lts-xenial - linux-image-generic-lts-trusty + linux-image-generic-lts-xenial lvm2 @@ -496,6 +580,8 @@ settings: ntp + ntpdate + openssh-client openssh-server @@ -593,6 +679,9 @@ settings: description: Your DNS entries should point to this name. Self-signed certificates also will use this hostname label: DNS hostname for public TLS endpoints + regex: + error: Invalid DNS hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ restrictions: - action: hide condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value @@ -633,52 +722,40 @@ settings: value: - name: ubuntu priority: null - section: main universe multiverse - suite: trusty + section: main + suite: xenial type: deb - uri: http://archive.ubuntu.com/ubuntu/ - - name: ubuntu-updates - priority: null - section: main universe multiverse - suite: trusty-updates - type: deb - uri: http://archive.ubuntu.com/ubuntu/ - - name: ubuntu-security - priority: null - section: main universe multiverse - suite: trusty-security - type: deb - uri: http://archive.ubuntu.com/ubuntu/ + uri: http://10.20.0.2:8080/mirrors/ubuntu/ - name: mos priority: 1050 section: main restricted - suite: mos9.0 + suite: mos10.0 type: deb - uri: http://10.20.0.2:8080/mitaka-9.0/ubuntu/x86_64 + uri: http://10.20.0.2:8080/newton-10.0/ubuntu/x86_64 - name: mos-updates priority: 1050 section: main restricted - suite: mos9.0-updates + suite: mos10.0-updates type: deb - uri: http://mirror.fuel-infra.org/mos-repos/ubuntu/9.0/ + uri: http://mirror.fuel-infra.org/mos-repos/ubuntu/10.0/ - name: mos-security priority: 1050 section: main restricted - suite: mos9.0-security + suite: mos10.0-security type: deb - uri: http://mirror.fuel-infra.org/mos-repos/ubuntu/9.0/ + uri: http://mirror.fuel-infra.org/mos-repos/ubuntu/10.0/ - name: mos-holdback priority: 1100 section: main restricted - suite: mos9.0-holdback + suite: mos10.0-holdback type: deb - uri: http://mirror.fuel-infra.org/mos-repos/ubuntu/9.0/ + uri: http://mirror.fuel-infra.org/mos-repos/ubuntu/10.0/ - name: Auxiliary priority: 1150 section: main restricted suite: auxiliary type: deb - uri: http://10.20.0.2:8080/mitaka-9.0/ubuntu/auxiliary + uri: http://10.20.0.2:8080/newton-10.0/ubuntu/auxiliary service_user: homedir: type: hidden @@ -695,20 +772,79 @@ settings: value: fuel password: type: hidden - value: sCTOC4CkNSTLuNKUQDNUV1Bp + value: 5rkDBE1Pddi75UQuohA6E2s4 root_password: type: hidden value: r00tme sudo: type: hidden value: 'ALL=(ALL) NOPASSWD: ALL' + ssh: + brute_force_protection: + description: When enabled, the access from all networks (except the provided + ones) will be granted, but the networks will be checked against the brute + force attack. + label: Brute force protection + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: checkbox + value: false + weight: 30 + metadata: + enabled: true + group: security + label: SSH security + toggleable: false + weight: 120 + security_enabled: + description: 'NOTE: When enabled, provide at least one working IP address + (the Fuel Master node IP is already added). + + We recommend adding new addresses instead of replacing the provided Fuel + Master node IP. + + When disabled (by default), the admin, management, and storage networks + are only allowed to connect to the SSH service. + + ' + label: Restrict SSH service on network + type: checkbox + value: false + weight: 10 + security_networks: + description: IPv4/CIDR address + label: Restrict access to + regex: + error: Invalid IPv4/CIDR address + source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$ + restrictions: + - action: hide + condition: settings:ssh.security_enabled.value == false + type: text_list + value: + - 10.20.0.2 + weight: 20 storage: admin_key: type: hidden - value: AQDir1pXAAAAABAAm8r2rR0FuVsV8LRo6u9GgQ== + value: AQAVkvxXAAAAABAAZzOFaGpPvF4oFOQlz7ud4g== + auth_s3_keystone_ceph: + description: This allows to authenticate S3 requests basing on EC2/S3 credentials + managed by Keystone. Please note that enabling the integration will increase + the latency of S3 requests as well as load on Keystone service. Please consult + with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating the + risks related with load. + label: Enable S3 API Authentication via Keystone in Ceph RadosGW + restrictions: + - action: hide + condition: settings:storage.objects_ceph.value == false + type: checkbox + value: false + weight: 82 bootstrap_osd_key: type: hidden - value: AQDir1pXAAAAABAAK5E2MNhWdIpOBzjXJTVqcg== + value: AQAVkvxXAAAAABAA9pOqDPq0En8Dh1Pi6fZENA== ephemeral_ceph: description: Configures Nova to store ephemeral volumes in RBD. This works best if Ceph is enabled for volumes and images, too. Enables live migration @@ -720,7 +856,7 @@ settings: weight: 75 fsid: type: hidden - value: 7a5db523-ae79-489d-b5d1-7a31fdaba6ef + value: 801bd64d-bec4-44cc-9126-16245e53f470 images_ceph: description: Configures Glance to use the Ceph RBD backend to store images. If enabled, this option will prevent Swift from installing. @@ -749,7 +885,7 @@ settings: weight: 60 mon_key: type: hidden - value: AQDir1pXAAAAABAAp92Dw8/kmDdhMvpgaPMKiQ== + value: AQAVkvxXAAAAABAA9ZxWFYdRmV+DSwKr7BKKXg== objects_ceph: description: Configures RadosGW front end for Ceph RBD. This exposes S3 and Swift API Interfaces. If enabled, this option will prevent Swift from installing. @@ -770,7 +906,7 @@ settings: weight: 85 radosgw_key: type: hidden - value: AQDir1pXAAAAABAAUH+qP9FohG5wGr/+oQ2rFw== + value: AQAVkvxXAAAAABAA1pC6F8i40b7KVCnh5Fe2GQ== volumes_block_device: description: High performance block device storage. It is recommended to have at least one Cinder Block Device @@ -797,7 +933,44 @@ settings: type: checkbox value: false weight: 10 -workloads_collector: + syslog: + metadata: + enabled: false + group: logging + label: Syslog + toggleable: true + weight: 50 + syslog_port: + description: Remote syslog port + label: Port + regex: + error: Invalid syslog port + source: ^([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: text + value: '514' + weight: 20 + syslog_server: + description: Remote syslog hostname + label: Hostname + regex: + error: Invalid hostname + source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$ + type: text + value: '' + weight: 10 + syslog_transport: + label: Syslog transport protocol + type: radio + value: tcp + values: + - data: udp + description: '' + label: UDP + - data: tcp + description: '' + label: TCP + weight: 30 + workloads_collector: enabled: type: hidden value: true @@ -810,7 +983,7 @@ workloads_collector: weight: 10 password: type: password - value: JWMZX9JjUK1g4AsC7tHvpXvm + value: uuuegVGpIeAzHsAkf1o8KEzK tenant: type: text value: services