# environment_groups: (required)
# environment_groups:
-# Identifies an environment choice. If group includes multiple environments it
-# indicates that environments in group are mutually exclusive.
+# Identifies a group of environments.
# Attributes:
# title: (optional)
# description: (optional)
# tags: a list of tags to provide additional information for e.g. filtering (optional)
# environments: (required)
+# mutually_exclusive: (optional) boolean to identify that environments in group are mutually exclusive
# environments:
# List of environments in environment group
# title: (required)
# description: (optional)
# requires: an array of environments which are required by this environment (optional)
-# resource_registry: [tbd] (optional)
-
-# resource_registry:
-# [tbd] Each environment can provide options on resource_registry level applicable
-# only when that given environment is used. (resource_type of that environment can
-# be implemented using multiple templates).
topics:
- - title: Base Resources Configuration
+ - title: General Deployment Options
description:
environment_groups:
- - title:
- description: Enable base configuration for all resources required for OpenStack Deployment
+ - name: general-deployment-options
+ title:
+ description: Enables base configuration for all resources required for OpenStack Deployment
environments:
- file: overcloud-resource-registry-puppet.yaml
title: Base resources configuration
description:
-
- - title: Deployment Options
- description:
- environment_groups:
- - title: High Availability
- description: Enables configuration of an Overcloud controller with Pacemaker
- environments:
- - file: environments/puppet-pacemaker.yaml
- title: Pacemaker
- description: Enable configuration of an Overcloud controller with Pacemaker
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: Pacemaker options
- description:
- environments:
- - file: environments/puppet-pacemaker-no-restart.yaml
- title: Pacemaker No Restart
- description:
- requires:
- - environments/puppet-pacemaker.yaml
- - overcloud-resource-registry-puppet.yaml
- - title: Docker RDO
+ - title: Containerized Deployment
description: >
- Docker container with heat agents for containerized compute node
+ Configures Deployment to use containerized services
environments:
- file: environments/docker.yaml
- title: Docker RDO
+ title: Containerized Deployment
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Enable TLS
- description: >
- environments:
- - file: environments/enable-tls.yaml
- title: TLS
- description: >
- Use this option to pass in certificates for SSL deployments.
- For these values to take effect, one of the TLS endpoints
- environments must also be used.
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: TLS Endpoints
- description: >
- environments:
- - file: environments/tls-endpoints-public-dns.yaml
- title: SSL-enabled deployment with DNS name as public endpoint
- description: >
- Use this environment when deploying an SSL-enabled overcloud where the public
- endpoint is a DNS name.
- requires:
- - environments/enable-tls.yaml
- - overcloud-resource-registry-puppet.yaml
- - file: environments/tls-endpoints-public-ip.yaml
- title: SSL-enabled deployment with IP address as public endpoint
- description: >
- Use this environment when deploying an SSL-enabled overcloud where the public
- endpoint is an IP address.
- requires:
- - environments/enable-tls.yaml
- - overcloud-resource-registry-puppet.yaml
- - title: External load balancer
- description: >
- Enable external load balancer
- environments:
- - file: environments/external-loadbalancer-vip-v6.yaml
- title: External load balancer IPv6
- description: >
- requires:
- - overcloud-resource-registry-puppet.yaml
- - file: environments/external-loadbalancer-vip.yaml
- title: External load balancer IPv4
- description: >
- requires:
- - overcloud-resource-registry-puppet.yaml
-
- - title: Additional Services
- description: Deploy additional Overcloud services
- environment_groups:
- - title: Manila
- description:
- environments:
- - file: environments/manila-generic-config.yaml
- title: Manila
- description: Enable Manila generic driver backend
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: Sahara
- description:
- environments:
- - file: environments/services/sahara.yaml
- title: Sahara
- description: Deploy Sahara service
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: Ironic
- description:
- environments:
- - file: environments/services/ironic.yaml
- title: Ironic
- description: Deploy Ironic service
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: Mistral
- description:
- environments:
- - file: environments/services/mistral.yaml
- title: Mistral
- description: Deploy Mistral service
- requires:
- - overcloud-resource-registry-puppet.yaml
- - title: Ceilometer Api
- description:
+ - title: High Availability
+ description: Enables configuration of an Overcloud Controller with Pacemaker
environments:
- - file: environments/services/disable-ceilometer-api.yaml
- title: Ceilometer Api
- description: Disable Ceilometer Api service. This service is
- deprecated and will be removed in future releases. Please move
- to using gnocchi/aodh/panko apis instead.
+ - file: environments/puppet-pacemaker.yaml
+ title: High Availability (Pacemaker)
+ description:
requires:
- overcloud-resource-registry-puppet.yaml
- # - title: Network Interface Configuration
- # description:
- # environment_groups:
-
- - title: Overlay Network Configuration
+ - title: Network Configuration
description:
environment_groups:
- title: Network Isolation
to that role) on these networks.
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Single NIC or Bonding
+ mutually_exclusive: true
+ - title: NICs, Bonding, VLANs Configuration
description: >
- Configure roles to use pair of bonded nics or to use Vlans on a
- single nic. This option assumes use of Network Isolation.
+ Choose one of the pre-defined configurations or provide custom
+ network-environment.yaml instead. Note that pre-defined configuration work
+ only with standard Roles and Networks. These options assume use of Network Isolation.
environments:
- file: environments/net-bond-with-vlans.yaml
title: Bond with Vlans
for each role. This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-bond-with-vlans-no-external.yaml
title: Bond with Vlans No External Ports
description: >
Sets external ports to noop.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-bond-with-vlans-v6.yaml
title: Bond with Vlans IPv6
description: >
This option assumes use of Network Isolation IPv6.
requires:
- environments/network-isolation-v6.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-multiple-nics.yaml
title: Multiple NICs
description: >
This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-multiple-nics-v6.yaml
title: Multiple NICs IPv6
description: >
This option assumes use of Network Isolation IPv6.
requires:
- environments/network-isolation-v6.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-with-vlans.yaml
title: Single NIC with Vlans
description: >
each isolated network. This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-with-vlans-no-external.yaml
title: Single NIC with Vlans No External Ports
description: >
Sets external ports to noop.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-linux-bridge-with-vlans.yaml
title: Single NIC with Linux Bridge Vlans
description: >
each isolated network. This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- - overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-with-vlans-v6.yaml
title: Single NIC with Vlans IPv6
description: >
This option assumes use of Network Isolation IPv6
requires:
- environments/network-isolation-v6.yaml
- - overcloud-resource-registry-puppet.yaml
+ mutually_exclusive: true
- title: Management Network
description: >
Enable the creation of a system management network. This
description:
requires:
- overcloud-resource-registry-puppet.yaml
+ mutually_exclusive: true
+
+ - title: Docker Network
+ description: >
+ [Temporary] Use this option when deploying containerized deployment
+ without network isolation
+ environments:
+ - file: environments/docker-network.yaml
+ title: Docker network
+ description:
+ requires:
+ - environments/docker.yaml
+
+ - title: External load balancer
+ description: >
+ Enable external load balancer, requires network Isolation to be enabled.
+ Note that this option assumes standard isolated networks set.
+ environments:
+ - file: environments/external-loadbalancer-vip.yaml
+ title: External load balancer IPv4
+ description: >
+ requires:
+ - environments/network-isolation.yaml
+ - file: environments/external-loadbalancer-vip-v6.yaml
+ title: External load balancer IPv6
+ description: >
+ requires:
+ - environments/network-isolation-v6.yaml
+ mutually_exclusive: true
- title: Neutron Plugin Configuration
description:
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - file: environments/neutron-midonet.yaml
- title: Deploy MidoNet Services
+ - file: environments/networking/neutron-midonet.yaml
+ title: Neutron MidoNet Services
description:
requires:
- overcloud-resource-registry-puppet.yaml
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Nova Extensions
- description:
- environment_groups:
- - title: Nova Extensions
- description:
- environments:
- - file: environments/nova-nuage-config.yaml
- title: Nuage backend
- description: >
- Enables Nuage backend on the Compute
- requires:
- - overcloud-resource-registry-puppet.yaml
-
- title: Storage
description:
environment_groups:
- - title: Cinder backup service
- description:
- environments:
- - file: environments/cinder-backup.yaml
- title: Cinder backup service
- description: >
- OpenStack Cinder Backup service with Pacemaker configured
- with Puppet
- requires:
- - environments/puppet-pacemaker.yaml
- - overcloud-resource-registry-puppet.yaml
- - title: Cinder backend
+ - title: Cinder backends
description: >
Enable various Cinder backends
environments:
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - file: environments/cinder-netapp-config.yaml
+ - file: environments/storage/cinder-netapp-config.yaml
title: Cinder NetApp backend
description:
requires:
- file: environments/cinder-dellsc-config.yaml
title: Cinder Dell EMC Storage Center ISCSI backend
description: >
- Enables a Cinder Dell EMC Storage Center ISCSI backend,
- configured via puppet
+ Enables a Cinder Dell EMC Storage Center ISCSI backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-hpelefthand-config.yaml
title: Cinder HPELeftHandISCSI backend
description: >
- Enables a Cinder HPELeftHandISCSI backend, configured
- via puppet
+ Enables a Cinder HPELeftHandISCSI backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-dellps-config.yaml
title: Cinder Dell EMC PS Series backend
description: >
- Enables a Cinder Dell EMC PS Series backend,
- configured via puppet
+ Enables a Cinder Dell EMC PS Series backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-iser.yaml
- file: environments/cinder-scaleio-config.yaml
title: Cinder Dell EMC ScaleIO backend
description: >
- Enables a Cinder Dell EMC ScaleIO backend,
- configured via puppet
+ Enables a Cinder Dell EMC ScaleIO backend
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-veritas-hyperscale-config.yaml
configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Ceph
- description: >
- Enable the use of Ceph in the overcloud
+ - title: Cinder backup service
+ description:
environments:
- - file: environments/puppet-ceph-external.yaml
- title: Externally managed Ceph
+ - file: environments/cinder-backup.yaml
+ title: Cinder backup service
description: >
- Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
+ OpenStack Cinder Backup service with Pacemaker
requires:
+ - environments/puppet-pacemaker.yaml
- overcloud-resource-registry-puppet.yaml
+ - title: Ceph
+ description: >
+ Enable the use of Ceph in the overcloud
+ environments:
- file: environments/puppet-ceph.yaml
- title: TripleO managed Ceph
+ title: Ceph Storage Backend
description: >
Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
requires:
- overcloud-resource-registry-puppet.yaml
- - title: CephMDS
- description: >
- Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
- filesystems hosted in Ceph.
+ - file: environments/storage/external-ceph.yaml
+ title: Externally managed Ceph
+ description: >
+ Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ mutually_exclusive: true
+ - title: Additional Ceph Options
+ description:
environments:
- file: environments/services/ceph-mds.yaml
title: Deploys CephMDS
- description:
+ description: >
+ Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
+ filesystems hosted in Ceph.
requires:
- environments/puppet-ceph.yaml
- - title: Ceph Rados Gateway
- description: >
- Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
- which stores data in the Ceph cluster.
- environments:
- file: environments/ceph-radosgw.yaml
- title: Deploys CephRGW
- description:
+ title: Ceph Rados Gateway
+ description: >
+ Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
+ which stores data in the Ceph cluster.
requires:
- environments/puppet-ceph.yaml
- - title: Manila with CephFS
- description: >
- Deploys Manila and configures it with the CephFS driver. This requires the deployment of
- Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
- environments:
- file: environments/manila-cephfsnative-config.yaml
- title: Deploys Manila with CephFS driver
- description: Deploys Manila and configures CephFS as its default backend.
+ title: Manila with CephFS
+ description: >
+ Deploys Manila and configures it with the CephFS driver. This requires the deployment of
+ Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Storage Environment
- description: >
- Can be used to set up storage backends. Defaults to Ceph used as a
- backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It
- configures which services will use Ceph, or if any of the services
- will use NFS. And more. Usually requires to be edited by user first.
- tags:
- - no-gui
+ - title: Glance backends
+ description:
environments:
- - file: environments/storage-environment.yaml
- title: Storage Environment
- description:
+ - file: environments/storage/glance-nfs.yaml
+ title: Glance NFS Backend
+ description: |
+ Configure and enable this option to enable the use of an NFS
+ share as the backend for Glance.
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Utilities
- description:
+
+ - title: Security
+ description: Security Hardening Options
environment_groups:
- - title: Config Debug
- description: Enable config management (e.g. Puppet) debugging
+ - title: TLS
+ description:
environments:
- - file: environments/config-debug.yaml
- title: Config Debug
+ - file: environments/ssl/enable-tls.yaml
+ title: SSL on OpenStack Public Endpoints
+ description: >
+ Use this option to pass in certificates for SSL deployments.
+ For these values to take effect, one of the TLS endpoints
+ options must also be used.
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - title: TLS Endpoints
+ description:
+ environments:
+ - file: environments/ssl/tls-endpoints-public-dns.yaml
+ title: SSL-enabled deployment with DNS name as public endpoint
+ description: >
+ Use this option when deploying an SSL-enabled overcloud where the public
+ endpoint is a DNS name.
+ requires:
+ - environments/ssl/enable-tls.yaml
+ - file: environments/ssl/tls-everywhere-endpoints-dns.yaml
+ title: Deploy All SSL Endpoints as DNS names
+ description: >
+ Use this option when deploying an overcloud where all the endpoints are
+ DNS names and there's TLS in all endpoint types.
+ requires:
+ - environments/ssl/enable-tls.yaml
+ - file: environments/ssl/tls-endpoints-public-ip.yaml
+ title: SSL-enabled deployment with IP address as public endpoint
+ description: >
+ Use this option when deploying an SSL-enabled overcloud where the public
+ endpoint is an IP address.
+ requires:
+ - environments/ssl/enable-tls.yaml
+ mutually_exclusive: true
+ - title: SSH Banner Text
+ description: Enables population of SSH Banner Text
+ environments:
+ - file: environments/sshd-banner.yaml
+ title: SSH Banner Text
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Disable journal in MongoDb
- description: >
- Since, when journaling is enabled, MongoDb will create big journal
- file it can take time. In a CI environment for example journaling is
- not necessary.
+ - title: Horizon Password Validation
+ description: Enable Horizon Password validation
environments:
- - file: environments/mongodb-nojournal.yaml
- title: Disable journal in MongoDb
+ - file: environments/horizon_password_validation.yaml
+ title: Horizon Password Validation
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Overcloud Steps
- description: >
- Specifies hooks/breakpoints where overcloud deployment should stop
- Allows operator validation between steps, and/or more granular control.
- Note: the wildcards relate to naming convention for some resource suffixes,
- e.g see puppet/*-post.yaml, enabling this will mean we wait for
- a user signal on every *Deployment_StepN resource defined in those files.
- tags:
- - no-gui
+ - title: AuditD Rules
+ description: Management of AuditD rules
environments:
- - file: environments/overcloud-steps.yaml
- title: Overcloud Steps
+ - file: environments/auditd.yaml
+ title: AuditD Rule Management
description:
requires:
- overcloud-resource-registry-puppet.yaml
+ - title: Keystone CADF auditing
+ description: Enable CADF notifications in Keystone for auditing
+ environments:
+ - file: environments/cadf.yaml
+ title: Keystone CADF auditing
+ - title: SecureTTY Values
+ description: Set values within /etc/securetty
+ environments:
+ - file: environments/securetty.yaml
+ title: SecureTTY Values
+
+ - title: Additional Services
+ description:
+ environment_groups:
+ - title:
+ description: Deploy additional services
+ environments:
+ - file: environments/services/manila-generic-config.yaml
+ title: Barbican
+ description: Enable Barbican with the default secret store backend
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/manila-generic-config.yaml
+ title: Manila
+ description: Enable Manila with generic driver backend
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/services/sahara.yaml
+ title: Sahara
+ description: Deploy Sahara service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/services/ironic.yaml
+ title: Ironic
+ description: Deploy Ironic service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/services/mistral.yaml
+ title: Mistral
+ description: Deploy Mistral service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/services/ec2-api.yaml
+ title: EC2 API
+ description: Enable EC2-API service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+ - file: environments/services/zaqar.yaml
+ title: Zaqar
+ description: Deploy Zaqar service
+ requires:
+ - overcloud-resource-registry-puppet.yaml
+
+ - title: Nova Extensions
+ description:
+ environment_groups:
+ - title: Nova Extensions
+ description:
+ environments:
+ - file: environments/nova-nuage-config.yaml
+ title: Nuage backend
+ description: >
+ Enables Nuage backend on the Compute
+ requires:
+ - overcloud-resource-registry-puppet.yaml
- title: Operational Tools
description:
description: Enable monitoring agents
environments:
- file: environments/monitoring-environment.yaml
- title: Enable monitoring agents
+ title: Monitoring agents
description:
requires:
- overcloud-resource-registry-puppet.yaml
description: Enable centralized logging clients (fluentd)
environments:
- file: environments/logging-environment.yaml
- title: Enable fluentd client
+ title: fluentd client
description:
requires:
- overcloud-resource-registry-puppet.yaml
description: Enable performance monitoring agents
environments:
- file: environments/collectd-environment.yaml
- title: Enable performance monitoring agents
+ title: Performance monitoring agents
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Security Options
- description: Security Hardening Options
+ - title: Utilities
+ description:
environment_groups:
- - title: SSH Banner Text
- description: Enables population of SSH Banner Text
+ - title: Config Debug
+ description: Enable config management (e.g. Puppet) debugging
environments:
- - file: environments/sshd-banner.yaml
- title: SSH Banner Text
+ - file: environments/config-debug.yaml
+ title: Config Debug
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Horizon Password Validation
- description: Enable Horizon Password validation
+ - title: Disable journal in MongoDb
+ description: >
+ Since, when journaling is enabled, MongoDb will create big journal
+ file it can take time. In a CI environment for example journaling is
+ not necessary.
environments:
- - file: environments/horizon_password_validation.yaml
- title: Horizon Password Validation
+ - file: environments/mongodb-nojournal.yaml
+ title: Disable journal in MongoDb
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: AuditD Rules
- description: Management of AuditD rules
+ - title: Overcloud Steps
+ description: >
+ Specifies hooks/breakpoints where overcloud deployment should stop
+ Allows operator validation between steps, and/or more granular control.
+ Note: the wildcards relate to naming convention for some resource suffixes,
+ e.g see puppet/*-post.yaml, enabling this will mean we wait for
+ a user signal on every *Deployment_StepN resource defined in those files.
+ tags:
+ - no-gui
environments:
- - file: environments/auditd.yaml
- title: AuditD Rule Management
+ - file: environments/overcloud-steps.yaml
+ title: Overcloud Steps
description:
requires:
- overcloud-resource-registry-puppet.yaml
- - title: Keystone CADF auditing
- description: Enable CADF notifications in Keystone for auditing
- environments:
- - file: environments/cadf.yaml
- title: Keystone CADF auditing
- - title: SecureTTY Values
- description: Set values within /etc/securetty
- environments:
- - file: environments/securetty.yaml
- title: SecureTTY Values
description: Role name on which the service is applied
type: string
RoleParameters:
- description: Role Specific parameters to be provided to service
+ description: Parameters specific to the role
default: {}
type: json
key_name:
type: string
default: unused
+ description: Name of keypair to assign to servers
security_groups:
type: json
default: []
cinder_api_cron:
image: *cinder_api_image
net: host
+ user: root
privileged: false
restart: always
volumes:
- /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /dev/:/dev/
- /run/:/run/
- /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro
- /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro
- - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
- /lib/modules:/lib/modules:ro
- /dev/:/dev/
- /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
- if:
- internal_tls_enabled
- - - {get_param: InternalTLSCAFile}
+ - - list_join:
+ - ':'
+ - - {get_param: InternalTLSCAFile}
+ - {get_param: InternalTLSCAFile}
+ - 'ro'
- null
EnableInternalTLS:
type: boolean
default: false
+ NumberOfStorageSacks:
+ default: 128
+ description: Number of storage sacks to create.
+ type: number
conditions:
-
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
- command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'"
+ command:
+ str_replace:
+ template: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c /usr/bin/gnocchi-upgrade --sacks-number=SACK_NUM"
+ params:
+ SACK_NUM: {get_param: NumberOfStorageSacks}
step_4:
gnocchi_api:
image: *gnocchi_api_image
heat_api_cron:
image: {get_param: DockerHeatApiImage}
net: host
+ user: root
privileged: false
restart: always
volumes:
merge: true
preserve_properties: true
/var/lib/kolla/config_files/keystone_cron.json:
- command: /usr/sbin/cron -n
+ # FIXME(dprince): this is unused ATM because Kolla hardcodes the
+ # args for the keystone container to -DFOREGROUND
+ command: /usr/sbin/crond -n
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
keystone_cron:
start_order: 4
image: *keystone_image
+ user: root
net: host
privileged: false
restart: always
+ command: ['/bin/bash', '-c', '/usr/local/bin/kolla_set_configs && /usr/sbin/crond -n']
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
kolla_config:
/var/lib/kolla/config_files/multipathd.json:
command: /usr/sbin/multipathd -d
- config_files:
- - source: "/var/lib/kolla/config_files/src-iscsid/*"
- dest: "/"
- merge: true
- preserve_properties: true
+ config_files:
+ - source: "/var/lib/kolla/config_files/src-iscsid/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_3:
multipathd:
OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
# The compute node still needs extra initialization steps
OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
+ # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2
+ OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml
# NOTE: add roles to be docker enabled as we support them.
OS::TripleO::Services::AodhApi: ../docker/services/aodh-api.yaml
OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml
OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml
+ OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
+ OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml
+ OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
- OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
- OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
--- /dev/null
+# A Heat environment that can be used to deploy OpenDaylight with SRIOV
+resource_registry:
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-plugin-ml2.yaml
+ OS::TripleO::Services::NeutronCorePlugin: ../puppet/services/neutron-plugin-ml2-odl.yaml
+ OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml
+ OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml
+ OS::TripleO::Services::NeutronSriovAgent: ../puppet/services/neutron-sriov-agent.yaml
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+
+parameter_defaults:
+ NeutronEnableForceMetadata: true
+ NeutronMechanismDrivers: ['sriovnicswitch','opendaylight_v2']
+ NeutronServicePlugins: 'odl-router_v2,trunk'
+
+ # Add PciPassthroughFilter to the scheduler default filters
+ #NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter']
+ #NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"]
+
+ #NeutronPhysicalDevMappings: "datacentre:ens20f2"
+
+ # Number of VFs that needs to be configured for a physical interface
+ #NeutronSriovNumVFs: "ens20f2:5"
+
+ #NovaPCIPassthrough:
+ # - devname: "ens20f2"
+ # physical_network: "datacentre"
--- /dev/null
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Custom Domain Name
+# description: |
+# This environment contains the parameters that need to be set in order to
+# use a custom domain name and have all of the various FQDNs reflect it.
+parameter_defaults:
+ # The DNS domain used for the hosts. This must match the overcloud_domain_name configured on the undercloud.
+ # Type: string
+ CloudDomain: localdomain
+
+ # The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
+ # Type: string
+ CloudName: overcloud.localdomain
+
+ # The DNS name of this cloud's provisioning network endpoint. E.g. 'ci-overcloud.ctlplane.tripleo.org'.
+ # Type: string
+ CloudNameCtlplane: overcloud.ctlplane.localdomain
+
+ # The DNS name of this cloud's internal API endpoint. E.g. 'ci-overcloud.internalapi.tripleo.org'.
+ # Type: string
+ CloudNameInternal: overcloud.internalapi.localdomain
+
+ # The DNS name of this cloud's storage endpoint. E.g. 'ci-overcloud.storage.tripleo.org'.
+ # Type: string
+ CloudNameStorage: overcloud.storage.localdomain
+
+ # The DNS name of this cloud's storage management endpoint. E.g. 'ci-overcloud.storagemgmt.tripleo.org'.
+ # Type: string
+ CloudNameStorageManagement: overcloud.storagemgmt.localdomain
+
OS::TripleO::Services::IronicConductor: ../../docker/services/ironic-conductor.yaml
OS::TripleO::Services::IronicPxe: ../../docker/services/ironic-pxe.yaml
OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml
+parameter_defaults:
+ NovaSchedulerDiscoverHostsInCellsInterval: 15
CloudNameCtlplane:
default: overcloud.ctlplane.localdomain
description: >
- The DNS name of this cloud's storage management endpoint. E.g.
- 'ci-overcloud.management.tripleo.org'.
+ The DNS name of this cloud's provisioning network endpoint. E.g.
+ 'ci-overcloud.ctlplane.tripleo.org'.
type: string
resources:
type: string
RoleParameters:
type: json
- description: Role Specific parameters
+ description: Parameters specific to the role
default: {}
ServiceNames:
type: comma_delimited_list
type: string
RoleParameters:
type: json
- description: Role Specific parameters
+ description: Parameters specific to the role
default: {}
ServiceNames:
type: comma_delimited_list
type: string
RoleParameters:
type: json
- description: Role Specific parameters
+ description: Parameters specific to the role
default: {}
ServiceNames:
type: comma_delimited_list
- puppet/blockstorage-role.yaml
- puppet/objectstorage-role.yaml
- puppet/cephstorage-role.yaml
+ - network/internal_api.yaml
+ - network/external.yaml
+ - network/storage.yaml
+ - network/storage_mgmt.yaml
+ - network/tenant.yaml
+ - network/management.yaml
+ - network/internal_api_v6.yaml
+ - network/external_v6.yaml
+ - network/storage_v6.yaml
+ - network/storage_mgmt_v6.yaml
+ - network/tenant_v6.yaml
+ - network/management_v6.yaml
+ - network/ports/internal_api.yaml
+ - network/ports/external.yaml
+ - network/ports/storage.yaml
+ - network/ports/storage_mgmt.yaml
+ - network/ports/tenant.yaml
+ - network/ports/management.yaml
+ - network/ports/internal_api_v6.yaml
+ - network/ports/external_v6.yaml
+ - network/ports/storage_v6.yaml
+ - network/ports/storage_mgmt_v6.yaml
+ - network/ports/tenant_v6.yaml
+ - network/ports/management_v6.yaml
+ - network/ports/internal_api_from_pool.yaml
+ - network/ports/external_from_pool.yaml
+ - network/ports/storage_from_pool.yaml
+ - network/ports/storage_mgmt_from_pool.yaml
+ - network/ports/tenant_from_pool.yaml
+ - network/ports/management_from_pool.yaml
+ - network/ports/internal_api_from_pool_v6.yaml
+ - network/ports/external_from_pool_v6.yaml
+ - network/ports/storage_from_pool_v6.yaml
+ - network/ports/storage_mgmt_from_pool_v6.yaml
+ - network/ports/tenant_from_pool_v6.yaml
+ - network/ports/management_from_pool_v6.yaml
description: Ip allocation pool range for the management network.
type: json
ManagementInterfaceDefaultRoute:
- default: null
+ default: unset
description: The default route of the management network.
type: string
--- /dev/null
+heat_template_version: pike
+
+description: >
+ {{network.name}} network definition (automatically generated).
+
+parameters:
+ # the defaults here work for static IP assignment (IPAM) only
+ {{network.name}}NetCidr:
+ default: {{network.ip_subnet|default("")}}
+ description: Cidr for the {{network.name_lower}} network.
+ type: string
+ {{network.name}}NetValueSpecs:
+ default: {'provider:physical_network': '{{network.name_lower}}', 'provider:network_type': 'flat'}
+ description: Value specs for the {{network.name_lower}} network.
+ type: json
+ {{network.name}}NetAdminStateUp:
+ default: false
+ description: This admin state of the network.
+ type: boolean
+ {{network.name}}NetEnableDHCP:
+ default: false
+ description: Whether to enable DHCP on the associated subnet.
+ type: boolean
+ {{network.name}}NetShared:
+ default: false
+ description: Whether this network is shared across all tenants.
+ type: boolean
+ {{network.name}}NetName:
+ default: {{network.name_lower}}
+ description: The name of the {{network.name_lower}} network.
+ type: string
+ {{network.name}}SubnetName:
+ default: {{network.name_lower}}_subnet
+ description: The name of the {{network.name_lower}} subnet in Neutron.
+ type: string
+ {{network.name}}AllocationPools:
+ default: {{network.allocation_pools|default([])}}
+ description: Ip allocation pool range for the {{network.name_lower}} network.
+ type: json
+ {{network.name}}InterfaceDefaultRoute:
+ default: {{network.gateway_ip|default("not_defined")}}
+ description: default route for the {{network.name_lower}} network
+ type: string
+{%- if network.vlan %}
+ {{network.name}}NetworkVlanID:
+ default: {{network.vlan}}
+ description: Vlan ID for the {{network.name}} network traffic.
+ type: number
+{%- endif %}
+{%- if network.ipv6 %}
+ IPv6AddressMode:
+ default: dhcpv6-stateful
+ description: Neutron subnet IPv6 address mode
+ type: string
+ IPv6RAMode:
+ default: dhcpv6-stateful
+ description: Neutron subnet IPv6 router advertisement mode
+ type: string
+{%- endif %}
+
+resources:
+ {{network.name}}Network:
+ type: OS::Neutron::Net
+ properties:
+ admin_state_up: {get_param: {{network.name}}NetAdminStateUp}
+ name: {get_param: {{network.name}}NetName}
+ shared: {get_param: {{network.name}}NetShared}
+ value_specs: {get_param: {{network.name}}NetValueSpecs}
+
+ {{network.name}}Subnet:
+ type: OS::Neutron::Subnet
+ properties:
+ cidr: {get_param: {{network.name}}NetCidr}
+ name: {get_param: {{network.name}}SubnetName}
+ network: {get_resource: {{network.name}}Network}
+ allocation_pools: {get_param: {{network.name}}AllocationPools}
+ gateway_ip: {get_param: {{network.name}}InterfaceDefaultRoute}
+{%- if network.ipv6 %}
+ ip_version: 6
+ ipv6_address_mode: {get_param: IPv6AddressMode}
+ ipv6_ra_mode: {get_param: IPv6RAMode}
+{%- else %}
+ enable_dhcp: {get_param: {{network.name}}NetEnableDHCP}
+{%- endif %}
+
+outputs:
+ OS::stack_id:
+ description: {{network.name_lower}} network
+ value: {get_resource: {{network.name}}Network}
+ subnet_cidr:
+ value: {get_attr: {{network.name}}Subnet, cidr}
+
resources:
{%- for network in networks %}
- {%- if network.name != 'InternalApi' %}
{{network.name}}Network:
- {%- else %}
- InternalNetwork:
- {%- endif %}
type: OS::TripleO::Network::{{network.name}}
{%- endfor %}
# NOTE(gfidente): we need to replace the null value with a
# string to work around https://bugs.launchpad.net/heat/+bug/1700025
{%- for network in networks %}
- {%- if network.name != 'InternalApi' %}
{{network.name_lower}}:
yaql:
data: {get_attr: [{{network.name}}Network, subnet_cidr]}
expression: str($.data).replace('null', 'disabled')
- {%- else %}
- {{network.name_lower}}:
- yaql:
- data: {get_attr: [InternalNetwork, subnet_cidr]}
- expression: str($.data).replace('null', 'disabled')
- {%- endif %}
{%- endfor %}
description: Name of the service to lookup
default: ''
type: string
- NetworkName:
- description: # Here for compatibility with isolated networks
+ NetworkName: # Here for compatibility with isolated networks
+ description: Name of the network where the VIP will be created
default: ctlplane
type: string
PortName:
parameters:
ExternalNetName:
- description: Name of the external neutron network
+ description: The name of the external network.
default: external
type: string
PortName:
parameters:
ExternalNetName:
- description: Name of the external network
+ description: The name of the external network.
default: external
type: string
PortName:
parameters:
ExternalNetName:
- description: Name of the external network
+ description: The name of the external network.
default: external
type: string
PortName:
parameters:
ExternalNetName:
- description: Name of the external neutron network
+ description: The name of the external network.
default: external
type: string
PortName:
parameters:
InternalApiNetName:
- description: Name of the internal API neutron network
+ description: The name of the internal API network.
default: internal_api
type: string
PortName:
parameters:
InternalApiNetName:
- description: Name of the internal API network
+ description: The name of the internal API network.
default: internal_api
type: string
PortName:
parameters:
InternalApiNetName:
- description: Name of the internal API network
+ description: The name of the internal API network.
default: internal_api
type: string
PortName:
parameters:
InternalApiNetName:
- description: Name of the internal API neutron network
+ description: The name of the internal API network.
default: internal_api
type: string
PortName:
parameters:
ManagementNetName:
- description: Name of the management neutron network
+ description: The name of the management network.
default: management
type: string
PortName:
parameters:
ManagementNetName:
- description: Name of the management network
+ description: The name of the management network.
default: management
type: string
PortName:
parameters:
ManagementNetName:
- description: Name of the management network
+ description: The name of the management network.
default: management
type: string
PortName:
parameters:
ManagementNetName:
- description: Name of the management neutron network
+ description: The name of the management network.
default: management
type: string
PortName:
ExternalIpSubnet:
default: ''
type: string
+ description: IP address/subnet on the external network
ExternalIpUri:
default: ''
type: string
InternalApiIpSubnet:
default: ''
type: string
+ description: IP address/subnet on the internal API network
InternalApiIpUri:
default: ''
type: string
StorageIpSubnet:
default: ''
type: string
+ description: IP address/subnet on the storage network
StorageIpUri:
default: ''
type: string
StorageMgmtIpSubnet:
default: ''
type: string
+ description: IP address/subnet on the storage mgmt network
StorageMgmtIpUri:
default: ''
type: string
TenantIpSubnet:
default: ''
type: string
+ description: IP address/subnet on the tenant network
TenantIpUri:
default: ''
type: string
ExternalIpUri:
default: ''
type: string
+ description: IP address with brackets in case of IPv6
InternalApiIp:
default: ''
type: string
InternalApiIpUri:
default: ''
type: string
+ description: IP address with brackets in case of IPv6
StorageIp:
default: ''
type: string
StorageIpUri:
default: ''
type: string
+ description: IP address with brackets in case of IPv6
StorageMgmtIp:
default: ''
type: string
StorageMgmtIpUri:
default: ''
type: string
+ description: IP address with brackets in case of IPv6
outputs:
net_ip_map:
ExternalIpUri:
default: ''
type: string
+ description: IP address with brackets in case of IPv6
InternalApiIp:
default: ''
type: string
InternalApiIpUri:
default: ''
type: string
+ description: IP address with brackets in case of IPv6
StorageIp:
default: ''
type: string
StorageIpUri:
default: ''
type: string
+ description: IP address with brackets in case of IPv6
StorageMgmtIp:
default: ''
type: string
StorageMgmtIpUri:
default: ''
type: string
+ description: IP address with brackets in case of IPv6
outputs:
net_ip_map:
description: IP address on the control plane
type: string
ControlPlaneNetwork:
- description: Name of the control plane network
+ description: The name of the undercloud Neutron control plane
default: ctlplane
type: string
PortName:
description: Name of the port
default: ''
type: string
- NetworkName:
- description: # Here for compatibility with vip.yaml
- default: ''
+ NetworkName: # Here for compatibility with vip.yaml
+ description: Name of the network where the VIP will be created
+ default: ctlplane
type: string
FixedIPs:
- description: # Here for compatibility with vip.yaml
+ description: >
+ Control the IP allocation for the VIP port. E.g.
+ [{'ip_address':'1.2.3.4'}]
default: []
type: json
ControlPlaneSubnetCidr: # Override this via parameter_defaults
--- /dev/null
+heat_template_version: pike
+
+description: >
+ Creates a port on the {{network.name}} network. The IP address will be chosen
+ automatically if FixedIPs is empty.
+
+parameters:
+ {{network.name}}NetName:
+ description: Name of the {{network.name_lower}} neutron network
+ default: {{network.name_lower|default(network.name|lower)}}
+ type: string
+ PortName:
+ description: Name of the port
+ default: ''
+ type: string
+ ControlPlaneIP: # Here for compatibility with noop.yaml
+ description: IP address on the control plane
+ default: ''
+ type: string
+ ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml
+ description: The name of the undercloud Neutron control plane
+ default: ctlplane
+ type: string
+ FixedIPs:
+ description: >
+ Control the IP allocation for the VIP port. E.g.
+ [{'ip_address':'1.2.3.4'}]
+ default: []
+ type: json
+ IPPool: # Here for compatibility with from_pool.yaml
+ default: {}
+ type: json
+ NodeIndex: # Here for compatibility with from_pool.yaml
+ default: 0
+ type: number
+
+resources:
+
+ {{network.name}}Port:
+ type: OS::Neutron::Port
+ properties:
+ network: {get_param: {{network.name}}NetName}
+ name: {get_param: PortName}
+ fixed_ips: {get_param: FixedIPs}
+ replacement_policy: AUTO
+
+outputs:
+ ip_address:
+ description: {{network.name}} network IP
+ value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]}
+ ip_address_uri:
+{%- if network.ipv6 %}
+ description: {{network.name}} network IP (with brackets for IPv6 URLs)
+ value:
+ list_join:
+ - ''
+ - - '['
+ - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]}
+ - ']'
+{%- else %}
+ description: {{network.name}} network IP (for compatibility with IPv6 URLs)
+ value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]}
+{%- endif %}
+ ip_subnet:
+ description: IP/Subnet CIDR for the {{network.name}} network IP
+ value:
+ list_join:
+ - ''
+ - - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]}
+ - '/'
+ - {str_split: ['/', {get_attr: [{{network.name}}Port, subnets, 0, cidr]}, 1]}
+
--- /dev/null
+heat_template_version: pike
+
+description: >
+ Creates a port on the {{network.name}} network, using a map of IPs per role.
+ Each role has a map of IPs in <Role>IPs parameters, with a list of IPs by
+ network (lower_name or lower case). For example:
+ ControllerIPs:
+ external:
+ - 1.2.3.4 # First controller
+ - 1.2.3.5 # Second controller
+
+parameters:
+ {{network.name}}NetName:
+ description: Name of the {{network.name}} neutron network
+ default: {{network.name_lower}}
+ type: string
+ PortName:
+ description: Name of the port
+ default: ''
+ type: string
+ ControlPlaneIP: # Here for compatibility with noop.yaml
+ description: IP address on the control plane
+ default: ''
+ type: string
+ ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml
+ description: The name of the undercloud Neutron control plane
+ default: ctlplane
+ type: string
+ IPPool: # Set in <Role>IPs map, see environments/ips-from-pool-all.yaml
+ default: {}
+ type: json
+ NodeIndex: # First node in the role will get first IP, and so on...
+ default: 0
+ type: number
+ {{network.name}}NetCidr:
+ default: {{network.ip_subnet}}
+ description: Cidr for the {{network.name_lower}} network.
+ type: string
+
+outputs:
+ ip_address:
+ description: {{network.name}} network IP
+ value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]}
+ ip_address_uri:
+{%- if network.ipv6 %}
+ description: {{network.name}} network IP (with brackets for IPv6 URLs)
+ value:
+ list_join:
+ - ''
+ - - '['
+ - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]}
+ - ']'
+{%- else %}
+ description: {{network.name}} network IP (for compatibility with {{network.name_lower}}_v6.yaml)
+ value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]}
+{%- endif %}
+ ip_subnet:
+ description: IP/Subnet CIDR for the {{network.name}} network IP
+ value:
+ list_join:
+ - ''
+ - - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]}
+ - '/'
+ - {str_split: ['/', {get_param: {{network.name}}NetCidr}, 1]}
+
parameters:
StorageNetName:
- description: Name of the storage neutron network
+ description: The name of the storage network.
default: storage
type: string
PortName:
parameters:
StorageNetName:
- description: Name of the storage network
+ description: The name of the storage network.
default: storage
type: string
PortName:
parameters:
StorageNetName:
- description: Name of the storage network
+ description: The name of the storage network.
default: storage
type: string
PortName:
parameters:
StorageMgmtNetName:
- description: Name of the storage_mgmt API neutron network
+ description: The name of the Storage management network.
default: storage_mgmt
type: string
PortName:
parameters:
StorageMgmtNetName:
- description: Name of the storage MGMT network
+ description: The name of the Storage management network.
default: storage_mgmt
type: string
PortName:
type: number
StorageMgmtNetCidr:
default: '172.16.3.0/24'
- description: Cidr for the storage MGMT network.
+ description: Cidr for the storage management network.
type: string
outputs:
parameters:
StorageMgmtNetName:
- description: Name of the storage MGMT network
+ description: The name of the Storage management network.
default: storage_mgmt
type: string
PortName:
type: number
StorageMgmtNetCidr:
default: 'fd00:fd00:fd00:4000::/64'
- description: Cidr for the storage MGMT network.
+ description: Cidr for the storage management network.
type: string
outputs:
parameters:
StorageMgmtNetName:
- description: Name of the storage_mgmt API neutron network
+ description: The name of the Storage management network.
default: storage_mgmt
type: string
PortName:
parameters:
StorageNetName:
- description: Name of the storage neutron network
+ description: The name of the storage network.
default: storage
type: string
PortName:
parameters:
TenantNetName:
- description: Name of the tenant neutron network
+ description: The name of the tenant network.
default: tenant
type: string
PortName:
parameters:
TenantNetName:
- description: Name of the tenant network
+ description: The name of the tenant network.
default: tenant
type: string
PortName:
parameters:
TenantNetName:
- description: Name of the tenant network
+ description: The name of the tenant network.
default: tenant
type: string
PortName:
parameters:
TenantNetName:
- description: Name of the tenant neutron network
+ description: The name of the tenant network.
default: tenant
type: string
PortName:
type: string
NetworkName:
description: Name of the network where the VIP will be created
- default: internal_api
+ default: ctlplane
type: string
PortName:
description: Name of the port
type: string
NetworkName:
description: Name of the network where the VIP will be created
- default: internal_api
+ default: ctlplane
type: string
PortName:
description: Name of the port
# name: Name of the network (mandatory)
# name_lower: lowercase version of name used for filenames
# (optional, defaults to name.lower())
-# vlan: vlan for the network (optional)
-# gateway: gateway for the network (optional)
# enabled: Is the network enabled (optional, defaults to true)
+# ipv6: Does this network use IPv6 IPs? (optional, defaults to false)
+# (optional, may use parameter defaults in environment to set)
+# vlan: vlan for the network (optional)
# vip: Enable creation of a virtual IP on this network
-# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports, to support
-# VIPs on non-default networks. See https://bugs.launchpad.net/tripleo/+bug/1667104
+# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports,
+# to support VIPs on non-default networks.
+# See https://bugs.launchpad.net/tripleo/+bug/1667104
+# ip_subnet: IP/CIDR, e.g. '192.168.24.0/24' (optional, may use parameter defaults)
+# allocation_pools: IP range list e.g. [{'start':'10.0.0.4', 'end':'10.0.0.250}]
+# gateway_ip: gateway for the network (optional, may use parameter defaults)
+# NOTE: IP-related values set parameter defaults in templates, may be overridden.
+#
+# Example:
+# - name Example
+# vip: false
+# ip_subnet: '10.0.2.0/24'
+# allocation_pools: [{'start': '10.0.2.4', 'end': '10.0.2.250'}]
+# gateway_ip: '10.0.2.254'
#
+# TODO (dsneddon) remove existing templates from j2_excludes.yaml
+# and generate all templates dynamically.
+
- name: External
vip: true
name_lower: external
+ ip_subnet: '10.0.0.0/24'
+ allocation_pools: [{'start': '10.0.0.4', 'end': '10.0.0.250'}]
+ gateway_ip: '10.0.0.1'
- name: InternalApi
name_lower: internal_api
vip: true
+ ip_subnet: '172.16.2.0/24'
+ allocation_pools: [{'start': '172.16.2.4', 'end': '172.16.2.250'}]
- name: Storage
vip: true
name_lower: storage
+ ip_subnet: '172.16.1.0/24'
+ allocation_pools: [{'start': '172.16.1.4', 'end': '172.16.1.250'}]
- name: StorageMgmt
name_lower: storage_mgmt
vip: true
+ ip_subnet: '172.16.3.0/24'
+ allocation_pools: [{'start': '172.16.3.4', 'end': '172.16.3.250'}]
- name: Tenant
vip: false # Tenant network does not use VIPs
name_lower: tenant
+ ip_subnet: '172.16.0.0/24'
+ allocation_pools: [{'start': '172.16.0.4', 'end': '172.16.0.250'}]
- name: Management
# Management network is disabled by default
enabled: false
vip: false # Management network does not use VIPs
name_lower: management
+ ip_subnet: '10.0.1.0/24'
+ allocation_pools: [{'start': '10.0.1.4', 'end': '10.0.1.250'}]
CloudNameCtlplane:
default: overcloud.ctlplane.localdomain
description: >
- The DNS name of this cloud's storage management endpoint. E.g.
- 'ci-overcloud.management.tripleo.org'.
+ The DNS name of this cloud's provisioning network endpoint. E.g.
+ 'ci-overcloud.ctlplane.tripleo.org'.
type: string
ControlFixedIPs:
default: []
description: Neutron ID or name for ctlplane network.
NeutronPublicInterface:
default: nic1
- description: What interface to bridge onto br-ex for network nodes.
+ description: Which interface to add to the NeutronPhysicalBridge.
type: string
PublicVirtualFixedIPs:
default: []
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
type: string
constraints:
- allowed_values: ['naive', 'libvirt_metadata', 'workload_partitioning']
+ RedisPassword:
+ description: The password for the redis service account.
+ type: string
+ hidden: true
resources:
CeilometerServiceBase:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
- ceilometer::agent::compute::instance_discovery_method: {get_param: InstanceDiscoveryMethod}
+ - ceilometer_redis_password: {get_param: RedisPassword}
compute_namespace: true
service_config_settings:
get_attr: [CeilometerServiceBase, role_data, service_config_settings]
description: >
A list of publishers to put in event_pipeline.yaml. When the
collector is used, override this with notifier:// publisher.
+ If zaqar is enabled, you can also publish to a zaqar queue
+ by including "zaqar://?queue=queue_name" in this list.
Set ManageEventPipeline to true for override to take effect.
type: comma_delimited_list
ManagePipeline:
config_settings:
generate_service_certificates: true
tripleo::haproxy::use_internal_certificates: true
+ tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
+ tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
certificates_specs:
map_merge:
repeat:
template:
haproxy-NETWORK:
- service_pem: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.pem'
- service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.crt'
- service_key: '/etc/pki/tls/private/overcloud-haproxy-NETWORK.key'
+ service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.pem'
+ service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.crt'
+ service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-NETWORK.key'
hostname: "%{hiera('cloud_name_NETWORK')}"
postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
service_name: haproxy_public_tls_certmonger
config_settings:
generate_service_certificates: true
- tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
+ tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
+ tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
+ tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
certificates_specs:
haproxy-external:
- service_pem: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
- service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.crt'
- service_key: '/etc/pki/tls/private/overcloud-haproxy-external.key'
+ service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
+ service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt'
+ service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-external.key'
hostname: "%{hiera('cloud_name_external')}"
postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_external')}"
via parameter_defaults in the resource registry.
type: json
NeutronMetadataProxySharedSecret:
- description: Metadata Secret
+ description: Shared secret to prevent spoofing
type: string
hidden: true
ContrailVrouterPhysicalInterface:
via parameter_defaults in the resource registry.
type: json
NeutronMetadataProxySharedSecret:
- description: Metadata Secret
+ description: Shared secret to prevent spoofing
type: string
+ hidden: true
ContrailVrouterPhysicalInterface:
default: 'eth0'
description: vRouter physical interface
via parameter_defaults in the resource registry.
type: json
NeutronMetadataProxySharedSecret:
- description: Metadata Secret
+ description: Shared secret to prevent spoofing
type: string
hidden: true
ContrailVrouterPhysicalInterface:
type: json
NeutronEnableL2Pop:
type: string
- description: >
- Enable/disable the L2 population feature in the Neutron agents.
+ description: Enable/disable the L2 population feature in the Neutron agents.
default: "False"
NeutronBridgeMappings:
description: >
default: "datacentre:br-ex"
NeutronTunnelTypes:
default: 'vxlan'
- description: |
- The tunnel types for the Neutron tenant network.
+ description: The tunnel types for the Neutron tenant network.
type: comma_delimited_list
NeutronAgentExtensions:
default: "qos"
OpenDaylightPortBindingController:
description: OpenDaylight port binding controller
type: string
- default: 'network-topology'
+ default: 'pseudo-agentdb-binding'
resources:
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
- default: auto
+ default: ''
MigrationSshKey:
type: json
description: >
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
- default: auto
+ default: ''
conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
Required for VLAN deployments. For example physnet1 -> eth1.
type: comma_delimited_list
default: "datacentre:br-ex"
+ HostAllowedNetworkTypes:
+ description: Allowed tenant network types for this OVS host. Note this can
+ vary per host or role to constrain which hosts nova instances
+ and networks are scheduled to.
+ type: comma_delimited_list
+ default: ['local', 'vlan', 'vxlan', 'gre']
+ OvsEnableDpdk:
+ description: Whether or not to configure enable DPDK in OVS
+ default: false
+ type: boolean
+ OvsVhostuserMode:
+ description: Specify the mode for OVS with vhostuser port creation. In
+ client mode, the hypervisor will be responsible for creating
+ vhostuser sockets. In server mode, OVS will create them.
+ type: string
+ default: "client"
+ constraints:
+ - allowed_values: [ 'client', 'server' ]
+ VhostuserSocketDir:
+ description: Specify the directory to use for vhostuser sockets
+ type: string
+ default: "/var/run/openvswitch"
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ # Merging role-specific parameters (RoleParameters) with the default parameters.
+ # RoleParameters will have the precedence over the default parameters.
+ RoleParametersValue:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_replace:
+ - map_replace:
+ - neutron::plugins::ovs::opendaylight::allowed_network_types: HostAllowedNetworkTypes
+ neutron::plugins::ovs::opendaylight::enable_dpdk: OvsEnableDpdk
+ neutron::plugins::ovs::opendaylight::vhostuser_socket_dir: VhostuserSocketDir
+ neutron::plugins::ovs::opendaylight::vhostuser_mode: OvsVhostuserMode
+ neutron::plugins::ovs::opendaylight::provider_mappings: OpenDaylightProviderMappings
+ - values: {get_param: [RoleParameters]}
+ - values:
+ HostAllowedNetworkTypes: {get_param: HostAllowedNetworkTypes}
+ OvsEnableDpdk: {get_param: OvsEnableDpdk}
+ VhostuserSocketDir: {get_param: VhostuserSocketDir}
+ OvsVhostuserMode: {get_param: OvsVhostuserMode}
+ OpenDaylightProviderMappings: {get_param: OpenDaylightProviderMappings}
+
outputs:
role_data:
description: Role data for the OpenDaylight service.
opendaylight_check_url: {get_param: OpenDaylightCheckURL}
opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
- neutron::plugins::ovs::opendaylight::provider_mappings: {get_param: OpenDaylightProviderMappings}
tripleo.opendaylight_ovs.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'
'136 neutron gre networks':
proto: 'gre'
- get_attr: [Ovs, role_data, config_settings]
+ - get_attr: [RoleParametersValue, value]
step_config: |
include tripleo::profile::base::neutron::plugins::ovs::opendaylight
upgrade_tasks:
bridge on hosts - to a physical name 'datacentre' which can be used
to create provider networks (and we use this for the default floating
network) - if changing this either use different post-install network
- scripts or be sure to keep 'datacentre' as a mapping network name
+ scripts or be sure to keep 'datacentre' as a mapping network name.
type: comma_delimited_list
default: "datacentre:br-ex"
--- /dev/null
+---
+features:
+ - Adds new environment file for deploying SRIOV
+ with OpenDaylight.
--- /dev/null
+---
+fixes:
+ - Setting the port-binding to be pseudo-agentdb-binding.
+ Networking-odl no longer supports network-topology
+features:
+ - Enables per role configuration of per host
+ configuration which allows an operator to dedicate
+ different compute roles to different network or
+ port types in OpenDaylight deployments.
Note %index% is translated into the index of the node, e.g 0/1/2 etc
and %stackname% is replaced with OS::stack_name in the template below.
If you want to use the heat generated names, pass '' (empty string).
+ -
+ name: predictable-placement/custom-domain
+ title: Custom Domain Name
+ files:
+ overcloud.yaml:
+ parameters:
+ - CloudDomain
+ - CloudName
+ - CloudNameInternal
+ - CloudNameStorage
+ - CloudNameStorageManagement
+ - CloudNameCtlplane
+ description: |
+ This environment contains the parameters that need to be set in order to
+ use a custom domain name and have all of the various FQDNs reflect it.
r_map = {}
for r in role_data:
r_map[r.get('name')] = r
+
+ n_map = {}
+ for n in network_data:
+ if (n.get('enabled') is not False):
+ n_map[n.get('name')] = n
+ if not n.get('name_lower'):
+ n_map[n.get('name')]['name_lower'] = n.get('name').lower()
+ else:
+ print("skipping %s network: network is disabled" % n.get('name'))
+
excl_templates = ['%s/%s' % (template_path, e)
for e in j2_excludes.get('name')]
for f in files:
file_path = os.path.join(subdir, f)
- # We do two templating passes here:
+ # We do three templating passes here:
# 1. *.role.j2.yaml - we template just the role name
# and create multiple files (one per role)
- # 2. *.j2.yaml - we template with all roles_data,
+ # 2 *.network.j2.yaml - we template the network name and
+ # data and create multiple files for networks and
+ # network ports (one per network)
+ # 3. *.j2.yaml - we template with all roles_data,
# and create one file common to all roles
if f.endswith('.role.j2.yaml'):
print("jinja2 rendering role template %s" % f)
else:
print('skipping rendering of %s' % out_f_path)
+
+ elif f.endswith('.network.j2.yaml'):
+ print("jinja2 rendering network template %s" % f)
+ with open(file_path) as j2_template:
+ template_data = j2_template.read()
+ print("jinja2 rendering networks %s" % ",".join(n_map))
+ for network in n_map:
+ j2_data = {'network': n_map[network]}
+ # Output file names in "<name>.yaml" format
+ out_f = os.path.basename(f).replace('.network.j2.yaml',
+ '.yaml')
+ if os.path.dirname(file_path).endswith('ports'):
+ out_f = out_f.replace('port',
+ n_map[network]['name_lower'])
+ else:
+ out_f = out_f.replace('network',
+ n_map[network]['name_lower'])
+ out_f_path = os.path.join(out_dir, out_f)
+ if not (out_f_path in excl_templates):
+ _j2_render_to_file(template_data, j2_data,
+ out_f_path)
+ else:
+ print('skipping rendering of %s' % out_f_path)
+
elif f.endswith('.j2.yaml'):
print("jinja2 rendering normal template %s" % f)
with open(file_path) as j2_template:
'ExternalAllocationPools': ['default'],
'StorageNetCidr': ['default'],
'StorageAllocationPools': ['default'],
- 'StorageMgmtNetCidr': ['default',
- # FIXME
- 'description'],
+ 'StorageMgmtNetCidr': ['default'],
'StorageMgmtAllocationPools': ['default'],
'TenantNetCidr': ['default'],
'TenantAllocationPools': ['default'],
'InternalApiNetCidr': ['default'],
+ 'InternalApiAllocationPools': ['default'],
'UpdateIdentifier': ['description'],
+ 'key_name': ['default'],
+ # There's one template that defines this
+ # differently, and I'm not sure if we can
+ # safely change it.
+ 'EC2MetadataIp': ['default'],
+ # Same as EC2MetadataIp
+ 'ControlPlaneDefaultRoute': ['default'],
# TODO(bnemec): Address these existing
# inconsistencies.
- 'NeutronMetadataProxySharedSecret': [
- 'description', 'hidden'],
'ServiceNetMap': ['description', 'default'],
- 'EC2MetadataIp': ['default'],
'network': ['default'],
'ControlPlaneIP': ['default',
'description'],
'ControlPlaneIp': ['default',
'description'],
'NeutronBigswitchLLDPEnabled': ['default'],
- 'NeutronEnableL2Pop': ['description'],
'NeutronWorkers': ['description'],
- 'TenantIpSubnet': ['description'],
- 'ExternalNetName': ['description'],
- 'ControlPlaneDefaultRoute': ['default'],
- 'StorageMgmtNetName': ['description'],
'ServerMetadata': ['description'],
- 'InternalApiIpUri': ['description'],
- 'UpgradeLevelNovaCompute': ['default'],
- 'StorageMgmtIpUri': ['description'],
'server': ['description'],
'servers': ['description'],
- 'FixedIPs': ['description'],
- 'ExternalIpSubnet': ['description'],
- 'NeutronBridgeMappings': ['description'],
'ExtraConfig': ['description'],
- 'InternalApiIpSubnet': ['description'],
'DefaultPasswords': ['description',
'default'],
'BondInterfaceOvsOptions': ['description',
'default',
'constraints'],
'KeyName': ['constraints'],
- 'TenantNetName': ['description'],
- 'StorageIpSubnet': ['description'],
'OVNSouthboundServerPort': ['description'],
'ExternalInterfaceDefaultRoute':
['description', 'default'],
- 'ExternalIpUri': ['description'],
'IPPool': ['description'],
- 'ControlPlaneNetwork': ['description'],
'SSLCertificate': ['description',
'default',
'hidden'],
'HostCpusList': ['default', 'constraints'],
- 'InternalApiAllocationPools': ['default'],
'NodeIndex': ['description'],
'name': ['description', 'default'],
- 'StorageNetName': ['description'],
- 'ManagementNetName': ['description'],
- 'NeutronPublicInterface': ['description'],
- 'RoleParameters': ['description'],
- 'ManagementInterfaceDefaultRoute':
- ['default'],
'image': ['description', 'default'],
'NeutronBigswitchAgentEnabled': ['default'],
'EndpointMap': ['description', 'default'],
'DockerManilaConfigImage': ['description',
'default'],
- 'NetworkName': ['default', 'description'],
- 'StorageIpUri': ['description'],
- 'InternalApiNetName': ['description'],
- 'NeutronTunnelTypes': ['description'],
'replacement_policy': ['default'],
- 'StorageMgmtIpSubnet': ['description'],
'CloudDomain': ['description', 'default'],
- 'key_name': ['default', 'description'],
'EnableLoadBalancer': ['description'],
'ControllerExtraConfig': ['description'],
'NovaComputeExtraConfig': ['description'],
Code Review / apex-tripleo-heat-templates.git / commitdiff