Set redis password hiera value in compute agent - apex-tripleo-heat-templates

about summary refs log tree commit diff stats

path: root/puppet/services/cinder-backend-pure.yaml

diff options

author	Pradeep Kilambi <pkilambi@redhat.com>	2017-07-26 11:18:40 -0400
committer	Pradeep Kilambi <pkilambi@redhat.com>	2017-08-01 21:26:24 +0000
commit	f04235c3ebec463c75dfbd7f989c3e1b0e075375 (patch)
tree	995ad637ef2ae7e21e38f8e120e09a796679377d /puppet/services/cinder-backend-pure.yaml
parent	56d4563935ce51c54e8a4c38463e6c86dabee889 (diff)

Set redis password hiera value in compute agent

Without this config defaults to undef in containers Change-Id: Id47f365364e7b0d399de92995871b136550cd625

Diffstat (limited to 'puppet/services/cinder-backend-pure.yaml')

0 files changed, 0 insertions, 0 deletions

Open Platform for NFV and OPNFV are trademarks of the Open Platform for NFV Project, Inc.

Linux Foundation is a registered trademark of The Linux Foundation. Linux is a registered trademark of Linus Torvalds.

Please see our terms of use, trademark policy, and privacy policy.

.highlight .cs { color: #75715e } /* Comment.Special */ .highlight .gd { color: #f92672 } /* Generic.Deleted */ .highlight .ge { font-style: italic } /* Generic.Emph */ .highlight .gi { color: #a6e22e } /* Generic.Inserted */ .highlight .gs { font-weight: bold } /* Generic.Strong */ .highlight .gu { color: #75715e } /* Generic.Subheading */ .highlight .kc { color: #66d9ef } /* Keyword.Constant */ .highlight .kd { color: #66d9ef } /* Keyword.Declaration */ .highlight .kn { color: #f92672 } /* Keyword.Namespace */ .highlight .kp { color: #66d9ef } /* Keyword.Pseudo */ .highlight .kr { color: #66d9ef } /* Keyword.Reserved */ .highlight .kt { color: #66d9ef } /* Keyword.Type */ .highlight .ld { color: #e6db74 } /* Literal.Date */ .highlight .m { color: #ae81ff } /* Literal.Number */ .highlight .s { color: #e6db74 } /* Literal.String */ .highlight .na { color: #a6e22e } /* Name.Attribute */ .highlight .nb { color: #f8f8f2 } /* Name.Builtin */ .highlight .nc { color: #a6e22e } /* Name.Class */ .highlight .no { color: #66d9ef } /* Name.Constant */ .highlight .nd { color: #a6e22e } /* Name.Decorator */ .highlight .ni { color: #f8f8f2 } /* Name.Entity */ .highlight .ne { color: #a6e22e } /* Name.Exception */ .highlight .nf { color: #a6e22e } /* Name.Function */ .highlight .nl { color: #f8f8f2 } /* Name.Label */ .highlight .nn { color: #f8f8f2 } /* Name.Namespace */ .highlight .nx { color: #a6e22e } /* Name.Other */ .highlight .py { color: #f8f8f2 } /* Name.Property */ .highlight .nt { color: #f92672 } /* Name.Tag */ .highlight .nv { color: #f8f8f2 } /* Name.Variable */ .highlight .ow { color: #f92672 } /* Operator.Word */ .highlight .w { color: #f8f8f2 } /* Text.Whitespace */ .highlight .mb { color: #ae81ff } /* Literal.Number.Bin */ .highlight .mf { color: #ae81ff } /* Literal.Number.Float */ .highlight .mh { color: #ae81ff } /* Literal.Number.Hex */ .highlight .mi { color: #ae81ff } /* Literal.Number.Integer */ .highlight .mo { color: #ae81ff } /* Literal.Number.Oct */ .highlight .sa { color: #e6db74 } /* Literal.String.Affix */ .highlight .sb { color: #e6db74 } /* Literal.String.Backtick */ .highlight .sc { color: #e6db74 } /* Literal.String.Char */ .highlight .dl { color: #e6db74 } /* Literal.String.Delimiter */ .highlight .sd { color: #e6db74 } /* Literal.String.Doc */ .highlight .s2 { color: #e6db74 } /* Literal.String.Double */ .highlight .se { color: #ae81ff } /* Literal.String.Escape */ .highlight .sh { color: #e6db74 } /* Literal.String.Heredoc */ .highlight .si { color: #e6db74 } /* Literal.String.Interpol */ .highlight .sx { color: #e6db74 } /* Literal.String.Other */ .highlight .sr { color: #e6db74 } /* Literal.String.Regex */ .highlight .s1 { color: #e6db74 } /* Literal.String.Single */ .highlight .ss { color: #e6db74 } /* Literal.String.Symbol */ .highlight .bp { color: #f8f8f2 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #a6e22e } /* Name.Function.Magic */ .highlight .vc { color: #f8f8f2 } /* Name.Variable.Class */ .highlight .vg { color: #f8f8f2 } /* Name.Variable.Global */ .highlight .vi { color: #f8f8f2 } /* Name.Variable.Instance */ .highlight .vm { color: #f8f8f2 } /* Name.Variable.Magic */ .highlight .il { color: #ae81ff } /* Literal.Number.Integer.Long */ } @media (prefers-color-scheme: light) { .highlight .hll { background-color: #ffffcc } .highlight .c { color: #888888 } /* Comment */ .highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */ .highlight .k { color: #008800; font-weight: bold } /* Keyword */ .highlight .ch { color: #888888 } /* Comment.Hashbang */ .highlight .cm { color: #888888 } /* Comment.Multiline */ .highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */ .highlight .cpf { color: #888888 } /* Comment.PreprocFile */ .highlight .c1 { color: #888888 } /* Comment.Single */ .highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */ .highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */ .highlight .ge { font-style: italic } /* Generic.Emph */ .highlight .gr { color: #aa0000 } /* Generic.Error */ .highlight .gh { color: #333333 } /* Generic.Heading */ .highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */ .highlight .go { color: #888888 } /* Generic.Output */ .highlight .gp { color: #555555 } /* Generic.Prompt */ .highlight .gs { font-weight: bold } /* Generic.Strong */ .highlight .gu { color: #666666 } /* Generic.Subheading */ .highlight .gt { color: #aa0000 } /* Generic.Traceback */ .highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */ .highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */ .highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */ .highlight .kp { color: #008800 } /* Keyword.Pseudo */ .highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */ .highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */ .highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */ .highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */ .highlight .na { color: #336699 } /* Name.Attribute */ .highlight .nb { color: #003388 } /* Name.Builtin */ .highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */ .highlight .no { color: #003366; font-weight: bold } /* Name.Constant */ .highlight .nd { color: #555555 } /* Name.Decorator */ .highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */ .highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */ .highlight .nl { color: #336699; font-style: italic } /* Name.Label */ .highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */ .highlight .py { color: #336699; font-weight: bold } /* Name.Property */ .highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */ .highlight .nv { color: #336699 } /* Name.Variable */ .highlight .ow { color: #008800 } /* Operator.Word */ .highlight .w { color: #bbbbbb } /* Text.Whitespace */ .highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */ .highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */ .highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */ .highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */ .highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */ .highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */ .highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */ .highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */ .highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */ .highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */ }

.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat)

=======================================
IPv6 Gap Analysis with OpenStack Queens
=======================================

This section provides users with IPv6 gap analysis regarding feature requirement with
OpenStack Neutron in Queens Official Release. The following table lists the use cases / feature
requirements of VIM-agnostic IPv6 functionality, including infrastructure layer and VNF
(VM) layer, and its gap analysis with OpenStack Neutron in Queens Official Release.

Please **NOTE** that in terms of IPv6 support in OpenStack Neutron, there is no difference
between **Queens** release and prior, e.g. **Pike** and **Ocata**, releases.

.. table::
  :class: longtable

  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |Use Case / Requirement                                     |Supported in Queens|Notes                                                               |
  +===========================================================+===================+====================================================================+
  |All topologies work in a multi-tenant environment          |Yes                |The IPv6 design is following the Neutron tenant networks model;     |
  |                                                           |                   |dnsmasq is being used inside DHCP network namespaces, while radvd   |
  |                                                           |                   |is being used inside Neutron routers namespaces to provide full     |
  |                                                           |                   |isolation between tenants. Tenant isolation can be based on VLANs,  |
  |                                                           |                   |GRE, or VXLAN encapsulation. In case of overlays, the transport     |
  |                                                           |                   |network (and VTEPs) must be IPv4 based as of today.                 |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |IPv6 VM to VM only                                         |Yes                |It is possible to assign IPv6-only addresses to VMs. Both switching |
  |                                                           |                   |(within VMs on the same tenant network) as well as east/west routing|
  |                                                           |                   |(between different networks of the same tenant) are supported.      |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |IPv6 external L2 VLAN directly attached to a VM            |Yes                |IPv6 provider network model; RA messages from upstream (external)   |
  |                                                           |                   |router are forwarded into the VMs                                   |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |IPv6 subnet routed via L3 agent to an external IPv6 network|                   |Configuration is enhanced since Kilo to allow easier setup of the   |
  |                                                           |1. Yes             |upstream gateway, without the user being forced to create an IPv6   |
  |1. Both VLAN and overlay (e.g. GRE, VXLAN) subnet attached |                   |subnet for the external network.                                    |
  |   to VMs;                                                 |                   |                                                                    |
  |2. Must be able to support multiple L3 agents for a given  |2. Yes             |                                                                    |
  |   external network to support scaling (neutron scheduler  |                   |                                                                    |
  |   to assign vRouters to the L3 agents)                    |                   |                                                                    |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |Ability for a NIC to support both IPv4 and IPv6 (dual      |                   |Dual-stack is supported in Neutron with the addition of             |
  |stack) address.                                            |                   |``Multiple IPv6 Prefixes`` Blueprint                                |
  |                                                           |                   |                                                                    |
  |1. VM with a single interface associated with a network,   |1. Yes             |                                                                    |
  |   which is then associated with two subnets.              |                   |                                                                    |
  |2. VM with two different interfaces associated with two    |2. Yes             |                                                                    |
  |   different networks and two different subnets.           |                   |                                                                    |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |Support IPv6 Address assignment modes.                     |1. Yes             |                                                                    |
  |                                                           |                   |                                                                    |
  |1. SLAAC                                                   |2. Yes             |                                                                    |
  |2. DHCPv6 Stateless                                        |                   |                                                                    |
  |3. DHCPv6 Stateful                                         |3. Yes             |                                                                    |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |Ability to create a port on an IPv6 DHCPv6 Stateful subnet |Yes                |                                                                    |
  |and assign a specific IPv6 address to the port and have it |                   |                                                                    |
  |taken out of the DHCP address pool.                        |                   |                                                                    |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |Ability to create a port with fixed_ip for a               |**No**             |The following patch disables this operation:                        |
  |SLAAC/DHCPv6-Stateless Subnet.                             |                   |https://review.openstack.org/#/c/129144/                            |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |Support for private IPv6 to external IPv6 floating IP;     |**Rejected**       |Blueprint proposed in upstream and got rejected. General expectation|
  |Ability to specify floating IPs via Neutron API (REST and  |                   |is to avoid NAT with IPv6 by assigning GUA to tenant VMs. See       |
  |CLI) as well as via Horizon, including combination of      |                   |https://review.openstack.org/#/c/139731/ for discussion.            |
  |IPv6/IPv4 and IPv4/IPv6 floating IPs if implemented.       |                   |                                                                    |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |Provide IPv6/IPv4 feature parity in support for            |**To-Do**          |The L3 configuration should be transparent for the SR-IOV           |
  |pass-through capabilities (e.g., SR-IOV).                  |                   |implementation. SR-IOV networking support introduced in Juno based  |
  |                                                           |                   |on the ``sriovnicswitch`` ML2 driver is expected to work with IPv4  |
  |                                                           |                   |and IPv6 enabled VMs. We need to verify if it works or not.         |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |Additional IPv6 extensions, for example: IPSEC, IPv6       |**No**             |It does not appear to be considered yet (lack of clear requirements)|
  |Anycast, Multicast                                         |                   |                                                                    |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |VM access to the meta-data server to obtain user data, SSH |**No**             |This is currently not supported. Config-drive or dual-stack IPv4 /  |
  |keys, etc. using cloud-init with IPv6 only interfaces.     |                   |IPv6 can be used as a workaround (so that the IPv4 network is used  |
  |                                                           |                   |to obtain connectivity with the metadata service). The following    |
  |                                                           |                   |blog `How to Use Config-Drive for Metadata with IPv6 Network        |
  |                                                           |                   |<http://superuser.openstack.org/articles/deploying-ipv6-only-tenants|
  |                                                           |                   |-with-openstack/>`_ provides a neat summary on how to use           |
  |                                                           |                   |config-drive for metadata with IPv6 network.                        |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |Full support for IPv6 matching (i.e., IPv6, ICMPv6, TCP,   |Yes                |Both IPTables firewall driver and OVS firewall driver support IPv6  |
  |UDP) in security groups. Ability to control and manage all |                   |Security Group API.                                                 |
  |IPv6 security group capabilities via Neutron/Nova API (REST|                   |                                                                    |
  |and CLI) as well as via Horizon.                           |                   |                                                                    |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |During network/subnet/router create, there should be an    |Yes                |Two new Subnet attributes were introduced to control IPv6 address   |
  |option to allow user to specify the type of address        |                   |assignment options:                                                 |
  |management they would like. This includes all options      |                   |                                                                    |
  |including those low priority if implemented (e.g., toggle  |                   |* ``ipv6-ra-mode``: to determine who sends Router Advertisements;   |
  |on/off router and address prefix advertisements); It must  |                   |                                                                    |
  |be supported via Neutron API (REST and CLI) as well as via |                   |* ``ipv6-address-mode``: to determine how VM obtains IPv6 address,  |
  |Horizon                                                    |                   |  default gateway, and/or optional information.                     |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |Security groups anti-spoofing: Prevent VM from using a     |Yes                |                                                                    |
  |source IPv6/MAC address which is not assigned to the VM    |                   |                                                                    |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |Protect tenant and provider network from rogue RAs         |Yes                |When using a tenant network, Neutron is going to automatically      |
  |                                                           |                   |handle the filter rules to allow connectivity of RAs to the VMs only|
  |                                                           |                   |from the Neutron router port; with provider networks, users are     |
  |                                                           |                   |required to specify the LLA of the upstream router during the subnet|
  |                                                           |                   |creation, or otherwise manually edit the security-groups rules to   |
  |                                                           |                   |allow incoming traffic from this specific address.                  |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |Support the ability to assign multiple IPv6 addresses to   |Yes                |                                                                    |
  |an interface; both for Neutron router interfaces and VM    |                   |                                                                    |
  |interfaces.                                                |                   |                                                                    |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |Ability for a VM to support a mix of multiple IPv4 and IPv6|Yes                |                                                                    |
  |networks, including multiples of the same type.            |                   |                                                                    |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |IPv6 Support in "Allowed Address Pairs" Extension          |Yes                |                                                                    |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |Support for IPv6 Prefix Delegation.                        |Yes                |Partial support in Queens                                           |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |Distributed Virtual Routing (DVR) support for IPv6         |**No**             |In Queens DVR implementation, IPv6 works. But all the IPv6 ingress/ |
  |                                                           |                   |egress traffic is routed via the centralized controller node, i.e.  |
  |                                                           |                   |similar to SNAT traffic.                                            |
  |                                                           |                   |A fully distributed IPv6 router is not yet supported in Neutron.    |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |VPNaaS                                                     |Yes                |VPNaaS supports IPv6. But this feature is not extensively tested.   |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |FWaaS                                                      |Yes                |                                                                    |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |BGP Dynamic Routing Support for IPv6 Prefixes              |Yes                |BGP Dynamic Routing supports peering via IPv6 and advertising IPv6  |
  |                                                           |                   |prefixes.                                                           |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |VxLAN Tunnels with IPv6 endpoints.                         |Yes                |Neutron ML2/OVS supports configuring local_ip with IPv6 address so  |
  |                                                           |                   |that VxLAN tunnels are established with IPv6 addresses. This        |
  |                                                           |                   |feature requires OVS 2.6 or higher version.                         |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |IPv6 First-Hop Security, IPv6 ND spoofing                  |Yes                |                                                                    |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+
  |IPv6 support in Neutron Layer3 High Availability           |Yes                |                                                                    |
  |(keepalived+VRRP).                                         |                   |                                                                    |
  +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+


context:
space:
mode: