diff options
44 files changed, 1901 insertions, 57 deletions
diff --git a/environments/cinder-netapp-config.yaml b/environments/cinder-netapp-config.yaml index dfd15893..83ecbbe4 100644 --- a/environments/cinder-netapp-config.yaml +++ b/environments/cinder-netapp-config.yaml @@ -1,3 +1,7 @@ +# ************************************************************************************* +# DEPRECATED: Use tripleo-heat-templates/environments/storage/cinder-netapp-config.yaml +# instead. +# ************************************************************************************* # A Heat environment file which can be used to enable a # a Cinder NetApp backend, configured via puppet resource_registry: diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml index 481459cb..175e1fd7 100644 --- a/environments/enable-tls.yaml +++ b/environments/enable-tls.yaml @@ -1,3 +1,6 @@ +# ******************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-tls.yaml instead. +# ******************************************************************************** # Use this environment to pass in certificates for SSL deployments. # For these values to take effect, one of the tls-endpoints-*.yaml environments # must also be used. diff --git a/environments/inject-trust-anchor-hiera.yaml b/environments/inject-trust-anchor-hiera.yaml index b4908c1b..95d2de95 100644 --- a/environments/inject-trust-anchor-hiera.yaml +++ b/environments/inject-trust-anchor-hiera.yaml @@ -1,3 +1,7 @@ +# ************************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/ssl/inject-trust-anchor-hiera.yaml +# instead. +# ************************************************************************************** parameter_defaults: CAMap: first-ca-name: diff --git a/environments/inject-trust-anchor.yaml b/environments/inject-trust-anchor.yaml index 3ecb0d27..1b0f7066 100644 --- a/environments/inject-trust-anchor.yaml +++ b/environments/inject-trust-anchor.yaml @@ -1,3 +1,7 @@ +# ******************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/ssl/inject-trust-anchor.yaml +# instead. +# ******************************************************************************** parameter_defaults: SSLRootCertificate: | The contents of your root CA certificate go here diff --git a/environments/networking/neutron-midonet.yaml b/environments/networking/neutron-midonet.yaml new file mode 100644 index 00000000..ad8da8cf --- /dev/null +++ b/environments/networking/neutron-midonet.yaml @@ -0,0 +1,66 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Enable the Neutron MidoNet Services +# description: | +# A Heat environment that can be used to deploy MidoNet Services +parameter_defaults: + # Native Transport Port + # Type: string + CassandraClientPort: 9042 + + # The port for the Thrift RPC service, which is used for client connections + # Type: string + CassandraClientPortThrift: 9160 + + # The SSL port for encrypted communication. Unused unless enabled in encryption_options + # Type: string + CassandraSslStoragePort: 7001 + + # The Cassandra port for inter-node communication + # Type: string + CassandraStoragePort: 7000 + + # Name of the tunnel zone used to tunnel packages + # Type: string + TunnelZoneName: tunnelzone_tripleo + + # Type of the tunnels on the overlay. Choose between `gre` and `vxlan` + # Type: string + TunnelZoneType: vxlan + + # ****************************************************** + # Static parameters - these are values that must be + # included in the environment but should not be changed. + # ****************************************************** + # Whether enable Cassandra cluster on Controller + # Type: boolean + EnableCassandraOnController: True + + # Whether enable Zookeeper cluster on Controller + # Type: boolean + EnableZookeeperOnController: True + + # The core plugin for Neutron. The value should be the entrypoint to be loaded + # from neutron.core_plugins namespace. + # Type: string + NeutronCorePlugin: midonet.neutron.plugin_v1.MidonetPluginV2 + + # If True, DHCP provide metadata route to VM. + # Type: boolean + NeutronEnableIsolatedMetadata: True + + # ********************* + # End static parameters + # ********************* +resource_registry: + OS::TripleO::AllNodesExtraConfig: ../../puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml + OS::TripleO::Controller::Net::SoftwareConfig: ../../net-config-linux-bridge.yaml + OS::TripleO::Services::ComputeNeutronCorePlugin: ../../puppet/services/neutron-compute-plugin-midonet.yaml + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginMidonet + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None diff --git a/environments/neutron-midonet.yaml b/environments/neutron-midonet.yaml index c120d0b3..64cea2a6 100644 --- a/environments/neutron-midonet.yaml +++ b/environments/neutron-midonet.yaml @@ -1,3 +1,7 @@ +# ****************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/networking/neutron-midonet +# instead. +# ****************************************************************************** # A Heat environment that can be used to deploy MidoNet Services resource_registry: OS::TripleO::AllNodesExtraConfig: ../puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml index 5f8b02ad..2f577c26 100644 --- a/environments/puppet-ceph-external.yaml +++ b/environments/puppet-ceph-external.yaml @@ -1,3 +1,7 @@ +# ****************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/storage/ceph-external.yaml +# instead. +# ****************************************************************************** # A Heat environment file which can be used to enable the # use of an externally managed Ceph cluster. resource_registry: diff --git a/environments/ssl/enable-tls.yaml b/environments/ssl/enable-tls.yaml new file mode 100644 index 00000000..c8ed2bd2 --- /dev/null +++ b/environments/ssl/enable-tls.yaml @@ -0,0 +1,41 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Enable SSL on OpenStack Public Endpoints +# description: | +# Use this environment to pass in certificates for SSL deployments. +# For these values to take effect, one of the tls-endpoints-*.yaml environments +# must also be used. +parameter_defaults: + # The content of the SSL certificate (without Key) in PEM format. + # Mandatory. This parameter must be set by the user. + # Type: string + SSLCertificate: | + The contents of your certificate go here + + # The content of an SSL intermediate CA certificate in PEM format. + # Type: string + SSLIntermediateCertificate: '' + + # The content of the SSL Key in PEM format. + # Mandatory. This parameter must be set by the user. + # Type: string + SSLKey: | + The contents of the private key go here + + # ****************************************************** + # Static parameters - these are values that must be + # included in the environment but should not be changed. + # ****************************************************** + # The filepath of the certificate as it will be stored in the controller. + # Type: string + DeployedSSLCertificatePath: /etc/pki/tls/private/overcloud_endpoint.pem + + # ********************* + # End static parameters + # ********************* +resource_registry: + OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml diff --git a/environments/ssl/inject-trust-anchor-hiera.yaml b/environments/ssl/inject-trust-anchor-hiera.yaml new file mode 100644 index 00000000..db3f2677 --- /dev/null +++ b/environments/ssl/inject-trust-anchor-hiera.yaml @@ -0,0 +1,22 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Inject SSL Trust Anchor on Overcloud Nodes +# description: | +# When using an SSL certificate signed by a CA that is not in the default +# list of CAs, this environment allows adding a custom CA certificate to +# the overcloud nodes. +parameter_defaults: + # Map containing the CA certs and information needed for deploying them. + # Type: json + CAMap: + first-ca-name: + content: | + The content of the CA cert goes here + second-ca-name: + content: | + The content of the CA cert goes here + diff --git a/environments/ssl/inject-trust-anchor.yaml b/environments/ssl/inject-trust-anchor.yaml new file mode 100644 index 00000000..521a4191 --- /dev/null +++ b/environments/ssl/inject-trust-anchor.yaml @@ -0,0 +1,20 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Inject SSL Trust Anchor on Overcloud Nodes +# description: | +# When using an SSL certificate signed by a CA that is not in the default +# list of CAs, this environment allows adding a custom CA certificate to +# the overcloud nodes. +parameter_defaults: + # The content of a CA's SSL certificate file in PEM format. This is evaluated on the client side. + # Mandatory. This parameter must be set by the user. + # Type: string + SSLRootCertificate: | + The contents of your certificate go here + +resource_registry: + OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml diff --git a/environments/ssl/tls-endpoints-public-dns.yaml b/environments/ssl/tls-endpoints-public-dns.yaml new file mode 100644 index 00000000..216afece --- /dev/null +++ b/environments/ssl/tls-endpoints-public-dns.yaml @@ -0,0 +1,131 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Deploy Public SSL Endpoints as DNS Names +# description: | +# Use this environment when deploying an SSL-enabled overcloud where the public +# endpoint is a DNS name. +parameter_defaults: + # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. + # Type: json + EndpointMap: + AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} + BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} + CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} + CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} + GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} + GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} + HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} + HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} + HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} + IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} + IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} + IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} + IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'} + KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} + KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} + MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} + NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} + NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} + NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} + PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} + SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} + SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + diff --git a/environments/ssl/tls-endpoints-public-ip.yaml b/environments/ssl/tls-endpoints-public-ip.yaml new file mode 100644 index 00000000..d216ab7f --- /dev/null +++ b/environments/ssl/tls-endpoints-public-ip.yaml @@ -0,0 +1,131 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Deploy Public SSL Endpoints as IP Addresses +# description: | +# Use this environment when deploying an SSL-enabled overcloud where the public +# endpoint is an IP address. +parameter_defaults: + # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. + # Type: json + EndpointMap: + AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'} + BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'} + CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'} + CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} + CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'} + CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} + ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'} + GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'} + GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'} + HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'} + HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'} + HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} + IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'} + IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} + IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} + IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'} + KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} + KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'} + ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'} + MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} + NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'} + NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'} + NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'} + NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'} + OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'} + PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'} + SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'} + SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} + TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'} + ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'} + diff --git a/environments/ssl/tls-everywhere-endpoints-dns.yaml b/environments/ssl/tls-everywhere-endpoints-dns.yaml new file mode 100644 index 00000000..63157ddd --- /dev/null +++ b/environments/ssl/tls-everywhere-endpoints-dns.yaml @@ -0,0 +1,131 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Deploy All SSL Endpoints as DNS Names +# description: | +# Use this environment when deploying an overcloud where all the endpoints are +# DNS names and there's TLS in all endpoint types. +parameter_defaults: + # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. + # Type: json + EndpointMap: + AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} + AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} + AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} + BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} + BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} + BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} + CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} + CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} + CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} + CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} + CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} + CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} + CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} + Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} + Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} + GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} + GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} + GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} + GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} + GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} + HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} + HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} + HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} + HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} + HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} + HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} + IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} + IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} + IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} + IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'} + IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'} + IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'} + KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'} + KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} + ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} + MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'} + MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'} + MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'} + NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} + NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} + NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} + NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} + NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} + NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} + NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} + NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} + OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} + OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} + PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} + PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} + PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} + SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} + SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} + SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'} + TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'} + TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + diff --git a/environments/storage/cinder-netapp-config.yaml b/environments/storage/cinder-netapp-config.yaml new file mode 100644 index 00000000..4cdba09b --- /dev/null +++ b/environments/storage/cinder-netapp-config.yaml @@ -0,0 +1,119 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Enable the Cinder NetApp Backend +# description: | +# A Heat environment file which can be used to enable a +# a Cinder NetApp backend, configured via puppet +parameter_defaults: + # + # Type: string + CinderNetappBackendName: tripleo_netapp + + # + # Type: string + CinderNetappControllerIps: '' + + # + # Type: string + CinderNetappCopyOffloadToolPath: '' + + # + # Type: string + CinderNetappEseriesHostType: linux_dm_mp + + # + # Type: string + CinderNetappHostType: '' + + # + # Mandatory. This parameter must be set by the user. + # Type: string + CinderNetappLogin: <None> + + # + # Type: string + CinderNetappNfsMountOptions: '' + + # + # Type: string + CinderNetappNfsShares: '' + + # + # Type: string + CinderNetappNfsSharesConfig: /etc/cinder/shares.conf + + # + # Type: string + CinderNetappPartnerBackendName: '' + + # + # Mandatory. This parameter must be set by the user. + # Type: string + CinderNetappPassword: <None> + + # + # Type: string + CinderNetappSaPassword: '' + + # + # Mandatory. This parameter must be set by the user. + # Type: string + CinderNetappServerHostname: <None> + + # + # Type: string + CinderNetappServerPort: 80 + + # + # Type: string + CinderNetappSizeMultiplier: 1.2 + + # + # Type: string + CinderNetappStorageFamily: ontap_cluster + + # + # Type: string + CinderNetappStoragePools: '' + + # + # Type: string + CinderNetappStorageProtocol: nfs + + # + # Type: string + CinderNetappTransportType: http + + # + # Type: string + CinderNetappVfiler: '' + + # + # Type: string + CinderNetappVolumeList: '' + + # + # Type: string + CinderNetappVserver: '' + + # + # Type: string + CinderNetappWebservicePath: /devmgr/v2 + + # ****************************************************** + # Static parameters - these are values that must be + # included in the environment but should not be changed. + # ****************************************************** + # + # Type: boolean + CinderEnableNetappBackend: True + + # ********************* + # End static parameters + # ********************* +resource_registry: + OS::TripleO::ControllerExtraConfigPre: ../../puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml diff --git a/environments/storage/cinder-nfs.yaml b/environments/storage/cinder-nfs.yaml new file mode 100644 index 00000000..2de3e78c --- /dev/null +++ b/environments/storage/cinder-nfs.yaml @@ -0,0 +1,27 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Enable Cinder NFS Backend +# description: | +# Configure and include this environment to enable the use of an NFS +# share as the backend for Cinder. +parameter_defaults: + # Whether to enable or not the Iscsi backend for Cinder + # Type: boolean + CinderEnableIscsiBackend: False + + # Whether to enable or not the NFS backend for Cinder + # Type: boolean + CinderEnableNfsBackend: True + + # Mount options for NFS mounts used by Cinder NFS backend. Effective when CinderEnableNfsBackend is true. + # Type: string + CinderNfsMountOptions: '' + + # NFS servers used by Cinder NFS backend. Effective when CinderEnableNfsBackend is true. + # Type: comma_delimited_list + CinderNfsServers: 192.168.122.1:/export/cinder + diff --git a/environments/storage/enable-ceph.yaml b/environments/storage/enable-ceph.yaml new file mode 100644 index 00000000..c629f74b --- /dev/null +++ b/environments/storage/enable-ceph.yaml @@ -0,0 +1,35 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Enable Ceph Storage Backend +# description: | +# Include this environment to enable Ceph as the backend for +# Cinder, Nova, Gnocchi, and Glance. +parameter_defaults: + # The short name of the Cinder Backup backend to use. + # Type: string + CinderBackupBackend: rbd + + # Whether to enable or not the Iscsi backend for Cinder + # Type: boolean + CinderEnableIscsiBackend: False + + # Whether to enable or not the Rbd backend for Cinder + # Type: boolean + CinderEnableRbdBackend: True + + # The short name of the Glance backend to use. Should be one of swift, rbd, or file + # Type: string + GlanceBackend: rbd + + # The short name of the Gnocchi backend to use. Should be one of swift, rbd, or file + # Type: string + GnocchiBackend: rbd + + # Whether to enable or not the Rbd backend for Nova + # Type: boolean + NovaEnableRbdBackend: True + diff --git a/environments/storage/external-ceph.yaml b/environments/storage/external-ceph.yaml new file mode 100644 index 00000000..f1c9d516 --- /dev/null +++ b/environments/storage/external-ceph.yaml @@ -0,0 +1,78 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Deploy Using an External Ceph Cluster +# description: | +# A Heat environment file which can be used to enable the +# use of an externally managed Ceph cluster. +parameter_defaults: + # The Ceph admin client key. Can be created with ceph-authtool --gen-print-key. + # Type: string + CephAdminKey: '' + + # The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + # Mandatory. This parameter must be set by the user. + # Type: string + CephClientKey: <None> + + # + # Type: string + CephClientUserName: openstack + + # The Ceph cluster FSID. Must be a UUID. + # Mandatory. This parameter must be set by the user. + # Type: string + CephClusterFSID: <None> + + # List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments. + # Type: string + CephExternalMonHost: '' + + # Whether to enable or not the Iscsi backend for Cinder + # Type: boolean + CinderEnableIscsiBackend: False + + # Whether to enable or not the Rbd backend for Cinder + # Type: boolean + CinderEnableRbdBackend: True + + # + # Type: string + CinderRbdPoolName: volumes + + # The short name of the Glance backend to use. Should be one of swift, rbd, or file + # Type: string + GlanceBackend: rbd + + # + # Type: string + GlanceRbdPoolName: images + + # The short name of the Gnocchi backend to use. Should be one of swift, rbd, or file + # Type: string + GnocchiBackend: rbd + + # + # Type: string + GnocchiRbdPoolName: metrics + + # Whether to enable or not the Rbd backend for Nova + # Type: boolean + NovaEnableRbdBackend: True + + # + # Type: string + NovaRbdPoolName: vms + + # The default features enabled when creating a block device image. Only applies to format 2 images. Set to '1' for Jewel clients using older Ceph servers. + # Type: string + RbdDefaultFeatures: '' + +resource_registry: + OS::TripleO::Services::CephClient: OS::Heat::None + OS::TripleO::Services::CephExternal: ../../puppet/services/ceph-external.yaml + OS::TripleO::Services::CephMon: OS::Heat::None + OS::TripleO::Services::CephOSD: OS::Heat::None diff --git a/environments/storage/glance-nfs.yaml b/environments/storage/glance-nfs.yaml new file mode 100644 index 00000000..3c139306 --- /dev/null +++ b/environments/storage/glance-nfs.yaml @@ -0,0 +1,34 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Enable Glance NFS Backend +# description: | +# Configure and include this environment to enable the use of an NFS +# share as the backend for Glance. +parameter_defaults: + # NFS mount options for image storage (when GlanceNfsEnabled is true) + # Type: string + GlanceNfsOptions: intr,context=system_u:object_r:glance_var_lib_t:s0 + + # NFS share to mount for image storage (when GlanceNfsEnabled is true) + # Type: string + GlanceNfsShare: '' + + # ****************************************************** + # Static parameters - these are values that must be + # included in the environment but should not be changed. + # ****************************************************** + # The short name of the Glance backend to use. Should be one of swift, rbd, or file + # Type: string + GlanceBackend: file + + # When using GlanceBackend 'file', mount NFS share for image storage. + # Type: boolean + GlanceNfsEnabled: True + + # ********************* + # End static parameters + # ********************* diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index 92b696b7..83b32495 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -1,3 +1,7 @@ +# ************************************************************************************* +# DEPRECATED: Use tripleo-heat-templates/environments/ssl/tls-endpoints-public-dns.yaml +# instead. +# ************************************************************************************* # Use this environment when deploying an SSL-enabled overcloud where the public # endpoint is a DNS name. parameter_defaults: diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index c879ff94..8e502972 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -1,3 +1,7 @@ +# ************************************************************************************* +# DEPRECATED: Use tripleo-heat-templates/environments/ssl/tls-endpoints-public-ip.yaml +# instead. +# ************************************************************************************* # Use this environment when deploying an SSL-enabled overcloud where the public # endpoint is an IP address. parameter_defaults: diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml index 96632bc2..fb0d1699 100644 --- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml +++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml @@ -59,6 +59,19 @@ parameters: description: | When enabled, the system will perform a yum update after performing the RHEL Registration process. + deployment_actions: + default: ['CREATE', 'UPDATE'] + type: comma_delimited_list + description: > + List of stack actions that will trigger any deployments in this + templates. The actions will be an empty list of the server is in the + toplevel DeploymentServerBlacklist parameter's value. + +conditions: + deployment_actions_empty: + equals: + - {get_param: deployment_actions} + - [] resources: @@ -136,7 +149,11 @@ resources: name: RHELUnregistrationDeployment server: {get_param: server} config: {get_resource: RHELUnregistration} - actions: ['DELETE'] # Only do this on DELETE + actions: + if: + - deployment_actions_empty + - [] + - ['DELETE'] # Only do this on DELETE input_values: REG_METHOD: {get_param: rhel_reg_method} @@ -169,7 +186,11 @@ resources: name: UpdateDeploymentAfterRHELRegistration config: {get_resource: YumUpdateConfigurationAfterRHELRegistration} server: {get_param: server} - actions: ['CREATE'] # Only do this on CREATE + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE outputs: deploy_stdout: diff --git a/extraconfig/pre_network/config_then_reboot.yaml b/extraconfig/pre_network/config_then_reboot.yaml index 48ba5263..79cb7cbc 100644 --- a/extraconfig/pre_network/config_then_reboot.yaml +++ b/extraconfig/pre_network/config_then_reboot.yaml @@ -7,6 +7,19 @@ description: > parameters: server: type: string + deployment_actions: + default: ['CREATE', 'UPDATE'] + type: comma_delimited_list + description: > + List of stack actions that will trigger any deployments in this + templates. The actions will be an empty list of the server is in the + toplevel DeploymentServerBlacklist parameter's value. + +conditions: + deployment_actions_empty: + equals: + - {get_param: deployment_actions} + - [] resources: @@ -24,6 +37,11 @@ resources: name: SomeDeployment server: {get_param: server} config: {get_resource: SomeConfig} + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE actions: ['CREATE'] # Only do this on CREATE RebootConfig: @@ -44,5 +62,9 @@ resources: name: RebootDeployment server: {get_param: server} config: {get_resource: RebootConfig} - actions: ['CREATE'] # Only do this on CREATE + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE signal_transport: NO_SIGNAL diff --git a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml index 41d8f4f6..fe52ef7e 100644 --- a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml @@ -19,6 +19,13 @@ parameters: {{role}}HostCpusList: type: string default: "" + deployment_actions: + default: ['CREATE', 'UPDATE'] + type: comma_delimited_list + description: > + List of stack actions that will trigger any deployments in this + templates. The actions will be an empty list of the server is in the + toplevel DeploymentServerBlacklist parameter's value. parameter_group: - label: deprecated @@ -38,6 +45,10 @@ conditions: equals: - get_param: {{role}}TunedProfileName - "" + deployment_actions_empty: + equals: + - {get_param: deployment_actions} + - [] resources: @@ -62,7 +73,11 @@ resources: name: HostParametersDeployment server: {get_param: server} config: {get_resource: HostParametersConfig} - actions: ['CREATE'] # Only do this on CREATE + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE input_values: _KERNEL_ARGS_: {get_param: {{role}}KernelArgs} _TUNED_PROFILE_NAME_: {get_param: {{role}}TunedProfileName} @@ -88,7 +103,11 @@ resources: name: RebootDeployment server: {get_param: server} config: {get_resource: RebootConfig} - actions: ['CREATE'] # Only do this on CREATE + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE signal_transport: NO_SIGNAL outputs: diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml index 74e716ad..21309dd5 100644 --- a/extraconfig/pre_network/host_config_and_reboot.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.yaml @@ -11,9 +11,20 @@ parameters: type: json description: Role Specific parameters default: {} + deployment_actions: + default: ['CREATE', 'UPDATE'] + type: comma_delimited_list + description: > + List of stack actions that will trigger any deployments in this + templates. The actions will be an empty list of the server is in the + toplevel DeploymentServerBlacklist parameter's value. conditions: is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}} + deployment_actions_empty: + equals: + - {get_param: deployment_actions} + - [] resources: HostParametersConfig: @@ -37,7 +48,11 @@ resources: name: HostParametersDeployment server: {get_param: server} config: {get_resource: HostParametersConfig} - actions: ['CREATE'] # Only do this on CREATE + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE input_values: _KERNEL_ARGS_: {get_param: [RoleParameters, KernelArgs]} _TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]} @@ -63,7 +78,11 @@ resources: name: RebootDeployment server: {get_param: server} config: {get_resource: RebootConfig} - actions: ['CREATE'] # Only do this on CREATE + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE signal_transport: NO_SIGNAL outputs: diff --git a/extraconfig/tasks/ssh/host_public_key.yaml b/extraconfig/tasks/ssh/host_public_key.yaml index e4ba0cc4..02fdbf1c 100644 --- a/extraconfig/tasks/ssh/host_public_key.yaml +++ b/extraconfig/tasks/ssh/host_public_key.yaml @@ -7,6 +7,13 @@ parameters: server: description: ID of the node to apply this config to type: string + deployment_actions: + default: ['CREATE', 'UPDATE'] + type: comma_delimited_list + description: > + List of stack actions that will trigger any deployments in this + templates. The actions will be an empty list of the server is in the + toplevel DeploymentServerBlacklist parameter's value. resources: SshHostPubKeyConfig: @@ -28,6 +35,7 @@ resources: properties: config: {get_resource: SshHostPubKeyConfig} server: {get_param: server} + actions: {get_param: deployment_actions} outputs: diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index c7db59f8..e4c04b4e 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -101,8 +101,8 @@ parameters: default: 'localdomain' type: string description: > - The DNS domain used for the hosts. This should match the dhcp_domain - configured in the Undercloud neutron. Defaults to localdomain. + The DNS domain used for the hosts. This must match the + overcloud_domain_name configured on the undercloud. ServerMetadata: default: {} description: > diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 08bc03a5..95dcf0b5 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -69,8 +69,8 @@ parameters: default: 'localdomain' type: string description: > - The DNS domain used for the hosts. This should match the dhcp_domain - configured in the Undercloud neutron. Defaults to localdomain. + The DNS domain used for the hosts. This must match the + overcloud_domain_name configured on the undercloud. BlockStorageServerMetadata: default: {} description: > @@ -377,6 +377,7 @@ resources: properties: server: {get_resource: BlockStorage} RoleParameters: {get_param: RoleParameters} + deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -485,6 +486,9 @@ resources: NodeExtraConfig: depends_on: NodeTLSCAData type: OS::TripleO::NodeExtraConfig + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: BlockStorage} @@ -507,11 +511,21 @@ resources: - ['CREATE', 'UPDATE'] - [] + DeploymentActions: + type: OS::Heat::Value + properties: + value: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] + SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: BlockStorageDeployment properties: server: {get_resource: BlockStorage} + deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 3f596423..6674a8ac 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -75,8 +75,8 @@ parameters: default: 'localdomain' type: string description: > - The DNS domain used for the hosts. This should match the dhcp_domain - configured in the Undercloud neutron. Defaults to localdomain. + The DNS domain used for the hosts. This must match the + overcloud_domain_name configured on the undercloud. CephStorageServerMetadata: default: {} description: > @@ -383,6 +383,7 @@ resources: properties: server: {get_resource: CephStorage} RoleParameters: {get_param: RoleParameters} + deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -489,6 +490,9 @@ resources: CephStorageExtraConfigPre: depends_on: CephStorageDeployment type: OS::TripleO::CephStorageExtraConfigPre + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: CephStorage} @@ -497,6 +501,9 @@ resources: NodeExtraConfig: depends_on: [CephStorageExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: CephStorage} @@ -518,11 +525,21 @@ resources: - ['CREATE', 'UPDATE'] - [] + DeploymentActions: + type: OS::Heat::Value + properties: + value: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] + SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: CephStorageDeployment properties: server: {get_resource: CephStorage} + deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 8a3c487a..37eb98d1 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -90,8 +90,8 @@ parameters: default: 'localdomain' type: string description: > - The DNS domain used for the hosts. This should match the dhcp_domain - configured in the Undercloud neutron. Defaults to localdomain. + The DNS domain used for the hosts. This must match the + overcloud_domain_name configured on the undercloud. NovaComputeServerMetadata: default: {} description: > @@ -386,6 +386,7 @@ resources: properties: server: {get_resource: NovaCompute} RoleParameters: {get_param: RoleParameters} + deployment_actions: {get_attr: [DeploymentActions, value]} NetworkConfig: type: OS::TripleO::Compute::Net::SoftwareConfig @@ -512,6 +513,9 @@ resources: ComputeExtraConfigPre: depends_on: NovaComputeDeployment type: OS::TripleO::ComputeExtraConfigPre + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: NovaCompute} @@ -520,6 +524,9 @@ resources: NodeExtraConfig: depends_on: [ComputeExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: NovaCompute} @@ -542,11 +549,21 @@ resources: update_identifier: get_param: UpdateIdentifier + DeploymentActions: + type: OS::Heat::Value + properties: + value: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] + SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: NovaComputeDeployment properties: server: {get_resource: NovaCompute} + deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 6bc23669..01f54df0 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -104,8 +104,8 @@ parameters: default: 'localdomain' type: string description: > - The DNS domain used for the hosts. This should match the dhcp_domain - configured in the Undercloud neutron. Defaults to localdomain. + The DNS domain used for the hosts. This must match the + overcloud_domain_name configured on the undercloud. ControllerServerMetadata: default: {} description: > @@ -406,6 +406,7 @@ resources: properties: server: {get_resource: Controller} RoleParameters: {get_param: RoleParameters} + deployment_actions: {get_attr: [DeploymentActions, value]} NetworkConfig: type: OS::TripleO::Controller::Net::SoftwareConfig @@ -552,6 +553,9 @@ resources: ControllerExtraConfigPre: depends_on: ControllerDeployment type: OS::TripleO::ControllerExtraConfigPre + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: Controller} @@ -560,6 +564,9 @@ resources: NodeExtraConfig: depends_on: [ControllerExtraConfigPre, NodeTLSData] type: OS::TripleO::NodeExtraConfig + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: Controller} @@ -582,11 +589,21 @@ resources: update_identifier: get_param: UpdateIdentifier + DeploymentActions: + type: OS::Heat::Value + properties: + value: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] + SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: ControllerDeployment properties: server: {get_resource: Controller} + deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index c35bb250..e6348420 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -69,8 +69,8 @@ parameters: default: 'localdomain' type: string description: > - The DNS domain used for the hosts. This should match the dhcp_domain - configured in the Undercloud neutron. Defaults to localdomain. + The DNS domain used for the hosts. This must match the + overcloud_domain_name configured on the undercloud. SwiftStorageServerMetadata: default: {} description: > @@ -377,6 +377,7 @@ resources: properties: server: {get_resource: SwiftStorage} RoleParameters: {get_param: RoleParameters} + deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -485,6 +486,9 @@ resources: NodeExtraConfig: depends_on: NodeTLSCAData type: OS::TripleO::NodeExtraConfig + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: SwiftStorage} @@ -506,11 +510,21 @@ resources: - ['CREATE', 'UPDATE'] - [] + DeploymentActions: + type: OS::Heat::Value + properties: + value: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] + SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: SwiftStorageHieraDeploy properties: server: {get_resource: SwiftStorage} + deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index b7f47594..4911fbe9 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -85,8 +85,8 @@ parameters: default: 'localdomain' type: string description: > - The DNS domain used for the hosts. This should match the dhcp_domain - configured in the Undercloud neutron. Defaults to localdomain. + The DNS domain used for the hosts. This must match the + overcloud_domain_name configured on the undercloud. {{role}}ServerMetadata: default: {} description: > @@ -399,6 +399,7 @@ resources: properties: server: {get_resource: {{role}}} RoleParameters: {get_param: RoleParameters} + deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -511,6 +512,9 @@ resources: {{role}}ExtraConfigPre: depends_on: {{role}}Deployment type: OS::TripleO::{{role}}ExtraConfigPre + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: {{role}}} @@ -519,6 +523,9 @@ resources: NodeExtraConfig: depends_on: [{{role}}ExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: {{role}}} @@ -541,11 +548,21 @@ resources: - ['CREATE', 'UPDATE'] - [] + DeploymentActions: + type: OS::Heat::Value + properties: + value: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] + SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: {{role}}Deployment properties: server: {get_resource: {{role}}} + deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: diff --git a/releasenotes/notes/baremetal-role-34cb48cc30d7bdb4.yaml b/releasenotes/notes/baremetal-role-34cb48cc30d7bdb4.yaml new file mode 100644 index 00000000..51176426 --- /dev/null +++ b/releasenotes/notes/baremetal-role-34cb48cc30d7bdb4.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Add an example role ``roles/IronicConductor.yaml`` for a node with only + ironic-conductor and its (i)PXE service. diff --git a/roles/IronicConductor.yaml b/roles/IronicConductor.yaml new file mode 100644 index 00000000..8a29b337 --- /dev/null +++ b/roles/IronicConductor.yaml @@ -0,0 +1,21 @@ +############################################################################### +# Role: IronicConductor # +############################################################################### +- name: IronicConductor + description: | + Ironic Conductor node role + HostnameFormatDefault: '%stackname%-ironic-%index%' + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages diff --git a/sample-env-generator/README.rst b/sample-env-generator/README.rst index 71e9810a..32e94f98 100644 --- a/sample-env-generator/README.rst +++ b/sample-env-generator/README.rst @@ -19,10 +19,15 @@ target to do this:: ``tripleo-heat-templates`` project. If a new sample environment is needed, it should be added to the -``sample-env-generator/sample-environments.yaml`` file. The existing -entries in the file can be used as examples, and a more detailed +appropriate file in the ``sample-env-generator/`` directory. The existing +entries in the files can be used as examples, and a more detailed explanation of the different available keys is below: +Top-level: +- **environments**: This is the top-level key in the file. All other keys + below should appear in a list of dictionaries that define environments. + +Environment-specific: - **name**: the output file will be this name + .yaml, in the ``environments`` directory. - **title**: a human-readable title for the environment. @@ -52,6 +57,12 @@ explanation of the different available keys is below: - **resource_registry**: Many environments also need to pass resource_registry entries when they are used. This can be used to specify that in the configuration file. +- **children**: For environments that share a lot of common values but may + need minor variations for different use cases, sample environment entries + can be nested. ``children`` takes a list of environments with the same + structure as the top-level ``environments`` key. The main difference is + that all keys are optional, and any that are omitted will be inherited from + the parent environment definition. Some behavioral notes: diff --git a/sample-env-generator/networking.yaml b/sample-env-generator/networking.yaml new file mode 100644 index 00000000..ea7042b4 --- /dev/null +++ b/sample-env-generator/networking.yaml @@ -0,0 +1,32 @@ +environments: + - + name: networking/neutron-midonet + title: Enable the Neutron MidoNet Services + description: A Heat environment that can be used to deploy MidoNet Services + files: + puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml: + parameters: all + puppet/services/neutron-base.yaml: + parameters: + - NeutronCorePlugin + puppet/services/neutron-dhcp.yaml: + parameters: + - NeutronEnableIsolatedMetadata + sample_values: + NeutronCorePlugin: 'midonet.neutron.plugin_v1.MidonetPluginV2' + NeutronEnableIsolatedMetadata: true + EnableZookeeperOnController: true + EnableCassandraOnController: true + static: + - NeutronCorePlugin + - NeutronEnableIsolatedMetadata + - EnableZookeeperOnController + - EnableCassandraOnController + resource_registry: + OS::TripleO::AllNodesExtraConfig: ../../puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml + OS::TripleO::Controller::Net::SoftwareConfig: ../../net-config-linux-bridge.yaml + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginMidonet + OS::TripleO::Services::ComputeNeutronCorePlugin: ../../puppet/services/neutron-compute-plugin-midonet.yaml diff --git a/sample-env-generator/sample-environments.yaml b/sample-env-generator/predictable-placement.yaml index ffda7aca..ffda7aca 100644 --- a/sample-env-generator/sample-environments.yaml +++ b/sample-env-generator/predictable-placement.yaml diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml new file mode 100644 index 00000000..6963e842 --- /dev/null +++ b/sample-env-generator/ssl.yaml @@ -0,0 +1,459 @@ +environments: + - + name: ssl/enable-tls + title: Enable SSL on OpenStack Public Endpoints + description: | + Use this environment to pass in certificates for SSL deployments. + For these values to take effect, one of the tls-endpoints-*.yaml environments + must also be used. + files: + puppet/extraconfig/tls/tls-cert-inject.yaml: + parameters: all + static: + # This should probably be private, but for testing static params I'm + # setting it as such for now. + - DeployedSSLCertificatePath + sample_values: + SSLCertificate: |- + | + The contents of your certificate go here + SSLKey: |- + | + The contents of the private key go here + resource_registry: + OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml + - name: ssl/inject-trust-anchor + title: Inject SSL Trust Anchor on Overcloud Nodes + description: | + When using an SSL certificate signed by a CA that is not in the default + list of CAs, this environment allows adding a custom CA certificate to + the overcloud nodes. + files: + puppet/extraconfig/tls/ca-inject.yaml: + parameters: + - SSLRootCertificate + sample_values: + SSLRootCertificate: |- + | + The contents of your certificate go here + resource_registry: + OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml + children: + - name: ssl/inject-trust-anchor-hiera + files: + puppet/services/ca-certs.yaml: + parameters: + - CAMap + # Need to clear this so we don't inherit the parent registry + resource_registry: {} + sample_values: + CAMap: |-2 + + first-ca-name: + content: | + The content of the CA cert goes here + second-ca-name: + content: | + The content of the CA cert goes here + - + name: ssl/tls-endpoints-public-ip + title: Deploy Public SSL Endpoints as IP Addresses + description: | + Use this environment when deploying an SSL-enabled overcloud where the public + endpoint is an IP address. + files: + network/endpoints/endpoint_map.yaml: + parameters: + - EndpointMap + sample_values: + # NOTE(bnemec): This is a bit odd, but it's the only way I've found that + # works. The |-2 tells YAML to strip two spaces off the indentation of + # the value, which because it's indented six spaces gets us to the four + # that we actually want. Note that zero is not a valid value here, so + # two seemed like the most sane option. + EndpointMap: |-2 + + AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'} + BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'} + CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'} + CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} + CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'} + CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} + ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'} + GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'} + GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'} + HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'} + HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'} + HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'} + IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'} + IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} + IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} + IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'} + KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} + KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'} + ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'} + MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} + NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'} + NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'} + NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'} + NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'} + OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'} + PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'} + SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'} + SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} + TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'} + ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'} + - + name: ssl/tls-endpoints-public-dns + title: Deploy Public SSL Endpoints as DNS Names + description: | + Use this environment when deploying an SSL-enabled overcloud where the public + endpoint is a DNS name. + files: + network/endpoints/endpoint_map.yaml: + parameters: + - EndpointMap + sample_values: + # NOTE(bnemec): This is a bit odd, but it's the only way I've found that + # works. The |-2 tells YAML to strip two spaces off the indentation of + # the value, which because it's indented six spaces gets us to the four + # that we actually want. Note that zero is not a valid value here, so + # two seemed like the most sane option. + EndpointMap: |-2 + + AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'} + AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} + BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'} + BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} + CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} + CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} + CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} + GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} + GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} + GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} + HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'} + HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} + HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} + HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} + IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'} + IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} + IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} + IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'} + IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'} + KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'} + KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} + MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'} + MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} + NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} + NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} + NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} + NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} + PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} + SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} + SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + - + name: ssl/tls-everywhere-endpoints-dns + title: Deploy All SSL Endpoints as DNS Names + description: | + Use this environment when deploying an overcloud where all the endpoints are + DNS names and there's TLS in all endpoint types. + files: + network/endpoints/endpoint_map.yaml: + parameters: + - EndpointMap + sample_values: + # NOTE(bnemec): This is a bit odd, but it's the only way I've found that + # works. The |-2 tells YAML to strip two spaces off the indentation of + # the value, which because it's indented six spaces gets us to the four + # that we actually want. Note that zero is not a valid value here, so + # two seemed like the most sane option. + EndpointMap: |-2 + + AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} + AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} + AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} + BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} + BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'} + BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'} + CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} + CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} + CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} + CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} + CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} + CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} + CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} + Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} + Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} + GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} + GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} + GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} + GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} + GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} + HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} + HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} + HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} + HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} + HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} + HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} + IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} + IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} + IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} + IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'} + IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'} + IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'} + KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'} + KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} + ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} + MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'} + MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'} + MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'} + NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} + NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} + NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} + NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} + NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} + NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} + NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} + NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} + OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} + OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} + PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} + PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} + PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} + SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} + SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} + SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'} + TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'} + TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} diff --git a/sample-env-generator/storage.yaml b/sample-env-generator/storage.yaml new file mode 100644 index 00000000..aa0385cc --- /dev/null +++ b/sample-env-generator/storage.yaml @@ -0,0 +1,133 @@ +environments: + - + name: storage/enable-ceph + title: Enable Ceph Storage Backend + files: + puppet/services/cinder-volume.yaml: + parameters: + - CinderEnableIscsiBackend + - CinderEnableRbdBackend + puppet/services/cinder-backup.yaml: + parameters: + - CinderBackupBackend + puppet/services/nova-compute.yaml: + parameters: + - NovaEnableRbdBackend + puppet/services/glance-api.yaml: + parameters: + - GlanceBackend + puppet/services/gnocchi-api.yaml: + parameters: + - GnocchiBackend + sample_values: + CinderEnableIscsiBackend: False + CinderEnableRbdBackend: True + CinderBackupBackend: rbd + NovaEnableRbdBackend: True + GlanceBackend: rbd + GnocchiBackend: rbd + description: | + Include this environment to enable Ceph as the backend for + Cinder, Nova, Gnocchi, and Glance. + - + name: storage/cinder-nfs + title: Enable Cinder NFS Backend + files: + puppet/services/cinder-volume.yaml: + parameters: + - CinderNfsMountOptions + - CinderNfsServers + - CinderEnableNfsBackend + - CinderEnableIscsiBackend + sample_values: + CinderEnableNfsBackend: True + CinderEnableIscsiBackend: False + CinderNfsServers: '192.168.122.1:/export/cinder' + description: | + Configure and include this environment to enable the use of an NFS + share as the backend for Cinder. + - + name: storage/glance-nfs + title: Enable Glance NFS Backend + files: + puppet/services/glance-api.yaml: + parameters: + - GlanceBackend + - GlanceNfsEnabled + - GlanceNfsShare + - GlanceNfsOptions + sample_values: + GlanceBackend: file + GlanceNfsEnabled: True + static: + - GlanceBackend + - GlanceNfsEnabled + description: | + Configure and include this environment to enable the use of an NFS + share as the backend for Glance. + - + name: storage/external-ceph + title: Deploy Using an External Ceph Cluster + files: + puppet/services/nova-compute.yaml: + parameters: + - NovaRbdPoolName + - NovaEnableRbdBackend + - CephClientUserName + puppet/services/cinder-volume.yaml: + parameters: + - CinderRbdPoolName + - CinderEnableIscsiBackend + - CinderEnableRbdBackend + puppet/services/glance-api.yaml: + parameters: + - GlanceRbdPoolName + - GlanceBackend + puppet/services/gnocchi-api.yaml: + parameters: + - GnocchiBackend + puppet/services/gnocchi-base.yaml: + parameters: + - GnocchiRbdPoolName + puppet/services/ceph-external.yaml: + parameters: + - CephClusterFSID + - CephClientKey + - CephExternalMonHost + - RbdDefaultFeatures + puppet/services/ceph-base.yaml: + parameters: + - CephAdminKey + sample_values: + CinderEnableIscsiBackend: False + CinderEnableRbdBackend: True + NovaEnableRbdBackend: True + GlanceBackend: rbd + GnocchiBackend: rbd + NovaRbdPoolName: vms + CinderRbdPoolName: volumes + GlanceRbdPoolName: images + GnocchiRbdPoolName: metrics + CephClientUserName: openstack + CephAdminKey: '' + description: | + A Heat environment file which can be used to enable the + use of an externally managed Ceph cluster. + resource_registry: + OS::TripleO::Services::CephExternal: ../../puppet/services/ceph-external.yaml + OS::TripleO::Services::CephMon: OS::Heat::None + OS::TripleO::Services::CephClient: OS::Heat::None + OS::TripleO::Services::CephOSD: OS::Heat::None + - + name: storage/cinder-netapp-config + title: Enable the Cinder NetApp Backend + description: | + A Heat environment file which can be used to enable a + a Cinder NetApp backend, configured via puppet + files: + puppet/services/cinder-backend-netapp.yaml: + parameters: all + static: + - CinderEnableNetappBackend + resource_registry: + OS::TripleO::ControllerExtraConfigPre: ../../puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml diff --git a/test-requirements.txt b/test-requirements.txt index df5af85d..81136356 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -7,11 +7,11 @@ six>=1.9.0 # MIT sphinx!=1.6.1,>=1.5.1 # BSD oslosphinx>=4.7.0 # Apache-2.0 reno!=2.3.1,>=1.8.0 # Apache-2.0 -coverage>=4.0,!=4.4 # Apache-2.0 -fixtures>=3.0.0 # Apache-2.0/BSD -python-subunit>=0.0.18 # Apache-2.0/BSD -testrepository>=0.0.18 # Apache-2.0/BSD -testscenarios>=0.4 # Apache-2.0/BSD -testtools>=1.4.0 # MIT -mock>=2.0 # BSD -oslotest>=1.10.0 # Apache-2.0 +coverage!=4.4,>=4.0 # Apache-2.0 +fixtures>=3.0.0 # Apache-2.0/BSD +python-subunit>=0.0.18 # Apache-2.0/BSD +testrepository>=0.0.18 # Apache-2.0/BSD +testscenarios>=0.4 # Apache-2.0/BSD +testtools>=1.4.0 # MIT +mock>=2.0 # BSD +oslotest>=1.10.0 # Apache-2.0 diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 0fd4bcc3..ff215fba 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -20,8 +20,15 @@ import yaml required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords', 'RoleName', 'RoleParameters'] +# NOTE(bnemec): The duplication in this list is intentional. For the +# transition to generated environments we have two copies of these files, +# so they need to be listed twice. Once the deprecated version can be removed +# the duplicate entries can be as well. envs_containing_endpoint_map = ['tls-endpoints-public-dns.yaml', 'tls-endpoints-public-ip.yaml', + 'tls-everywhere-endpoints-dns.yaml', + 'tls-endpoints-public-dns.yaml', + 'tls-endpoints-public-ip.yaml', 'tls-everywhere-endpoints-dns.yaml'] ENDPOINT_MAP_FILE = 'endpoint_map.yaml' REQUIRED_DOCKER_SECTIONS = ['service_name', 'docker_config', 'puppet_config', @@ -292,9 +299,9 @@ if base_endpoint_map and \ else: print("%s matches base endpoint map" % env_endpoint_map['file']) else: - print("ERROR: Can't validate endpoint maps since a file is missing. " - "If you meant to delete one of these files you should update this " - "tool as well.") + print("ERROR: Did not find expected number of environments containing the " + "EndpointMap parameter. If you meant to add or remove one of these " + "environments then you also need to update this tool.") if not base_endpoint_map: failed_files.append(ENDPOINT_MAP_FILE) if len(env_endpoint_maps) != len(envs_containing_endpoint_map): @@ -31,4 +31,4 @@ commands = python setup.py test --coverage --coverage-package-name=tripleo_heat_ [testenv:genconfig] commands = python ./tools/process-templates.py - python ./tripleo_heat_templates/environment_generator.py sample-env-generator/sample-environments.yaml + python ./tripleo_heat_templates/environment_generator.py sample-env-generator/ diff --git a/tripleo_heat_templates/environment_generator.py b/tripleo_heat_templates/environment_generator.py index e2f48720..876dd854 100755 --- a/tripleo_heat_templates/environment_generator.py +++ b/tripleo_heat_templates/environment_generator.py @@ -22,7 +22,7 @@ import yaml _PARAM_FORMAT = u""" # %(description)s %(mandatory)s# Type: %(type)s - %(name)s: %(default)s + %(name)s:%(default)s """ _STATIC_MESSAGE_START = ( ' # ******************************************************\n' @@ -44,7 +44,14 @@ _FILE_HEADER = ( ) # Certain parameter names can't be changed, but shouldn't be shown because # they are never intended for direct user input. -_PRIVATE_OVERRIDES = ['server', 'servers', 'NodeIndex'] +_PRIVATE_OVERRIDES = ['server', 'servers', 'NodeIndex', 'DefaultPasswords'] +# Hidden params are not included by default when the 'all' option is used, +# but can be explicitly included by referencing them in sample_defaults or +# static. This allows us to generate sample environments using them when +# necessary, but they won't be improperly included by accident. +_HIDDEN_PARAMS = ['EndpointMap', 'RoleName', 'RoleParameters', + 'ServiceNetMap', + ] def _create_output_dir(target_file): @@ -61,9 +68,12 @@ def _generate_environment(input_env, parent_env=None): if parent_env is None: parent_env = {} env = dict(parent_env) + env.pop('children', None) env.update(input_env) parameter_defaults = {} param_names = [] + sample_values = env.get('sample_values', {}) + static_names = env.get('static', []) for template_file, template_data in env['files'].items(): with open(template_file) as f: f_data = yaml.safe_load(f) @@ -71,6 +81,10 @@ def _generate_environment(input_env, parent_env=None): parameter_defaults.update(f_params) if template_data['parameters'] == 'all': new_names = [k for k, v in f_params.items()] + for hidden in _HIDDEN_PARAMS: + if (hidden not in (static_names + sample_values.keys()) and + hidden in new_names): + new_names.remove(hidden) else: new_names = template_data['parameters'] missing_params = [name for name in new_names @@ -82,7 +96,6 @@ def _generate_environment(input_env, parent_env=None): env['name'])) param_names += new_names - static_names = env.get('static', []) static_defaults = {k: v for k, v in parameter_defaults.items() if k in param_names and k in static_names @@ -93,7 +106,8 @@ def _generate_environment(input_env, parent_env=None): not k.startswith('_') and k not in static_names } - for k, v in env.get('sample_values', {}).items(): + + for k, v in sample_values.items(): if k in parameter_defaults: parameter_defaults[k]['sample'] = v if k in static_defaults: @@ -108,17 +122,18 @@ def _generate_environment(input_env, parent_env=None): default = '<None>' if value.get('sample') is not None: default = value['sample'] + # We ultimately cast this to str for output anyway + default = str(default) if default == '': default = "''" - try: - # If the default value is something like %index%, yaml won't - # parse the output correctly unless we wrap it in quotes. - # However, not all default values can be wrapped so we need to - # do it conditionally. - if default.startswith('%'): - default = "'%s'" % default - except AttributeError: - pass + # If the default value is something like %index%, yaml won't + # parse the output correctly unless we wrap it in quotes. + # However, not all default values can be wrapped so we need to + # do it conditionally. + if default.startswith('%'): + default = "'%s'" % default + if not default.startswith('\n'): + default = ' ' + default values = {'name': name, 'type': value['type'], @@ -165,24 +180,32 @@ def _generate_environment(input_env, parent_env=None): _generate_environment(e, env) -def generate_environments(config_file): - with open(config_file) as f: - config = yaml.safe_load(f) - for env in config['environments']: - _generate_environment(env) +def generate_environments(config_path): + if os.path.isdir(config_path): + config_files = os.listdir(config_path) + config_files = [os.path.join(config_path, i) for i in config_files + if os.path.splitext(i)[1] == '.yaml'] + else: + config_files = [config_path] + for config_file in config_files: + print('Reading environment definitions from %s' % config_file) + with open(config_file) as f: + config = yaml.safe_load(f) + for env in config['environments']: + _generate_environment(env) def usage(exit_code=1): - print('Usage: %s <filename.yaml>' % sys.argv[0]) + print('Usage: %s [<filename.yaml> | <directory>]' % sys.argv[0]) sys.exit(exit_code) def main(): try: - config_file = sys.argv[1] + config_path = sys.argv[1] except IndexError: usage() - generate_environments(config_file) + generate_environments(config_path) if __name__ == '__main__': diff --git a/tripleo_heat_templates/tests/test_environment_generator.py b/tripleo_heat_templates/tests/test_environment_generator.py index d0a622da..94d13c71 100644 --- a/tripleo_heat_templates/tests/test_environment_generator.py +++ b/tripleo_heat_templates/tests/test_environment_generator.py @@ -34,6 +34,10 @@ parameters: default: 42 description: Bar description type: number + EndpointMap: + default: {} + description: Parameter that should not be included by default + type: json resources: # None ''' @@ -85,6 +89,7 @@ class GeneratorTestCase(base.BaseTestCase): ('basic', {'template': basic_template, 'exception': None, + 'nested_output': '', 'input_file': '''environments: - name: basic @@ -111,6 +116,7 @@ parameter_defaults: ('basic-one-param', {'template': basic_template, 'exception': None, + 'nested_output': '', 'input_file': '''environments: - name: basic @@ -134,6 +140,7 @@ parameter_defaults: ('basic-static-param', {'template': basic_template, 'exception': None, + 'nested_output': '', 'input_file': '''environments: - name: basic @@ -169,6 +176,7 @@ parameter_defaults: ('basic-static-param-sample', {'template': basic_template, 'exception': None, + 'nested_output': '', 'input_file': '''environments: - name: basic @@ -207,6 +215,7 @@ parameter_defaults: ('basic-private', {'template': basic_private_template, 'exception': None, + 'nested_output': '', 'input_file': '''environments: - name: basic @@ -229,6 +238,7 @@ parameter_defaults: ('mandatory', {'template': mandatory_template, 'exception': None, + 'nested_output': '', 'input_file': '''environments: - name: basic @@ -252,6 +262,7 @@ parameter_defaults: ('basic-sample', {'template': basic_template, 'exception': None, + 'nested_output': '', 'input_file': '''environments: - name: basic @@ -280,6 +291,7 @@ parameter_defaults: ('basic-resource-registry', {'template': basic_template, 'exception': None, + 'nested_output': '', 'input_file': '''environments: - name: basic @@ -307,9 +319,46 @@ resource_registry: OS::TripleO::FakeResource: fake-filename.yaml ''', }), + ('basic-hidden', + {'template': basic_template, + 'exception': None, + 'nested_output': '', + 'input_file': '''environments: + - + name: basic + title: Basic Environment + description: Basic description + files: + foo.yaml: + parameters: all + sample_values: + EndpointMap: |-2 + + foo: bar +''', + 'expected_output': '''# title: Basic Environment +# description: | +# Basic description +parameter_defaults: + # Bar description + # Type: number + BarParam: 42 + + # Parameter that should not be included by default + # Type: json + EndpointMap: + foo: bar + + # Foo description + # Type: string + FooParam: foo + +''', + }), ('missing-param', {'template': basic_template, 'exception': RuntimeError, + 'nested_output': '', 'input_file': '''environments: - name: basic @@ -325,6 +374,7 @@ resource_registry: ('percent-index', {'template': index_template, 'exception': None, + 'nested_output': '', 'input_file': '''environments: - name: basic @@ -344,9 +394,49 @@ parameter_defaults: ''', }), + ('nested', + {'template': multiline_template, + 'exception': None, + 'input_file': '''environments: + - + name: basic + title: Basic Environment + description: Basic description + files: + foo.yaml: + parameters: all + children: + - name: nested + title: Nested Environment + description: Nested description + sample_values: + FooParam: bar +''', + 'expected_output': '''# title: Basic Environment +# description: | +# Basic description +parameter_defaults: + # Parameter with + # multi-line description + # Type: string + FooParam: '' + +''', + 'nested_output': '''# title: Nested Environment +# description: | +# Nested description +parameter_defaults: + # Parameter with + # multi-line description + # Type: string + FooParam: bar + +''', + }), ('multi-line-desc', {'template': multiline_template, 'exception': None, + 'nested_output': '', 'input_file': '''environments: - name: basic @@ -381,7 +471,14 @@ parameter_defaults: fake_output = open(fake_output_path, 'w') with mock.patch('tripleo_heat_templates.environment_generator.open', create=True) as mock_open: - mock_open.side_effect = [fake_input, fake_template, fake_output] + mock_se = [fake_input, fake_template, fake_output] + if self.nested_output: + _, fake_nested_output_path = tempfile.mkstemp() + fake_nested_output = open(fake_nested_output_path, 'w') + fake_template2 = io.StringIO(six.text_type(self.template)) + mock_se = [fake_input, fake_template, fake_output, + fake_template2, fake_nested_output] + mock_open.side_effect = mock_se if not self.exception: environment_generator.generate_environments('ignored.yaml') else: @@ -392,5 +489,10 @@ parameter_defaults: expected = environment_generator._FILE_HEADER + self.expected_output with open(fake_output_path) as f: self.assertEqual(expected, f.read()) + if self.nested_output: + with open(fake_nested_output_path) as f: + expected = (environment_generator._FILE_HEADER + + self.nested_output) + self.assertEqual(expected, f.read()) GeneratorTestCase.generate_scenarios() |