diff options
27 files changed, 456 insertions, 494 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index 1af6be9e..35ff2daa 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -316,6 +316,10 @@ topics: title: Cinder Dell EMC Unity backend description: > Enables a Cinder Dell EMC Unity backend, + - file: environments/cinder-dellemc-vmax-iscsi-config.yaml + title: Cinder Dell EMC VMAX ISCSI backend + description: > + Enables a Cinder Dell EMC VMAX ISCSI backend, configured via puppet requires: - overcloud-resource-registry-puppet.yaml diff --git a/environments/cinder-dellemc-vmax-iscsi-config.yaml b/environments/cinder-dellemc-vmax-iscsi-config.yaml new file mode 100644 index 00000000..3832dada --- /dev/null +++ b/environments/cinder-dellemc-vmax-iscsi-config.yaml @@ -0,0 +1,9 @@ +# A Heat environment file which can be used to enable a +# Cinder Dell EMC VMAX backend, configured via puppet +resource_registry: + OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI: ../puppet/services/cinder-backend-dellemc-vmax-iscsi.yaml + +parameter_defaults: + CinderEnableDellEMCVMAXISCSIBackend: true + CinderDellEMCVMAXISCSIBackendName: 'tripleo_dellemc_vmax_iscsi' + CinderDellEMCVMAXISCSIConfigFile: '' diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml index 2fdecb4f..e85185d6 100644 --- a/environments/enable-internal-tls.yaml +++ b/environments/enable-internal-tls.yaml @@ -1,3 +1,7 @@ +# ******************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml +# instead. +# ******************************************************************************** # A Heat environment file which can be used to enable a # a TLS for in the internal network via certmonger parameter_defaults: diff --git a/environments/manila-cephfsnative-config-docker.yaml b/environments/manila-cephfsnative-config-docker.yaml new file mode 100644 index 00000000..8c822918 --- /dev/null +++ b/environments/manila-cephfsnative-config-docker.yaml @@ -0,0 +1,20 @@ +# EXPERIMENTAL: The configuration enabled by this environment +# is not considered production-ready. +# +# A Heat environment file which can be used to enable a +# a Manila CephFS Native driver backend. +resource_registry: + OS::TripleO::Services::ManilaApi: ../docker/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../docker/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::TripleO::Services::ManilaShare: ../docker/services/pacemaker/manila-share.yaml + OS::TripleO::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml + + +parameter_defaults: + ManilaCephFSNativeBackendName: cephfsnative + ManilaCephFSNativeDriverHandlesShareServers: false + ManilaCephFSNativeCephFSConfPath: '/etc/ceph/ceph.conf' + ManilaCephFSNativeCephFSAuthId: 'manila' + ManilaCephFSNativeCephFSClusterName: 'ceph' + ManilaCephFSNativeCephFSEnableSnapshots: false diff --git a/environments/manila-netapp-config-docker.yaml b/environments/manila-netapp-config-docker.yaml new file mode 100644 index 00000000..6db6dff4 --- /dev/null +++ b/environments/manila-netapp-config-docker.yaml @@ -0,0 +1,32 @@ +# EXPERIMENTAL: The configuration enabled by this environment +# is not considered production-ready. +# +# This environment file enables Manila with the Netapp backend. +resource_registry: + OS::TripleO::Services::ManilaApi: ../docker/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../docker/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::TripleO::Services::ManilaShare: ../docker/services/pacemaker/manila-share.yaml + OS::TripleO::Services::ManilaBackendNetapp: ../puppet/services/manila-backend-netapp.yaml + +parameter_defaults: + ManilaNetappBackendName: tripleo_netapp + ManilaNetappDriverHandlesShareServers: true + ManilaNetappLogin: '' + ManilaNetappPassword: '' + ManilaNetappServerHostname: '' + ManilaNetappTransportType: 'http' + ManilaNetappStorageFamily: 'ontap_cluster' + ManilaNetappServerPort: 80 + ManilaNetappVolumeNameTemplate: 'share_%(share_id)s' + ManilaNetappVserver: '' + ManilaNetappVserverNameTemplate: 'os_%s' + ManilaNetappLifNameTemplate: 'os_%(net_allocation_id)s' + ManilaNetappAggrNameSearchPattern: '(.*)' + ManilaNetappRootVolumeAggr: '' + ManilaNetappRootVolume: 'root' + ManilaNetappPortNameSearchPattern: '(.*)' + ManilaNetappTraceFlags: '' + ManilaNetappEnabledShareProtocols: 'nfs3, nfs4.0' + ManilaNetappVolumeSnapshotReservePercent: 5 + ManilaNetappSnapmirrorQuiesceTimeout: 3600 diff --git a/environments/network-environment-v6.yaml b/environments/network-environment-v6.yaml new file mode 100644 index 00000000..1617f897 --- /dev/null +++ b/environments/network-environment-v6.yaml @@ -0,0 +1,60 @@ +#This file is an example of an environment file for defining the isolated +#networks and related parameters. +resource_registry: + # Network Interface templates to use (these files must exist) + OS::TripleO::BlockStorage::Net::SoftwareConfig: + ../network/config/single-nic-vlans/cinder-storage.yaml + OS::TripleO::Compute::Net::SoftwareConfig: + ../network/config/single-nic-vlans/compute.yaml + OS::TripleO::Controller::Net::SoftwareConfig: + ../network/config/single-nic-vlans/controller.yaml + OS::TripleO::ObjectStorage::Net::SoftwareConfig: + ../network/config/single-nic-vlans/swift-storage.yaml + OS::TripleO::CephStorage::Net::SoftwareConfig: + ../network/config/single-nic-vlans/ceph-storage.yaml + +parameter_defaults: + # This section is where deployment-specific configuration is done + # CIDR subnet mask length for provisioning network + ControlPlaneSubnetCidr: '24' + # Gateway router for the provisioning network (or Undercloud IP) + ControlPlaneDefaultRoute: 192.168.24.254 + EC2MetadataIp: 192.168.24.1 # Generally the IP of the Undercloud + # Customize the IP subnets to match the local environment + InternalApiNetCidr: 'fd00:fd00:fd00:2000::/64' + StorageNetCidr: 'fd00:fd00:fd00:3000::/64' + StorageMgmtNetCidr: 'fd00:fd00:fd00:4000::/64' + # Tenant tunneling network is IPv4 until IPv6 is fully supported + TenantNetCidr: 172.16.0.0/24 + ExternalNetCidr: '2001:db8:fd00:1000::/64' + # Customize the VLAN IDs to match the local environment + InternalApiNetworkVlanID: 20 + StorageNetworkVlanID: 30 + StorageMgmtNetworkVlanID: 40 + TenantNetworkVlanID: 50 + ExternalNetworkVlanID: 10 + # Customize the IP ranges on each network to use for static IPs and VIPs + InternalApiAllocationPools: [{'start': 'fd00:fd00:fd00:2000::10', 'end': 'fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe'}] + StorageAllocationPools: [{'start': 'fd00:fd00:fd00:3000::10', 'end': 'fd00:fd00:fd00:3000:ffff:ffff:ffff:fffe'}] + StorageMgmtAllocationPools: [{'start': 'fd00:fd00:fd00:4000::10', 'end': 'fd00:fd00:fd00:4000:ffff:ffff:ffff:fffe'}] + TenantAllocationPools: [{'start': '172.16.0.10', 'end': '172.16.0.200'}] + # Leave room if the external network is also used for floating IPs + ExternalAllocationPools: [{'start': '2001:db8:fd00:1000::10', 'end': '2001:db8:fd00:1000:ffff:ffff:ffff:fffe'}] + # Gateway router for the external network + ExternalInterfaceDefaultRoute: '2001:db8:fd00:1000::1' + # Uncomment if using the Management Network (see network-management-v6.yaml) + # ManagementNetCidr: 'fd00:fd00:fd00:6000::/64' + # ManagementAllocationPools: [{'start': 'fd00:fd00:fd00:6000::10', 'end': 'fd00:fd00:fd00:6000:ffff:ffff:ffff:fffe'}] + # Use either this parameter or ControlPlaneDefaultRoute in the NIC templates + # ManagementInterfaceDefaultRoute: 'fd00:fd00:fd00:6000::1' + # Define the DNS servers (maximum 2) for the overcloud nodes + DnsServers: ["8.8.8.8","8.8.4.4"] + # List of Neutron network types for tenant networks (will be used in order) + NeutronNetworkType: 'vxlan,vlan' + # The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling. + NeutronTunnelTypes: 'vxlan' + # Neutron VLAN ranges per network, for example 'datacentre:1:499,tenant:500:1000': + NeutronNetworkVLANRanges: 'datacentre:1:1000' + # Customize bonding options, e.g. "mode=4 lacp_rate=1 updelay=1000 miimon=100" + # for Linux bonds w/LACP, or "bond_mode=active-backup" for OVS active/backup. + BondInterfaceOvsOptions: "bond_mode=active-backup" diff --git a/environments/ssl/enable-internal-tls.yaml b/environments/ssl/enable-internal-tls.yaml new file mode 100644 index 00000000..287ed19f --- /dev/null +++ b/environments/ssl/enable-internal-tls.yaml @@ -0,0 +1,36 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Enable SSL on OpenStack Internal Endpoints +# description: | +# A Heat environment file which can be used to enable TLS for the internal +# network via certmonger +parameter_defaults: + # ****************************************************** + # Static parameters - these are values that must be + # included in the environment but should not be changed. + # ****************************************************** + # + # Type: boolean + EnableInternalTLS: True + + # Rabbit client subscriber parameter to specify an SSL connection to the RabbitMQ host. + # Type: string + RabbitClientUseSSL: True + + # Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. + # Type: json + ServerMetadata: + ipa_enroll: True + + # ********************* + # End static parameters + # ********************* +resource_registry: + OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml + OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml + OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml + OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml diff --git a/j2_excludes.yaml b/j2_excludes.yaml index 74fb3bb1..71d3d6e8 100644 --- a/j2_excludes.yaml +++ b/j2_excludes.yaml @@ -5,9 +5,4 @@ # name: # - puppet/cephstorage-role.yaml name: - - network/internal_api_v6.yaml - - network/external_v6.yaml - - network/storage_v6.yaml - - network/storage_mgmt_v6.yaml - - network/tenant_v6.yaml - - network/management_v6.yaml + - None diff --git a/network/external_v6.yaml b/network/external_v6.yaml deleted file mode 100644 index 9d1c3d00..00000000 --- a/network/external_v6.yaml +++ /dev/null @@ -1,76 +0,0 @@ -heat_template_version: pike - -description: > - External network. Public traffic, Neutron l3router for floating IPs/SNAT, etc. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - ExternalNetCidr: - # OpenStack uses the EUI-64 address format, which requires a /64 prefix - default: '2001:db8:fd00:1000::/64' - description: Cidr for the external network. - type: string - ExternalNetValueSpecs: - default: {'provider:physical_network': 'external', 'provider:network_type': 'flat'} - description: Value specs for the external network. - type: json - ExternalNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - ExternalNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - ExternalNetName: - default: external - description: The name of the external network. - type: string - ExternalSubnetName: - default: external_subnet - description: The name of the external subnet in Neutron. - type: string - ExternalAllocationPools: - default: [{'start': '2001:db8:fd00:1000::10', 'end': '2001:db8:fd00:1000:ffff:ffff:ffff:fffe'}] - description: Ip allocation pool range for the external network. - type: json - IPv6AddressMode: - default: dhcpv6-stateful - description: Neutron subnet IPv6 address mode - type: string - IPv6RAMode: - default: dhcpv6-stateful - description: Neutron subnet IPv6 router advertisement mode - type: string - ExternalInterfaceDefaultRoute: - default: '2001:db8:fd00:1000::1' - description: default route for the external network - type: string - -resources: - ExternalNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: ExternalNetAdminStateUp} - name: {get_param: ExternalNetName} - shared: {get_param: ExternalNetShared} - value_specs: {get_param: ExternalNetValueSpecs} - - ExternalSubnet: - type: OS::Neutron::Subnet - properties: - ip_version: 6 - ipv6_address_mode: {get_param: IPv6AddressMode} - ipv6_ra_mode: {get_param: IPv6RAMode} - cidr: {get_param: ExternalNetCidr} - name: {get_param: ExternalSubnetName} - network: {get_resource: ExternalNetwork} - allocation_pools: {get_param: ExternalAllocationPools} - gateway_ip: {get_param: ExternalInterfaceDefaultRoute} - -outputs: - OS::stack_id: - description: Neutron external network - value: {get_resource: ExternalNetwork} - subnet_cidr: - value: {get_attr: [ExternalSubnet, cidr]} diff --git a/network/internal_api_v6.yaml b/network/internal_api_v6.yaml deleted file mode 100644 index 6a0912e2..00000000 --- a/network/internal_api_v6.yaml +++ /dev/null @@ -1,72 +0,0 @@ -heat_template_version: pike - -description: > - Internal API network. Used for most APIs, Database, RPC. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - InternalApiNetCidr: - # OpenStack uses the EUI-64 address format, which requires a /64 prefix - default: 'fd00:fd00:fd00:2000::/64' - description: Cidr for the internal_api network. - type: string - InternalApiNetValueSpecs: - default: {'provider:physical_network': 'internal_api', 'provider:network_type': 'flat'} - description: Value specs for the internal_api network. - type: json - InternalApiNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - InternalApiNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - InternalApiNetName: - default: internal_api - description: The name of the internal_api network. - type: string - InternalApiSubnetName: - default: internal_api_subnet - description: The name of the internal_api subnet in Neutron. - type: string - InternalApiAllocationPools: - default: [{'start': 'fd00:fd00:fd00:2000::10', 'end': 'fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe'}] - description: Ip allocation pool range for the internal_api network. - type: json - IPv6AddressMode: - default: dhcpv6-stateful - description: Neutron subnet IPv6 address mode - type: string - IPv6RAMode: - default: dhcpv6-stateful - description: Neutron subnet IPv6 router advertisement mode - type: string - -resources: - InternalApiNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: InternalApiNetAdminStateUp} - name: {get_param: InternalApiNetName} - shared: {get_param: InternalApiNetShared} - value_specs: {get_param: InternalApiNetValueSpecs} - - InternalApiSubnet: - type: OS::Neutron::Subnet - properties: - ip_version: 6 - ipv6_address_mode: {get_param: IPv6AddressMode} - ipv6_ra_mode: {get_param: IPv6RAMode} - cidr: {get_param: InternalApiNetCidr} - name: {get_param: InternalApiSubnetName} - network: {get_resource: InternalApiNetwork} - allocation_pools: {get_param: InternalApiAllocationPools} - gateway_ip: null - -outputs: - OS::stack_id: - description: Neutron internal network - value: {get_resource: InternalApiNetwork} - subnet_cidr: - value: {get_attr: [InternalApiSubnet, cidr]} diff --git a/network/network.j2 b/network/network.j2 new file mode 100644 index 00000000..61a5b57c --- /dev/null +++ b/network/network.j2 @@ -0,0 +1,105 @@ +heat_template_version: pike + +description: > + {{network.name}} network definition (automatically generated). + +parameters: + # the defaults here work for static IP assignment (IPAM) only + {{network.name}}NetCidr: +{%- if network.ipv6 or ipv6_override %} + default: "{{network.ipv6_subnet|default(network.ip_subnet|default(""))}}" +{%- else %} + default: "{{network.ip_subnet|default("")}}" +{%- endif %} + description: Cidr for the {{network.name_lower}} network. + type: string + {{network.name}}NetValueSpecs: + default: {'provider:physical_network': '{{network.name_lower}}', 'provider:network_type': 'flat'} + description: Value specs for the {{network.name_lower}} network. + type: json +{%- if not ":" in network.ip_subnet and not network.ipv6 and not ipv6_override %} + {{network.name}}NetEnableDHCP: + default: false + description: Whether to enable DHCP on the associated subnet (IPv4 only). + type: boolean +{%- endif %} + {{network.name}}NetAdminStateUp: + default: false + description: The admin state of the network. + type: boolean + {{network.name}}NetShared: + default: false + description: Whether this network is shared across all tenants. + type: boolean + {{network.name}}NetName: + default: {{network.name_lower}} + description: The name of the {{network.name_lower}} network. + type: string + {{network.name}}SubnetName: + default: {{network.name_lower}}_subnet + description: The name of the {{network.name_lower}} subnet in Neutron. + type: string + {{network.name}}AllocationPools: +{%- if ":" in network.ip_subnet or network.ipv6 or ipv6_override %} + default: {{network.ipv6_allocation_pools|default(network.allocation_pools|default([]))}} +{%- else %} + default: {{network.allocation_pools|default([])}} +{%- endif %} + description: Ip allocation pool range for the {{network.name_lower}} network. + type: json +{%- if ":" in network.ip_subnet or network.ipv6 or ipv6_override %} + IPv6AddressMode: + default: dhcpv6-stateful + description: Neutron subnet IPv6 address mode + type: string + IPv6RAMode: + default: dhcpv6-stateful + description: Neutron subnet IPv6 router advertisement mode + type: string +{%- endif %} + {{network.name}}InterfaceDefaultRoute: +{%- if network.ipv6 or ipv6_override %} + default: "{{network.gateway_ipv6|default(network.gateway_ip|default(''))}}" +{%- else %} + default: "{{network.gateway_ip|default('')}}" +{%- endif %} + description: default route for the {{network.name_lower}} network + type: string +{%- if network.vlan %} + {{network.name}}NetworkVlanID: + default: {{network.vlan}} + description: Vlan ID for the {{network.name}} network traffic. + type: number +{%- endif %} + +resources: + {{network.name}}Network: + type: OS::Neutron::Net + properties: + admin_state_up: {get_param: {{network.name}}NetAdminStateUp} + name: {get_param: {{network.name}}NetName} + shared: {get_param: {{network.name}}NetShared} + value_specs: {get_param: {{network.name}}NetValueSpecs} + + {{network.name}}Subnet: + type: OS::Neutron::Subnet + properties: +{%- if ":" in network.ip_subnet or network.ipv6 or ipv6_override %} + ip_version: 6 + ipv6_address_mode: {get_param: IPv6AddressMode} + ipv6_ra_mode: {get_param: IPv6RAMode} +{%- else %} + enable_dhcp: {get_param: {{network.name}}NetEnableDHCP} +{%- endif %} + cidr: {get_param: {{network.name}}NetCidr} + name: {get_param: {{network.name}}SubnetName} + network: {get_resource: {{network.name}}Network} + allocation_pools: {get_param: {{network.name}}AllocationPools} + gateway_ip: {get_param: {{network.name}}InterfaceDefaultRoute} + +outputs: + OS::stack_id: + description: {{network.name_lower}} network + value: {get_resource: {{network.name}}Network} + subnet_cidr: + value: {get_attr: [{{network.name}}Subnet, cidr]} diff --git a/network/network.network.j2.yaml b/network/network.network.j2.yaml index 29d58cd5..d9ff6169 100644 --- a/network/network.network.j2.yaml +++ b/network/network.network.j2.yaml @@ -1,91 +1 @@ -heat_template_version: pike - -description: > - {{network.name}} network definition (automatically generated). - -parameters: - # the defaults here work for static IP assignment (IPAM) only - {{network.name}}NetCidr: - default: {{network.ip_subnet|default("")}} - description: Cidr for the {{network.name_lower}} network. - type: string - {{network.name}}NetValueSpecs: - default: {'provider:physical_network': '{{network.name_lower}}', 'provider:network_type': 'flat'} - description: Value specs for the {{network.name_lower}} network. - type: json - {{network.name}}NetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - {{network.name}}NetEnableDHCP: - default: false - description: Whether to enable DHCP on the associated subnet. - type: boolean - {{network.name}}NetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - {{network.name}}NetName: - default: {{network.name_lower}} - description: The name of the {{network.name_lower}} network. - type: string - {{network.name}}SubnetName: - default: {{network.name_lower}}_subnet - description: The name of the {{network.name_lower}} subnet in Neutron. - type: string - {{network.name}}AllocationPools: - default: {{network.allocation_pools|default([])}} - description: Ip allocation pool range for the {{network.name_lower}} network. - type: json - {{network.name}}InterfaceDefaultRoute: - default: {{network.gateway_ip|default('""')}} - description: default route for the {{network.name_lower}} network - type: string -{%- if network.vlan %} - {{network.name}}NetworkVlanID: - default: {{network.vlan}} - description: Vlan ID for the {{network.name}} network traffic. - type: number -{%- endif %} -{%- if network.ipv6 %} - IPv6AddressMode: - default: dhcpv6-stateful - description: Neutron subnet IPv6 address mode - type: string - IPv6RAMode: - default: dhcpv6-stateful - description: Neutron subnet IPv6 router advertisement mode - type: string -{%- endif %} - -resources: - {{network.name}}Network: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: {{network.name}}NetAdminStateUp} - name: {get_param: {{network.name}}NetName} - shared: {get_param: {{network.name}}NetShared} - value_specs: {get_param: {{network.name}}NetValueSpecs} - - {{network.name}}Subnet: - type: OS::Neutron::Subnet - properties: - cidr: {get_param: {{network.name}}NetCidr} - name: {get_param: {{network.name}}SubnetName} - network: {get_resource: {{network.name}}Network} - allocation_pools: {get_param: {{network.name}}AllocationPools} - gateway_ip: {get_param: {{network.name}}InterfaceDefaultRoute} -{%- if network.ipv6 %} - ip_version: 6 - ipv6_address_mode: {get_param: IPv6AddressMode} - ipv6_ra_mode: {get_param: IPv6RAMode} -{%- else %} - enable_dhcp: {get_param: {{network.name}}NetEnableDHCP} -{%- endif %} - -outputs: - OS::stack_id: - description: {{network.name_lower}} network - value: {get_resource: {{network.name}}Network} - subnet_cidr: - value: {get_attr: [{{network.name}}Subnet, cidr]} +{% include 'network.j2' %} diff --git a/network/network_v6.network.j2.yaml b/network/network_v6.network.j2.yaml new file mode 100644 index 00000000..809d145c --- /dev/null +++ b/network/network_v6.network.j2.yaml @@ -0,0 +1,2 @@ +{% set ipv6_override = true -%} +{% include 'network.j2' %} diff --git a/network/storage_mgmt_v6.yaml b/network/storage_mgmt_v6.yaml deleted file mode 100644 index 7ed4c92e..00000000 --- a/network/storage_mgmt_v6.yaml +++ /dev/null @@ -1,72 +0,0 @@ -heat_template_version: pike - -description: > - Storage management network. Storage replication, etc. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - StorageMgmtNetCidr: - # OpenStack uses the EUI-64 address format, which requires a /64 prefix - default: 'fd00:fd00:fd00:4000::/64' - description: Cidr for the storage_mgmt network. - type: string - StorageMgmtNetValueSpecs: - default: {'provider:physical_network': 'storage_mgmt', 'provider:network_type': 'flat'} - description: Value specs for the storage_mgmt network. - type: json - StorageMgmtNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - StorageMgmtNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - StorageMgmtNetName: - default: storage_mgmt - description: The name of the storage_mgmt network. - type: string - StorageMgmtSubnetName: - default: storage_mgmt_subnet - description: The name of the storage_mgmt subnet in Neutron. - type: string - StorageMgmtAllocationPools: - default: [{'start': 'fd00:fd00:fd00:4000::10', 'end': 'fd00:fd00:fd00:4000:ffff:ffff:ffff:fffe'}] - description: Ip allocation pool range for the storage_mgmt network. - type: json - IPv6AddressMode: - default: dhcpv6-stateful - description: Neutron subnet IPv6 address mode - type: string - IPv6RAMode: - default: dhcpv6-stateful - description: Neutron subnet IPv6 router advertisement mode - type: string - -resources: - StorageMgmtNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: StorageMgmtNetAdminStateUp} - name: {get_param: StorageMgmtNetName} - shared: {get_param: StorageMgmtNetShared} - value_specs: {get_param: StorageMgmtNetValueSpecs} - - StorageMgmtSubnet: - type: OS::Neutron::Subnet - properties: - ip_version: 6 - ipv6_address_mode: {get_param: IPv6AddressMode} - ipv6_ra_mode: {get_param: IPv6RAMode} - cidr: {get_param: StorageMgmtNetCidr} - name: {get_param: StorageMgmtSubnetName} - network: {get_resource: StorageMgmtNetwork} - allocation_pools: {get_param: StorageMgmtAllocationPools} - gateway_ip: null - -outputs: - OS::stack_id: - description: Neutron storage management network - value: {get_resource: StorageMgmtNetwork} - subnet_cidr: - value: {get_attr: [StorageMgmtSubnet, cidr]} diff --git a/network/storage_v6.yaml b/network/storage_v6.yaml deleted file mode 100644 index 51edd4b3..00000000 --- a/network/storage_v6.yaml +++ /dev/null @@ -1,72 +0,0 @@ -heat_template_version: pike - -description: > - Storage network. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - StorageNetCidr: - # OpenStack uses the EUI-64 address format, which requires a /64 prefix - default: 'fd00:fd00:fd00:3000::/64' - description: Cidr for the storage network. - type: string - StorageNetValueSpecs: - default: {'provider:physical_network': 'storage', 'provider:network_type': 'flat'} - description: Value specs for the storage network. - type: json - StorageNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - StorageNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - StorageNetName: - default: storage - description: The name of the storage network. - type: string - StorageSubnetName: - default: storage_subnet - description: The name of the storage subnet in Neutron. - type: string - StorageAllocationPools: - default: [{'start': 'fd00:fd00:fd00:3000::10', 'end': 'fd00:fd00:fd00:3000:ffff:ffff:ffff:fffe'}] - description: Ip allocation pool range for the storage network. - type: json - IPv6AddressMode: - default: dhcpv6-stateful - description: Neutron subnet IPv6 address mode - type: string - IPv6RAMode: - default: dhcpv6-stateful - description: Neutron subnet IPv6 router advertisement mode - type: string - -resources: - StorageNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: StorageNetAdminStateUp} - name: {get_param: StorageNetName} - shared: {get_param: StorageNetShared} - value_specs: {get_param: StorageNetValueSpecs} - - StorageSubnet: - type: OS::Neutron::Subnet - properties: - ip_version: 6 - ipv6_address_mode: {get_param: IPv6AddressMode} - ipv6_ra_mode: {get_param: IPv6RAMode} - cidr: {get_param: StorageNetCidr} - name: {get_param: StorageSubnetName} - network: {get_resource: StorageNetwork} - allocation_pools: {get_param: StorageAllocationPools} - gateway_ip: null - -outputs: - OS::stack_id: - description: Neutron storage network - value: {get_resource: StorageNetwork} - subnet_cidr: - value: {get_attr: [StorageSubnet, cidr]} diff --git a/network/tenant_v6.yaml b/network/tenant_v6.yaml deleted file mode 100644 index 9f139cb1..00000000 --- a/network/tenant_v6.yaml +++ /dev/null @@ -1,72 +0,0 @@ -heat_template_version: pike - -description: > - Tenant IPv6 network. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - TenantNetCidr: - # OpenStack uses the EUI-64 address format, which requires a /64 prefix - default: 'fd00:fd00:fd00:5000::/64' - description: Cidr for the tenant network. - type: string - TenantNetValueSpecs: - default: {'provider:physical_network': 'tenant', 'provider:network_type': 'flat'} - description: Value specs for the tenant network. - type: json - TenantNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - TenantNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - TenantNetName: - default: tenant - description: The name of the tenant network. - type: string - TenantSubnetName: - default: tenant_subnet - description: The name of the tenant subnet in Neutron. - type: string - TenantAllocationPools: - default: [{'start': 'fd00:fd00:fd00:5000::10', 'end': 'fd00:fd00:fd00:5000:ffff:ffff:ffff:fffe'}] - description: Ip allocation pool range for the tenant network. - type: json - IPv6AddressMode: - default: dhcpv6-stateful - description: Neutron subnet IPv6 address mode - type: string - IPv6RAMode: - default: dhcpv6-stateful - description: Neutron subnet IPv6 router advertisement mode - type: string - -resources: - TenantNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: TenantNetAdminStateUp} - name: {get_param: TenantNetName} - shared: {get_param: TenantNetShared} - value_specs: {get_param: TenantNetValueSpecs} - - TenantSubnet: - type: OS::Neutron::Subnet - properties: - ip_version: 6 - ipv6_address_mode: {get_param: IPv6AddressMode} - ipv6_ra_mode: {get_param: IPv6RAMode} - cidr: {get_param: TenantNetCidr} - name: {get_param: TenantSubnetName} - network: {get_resource: TenantNetwork} - allocation_pools: {get_param: TenantAllocationPools} - gateway_ip: null - -outputs: - OS::stack_id: - description: Neutron tenant network - value: {get_resource: TenantNetwork} - subnet_cidr: - value: {get_attr: [TenantSubnet, cidr]} diff --git a/network_data.yaml b/network_data.yaml index 6ad37dfe..fed11576 100644 --- a/network_data.yaml +++ b/network_data.yaml @@ -6,19 +6,22 @@ # name_lower: lowercase version of name used for filenames # (optional, defaults to name.lower()) # enabled: Is the network enabled (optional, defaults to true) -# ipv6: Does this network use IPv6 IPs? (optional, defaults to false) -# (optional, may use parameter defaults in environment to set) # vlan: vlan for the network (optional) # vip: Enable creation of a virtual IP on this network -# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports, -# to support VIPs on non-default networks. -# See https://bugs.launchpad.net/tripleo/+bug/1667104 -# ip_subnet: IP/CIDR, e.g. '192.168.24.0/24' (optional, may use parameter defaults) -# allocation_pools: IP range list e.g. [{'start':'10.0.0.4', 'end':'10.0.0.250}] +# ip_subnet: IP/CIDR, e.g. '192.168.24.0/24' or '2001:db8:fd00:1000::/64' +# (optional, may use parameter defaults instead) +# allocation_pools: IP range list e.g. [{'start':'10.0.0.4', 'end':'10.0.0.250'}] # gateway_ip: gateway for the network (optional, may use parameter defaults) -# NOTE: IP-related values set parameter defaults in templates, may be overridden. -# compat_name: for existing stack you may need to override the default transformation -# for the resource's name. +# ipv6_subnet: Optional, sets default IPv6 subnet if IPv4 is already defined. +# ipv6_allocation_pools: Set default IPv6 allocation pools if IPv4 allocation pools +# are already defined. +# ipv6_gateway: Set an IPv6 gateway if IPv4 gateway already defined. +# ipv6: If ip_subnet not defined, this specifies that the network is IPv6-only. +# NOTE: IP-related values set parameter defaults in templates, may be overridden, +# either by operators, or e.g in environments/network-isolation-v6.yaml where we +# set some default IPv6 addresses. +# compat_name: for existing stack you may need to override the default +# transformation for the resource's name. # # Example: # - name Example @@ -27,8 +30,17 @@ # allocation_pools: [{'start': '10.0.2.4', 'end': '10.0.2.250'}] # gateway_ip: '10.0.2.254' # -# TODO (dsneddon) remove existing templates from j2_excludes.yaml -# and generate all templates dynamically. +# To support backward compatility, two versions of the network definitions will +# be created, network/<network>.yaml and network/<network>_v6.yaml. Only +# one of these files may be used in the deployment at a time, since the +# parameters used for configuration are the same in both files. In the +# future, this behavior may be changed to create only one file for custom +# networks. You may specify IPv6 addresses for ip_subnet, allocation_pools, +# and gateway_ip if no IPv4 addresses are used for a custom network, or set +# ipv6: true, and the network/<network>.yaml file will be configured as IPv6. +# +# For configuring both IPv4 and IPv6 on the same interface, use two separate +# networks, and then assign both IPs in the custom NIC configuration templates. - name: External vip: true @@ -36,27 +48,38 @@ ip_subnet: '10.0.0.0/24' allocation_pools: [{'start': '10.0.0.4', 'end': '10.0.0.250'}] gateway_ip: '10.0.0.1' + ipv6_subnet: '2001:db8:fd00:1000::/64' + ipv6_allocation_pools: [{'start': '2001:db8:fd00:1000::10', 'end': '2001:db8:fd00:1000:ffff:ffff:ffff:fffe'}] + gateway_ipv6: '2001:db8:fd00:1000::1' - name: InternalApi name_lower: internal_api vip: true ip_subnet: '172.16.2.0/24' allocation_pools: [{'start': '172.16.2.4', 'end': '172.16.2.250'}] + ipv6_subnet: 'fd00:fd00:fd00:2000::/64' + ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:2000::10', 'end': 'fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe'}] compat_name: Internal - name: Storage vip: true name_lower: storage ip_subnet: '172.16.1.0/24' allocation_pools: [{'start': '172.16.1.4', 'end': '172.16.1.250'}] + ipv6_subnet: 'fd00:fd00:fd00:3000::/64' + ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:3000::10', 'end': 'fd00:fd00:fd00:3000:ffff:ffff:ffff:fffe'}] - name: StorageMgmt name_lower: storage_mgmt vip: true ip_subnet: '172.16.3.0/24' allocation_pools: [{'start': '172.16.3.4', 'end': '172.16.3.250'}] + ipv6_subnet: 'fd00:fd00:fd00:4000::/64' + ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:4000::10', 'end': 'fd00:fd00:fd00:4000:ffff:ffff:ffff:fffe'}] - name: Tenant vip: false # Tenant network does not use VIPs name_lower: tenant ip_subnet: '172.16.0.0/24' allocation_pools: [{'start': '172.16.0.4', 'end': '172.16.0.250'}] + ipv6_subnet: 'fd00:fd00:fd00:5000::/64' + ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:5000::10', 'end': 'fd00:fd00:fd00:5000:ffff:ffff:ffff:fffe'}] - name: Management # Management network is disabled by default enabled: false @@ -64,3 +87,5 @@ name_lower: management ip_subnet: '10.0.1.0/24' allocation_pools: [{'start': '10.0.1.4', 'end': '10.0.1.250'}] + ipv6_subnet: 'fd00:fd00:fd00:6000::/64' + ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:6000::10', 'end': 'fd00:fd00:fd00:6000:ffff:ffff:ffff:fffe'}] diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 0fa0a9fe..b8819e74 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -267,6 +267,7 @@ resource_registry: OS::TripleO::Services::CinderBackendDellPs: OS::Heat::None OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None OS::TripleO::Services::CinderBackendDellEMCUnity: OS::Heat::None + OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI: OS::Heat::None OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None OS::TripleO::Services::CinderBackendScaleIO: OS::Heat::None OS::TripleO::Services::CinderBackendVRTSHyperScale: OS::Heat::None diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index 2514f809..d621244e 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -70,17 +70,14 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json -{%- endfor %} - controllerExtraConfig: - default: {} - description: | - DEPRECATED use ControllerExtraConfig instead - type: json - NovaComputeExtraConfig: +{%- if role.deprecated_param_extraconfig is defined %} + {{role.deprecated_param_extraconfig}}: default: {} description: | - DEPRECATED use ComputeExtraConfig instead + DEPRECATED use {{role.name}}ExtraConfig instead type: json +{%- endif %} +{%- endfor %} NeutronControlPlaneID: default: 'ctlplane' type: string @@ -231,7 +228,7 @@ parameters: List of server hostnames to blacklist from any triggered deployments. {% for role in roles %} -{%- if role.deprecated_param_scheduler_hints is defined %} +{%- if role.deprecated_param_scheduler_hints is defined or role.deprecated_param_extraconfig is defined %} {%- if not parameter_groups_defined|default(false) %} parameter_groups: - label: deprecated @@ -239,8 +236,13 @@ parameter_groups: parameters: {%- set parameter_groups_defined = true %} {%- endif %} +{%- endif %} +{%- if role.deprecated_param_scheduler_hints is defined %} - {{role.deprecated_param_scheduler_hints}} {%- endif %} +{%- if role.deprecated_param_extraconfig is defined %} + - {{role.deprecated_param_extraconfig}} +{%- endif %} {%- endfor %} conditions: @@ -421,17 +423,10 @@ resources: map_merge: - get_attr: [{{role.name}}ServiceConfigSettings, value] - get_param: ExtraConfig - {%- if role.name == 'Controller' %} - - map_merge: - - get_param: controllerExtraConfig - - get_param: {{role.name}}ExtraConfig - {%- elif role.name == 'Compute' %} - - map_merge: - - get_param: NovaComputeExtraConfig - - get_param: {{role.name}}ExtraConfig - {%- else %} +{%- if role.deprecated_param_extraconfig is defined %} + - get_param: {{role.deprecated_param_extraconfig}} +{%- endif %} - get_param: {{role.name}}ExtraConfig - {%- endif %} # Filter any null/None service_names which may be present due to mapping # of services to OS::Heat::None diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index f58f7409..15da1773 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -105,6 +105,11 @@ parameters: description: DEPRECATED - use {{role.name}}IPs instead type: json {%- endif %} + {{role.name}}NetworkDeploymentActions: + type: comma_delimited_list + description: > + Heat action when to apply network configuration changes + default: [] NetworkDeploymentActions: type: comma_delimited_list description: > @@ -265,6 +270,11 @@ conditions: - {get_param: {{role.deprecated_param_flavor}}} - {{default_flavor_name}} {%- endif %} + role_network_deployment_actions_exists: + not: + equals: + - {get_param: {{role.name}}NetworkDeploymentActions} + - [] resources: {{server_resource_name}}: @@ -490,7 +500,10 @@ resources: actions: if: - server_not_blacklisted - - {get_param: NetworkDeploymentActions} + - if: + - role_network_deployment_actions_exists + - {get_param: {{role.name}}NetworkDeploymentActions} + - {get_param: NetworkDeploymentActions} - [] {{server_resource_name}}UpgradeInitConfig: diff --git a/puppet/services/cinder-backend-dellemc-vmax-iscsi.yaml b/puppet/services/cinder-backend-dellemc-vmax-iscsi.yaml new file mode 100644 index 00000000..1a3beab5 --- /dev/null +++ b/puppet/services/cinder-backend-dellemc-vmax-iscsi.yaml @@ -0,0 +1,65 @@ +# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: pike + +description: > + Openstack Cinder Dell EMC VMAX iscsi backend + +parameters: + CinderEnableDellEMCVMAXISCSIBackend: + type: boolean + default: true + CinderDellEMCVMAXISCSIBackendName: + type: string + default: 'tripleo_dellemc_vmax_iscsi' + CinderDellEMCVMAXISCSIConfigFile: + type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Dell EMC VMAX iscsi backend. + value: + service_name: cinder_backend_dellemc_vmax_iscsi + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_dellemc_vmax_iscsi_backend: {get_param: CinderEnableDellEMCVMAXISCSIBackend} + cinder::backend::dell_emc_vmax_iscsi::volume_backend_name: {get_param: CinderDellEMCVMAXISCSIBackendName} + cinder::backend::dell_emc_vmax_iscsi::cinder_emc_config_file: {get_param: CinderDellEMCVMAXISCSIConfigFile} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/releasenotes/notes/ipv6_defaults-7dbb62113f4e5084.yaml b/releasenotes/notes/ipv6_defaults-7dbb62113f4e5084.yaml new file mode 100644 index 00000000..bbc67563 --- /dev/null +++ b/releasenotes/notes/ipv6_defaults-7dbb62113f4e5084.yaml @@ -0,0 +1,10 @@ +--- +other: + - | + Network templates are now rendered with jinja2 based on network_data.yaml. + The only required parameter for each network is the name, optional params + will populate the defaults in the network template. Network templates + will be generated for both IPv4 and IPv6 versions of the networks, setting + ipv6: true on the network will generate only IPv6 templates. An example for + overriding default IP addresses for IPv6 has been added in + environments/network-environment-v6.yaml. diff --git a/releasenotes/notes/vmax_cinder_a6672898724a11e7.yaml b/releasenotes/notes/vmax_cinder_a6672898724a11e7.yaml new file mode 100644 index 00000000..e6eb7497 --- /dev/null +++ b/releasenotes/notes/vmax_cinder_a6672898724a11e7.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Add support for Dell EMC VMAX Iscsi cinder driver diff --git a/roles/Controller.yaml b/roles/Controller.yaml index 8f5e0cc8..e10ff859 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -47,6 +47,7 @@ - OS::TripleO::Services::CinderBackendDellPs - OS::TripleO::Services::CinderBackendDellSc - OS::TripleO::Services::CinderBackendDellEMCUnity + - OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO - OS::TripleO::Services::CinderBackendVRTSHyperScale diff --git a/roles_data.yaml b/roles_data.yaml index dcb66af3..6c2a8ebd 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -50,6 +50,7 @@ - OS::TripleO::Services::CinderBackendDellPs - OS::TripleO::Services::CinderBackendDellSc - OS::TripleO::Services::CinderBackendDellEMCUnity + - OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO - OS::TripleO::Services::CinderBackendVRTSHyperScale diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml index 4e59d53b..43a1afc1 100644 --- a/sample-env-generator/ssl.yaml +++ b/sample-env-generator/ssl.yaml @@ -22,6 +22,40 @@ environments: The contents of the private key go here resource_registry: OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml + - + name: ssl/enable-internal-tls + title: Enable SSL on OpenStack Internal Endpoints + description: | + A Heat environment file which can be used to enable TLS for the internal + network via certmonger + files: + puppet/all-nodes-config.yaml: + parameters: + - EnableInternalTLS + puppet/services/nova-base.yaml: + parameters: + - RabbitClientUseSSL + overcloud.yaml: + parameters: + - ServerMetadata + static: + - EnableInternalTLS + - RabbitClientUseSSL + - ServerMetadata + sample_values: + EnableInternalTLS: True + RabbitClientUseSSL: True + ServerMetadata: |-2 + + ipa_enroll: True + resource_registry: + OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml + OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml + # We use apache as a TLS proxy + OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml + # Creates nova metadata that will create the extra service principals per + # node. + OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml - name: ssl/inject-trust-anchor title: Inject SSL Trust Anchor on Overcloud Nodes description: | diff --git a/tripleo_heat_templates/environment_generator.py b/tripleo_heat_templates/environment_generator.py index f1469390..e13690dd 100755 --- a/tripleo_heat_templates/environment_generator.py +++ b/tripleo_heat_templates/environment_generator.py @@ -159,7 +159,7 @@ def _generate_environment(input_env, parent_env=None): for line in env_desc.splitlines(): env_file.write(u'# %s\n' % line) - if parameter_defaults: + if parameter_defaults or static_defaults: env_file.write(u'parameter_defaults:\n') for name, value in sorted(parameter_defaults.items()): write_sample_entry(env_file, name, value) |