diff options
112 files changed, 1187 insertions, 438 deletions
@@ -113,13 +113,13 @@ and should be executed according to the following table: +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ | swift | | X | | | X | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ -| aodh | X | | | | | | +| aodh | X | X | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ -| ceilometer | X | | | | | | +| ceilometer | X | X | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ -| gnocchi | X | | | | | | +| gnocchi | rbd | swift | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ -| panko | X | | | | | | +| panko | X | X | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ | barbican | | X | | | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ diff --git a/capabilities-map.yaml b/capabilities-map.yaml index decac6bb..fdf2ad63 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -10,13 +10,13 @@ # environment_groups: (required) # environment_groups: -# Identifies an environment choice. If group includes multiple environments it -# indicates that environments in group are mutually exclusive. +# Identifies a group of environments. # Attributes: # title: (optional) # description: (optional) # tags: a list of tags to provide additional information for e.g. filtering (optional) # environments: (required) +# mutually_exclusive: (optional) boolean to identify that environments in group are mutually exclusive # environments: # List of environments in environment group @@ -25,149 +25,37 @@ # title: (required) # description: (optional) # requires: an array of environments which are required by this environment (optional) -# resource_registry: [tbd] (optional) - -# resource_registry: -# [tbd] Each environment can provide options on resource_registry level applicable -# only when that given environment is used. (resource_type of that environment can -# be implemented using multiple templates). topics: - - title: Base Resources Configuration + - title: General Deployment Options description: environment_groups: - - title: - description: Enable base configuration for all resources required for OpenStack Deployment + - name: general-deployment-options + title: + description: Enables base configuration for all resources required for OpenStack Deployment environments: - file: overcloud-resource-registry-puppet.yaml title: Base resources configuration description: - - - title: Deployment Options - description: - environment_groups: - - title: High Availability - description: Enables configuration of an Overcloud controller with Pacemaker - environments: - - file: environments/puppet-pacemaker.yaml - title: Pacemaker - description: Enable configuration of an Overcloud controller with Pacemaker - requires: - - overcloud-resource-registry-puppet.yaml - - title: Pacemaker options - description: - environments: - - file: environments/puppet-pacemaker-no-restart.yaml - title: Pacemaker No Restart - description: - requires: - - environments/puppet-pacemaker.yaml - - overcloud-resource-registry-puppet.yaml - - title: Docker RDO + - title: Containerized Deployment description: > - Docker container with heat agents for containerized compute node + Configures Deployment to use containerized services environments: - file: environments/docker.yaml - title: Docker RDO + title: Containerized Deployment description: requires: - overcloud-resource-registry-puppet.yaml - - title: Enable TLS - description: > - environments: - - file: environments/enable-tls.yaml - title: TLS - description: > - Use this option to pass in certificates for SSL deployments. - For these values to take effect, one of the TLS endpoints - environments must also be used. - requires: - - overcloud-resource-registry-puppet.yaml - - title: TLS Endpoints - description: > - environments: - - file: environments/tls-endpoints-public-dns.yaml - title: SSL-enabled deployment with DNS name as public endpoint - description: > - Use this environment when deploying an SSL-enabled overcloud where the public - endpoint is a DNS name. - requires: - - environments/enable-tls.yaml - - overcloud-resource-registry-puppet.yaml - - file: environments/tls-endpoints-public-ip.yaml - title: SSL-enabled deployment with IP address as public endpoint - description: > - Use this environment when deploying an SSL-enabled overcloud where the public - endpoint is an IP address. - requires: - - environments/enable-tls.yaml - - overcloud-resource-registry-puppet.yaml - - title: External load balancer - description: > - Enable external load balancer - environments: - - file: environments/external-loadbalancer-vip-v6.yaml - title: External load balancer IPv6 - description: > - requires: - - overcloud-resource-registry-puppet.yaml - - file: environments/external-loadbalancer-vip.yaml - title: External load balancer IPv4 - description: > - requires: - - overcloud-resource-registry-puppet.yaml - - - title: Additional Services - description: Deploy additional Overcloud services - environment_groups: - - title: Manila - description: - environments: - - file: environments/manila-generic-config.yaml - title: Manila - description: Enable Manila generic driver backend - requires: - - overcloud-resource-registry-puppet.yaml - - title: Sahara - description: - environments: - - file: environments/services/sahara.yaml - title: Sahara - description: Deploy Sahara service - requires: - - overcloud-resource-registry-puppet.yaml - - title: Ironic - description: - environments: - - file: environments/services/ironic.yaml - title: Ironic - description: Deploy Ironic service - requires: - - overcloud-resource-registry-puppet.yaml - - title: Mistral - description: - environments: - - file: environments/services/mistral.yaml - title: Mistral - description: Deploy Mistral service - requires: - - overcloud-resource-registry-puppet.yaml - - title: Ceilometer Api - description: + - title: High Availability + description: Enables configuration of an Overcloud Controller with Pacemaker environments: - - file: environments/services/disable-ceilometer-api.yaml - title: Ceilometer Api - description: Disable Ceilometer Api service. This service is - deprecated and will be removed in future releases. Please move - to using gnocchi/aodh/panko apis instead. + - file: environments/puppet-pacemaker.yaml + title: High Availability (Pacemaker) + description: requires: - overcloud-resource-registry-puppet.yaml - # - title: Network Interface Configuration - # description: - # environment_groups: - - - title: Overlay Network Configuration + - title: Network Configuration description: environment_groups: - title: Network Isolation @@ -189,10 +77,12 @@ topics: to that role) on these networks. requires: - overcloud-resource-registry-puppet.yaml - - title: Single NIC or Bonding + mutually_exclusive: true + - title: NICs, Bonding, VLANs Configuration description: > - Configure roles to use pair of bonded nics or to use Vlans on a - single nic. This option assumes use of Network Isolation. + Choose one of the pre-defined configurations or provide custom + network-environment.yaml instead. Note that pre-defined configuration work + only with standard Roles and Networks. These options assume use of Network Isolation. environments: - file: environments/net-bond-with-vlans.yaml title: Bond with Vlans @@ -202,7 +92,6 @@ topics: for each role. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-bond-with-vlans-no-external.yaml title: Bond with Vlans No External Ports description: > @@ -212,7 +101,6 @@ topics: Sets external ports to noop. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-bond-with-vlans-v6.yaml title: Bond with Vlans IPv6 description: > @@ -222,7 +110,6 @@ topics: This option assumes use of Network Isolation IPv6. requires: - environments/network-isolation-v6.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-multiple-nics.yaml title: Multiple NICs description: > @@ -231,7 +118,6 @@ topics: This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-multiple-nics-v6.yaml title: Multiple NICs IPv6 description: > @@ -240,7 +126,6 @@ topics: This option assumes use of Network Isolation IPv6. requires: - environments/network-isolation-v6.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans.yaml title: Single NIC with Vlans description: > @@ -248,7 +133,6 @@ topics: each isolated network. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans-no-external.yaml title: Single NIC with Vlans No External Ports description: > @@ -257,7 +141,6 @@ topics: Sets external ports to noop. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-linux-bridge-with-vlans.yaml title: Single NIC with Linux Bridge Vlans description: > @@ -265,7 +148,6 @@ topics: each isolated network. This option assumes use of Network Isolation. requires: - environments/network-isolation.yaml - - overcloud-resource-registry-puppet.yaml - file: environments/net-single-nic-with-vlans-v6.yaml title: Single NIC with Vlans IPv6 description: > @@ -274,7 +156,7 @@ topics: This option assumes use of Network Isolation IPv6 requires: - environments/network-isolation-v6.yaml - - overcloud-resource-registry-puppet.yaml + mutually_exclusive: true - title: Management Network description: > Enable the creation of a system management network. This @@ -292,6 +174,35 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml + mutually_exclusive: true + + - title: Docker Network + description: > + [Temporary] Use this option when deploying containerized deployment + without network isolation + environments: + - file: environments/docker-network.yaml + title: Docker network + description: + requires: + - environments/docker.yaml + + - title: External load balancer + description: > + Enable external load balancer, requires network Isolation to be enabled. + Note that this option assumes standard isolated networks set. + environments: + - file: environments/external-loadbalancer-vip.yaml + title: External load balancer IPv4 + description: > + requires: + - environments/network-isolation.yaml + - file: environments/external-loadbalancer-vip-v6.yaml + title: External load balancer IPv6 + description: > + requires: + - environments/network-isolation-v6.yaml + mutually_exclusive: true - title: Neutron Plugin Configuration description: @@ -327,8 +238,8 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml - - file: environments/neutron-midonet.yaml - title: Deploy MidoNet Services + - file: environments/networking/neutron-midonet.yaml + title: Neutron MidoNet Services description: requires: - overcloud-resource-registry-puppet.yaml @@ -378,34 +289,10 @@ topics: requires: - overcloud-resource-registry-puppet.yaml - - title: Nova Extensions - description: - environment_groups: - - title: Nova Extensions - description: - environments: - - file: environments/nova-nuage-config.yaml - title: Nuage backend - description: > - Enables Nuage backend on the Compute - requires: - - overcloud-resource-registry-puppet.yaml - - title: Storage description: environment_groups: - - title: Cinder backup service - description: - environments: - - file: environments/cinder-backup.yaml - title: Cinder backup service - description: > - OpenStack Cinder Backup service with Pacemaker configured - with Puppet - requires: - - environments/puppet-pacemaker.yaml - - overcloud-resource-registry-puppet.yaml - - title: Cinder backend + - title: Cinder backends description: > Enable various Cinder backends environments: @@ -414,7 +301,7 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml - - file: environments/cinder-netapp-config.yaml + - file: environments/storage/cinder-netapp-config.yaml title: Cinder NetApp backend description: requires: @@ -422,22 +309,19 @@ topics: - file: environments/cinder-dellsc-config.yaml title: Cinder Dell EMC Storage Center ISCSI backend description: > - Enables a Cinder Dell EMC Storage Center ISCSI backend, - configured via puppet + Enables a Cinder Dell EMC Storage Center ISCSI backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-hpelefthand-config.yaml title: Cinder HPELeftHandISCSI backend description: > - Enables a Cinder HPELeftHandISCSI backend, configured - via puppet + Enables a Cinder HPELeftHandISCSI backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-dellps-config.yaml title: Cinder Dell EMC PS Series backend description: > - Enables a Cinder Dell EMC PS Series backend, - configured via puppet + Enables a Cinder Dell EMC PS Series backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-iser.yaml @@ -447,8 +331,7 @@ topics: - file: environments/cinder-scaleio-config.yaml title: Cinder Dell EMC ScaleIO backend description: > - Enables a Cinder Dell EMC ScaleIO backend, - configured via puppet + Enables a Cinder Dell EMC ScaleIO backend requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-veritas-hyperscale-config.yaml @@ -458,106 +341,199 @@ topics: configured via puppet requires: - overcloud-resource-registry-puppet.yaml - - title: Ceph - description: > - Enable the use of Ceph in the overcloud + - title: Cinder backup service + description: environments: - - file: environments/puppet-ceph-external.yaml - title: Externally managed Ceph + - file: environments/cinder-backup.yaml + title: Cinder backup service description: > - Configures the overcloud to use an externally managed Ceph cluster, via RBD driver. + OpenStack Cinder Backup service with Pacemaker requires: + - environments/puppet-pacemaker.yaml - overcloud-resource-registry-puppet.yaml + - title: Ceph + description: > + Enable the use of Ceph in the overcloud + environments: - file: environments/puppet-ceph.yaml - title: TripleO managed Ceph + title: Ceph Storage Backend description: > Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is colocated with NovaCompute and configures the overcloud to use it, via RBD driver. requires: - overcloud-resource-registry-puppet.yaml - - title: CephMDS - description: > - Deploys CephMDS via TripleO, an additional Ceph service needed to create shared - filesystems hosted in Ceph. + - file: environments/storage/external-ceph.yaml + title: Externally managed Ceph + description: > + Configures the overcloud to use an externally managed Ceph cluster, via RBD driver. + requires: + - overcloud-resource-registry-puppet.yaml + mutually_exclusive: true + - title: Additional Ceph Options + description: environments: - file: environments/services/ceph-mds.yaml title: Deploys CephMDS - description: + description: > + Deploys CephMDS via TripleO, an additional Ceph service needed to create shared + filesystems hosted in Ceph. requires: - environments/puppet-ceph.yaml - - title: Ceph Rados Gateway - description: > - Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API - which stores data in the Ceph cluster. - environments: - file: environments/ceph-radosgw.yaml - title: Deploys CephRGW - description: + title: Ceph Rados Gateway + description: > + Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API + which stores data in the Ceph cluster. requires: - environments/puppet-ceph.yaml - - title: Manila with CephFS - description: > - Deploys Manila and configures it with the CephFS driver. This requires the deployment of - Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud. - environments: - file: environments/manila-cephfsnative-config.yaml - title: Deploys Manila with CephFS driver - description: Deploys Manila and configures CephFS as its default backend. + title: Manila with CephFS + description: > + Deploys Manila and configures it with the CephFS driver. This requires the deployment of + Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud. requires: - overcloud-resource-registry-puppet.yaml - - title: Storage Environment - description: > - Can be used to set up storage backends. Defaults to Ceph used as a - backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It - configures which services will use Ceph, or if any of the services - will use NFS. And more. Usually requires to be edited by user first. - tags: - - no-gui + - title: Glance backends + description: environments: - - file: environments/storage-environment.yaml - title: Storage Environment - description: + - file: environments/storage/glance-nfs.yaml + title: Glance NFS Backend + description: | + Configure and enable this option to enable the use of an NFS + share as the backend for Glance. requires: - overcloud-resource-registry-puppet.yaml - - title: Utilities - description: + + - title: Security + description: Security Hardening Options environment_groups: - - title: Config Debug - description: Enable config management (e.g. Puppet) debugging + - title: TLS + description: environments: - - file: environments/config-debug.yaml - title: Config Debug + - file: environments/ssl/enable-tls.yaml + title: SSL on OpenStack Public Endpoints + description: > + Use this option to pass in certificates for SSL deployments. + For these values to take effect, one of the TLS endpoints + options must also be used. + requires: + - overcloud-resource-registry-puppet.yaml + - title: TLS Endpoints + description: + environments: + - file: environments/ssl/tls-endpoints-public-dns.yaml + title: SSL-enabled deployment with DNS name as public endpoint + description: > + Use this option when deploying an SSL-enabled overcloud where the public + endpoint is a DNS name. + requires: + - environments/ssl/enable-tls.yaml + - file: environments/ssl/tls-everywhere-endpoints-dns.yaml + title: Deploy All SSL Endpoints as DNS names + description: > + Use this option when deploying an overcloud where all the endpoints are + DNS names and there's TLS in all endpoint types. + requires: + - environments/ssl/enable-tls.yaml + - file: environments/ssl/tls-endpoints-public-ip.yaml + title: SSL-enabled deployment with IP address as public endpoint + description: > + Use this option when deploying an SSL-enabled overcloud where the public + endpoint is an IP address. + requires: + - environments/ssl/enable-tls.yaml + mutually_exclusive: true + - title: SSH Banner Text + description: Enables population of SSH Banner Text + environments: + - file: environments/sshd-banner.yaml + title: SSH Banner Text description: requires: - overcloud-resource-registry-puppet.yaml - - title: Disable journal in MongoDb - description: > - Since, when journaling is enabled, MongoDb will create big journal - file it can take time. In a CI environment for example journaling is - not necessary. + - title: Horizon Password Validation + description: Enable Horizon Password validation environments: - - file: environments/mongodb-nojournal.yaml - title: Disable journal in MongoDb + - file: environments/horizon_password_validation.yaml + title: Horizon Password Validation description: requires: - overcloud-resource-registry-puppet.yaml - - title: Overcloud Steps - description: > - Specifies hooks/breakpoints where overcloud deployment should stop - Allows operator validation between steps, and/or more granular control. - Note: the wildcards relate to naming convention for some resource suffixes, - e.g see puppet/*-post.yaml, enabling this will mean we wait for - a user signal on every *Deployment_StepN resource defined in those files. - tags: - - no-gui + - title: AuditD Rules + description: Management of AuditD rules environments: - - file: environments/overcloud-steps.yaml - title: Overcloud Steps + - file: environments/auditd.yaml + title: AuditD Rule Management description: requires: - overcloud-resource-registry-puppet.yaml + - title: Keystone CADF auditing + description: Enable CADF notifications in Keystone for auditing + environments: + - file: environments/cadf.yaml + title: Keystone CADF auditing + - title: SecureTTY Values + description: Set values within /etc/securetty + environments: + - file: environments/securetty.yaml + title: SecureTTY Values + + - title: Additional Services + description: + environment_groups: + - title: + description: Deploy additional services + environments: + - file: environments/services/manila-generic-config.yaml + title: Barbican + description: Enable Barbican with the default secret store backend + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/manila-generic-config.yaml + title: Manila + description: Enable Manila with generic driver backend + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/sahara.yaml + title: Sahara + description: Deploy Sahara service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/ironic.yaml + title: Ironic + description: Deploy Ironic service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/mistral.yaml + title: Mistral + description: Deploy Mistral service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/ec2-api.yaml + title: EC2 API + description: Enable EC2-API service + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/services/zaqar.yaml + title: Zaqar + description: Deploy Zaqar service + requires: + - overcloud-resource-registry-puppet.yaml + + - title: Nova Extensions + description: + environment_groups: + - title: Nova Extensions + description: + environments: + - file: environments/nova-nuage-config.yaml + title: Nuage backend + description: > + Enables Nuage backend on the Compute + requires: + - overcloud-resource-registry-puppet.yaml - title: Operational Tools description: @@ -566,7 +542,7 @@ topics: description: Enable monitoring agents environments: - file: environments/monitoring-environment.yaml - title: Enable monitoring agents + title: Monitoring agents description: requires: - overcloud-resource-registry-puppet.yaml @@ -574,7 +550,7 @@ topics: description: Enable centralized logging clients (fluentd) environments: - file: environments/logging-environment.yaml - title: Enable fluentd client + title: fluentd client description: requires: - overcloud-resource-registry-puppet.yaml @@ -582,45 +558,45 @@ topics: description: Enable performance monitoring agents environments: - file: environments/collectd-environment.yaml - title: Enable performance monitoring agents + title: Performance monitoring agents description: requires: - overcloud-resource-registry-puppet.yaml - - title: Security Options - description: Security Hardening Options + - title: Utilities + description: environment_groups: - - title: SSH Banner Text - description: Enables population of SSH Banner Text + - title: Config Debug + description: Enable config management (e.g. Puppet) debugging environments: - - file: environments/sshd-banner.yaml - title: SSH Banner Text + - file: environments/config-debug.yaml + title: Config Debug description: requires: - overcloud-resource-registry-puppet.yaml - - title: Horizon Password Validation - description: Enable Horizon Password validation + - title: Disable journal in MongoDb + description: > + Since, when journaling is enabled, MongoDb will create big journal + file it can take time. In a CI environment for example journaling is + not necessary. environments: - - file: environments/horizon_password_validation.yaml - title: Horizon Password Validation + - file: environments/mongodb-nojournal.yaml + title: Disable journal in MongoDb description: requires: - overcloud-resource-registry-puppet.yaml - - title: AuditD Rules - description: Management of AuditD rules + - title: Overcloud Steps + description: > + Specifies hooks/breakpoints where overcloud deployment should stop + Allows operator validation between steps, and/or more granular control. + Note: the wildcards relate to naming convention for some resource suffixes, + e.g see puppet/*-post.yaml, enabling this will mean we wait for + a user signal on every *Deployment_StepN resource defined in those files. + tags: + - no-gui environments: - - file: environments/auditd.yaml - title: AuditD Rule Management + - file: environments/overcloud-steps.yaml + title: Overcloud Steps description: requires: - overcloud-resource-registry-puppet.yaml - - title: Keystone CADF auditing - description: Enable CADF notifications in Keystone for auditing - environments: - - file: environments/cadf.yaml - title: Keystone CADF auditing - - title: SecureTTY Values - description: Set values within /etc/securetty - environments: - - file: environments/securetty.yaml - title: SecureTTY Values diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index cdbcbfd6..513d3f71 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -5,6 +5,7 @@ resource_registry: OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::Redis: ../../puppet/services/pacemaker/database/redis.yaml OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml @@ -68,6 +69,18 @@ parameter_defaults: - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Redis + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentIpmi + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::PankoApi ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/common/services.yaml b/common/services.yaml index 350026cc..0bc3462f 100644 --- a/common/services.yaml +++ b/common/services.yaml @@ -35,7 +35,7 @@ parameters: description: Role name on which the service is applied type: string RoleParameters: - description: Role Specific parameters to be provided to service + description: Parameters specific to the role default: {} type: json diff --git a/deployed-server/deployed-server.yaml b/deployed-server/deployed-server.yaml index 16deb7d6..d116e7c6 100644 --- a/deployed-server/deployed-server.yaml +++ b/deployed-server/deployed-server.yaml @@ -9,6 +9,7 @@ parameters: key_name: type: string default: unused + description: Name of keypair to assign to servers security_groups: type: json default: [] diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 48faaf9c..900131c9 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -160,6 +160,7 @@ outputs: cinder_api_cron: image: *cinder_api_image net: host + user: root privileged: false restart: always volumes: diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml index 33147d27..ad3b43c2 100644 --- a/docker/services/cinder-backup.yaml +++ b/docker/services/cinder-backup.yaml @@ -120,7 +120,6 @@ outputs: - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /dev/:/dev/ - /run/:/run/ diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml index 2ead0d50..eb904c0b 100644 --- a/docker/services/cinder-volume.yaml +++ b/docker/services/cinder-volume.yaml @@ -129,7 +129,6 @@ outputs: - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /lib/modules:/lib/modules:ro - /dev/:/dev/ diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml index 71ea8d1f..2c894da5 100644 --- a/docker/services/containers-common.yaml +++ b/docker/services/containers-common.yaml @@ -66,5 +66,9 @@ outputs: - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro - if: - internal_tls_enabled - - - {get_param: InternalTLSCAFile} + - - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' - null diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index 5129b89f..41fe197b 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -39,6 +39,10 @@ parameters: EnableInternalTLS: type: boolean default: false + NumberOfStorageSacks: + default: 128 + description: Number of storage sacks to create. + type: number conditions: @@ -110,7 +114,11 @@ outputs: - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/log/containers/gnocchi:/var/log/gnocchi - command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'" + command: + str_replace: + template: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c /usr/bin/gnocchi-upgrade --sacks-number=SACK_NUM" + params: + SACK_NUM: {get_param: NumberOfStorageSacks} step_4: gnocchi_api: image: *gnocchi_api_image diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index 0bc331ca..9e38b060 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -133,6 +133,7 @@ outputs: heat_api_cron: image: {get_param: DockerHeatApiImage} net: host + user: root privileged: false restart: always volumes: diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index c461f976..fcc458a2 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -103,7 +103,9 @@ outputs: merge: true preserve_properties: true /var/lib/kolla/config_files/keystone_cron.json: - command: /usr/sbin/cron -n + # FIXME(dprince): this is unused ATM because Kolla hardcodes the + # args for the keystone container to -DFOREGROUND + command: /usr/sbin/crond -n config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" @@ -168,9 +170,11 @@ outputs: keystone_cron: start_order: 4 image: *keystone_image + user: root net: host privileged: false restart: always + command: ['/bin/bash', '-c', '/usr/local/bin/kolla_set_configs && /usr/sbin/crond -n'] volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml index fc749f37..5e01558a 100644 --- a/docker/services/multipathd.yaml +++ b/docker/services/multipathd.yaml @@ -59,11 +59,11 @@ outputs: kolla_config: /var/lib/kolla/config_files/multipathd.json: command: /usr/sbin/multipathd -d - config_files: - - source: "/var/lib/kolla/config_files/src-iscsid/*" - dest: "/" - merge: true - preserve_properties: true + config_files: + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: multipathd: diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 2f3851a5..916b057e 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -56,7 +56,21 @@ parameters: description: Port that dockerized nova migration target sshd service binds to. type: number - + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean + CephClientKey: + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClusterFSID: + type: string + description: The Ceph cluster FSID. Must be a UUID. conditions: @@ -69,6 +83,15 @@ conditions: - {get_param: UseTLSTransportForLiveMigration} - true + need_libvirt_secret: + or: + - equals: + - {get_param: NovaEnableRbdBackend} + - true + - equals: + - {get_param: CinderEnableRbdBackend} + - true + resources: ContainersCommon: @@ -102,7 +125,7 @@ outputs: - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova_libvirt - puppet_tags: libvirtd_config,nova_config,file,exec + puppet_tags: libvirtd_config,nova_config,file step_config: *step_config config_image: {get_param: DockerNovaLibvirtConfigImage} kolla_config: @@ -145,21 +168,46 @@ outputs: - /run:/run - /sys/fs/cgroup:/sys/fs/cgroup - /var/lib/nova:/var/lib/nova - - /etc/libvirt/secrets:/etc/libvirt/secrets + - /etc/libvirt:/etc/libvirt # Needed to use host's virtlogd - /var/run/libvirt:/var/run/libvirt - /var/lib/libvirt:/var/lib/libvirt - - /etc/libvirt/qemu:/etc/libvirt/qemu - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_4: + if: + - need_libvirt_secret + - nova_libvirt_init_secret: + detach: false + image: {get_param: DockerNovaLibvirtImage} + privileged: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova:/etc/nova:ro + - /etc/libvirt:/etc/libvirt + - /var/run/libvirt:/var/run/libvirt + - /var/lib/libvirt:/var/lib/libvirt + command: + - /bin/bash + - -c + - str_replace: + template: /usr/bin/virsh secret-define --file /etc/nova/secret.xml && /usr/bin/virsh secret-set-value --secret 'SECRET_UUID' --base64 'SECRET_KEY' + params: + SECRET_UUID: {get_param: CephClusterFSID} + SECRET_KEY: {get_param: CephClientKey} + - {} host_prep_tasks: - name: create libvirt persistent data directories file: path: "{{ item }}" state: directory with_items: + - /etc/libvirt - /etc/libvirt/secrets - /etc/libvirt/qemu - /var/lib/libvirt diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index f12852f8..3fb38349 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -32,6 +32,9 @@ parameters: type: string hidden: true default: '' + MysqlClustercheckPassword: + type: string + hidden: true RoleName: default: '' description: Role name on which the service is applied @@ -118,7 +121,19 @@ outputs: image: *mysql_image net: host # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done - command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] + command: + - 'bash' + - '-ec' + - + list_join: + - "\n" + - - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi' + - 'kolla_start' + - 'mysqld_safe --skip-networking --wsrep-on=OFF &' + - 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done''' + - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''clustercheck''@''localhost'' IDENTIFIED BY ''${DB_CLUSTERCHECK_PASSWORD}'';"' + - 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "GRANT PROCESS ON *.* TO ''clustercheck''@''localhost'' WITH GRANT OPTION;"' + - 'timeout ${DB_MAX_TIMEOUT} mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown' volumes: &mysql_volumes list_concat: - {get_attr: [ContainersCommon, volumes]} @@ -131,6 +146,12 @@ outputs: - KOLLA_BOOTSTRAP=True # NOTE(mandre) skip wsrep cluster status check - KOLLA_KUBERNETES=True + - DB_MAX_TIMEOUT=60 + - + list_join: + - '=' + - - 'DB_CLUSTERCHECK_PASSWORD' + - {get_param: MysqlClustercheckPassword} - list_join: - '=' diff --git a/environments/docker-ha.yaml b/environments/docker-ha.yaml index 474e9966..1e25a357 100644 --- a/environments/docker-ha.yaml +++ b/environments/docker-ha.yaml @@ -5,6 +5,8 @@ resource_registry: # Pacemaker runs on the host OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml OS::TripleO::Services::PacemakerRemote: ../puppet/services/pacemaker_remote.yaml + OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None + OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None # Services that are disabled for HA deployments with pacemaker OS::TripleO::Services::Keepalived: OS::Heat::None diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 255726a1..d4743326 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -6,12 +6,18 @@ resource_registry: OS::TripleO::Services::Docker: ../puppet/services/docker.yaml # The compute node still needs extra initialization steps OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml + # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2 + OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml # NOTE: add roles to be docker enabled as we support them. OS::TripleO::Services::AodhApi: ../docker/services/aodh-api.yaml OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml + OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml + OS::TripleO::Services::CeilometerAgentIpmi: ../docker/services/ceilometer-agent-ipmi.yaml + OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml + OS::TripleO::Services::ComputeCeilometerAgent: ../docker/services/ceilometer-agent-compute.yaml OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::GlanceApi: ../docker/services/glance-api.yaml OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml @@ -22,14 +28,16 @@ resource_registry: OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml - OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml + OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml + OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml + OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml diff --git a/environments/docker.yaml b/environments/docker.yaml index 0972da67..336a0b3c 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -51,7 +51,7 @@ resource_registry: OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml OS::TripleO::Services::CeilometerAgentIpmi: ../docker/services/ceilometer-agent-ipmi.yaml - OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml + OS::TripleO::Services::ComputeCeilometerAgent: ../docker/services/ceilometer-agent-compute.yaml OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml index 601554a1..ce64311b 100644 --- a/environments/neutron-nuage-config.yaml +++ b/environments/neutron-nuage-config.yaml @@ -1,13 +1,13 @@ # A Heat environment file which can be used to enable a # a Neutron Nuage backend on the controller, configured via puppet resource_registry: + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None # Override the NeutronCorePlugin to use Nuage - OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginNuage - OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2Nuage parameter_defaults: NeutronNuageNetPartitionName: 'default_name' @@ -18,9 +18,18 @@ parameter_defaults: NeutronNuageBaseURIVersion: 'default_uri_version' NeutronNuageCMSId: '' UseForwardedFor: true - NeutronCorePlugin: 'nuage_neutron.plugins.nuage.plugin.NuagePlugin' - NeutronEnableDHCPAgent: false - NeutronServicePlugins: [] - NovaOVSBridge: 'alubr0' - controllerExtraConfig: + NeutronServicePlugins: '' + NeutronDBSyncExtraParams: '--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini' + NeutronTypeDrivers: '' + NeutronNetworkType: '' + NeutronMechanismDrivers: '' + NeutronPluginExtensions: '' + NeutronFlatNetworks: '' + NeutronTunnelIdRanges: '' + NeutronNetworkVLANRanges: '' + NeutronVniRanges: '' + NovaOVSBridge: 'default_bridge' + NeutronMetadataProxySharedSecret: 'default' + InstanceNameTemplate: 'inst-%08x' + ControllerExtraConfig: neutron::api_extensions_path: '/usr/lib/python2.7/site-packages/neutron/plugins/nuage/' diff --git a/environments/neutron-opendaylight-sriov.yaml b/environments/neutron-opendaylight-sriov.yaml new file mode 100644 index 00000000..5c0a0350 --- /dev/null +++ b/environments/neutron-opendaylight-sriov.yaml @@ -0,0 +1,28 @@ +# A Heat environment that can be used to deploy OpenDaylight with SRIOV +resource_registry: + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-plugin-ml2.yaml + OS::TripleO::Services::NeutronCorePlugin: ../puppet/services/neutron-plugin-ml2-odl.yaml + OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml + OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml + OS::TripleO::Services::NeutronSriovAgent: ../puppet/services/neutron-sriov-agent.yaml + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + +parameter_defaults: + NeutronEnableForceMetadata: true + NeutronMechanismDrivers: ['sriovnicswitch','opendaylight_v2'] + NeutronServicePlugins: 'odl-router_v2,trunk' + + # Add PciPassthroughFilter to the scheduler default filters + #NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter'] + #NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"] + + #NeutronPhysicalDevMappings: "datacentre:ens20f2" + + # Number of VFs that needs to be configured for a physical interface + #NeutronSriovNumVFs: "ens20f2:5" + + #NovaPCIPassthrough: + # - devname: "ens20f2" + # physical_network: "datacentre" diff --git a/environments/nova-nuage-config.yaml b/environments/nova-nuage-config.yaml index 56c64d15..5e75ed9e 100644 --- a/environments/nova-nuage-config.yaml +++ b/environments/nova-nuage-config.yaml @@ -2,7 +2,13 @@ # Nuage backend on the compute, configured via puppet resource_registry: OS::TripleO::ComputeExtraConfigPre: ../puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml parameter_defaults: NuageActiveController: '0.0.0.0' NuageStandbyController: '0.0.0.0' + NovaOVSBridge: 'default_bridge' + NovaComputeLibvirtType: 'default_type' + NovaIPv6: False + NuageMetadataProxySharedSecret: 'default' + NuageNovaApiEndpoint: 'default_endpoint' diff --git a/environments/predictable-placement/custom-domain.yaml b/environments/predictable-placement/custom-domain.yaml new file mode 100644 index 00000000..aacb677a --- /dev/null +++ b/environments/predictable-placement/custom-domain.yaml @@ -0,0 +1,35 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Custom Domain Name +# description: | +# This environment contains the parameters that need to be set in order to +# use a custom domain name and have all of the various FQDNs reflect it. +parameter_defaults: + # The DNS domain used for the hosts. This must match the overcloud_domain_name configured on the undercloud. + # Type: string + CloudDomain: localdomain + + # The DNS name of this cloud. E.g. ci-overcloud.tripleo.org + # Type: string + CloudName: overcloud.localdomain + + # The DNS name of this cloud's provisioning network endpoint. E.g. 'ci-overcloud.ctlplane.tripleo.org'. + # Type: string + CloudNameCtlplane: overcloud.ctlplane.localdomain + + # The DNS name of this cloud's internal API endpoint. E.g. 'ci-overcloud.internalapi.tripleo.org'. + # Type: string + CloudNameInternal: overcloud.internalapi.localdomain + + # The DNS name of this cloud's storage endpoint. E.g. 'ci-overcloud.storage.tripleo.org'. + # Type: string + CloudNameStorage: overcloud.storage.localdomain + + # The DNS name of this cloud's storage management endpoint. E.g. 'ci-overcloud.storagemgmt.tripleo.org'. + # Type: string + CloudNameStorageManagement: overcloud.storagemgmt.localdomain + diff --git a/environments/services-docker/ironic.yaml b/environments/services-docker/ironic.yaml index e927ecb3..d98ca1d4 100644 --- a/environments/services-docker/ironic.yaml +++ b/environments/services-docker/ironic.yaml @@ -3,3 +3,5 @@ resource_registry: OS::TripleO::Services::IronicConductor: ../../docker/services/ironic-conductor.yaml OS::TripleO::Services::IronicPxe: ../../docker/services/ironic-pxe.yaml OS::TripleO::Services::NovaIronic: ../../docker/services/nova-ironic.yaml +parameter_defaults: + NovaSchedulerDiscoverHostsInCellsInterval: 15 diff --git a/extraconfig/nova_metadata/krb-service-principals.yaml b/extraconfig/nova_metadata/krb-service-principals.yaml index 59b8e7f5..cdd4341a 100644 --- a/extraconfig/nova_metadata/krb-service-principals.yaml +++ b/extraconfig/nova_metadata/krb-service-principals.yaml @@ -32,8 +32,8 @@ parameters: CloudNameCtlplane: default: overcloud.ctlplane.localdomain description: > - The DNS name of this cloud's storage management endpoint. E.g. - 'ci-overcloud.management.tripleo.org'. + The DNS name of this cloud's provisioning network endpoint. E.g. + 'ci-overcloud.ctlplane.tripleo.org'. type: string resources: diff --git a/extraconfig/pre_network/contrail/compute_pre_network.yaml b/extraconfig/pre_network/contrail/compute_pre_network.yaml index a30330f9..69e89f87 100644 --- a/extraconfig/pre_network/contrail/compute_pre_network.yaml +++ b/extraconfig/pre_network/contrail/compute_pre_network.yaml @@ -34,7 +34,7 @@ parameters: type: string RoleParameters: type: json - description: Role Specific parameters + description: Parameters specific to the role default: {} ServiceNames: type: comma_delimited_list diff --git a/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml b/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml index 623eb7e0..4b3c673c 100644 --- a/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml +++ b/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml @@ -38,7 +38,7 @@ parameters: type: string RoleParameters: type: json - description: Role Specific parameters + description: Parameters specific to the role default: {} ServiceNames: type: comma_delimited_list diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml index 5c7cc273..87dbeaec 100644 --- a/extraconfig/pre_network/host_config_and_reboot.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.yaml @@ -9,7 +9,7 @@ parameters: type: string RoleParameters: type: json - description: Role Specific parameters + description: Parameters specific to the role default: {} ServiceNames: type: comma_delimited_list diff --git a/extraconfig/tasks/tripleo_upgrade_node.sh b/extraconfig/tasks/tripleo_upgrade_node.sh index af49d49d..baf838e4 100644 --- a/extraconfig/tasks/tripleo_upgrade_node.sh +++ b/extraconfig/tasks/tripleo_upgrade_node.sh @@ -55,6 +55,9 @@ if [[ -n \$NOVA_COMPUTE ]]; then log_debug "Stop and disable libvirtd service for upgrade to containers" systemctl stop libvirtd systemctl disable libvirtd + log_debug "Stop and disable openstack-nova-compute for upgrade to containers" + systemctl stop openstack-nova-compute + systemctl disable openstack-nova-compute fi # Apply puppet manifest to converge just right after the ${ROLE} upgrade diff --git a/firstboot/userdata_example.yaml b/firstboot/userdata_example.yaml index 2f03c83b..32da7eda 100644 --- a/firstboot/userdata_example.yaml +++ b/firstboot/userdata_example.yaml @@ -42,10 +42,9 @@ resources: str_replace: template: | #!/bin/bash - curl http://169.254.169.254/openstack/2012-08-10/meta_data.json -o /root/meta_data.json mkdir -p /home/$user/.ssh chmod 700 /home/$user/.ssh - cat /root/meta_data.json | jq -r ".keys[0].data" > /home/$user/.ssh/authorized_keys + os-apply-config --key public-keys.0.openssh-key --type raw > /home/$user/.ssh/authorized_keys chmod 600 /home/$user/.ssh/authorized_keys chown -R $user:$user /home/$user/.ssh params: diff --git a/j2_excludes.yaml b/j2_excludes.yaml index 063e63d4..356068fc 100644 --- a/j2_excludes.yaml +++ b/j2_excludes.yaml @@ -8,3 +8,39 @@ name: - puppet/blockstorage-role.yaml - puppet/objectstorage-role.yaml - puppet/cephstorage-role.yaml + - network/internal_api.yaml + - network/external.yaml + - network/storage.yaml + - network/storage_mgmt.yaml + - network/tenant.yaml + - network/management.yaml + - network/internal_api_v6.yaml + - network/external_v6.yaml + - network/storage_v6.yaml + - network/storage_mgmt_v6.yaml + - network/tenant_v6.yaml + - network/management_v6.yaml + - network/ports/internal_api.yaml + - network/ports/external.yaml + - network/ports/storage.yaml + - network/ports/storage_mgmt.yaml + - network/ports/tenant.yaml + - network/ports/management.yaml + - network/ports/internal_api_v6.yaml + - network/ports/external_v6.yaml + - network/ports/storage_v6.yaml + - network/ports/storage_mgmt_v6.yaml + - network/ports/tenant_v6.yaml + - network/ports/management_v6.yaml + - network/ports/internal_api_from_pool.yaml + - network/ports/external_from_pool.yaml + - network/ports/storage_from_pool.yaml + - network/ports/storage_mgmt_from_pool.yaml + - network/ports/tenant_from_pool.yaml + - network/ports/management_from_pool.yaml + - network/ports/internal_api_from_pool_v6.yaml + - network/ports/external_from_pool_v6.yaml + - network/ports/storage_from_pool_v6.yaml + - network/ports/storage_mgmt_from_pool_v6.yaml + - network/ports/tenant_from_pool_v6.yaml + - network/ports/management_from_pool_v6.yaml diff --git a/network/external.yaml b/network/external.yaml index 8dbe3e20..708d4635 100644 --- a/network/external.yaml +++ b/network/external.yaml @@ -66,4 +66,4 @@ outputs: description: Neutron external network value: {get_resource: ExternalNetwork} subnet_cidr: - value: {get_attr: ExternalSubnet, cidr} + value: {get_attr: [ExternalSubnet, cidr]} diff --git a/network/external_v6.yaml b/network/external_v6.yaml index 3266932a..9d1c3d00 100644 --- a/network/external_v6.yaml +++ b/network/external_v6.yaml @@ -73,4 +73,4 @@ outputs: description: Neutron external network value: {get_resource: ExternalNetwork} subnet_cidr: - value: {get_attr: ExternalSubnet, cidr} + value: {get_attr: [ExternalSubnet, cidr]} diff --git a/network/internal_api.yaml b/network/internal_api.yaml index 7ff0dafd..6e1885a9 100644 --- a/network/internal_api.yaml +++ b/network/internal_api.yaml @@ -62,4 +62,4 @@ outputs: description: Neutron internal network value: {get_resource: InternalApiNetwork} subnet_cidr: - value: {get_attr: InternalApiSubnet, cidr} + value: {get_attr: [InternalApiSubnet, cidr]} diff --git a/network/internal_api_v6.yaml b/network/internal_api_v6.yaml index 0688f138..7264b1c0 100644 --- a/network/internal_api_v6.yaml +++ b/network/internal_api_v6.yaml @@ -69,4 +69,4 @@ outputs: description: Neutron internal network value: {get_resource: InternalApiNetwork} subnet_cidr: - value: {get_attr: InternalApiSubnet, cidr} + value: {get_attr: [InternalApiSubnet, cidr]} diff --git a/network/management.yaml b/network/management.yaml index f54794c3..be197e5c 100644 --- a/network/management.yaml +++ b/network/management.yaml @@ -39,7 +39,7 @@ parameters: description: Ip allocation pool range for the management network. type: json ManagementInterfaceDefaultRoute: - default: null + default: unset description: The default route of the management network. type: string @@ -67,4 +67,4 @@ outputs: description: Neutron management network value: {get_resource: ManagementNetwork} subnet_cidr: - value: {get_attr: ManagementSubnet, cidr} + value: {get_attr: [ManagementSubnet, cidr]} diff --git a/network/management_v6.yaml b/network/management_v6.yaml index bf715513..2eb8c876 100644 --- a/network/management_v6.yaml +++ b/network/management_v6.yaml @@ -68,4 +68,4 @@ outputs: description: Neutron management network value: {get_resource: ManagementNetwork} subnet_cidr: - value: {get_attr: ManagementSubnet, cidr} + value: {get_attr: [ManagementSubnet, cidr]} diff --git a/network/network.network.j2.yaml b/network/network.network.j2.yaml new file mode 100644 index 00000000..ccf437bb --- /dev/null +++ b/network/network.network.j2.yaml @@ -0,0 +1,91 @@ +heat_template_version: pike + +description: > + {{network.name}} network definition (automatically generated). + +parameters: + # the defaults here work for static IP assignment (IPAM) only + {{network.name}}NetCidr: + default: {{network.ip_subnet|default("")}} + description: Cidr for the {{network.name_lower}} network. + type: string + {{network.name}}NetValueSpecs: + default: {'provider:physical_network': '{{network.name_lower}}', 'provider:network_type': 'flat'} + description: Value specs for the {{network.name_lower}} network. + type: json + {{network.name}}NetAdminStateUp: + default: false + description: This admin state of the network. + type: boolean + {{network.name}}NetEnableDHCP: + default: false + description: Whether to enable DHCP on the associated subnet. + type: boolean + {{network.name}}NetShared: + default: false + description: Whether this network is shared across all tenants. + type: boolean + {{network.name}}NetName: + default: {{network.name_lower}} + description: The name of the {{network.name_lower}} network. + type: string + {{network.name}}SubnetName: + default: {{network.name_lower}}_subnet + description: The name of the {{network.name_lower}} subnet in Neutron. + type: string + {{network.name}}AllocationPools: + default: {{network.allocation_pools|default([])}} + description: Ip allocation pool range for the {{network.name_lower}} network. + type: json + {{network.name}}InterfaceDefaultRoute: + default: {{network.gateway_ip|default("not_defined")}} + description: default route for the {{network.name_lower}} network + type: string +{%- if network.vlan %} + {{network.name}}NetworkVlanID: + default: {{network.vlan}} + description: Vlan ID for the {{network.name}} network traffic. + type: number +{%- endif %} +{%- if network.ipv6 %} + IPv6AddressMode: + default: dhcpv6-stateful + description: Neutron subnet IPv6 address mode + type: string + IPv6RAMode: + default: dhcpv6-stateful + description: Neutron subnet IPv6 router advertisement mode + type: string +{%- endif %} + +resources: + {{network.name}}Network: + type: OS::Neutron::Net + properties: + admin_state_up: {get_param: {{network.name}}NetAdminStateUp} + name: {get_param: {{network.name}}NetName} + shared: {get_param: {{network.name}}NetShared} + value_specs: {get_param: {{network.name}}NetValueSpecs} + + {{network.name}}Subnet: + type: OS::Neutron::Subnet + properties: + cidr: {get_param: {{network.name}}NetCidr} + name: {get_param: {{network.name}}SubnetName} + network: {get_resource: {{network.name}}Network} + allocation_pools: {get_param: {{network.name}}AllocationPools} + gateway_ip: {get_param: {{network.name}}InterfaceDefaultRoute} +{%- if network.ipv6 %} + ip_version: 6 + ipv6_address_mode: {get_param: IPv6AddressMode} + ipv6_ra_mode: {get_param: IPv6RAMode} +{%- else %} + enable_dhcp: {get_param: {{network.name}}NetEnableDHCP} +{%- endif %} + +outputs: + OS::stack_id: + description: {{network.name_lower}} network + value: {get_resource: {{network.name}}Network} + subnet_cidr: + value: {get_attr: [{{network.name}}Subnet, cidr]} diff --git a/network/networks.j2.yaml b/network/networks.j2.yaml index 5aec597a..48c509df 100644 --- a/network/networks.j2.yaml +++ b/network/networks.j2.yaml @@ -3,13 +3,9 @@ heat_template_version: pike description: Create networks to split out Overcloud traffic resources: - {%- for network in networks %} - {%- if network.name != 'InternalApi' %} - {{network.name}}Network: - {%- else %} - InternalNetwork: - {%- endif %} + {%- set network_name = network.compat_name|default(network.name) %} + {{network_name}}Network: type: OS::TripleO::Network::{{network.name}} {%- endfor %} @@ -23,15 +19,9 @@ outputs: # NOTE(gfidente): we need to replace the null value with a # string to work around https://bugs.launchpad.net/heat/+bug/1700025 {%- for network in networks %} - {%- if network.name != 'InternalApi' %} - {{network.name_lower}}: - yaql: - data: {get_attr: [{{network.name}}Network, subnet_cidr]} - expression: str($.data).replace('null', 'disabled') - {%- else %} + {%- set network_name = network.compat_name|default(network.name) %} {{network.name_lower}}: yaql: - data: {get_attr: [InternalNetwork, subnet_cidr]} + data: {get_attr: [{{network_name}}Network, subnet_cidr]} expression: str($.data).replace('null', 'disabled') - {%- endif %} {%- endfor %} diff --git a/network/ports/ctlplane_vip.yaml b/network/ports/ctlplane_vip.yaml index bb54ca62..f874c30d 100644 --- a/network/ports/ctlplane_vip.yaml +++ b/network/ports/ctlplane_vip.yaml @@ -9,8 +9,8 @@ parameters: description: Name of the service to lookup default: '' type: string - NetworkName: - description: # Here for compatibility with isolated networks + NetworkName: # Here for compatibility with isolated networks + description: Name of the network where the VIP will be created default: ctlplane type: string PortName: diff --git a/network/ports/external.yaml b/network/ports/external.yaml index a02cc284..72922093 100644 --- a/network/ports/external.yaml +++ b/network/ports/external.yaml @@ -6,7 +6,7 @@ description: > parameters: ExternalNetName: - description: Name of the external neutron network + description: The name of the external network. default: external type: string PortName: diff --git a/network/ports/external_from_pool.yaml b/network/ports/external_from_pool.yaml index d2610c69..a14aa90b 100644 --- a/network/ports/external_from_pool.yaml +++ b/network/ports/external_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: ExternalNetName: - description: Name of the external network + description: The name of the external network. default: external type: string PortName: diff --git a/network/ports/external_from_pool_v6.yaml b/network/ports/external_from_pool_v6.yaml index e5fe8d71..2aa51267 100644 --- a/network/ports/external_from_pool_v6.yaml +++ b/network/ports/external_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: ExternalNetName: - description: Name of the external network + description: The name of the external network. default: external type: string PortName: diff --git a/network/ports/external_v6.yaml b/network/ports/external_v6.yaml index 12d61cce..5a1b5ae3 100644 --- a/network/ports/external_v6.yaml +++ b/network/ports/external_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: ExternalNetName: - description: Name of the external neutron network + description: The name of the external network. default: external type: string PortName: diff --git a/network/ports/internal_api.yaml b/network/ports/internal_api.yaml index f258080a..e9eb7875 100644 --- a/network/ports/internal_api.yaml +++ b/network/ports/internal_api.yaml @@ -5,7 +5,7 @@ description: > parameters: InternalApiNetName: - description: Name of the internal API neutron network + description: The name of the internal API network. default: internal_api type: string PortName: diff --git a/network/ports/internal_api_from_pool.yaml b/network/ports/internal_api_from_pool.yaml index cb87fd54..31c72daf 100644 --- a/network/ports/internal_api_from_pool.yaml +++ b/network/ports/internal_api_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: InternalApiNetName: - description: Name of the internal API network + description: The name of the internal API network. default: internal_api type: string PortName: diff --git a/network/ports/internal_api_from_pool_v6.yaml b/network/ports/internal_api_from_pool_v6.yaml index 12a0731b..657310ed 100644 --- a/network/ports/internal_api_from_pool_v6.yaml +++ b/network/ports/internal_api_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: InternalApiNetName: - description: Name of the internal API network + description: The name of the internal API network. default: internal_api type: string PortName: diff --git a/network/ports/internal_api_v6.yaml b/network/ports/internal_api_v6.yaml index 46e6e187..6a9e7083 100644 --- a/network/ports/internal_api_v6.yaml +++ b/network/ports/internal_api_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: InternalApiNetName: - description: Name of the internal API neutron network + description: The name of the internal API network. default: internal_api type: string PortName: diff --git a/network/ports/management.yaml b/network/ports/management.yaml index dd62033b..417d0612 100644 --- a/network/ports/management.yaml +++ b/network/ports/management.yaml @@ -6,7 +6,7 @@ description: > parameters: ManagementNetName: - description: Name of the management neutron network + description: The name of the management network. default: management type: string PortName: diff --git a/network/ports/management_from_pool.yaml b/network/ports/management_from_pool.yaml index 188be68c..4815d163 100644 --- a/network/ports/management_from_pool.yaml +++ b/network/ports/management_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: ManagementNetName: - description: Name of the management network + description: The name of the management network. default: management type: string PortName: diff --git a/network/ports/management_from_pool_v6.yaml b/network/ports/management_from_pool_v6.yaml index b5d44259..2a7d3b1d 100644 --- a/network/ports/management_from_pool_v6.yaml +++ b/network/ports/management_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: ManagementNetName: - description: Name of the management network + description: The name of the management network. default: management type: string PortName: diff --git a/network/ports/management_v6.yaml b/network/ports/management_v6.yaml index 977502a8..9de06d9c 100644 --- a/network/ports/management_v6.yaml +++ b/network/ports/management_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: ManagementNetName: - description: Name of the management neutron network + description: The name of the management network. default: management type: string PortName: diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml index a6971b0f..ce58e96f 100644 --- a/network/ports/net_ip_map.yaml +++ b/network/ports/net_ip_map.yaml @@ -14,6 +14,7 @@ parameters: ExternalIpSubnet: default: '' type: string + description: IP address/subnet on the external network ExternalIpUri: default: '' type: string @@ -24,6 +25,7 @@ parameters: InternalApiIpSubnet: default: '' type: string + description: IP address/subnet on the internal API network InternalApiIpUri: default: '' type: string @@ -34,6 +36,7 @@ parameters: StorageIpSubnet: default: '' type: string + description: IP address/subnet on the storage network StorageIpUri: default: '' type: string @@ -44,6 +47,7 @@ parameters: StorageMgmtIpSubnet: default: '' type: string + description: IP address/subnet on the storage mgmt network StorageMgmtIpUri: default: '' type: string @@ -54,6 +58,7 @@ parameters: TenantIpSubnet: default: '' type: string + description: IP address/subnet on the tenant network TenantIpUri: default: '' type: string diff --git a/network/ports/net_vip_map_external.yaml b/network/ports/net_vip_map_external.yaml index 018bf2bb..d0847882 100644 --- a/network/ports/net_vip_map_external.yaml +++ b/network/ports/net_vip_map_external.yaml @@ -27,24 +27,28 @@ parameters: ExternalIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 InternalApiIp: default: '' type: string InternalApiIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 StorageIp: default: '' type: string StorageIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 StorageMgmtIp: default: '' type: string StorageMgmtIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 outputs: net_ip_map: diff --git a/network/ports/net_vip_map_external_v6.yaml b/network/ports/net_vip_map_external_v6.yaml index aa40cf17..72e60cb2 100644 --- a/network/ports/net_vip_map_external_v6.yaml +++ b/network/ports/net_vip_map_external_v6.yaml @@ -27,24 +27,28 @@ parameters: ExternalIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 InternalApiIp: default: '' type: string InternalApiIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 StorageIp: default: '' type: string StorageIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 StorageMgmtIp: default: '' type: string StorageMgmtIpUri: default: '' type: string + description: IP address with brackets in case of IPv6 outputs: net_ip_map: diff --git a/network/ports/noop.yaml b/network/ports/noop.yaml index 8030bfc0..9f39c4ff 100644 --- a/network/ports/noop.yaml +++ b/network/ports/noop.yaml @@ -12,19 +12,21 @@ parameters: description: IP address on the control plane type: string ControlPlaneNetwork: - description: Name of the control plane network + description: The name of the undercloud Neutron control plane default: ctlplane type: string PortName: description: Name of the port default: '' type: string - NetworkName: - description: # Here for compatibility with vip.yaml - default: '' + NetworkName: # Here for compatibility with vip.yaml + description: Name of the network where the VIP will be created + default: ctlplane type: string FixedIPs: - description: # Here for compatibility with vip.yaml + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] default: [] type: json ControlPlaneSubnetCidr: # Override this via parameter_defaults diff --git a/network/ports/port.network.j2.yaml b/network/ports/port.network.j2.yaml new file mode 100644 index 00000000..ded3e798 --- /dev/null +++ b/network/ports/port.network.j2.yaml @@ -0,0 +1,72 @@ +heat_template_version: pike + +description: > + Creates a port on the {{network.name}} network. The IP address will be chosen + automatically if FixedIPs is empty. + +parameters: + {{network.name}}NetName: + description: Name of the {{network.name_lower}} neutron network + default: {{network.name_lower|default(network.name|lower)}} + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatibility with noop.yaml + description: IP address on the control plane + default: '' + type: string + ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml + description: The name of the undercloud Neutron control plane + default: ctlplane + type: string + FixedIPs: + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json + IPPool: # Here for compatibility with from_pool.yaml + default: {} + type: json + NodeIndex: # Here for compatibility with from_pool.yaml + default: 0 + type: number + +resources: + + {{network.name}}Port: + type: OS::Neutron::Port + properties: + network: {get_param: {{network.name}}NetName} + name: {get_param: PortName} + fixed_ips: {get_param: FixedIPs} + replacement_policy: AUTO + +outputs: + ip_address: + description: {{network.name}} network IP + value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} + ip_address_uri: +{%- if network.ipv6 %} + description: {{network.name}} network IP (with brackets for IPv6 URLs) + value: + list_join: + - '' + - - '[' + - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} + - ']' +{%- else %} + description: {{network.name}} network IP (for compatibility with IPv6 URLs) + value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} +{%- endif %} + ip_subnet: + description: IP/Subnet CIDR for the {{network.name}} network IP + value: + list_join: + - '' + - - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} + - '/' + - {str_split: ['/', {get_attr: [{{network.name}}Port, subnets, 0, cidr]}, 1]} + diff --git a/network/ports/port_from_pool.network.j2.yaml b/network/ports/port_from_pool.network.j2.yaml new file mode 100644 index 00000000..9c08ec76 --- /dev/null +++ b/network/ports/port_from_pool.network.j2.yaml @@ -0,0 +1,65 @@ +heat_template_version: pike + +description: > + Creates a port on the {{network.name}} network, using a map of IPs per role. + Each role has a map of IPs in <Role>IPs parameters, with a list of IPs by + network (lower_name or lower case). For example: + ControllerIPs: + external: + - 1.2.3.4 # First controller + - 1.2.3.5 # Second controller + +parameters: + {{network.name}}NetName: + description: Name of the {{network.name}} neutron network + default: {{network.name_lower}} + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatibility with noop.yaml + description: IP address on the control plane + default: '' + type: string + ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml + description: The name of the undercloud Neutron control plane + default: ctlplane + type: string + IPPool: # Set in <Role>IPs map, see environments/ips-from-pool-all.yaml + default: {} + type: json + NodeIndex: # First node in the role will get first IP, and so on... + default: 0 + type: number + {{network.name}}NetCidr: + default: {{network.ip_subnet}} + description: Cidr for the {{network.name_lower}} network. + type: string + +outputs: + ip_address: + description: {{network.name}} network IP + value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + ip_address_uri: +{%- if network.ipv6 %} + description: {{network.name}} network IP (with brackets for IPv6 URLs) + value: + list_join: + - '' + - - '[' + - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + - ']' +{%- else %} + description: {{network.name}} network IP (for compatibility with {{network.name_lower}}_v6.yaml) + value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} +{%- endif %} + ip_subnet: + description: IP/Subnet CIDR for the {{network.name}} network IP + value: + list_join: + - '' + - - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + - '/' + - {str_split: ['/', {get_param: {{network.name}}NetCidr}, 1]} + diff --git a/network/ports/storage.yaml b/network/ports/storage.yaml index 5c1aba1a..13e51ccf 100644 --- a/network/ports/storage.yaml +++ b/network/ports/storage.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageNetName: - description: Name of the storage neutron network + description: The name of the storage network. default: storage type: string PortName: diff --git a/network/ports/storage_from_pool.yaml b/network/ports/storage_from_pool.yaml index ca5993fc..11aa20c7 100644 --- a/network/ports/storage_from_pool.yaml +++ b/network/ports/storage_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageNetName: - description: Name of the storage network + description: The name of the storage network. default: storage type: string PortName: diff --git a/network/ports/storage_from_pool_v6.yaml b/network/ports/storage_from_pool_v6.yaml index ec7cd2f0..2d2c3055 100644 --- a/network/ports/storage_from_pool_v6.yaml +++ b/network/ports/storage_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: StorageNetName: - description: Name of the storage network + description: The name of the storage network. default: storage type: string PortName: diff --git a/network/ports/storage_mgmt.yaml b/network/ports/storage_mgmt.yaml index 94b058a2..c06c58ef 100644 --- a/network/ports/storage_mgmt.yaml +++ b/network/ports/storage_mgmt.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageMgmtNetName: - description: Name of the storage_mgmt API neutron network + description: The name of the Storage management network. default: storage_mgmt type: string PortName: diff --git a/network/ports/storage_mgmt_from_pool.yaml b/network/ports/storage_mgmt_from_pool.yaml index 63b2e154..07308a70 100644 --- a/network/ports/storage_mgmt_from_pool.yaml +++ b/network/ports/storage_mgmt_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageMgmtNetName: - description: Name of the storage MGMT network + description: The name of the Storage management network. default: storage_mgmt type: string PortName: @@ -26,7 +26,7 @@ parameters: type: number StorageMgmtNetCidr: default: '172.16.3.0/24' - description: Cidr for the storage MGMT network. + description: Cidr for the storage management network. type: string outputs: diff --git a/network/ports/storage_mgmt_from_pool_v6.yaml b/network/ports/storage_mgmt_from_pool_v6.yaml index 6d0b8794..1b30f0ce 100644 --- a/network/ports/storage_mgmt_from_pool_v6.yaml +++ b/network/ports/storage_mgmt_from_pool_v6.yaml @@ -6,7 +6,7 @@ description: > parameters: StorageMgmtNetName: - description: Name of the storage MGMT network + description: The name of the Storage management network. default: storage_mgmt type: string PortName: @@ -27,7 +27,7 @@ parameters: type: number StorageMgmtNetCidr: default: 'fd00:fd00:fd00:4000::/64' - description: Cidr for the storage MGMT network. + description: Cidr for the storage management network. type: string outputs: diff --git a/network/ports/storage_mgmt_v6.yaml b/network/ports/storage_mgmt_v6.yaml index 3d70c690..c10b1393 100644 --- a/network/ports/storage_mgmt_v6.yaml +++ b/network/ports/storage_mgmt_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageMgmtNetName: - description: Name of the storage_mgmt API neutron network + description: The name of the Storage management network. default: storage_mgmt type: string PortName: diff --git a/network/ports/storage_v6.yaml b/network/ports/storage_v6.yaml index 6137d241..c7d47c54 100644 --- a/network/ports/storage_v6.yaml +++ b/network/ports/storage_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: StorageNetName: - description: Name of the storage neutron network + description: The name of the storage network. default: storage type: string PortName: diff --git a/network/ports/tenant.yaml b/network/ports/tenant.yaml index a56b0f43..6c5eee38 100644 --- a/network/ports/tenant.yaml +++ b/network/ports/tenant.yaml @@ -5,7 +5,7 @@ description: > parameters: TenantNetName: - description: Name of the tenant neutron network + description: The name of the tenant network. default: tenant type: string PortName: diff --git a/network/ports/tenant_from_pool.yaml b/network/ports/tenant_from_pool.yaml index 03ff6d11..94c419df 100644 --- a/network/ports/tenant_from_pool.yaml +++ b/network/ports/tenant_from_pool.yaml @@ -5,7 +5,7 @@ description: > parameters: TenantNetName: - description: Name of the tenant network + description: The name of the tenant network. default: tenant type: string PortName: diff --git a/network/ports/tenant_from_pool_v6.yaml b/network/ports/tenant_from_pool_v6.yaml index d45faf06..cc2b619a 100644 --- a/network/ports/tenant_from_pool_v6.yaml +++ b/network/ports/tenant_from_pool_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: TenantNetName: - description: Name of the tenant network + description: The name of the tenant network. default: tenant type: string PortName: diff --git a/network/ports/tenant_v6.yaml b/network/ports/tenant_v6.yaml index d23e91f7..47d52d8a 100644 --- a/network/ports/tenant_v6.yaml +++ b/network/ports/tenant_v6.yaml @@ -5,7 +5,7 @@ description: > parameters: TenantNetName: - description: Name of the tenant neutron network + description: The name of the tenant network. default: tenant type: string PortName: diff --git a/network/ports/vip.yaml b/network/ports/vip.yaml index 70b4482c..f47760c8 100644 --- a/network/ports/vip.yaml +++ b/network/ports/vip.yaml @@ -11,7 +11,7 @@ parameters: type: string NetworkName: description: Name of the network where the VIP will be created - default: internal_api + default: ctlplane type: string PortName: description: Name of the port diff --git a/network/ports/vip_v6.yaml b/network/ports/vip_v6.yaml index 09f646a6..90525a31 100644 --- a/network/ports/vip_v6.yaml +++ b/network/ports/vip_v6.yaml @@ -11,7 +11,7 @@ parameters: type: string NetworkName: description: Name of the network where the VIP will be created - default: internal_api + default: ctlplane type: string PortName: description: Name of the port diff --git a/network/storage.yaml b/network/storage.yaml index 00316c51..9729044d 100644 --- a/network/storage.yaml +++ b/network/storage.yaml @@ -62,4 +62,4 @@ outputs: description: Neutron storage network value: {get_resource: StorageNetwork} subnet_cidr: - value: {get_attr: StorageSubnet, cidr} + value: {get_attr: [StorageSubnet, cidr]} diff --git a/network/storage_mgmt.yaml b/network/storage_mgmt.yaml index bc4347c2..fc005573 100644 --- a/network/storage_mgmt.yaml +++ b/network/storage_mgmt.yaml @@ -62,4 +62,4 @@ outputs: description: Neutron storage management network value: {get_resource: StorageMgmtNetwork} subnet_cidr: - value: {get_attr: StorageMgmtSubnet, cidr} + value: {get_attr: [StorageMgmtSubnet, cidr]} diff --git a/network/storage_mgmt_v6.yaml b/network/storage_mgmt_v6.yaml index 0d6614f9..cef87de9 100644 --- a/network/storage_mgmt_v6.yaml +++ b/network/storage_mgmt_v6.yaml @@ -69,4 +69,4 @@ outputs: description: Neutron storage management network value: {get_resource: StorageMgmtNetwork} subnet_cidr: - value: {get_attr: StorageMgmtSubnet, cidr} + value: {get_attr: [StorageMgmtSubnet, cidr]} diff --git a/network/storage_v6.yaml b/network/storage_v6.yaml index bf796b2b..51edd4b3 100644 --- a/network/storage_v6.yaml +++ b/network/storage_v6.yaml @@ -69,4 +69,4 @@ outputs: description: Neutron storage network value: {get_resource: StorageNetwork} subnet_cidr: - value: {get_attr: StorageSubnet, cidr} + value: {get_attr: [StorageSubnet, cidr]} diff --git a/network/tenant.yaml b/network/tenant.yaml index 2104f0bd..67c4abbc 100644 --- a/network/tenant.yaml +++ b/network/tenant.yaml @@ -62,4 +62,4 @@ outputs: description: Neutron tenant network value: {get_resource: TenantNetwork} subnet_cidr: - value: {get_attr: TenantSubnet, cidr} + value: {get_attr: [TenantSubnet, cidr]} diff --git a/network/tenant_v6.yaml b/network/tenant_v6.yaml index 9993eec9..9f139cb1 100644 --- a/network/tenant_v6.yaml +++ b/network/tenant_v6.yaml @@ -69,4 +69,4 @@ outputs: description: Neutron tenant network value: {get_resource: TenantNetwork} subnet_cidr: - value: {get_attr: TenantSubnet, cidr} + value: {get_attr: [TenantSubnet, cidr]} diff --git a/network_data.yaml b/network_data.yaml index 23c231f9..6ad37dfe 100644 --- a/network_data.yaml +++ b/network_data.yaml @@ -5,30 +5,62 @@ # name: Name of the network (mandatory) # name_lower: lowercase version of name used for filenames # (optional, defaults to name.lower()) -# vlan: vlan for the network (optional) -# gateway: gateway for the network (optional) # enabled: Is the network enabled (optional, defaults to true) +# ipv6: Does this network use IPv6 IPs? (optional, defaults to false) +# (optional, may use parameter defaults in environment to set) +# vlan: vlan for the network (optional) # vip: Enable creation of a virtual IP on this network -# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports, to support -# VIPs on non-default networks. See https://bugs.launchpad.net/tripleo/+bug/1667104 +# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports, +# to support VIPs on non-default networks. +# See https://bugs.launchpad.net/tripleo/+bug/1667104 +# ip_subnet: IP/CIDR, e.g. '192.168.24.0/24' (optional, may use parameter defaults) +# allocation_pools: IP range list e.g. [{'start':'10.0.0.4', 'end':'10.0.0.250}] +# gateway_ip: gateway for the network (optional, may use parameter defaults) +# NOTE: IP-related values set parameter defaults in templates, may be overridden. +# compat_name: for existing stack you may need to override the default transformation +# for the resource's name. +# +# Example: +# - name Example +# vip: false +# ip_subnet: '10.0.2.0/24' +# allocation_pools: [{'start': '10.0.2.4', 'end': '10.0.2.250'}] +# gateway_ip: '10.0.2.254' # +# TODO (dsneddon) remove existing templates from j2_excludes.yaml +# and generate all templates dynamically. + - name: External vip: true name_lower: external + ip_subnet: '10.0.0.0/24' + allocation_pools: [{'start': '10.0.0.4', 'end': '10.0.0.250'}] + gateway_ip: '10.0.0.1' - name: InternalApi name_lower: internal_api vip: true + ip_subnet: '172.16.2.0/24' + allocation_pools: [{'start': '172.16.2.4', 'end': '172.16.2.250'}] + compat_name: Internal - name: Storage vip: true name_lower: storage + ip_subnet: '172.16.1.0/24' + allocation_pools: [{'start': '172.16.1.4', 'end': '172.16.1.250'}] - name: StorageMgmt name_lower: storage_mgmt vip: true + ip_subnet: '172.16.3.0/24' + allocation_pools: [{'start': '172.16.3.4', 'end': '172.16.3.250'}] - name: Tenant vip: false # Tenant network does not use VIPs name_lower: tenant + ip_subnet: '172.16.0.0/24' + allocation_pools: [{'start': '172.16.0.4', 'end': '172.16.0.250'}] - name: Management # Management network is disabled by default enabled: false vip: false # Management network does not use VIPs name_lower: management + ip_subnet: '10.0.1.0/24' + allocation_pools: [{'start': '10.0.1.4', 'end': '10.0.1.250'}] diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 0d3b875a..0b4b4feb 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -154,6 +154,7 @@ resource_registry: OS::TripleO::Services::NeutronCorePluginML2OVN: puppet/services/neutron-plugin-ml2-ovn.yaml OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml + OS::TripleO::Services::NeutronCorePluginML2Nuage: puppet/services/neutron-plugin-ml2-nuage.yaml OS::TripleO::Services::NeutronCorePluginNSX: puppet/services/neutron-plugin-nsx.yaml OS::TripleO::Services::OVNDBs: OS::Heat::None OS::TripleO::Services::OVNController: OS::Heat::None diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index ddf2701a..2bfdf506 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -46,8 +46,8 @@ parameters: CloudNameCtlplane: default: overcloud.ctlplane.localdomain description: > - The DNS name of this cloud's storage management endpoint. E.g. - 'ci-overcloud.management.tripleo.org'. + The DNS name of this cloud's provisioning network endpoint. E.g. + 'ci-overcloud.ctlplane.tripleo.org'. type: string ControlFixedIPs: default: [] @@ -89,7 +89,7 @@ parameters: description: Neutron ID or name for ctlplane network. NeutronPublicInterface: default: nic1 - description: What interface to bridge onto br-ex for network nodes. + description: Which interface to add to the NeutronPhysicalBridge. type: string PublicVirtualFixedIPs: default: [] diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 7d58d1da..de7b6b49 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -141,7 +141,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 48e5b97a..ce44fd68 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -147,7 +147,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 3ad6f745..af45793e 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -159,7 +159,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 933b5e60..ab81d1aa 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -173,7 +173,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json @@ -563,7 +563,6 @@ resources: extraconfig: {get_param: ExtraConfig} controller: # Misc - tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index 8cba4351..e81b1142 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -7,6 +7,7 @@ description: > parameters: # Can be overridden via parameter_defaults in the environment SSLCertificate: + default: '' description: > The content of the SSL certificate (without Key) in PEM format. type: string diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index a03a9da5..10e56450 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -141,7 +141,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 18707b9a..f1abf8dd 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -180,7 +180,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json @@ -513,9 +513,6 @@ resources: fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} - {%- if 'primary' in role.tags and 'controller' in role.tags %} - tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} - {%- endif -%} # Resource for site-specific injection of root certificate NodeTLSCAData: diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml index 3cf51519..27bc50f3 100644 --- a/puppet/services/ceilometer-agent-compute.yaml +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -39,6 +39,10 @@ parameters: type: string constraints: - allowed_values: ['naive', 'libvirt_metadata', 'workload_partitioning'] + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true resources: CeilometerServiceBase: @@ -61,6 +65,7 @@ outputs: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] - ceilometer::agent::compute::instance_discovery_method: {get_param: InstanceDiscoveryMethod} + - ceilometer_redis_password: {get_param: RedisPassword} compute_namespace: true service_config_settings: get_attr: [CeilometerServiceBase, role_data, service_config_settings] diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 9fc1530a..5cc020a9 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -51,6 +51,8 @@ parameters: description: > A list of publishers to put in event_pipeline.yaml. When the collector is used, override this with notifier:// publisher. + If zaqar is enabled, you can also publish to a zaqar queue + by including "zaqar://?queue=queue_name" in this list. Set ManageEventPipeline to true for override to take effect. type: comma_delimited_list ManagePipeline: diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml index bd96823b..bdcc4fcd 100644 --- a/puppet/services/database/redis.yaml +++ b/puppet/services/database/redis.yaml @@ -77,3 +77,6 @@ outputs: tags: step3 yum: name=redis state=latest when: redis_enabled.rc != 0 + - name: Start redis service + tags: step4 + service: name=redis state=started diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml index b6b4f270..642685a8 100644 --- a/puppet/services/haproxy-internal-tls-certmonger.yaml +++ b/puppet/services/haproxy-internal-tls-certmonger.yaml @@ -30,6 +30,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HAProxyInternalTLSCertsDirectory: + default: '/etc/pki/tls/certs/haproxy' + type: string + HAProxyInternalTLSKeysDirectory: + default: '/etc/pki/tls/private/haproxy' + type: string resources: @@ -55,14 +61,30 @@ outputs: config_settings: generate_service_certificates: true tripleo::haproxy::use_internal_certificates: true + tripleo::certmonger::haproxy_dirs::certificate_dir: + get_param: HAProxyInternalTLSCertsDirectory + tripleo::certmonger::haproxy_dirs::key_dir: + get_param: HAProxyInternalTLSKeysDirectory certificates_specs: map_merge: repeat: template: haproxy-NETWORK: - service_pem: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.pem' - service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.crt' - service_key: '/etc/pki/tls/private/overcloud-haproxy-NETWORK.key' + service_pem: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-NETWORK.pem' + service_certificate: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-NETWORK.crt' + service_key: + list_join: + - '' + - - {get_param: HAProxyInternalTLSKeysDirectory} + - '/overcloud-haproxy-NETWORK.key' hostname: "%{hiera('cloud_name_NETWORK')}" postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_NETWORK')}" diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml index e79d2aec..b2766c44 100644 --- a/puppet/services/haproxy-public-tls-certmonger.yaml +++ b/puppet/services/haproxy-public-tls-certmonger.yaml @@ -30,6 +30,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HAProxyInternalTLSCertsDirectory: + default: '/etc/pki/tls/certs/haproxy' + type: string + HAProxyInternalTLSKeysDirectory: + default: '/etc/pki/tls/private/haproxy' + type: string outputs: role_data: @@ -38,12 +44,32 @@ outputs: service_name: haproxy_public_tls_certmonger config_settings: generate_service_certificates: true - tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.pem' + tripleo::haproxy::service_certificate: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-external.pem' + tripleo::certmonger::haproxy_dirs::certificate_dir: + get_param: HAProxyInternalTLSCertsDirectory + tripleo::certmonger::haproxy_dirs::key_dir: + get_param: HAProxyInternalTLSKeysDirectory certificates_specs: haproxy-external: - service_pem: '/etc/pki/tls/certs/overcloud-haproxy-external.pem' - service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.crt' - service_key: '/etc/pki/tls/private/overcloud-haproxy-external.key' + service_pem: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-external.pem' + service_certificate: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/overcloud-haproxy-external.crt' + service_key: + list_join: + - '' + - - {get_param: HAProxyInternalTLSKeysDirectory} + - '/overcloud-haproxy-external.key' hostname: "%{hiera('cloud_name_external')}" postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_external')}" diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index a37135da..6b2d028f 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -57,6 +57,16 @@ parameters: MonitoringSubscriptionHaproxy: default: 'overcloud-haproxy' type: string + SSLCertificate: + default: '' + description: > + The content of the SSL certificate (without Key) in PEM format. + type: string + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string InternalTLSCAFile: default: '/etc/ipa/ca.crt' type: string @@ -68,6 +78,14 @@ parameters: description: Specifies the default CRL PEM file to use for revocation if TLS is used for services in the internal network. +conditions: + + public_tls_enabled: + not: + equals: + - {get_param: SSLCertificate} + - "" + resources: HAProxyPublicTLS: @@ -98,8 +116,6 @@ outputs: monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy} config_settings: map_merge: - - get_attr: [HAProxyPublicTLS, role_data, config_settings] - - get_attr: [HAProxyInternalTLS, role_data, config_settings] - tripleo.haproxy.firewall_rules: '107 haproxy stats': dport: 1993 @@ -115,6 +131,12 @@ outputs: map_merge: - get_attr: [HAProxyPublicTLS, role_data, certificates_specs] - get_attr: [HAProxyInternalTLS, role_data, certificates_specs] + - if: + - public_tls_enabled + - tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath} + - {} + - get_attr: [HAProxyPublicTLS, role_data, config_settings] + - get_attr: [HAProxyInternalTLS, role_data, config_settings] step_config: | include ::tripleo::profile::base::haproxy upgrade_tasks: diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 8796209b..218ba740 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -178,10 +178,10 @@ parameters: Cron to purge expired tokens - Week Day default: '*' KeystoneCronTokenFlushMaxDelay: - type: string + type: number description: > Cron to purge expired tokens - Max Delay - default: '0' + default: 0 KeystoneCronTokenFlushDestination: type: string description: > diff --git a/puppet/services/network/contrail-dpdk.yaml b/puppet/services/network/contrail-dpdk.yaml index 1f331894..65b2a2a1 100644 --- a/puppet/services/network/contrail-dpdk.yaml +++ b/puppet/services/network/contrail-dpdk.yaml @@ -31,7 +31,7 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string hidden: true ContrailVrouterPhysicalInterface: diff --git a/puppet/services/network/contrail-tsn.yaml b/puppet/services/network/contrail-tsn.yaml index 058b9dc9..a9655160 100644 --- a/puppet/services/network/contrail-tsn.yaml +++ b/puppet/services/network/contrail-tsn.yaml @@ -31,8 +31,9 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string + hidden: true ContrailVrouterPhysicalInterface: default: 'eth0' description: vRouter physical interface diff --git a/puppet/services/network/contrail-vrouter.yaml b/puppet/services/network/contrail-vrouter.yaml index 981fe2fb..1773c367 100644 --- a/puppet/services/network/contrail-vrouter.yaml +++ b/puppet/services/network/contrail-vrouter.yaml @@ -31,7 +31,7 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string hidden: true ContrailVrouterPhysicalInterface: diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index b9556890..b6980045 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -69,6 +69,12 @@ parameters: networks, neutron uses this value without modification. For overlay networks such as VXLAN, neutron automatically subtracts the overlay protocol overhead from this value. + NeutronDBSyncExtraParams: + default: '' + description: | + String of extra command line parameters to append to the neutron-db-manage + upgrade head command. + type: string ServiceData: default: {} description: Dictionary packing service data @@ -134,6 +140,7 @@ outputs: neutron::db::database_max_retries: -1 neutron::db::sync::db_sync_timeout: {get_param: DatabaseSyncTimeout} neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu} + neutron::db::sync::extra_params: {get_param: NeutronDBSyncExtraParams} - if: - dhcp_agents_zero - {} diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 1d4029cf..7894f78b 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -32,8 +32,7 @@ parameters: type: json NeutronEnableL2Pop: type: string - description: > - Enable/disable the L2 population feature in the Neutron agents. + description: Enable/disable the L2 population feature in the Neutron agents. default: "False" NeutronBridgeMappings: description: > @@ -47,8 +46,7 @@ parameters: default: "datacentre:br-ex" NeutronTunnelTypes: default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. + description: The tunnel types for the Neutron tenant network. type: comma_delimited_list NeutronAgentExtensions: default: "qos" diff --git a/puppet/services/neutron-plugin-ml2-nuage.yaml b/puppet/services/neutron-plugin-ml2-nuage.yaml new file mode 100644 index 00000000..a7dc2e8b --- /dev/null +++ b/puppet/services/neutron-plugin-ml2-nuage.yaml @@ -0,0 +1,99 @@ +heat_template_version: pike + +description: > + OpenStack Neutron ML2/Nuage plugin configured with Puppet + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + # Config specific parameters, to be provided via parameter_defaults + NeutronNuageNetPartitionName: + description: Specifies the title that you will see on the VSD + type: string + default: 'default_name' + + NeutronNuageVSDIp: + description: IP address and port of the Virtual Services Directory + type: string + + NeutronNuageVSDUsername: + description: Username to be used to log into VSD + type: string + + NeutronNuageVSDPassword: + description: Password to be used to log into VSD + type: string + + NeutronNuageVSDOrganization: + description: Organization parameter required to log into VSD + type: string + default: 'organization' + + NeutronNuageBaseURIVersion: + description: URI version to be used based on the VSD release + type: string + default: 'default_uri_version' + + NeutronNuageCMSId: + description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD + type: string + + UseForwardedFor: + description: Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy. + type: boolean + default: false + +resources: + + NeutronML2Base: + type: ./neutron-plugin-ml2.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Neutron ML2/Nuage plugin + value: + service_name: neutron_plugin_ml2_nuage + config_settings: + map_merge: + - get_attr: [NeutronML2Base, role_data, config_settings] + - neutron::plugins::ml2::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName} + neutron::plugins::ml2::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp} + neutron::plugins::ml2::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername} + neutron::plugins::ml2::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword} + neutron::plugins::ml2::nuage::nuage_vsd_organization: {get_param: NeutronNuageVSDOrganization} + neutron::plugins::ml2::nuage::nuage_base_uri_version: {get_param: NeutronNuageBaseURIVersion} + neutron::plugins::ml2::nuage::nuage_cms_id: {get_param: NeutronNuageCMSId} + nova::api::use_forwarded_for: {get_param: UseForwardedFor} + step_config: | + include tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/neutron-plugin-ml2-odl.yaml b/puppet/services/neutron-plugin-ml2-odl.yaml index cc4cd8f4..68bba110 100644 --- a/puppet/services/neutron-plugin-ml2-odl.yaml +++ b/puppet/services/neutron-plugin-ml2-odl.yaml @@ -33,7 +33,7 @@ parameters: OpenDaylightPortBindingController: description: OpenDaylight port binding controller type: string - default: 'network-topology' + default: 'pseudo-agentdb-binding' resources: diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index dd757b5d..bc91374a 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -72,6 +72,10 @@ parameters: default: 'vxlan' description: The tenant network type for Neutron. type: comma_delimited_list + NeutronFirewallDriver: + description: Firewall driver for realizing neutron security group function + type: string + default: 'openvswitch' resources: NeutronBase: @@ -100,6 +104,7 @@ outputs: neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges} neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges} neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType} + neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver} step_config: | include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index a12bfd0f..36866a3a 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -97,7 +97,7 @@ parameters: UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level - default: auto + default: '' MigrationSshKey: type: json description: > @@ -170,6 +170,11 @@ outputs: tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend} rbd_persistent_storage: {get_param: CinderEnableRbdBackend} nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey} diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index a6638be0..5abad452 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -45,7 +45,7 @@ parameters: UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level - default: auto + default: '' conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index e2ae7260..04936c33 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -139,6 +139,11 @@ outputs: # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey} nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID} tripleo::profile::base::nova::migration::client::libvirt_enabled: true diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 2027292c..139ab7c7 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -33,6 +33,28 @@ parameters: Required for VLAN deployments. For example physnet1 -> eth1. type: comma_delimited_list default: "datacentre:br-ex" + HostAllowedNetworkTypes: + description: Allowed tenant network types for this OVS host. Note this can + vary per host or role to constrain which hosts nova instances + and networks are scheduled to. + type: comma_delimited_list + default: ['local', 'vlan', 'vxlan', 'gre'] + OvsEnableDpdk: + description: Whether or not to configure enable DPDK in OVS + default: false + type: boolean + OvsVhostuserMode: + description: Specify the mode for OVS with vhostuser port creation. In + client mode, the hypervisor will be responsible for creating + vhostuser sockets. In server mode, OVS will create them. + type: string + default: "client" + constraints: + - allowed_values: [ 'client', 'server' ] + VhostuserSocketDir: + description: Specify the directory to use for vhostuser sockets + type: string + default: "/var/run/openvswitch" EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -71,6 +93,28 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + # Merging role-specific parameters (RoleParameters) with the default parameters. + # RoleParameters will have the precedence over the default parameters. + RoleParametersValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - map_replace: + - neutron::plugins::ovs::opendaylight::allowed_network_types: HostAllowedNetworkTypes + neutron::plugins::ovs::opendaylight::enable_dpdk: OvsEnableDpdk + neutron::plugins::ovs::opendaylight::vhostuser_socket_dir: VhostuserSocketDir + neutron::plugins::ovs::opendaylight::vhostuser_mode: OvsVhostuserMode + neutron::plugins::ovs::opendaylight::provider_mappings: OpenDaylightProviderMappings + - values: {get_param: [RoleParameters]} + - values: + HostAllowedNetworkTypes: {get_param: HostAllowedNetworkTypes} + OvsEnableDpdk: {get_param: OvsEnableDpdk} + VhostuserSocketDir: {get_param: VhostuserSocketDir} + OvsVhostuserMode: {get_param: OvsVhostuserMode} + OpenDaylightProviderMappings: {get_param: OpenDaylightProviderMappings} + outputs: role_data: description: Role data for the OpenDaylight service. @@ -86,7 +130,6 @@ outputs: opendaylight_check_url: {get_param: OpenDaylightCheckURL} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - neutron::plugins::ovs::opendaylight::provider_mappings: {get_param: OpenDaylightProviderMappings} tripleo.opendaylight_ovs.firewall_rules: '118 neutron vxlan networks': proto: 'udp' @@ -94,6 +137,7 @@ outputs: '136 neutron gre networks': proto: 'gre' - get_attr: [Ovs, role_data, config_settings] + - get_attr: [RoleParametersValue, value] step_config: | include tripleo::profile::base::neutron::plugins::ovs::opendaylight upgrade_tasks: diff --git a/puppet/services/ovn-controller.yaml b/puppet/services/ovn-controller.yaml index fbc5559a..30720448 100644 --- a/puppet/services/ovn-controller.yaml +++ b/puppet/services/ovn-controller.yaml @@ -45,7 +45,7 @@ parameters: bridge on hosts - to a physical name 'datacentre' which can be used to create provider networks (and we use this for the default floating network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name + scripts or be sure to keep 'datacentre' as a mapping network name. type: comma_delimited_list default: "datacentre:br-ex" diff --git a/releasenotes/notes/add-odl-sriov-env-e31982064c2bf646.yaml b/releasenotes/notes/add-odl-sriov-env-e31982064c2bf646.yaml new file mode 100644 index 00000000..523377c2 --- /dev/null +++ b/releasenotes/notes/add-odl-sriov-env-e31982064c2bf646.yaml @@ -0,0 +1,4 @@ +--- +features: + - Adds new environment file for deploying SRIOV + with OpenDaylight. diff --git a/releasenotes/notes/odl-port-binding-d420cac81f714778.yaml b/releasenotes/notes/odl-port-binding-d420cac81f714778.yaml new file mode 100644 index 00000000..645f3c79 --- /dev/null +++ b/releasenotes/notes/odl-port-binding-d420cac81f714778.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - Setting the port-binding to be pseudo-agentdb-binding. + Networking-odl no longer supports network-topology +features: + - Enables per role configuration of per host + configuration which allows an operator to dedicate + different compute roles to different network or + port types in OpenDaylight deployments. diff --git a/sample-env-generator/predictable-placement.yaml b/sample-env-generator/predictable-placement.yaml index ffda7aca..3a971fbd 100644 --- a/sample-env-generator/predictable-placement.yaml +++ b/sample-env-generator/predictable-placement.yaml @@ -15,3 +15,18 @@ environments: Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with OS::stack_name in the template below. If you want to use the heat generated names, pass '' (empty string). + - + name: predictable-placement/custom-domain + title: Custom Domain Name + files: + overcloud.yaml: + parameters: + - CloudDomain + - CloudName + - CloudNameInternal + - CloudNameStorage + - CloudNameStorageManagement + - CloudNameCtlplane + description: | + This environment contains the parameters that need to be set in order to + use a custom domain name and have all of the various FQDNs reflect it. diff --git a/tools/process-templates.py b/tools/process-templates.py index badc1426..07c27bad 100755 --- a/tools/process-templates.py +++ b/tools/process-templates.py @@ -96,6 +96,16 @@ def process_templates(template_path, role_data_path, output_dir, r_map = {} for r in role_data: r_map[r.get('name')] = r + + n_map = {} + for n in network_data: + if (n.get('enabled') is not False): + n_map[n.get('name')] = n + if not n.get('name_lower'): + n_map[n.get('name')]['name_lower'] = n.get('name').lower() + else: + print("skipping %s network: network is disabled" % n.get('name')) + excl_templates = ['%s/%s' % (template_path, e) for e in j2_excludes.get('name')] @@ -126,10 +136,13 @@ def process_templates(template_path, role_data_path, output_dir, for f in files: file_path = os.path.join(subdir, f) - # We do two templating passes here: + # We do three templating passes here: # 1. *.role.j2.yaml - we template just the role name # and create multiple files (one per role) - # 2. *.j2.yaml - we template with all roles_data, + # 2 *.network.j2.yaml - we template the network name and + # data and create multiple files for networks and + # network ports (one per network) + # 3. *.j2.yaml - we template with all roles_data, # and create one file common to all roles if f.endswith('.role.j2.yaml'): print("jinja2 rendering role template %s" % f) @@ -167,6 +180,30 @@ def process_templates(template_path, role_data_path, output_dir, else: print('skipping rendering of %s' % out_f_path) + + elif f.endswith('.network.j2.yaml'): + print("jinja2 rendering network template %s" % f) + with open(file_path) as j2_template: + template_data = j2_template.read() + print("jinja2 rendering networks %s" % ",".join(n_map)) + for network in n_map: + j2_data = {'network': n_map[network]} + # Output file names in "<name>.yaml" format + out_f = os.path.basename(f).replace('.network.j2.yaml', + '.yaml') + if os.path.dirname(file_path).endswith('ports'): + out_f = out_f.replace('port', + n_map[network]['name_lower']) + else: + out_f = out_f.replace('network', + n_map[network]['name_lower']) + out_f_path = os.path.join(out_dir, out_f) + if not (out_f_path in excl_templates): + _j2_render_to_file(template_data, j2_data, + out_f_path) + else: + print('skipping rendering of %s' % out_f_path) + elif f.endswith('.j2.yaml'): print("jinja2 rendering normal template %s" % f) with open(file_path) as j2_template: diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 3a2691d8..a096d69a 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -50,83 +50,57 @@ PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'], 'ExternalAllocationPools': ['default'], 'StorageNetCidr': ['default'], 'StorageAllocationPools': ['default'], - 'StorageMgmtNetCidr': ['default', - # FIXME - 'description'], + 'StorageMgmtNetCidr': ['default'], 'StorageMgmtAllocationPools': ['default'], 'TenantNetCidr': ['default'], 'TenantAllocationPools': ['default'], 'InternalApiNetCidr': ['default'], + 'InternalApiAllocationPools': ['default'], 'UpdateIdentifier': ['description'], + 'key_name': ['default'], + # There's one template that defines this + # differently, and I'm not sure if we can + # safely change it. + 'EC2MetadataIp': ['default'], + # Same as EC2MetadataIp + 'ControlPlaneDefaultRoute': ['default'], # TODO(bnemec): Address these existing # inconsistencies. - 'NeutronMetadataProxySharedSecret': [ - 'description', 'hidden'], 'ServiceNetMap': ['description', 'default'], - 'EC2MetadataIp': ['default'], 'network': ['default'], 'ControlPlaneIP': ['default', 'description'], 'ControlPlaneIp': ['default', 'description'], 'NeutronBigswitchLLDPEnabled': ['default'], - 'NeutronEnableL2Pop': ['description'], 'NeutronWorkers': ['description'], - 'TenantIpSubnet': ['description'], - 'ExternalNetName': ['description'], - 'ControlPlaneDefaultRoute': ['default'], - 'StorageMgmtNetName': ['description'], 'ServerMetadata': ['description'], - 'InternalApiIpUri': ['description'], - 'UpgradeLevelNovaCompute': ['default'], - 'StorageMgmtIpUri': ['description'], 'server': ['description'], 'servers': ['description'], - 'FixedIPs': ['description'], - 'ExternalIpSubnet': ['description'], - 'NeutronBridgeMappings': ['description'], 'ExtraConfig': ['description'], - 'InternalApiIpSubnet': ['description'], 'DefaultPasswords': ['description', 'default'], 'BondInterfaceOvsOptions': ['description', 'default', 'constraints'], 'KeyName': ['constraints'], - 'TenantNetName': ['description'], - 'StorageIpSubnet': ['description'], 'OVNSouthboundServerPort': ['description'], 'ExternalInterfaceDefaultRoute': ['description', 'default'], - 'ExternalIpUri': ['description'], 'IPPool': ['description'], - 'ControlPlaneNetwork': ['description'], 'SSLCertificate': ['description', 'default', 'hidden'], 'HostCpusList': ['default', 'constraints'], - 'InternalApiAllocationPools': ['default'], 'NodeIndex': ['description'], 'name': ['description', 'default'], - 'StorageNetName': ['description'], - 'ManagementNetName': ['description'], - 'NeutronPublicInterface': ['description'], - 'RoleParameters': ['description'], - 'ManagementInterfaceDefaultRoute': - ['default'], 'image': ['description', 'default'], 'NeutronBigswitchAgentEnabled': ['default'], 'EndpointMap': ['description', 'default'], 'DockerManilaConfigImage': ['description', 'default'], - 'NetworkName': ['default', 'description'], - 'StorageIpUri': ['description'], - 'InternalApiNetName': ['description'], - 'NeutronTunnelTypes': ['description'], 'replacement_policy': ['default'], - 'StorageMgmtIpSubnet': ['description'], 'CloudDomain': ['description', 'default'], - 'key_name': ['default', 'description'], 'EnableLoadBalancer': ['description'], 'ControllerExtraConfig': ['description'], 'NovaComputeExtraConfig': ['description'], |