diff options
Diffstat (limited to 'environments')
27 files changed, 325 insertions, 83 deletions
diff --git a/environments/ceph-ansible/ceph-ansible-external.yaml b/environments/ceph-ansible/ceph-ansible-external.yaml new file mode 100644 index 00000000..ed3bedbd --- /dev/null +++ b/environments/ceph-ansible/ceph-ansible-external.yaml @@ -0,0 +1,30 @@ +resource_registry: + OS::TripleO::Services::CephExternal: ../../docker/services/ceph-ansible/ceph-external.yaml + OS::TripleO::Services::CephMon: OS::Heat::None + OS::TripleO::Services::CephClient: OS::Heat::None + OS::TripleO::Services::CephOSD: OS::Heat::None + +parameter_defaults: + # NOTE: These example parameters are required when using CephExternal + #CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' + #CephClientKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + #CephExternalMonHost: '172.16.1.7, 172.16.1.8' + + # the following parameters enable Ceph backends for Cinder, Glance, Gnocchi and Nova + NovaEnableRbdBackend: true + CinderEnableRbdBackend: true + CinderBackupBackend: ceph + GlanceBackend: rbd + GnocchiBackend: rbd + # If the Ceph pools which host VMs, Volumes and Images do not match these + # names OR the client keyring to use is not named 'openstack', edit the + # following as needed. + NovaRbdPoolName: vms + CinderRbdPoolName: volumes + CinderBackupRbdPoolName: backups + GlanceRbdPoolName: images + GnocchiRbdPoolName: metrics + CephClientUserName: openstack + + # finally we disable the Cinder LVM backend + CinderEnableIscsiBackend: false diff --git a/environments/ceph-ansible/ceph-rgw.yaml b/environments/ceph-ansible/ceph-rgw.yaml new file mode 100644 index 00000000..4b09a703 --- /dev/null +++ b/environments/ceph-ansible/ceph-rgw.yaml @@ -0,0 +1,5 @@ +resource_registry: + OS::TripleO::Services::CephRgw: ../../docker/services/ceph-ansible/ceph-rgw.yaml + OS::TripleO::Services::SwiftProxy: OS::Heat::None + OS::TripleO::Services::SwiftStorage: OS::Heat::None + OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None diff --git a/environments/cinder-dellemc-vmax-iscsi-config.yaml b/environments/cinder-dellemc-vmax-iscsi-config.yaml new file mode 100644 index 00000000..3832dada --- /dev/null +++ b/environments/cinder-dellemc-vmax-iscsi-config.yaml @@ -0,0 +1,9 @@ +# A Heat environment file which can be used to enable a +# Cinder Dell EMC VMAX backend, configured via puppet +resource_registry: + OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI: ../puppet/services/cinder-backend-dellemc-vmax-iscsi.yaml + +parameter_defaults: + CinderEnableDellEMCVMAXISCSIBackend: true + CinderDellEMCVMAXISCSIBackendName: 'tripleo_dellemc_vmax_iscsi' + CinderDellEMCVMAXISCSIConfigFile: '' diff --git a/environments/contrail/roles_data_contrail.yaml b/environments/contrail/roles_data_contrail.yaml index 38b70e53..bd697160 100644 --- a/environments/contrail/roles_data_contrail.yaml +++ b/environments/contrail/roles_data_contrail.yaml @@ -87,8 +87,10 @@ - OS::TripleO::Services::ManilaBackendGeneric - OS::TripleO::Services::ManilaBackendNetapp - OS::TripleO::Services::ManilaBackendUnity + - OS::TripleO::Services::ManilaBackendIsilon - OS::TripleO::Services::ManilaBackendCephFs - OS::TripleO::Services::ManilaBackendVNX + - OS::TripleO::Services::ManilaBackendVMAX - OS::TripleO::Services::ManilaShare - OS::TripleO::Services::AodhApi - OS::TripleO::Services::AodhEvaluator diff --git a/environments/docker.yaml b/environments/docker.yaml index dfa30b08..06e3d3ab 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -30,7 +30,6 @@ resource_registry: OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml - OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml @@ -57,3 +56,7 @@ resource_registry: # OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml # OS::TripleO::Services::CinderBackup: ../docker/services/cinder-backup.yaml # OS::TripleO::Services::CinderVolume: ../docker/services/cinder-volume.yaml + # + # If SR-IOV is enabled on the compute nodes, it will need the SR-IOV + # host configuration. + OS::TripleO::Services::NeutronSriovHostConfig: OS::Heat::None diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml index 2fdecb4f..e85185d6 100644 --- a/environments/enable-internal-tls.yaml +++ b/environments/enable-internal-tls.yaml @@ -1,3 +1,7 @@ +# ******************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml +# instead. +# ******************************************************************************** # A Heat environment file which can be used to enable a # a TLS for in the internal network via certmonger parameter_defaults: diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 81044170..e674dc64 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -29,6 +29,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Tuned - OS::TripleO::Services::NeutronSriovAgent + - OS::TripleO::Services::NeutronSriovHostConfig - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient diff --git a/environments/manila-cephfsnative-config-docker.yaml b/environments/manila-cephfsnative-config-docker.yaml new file mode 100644 index 00000000..8c822918 --- /dev/null +++ b/environments/manila-cephfsnative-config-docker.yaml @@ -0,0 +1,20 @@ +# EXPERIMENTAL: The configuration enabled by this environment +# is not considered production-ready. +# +# A Heat environment file which can be used to enable a +# a Manila CephFS Native driver backend. +resource_registry: + OS::TripleO::Services::ManilaApi: ../docker/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../docker/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::TripleO::Services::ManilaShare: ../docker/services/pacemaker/manila-share.yaml + OS::TripleO::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml + + +parameter_defaults: + ManilaCephFSNativeBackendName: cephfsnative + ManilaCephFSNativeDriverHandlesShareServers: false + ManilaCephFSNativeCephFSConfPath: '/etc/ceph/ceph.conf' + ManilaCephFSNativeCephFSAuthId: 'manila' + ManilaCephFSNativeCephFSClusterName: 'ceph' + ManilaCephFSNativeCephFSEnableSnapshots: false diff --git a/environments/manila-isilon-config.yaml b/environments/manila-isilon-config.yaml new file mode 100644 index 00000000..809900c8 --- /dev/null +++ b/environments/manila-isilon-config.yaml @@ -0,0 +1,17 @@ +# This environment file enables Manila with the Isilon backend. +resource_registry: + OS::TripleO::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::TripleO::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + OS::TripleO::Services::ManilaBackendIsilon: ../puppet/services/manila-backend-isilon.yaml + +parameter_defaults: + ManilaIsilonBackendName: tripleo_isilon + ManilaIsilonDriverHandlesShareServers: true + ManilaIsilonNasLogin: '' + ManilaIsilonNasPassword: '' + ManilaIsilonNasServer: '' + ManilaIsilonNasRootDir: '' + ManilaIsilonNasServerPort: 8080 + ManilaIsilonNasServerSecure: '' diff --git a/environments/manila-netapp-config-docker.yaml b/environments/manila-netapp-config-docker.yaml new file mode 100644 index 00000000..6db6dff4 --- /dev/null +++ b/environments/manila-netapp-config-docker.yaml @@ -0,0 +1,32 @@ +# EXPERIMENTAL: The configuration enabled by this environment +# is not considered production-ready. +# +# This environment file enables Manila with the Netapp backend. +resource_registry: + OS::TripleO::Services::ManilaApi: ../docker/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../docker/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::TripleO::Services::ManilaShare: ../docker/services/pacemaker/manila-share.yaml + OS::TripleO::Services::ManilaBackendNetapp: ../puppet/services/manila-backend-netapp.yaml + +parameter_defaults: + ManilaNetappBackendName: tripleo_netapp + ManilaNetappDriverHandlesShareServers: true + ManilaNetappLogin: '' + ManilaNetappPassword: '' + ManilaNetappServerHostname: '' + ManilaNetappTransportType: 'http' + ManilaNetappStorageFamily: 'ontap_cluster' + ManilaNetappServerPort: 80 + ManilaNetappVolumeNameTemplate: 'share_%(share_id)s' + ManilaNetappVserver: '' + ManilaNetappVserverNameTemplate: 'os_%s' + ManilaNetappLifNameTemplate: 'os_%(net_allocation_id)s' + ManilaNetappAggrNameSearchPattern: '(.*)' + ManilaNetappRootVolumeAggr: '' + ManilaNetappRootVolume: 'root' + ManilaNetappPortNameSearchPattern: '(.*)' + ManilaNetappTraceFlags: '' + ManilaNetappEnabledShareProtocols: 'nfs3, nfs4.0' + ManilaNetappVolumeSnapshotReservePercent: 5 + ManilaNetappSnapmirrorQuiesceTimeout: 3600 diff --git a/environments/manila-vmax-config.yaml b/environments/manila-vmax-config.yaml new file mode 100644 index 00000000..8c9946ca --- /dev/null +++ b/environments/manila-vmax-config.yaml @@ -0,0 +1,19 @@ +# This environment file enables Manila with the VMAX backend. +resource_registry: + OS::TripleO::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::TripleO::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + OS::TripleO::Services::ManilaBackendVMAX: ../puppet/services/manila-backend-vmax.yaml + +parameter_defaults: + ManilaVMAXBackendName: tripleo_manila_vmax + ManilaVMAXDriverHandlesShareServers: true + ManilaVMAXNasLogin: '' + ManilaVMAXNasPassword: '' + ManilaVMAXNasServer: '' + ManilaVMAXServerContainer: '' + ManilaVMAXShareDataPools: '' + ManilaVMAXEthernetPorts: '' + + diff --git a/environments/network-environment-v6.yaml b/environments/network-environment-v6.yaml new file mode 100644 index 00000000..1617f897 --- /dev/null +++ b/environments/network-environment-v6.yaml @@ -0,0 +1,60 @@ +#This file is an example of an environment file for defining the isolated +#networks and related parameters. +resource_registry: + # Network Interface templates to use (these files must exist) + OS::TripleO::BlockStorage::Net::SoftwareConfig: + ../network/config/single-nic-vlans/cinder-storage.yaml + OS::TripleO::Compute::Net::SoftwareConfig: + ../network/config/single-nic-vlans/compute.yaml + OS::TripleO::Controller::Net::SoftwareConfig: + ../network/config/single-nic-vlans/controller.yaml + OS::TripleO::ObjectStorage::Net::SoftwareConfig: + ../network/config/single-nic-vlans/swift-storage.yaml + OS::TripleO::CephStorage::Net::SoftwareConfig: + ../network/config/single-nic-vlans/ceph-storage.yaml + +parameter_defaults: + # This section is where deployment-specific configuration is done + # CIDR subnet mask length for provisioning network + ControlPlaneSubnetCidr: '24' + # Gateway router for the provisioning network (or Undercloud IP) + ControlPlaneDefaultRoute: 192.168.24.254 + EC2MetadataIp: 192.168.24.1 # Generally the IP of the Undercloud + # Customize the IP subnets to match the local environment + InternalApiNetCidr: 'fd00:fd00:fd00:2000::/64' + StorageNetCidr: 'fd00:fd00:fd00:3000::/64' + StorageMgmtNetCidr: 'fd00:fd00:fd00:4000::/64' + # Tenant tunneling network is IPv4 until IPv6 is fully supported + TenantNetCidr: 172.16.0.0/24 + ExternalNetCidr: '2001:db8:fd00:1000::/64' + # Customize the VLAN IDs to match the local environment + InternalApiNetworkVlanID: 20 + StorageNetworkVlanID: 30 + StorageMgmtNetworkVlanID: 40 + TenantNetworkVlanID: 50 + ExternalNetworkVlanID: 10 + # Customize the IP ranges on each network to use for static IPs and VIPs + InternalApiAllocationPools: [{'start': 'fd00:fd00:fd00:2000::10', 'end': 'fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe'}] + StorageAllocationPools: [{'start': 'fd00:fd00:fd00:3000::10', 'end': 'fd00:fd00:fd00:3000:ffff:ffff:ffff:fffe'}] + StorageMgmtAllocationPools: [{'start': 'fd00:fd00:fd00:4000::10', 'end': 'fd00:fd00:fd00:4000:ffff:ffff:ffff:fffe'}] + TenantAllocationPools: [{'start': '172.16.0.10', 'end': '172.16.0.200'}] + # Leave room if the external network is also used for floating IPs + ExternalAllocationPools: [{'start': '2001:db8:fd00:1000::10', 'end': '2001:db8:fd00:1000:ffff:ffff:ffff:fffe'}] + # Gateway router for the external network + ExternalInterfaceDefaultRoute: '2001:db8:fd00:1000::1' + # Uncomment if using the Management Network (see network-management-v6.yaml) + # ManagementNetCidr: 'fd00:fd00:fd00:6000::/64' + # ManagementAllocationPools: [{'start': 'fd00:fd00:fd00:6000::10', 'end': 'fd00:fd00:fd00:6000:ffff:ffff:ffff:fffe'}] + # Use either this parameter or ControlPlaneDefaultRoute in the NIC templates + # ManagementInterfaceDefaultRoute: 'fd00:fd00:fd00:6000::1' + # Define the DNS servers (maximum 2) for the overcloud nodes + DnsServers: ["8.8.8.8","8.8.4.4"] + # List of Neutron network types for tenant networks (will be used in order) + NeutronNetworkType: 'vxlan,vlan' + # The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling. + NeutronTunnelTypes: 'vxlan' + # Neutron VLAN ranges per network, for example 'datacentre:1:499,tenant:500:1000': + NeutronNetworkVLANRanges: 'datacentre:1:1000' + # Customize bonding options, e.g. "mode=4 lacp_rate=1 updelay=1000 miimon=100" + # for Linux bonds w/LACP, or "bond_mode=active-backup" for OVS active/backup. + BondInterfaceOvsOptions: "bond_mode=active-backup" diff --git a/environments/network-isolation-no-tunneling.j2.yaml b/environments/network-isolation-no-tunneling.j2.yaml new file mode 100644 index 00000000..6bf00f1e --- /dev/null +++ b/environments/network-isolation-no-tunneling.j2.yaml @@ -0,0 +1,34 @@ +# ****************************************************************************** +# DEPRECATED: Modify networks used for custom roles by modifying the role file +# in the roles/ directory, or disable the network entirely by setting network to +# "enabled: false" in network_data.yaml. +# ****************************************************************************** +# Enable the creation of Neutron networks for isolated Overcloud +# traffic and configure each role to assign ports (related +# to that role) on these networks. This version of the environment +# has no dedicated VLAN for tunneling, for deployments that use +# VLAN mode, flat provider networks, etc. +resource_registry: + # networks as defined in network_data.yaml, except for tenant net + {%- for network in networks if network.enabled|default(true) and network.name != 'Tenant' %} + OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}.yaml + {%- endfor %} + OS::TripleO::Network::Tenant: OS::Heat::None + + # Port assignments for the VIPs + {%- for network in networks if network.vip and network.name != 'Tenant' %} + OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml + {%- endfor %} + OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml + + # Port assignments for each role are determined by the role definition. +{%- for role in roles %} + # Port assignments for the {{role.name}} role. + {%- for network in networks %} + {%- if network.name in role.networks|default([]) and network.enabled|default(true) and network.name != 'Tenant'%} + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml + {%- elif network.enabled|default(true) %} + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/noop.yaml + {%- endif %} + {%- endfor %} +{% endfor %} diff --git a/environments/network-isolation-no-tunneling.yaml b/environments/network-isolation-no-tunneling.yaml deleted file mode 100644 index ff1d7887..00000000 --- a/environments/network-isolation-no-tunneling.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# Enable the creation of Neutron networks for isolated Overcloud -# traffic and configure each role to assign ports (related -# to that role) on these networks. This version of the environment -# has no dedicated VLAN for tunneling, for deployments that use -# VLAN mode, flat provider networks, etc. -resource_registry: - OS::TripleO::Network::External: ../network/external.yaml - OS::TripleO::Network::InternalApi: ../network/internal_api.yaml - OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml - OS::TripleO::Network::Storage: ../network/storage.yaml - OS::TripleO::Network::Tenant: ../network/noop.yaml - # Management network is optional and disabled by default. - # To enable it, include environments/network-management.yaml - #OS::TripleO::Network::Management: ../network/management.yaml - - # Port assignments for the VIPs - OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml - OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api.yaml - OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage.yaml - OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml - OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml - - # Port assignments for the controller role - OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml - OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml - OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml - OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml - OS::TripleO::Controller::Ports::TenantPort: ../network/ports/noop.yaml - #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management.yaml - - # Port assignments for the compute role - OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml - OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api.yaml - OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml - OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml - OS::TripleO::Compute::Ports::TenantPort: ../network/ports/noop.yaml - #OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management.yaml - - # Port assignments for the ceph storage role - OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::InternalApiPort: ../network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml - OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml - OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml - #OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management.yaml - - # Port assignments for the swift storage role - OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml - OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml - OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml - OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml - OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml - #OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management.yaml - - # Port assignments for the block storage role - OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml - OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml - OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml - OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml - OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml - #OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml diff --git a/environments/network-isolation.j2.yaml b/environments/network-isolation.j2.yaml index 1b792afd..2db1a828 100644 --- a/environments/network-isolation.j2.yaml +++ b/environments/network-isolation.j2.yaml @@ -22,9 +22,6 @@ resource_registry: {%- endfor %} OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml - - OS::TripleO::{{primary_role_name}}::Ports::RedisVipPort: ../network/ports/vip.yaml - {%- for role in roles %} # Port assignments for the {{role.name}} {%- for network in networks %} diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml index ce64311b..fb47770f 100644 --- a/environments/neutron-nuage-config.yaml +++ b/environments/neutron-nuage-config.yaml @@ -28,6 +28,8 @@ parameter_defaults: NeutronTunnelIdRanges: '' NeutronNetworkVLANRanges: '' NeutronVniRanges: '' + NovaPatchConfigMonkeyPatch: false + NovaPatchConfigMonkeyPatchModules: '' NovaOVSBridge: 'default_bridge' NeutronMetadataProxySharedSecret: 'default' InstanceNameTemplate: 'inst-%08x' diff --git a/environments/neutron-opendaylight-dpdk.yaml b/environments/neutron-opendaylight-dpdk.yaml index d675252d..0d598980 100644 --- a/environments/neutron-opendaylight-dpdk.yaml +++ b/environments/neutron-opendaylight-dpdk.yaml @@ -9,9 +9,11 @@ resource_registry: parameter_defaults: NeutronEnableForceMetadata: true + NeutronPluginExtensions: 'port_security' NeutronMechanismDrivers: 'opendaylight_v2' - NeutronServicePlugins: 'odl-router_v2' + NeutronServicePlugins: 'odl-router_v2,trunk' NovaSchedulerDefaultFilters: "RamFilter,ComputeFilter,AvailabilityZoneFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,NUMATopologyFilter" + OpenDaylightSNATMechanism: 'controller' ComputeOvsDpdkParameters: OvsEnableDpdk: True diff --git a/environments/neutron-opendaylight-sriov.yaml b/environments/neutron-opendaylight-sriov.yaml index 5c0a0350..3a212ed3 100644 --- a/environments/neutron-opendaylight-sriov.yaml +++ b/environments/neutron-opendaylight-sriov.yaml @@ -11,6 +11,7 @@ resource_registry: parameter_defaults: NeutronEnableForceMetadata: true + NeutronPluginExtensions: 'port_security' NeutronMechanismDrivers: ['sriovnicswitch','opendaylight_v2'] NeutronServicePlugins: 'odl-router_v2,trunk' diff --git a/environments/neutron-opendaylight.yaml b/environments/neutron-opendaylight.yaml index 4644725d..e9b1ac11 100644 --- a/environments/neutron-opendaylight.yaml +++ b/environments/neutron-opendaylight.yaml @@ -12,3 +12,4 @@ parameter_defaults: NeutronEnableForceMetadata: true NeutronMechanismDrivers: 'opendaylight_v2' NeutronServicePlugins: 'odl-router_v2,trunk' + NeutronPluginExtensions: 'port_security' diff --git a/environments/neutron-sriov.yaml b/environments/neutron-sriov.yaml index 591e2260..26c28d28 100755 --- a/environments/neutron-sriov.yaml +++ b/environments/neutron-sriov.yaml @@ -4,16 +4,5 @@ resource_registry: parameter_defaults: NeutronMechanismDrivers: ['sriovnicswitch', 'openvswitch'] - - # Add PciPassthroughFilter to the scheduler default filters - #NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter'] - #NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"] - - #NeutronPhysicalDevMappings: "datacentre:ens20f2" - - # Number of VFs that needs to be configured for a physical interface - #NeutronSriovNumVFs: "ens20f2:5" - - #NovaPCIPassthrough: - # - devname: "ens20f2" - # physical_network: "datacentre" + NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter'] + NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"] diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml index 7718b821..65bbc3e4 100644 --- a/environments/puppet-ceph-external.yaml +++ b/environments/puppet-ceph-external.yaml @@ -27,6 +27,7 @@ parameter_defaults: # following as needed. NovaRbdPoolName: vms CinderRbdPoolName: volumes + CinderBackupRbdPoolName: backups GlanceRbdPoolName: images GnocchiRbdPoolName: metrics CephClientUserName: openstack diff --git a/environments/services-docker/neutron-opendaylight.yaml b/environments/services-docker/neutron-opendaylight.yaml index b749cb69..873957ae 100644 --- a/environments/services-docker/neutron-opendaylight.yaml +++ b/environments/services-docker/neutron-opendaylight.yaml @@ -10,7 +10,6 @@ resource_registry: parameter_defaults: NeutronEnableForceMetadata: true + NeutronPluginExtensions: 'port_security' NeutronMechanismDrivers: 'opendaylight_v2' NeutronServicePlugins: 'odl-router_v2,trunk' - DockerNeutronApiImage: 'centos-binary-neutron-server-opendaylight:latest' - DockerNeutronConfigImage: 'centos-binary-neutron-server-opendaylight:latest' diff --git a/environments/services-docker/neutron-ovn-ha.yaml b/environments/services-docker/neutron-ovn-ha.yaml new file mode 100644 index 00000000..7d3c1d19 --- /dev/null +++ b/environments/services-docker/neutron-ovn-ha.yaml @@ -0,0 +1,28 @@ +# A Heat environment that can be used to deploy OVN services with non HA OVN DB servers. +resource_registry: + OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml + OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml + OS::TripleO::Services::OVNDBs: ../../docker/services/pacemaker/ovn-dbs.yaml +# Disabling Neutron services that overlap with OVN + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None + + +parameter_defaults: + NeutronMechanismDrivers: ovn + OVNVifType: ovs + OVNNeutronSyncMode: log + OVNQosDriver: ovn-qos + OVNTunnelEncapType: geneve + NeutronEnableDHCPAgent: false + NeutronTypeDrivers: 'geneve,vxlan,vlan,flat' + NeutronNetworkType: 'geneve' + NeutronServicePlugins: 'qos,ovn-router' + NeutronVniRanges: ['1:65536', ] + # TODO (numans) - This is temporary and needs to be handled in tripleo-common + DockerNeutronApiImage: 'tripleoupstream/centos-binary-neutron-server-ovn:latest' + DockerNeutronConfigImage: 'tripleoupstream/centos-binary-neutron-server-ovn:latest' diff --git a/environments/services-docker/neutron-sriov.yaml b/environments/services-docker/neutron-sriov.yaml new file mode 100644 index 00000000..91725868 --- /dev/null +++ b/environments/services-docker/neutron-sriov.yaml @@ -0,0 +1,12 @@ +# EXPERIMENTAL: The configuration enabled by this environment is not considered +# production-ready. +# +# A Heat environment that can be used to enable SR-IOV support in neutron. +resource_registry: + OS::TripleO::Services::NeutronSriovAgent: ../../docker/services/neutron-sriov-agent.yaml + OS::TripleO::Services::NeutronSriovHostConfig: ../../puppet/services/neutron-sriov-host-config.yaml + +parameter_defaults: + NeutronMechanismDrivers: ['sriovnicswitch','openvswitch'] + NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter'] + NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"] diff --git a/environments/services/neutron-lbaasv2.yaml b/environments/services/neutron-lbaasv2.yaml index 385bb2fe..ca42d20d 100644 --- a/environments/services/neutron-lbaasv2.yaml +++ b/environments/services/neutron-lbaasv2.yaml @@ -8,7 +8,7 @@ # - OVS: neutron.agent.linux.interface.OVSInterfaceDriver # - LinuxBridges: neutron.agent.linux.interface.BridgeInterfaceDriver resource_registry: - OS::TripleO::Services::NeutronLbaasv2Agent: ../puppet/services/neutron-lbaas.yaml + OS::TripleO::Services::NeutronLbaasv2Agent: ../../puppet/services/neutron-lbaas.yaml parameter_defaults: NeutronLbaasInterfaceDriver: "neutron.agent.linux.interface.OVSInterfaceDriver" diff --git a/environments/ssl/enable-internal-tls.yaml b/environments/ssl/enable-internal-tls.yaml new file mode 100644 index 00000000..287ed19f --- /dev/null +++ b/environments/ssl/enable-internal-tls.yaml @@ -0,0 +1,36 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Enable SSL on OpenStack Internal Endpoints +# description: | +# A Heat environment file which can be used to enable TLS for the internal +# network via certmonger +parameter_defaults: + # ****************************************************** + # Static parameters - these are values that must be + # included in the environment but should not be changed. + # ****************************************************** + # + # Type: boolean + EnableInternalTLS: True + + # Rabbit client subscriber parameter to specify an SSL connection to the RabbitMQ host. + # Type: string + RabbitClientUseSSL: True + + # Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. + # Type: json + ServerMetadata: + ipa_enroll: True + + # ********************* + # End static parameters + # ********************* +resource_registry: + OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml + OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml + OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml + OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml diff --git a/environments/ssl/enable-tls.yaml b/environments/ssl/enable-tls.yaml index c8ed2bd2..e5ef8563 100644 --- a/environments/ssl/enable-tls.yaml +++ b/environments/ssl/enable-tls.yaml @@ -11,7 +11,6 @@ # must also be used. parameter_defaults: # The content of the SSL certificate (without Key) in PEM format. - # Mandatory. This parameter must be set by the user. # Type: string SSLCertificate: | The contents of your certificate go here |