summaryrefslogtreecommitdiffstats
path: root/environments
diff options
context:
space:
mode:
Diffstat (limited to 'environments')
-rw-r--r--environments/ceph-ansible/ceph-ansible-external.yaml30
-rw-r--r--environments/ceph-ansible/ceph-rgw.yaml5
-rw-r--r--environments/cinder-dellemc-vmax-iscsi-config.yaml9
-rw-r--r--environments/contrail/roles_data_contrail.yaml2
-rw-r--r--environments/docker.yaml5
-rw-r--r--environments/enable-internal-tls.yaml4
-rw-r--r--environments/hyperconverged-ceph.yaml1
-rw-r--r--environments/manila-cephfsnative-config-docker.yaml20
-rw-r--r--environments/manila-isilon-config.yaml17
-rw-r--r--environments/manila-netapp-config-docker.yaml32
-rw-r--r--environments/manila-vmax-config.yaml19
-rw-r--r--environments/network-environment-v6.yaml60
-rw-r--r--environments/network-isolation-no-tunneling.j2.yaml34
-rw-r--r--environments/network-isolation-no-tunneling.yaml61
-rw-r--r--environments/network-isolation.j2.yaml3
-rw-r--r--environments/neutron-nuage-config.yaml2
-rw-r--r--environments/neutron-opendaylight-dpdk.yaml4
-rw-r--r--environments/neutron-opendaylight-sriov.yaml1
-rw-r--r--environments/neutron-opendaylight.yaml1
-rwxr-xr-xenvironments/neutron-sriov.yaml15
-rw-r--r--environments/puppet-ceph-external.yaml1
-rw-r--r--environments/services-docker/neutron-opendaylight.yaml3
-rw-r--r--environments/services-docker/neutron-ovn-ha.yaml28
-rw-r--r--environments/services-docker/neutron-sriov.yaml12
-rw-r--r--environments/services/neutron-lbaasv2.yaml2
-rw-r--r--environments/ssl/enable-internal-tls.yaml36
-rw-r--r--environments/ssl/enable-tls.yaml1
27 files changed, 325 insertions, 83 deletions
diff --git a/environments/ceph-ansible/ceph-ansible-external.yaml b/environments/ceph-ansible/ceph-ansible-external.yaml
new file mode 100644
index 00000000..ed3bedbd
--- /dev/null
+++ b/environments/ceph-ansible/ceph-ansible-external.yaml
@@ -0,0 +1,30 @@
+resource_registry:
+ OS::TripleO::Services::CephExternal: ../../docker/services/ceph-ansible/ceph-external.yaml
+ OS::TripleO::Services::CephMon: OS::Heat::None
+ OS::TripleO::Services::CephClient: OS::Heat::None
+ OS::TripleO::Services::CephOSD: OS::Heat::None
+
+parameter_defaults:
+ # NOTE: These example parameters are required when using CephExternal
+ #CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
+ #CephClientKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
+ #CephExternalMonHost: '172.16.1.7, 172.16.1.8'
+
+ # the following parameters enable Ceph backends for Cinder, Glance, Gnocchi and Nova
+ NovaEnableRbdBackend: true
+ CinderEnableRbdBackend: true
+ CinderBackupBackend: ceph
+ GlanceBackend: rbd
+ GnocchiBackend: rbd
+ # If the Ceph pools which host VMs, Volumes and Images do not match these
+ # names OR the client keyring to use is not named 'openstack', edit the
+ # following as needed.
+ NovaRbdPoolName: vms
+ CinderRbdPoolName: volumes
+ CinderBackupRbdPoolName: backups
+ GlanceRbdPoolName: images
+ GnocchiRbdPoolName: metrics
+ CephClientUserName: openstack
+
+ # finally we disable the Cinder LVM backend
+ CinderEnableIscsiBackend: false
diff --git a/environments/ceph-ansible/ceph-rgw.yaml b/environments/ceph-ansible/ceph-rgw.yaml
new file mode 100644
index 00000000..4b09a703
--- /dev/null
+++ b/environments/ceph-ansible/ceph-rgw.yaml
@@ -0,0 +1,5 @@
+resource_registry:
+ OS::TripleO::Services::CephRgw: ../../docker/services/ceph-ansible/ceph-rgw.yaml
+ OS::TripleO::Services::SwiftProxy: OS::Heat::None
+ OS::TripleO::Services::SwiftStorage: OS::Heat::None
+ OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
diff --git a/environments/cinder-dellemc-vmax-iscsi-config.yaml b/environments/cinder-dellemc-vmax-iscsi-config.yaml
new file mode 100644
index 00000000..3832dada
--- /dev/null
+++ b/environments/cinder-dellemc-vmax-iscsi-config.yaml
@@ -0,0 +1,9 @@
+# A Heat environment file which can be used to enable a
+# Cinder Dell EMC VMAX backend, configured via puppet
+resource_registry:
+ OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI: ../puppet/services/cinder-backend-dellemc-vmax-iscsi.yaml
+
+parameter_defaults:
+ CinderEnableDellEMCVMAXISCSIBackend: true
+ CinderDellEMCVMAXISCSIBackendName: 'tripleo_dellemc_vmax_iscsi'
+ CinderDellEMCVMAXISCSIConfigFile: ''
diff --git a/environments/contrail/roles_data_contrail.yaml b/environments/contrail/roles_data_contrail.yaml
index 38b70e53..bd697160 100644
--- a/environments/contrail/roles_data_contrail.yaml
+++ b/environments/contrail/roles_data_contrail.yaml
@@ -87,8 +87,10 @@
- OS::TripleO::Services::ManilaBackendGeneric
- OS::TripleO::Services::ManilaBackendNetapp
- OS::TripleO::Services::ManilaBackendUnity
+ - OS::TripleO::Services::ManilaBackendIsilon
- OS::TripleO::Services::ManilaBackendCephFs
- OS::TripleO::Services::ManilaBackendVNX
+ - OS::TripleO::Services::ManilaBackendVMAX
- OS::TripleO::Services::ManilaShare
- OS::TripleO::Services::AodhApi
- OS::TripleO::Services::AodhEvaluator
diff --git a/environments/docker.yaml b/environments/docker.yaml
index dfa30b08..06e3d3ab 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -30,7 +30,6 @@ resource_registry:
OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml
OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
- OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml
OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml
OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
@@ -57,3 +56,7 @@ resource_registry:
# OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml
# OS::TripleO::Services::CinderBackup: ../docker/services/cinder-backup.yaml
# OS::TripleO::Services::CinderVolume: ../docker/services/cinder-volume.yaml
+ #
+ # If SR-IOV is enabled on the compute nodes, it will need the SR-IOV
+ # host configuration.
+ OS::TripleO::Services::NeutronSriovHostConfig: OS::Heat::None
diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml
index 2fdecb4f..e85185d6 100644
--- a/environments/enable-internal-tls.yaml
+++ b/environments/enable-internal-tls.yaml
@@ -1,3 +1,7 @@
+# ********************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml
+# instead.
+# ********************************************************************************
# A Heat environment file which can be used to enable a
# a TLS for in the internal network via certmonger
parameter_defaults:
diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml
index 81044170..e674dc64 100644
--- a/environments/hyperconverged-ceph.yaml
+++ b/environments/hyperconverged-ceph.yaml
@@ -29,6 +29,7 @@ parameter_defaults:
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::NeutronSriovAgent
+ - OS::TripleO::Services::NeutronSriovHostConfig
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::FluentdClient
diff --git a/environments/manila-cephfsnative-config-docker.yaml b/environments/manila-cephfsnative-config-docker.yaml
new file mode 100644
index 00000000..8c822918
--- /dev/null
+++ b/environments/manila-cephfsnative-config-docker.yaml
@@ -0,0 +1,20 @@
+# EXPERIMENTAL: The configuration enabled by this environment
+# is not considered production-ready.
+#
+# A Heat environment file which can be used to enable a
+# a Manila CephFS Native driver backend.
+resource_registry:
+ OS::TripleO::Services::ManilaApi: ../docker/services/manila-api.yaml
+ OS::TripleO::Services::ManilaScheduler: ../docker/services/manila-scheduler.yaml
+ # Only manila-share is pacemaker managed:
+ OS::TripleO::Services::ManilaShare: ../docker/services/pacemaker/manila-share.yaml
+ OS::TripleO::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml
+
+
+parameter_defaults:
+ ManilaCephFSNativeBackendName: cephfsnative
+ ManilaCephFSNativeDriverHandlesShareServers: false
+ ManilaCephFSNativeCephFSConfPath: '/etc/ceph/ceph.conf'
+ ManilaCephFSNativeCephFSAuthId: 'manila'
+ ManilaCephFSNativeCephFSClusterName: 'ceph'
+ ManilaCephFSNativeCephFSEnableSnapshots: false
diff --git a/environments/manila-isilon-config.yaml b/environments/manila-isilon-config.yaml
new file mode 100644
index 00000000..809900c8
--- /dev/null
+++ b/environments/manila-isilon-config.yaml
@@ -0,0 +1,17 @@
+# This environment file enables Manila with the Isilon backend.
+resource_registry:
+ OS::TripleO::Services::ManilaApi: ../puppet/services/manila-api.yaml
+ OS::TripleO::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml
+ # Only manila-share is pacemaker managed:
+ OS::TripleO::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml
+ OS::TripleO::Services::ManilaBackendIsilon: ../puppet/services/manila-backend-isilon.yaml
+
+parameter_defaults:
+ ManilaIsilonBackendName: tripleo_isilon
+ ManilaIsilonDriverHandlesShareServers: true
+ ManilaIsilonNasLogin: ''
+ ManilaIsilonNasPassword: ''
+ ManilaIsilonNasServer: ''
+ ManilaIsilonNasRootDir: ''
+ ManilaIsilonNasServerPort: 8080
+ ManilaIsilonNasServerSecure: ''
diff --git a/environments/manila-netapp-config-docker.yaml b/environments/manila-netapp-config-docker.yaml
new file mode 100644
index 00000000..6db6dff4
--- /dev/null
+++ b/environments/manila-netapp-config-docker.yaml
@@ -0,0 +1,32 @@
+# EXPERIMENTAL: The configuration enabled by this environment
+# is not considered production-ready.
+#
+# This environment file enables Manila with the Netapp backend.
+resource_registry:
+ OS::TripleO::Services::ManilaApi: ../docker/services/manila-api.yaml
+ OS::TripleO::Services::ManilaScheduler: ../docker/services/manila-scheduler.yaml
+ # Only manila-share is pacemaker managed:
+ OS::TripleO::Services::ManilaShare: ../docker/services/pacemaker/manila-share.yaml
+ OS::TripleO::Services::ManilaBackendNetapp: ../puppet/services/manila-backend-netapp.yaml
+
+parameter_defaults:
+ ManilaNetappBackendName: tripleo_netapp
+ ManilaNetappDriverHandlesShareServers: true
+ ManilaNetappLogin: ''
+ ManilaNetappPassword: ''
+ ManilaNetappServerHostname: ''
+ ManilaNetappTransportType: 'http'
+ ManilaNetappStorageFamily: 'ontap_cluster'
+ ManilaNetappServerPort: 80
+ ManilaNetappVolumeNameTemplate: 'share_%(share_id)s'
+ ManilaNetappVserver: ''
+ ManilaNetappVserverNameTemplate: 'os_%s'
+ ManilaNetappLifNameTemplate: 'os_%(net_allocation_id)s'
+ ManilaNetappAggrNameSearchPattern: '(.*)'
+ ManilaNetappRootVolumeAggr: ''
+ ManilaNetappRootVolume: 'root'
+ ManilaNetappPortNameSearchPattern: '(.*)'
+ ManilaNetappTraceFlags: ''
+ ManilaNetappEnabledShareProtocols: 'nfs3, nfs4.0'
+ ManilaNetappVolumeSnapshotReservePercent: 5
+ ManilaNetappSnapmirrorQuiesceTimeout: 3600
diff --git a/environments/manila-vmax-config.yaml b/environments/manila-vmax-config.yaml
new file mode 100644
index 00000000..8c9946ca
--- /dev/null
+++ b/environments/manila-vmax-config.yaml
@@ -0,0 +1,19 @@
+# This environment file enables Manila with the VMAX backend.
+resource_registry:
+ OS::TripleO::Services::ManilaApi: ../puppet/services/manila-api.yaml
+ OS::TripleO::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml
+ # Only manila-share is pacemaker managed:
+ OS::TripleO::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml
+ OS::TripleO::Services::ManilaBackendVMAX: ../puppet/services/manila-backend-vmax.yaml
+
+parameter_defaults:
+ ManilaVMAXBackendName: tripleo_manila_vmax
+ ManilaVMAXDriverHandlesShareServers: true
+ ManilaVMAXNasLogin: ''
+ ManilaVMAXNasPassword: ''
+ ManilaVMAXNasServer: ''
+ ManilaVMAXServerContainer: ''
+ ManilaVMAXShareDataPools: ''
+ ManilaVMAXEthernetPorts: ''
+
+
diff --git a/environments/network-environment-v6.yaml b/environments/network-environment-v6.yaml
new file mode 100644
index 00000000..1617f897
--- /dev/null
+++ b/environments/network-environment-v6.yaml
@@ -0,0 +1,60 @@
+#This file is an example of an environment file for defining the isolated
+#networks and related parameters.
+resource_registry:
+ # Network Interface templates to use (these files must exist)
+ OS::TripleO::BlockStorage::Net::SoftwareConfig:
+ ../network/config/single-nic-vlans/cinder-storage.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig:
+ ../network/config/single-nic-vlans/compute.yaml
+ OS::TripleO::Controller::Net::SoftwareConfig:
+ ../network/config/single-nic-vlans/controller.yaml
+ OS::TripleO::ObjectStorage::Net::SoftwareConfig:
+ ../network/config/single-nic-vlans/swift-storage.yaml
+ OS::TripleO::CephStorage::Net::SoftwareConfig:
+ ../network/config/single-nic-vlans/ceph-storage.yaml
+
+parameter_defaults:
+ # This section is where deployment-specific configuration is done
+ # CIDR subnet mask length for provisioning network
+ ControlPlaneSubnetCidr: '24'
+ # Gateway router for the provisioning network (or Undercloud IP)
+ ControlPlaneDefaultRoute: 192.168.24.254
+ EC2MetadataIp: 192.168.24.1 # Generally the IP of the Undercloud
+ # Customize the IP subnets to match the local environment
+ InternalApiNetCidr: 'fd00:fd00:fd00:2000::/64'
+ StorageNetCidr: 'fd00:fd00:fd00:3000::/64'
+ StorageMgmtNetCidr: 'fd00:fd00:fd00:4000::/64'
+ # Tenant tunneling network is IPv4 until IPv6 is fully supported
+ TenantNetCidr: 172.16.0.0/24
+ ExternalNetCidr: '2001:db8:fd00:1000::/64'
+ # Customize the VLAN IDs to match the local environment
+ InternalApiNetworkVlanID: 20
+ StorageNetworkVlanID: 30
+ StorageMgmtNetworkVlanID: 40
+ TenantNetworkVlanID: 50
+ ExternalNetworkVlanID: 10
+ # Customize the IP ranges on each network to use for static IPs and VIPs
+ InternalApiAllocationPools: [{'start': 'fd00:fd00:fd00:2000::10', 'end': 'fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe'}]
+ StorageAllocationPools: [{'start': 'fd00:fd00:fd00:3000::10', 'end': 'fd00:fd00:fd00:3000:ffff:ffff:ffff:fffe'}]
+ StorageMgmtAllocationPools: [{'start': 'fd00:fd00:fd00:4000::10', 'end': 'fd00:fd00:fd00:4000:ffff:ffff:ffff:fffe'}]
+ TenantAllocationPools: [{'start': '172.16.0.10', 'end': '172.16.0.200'}]
+ # Leave room if the external network is also used for floating IPs
+ ExternalAllocationPools: [{'start': '2001:db8:fd00:1000::10', 'end': '2001:db8:fd00:1000:ffff:ffff:ffff:fffe'}]
+ # Gateway router for the external network
+ ExternalInterfaceDefaultRoute: '2001:db8:fd00:1000::1'
+ # Uncomment if using the Management Network (see network-management-v6.yaml)
+ # ManagementNetCidr: 'fd00:fd00:fd00:6000::/64'
+ # ManagementAllocationPools: [{'start': 'fd00:fd00:fd00:6000::10', 'end': 'fd00:fd00:fd00:6000:ffff:ffff:ffff:fffe'}]
+ # Use either this parameter or ControlPlaneDefaultRoute in the NIC templates
+ # ManagementInterfaceDefaultRoute: 'fd00:fd00:fd00:6000::1'
+ # Define the DNS servers (maximum 2) for the overcloud nodes
+ DnsServers: ["8.8.8.8","8.8.4.4"]
+ # List of Neutron network types for tenant networks (will be used in order)
+ NeutronNetworkType: 'vxlan,vlan'
+ # The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling.
+ NeutronTunnelTypes: 'vxlan'
+ # Neutron VLAN ranges per network, for example 'datacentre:1:499,tenant:500:1000':
+ NeutronNetworkVLANRanges: 'datacentre:1:1000'
+ # Customize bonding options, e.g. "mode=4 lacp_rate=1 updelay=1000 miimon=100"
+ # for Linux bonds w/LACP, or "bond_mode=active-backup" for OVS active/backup.
+ BondInterfaceOvsOptions: "bond_mode=active-backup"
diff --git a/environments/network-isolation-no-tunneling.j2.yaml b/environments/network-isolation-no-tunneling.j2.yaml
new file mode 100644
index 00000000..6bf00f1e
--- /dev/null
+++ b/environments/network-isolation-no-tunneling.j2.yaml
@@ -0,0 +1,34 @@
+# ******************************************************************************
+# DEPRECATED: Modify networks used for custom roles by modifying the role file
+# in the roles/ directory, or disable the network entirely by setting network to
+# "enabled: false" in network_data.yaml.
+# ******************************************************************************
+# Enable the creation of Neutron networks for isolated Overcloud
+# traffic and configure each role to assign ports (related
+# to that role) on these networks. This version of the environment
+# has no dedicated VLAN for tunneling, for deployments that use
+# VLAN mode, flat provider networks, etc.
+resource_registry:
+ # networks as defined in network_data.yaml, except for tenant net
+ {%- for network in networks if network.enabled|default(true) and network.name != 'Tenant' %}
+ OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}.yaml
+ {%- endfor %}
+ OS::TripleO::Network::Tenant: OS::Heat::None
+
+ # Port assignments for the VIPs
+ {%- for network in networks if network.vip and network.name != 'Tenant' %}
+ OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml
+ {%- endfor %}
+ OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
+
+ # Port assignments for each role are determined by the role definition.
+{%- for role in roles %}
+ # Port assignments for the {{role.name}} role.
+ {%- for network in networks %}
+ {%- if network.name in role.networks|default([]) and network.enabled|default(true) and network.name != 'Tenant'%}
+ OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml
+ {%- elif network.enabled|default(true) %}
+ OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/noop.yaml
+ {%- endif %}
+ {%- endfor %}
+{% endfor %}
diff --git a/environments/network-isolation-no-tunneling.yaml b/environments/network-isolation-no-tunneling.yaml
deleted file mode 100644
index ff1d7887..00000000
--- a/environments/network-isolation-no-tunneling.yaml
+++ /dev/null
@@ -1,61 +0,0 @@
-# Enable the creation of Neutron networks for isolated Overcloud
-# traffic and configure each role to assign ports (related
-# to that role) on these networks. This version of the environment
-# has no dedicated VLAN for tunneling, for deployments that use
-# VLAN mode, flat provider networks, etc.
-resource_registry:
- OS::TripleO::Network::External: ../network/external.yaml
- OS::TripleO::Network::InternalApi: ../network/internal_api.yaml
- OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml
- OS::TripleO::Network::Storage: ../network/storage.yaml
- OS::TripleO::Network::Tenant: ../network/noop.yaml
- # Management network is optional and disabled by default.
- # To enable it, include environments/network-management.yaml
- #OS::TripleO::Network::Management: ../network/management.yaml
-
- # Port assignments for the VIPs
- OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml
- OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api.yaml
- OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage.yaml
- OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
-
- # Port assignments for the controller role
- OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml
- OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml
- OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::Controller::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management.yaml
-
- # Port assignments for the compute role
- OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml
- OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api.yaml
- OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml
- OS::TripleO::Compute::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management.yaml
-
- # Port assignments for the ceph storage role
- OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::InternalApiPort: ../network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management.yaml
-
- # Port assignments for the swift storage role
- OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml
- OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml
- OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management.yaml
-
- # Port assignments for the block storage role
- OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml
- OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml
- OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml
diff --git a/environments/network-isolation.j2.yaml b/environments/network-isolation.j2.yaml
index 1b792afd..2db1a828 100644
--- a/environments/network-isolation.j2.yaml
+++ b/environments/network-isolation.j2.yaml
@@ -22,9 +22,6 @@ resource_registry:
{%- endfor %}
OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
-
- OS::TripleO::{{primary_role_name}}::Ports::RedisVipPort: ../network/ports/vip.yaml
-
{%- for role in roles %}
# Port assignments for the {{role.name}}
{%- for network in networks %}
diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml
index ce64311b..fb47770f 100644
--- a/environments/neutron-nuage-config.yaml
+++ b/environments/neutron-nuage-config.yaml
@@ -28,6 +28,8 @@ parameter_defaults:
NeutronTunnelIdRanges: ''
NeutronNetworkVLANRanges: ''
NeutronVniRanges: ''
+ NovaPatchConfigMonkeyPatch: false
+ NovaPatchConfigMonkeyPatchModules: ''
NovaOVSBridge: 'default_bridge'
NeutronMetadataProxySharedSecret: 'default'
InstanceNameTemplate: 'inst-%08x'
diff --git a/environments/neutron-opendaylight-dpdk.yaml b/environments/neutron-opendaylight-dpdk.yaml
index d675252d..0d598980 100644
--- a/environments/neutron-opendaylight-dpdk.yaml
+++ b/environments/neutron-opendaylight-dpdk.yaml
@@ -9,9 +9,11 @@ resource_registry:
parameter_defaults:
NeutronEnableForceMetadata: true
+ NeutronPluginExtensions: 'port_security'
NeutronMechanismDrivers: 'opendaylight_v2'
- NeutronServicePlugins: 'odl-router_v2'
+ NeutronServicePlugins: 'odl-router_v2,trunk'
NovaSchedulerDefaultFilters: "RamFilter,ComputeFilter,AvailabilityZoneFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,NUMATopologyFilter"
+ OpenDaylightSNATMechanism: 'controller'
ComputeOvsDpdkParameters:
OvsEnableDpdk: True
diff --git a/environments/neutron-opendaylight-sriov.yaml b/environments/neutron-opendaylight-sriov.yaml
index 5c0a0350..3a212ed3 100644
--- a/environments/neutron-opendaylight-sriov.yaml
+++ b/environments/neutron-opendaylight-sriov.yaml
@@ -11,6 +11,7 @@ resource_registry:
parameter_defaults:
NeutronEnableForceMetadata: true
+ NeutronPluginExtensions: 'port_security'
NeutronMechanismDrivers: ['sriovnicswitch','opendaylight_v2']
NeutronServicePlugins: 'odl-router_v2,trunk'
diff --git a/environments/neutron-opendaylight.yaml b/environments/neutron-opendaylight.yaml
index 4644725d..e9b1ac11 100644
--- a/environments/neutron-opendaylight.yaml
+++ b/environments/neutron-opendaylight.yaml
@@ -12,3 +12,4 @@ parameter_defaults:
NeutronEnableForceMetadata: true
NeutronMechanismDrivers: 'opendaylight_v2'
NeutronServicePlugins: 'odl-router_v2,trunk'
+ NeutronPluginExtensions: 'port_security'
diff --git a/environments/neutron-sriov.yaml b/environments/neutron-sriov.yaml
index 591e2260..26c28d28 100755
--- a/environments/neutron-sriov.yaml
+++ b/environments/neutron-sriov.yaml
@@ -4,16 +4,5 @@ resource_registry:
parameter_defaults:
NeutronMechanismDrivers: ['sriovnicswitch', 'openvswitch']
-
- # Add PciPassthroughFilter to the scheduler default filters
- #NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter']
- #NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"]
-
- #NeutronPhysicalDevMappings: "datacentre:ens20f2"
-
- # Number of VFs that needs to be configured for a physical interface
- #NeutronSriovNumVFs: "ens20f2:5"
-
- #NovaPCIPassthrough:
- # - devname: "ens20f2"
- # physical_network: "datacentre"
+ NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter']
+ NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"]
diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml
index 7718b821..65bbc3e4 100644
--- a/environments/puppet-ceph-external.yaml
+++ b/environments/puppet-ceph-external.yaml
@@ -27,6 +27,7 @@ parameter_defaults:
# following as needed.
NovaRbdPoolName: vms
CinderRbdPoolName: volumes
+ CinderBackupRbdPoolName: backups
GlanceRbdPoolName: images
GnocchiRbdPoolName: metrics
CephClientUserName: openstack
diff --git a/environments/services-docker/neutron-opendaylight.yaml b/environments/services-docker/neutron-opendaylight.yaml
index b749cb69..873957ae 100644
--- a/environments/services-docker/neutron-opendaylight.yaml
+++ b/environments/services-docker/neutron-opendaylight.yaml
@@ -10,7 +10,6 @@ resource_registry:
parameter_defaults:
NeutronEnableForceMetadata: true
+ NeutronPluginExtensions: 'port_security'
NeutronMechanismDrivers: 'opendaylight_v2'
NeutronServicePlugins: 'odl-router_v2,trunk'
- DockerNeutronApiImage: 'centos-binary-neutron-server-opendaylight:latest'
- DockerNeutronConfigImage: 'centos-binary-neutron-server-opendaylight:latest'
diff --git a/environments/services-docker/neutron-ovn-ha.yaml b/environments/services-docker/neutron-ovn-ha.yaml
new file mode 100644
index 00000000..7d3c1d19
--- /dev/null
+++ b/environments/services-docker/neutron-ovn-ha.yaml
@@ -0,0 +1,28 @@
+# A Heat environment that can be used to deploy OVN services with non HA OVN DB servers.
+resource_registry:
+ OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
+ OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
+ OS::TripleO::Services::OVNDBs: ../../docker/services/pacemaker/ovn-dbs.yaml
+# Disabling Neutron services that overlap with OVN
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+ OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
+
+
+parameter_defaults:
+ NeutronMechanismDrivers: ovn
+ OVNVifType: ovs
+ OVNNeutronSyncMode: log
+ OVNQosDriver: ovn-qos
+ OVNTunnelEncapType: geneve
+ NeutronEnableDHCPAgent: false
+ NeutronTypeDrivers: 'geneve,vxlan,vlan,flat'
+ NeutronNetworkType: 'geneve'
+ NeutronServicePlugins: 'qos,ovn-router'
+ NeutronVniRanges: ['1:65536', ]
+ # TODO (numans) - This is temporary and needs to be handled in tripleo-common
+ DockerNeutronApiImage: 'tripleoupstream/centos-binary-neutron-server-ovn:latest'
+ DockerNeutronConfigImage: 'tripleoupstream/centos-binary-neutron-server-ovn:latest'
diff --git a/environments/services-docker/neutron-sriov.yaml b/environments/services-docker/neutron-sriov.yaml
new file mode 100644
index 00000000..91725868
--- /dev/null
+++ b/environments/services-docker/neutron-sriov.yaml
@@ -0,0 +1,12 @@
+# EXPERIMENTAL: The configuration enabled by this environment is not considered
+# production-ready.
+#
+# A Heat environment that can be used to enable SR-IOV support in neutron.
+resource_registry:
+ OS::TripleO::Services::NeutronSriovAgent: ../../docker/services/neutron-sriov-agent.yaml
+ OS::TripleO::Services::NeutronSriovHostConfig: ../../puppet/services/neutron-sriov-host-config.yaml
+
+parameter_defaults:
+ NeutronMechanismDrivers: ['sriovnicswitch','openvswitch']
+ NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter']
+ NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"]
diff --git a/environments/services/neutron-lbaasv2.yaml b/environments/services/neutron-lbaasv2.yaml
index 385bb2fe..ca42d20d 100644
--- a/environments/services/neutron-lbaasv2.yaml
+++ b/environments/services/neutron-lbaasv2.yaml
@@ -8,7 +8,7 @@
# - OVS: neutron.agent.linux.interface.OVSInterfaceDriver
# - LinuxBridges: neutron.agent.linux.interface.BridgeInterfaceDriver
resource_registry:
- OS::TripleO::Services::NeutronLbaasv2Agent: ../puppet/services/neutron-lbaas.yaml
+ OS::TripleO::Services::NeutronLbaasv2Agent: ../../puppet/services/neutron-lbaas.yaml
parameter_defaults:
NeutronLbaasInterfaceDriver: "neutron.agent.linux.interface.OVSInterfaceDriver"
diff --git a/environments/ssl/enable-internal-tls.yaml b/environments/ssl/enable-internal-tls.yaml
new file mode 100644
index 00000000..287ed19f
--- /dev/null
+++ b/environments/ssl/enable-internal-tls.yaml
@@ -0,0 +1,36 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Enable SSL on OpenStack Internal Endpoints
+# description: |
+# A Heat environment file which can be used to enable TLS for the internal
+# network via certmonger
+parameter_defaults:
+ # ******************************************************
+ # Static parameters - these are values that must be
+ # included in the environment but should not be changed.
+ # ******************************************************
+ #
+ # Type: boolean
+ EnableInternalTLS: True
+
+ # Rabbit client subscriber parameter to specify an SSL connection to the RabbitMQ host.
+ # Type: string
+ RabbitClientUseSSL: True
+
+ # Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API.
+ # Type: json
+ ServerMetadata:
+ ipa_enroll: True
+
+ # *********************
+ # End static parameters
+ # *********************
+resource_registry:
+ OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml
+ OS::TripleO::Services::CertmongerUser: ../puppet/services/certmonger-user.yaml
+ OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
+ OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
diff --git a/environments/ssl/enable-tls.yaml b/environments/ssl/enable-tls.yaml
index c8ed2bd2..e5ef8563 100644
--- a/environments/ssl/enable-tls.yaml
+++ b/environments/ssl/enable-tls.yaml
@@ -11,7 +11,6 @@
# must also be used.
parameter_defaults:
# The content of the SSL certificate (without Key) in PEM format.
- # Mandatory. This parameter must be set by the user.
# Type: string
SSLCertificate: |
The contents of your certificate go here