diff options
Diffstat (limited to 'environments')
| -rw-r--r-- | environments/cinder-iser.yaml | 19 | ||||
| -rw-r--r-- | environments/enable-internal-tls.yaml | 11 | ||||
| -rw-r--r-- | environments/horizon_password_validation.yaml | 5 | ||||
| -rw-r--r-- | environments/neutron-ml2-fujitsu-fossw.yaml | 22 | ||||
| -rw-r--r-- | environments/puppet-pacemaker.yaml | 1 | ||||
| -rw-r--r-- | environments/services/ceph-rbdmirror.yaml | 2 | ||||
| -rw-r--r-- | environments/services/ec2-api.yaml | 3 | ||||
| -rw-r--r-- | environments/services/etcd.yaml | 2 | ||||
| -rw-r--r-- | environments/sshd-banner.yaml | 13 | ||||
| -rw-r--r-- | environments/tls-endpoints-public-dns.yaml | 6 | ||||
| -rw-r--r-- | environments/tls-endpoints-public-ip.yaml | 6 | ||||
| -rw-r--r-- | environments/tls-everywhere-endpoints-dns.yaml | 6 |
12 files changed, 96 insertions, 0 deletions
diff --git a/environments/cinder-iser.yaml b/environments/cinder-iser.yaml new file mode 100644 index 00000000..5eae7c04 --- /dev/null +++ b/environments/cinder-iser.yaml @@ -0,0 +1,19 @@ +parameter_defaults: + + ## Whether to enable iscsi backend for Cinder. + CinderEnableIscsiBackend: true + CinderISCSIProtocol: 'iser' + CinderISCSIHelper: 'lioadm' + + ## Whether to enable rbd (Ceph) backend for Cinder. + CinderEnableRbdBackend: false + + ## Whether to enable NFS backend for Cinder. + CinderEnableNfsBackend: false + + ## Whether to enable rbd (Ceph) backend for Nova ephemeral storage. + NovaEnableRbdBackend: false + + ## Glance backend can be either 'rbd' (Ceph), 'swift' or 'file'. + ## GlanceBackend: swift + diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml index 6e912faa..ff4ecfbe 100644 --- a/environments/enable-internal-tls.yaml +++ b/environments/enable-internal-tls.yaml @@ -2,7 +2,18 @@ # a TLS for in the internal network via certmonger parameter_defaults: EnableInternalTLS: true + + # Required for novajoin to enroll the overcloud nodes + ServerMetadata: + ipa_enroll: True + resource_registry: OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml OS::TripleO::Services::ApacheTLS: ../puppet/services/apache-internal-tls-certmonger.yaml OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml + # We use apache as a TLS proxy + OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml + + # Creates nova metadata that will create the extra service principals per + # node. + OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml diff --git a/environments/horizon_password_validation.yaml b/environments/horizon_password_validation.yaml new file mode 100644 index 00000000..1a0f92cc --- /dev/null +++ b/environments/horizon_password_validation.yaml @@ -0,0 +1,5 @@ +# Use this enviroment to pass in validation regex for horizons password +# validation checks +parameter_defaults: + HorizonPasswordValidator: '.*' + HorizonPasswordValidatorHelp: 'Your password does not meet the requirements.' diff --git a/environments/neutron-ml2-fujitsu-fossw.yaml b/environments/neutron-ml2-fujitsu-fossw.yaml new file mode 100644 index 00000000..8db8da75 --- /dev/null +++ b/environments/neutron-ml2-fujitsu-fossw.yaml @@ -0,0 +1,22 @@ +# A Heat environment file which can be used to enable Fujitsu fossw +# plugin, configured via puppet +resource_registry: + OS::TripleO::Services::NeutronML2FujitsuFossw: ../puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml + +parameter_defaults: + # Fixed + NeutronMechanismDrivers: ['openvswitch','fujitsu_fossw'] + NeutronTypeDrivers: ['vlan','vxlan'] + NeutronNetworkType: ['vlan','vxlan'] + + # Required + NeutronFujitsuFosswIps: '192.168.0.1,192.168.0.2' + NeutronFujitsuFosswUserName: + NeutronFujitsuFosswPassword: + + # Optional + #NeutronFujitsuFosswPort: + #NeutronFujitsuFosswTimeout: + #NeutronFujitsuFosswUdpDestPort: + #NeutronFujitsuFosswOvsdbVlanidRangeMin: + #NeutronFujitsuFosswOvsdbPort: diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index 0b71dbd9..da607a72 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -12,6 +12,7 @@ resource_registry: OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml OS::TripleO::Services::HAproxy: ../puppet/services/pacemaker/haproxy.yaml OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml + OS::TripleO::Services::PacemakerRemote: ../puppet/services/pacemaker_remote.yaml OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml # Services that are disabled by default (use relevant environment files): diff --git a/environments/services/ceph-rbdmirror.yaml b/environments/services/ceph-rbdmirror.yaml new file mode 100644 index 00000000..b350e4c5 --- /dev/null +++ b/environments/services/ceph-rbdmirror.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::CephRbdMirror: ../../puppet/services/pacemaker/ceph-rbdmirror.yaml diff --git a/environments/services/ec2-api.yaml b/environments/services/ec2-api.yaml new file mode 100644 index 00000000..d751ba23 --- /dev/null +++ b/environments/services/ec2-api.yaml @@ -0,0 +1,3 @@ +# A Heat environment file which can be used to enable EC2-API service. +resource_registry: + OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml diff --git a/environments/services/etcd.yaml b/environments/services/etcd.yaml new file mode 100644 index 00000000..08d54d58 --- /dev/null +++ b/environments/services/etcd.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::Etcd: ../../puppet/services/etcd.yaml diff --git a/environments/sshd-banner.yaml b/environments/sshd-banner.yaml new file mode 100644 index 00000000..041c0990 --- /dev/null +++ b/environments/sshd-banner.yaml @@ -0,0 +1,13 @@ +resource_registry: + OS::TripleO::Services::Sshd: ../puppet/services/sshd.yaml + +parameter_defaults: + BannerText: | + ****************************************************************** + * This system is for the use of authorized users only. Usage of * + * this system may be monitored and recorded by system personnel. * + * Anyone using this system expressly consents to such monitoring * + * and is advised that if such monitoring reveals possible * + * evidence of criminal activity, system personnel may provide * + * the evidence from such monitoring to law enforcement officials.* + ****************************************************************** diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index 74c9f61d..a02c479a 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -17,6 +17,9 @@ parameter_defaults: CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} @@ -55,6 +58,9 @@ parameter_defaults: NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index 17ff2feb..bf4d4f41 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -17,6 +17,9 @@ parameter_defaults: CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'} + Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} + Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'} GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'} @@ -55,6 +58,9 @@ parameter_defaults: NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'} + OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} + OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'} PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml index 0aa2be08..6193dde5 100644 --- a/environments/tls-everywhere-endpoints-dns.yaml +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -17,6 +17,9 @@ parameter_defaults: CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} + Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} + Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} @@ -55,6 +58,9 @@ parameter_defaults: NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} + OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} + OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} |