summaryrefslogtreecommitdiffstats
path: root/environments
diff options
context:
space:
mode:
Diffstat (limited to 'environments')
-rw-r--r--environments/auditd.yaml119
-rw-r--r--environments/cinder-dellps-config.yaml31
-rw-r--r--environments/cinder-dellsc-config.yaml4
-rw-r--r--environments/cinder-eqlx-config.yaml17
-rw-r--r--environments/cinder-scaleio-config.yaml35
-rw-r--r--environments/collectd-environment.yaml23
-rw-r--r--environments/contrail/contrail-net.yaml26
-rw-r--r--environments/contrail/contrail-nic-config-compute.yaml167
-rw-r--r--environments/contrail/contrail-services.yaml45
-rw-r--r--environments/contrail/roles_data_contrail.yaml237
-rw-r--r--environments/deployed-server-bootstrap-environment-rhel.yaml7
-rw-r--r--environments/enable-internal-tls.yaml9
-rw-r--r--environments/enable_congress.yaml2
-rw-r--r--environments/enable_tacker.yaml2
-rw-r--r--environments/horizon_password_validation.yaml5
-rw-r--r--environments/host-config-pre-network.j2.yaml6
-rw-r--r--environments/major-upgrade-all-in-one.yaml8
-rw-r--r--environments/major-upgrade-composable-steps.yaml3
-rw-r--r--environments/neutron-opencontrail.yaml25
-rw-r--r--environments/neutron-opendaylight-l3.yaml14
-rwxr-xr-xenvironments/neutron-sriov.yaml3
-rw-r--r--environments/services/ceph-rbdmirror.yaml2
-rw-r--r--environments/services/ec2-api.yaml3
-rw-r--r--environments/services/octavia.yaml9
-rw-r--r--environments/sshd-banner.yaml13
-rw-r--r--environments/tls-endpoints-public-dns.yaml45
-rw-r--r--environments/tls-endpoints-public-ip.yaml45
-rw-r--r--environments/tls-everywhere-endpoints-dns.yaml45
28 files changed, 877 insertions, 73 deletions
diff --git a/environments/auditd.yaml b/environments/auditd.yaml
new file mode 100644
index 00000000..b358c98a
--- /dev/null
+++ b/environments/auditd.yaml
@@ -0,0 +1,119 @@
+resource_registry:
+ OS::TripleO::Services::AuditD: ../puppet/services/auditd.yaml
+
+parameter_defaults:
+ AuditdRules:
+ 'Record attempts to alter time through adjtimex':
+ content: '-a always,exit -F arch=b64 -S adjtimex -k audit_time_rules'
+ order : 1
+ 'Record attempts to alter time through settimeofday':
+ content: '-a always,exit -F arch=b64 -S settimeofday -k audit_time_rules'
+ order : 2
+ 'Record Attempts to Alter Time Through stime':
+ content: '-a always,exit -F arch=b64 -S stime -k audit_time_rules'
+ order : 3
+ 'Record Attempts to Alter Time Through clock_settime':
+ content: '-a always,exit -F arch=b64 -S clock_settime -k audit_time_rules'
+ order : 4
+ 'Record Attempts to Alter the localtime File':
+ content: '-w /etc/localtime -p wa -k audit_time_rules'
+ order : 5
+ 'Record Events that Modify the Systems Discretionary Access Controls - chmod':
+ content: '-a always,exit -F arch=b64 -S chmod -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 5
+ 'Record Events that Modify the Systems Discretionary Access Controls - chown':
+ content: '-a always,exit -F arch=b64 -S chown -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 6
+ 'Record Events that Modify the Systems Discretionary Access Controls - fchmod':
+ content: '-a always,exit -F arch=b64 -S fchmod -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 7
+ 'Record Events that Modify the Systems Discretionary Access Controls - fchmodat':
+ content: '-a always,exit -F arch=b64 -S fchmodat -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 8
+ 'Record Events that Modify the Systems Discretionary Access Controls - fchown':
+ content: '-a always,exit -F arch=b64 -S fchown -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 9
+ 'Record Events that Modify the Systems Discretionary Access Controls - fchownat':
+ content: '-a always,exit -F arch=b64 -S fchownat -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 10
+ 'Record Events that Modify the Systems Discretionary Access Controls - fremovexattr':
+ content: '-a always,exit -F arch=b64 -S fremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 11
+ 'Record Events that Modify the Systems Discretionary Access Controls - fsetxattr':
+ content: '-a always,exit -F arch=b64 -S fsetxattr -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 12
+ 'Record Events that Modify the Systems Discretionary Access Controls - lchown':
+ content: '-a always,exit -F arch=b64 -S lchown -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 13
+ 'Record Events that Modify the Systems Discretionary Access Controls - lremovexattr':
+ content: '-a always,exit -F arch=b64 -S lremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 14
+ 'Record Events that Modify the Systems Discretionary Access Controls - lsetxattr':
+ content: '-a always,exit -F arch=b64 -S lsetxattr -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 15
+ 'Record Events that Modify the Systems Discretionary Access Controls - removexattr':
+ content: '-a always,exit -F arch=b64 -S removexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 16
+ 'Record Events that Modify the Systems Discretionary Access Controls - setxattr':
+ content: '-a always,exit -F arch=b64 -S setxattr -F auid>=1000 -F auid!=4294967295 -k perm_mod'
+ order : 17
+ 'Record Events that Modify User/Group Information - /etc/group':
+ content: '-w /etc/group -p wa -k audit_rules_usergroup_modification'
+ order : 18
+ 'Record Events that Modify User/Group Information - /etc/passwd':
+ content: '-w /etc/passwd -p wa -k audit_rules_usergroup_modification'
+ order : 19
+ 'Record Events that Modify User/Group Information - /etc/gshadow':
+ content: '-w /etc/gshadow -p wa -k audit_rules_usergroup_modification'
+ order : 20
+ 'Record Events that Modify User/Group Information - /etc/shadow':
+ content: '-w /etc/shadow -p wa -k audit_rules_usergroup_modification'
+ order : 21
+ 'Record Events that Modify User/Group Information - /etc/opasswd':
+ content: '-w /etc/opasswd -p wa -k audit_rules_usergroup_modification'
+ order : 22
+ 'Record Events that Modify the Systems Network Environment - sethostname / setdomainname':
+ content: '-a always,exit -F arch=b64 -S sethostname -S setdomainname -k audit_rules_networkconfig_modification'
+ order : 23
+ 'Record Events that Modify the Systems Network Environment - /etc/issue':
+ content: '-w /etc/issue -p wa -k audit_rules_networkconfig_modification'
+ order : 24
+ 'Record Events that Modify the Systems Network Environment - /etc/issue.net':
+ content: '-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification'
+ order : 25
+ 'Record Events that Modify the Systems Network Environment - /etc/hosts':
+ content: '-w /etc/hosts -p wa -k audit_rules_networkconfig_modification'
+ order : 26
+ 'Record Events that Modify the Systems Network Environment - /etc/sysconfig/network':
+ content: '-w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification'
+ order : 27
+ 'Record Events that Modify the Systems Mandatory Access Controls':
+ content: '-w /etc/selinux/ -p wa -k MAC-policy'
+ order : 28
+ 'Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful / EACCES)':
+ content: '-a always,exit -F arch=b64 -S creat -S open -S openat -S open_by_handle_at -S truncate -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access'
+ order : 29
+ 'Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful / EPERM)':
+ content: '-a always,exit -F arch=b64 -S creat -S open -S openat -S open_by_handle_at -S truncate -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -k access'
+ order : 30
+ 'Ensure auditd Collects Information on the Use of Privileged Commands':
+ content: '-a always,exit -F path=SETUID_PROG_PATH -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged'
+ order : 31
+ 'Ensure auditd Collects Information on Exporting to Media (successful)':
+ content: '-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=4294967295 -k export'
+ order : 32
+ 'Ensure auditd Collects File Deletion Events by User':
+ content: '-a always,exit -F arch=b64 -S rmdir -S unlink -S unlinkat -S rename -S renameat -F auid>=1000 -F auid!=4294967295 -k delete'
+ order : 33
+ 'Ensure auditd Collects System Administrator Actions':
+ content: '-w /etc/sudoers -p wa -k actions'
+ order : 34
+ 'Ensure auditd Collects Information on Kernel Module Loading and Unloading (insmod)':
+ content: '-w /usr/sbin/insmod -p x -k modules'
+ order : 35
+ 'Ensure auditd Collects Information on Kernel Module Loading and Unloading (rmmod)':
+ content: '-w /usr/sbin/rmmod -p x -k modules'
+ order : 36
+ 'Ensure auditd Collects Information on Kernel Module Loading and Unloading (modprobe)':
+ content: '-w /usr/sbin/modprobe -p x -k modules'
+ order : 37
diff --git a/environments/cinder-dellps-config.yaml b/environments/cinder-dellps-config.yaml
new file mode 100644
index 00000000..eefd0fd6
--- /dev/null
+++ b/environments/cinder-dellps-config.yaml
@@ -0,0 +1,31 @@
+# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# A Heat environment file which can be used to enable a
+# a Cinder Dell EMC PS Series backend, configured via puppet
+resource_registry:
+ OS::TripleO::Services::CinderBackendDellPs: ../puppet/services/cinder-backend-dellps.yaml
+
+parameter_defaults:
+ CinderEnableDellPsBackend: true
+ CinderDellPsBackendName: 'tripleo_dellps'
+ CinderDellPsSanIp: ''
+ CinderDellPsSanLogin: ''
+ CinderDellPsSanPassword: ''
+ CinderDellPsSanThinProvision: true
+ CinderDellPsGroupname: 'group-0'
+ CinderDellPsPool: 'default'
+ CinderDellPsChapLogin: ''
+ CinderDellPsChapPassword: ''
+ CinderDellPsUseChap: false
diff --git a/environments/cinder-dellsc-config.yaml b/environments/cinder-dellsc-config.yaml
index 92e257d4..617d640c 100644
--- a/environments/cinder-dellsc-config.yaml
+++ b/environments/cinder-dellsc-config.yaml
@@ -1,7 +1,7 @@
# A Heat environment file which can be used to enable a
-# a Cinder Dell Storage Center ISCSI backend, configured via puppet
+# Cinder Dell EMC Storage Center ISCSI backend, configured via puppet
resource_registry:
- OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
+ OS::TripleO::Services::CinderBackendDellSc: ../puppet/services/cinder-backend-dellsc.yaml
parameter_defaults:
CinderEnableDellScBackend: true
diff --git a/environments/cinder-eqlx-config.yaml b/environments/cinder-eqlx-config.yaml
deleted file mode 100644
index ca2c5e5a..00000000
--- a/environments/cinder-eqlx-config.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-# A Heat environment file which can be used to enable a
-# a Cinder eqlx backen, configured via puppet
-resource_registry:
- OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
-
-parameter_defaults:
- CinderEnableEqlxBackend: true
- CinderEqlxBackendName: 'tripleo_eqlx'
- CinderEqlxSanIp: ''
- CinderEqlxSanLogin: ''
- CinderEqlxSanPassword: ''
- CinderEqlxSanThinProvision: true
- CinderEqlxGroupname: 'group-0'
- CinderEqlxPool: 'default'
- CinderEqlxChapLogin: ''
- CinderEqlxChapPassword: ''
- CinderEqlxUseChap: false
diff --git a/environments/cinder-scaleio-config.yaml b/environments/cinder-scaleio-config.yaml
new file mode 100644
index 00000000..cebd619c
--- /dev/null
+++ b/environments/cinder-scaleio-config.yaml
@@ -0,0 +1,35 @@
+# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# A Heat environment file which can be used to enable a
+# a Cinder Dell EMC SacleIO backend, configured via puppet
+resource_registry:
+ OS::TripleO::Services::CinderBackendScaleIO: ../puppet/services/cinder-backend-scaleio.yaml
+
+parameter_defaults:
+ CinderEnableScaleIOBackend: true
+ CinderScaleIOBackendName: 'tripleo_scaleio'
+ CinderScaleIOSanIp: ''
+ CinderScaleIOSanLogin: ''
+ CinderScaleIOSanPassword: ''
+ CinderScaleIORestServerPort: '443'
+ CinderScaleIOVerifyServerCertificate: false
+ CinderScaleIOServerCertificatePath: ''
+ CinderScaleIOProtectionDomainName: 'domain1'
+ CinderScaleIOStoragePoolName: 'pool1'
+ CinderScaleIOStoragePools: 'domain1:pool1'
+ CinderScaleIORoundVolumeCapacity: true
+ CinderScaleIOUnmapVolumeBeforeDeletion: false
+ CinderScaleIOMaxOverSubscriptionRatio: ''
+ CinderScaleIOSanThinProvision: true
diff --git a/environments/collectd-environment.yaml b/environments/collectd-environment.yaml
new file mode 100644
index 00000000..7780530c
--- /dev/null
+++ b/environments/collectd-environment.yaml
@@ -0,0 +1,23 @@
+resource_registry:
+ OS::TripleO::Services::Collectd: ../puppet/services/metrics/collectd.yaml
+
+# parameter_defaults:
+#
+## You can specify additional plugins to load using the
+## CollectdExtraPlugins key:
+#
+# CollectdExtraPlugins:
+# - disk
+# - df
+#
+## You can use ExtraConfig (or one of the related *ExtraConfig keys)
+## to configure collectd. See the documentation for puppet-collectd at
+## https://github.com/voxpupuli/puppet-collectd for details.
+#
+# ExtraConfig:
+# collectd::plugin::disk::disks:
+# - "/^[vhs]d[a-f][0-9]?$/"
+# collectd::plugin::df::mountpoints:
+# - "/"
+# collectd::plugin::df::ignoreselected: false
+# collectd::plugin::cpu::valuespercentage: true
diff --git a/environments/contrail/contrail-net.yaml b/environments/contrail/contrail-net.yaml
new file mode 100644
index 00000000..1e64f91d
--- /dev/null
+++ b/environments/contrail/contrail-net.yaml
@@ -0,0 +1,26 @@
+resource_registry:
+ OS::TripleO::Compute::Net::SoftwareConfig: contrail-nic-config-compute.yaml
+ OS::TripleO::Controller::Net::SoftwareConfig: contrail-nic-config.yaml
+ OS::TripleO::ContrailController::Net::SoftwareConfig: contrail-nic-config.yaml
+ OS::TripleO::ContrailAnalytics::Net::SoftwareConfig: contrail-nic-config.yaml
+ OS::TripleO::ContrailAnalyticsDatabase::Net::SoftwareConfig: contrail-nic-config.yaml
+ OS::TripleO::ContrailTsn::Net::SoftwareConfig: contrail-nic-config-compute.yaml
+
+parameter_defaults:
+ ControlPlaneSubnetCidr: '24'
+ ControlPlaneDefaultRoute: 192.0.2.254
+ InternalApiNetCidr: 10.0.0.0/24
+ InternalApiAllocationPools: [{'start': '10.0.0.10', 'end': '10.0.0.200'}]
+ InternalApiDefaultRoute: 10.0.0.1
+ ManagementNetCidr: 10.1.0.0/24
+ ManagementAllocationPools: [{'start': '10.1.0.10', 'end': '10.1.0.200'}]
+ ManagementInterfaceDefaultRoute: 10.1.0.1
+ ExternalNetCidr: 10.2.0.0/24
+ ExternalAllocationPools: [{'start': '10.2.0.10', 'end': '10.2.0.200'}]
+ EC2MetadataIp: 192.0.2.1 # Generally the IP of the Undercloud
+ DnsServers: ["8.8.8.8","8.8.4.4"]
+ VrouterPhysicalInterface: eth1
+ VrouterGateway: 10.0.0.1
+ VrouterNetmask: 255.255.255.0
+ ControlVirtualInterface: eth0
+ PublicVirtualInterface: vlan10
diff --git a/environments/contrail/contrail-nic-config-compute.yaml b/environments/contrail/contrail-nic-config-compute.yaml
new file mode 100644
index 00000000..3007638a
--- /dev/null
+++ b/environments/contrail/contrail-nic-config-compute.yaml
@@ -0,0 +1,167 @@
+heat_template_version: ocata
+
+description: >
+ Software Config to drive os-net-config to configure multiple interfaces
+ for the compute role. This is an example for a Nova compute node using
+ Contrail vrouter and the vhost0 interface.
+
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ InternalApiDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the internal api network.
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: comma_delimited_list
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ str_replace:
+ template:
+ get_file: ../../scripts/run-os-net-config.sh
+ params:
+ $network_config:
+ network_config:
+ - type: interface
+ name: nic1
+ use_dhcp: false
+ dns_servers:
+ get_param: DnsServers
+ addresses:
+ - ip_netmask:
+ list_join:
+ - '/'
+ - - get_param: ControlPlaneIp
+ - get_param: ControlPlaneSubnetCidr
+ routes:
+ - ip_netmask: 169.254.169.254/32
+ next_hop:
+ get_param: EC2MetadataIp
+ - type: interface
+ name: nic2
+ use_dhcp: false
+ - type: interface
+ name: vhost0
+ use_dhcp: false
+ addresses:
+ - ip_netmask:
+ get_param: InternalApiIpSubnet
+ routes:
+ - default: true
+ next_hop:
+ get_param: InternalApiDefaultRoute
+ - type: linux_bridge
+ name: br0
+ use_dhcp: false
+ members:
+ - type: interface
+ name: nic3
+ - type: vlan
+ vlan_id:
+ get_param: ManagementNetworkVlanID
+ device: br0
+ addresses:
+ - ip_netmask:
+ get_param: ManagementIpSubnet
+ - type: vlan
+ vlan_id:
+ get_param: ExternalNetworkVlanID
+ device: br0
+ addresses:
+ - ip_netmask:
+ get_param: ExternalIpSubnet
+ - type: vlan
+ vlan_id:
+ get_param: StorageNetworkVlanID
+ device: br0
+ addresses:
+ - ip_netmask:
+ get_param: StorageIpSubnet
+ - type: vlan
+ vlan_id:
+ get_param: StorageMgmtNetworkVlanID
+ device: br0
+ addresses:
+ - ip_netmask:
+ get_param: StorageMgmtIpSubnet
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value:
+ get_resource: OsNetConfigImpl
diff --git a/environments/contrail/contrail-services.yaml b/environments/contrail/contrail-services.yaml
new file mode 100644
index 00000000..80ef9d3a
--- /dev/null
+++ b/environments/contrail/contrail-services.yaml
@@ -0,0 +1,45 @@
+# A Heat environment file which can be used to enable OpenContrail
+# # extensions, configured via puppet
+resource_registry:
+ OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+ OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginContrail
+ OS::TripleO::Services::ComputeNeutronCorePlugin: OS::TripleO::Services::ComputeNeutronCorePluginContrail
+ OS::TripleO::NodeUserData: ../../firstboot/install_vrouter_kmod.yaml
+ OS::TripleO::Services::ContrailHeat: ../../puppet/services/network/contrail-heat.yaml
+ OS::TripleO::Services::ContrailAnalytics: ../../puppet/services/network/contrail-analytics.yaml
+ OS::TripleO::Services::ContrailAnalyticsDatabase: ../../puppet/services/network/contrail-analytics-database.yaml
+ OS::TripleO::Services::ContrailConfig: ../../puppet/services/network/contrail-config.yaml
+ OS::TripleO::Services::ContrailControl: ../../puppet/services/network/contrail-control.yaml
+ OS::TripleO::Services::ContrailDatabase: ../../puppet/services/network/contrail-database.yaml
+ OS::TripleO::Services::ContrailWebUI: ../../puppet/services/network/contrail-webui.yaml
+ OS::TripleO::Services::ContrailTsn: ../../puppet/services/network/contrail-tsn.yaml
+ OS::TripleO::Services::ComputeNeutronCorePluginContrail: ../../puppet/services/network/contrail-vrouter.yaml
+ OS::TripleO::Services::NeutronCorePluginContrail: ../../puppet/services/network/contrail-neutron-plugin.yaml
+parameter_defaults:
+ ContrailRepo: http://192.168.24.1/contrail-3.2.0.0-19
+ EnablePackageInstall: true
+# ContrailConfigIfmapUserName: api-server
+# ContrailConfigIfmapUserPassword: api-server
+ OvercloudControlFlavor: control
+ OvercloudContrailControllerFlavor: contrail-controller
+ OvercloudContrailAnalyticsFlavor: contrail-analytics
+ OvercloudContrailAnalyticsDatabaseFlavor: contrail-analytics-database
+ OvercloudContrailTsnFlavor: contrail-tsn
+ OvercloudComputeFlavor: compute
+ ControllerCount: 3
+ ContrailControllerCount: 3
+ ContrailAnalyticsCount: 3
+ ContrailAnalyticsDatabaseCount: 3
+ ContrailTsnCount: 1
+ ComputeCount: 3
+ DnsServers: ["8.8.8.8","8.8.4.4"]
+ NtpServer: 10.0.0.1
+ NeutronCorePlugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2
+ NeutronServicePlugins: ''
+ NeutronTunnelTypes: ''
+# NeutronMetadataProxySharedSecret:
+# ContrailControlRNDCSecret: # sda1/256 hmac key, e.g. echo -n "values" | openssl dgst -sha256 -hmac key -binary | base64
diff --git a/environments/contrail/roles_data_contrail.yaml b/environments/contrail/roles_data_contrail.yaml
new file mode 100644
index 00000000..5f6c4691
--- /dev/null
+++ b/environments/contrail/roles_data_contrail.yaml
@@ -0,0 +1,237 @@
+# Specifies which roles (groups of nodes) will be deployed
+# Note this is used as an input to the various *.j2.yaml
+# jinja2 templates, so that they are converted into *.yaml
+# during the plan creation (via a mistral action/workflow).
+#
+# The format is a list, with the following format:
+#
+# * name: (string) mandatory, name of the role, must be unique
+#
+# CountDefault: (number) optional, default number of nodes, defaults to 0
+# sets the default for the {{role.name}}Count parameter in overcloud.yaml
+#
+# HostnameFormatDefault: (string) optional default format string for hostname
+# defaults to '%stackname%-{{role.name.lower()}}-%index%'
+# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml
+#
+# disable_constraints: (boolean) optional, whether to disable Nova and Glance
+# constraints for each role specified in the templates.
+#
+# upgrade_batch_size: (number): batch size for upgrades where tasks are
+# specified by services to run in batches vs all nodes at once.
+# This defaults to 1, but larger batches may be specified here.
+#
+# ServicesDefault: (list) optional default list of services to be deployed
+# on the role, defaults to an empty list. Sets the default for the
+# {{role.name}}Services parameter in overcloud.yaml
+
+- name: Controller # the 'primary' role goes first
+ CountDefault: 1
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CephMds
+ - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::CephRbdMirror
+ - OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderBackup
+ - OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::ContrailHeat
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::NeutronApi
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::NovaConsoleauth
+ - OS::TripleO::Services::NovaVncProxy
+ - OS::TripleO::Services::Ec2Api
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::CeilometerApi
+ - OS::TripleO::Services::CeilometerCollector
+ - OS::TripleO::Services::CeilometerExpirer
+ - OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentNotification
+ - OS::TripleO::Services::Horizon
+ - OS::TripleO::Services::GnocchiApi
+ - OS::TripleO::Services::GnocchiMetricd
+ - OS::TripleO::Services::GnocchiStatsd
+ - OS::TripleO::Services::ManilaApi
+ - OS::TripleO::Services::ManilaScheduler
+ - OS::TripleO::Services::ManilaBackendGeneric
+ - OS::TripleO::Services::ManilaBackendNetapp
+ - OS::TripleO::Services::ManilaBackendCephFs
+ - OS::TripleO::Services::ManilaShare
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::SaharaApi
+ - OS::TripleO::Services::SaharaEngine
+ - OS::TripleO::Services::IronicApi
+ - OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::NovaIronic
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::OpenDaylightApi
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::BarbicanApi
+ - OS::TripleO::Services::PankoApi
+ - OS::TripleO::Services::Zaqar
+ - OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::CinderHPELeftHandISCSI
+ - OS::TripleO::Services::Etcd
+ - OS::TripleO::Services::AuditD
+
+- name: Compute
+ CountDefault: 1
+ HostnameFormatDefault: '%stackname%-novacompute-%index%'
+ disable_upgrade_deployment: True
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CephClient
+ - OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::ComputeNeutronCorePlugin
+ - OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::ComputeCeilometerAgent
+ - OS::TripleO::Services::ComputeNeutronL3Agent
+ - OS::TripleO::Services::ComputeNeutronMetadataAgent
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::NeutronSriovAgent
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::AuditD
+
+- name: BlockStorage
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::BlockStorageCinderVolume
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::AuditD
+
+- name: ObjectStorage
+ disable_upgrade_deployment: True
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::AuditD
+
+- name: CephStorage
+ disable_upgrade_deployment: True
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CephOSD
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::AuditD
+
+- name: ContrailController
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::ContrailConfig
+ - OS::TripleO::Services::ContrailControl
+ - OS::TripleO::Services::ContrailDatabase
+ - OS::TripleO::Services::ContrailWebUI
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+
+- name: ContrailAnalytics
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::ContrailAnalytics
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+
+- name: ContrailAnalyticsDatabase
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::ContrailAnalyticsDatabase
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
+
+- name: ContrailTsn
+ ServicesDefault:
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::ContrailTsn
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::FluentdClient
diff --git a/environments/deployed-server-bootstrap-environment-rhel.yaml b/environments/deployed-server-bootstrap-environment-rhel.yaml
new file mode 100644
index 00000000..f614a91a
--- /dev/null
+++ b/environments/deployed-server-bootstrap-environment-rhel.yaml
@@ -0,0 +1,7 @@
+# An environment that can be used with the deployed-server.yaml template to do
+# initial bootstrapping of the deployed servers.
+resource_registry:
+ OS::TripleO::DeployedServer::Bootstrap: ../deployed-server/deployed-server-bootstrap-rhel.yaml
+
+parameter_defaults:
+ EnablePackageInstall: True
diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml
index d2fc59c6..ff4ecfbe 100644
--- a/environments/enable-internal-tls.yaml
+++ b/environments/enable-internal-tls.yaml
@@ -2,9 +2,18 @@
# a TLS for in the internal network via certmonger
parameter_defaults:
EnableInternalTLS: true
+
+ # Required for novajoin to enroll the overcloud nodes
+ ServerMetadata:
+ ipa_enroll: True
+
resource_registry:
OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml
OS::TripleO::Services::ApacheTLS: ../puppet/services/apache-internal-tls-certmonger.yaml
OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml
# We use apache as a TLS proxy
OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml
+
+ # Creates nova metadata that will create the extra service principals per
+ # node.
+ OS::TripleO::ServiceServerMetadataHook: ../extraconfig/nova_metadata/krb-service-principals.yaml
diff --git a/environments/enable_congress.yaml b/environments/enable_congress.yaml
new file mode 100644
index 00000000..1eea7f5e
--- /dev/null
+++ b/environments/enable_congress.yaml
@@ -0,0 +1,2 @@
+resource_registry:
+ OS::TripleO::Services::Congress: ../puppet/services/congress.yaml
diff --git a/environments/enable_tacker.yaml b/environments/enable_tacker.yaml
new file mode 100644
index 00000000..1f9eca01
--- /dev/null
+++ b/environments/enable_tacker.yaml
@@ -0,0 +1,2 @@
+resource_registry:
+ OS::TripleO::Services::Tacker: ../puppet/services/tacker.yaml
diff --git a/environments/horizon_password_validation.yaml b/environments/horizon_password_validation.yaml
new file mode 100644
index 00000000..1a0f92cc
--- /dev/null
+++ b/environments/horizon_password_validation.yaml
@@ -0,0 +1,5 @@
+# Use this enviroment to pass in validation regex for horizons password
+# validation checks
+parameter_defaults:
+ HorizonPasswordValidator: '.*'
+ HorizonPasswordValidatorHelp: 'Your password does not meet the requirements.'
diff --git a/environments/host-config-pre-network.j2.yaml b/environments/host-config-pre-network.j2.yaml
index fe1302b5..c79e28b4 100644
--- a/environments/host-config-pre-network.j2.yaml
+++ b/environments/host-config-pre-network.j2.yaml
@@ -1,12 +1,12 @@
resource_registry:
# Create the registry only for roles with the word "Compute" in it. Like ComputeOvsDpdk, ComputeSriov, etc.,
-{% for role in roles %}
+{%- for role in roles -%}
{% if "Compute" in role.name %}
OS::TripleO::{{role.name}}::PreNetworkConfig: ../extraconfig/pre_network/{{role.name.lower()}}-host_config_and_reboot.yaml
-{% endif %}
+{%- endif -%}
{% endfor %}
-parameter_defaults:
+#parameter_defaults:
# Sample parameters for Compute and ComputeOvsDpdk roles
#ComputeKernelArgs: ""
#ComputeTunedProfileName: ""
diff --git a/environments/major-upgrade-all-in-one.yaml b/environments/major-upgrade-all-in-one.yaml
index 69d72edd..4283b212 100644
--- a/environments/major-upgrade-all-in-one.yaml
+++ b/environments/major-upgrade-all-in-one.yaml
@@ -1,8 +1,2 @@
-# We run the upgrade steps without disabling the OS::TripleO::PostDeploySteps
-# this means you can do a major upgrade in one pass, which may be useful
-# e.g for all-in-one deployments where we can upgrade the compute services
-# at the same time as the controlplane
-# Note that it will be necessary to pass a mapping of OS::Heat::None again for
-# any subsequent updates, or the upgrade steps will run again.
resource_registry:
- OS::TripleO::UpgradeSteps: ../puppet/major_upgrade_steps.yaml
+ OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml
diff --git a/environments/major-upgrade-composable-steps.yaml b/environments/major-upgrade-composable-steps.yaml
index 7e10014b..4283b212 100644
--- a/environments/major-upgrade-composable-steps.yaml
+++ b/environments/major-upgrade-composable-steps.yaml
@@ -1,3 +1,2 @@
resource_registry:
- OS::TripleO::UpgradeSteps: ../puppet/major_upgrade_steps.yaml
- OS::TripleO::PostDeploySteps: OS::Heat::None
+ OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml
diff --git a/environments/neutron-opencontrail.yaml b/environments/neutron-opencontrail.yaml
deleted file mode 100644
index 51575b86..00000000
--- a/environments/neutron-opencontrail.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-# A Heat environment file which can be used to enable OpenContrail
-# extensions, configured via puppet
-resource_registry:
- OS::TripleO::ComputeExtraConfigPre: ../puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml
- OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
- OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
- OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
- OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
- OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
- # Override the NeutronCorePlugin to use Nuage
- OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginOpencontrail
- OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-opencontrail.yaml
-
-parameter_defaults:
- NeutronCorePlugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2
- NeutronServicePlugins: neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2
- NeutronTunnelTypes: ''
-
- # required params:
- #ContrailApiServerIp:
- #ContrailExtensions: ''
-
- # optional params
- # ContrailApiServerPort: 8082
- # ContrailMultiTenancy: false
diff --git a/environments/neutron-opendaylight-l3.yaml b/environments/neutron-opendaylight-l3.yaml
deleted file mode 100644
index 6d5c7404..00000000
--- a/environments/neutron-opendaylight-l3.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-# A Heat environment that can be used to deploy OpenDaylight with L3 DVR
-resource_registry:
- OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
- OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
- OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
- OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml
- OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml
- OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
-
-parameter_defaults:
- NeutronEnableForceMetadata: true
- NeutronMechanismDrivers: 'opendaylight_v2'
- NeutronServicePlugins: 'odl-router_v2'
- OpenDaylightEnableL3: "'yes'"
diff --git a/environments/neutron-sriov.yaml b/environments/neutron-sriov.yaml
index 9b7e51f9..5e9e15e3 100755
--- a/environments/neutron-sriov.yaml
+++ b/environments/neutron-sriov.yaml
@@ -9,9 +9,6 @@ parameter_defaults:
#NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter']
#NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"]
- # Provide the vendorid:productid of the VFs
- #NeutronSupportedPCIVendorDevs: ['8086:154c','8086:10ca','8086:1520']
-
#NeutronPhysicalDevMappings: "datacentre:ens20f2"
# Number of VFs that needs to be configured for a physical interface
diff --git a/environments/services/ceph-rbdmirror.yaml b/environments/services/ceph-rbdmirror.yaml
new file mode 100644
index 00000000..b350e4c5
--- /dev/null
+++ b/environments/services/ceph-rbdmirror.yaml
@@ -0,0 +1,2 @@
+resource_registry:
+ OS::TripleO::Services::CephRbdMirror: ../../puppet/services/pacemaker/ceph-rbdmirror.yaml
diff --git a/environments/services/ec2-api.yaml b/environments/services/ec2-api.yaml
new file mode 100644
index 00000000..d751ba23
--- /dev/null
+++ b/environments/services/ec2-api.yaml
@@ -0,0 +1,3 @@
+# A Heat environment file which can be used to enable EC2-API service.
+resource_registry:
+ OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml
diff --git a/environments/services/octavia.yaml b/environments/services/octavia.yaml
new file mode 100644
index 00000000..24c57b8c
--- /dev/null
+++ b/environments/services/octavia.yaml
@@ -0,0 +1,9 @@
+resource_registry:
+ OS::TripleO::Services::OctaviaApi: ../../puppet/services/octavia-api.yaml
+ OS::TripleO::Services::OctaviaHealthManager: ../../puppet/services/octavia-health-manager.yaml
+ OS::TripleO::Services::OctaviaHousekeeping: ../../puppet/services/octavia-housekeeping.yaml
+ OS::TripleO::Services::OctaviaWorker: ../../puppet/services/octavia-worker.yaml
+
+parameter_defaults:
+ NeutronServicePlugins: "qos,router,trunk,lbaasv2"
+ NeutronEnableForceMetadata: true
diff --git a/environments/sshd-banner.yaml b/environments/sshd-banner.yaml
new file mode 100644
index 00000000..041c0990
--- /dev/null
+++ b/environments/sshd-banner.yaml
@@ -0,0 +1,13 @@
+resource_registry:
+ OS::TripleO::Services::Sshd: ../puppet/services/sshd.yaml
+
+parameter_defaults:
+ BannerText: |
+ ******************************************************************
+ * This system is for the use of authorized users only. Usage of *
+ * this system may be monitored and recorded by system personnel. *
+ * Anyone using this system expressly consents to such monitoring *
+ * and is advised that if such monitoring reveals possible *
+ * evidence of criminal activity, system personnel may provide *
+ * the evidence from such monitoring to law enforcement officials.*
+ ******************************************************************
diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml
index 74c9f61d..1b666c5b 100644
--- a/environments/tls-endpoints-public-dns.yaml
+++ b/environments/tls-endpoints-public-dns.yaml
@@ -17,6 +17,45 @@ parameter_defaults:
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
+ CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
+ ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+ Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+ Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
@@ -55,6 +94,9 @@ parameter_defaults:
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
+ OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
@@ -64,6 +106,9 @@ parameter_defaults:
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+ TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+ TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+ TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml
index 17ff2feb..7311a1f9 100644
--- a/environments/tls-endpoints-public-ip.yaml
+++ b/environments/tls-endpoints-public-ip.yaml
@@ -17,6 +17,45 @@ parameter_defaults:
CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
+ CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+ Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+ Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
@@ -55,6 +94,9 @@ parameter_defaults:
NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
+ OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
@@ -64,6 +106,9 @@ parameter_defaults:
SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
+ TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+ TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+ TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml
index 0aa2be08..e6608b57 100644
--- a/environments/tls-everywhere-endpoints-dns.yaml
+++ b/environments/tls-everywhere-endpoints-dns.yaml
@@ -17,6 +17,45 @@ parameter_defaults:
CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
+ CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
+ CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
+ CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
+ ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
+ Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
+ Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
@@ -55,6 +94,9 @@ parameter_defaults:
NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
+ OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
@@ -64,6 +106,9 @@ parameter_defaults:
SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+ TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
+ TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
+ TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}