summaryrefslogtreecommitdiffstats
path: root/environments
diff options
context:
space:
mode:
Diffstat (limited to 'environments')
-rw-r--r--environments/cinder-backup.yaml4
-rw-r--r--environments/enable-tls.yaml52
-rw-r--r--environments/major-upgrade-aodh-migration.yaml10
-rw-r--r--environments/network-environment.yaml28
-rw-r--r--environments/puppet-pacemaker.yaml9
-rw-r--r--environments/services/sahara.yaml3
-rw-r--r--environments/tls-endpoints-public-dns.yaml52
-rw-r--r--environments/tls-endpoints-public-ip.yaml52
8 files changed, 142 insertions, 68 deletions
diff --git a/environments/cinder-backup.yaml b/environments/cinder-backup.yaml
new file mode 100644
index 00000000..f01fcbd9
--- /dev/null
+++ b/environments/cinder-backup.yaml
@@ -0,0 +1,4 @@
+resource_registry:
+ OS::TripleO::Services::CinderBackup: ../puppet/services/pacemaker/cinder-backup.yaml
+ # For non-pcmk managed implementation
+ # OS::TripleO::Services::CinderBackup: ../puppet/services/cinder-backup.yaml \ No newline at end of file
diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml
index 290d2011..39ded654 100644
--- a/environments/enable-tls.yaml
+++ b/environments/enable-tls.yaml
@@ -1,58 +1,12 @@
+# Use this environment to pass in certificates for SSL deployments.
+# For these values to take effect, one of the tls-endpoints-*.yaml environments
+# must also be used.
parameter_defaults:
SSLCertificate: |
The contents of your certificate go here
SSLIntermediateCertificate: ''
SSLKey: |
The contents of the private key go here
- EndpointMap:
- AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
- AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
- AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
- CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
- CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
- CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
- CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
- CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
- CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
- GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
- GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
- GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
- GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
- GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
- GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
- GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
- HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
- HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
- HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
- HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
- HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
- HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
- HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
- IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
- IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
- IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
- KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
- KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
- KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
- ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
- ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
- ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
- MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
- NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
- NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
- NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
- NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
- NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
- NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
- NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
- NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
- NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
- SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
- SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
- SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
- SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
- SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
resource_registry:
OS::TripleO::NodeTLSData: ../puppet/extraconfig/tls/tls-cert-inject.yaml
diff --git a/environments/major-upgrade-aodh-migration.yaml b/environments/major-upgrade-aodh-migration.yaml
new file mode 100644
index 00000000..c1dbde42
--- /dev/null
+++ b/environments/major-upgrade-aodh-migration.yaml
@@ -0,0 +1,10 @@
+resource_registry:
+ # aodh data migration
+ OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml
+
+ # no-op the rest
+ OS::TripleO::ControllerPostDeployment: OS::Heat::None
+ OS::TripleO::ComputePostDeployment: OS::Heat::None
+ OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None
+ OS::TripleO::BlockStoragePostDeployment: OS::Heat::None
+ OS::TripleO::CephStoragePostDeployment: OS::Heat::None
diff --git a/environments/network-environment.yaml b/environments/network-environment.yaml
index cf94d7fc..d0fc9ec6 100644
--- a/environments/network-environment.yaml
+++ b/environments/network-environment.yaml
@@ -15,14 +15,23 @@ resource_registry:
parameter_defaults:
# This section is where deployment-specific configuration is done
+ # CIDR subnet mask length for provisioning network
+ ControlPlaneSubnetCidr: '24'
+ # Gateway router for the provisioning network (or Undercloud IP)
+ ControlPlaneDefaultRoute: 192.0.2.254
+ EC2MetadataIp: 192.0.2.1 # Generally the IP of the Undercloud
# Customize the IP subnets to match the local environment
InternalApiNetCidr: 172.17.0.0/24
StorageNetCidr: 172.18.0.0/24
StorageMgmtNetCidr: 172.19.0.0/24
TenantNetCidr: 172.16.0.0/24
ExternalNetCidr: 10.0.0.0/24
- # CIDR subnet mask length for provisioning network
- ControlPlaneSubnetCidr: '24'
+ # Customize the VLAN IDs to match the local environment
+ InternalApiNetworkVlanID: 20
+ StorageNetworkVlanID: 30
+ StorageMgmtNetworkVlanID: 40
+ TenantNetworkVlanID: 50
+ ExternalNetworkVlanID: 10
# Customize the IP ranges on each network to use for static IPs and VIPs
InternalApiAllocationPools: [{'start': '172.17.0.10', 'end': '172.17.0.200'}]
StorageAllocationPools: [{'start': '172.18.0.10', 'end': '172.18.0.200'}]
@@ -32,18 +41,13 @@ parameter_defaults:
ExternalAllocationPools: [{'start': '10.0.0.10', 'end': '10.0.0.50'}]
# Gateway router for the external network
ExternalInterfaceDefaultRoute: 10.0.0.1
- # Gateway router for the provisioning network (or Undercloud IP)
- ControlPlaneDefaultRoute: 192.0.2.254
- # Generally the IP of the Undercloud
- EC2MetadataIp: 192.0.2.1
+ # Uncomment if using the Management Network (see network-management.yaml)
+ # ManagementNetCidr: 10.0.1.0/24
+ # ManagementAllocationPools: [{'start': '10.0.1.10', 'end', '10.0.1.50'}]
+ # Use either this parameter or ControlPlaneDefaultRoute in the NIC templates
+ # ManagementInterfaceDefaultRoute: 10.0.1.1
# Define the DNS servers (maximum 2) for the overcloud nodes
DnsServers: ["8.8.8.8","8.8.4.4"]
- # Customize the VLAN IDs to match the local environment
- InternalApiNetworkVlanID: 10
- StorageNetworkVlanID: 20
- StorageMgmtNetworkVlanID: 30
- TenantNetworkVlanID: 40
- ExternalNetworkVlanID: 50
# Set to empty string to enable multiple external networks or VLANs
NeutronExternalNetworkBridge: "''"
# The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling.
diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml
index 54f37a48..8cfbab6d 100644
--- a/environments/puppet-pacemaker.yaml
+++ b/environments/puppet-pacemaker.yaml
@@ -7,10 +7,8 @@ resource_registry:
OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
# custom pacemaker services
- # NOTE: For now we will need to specify overrides to all services
- # which use pacemaker. In the future (with upcoming HA light work) this
- # list will hopefully be much smaller however.
- OS::TripleO::Services::CinderBackup: ../puppet/services/pacemaker/cinder-backup.yaml
+ # NOTE: Please before adding any pacemaker-managed services, get in touch
+ # with bandini, Ng or beekhof
OS::TripleO::Services::CinderVolume: ../puppet/services/pacemaker/cinder-volume.yaml
OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml
OS::TripleO::Services::HAproxy: ../puppet/services/pacemaker/haproxy.yaml
@@ -18,6 +16,3 @@ resource_registry:
OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml
OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml
# Services that are disabled by default (use relevant environment files):
- OS::Tripleo::Services::ManilaShare: OS::Heat::None
- OS::TripleO::Services::SaharaApi: ../puppet/services/pacemaker/sahara-api.yaml
- OS::TripleO::Services::SaharaEngine: ../puppet/services/pacemaker/sahara-engine.yaml
diff --git a/environments/services/sahara.yaml b/environments/services/sahara.yaml
new file mode 100644
index 00000000..82205dd1
--- /dev/null
+++ b/environments/services/sahara.yaml
@@ -0,0 +1,3 @@
+resource_registry:
+ OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml
+ OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml
diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml
new file mode 100644
index 00000000..7c8e850c
--- /dev/null
+++ b/environments/tls-endpoints-public-dns.yaml
@@ -0,0 +1,52 @@
+# Use this environment when deploying an SSL-enabled overcloud where the public
+# endpoint is a DNS name.
+parameter_defaults:
+ EndpointMap:
+ AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
+ CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
+ CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
+ GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
+ GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
+ GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
+ HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
+ HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
+ HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
+ IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
+ KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
+ KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
+ KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
+ ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
+ MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
+ NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
+ NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
+ NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
+ SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
+ SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml
new file mode 100644
index 00000000..80595c6c
--- /dev/null
+++ b/environments/tls-endpoints-public-ip.yaml
@@ -0,0 +1,52 @@
+# Use this environment when deploying an SSL-enabled overcloud where the public
+# endpoint is an IP address.
+parameter_defaults:
+ EndpointMap:
+ AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
+ CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
+ CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
+ GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
+ GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'}
+ GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
+ HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
+ HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
+ HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
+ IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
+ KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
+ KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
+ KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
+ ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
+ MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
+ NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
+ NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
+ NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
+ SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
+ SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}