diff options
Diffstat (limited to 'environments')
31 files changed, 328 insertions, 33 deletions
diff --git a/environments/ceph-radosgw.yaml b/environments/ceph-radosgw.yaml new file mode 100644 index 00000000..a9221a2a --- /dev/null +++ b/environments/ceph-radosgw.yaml @@ -0,0 +1,5 @@ +resource_registry: + OS::TripleO::Services::CephRgw: ../puppet/services/ceph-rgw.yaml + OS::TripleO::Services::SwiftProxy: OS::Heat::None + OS::TripleO::Services::SwiftStorage: OS::Heat::None + OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None diff --git a/environments/cinder-netapp-config.yaml b/environments/cinder-netapp-config.yaml index 0437cc67..b9a84342 100644 --- a/environments/cinder-netapp-config.yaml +++ b/environments/cinder-netapp-config.yaml @@ -25,5 +25,5 @@ parameter_defaults: CinderNetappControllerIps: '' CinderNetappSaPassword: '' CinderNetappStoragePools: '' - CinderNetappEseriesHostType: 'linux_dm_mp' + CinderNetappHostType: '' CinderNetappWebservicePath: '/devmgr/v2' diff --git a/environments/debug.yaml b/environments/debug.yaml new file mode 100644 index 00000000..b938555c --- /dev/null +++ b/environments/debug.yaml @@ -0,0 +1,5 @@ +# A Heat environment file which can be used to enable the debug +# setting in the overcloud openstack services configuration. + +parameter_defaults: + Debug: true diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml new file mode 100644 index 00000000..5116c6da --- /dev/null +++ b/environments/enable-internal-tls.yaml @@ -0,0 +1,6 @@ +# A Heat environment file which can be used to enable a +# a TLS for in the internal network via certmonger +parameter_defaults: + EnableInternalTLS: true +resource_registry: + OS::TripleO::Services::ApacheTLS: ../../puppet/services/apache-internal-tls-certmonger.yaml diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml new file mode 100644 index 00000000..cee4ae4a --- /dev/null +++ b/environments/hyperconverged-ceph.yaml @@ -0,0 +1,11 @@ +# If not using an isolated StorageMgmt network, the following regitry mapping +# should be commented. +resource_registry: + OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + +parameter_defaults: + ComputeServices: + - OS::TripleO::Services::CephOSD + +parameter_merge_strategies: + ComputeServices: merge
\ No newline at end of file diff --git a/environments/logging-environment.yaml b/environments/logging-environment.yaml new file mode 100644 index 00000000..c583ca79 --- /dev/null +++ b/environments/logging-environment.yaml @@ -0,0 +1,29 @@ +## A Heat environment file which can be used to set up +## logging agents + +resource_registry: + OS::TripleO::Services::FluentdClient: ../puppet/services/logging/fluentd-client.yaml + +#parameter_defaults: + +## Simple configuration +# +# LoggingServers: +# - host: log0.example.com +# port: 24224 +# - host: log1.example.com +# port: 24224 +# +## Example SSL configuration +## (note the use of port 24284 for ssl connections) +# +# LoggingServers: +# - host: 192.0.2.11 +# port: 24284 +# LoggingUsesSSL: true +# LoggingSharedKey: secret +# LoggingSSLCertificate: | +# -----BEGIN CERTIFICATE----- +# ...certificate data here... +# -----END CERTIFICATE----- + diff --git a/environments/low-memory-usage.yaml b/environments/low-memory-usage.yaml new file mode 100644 index 00000000..ad428686 --- /dev/null +++ b/environments/low-memory-usage.yaml @@ -0,0 +1,15 @@ +# Lower the memory usage of overcloud. +parameter_defaults: + CeilometerWorkers: 1 + CinderWorkers: 1 + GlanceWorkers: 1 + HeatWorkers: 1 + KeystoneWorkers: 1 + NeutronWorkers: 1 + NovaWorkers: 1 + SaharaWorkers: 1 + SwiftWorkers: 1 + GnocchiMetricdWorkers: 1 + + ApacheMaxRequestWorkers: 32 + ApacheServerLimit: 32 diff --git a/environments/major-upgrade-aodh-migration.yaml b/environments/major-upgrade-aodh-migration.yaml index c1dbde42..9d6ce73e 100644 --- a/environments/major-upgrade-aodh-migration.yaml +++ b/environments/major-upgrade-aodh-migration.yaml @@ -3,8 +3,4 @@ resource_registry: OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml # no-op the rest - OS::TripleO::ControllerPostDeployment: OS::Heat::None - OS::TripleO::ComputePostDeployment: OS::Heat::None - OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None - OS::TripleO::BlockStoragePostDeployment: OS::Heat::None - OS::TripleO::CephStoragePostDeployment: OS::Heat::None + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml b/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml new file mode 100644 index 00000000..6798c255 --- /dev/null +++ b/environments/major-upgrade-ceilometer-wsgi-mitaka-newton.yaml @@ -0,0 +1,7 @@ +resource_registry: + + # This initiates the upgrades for ceilometer api to run under apache wsgi + OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml + + # no-op the rest + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-pacemaker-converge.yaml b/environments/major-upgrade-pacemaker-converge.yaml index f023cb32..e9a5f9be 100644 --- a/environments/major-upgrade-pacemaker-converge.yaml +++ b/environments/major-upgrade-pacemaker-converge.yaml @@ -1,2 +1,6 @@ parameter_defaults: UpgradeLevelNovaCompute: '' + +resource_registry: + OS::TripleO::Services::SaharaApi: ../puppet/services/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: ../puppet/services/sahara-engine.yaml diff --git a/environments/major-upgrade-pacemaker-init.yaml b/environments/major-upgrade-pacemaker-init.yaml index d97f8fc1..f4f361df 100644 --- a/environments/major-upgrade-pacemaker-init.yaml +++ b/environments/major-upgrade-pacemaker-init.yaml @@ -3,8 +3,4 @@ parameter_defaults: resource_registry: OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker_init.yaml - OS::TripleO::ControllerPostDeployment: OS::Heat::None - OS::TripleO::ComputePostDeployment: OS::Heat::None - OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None - OS::TripleO::BlockStoragePostDeployment: OS::Heat::None - OS::TripleO::CephStoragePostDeployment: OS::Heat::None + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-pacemaker.yaml b/environments/major-upgrade-pacemaker.yaml index 95f09666..9fb51a4d 100644 --- a/environments/major-upgrade-pacemaker.yaml +++ b/environments/major-upgrade-pacemaker.yaml @@ -3,8 +3,4 @@ parameter_defaults: resource_registry: OS::TripleO::Tasks::UpdateWorkflow: ../extraconfig/tasks/major_upgrade_pacemaker.yaml - OS::TripleO::ControllerPostDeployment: OS::Heat::None - OS::TripleO::ComputePostDeployment: OS::Heat::None - OS::TripleO::ObjectStoragePostDeployment: OS::Heat::None - OS::TripleO::BlockStoragePostDeployment: OS::Heat::None - OS::TripleO::CephStoragePostDeployment: OS::Heat::None + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/major-upgrade-remove-sahara.yaml b/environments/major-upgrade-remove-sahara.yaml new file mode 100644 index 00000000..e0aaf130 --- /dev/null +++ b/environments/major-upgrade-remove-sahara.yaml @@ -0,0 +1,6 @@ +parameter_defaults: + KeepSaharaServicesOnUpgrade: false +resource_registry: + OS::TripleO::Services::SaharaApi: OS::Heat::None + OS::TripleO::Services::SaharaEngine: OS::Heat::None + diff --git a/environments/manage-firewall.yaml b/environments/manage-firewall.yaml deleted file mode 100644 index 5d48698e..00000000 --- a/environments/manage-firewall.yaml +++ /dev/null @@ -1,2 +0,0 @@ -parameter_defaults: - ManageFirewall: true diff --git a/environments/manila-cephfsnative-config.yaml b/environments/manila-cephfsnative-config.yaml new file mode 100644 index 00000000..825a5066 --- /dev/null +++ b/environments/manila-cephfsnative-config.yaml @@ -0,0 +1,17 @@ +# A Heat environment file which can be used to enable a +# a Manila CephFS Native driver backend. +resource_registry: + OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + OS::Tripleo::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml + + +parameter_defaults: + ManilaCephFSNativeBackendName: cephfsnative + ManilaCephFSNativeDriverHandlesShareServers: false + ManilaCephFSNativeCephFSConfPath: '/etc/ceph/ceph.conf' + ManilaCephFSNativeCephFSAuthId: 'manila' + ManilaCephFSNativeCephFSClusterName: 'ceph' + ManilaCephFSNativeCephFSEnableSnapshots: true diff --git a/environments/manila-generic-config.yaml b/environments/manila-generic-config.yaml index 74011c66..9344bc6e 100644 --- a/environments/manila-generic-config.yaml +++ b/environments/manila-generic-config.yaml @@ -1,14 +1,16 @@ -# A Heat environment file which can be used to enable a -# a Manila generic driver backend. +# This environment file enables Manila with the Generic backend. resource_registry: OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml # Only manila-share is pacemaker managed: OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml - + OS::Tripleo::Services::ManilaBackendGeneric: ../puppet/services/manila-backend-generic.yaml parameter_defaults: - ManilaGenericEnableBackend: true + ManilaServiceInstanceUser: '' + ManilaServiceInstancePassword: '' + ManilaServiceInstanceFlavorId: 2 + ManilaServiceNetworkCidr: '172.16.0.0/16' ManilaGenericBackendName: tripleo_generic ManilaGenericDriverHandlesShareServers: true ManilaGenericSmbTemplateConfigPath: '$state_path/smb.conf' @@ -20,7 +22,3 @@ parameter_defaults: ManilaGenericServiceInstanceSmbConfigPath: '$share_mount_path/smb.conf' ManilaGenericShareVolumeFsType: 'ext4' ManilaGenericCinderVolumeType: '' - ManilaGenericServiceInstanceUser: '' - ManilaGenericServiceInstancePassword: '' - ManilaGenericServiceInstanceFlavorId: 2 - ManilaGenericServiceNetworkCidr: '172.16.0.0/16' diff --git a/environments/manila-netapp-config.yaml b/environments/manila-netapp-config.yaml new file mode 100644 index 00000000..3dadfe5d --- /dev/null +++ b/environments/manila-netapp-config.yaml @@ -0,0 +1,29 @@ +# This environment file enables Manila with the Netapp backend. +resource_registry: + OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml + OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml + # Only manila-share is pacemaker managed: + OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml + OS::Tripleo::Services::ManilaBackendNetapp: ../puppet/services/manila-backend-netapp.yaml + +parameter_defaults: + ManilaNetappBackendName: tripleo_netapp + ManilaNetappDriverHandlesShareServers: true + ManilaNetappLogin: '' + ManilaNetappPassword: '' + ManilaNetappServerHostname: '' + ManilaNetappTransportType: 'http' + ManilaNetappStorageFamily: 'ontap_cluster' + ManilaNetappServerPort: 80 + ManilaNetappVolumeNameTemplate: 'share_%(share_id)s' + ManilaNetappVserver: '' + ManilaNetappVserverNameTemplate: 'os_%s' + ManilaNetappLifNameTemplate: 'os_%(net_allocation_id)s' + ManilaNetappAggrNameSearchPattern: '(.*)' + ManilaNetappRootVolumeAggr: '' + ManilaNetappRootVolume: 'root' + ManilaNetappPortNameSearchPattern: '(.*)' + ManilaNetappTraceFlags: '' + ManilaNetappEnabledShareProtocols: 'nfs3, nfs4.0' + ManilaNetappVolumeSnapshotReservePercent: 5 + ManilaNetappSnapmirrorQuiesceTimeout: 3600 diff --git a/environments/monitoring-environment.yaml b/environments/monitoring-environment.yaml new file mode 100644 index 00000000..62ab06dc --- /dev/null +++ b/environments/monitoring-environment.yaml @@ -0,0 +1,30 @@ +## A Heat environment file which can be used to set up monitoring +## and logging agents + +resource_registry: + OS::TripleO::Services::SensuClient: ../puppet/services/monitoring/sensu-client.yaml + +#parameter_defaults: + #### Sensu settings #### + ##MonitoringRabbitHost: 10.10.10.10 + ##MonitoringRabbitPort: 5672 + ##MonitoringRabbitUserName: sensu + ##MonitoringRabbitPassword: sensu + ##MonitoringRabbitUseSSL: false + ##MonitoringRabbitVhost: "/sensu" + ##SensuClientCustomConfig: + ## - api: + ## - warning: 10 + ## critical: 20 + ## openstack: + ## - username: admin + ## password: changeme + ## project_name: admin + ## auth_url: http://controller:5000/v2.0 + ## region_name: RegionOne + + #### EFK settings #### + ## TBD + + #### Grafana/Graphite settings #### + ## TBD diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml new file mode 100644 index 00000000..821ad0c2 --- /dev/null +++ b/environments/neutron-ml2-ovn.yaml @@ -0,0 +1,18 @@ +# A Heat environment file which can be used to enable OVN +# extensions, configured via puppet +resource_registry: + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml + +parameter_defaults: + NeutronMechanismDrivers: ovn + OVNDbHost: '0.0.0.0' + OVNSouthboundServerPort: 6642 + OVNNorthboundServerPort: 6641 + OVNDbConnectionTimeout: 60 + OVNVifType: ovs + OVNNeutronSyncMode: log + OVNQosDriver: ovn-qos + OVNTunnelEncapType: geneve diff --git a/environments/neutron-opencontrail.yaml b/environments/neutron-opencontrail.yaml index f2209ce2..51575b86 100644 --- a/environments/neutron-opencontrail.yaml +++ b/environments/neutron-opencontrail.yaml @@ -13,7 +13,7 @@ resource_registry: parameter_defaults: NeutronCorePlugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2 - NeutronServicePlugins: neutron_plugin_contrail.plugins.opencontrail.loadbalancer.plugin.LoadBalancerPlugin + NeutronServicePlugins: neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2 NeutronTunnelTypes: '' # required params: diff --git a/environments/neutron-opendaylight-l3.yaml b/environments/neutron-opendaylight-l3.yaml index d61270b2..00be3048 100644 --- a/environments/neutron-opendaylight-l3.yaml +++ b/environments/neutron-opendaylight-l3.yaml @@ -2,12 +2,12 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None - OS::TripleO::Services::OpenDaylight: puppet/services/opendaylight-api.yaml - OS::TripleO::Services::OpenDaylightOvs: puppet/services/opendaylight-ovs.yaml + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None + OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml + OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml OS::TripleO::Services::NeutronL3Agent: OS::Heat::None parameter_defaults: - EnableOpenDaylightOnController: true NeutronEnableForceMetadata: true NeutronMechanismDrivers: 'opendaylight' NeutronServicePlugins: "networking_odl.l3.l3_odl.OpenDaylightL3RouterPlugin" diff --git a/environments/neutron-opendaylight.yaml b/environments/neutron-opendaylight.yaml index 8fa2e542..35c90aab 100644 --- a/environments/neutron-opendaylight.yaml +++ b/environments/neutron-opendaylight.yaml @@ -2,10 +2,10 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None - OS::TripleO::Services::OpenDaylight: puppet/services/opendaylight-api.yaml - OS::TripleO::Services::OpenDaylightOvs: puppet/services/opendaylight-ovs.yaml + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None + OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml + OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml parameter_defaults: - EnableOpenDaylightOnController: true NeutronEnableForceMetadata: true NeutronMechanismDrivers: 'opendaylight' diff --git a/environments/neutron-ovs-dpdk.yaml b/environments/neutron-ovs-dpdk.yaml new file mode 100644 index 00000000..004b8ac0 --- /dev/null +++ b/environments/neutron-ovs-dpdk.yaml @@ -0,0 +1,18 @@ +## A Heat environment that can be used to deploy DPDK with OVS +resource_registry: + OS::TripleO::Services::ComputeNeutronOvsAgent: ../puppet/services/neutron-ovs-dpdk-agent.yaml + +parameter_defaults: + ## NeutronDpdkCoreList and NeutronDpdkMemoryChannels are REQUIRED settings. + ## Attempting to deploy DPDK without appropriate values will cause deployment to fail or lead to unstable deployments. + #NeutronDpdkCoreList: "" + #NeutronDpdkMemoryChannels: "" + + NeutronDatapathType: "netdev" + NeutronVhostuserSocketDir: "/var/run/openvswitch" + + #NeutronDpdkSocketMemory: "" + #NeutronDpdkDriverType: "vfio-pci" + #NovaReservedHostMemory: 4096 + #NovaVcpuPinSet: "" + diff --git a/environments/neutron-ovs-dvr.yaml b/environments/neutron-ovs-dvr.yaml index 223c2531..b658d3a5 100644 --- a/environments/neutron-ovs-dvr.yaml +++ b/environments/neutron-ovs-dvr.yaml @@ -9,6 +9,13 @@ resource_registry: # connected to a physical network. OS::TripleO::Compute::Net::SoftwareConfig: ../net-config-bridge.yaml + # DVR requires a port on the external network for each compute node. + # This will usually match the one currently in use for + # OS::TripleO::Controller::Ports::ExternalPort. + # Please review your network configuration before deploying to ensure that + # this is appropriate. + OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml + parameter_defaults: # DVR requires that the L2 population feature is enabled @@ -22,3 +29,11 @@ parameter_defaults: # We also need to set the proper agent mode for the L3 agent. This will only # affect the agent on the controller node. NeutronL3AgentMode: 'dvr_snat' + + # L3 HA isn't supported for DVR enabled routers. If upgrading from a system + # where L3 HA is enabled and has neutron routers configured, it is + # recommended setting this value to true until such time all routers can be + # migrated to DVR routers. Once migration of the routers is complete, + # NeutronL3HA can be returned to false. All new systems should be deployed + # with NeutronL3HA set to false. + NeutronL3HA: false diff --git a/environments/neutron-sriov.yaml b/environments/neutron-sriov.yaml new file mode 100755 index 00000000..9b7e51f9 --- /dev/null +++ b/environments/neutron-sriov.yaml @@ -0,0 +1,22 @@ +## A Heat environment that can be used to deploy SR-IOV +resource_registry: + OS::TripleO::Services::NeutronSriovAgent: ../puppet/services/neutron-sriov-agent.yaml + +parameter_defaults: + NeutronMechanismDrivers: ['openvswitch','sriovnicswitch'] + + # Add PciPassthroughFilter to the scheduler default filters + #NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter'] + #NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"] + + # Provide the vendorid:productid of the VFs + #NeutronSupportedPCIVendorDevs: ['8086:154c','8086:10ca','8086:1520'] + + #NeutronPhysicalDevMappings: "datacentre:ens20f2" + + # Number of VFs that needs to be configured for a physical interface + #NeutronSriovNumVFs: "ens20f2:5" + + #NovaPCIPassthrough: + # - devname: "ens20f2" + # physical_network: "datacentre" diff --git a/environments/services/haproxy-internal-tls-certmonger.yaml b/environments/services/haproxy-internal-tls-certmonger.yaml new file mode 100644 index 00000000..074fec4d --- /dev/null +++ b/environments/services/haproxy-internal-tls-certmonger.yaml @@ -0,0 +1,4 @@ +# A Heat environment file which can be used to enable a +# a TLS for HAProxy via certmonger +resource_registry: + OS::TripleO::Services::HAProxyInternalTLS: ../../puppet/services/haproxy-internal-tls-certmonger.yaml diff --git a/environments/services/haproxy-public-tls-certmonger.yaml b/environments/services/haproxy-public-tls-certmonger.yaml new file mode 100644 index 00000000..d3ad3ad4 --- /dev/null +++ b/environments/services/haproxy-public-tls-certmonger.yaml @@ -0,0 +1,4 @@ +# A Heat environment file which can be used to enable a +# a TLS for HAProxy via certmonger +resource_registry: + OS::TripleO::Services::HAProxyPublicTLS: ../../puppet/services/haproxy-public-tls-certmonger.yaml diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index 7c8e850c..0a0996d3 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -8,6 +8,9 @@ parameter_defaults: CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} + CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index 80595c6c..5a2b8839 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -8,6 +8,9 @@ parameter_defaults: CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'} CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'} + CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml new file mode 100644 index 00000000..4c466fae --- /dev/null +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -0,0 +1,55 @@ +# Use this environment when deploying an overcloud where all the endpoints are +# DNS names and there's TLS in all endpoint types. +parameter_defaults: + EndpointMap: + AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} + AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'} + AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'} + CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} + CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'} + CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'} + CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} + CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} + CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} + GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} + GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} + GlanceRegistryInternal: {protocol: 'https', port: '9191', host: 'CLOUDNAME'} + GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} + GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} + GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} + HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} + HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'} + HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'} + HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} + HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'} + HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'} + HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'} + IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} + IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'} + IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'} + KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'} + KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'} + KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} + ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} + ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'} + ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'} + MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'} + NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} + NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'} + NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} + NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} + NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} + NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} + NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} + NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} + SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} + SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} + SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} + SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} diff --git a/environments/use-dns-for-vips.yaml b/environments/use-dns-for-vips.yaml new file mode 100644 index 00000000..daf07bc7 --- /dev/null +++ b/environments/use-dns-for-vips.yaml @@ -0,0 +1,5 @@ +# A Heat environment file which can be used to disable the writing of the VIPs +# to the /etc/hosts file in the overcloud. Use this in case you have a working +# DNS server that you will provide for the overcloud. +resource_registry: + OS::TripleO::Services::VipHosts: OS::Heat::None |