summaryrefslogtreecommitdiffstats
path: root/capabilities-map.yaml
blob: fdf2ad63e83b72c3a9e7086c390e6d31e304f9a6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
# This file holds metadata about the capabilities of the tripleo-heat-templates
# repository for deployment using puppet. It groups configuration by topic,
# describes possible combinations of environments and resource capabilities.

# topics:
# High Level grouping by purpose of environments
# Attributes:
#  title: (required)
#  description: (optional)
#  environment_groups: (required)

# environment_groups:
# Identifies a group of environments.
# Attributes:
#  title: (optional)
#  description: (optional)
#  tags: a list of tags to provide additional information for e.g. filtering (optional)
#  environments: (required)
#  mutually_exclusive: (optional) boolean to identify that environments in group are mutually exclusive

# environments:
# List of environments in environment group
# Attributes:
#  file: a file name including path within repository (required)
#  title: (required)
#  description: (optional)
#  requires: an array of environments which are required by this environment (optional)

topics:
  - title: General Deployment Options
    description:
    environment_groups:
      - name: general-deployment-options
        title:
        description: Enables base configuration for all resources required for OpenStack Deployment
        environments:
          - file: overcloud-resource-registry-puppet.yaml
            title: Base resources configuration
            description:
      - title: Containerized Deployment
        description: >
          Configures Deployment to use containerized services
        environments:
          - file: environments/docker.yaml
            title: Containerized Deployment
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: High Availability
        description: Enables configuration of an Overcloud Controller with Pacemaker
        environments:
          - file: environments/puppet-pacemaker.yaml
            title: High Availability (Pacemaker)
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Network Configuration
    description:
    environment_groups:
      - title: Network Isolation
        description:
        environments:
          - file: environments/network-isolation.yaml
            title: Network Isolation
            description: >
              Enable the creation of Neutron networks for
              isolated Overcloud traffic and configure each role to assign ports
              (related to that role) on these networks.
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/network-isolation-v6.yaml
            title: Network Isolation IPv6
            description: >
              Enable the creation of IPv6 Neutron networks for isolated Overcloud
              traffic and configure each role to assign ports (related
              to that role) on these networks.
            requires:
              - overcloud-resource-registry-puppet.yaml
        mutually_exclusive: true
      - title: NICs, Bonding, VLANs Configuration
        description: >
          Choose one of the pre-defined configurations or provide custom
          network-environment.yaml instead. Note that pre-defined configuration work
          only with standard Roles and Networks. These options assume use of Network Isolation.
        environments:
          - file: environments/net-bond-with-vlans.yaml
            title: Bond with Vlans
            description: >
              Configure each role to use a pair of bonded nics (nic2 and
              nic3) and configures an IP address on each relevant isolated network
              for each role. This option assumes use of Network Isolation.
            requires:
              - environments/network-isolation.yaml
          - file: environments/net-bond-with-vlans-no-external.yaml
            title: Bond with Vlans No External Ports
            description: >
              Configure each role to use a pair of bonded nics (nic2 and
              nic3) and configures an IP address on each relevant isolated network
              for each role. This option assumes use of Network Isolation.
              Sets external ports to noop.
            requires:
              - environments/network-isolation.yaml
          - file: environments/net-bond-with-vlans-v6.yaml
            title: Bond with Vlans IPv6
            description: >
              Configure each role to use a pair of bonded nics (nic2 and
              nic3) and configures an IP address on each relevant isolated network
              for each role, with IPv6 on the External network.
              This option assumes use of Network Isolation IPv6.
            requires:
              - environments/network-isolation-v6.yaml
          - file: environments/net-multiple-nics.yaml
            title: Multiple NICs
            description: >
              Configures each role to use a separate NIC for
              each isolated network.
              This option assumes use of Network Isolation.
            requires:
              - environments/network-isolation.yaml
          - file: environments/net-multiple-nics-v6.yaml
            title: Multiple NICs IPv6
            description: >
              Configure each role to use a separate NIC for
              each isolated network with IPv6 on the External network.
              This option assumes use of Network Isolation IPv6.
            requires:
              - environments/network-isolation-v6.yaml
          - file: environments/net-single-nic-with-vlans.yaml
            title: Single NIC with Vlans
            description: >
              Configure each role to use Vlans on a single NIC for
              each isolated network. This option assumes use of Network Isolation.
            requires:
              - environments/network-isolation.yaml
          - file: environments/net-single-nic-with-vlans-no-external.yaml
            title: Single NIC with Vlans No External Ports
            description: >
              Configure each role to use Vlans on a single NIC for
              each isolated network. This option assumes use of Network Isolation.
              Sets external ports to noop.
            requires:
              - environments/network-isolation.yaml
          - file: environments/net-single-nic-linux-bridge-with-vlans.yaml
            title: Single NIC with Linux Bridge Vlans
            description: >
              Configure each role to use Vlans on a single NIC for
              each isolated network. This option assumes use of Network Isolation.
            requires:
              - environments/network-isolation.yaml
          - file: environments/net-single-nic-with-vlans-v6.yaml
            title: Single NIC with Vlans IPv6
            description: >
              Configures each role to use Vlans on a single NIC for
              each isolated network with IPv6 on the External network.
              This option assumes use of Network Isolation IPv6
            requires:
              - environments/network-isolation-v6.yaml
        mutually_exclusive: true
      - title: Management Network
        description: >
          Enable the creation of a system management network. This
          creates a Neutron network for isolated Overcloud
          system management traffic and configures each role to
          assign a port (related to that role) on that network.
        environments:
          - file: environments/network-management.yaml
            title: Management Network
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/network-management-v6.yaml
            title: Management Network IPv6
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
        mutually_exclusive: true

      - title: Docker Network
        description: >
          [Temporary] Use this option when deploying containerized deployment
          without network isolation
        environments:
          - file: environments/docker-network.yaml
            title: Docker network
            description:
            requires:
              - environments/docker.yaml

      - title: External load balancer
        description: >
          Enable external load balancer, requires network Isolation to be enabled.
          Note that this option assumes standard isolated networks set.
        environments:
          - file: environments/external-loadbalancer-vip.yaml
            title: External load balancer IPv4
            description: >
            requires:
              - environments/network-isolation.yaml
          - file: environments/external-loadbalancer-vip-v6.yaml
            title: External load balancer IPv6
            description: >
            requires:
              - environments/network-isolation-v6.yaml
        mutually_exclusive: true

  - title: Neutron Plugin Configuration
    description:
    environment_groups:
      - title: Neutron Plugins
        description: >
          Enable various Neutron plugins and backends
        environments:
          - file: environments/neutron-bgpvpn.yaml
            title: Neutron BGPVPN Service Plugin
            description: Enables Neutron BGPVPN Service Plugin
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/services/neutron-lbaasv2.yaml
            title: Neutron LBaaSv2 Service Plugin
            description: Enables Neutron LBaaSv2 Service Plugin and Agent
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ml2-bigswitch.yaml
            title: BigSwitch Extensions
            description: >
              Enable Big Switch extensions, configured via puppet
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ml2-cisco-n1kv.yaml
            title: Cisco N1KV backend
            description: >
              Enable a Cisco N1KV backend, configured via puppet
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
            title: Cisco Neutron plugin
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/networking/neutron-midonet.yaml
            title: Neutron MidoNet Services
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-nuage-config.yaml
            title: Neutron Nuage backend
            description: Enables Neutron Nuage backend on the controller
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-opendaylight.yaml
            title: OpenDaylight
            description: Enables OpenDaylight
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ovs-dpdk.yaml
            title: DPDK with OVS
            description: Deploy DPDK with OVS
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ovs-dvr.yaml
            title: DVR
            description: Enables DVR in the Overcloud
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-plumgrid.yaml
            title: PLUMgrid extensions
            description: Enables PLUMgrid extensions
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ml2-fujitsu-cfab.yaml
            title: Fujitsu Neutron plugin for C-Fabric
            description: Enable C-Fabric in the overcloud
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ml2-fujitsu-fossw.yaml
            title: Fujitsu Neutron plugin for FOS
            description: Enable FOS in the overcloud
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-nsx.yaml
            title: Deploy NSX Services
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-l2gw.yaml
            title: Neutron L2 gateway Service Plugin
            description: Enables Neutron L2 gateway Service Plugin and Agent
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Storage
    description:
    environment_groups:
      - title: Cinder backends
        description: >
          Enable various Cinder backends
        environments:
          - file: environments/cinder-pure-config.yaml
            title: Cinder Pure Storage FlashArray backend
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/storage/cinder-netapp-config.yaml
            title: Cinder NetApp backend
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/cinder-dellsc-config.yaml
            title: Cinder Dell EMC Storage Center ISCSI backend
            description: >
              Enables a Cinder Dell EMC Storage Center ISCSI backend
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/cinder-hpelefthand-config.yaml
            title: Cinder HPELeftHandISCSI backend
            description: >
              Enables a Cinder HPELeftHandISCSI backend
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/cinder-dellps-config.yaml
            title: Cinder Dell EMC PS Series backend
            description: >
              Enables a Cinder Dell EMC PS Series backend
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/cinder-iser.yaml
            title: Cinder iSER backend
            description: >
              Enable a Cinder iSER RDMA backend, configured via puppet
          - file: environments/cinder-scaleio-config.yaml
            title: Cinder Dell EMC ScaleIO backend
            description: >
              Enables a Cinder Dell EMC ScaleIO backend
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/cinder-veritas-hyperscale-config.yaml
            title: Cinder Veritas HyperScale backend
            description: >
              Enables a Cinder Veritas HyperScale backend,
              configured via puppet
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Cinder backup service
        description:
        environments:
          - file: environments/cinder-backup.yaml
            title: Cinder backup service
            description: >
              OpenStack Cinder Backup service with Pacemaker
            requires:
              - environments/puppet-pacemaker.yaml
              - overcloud-resource-registry-puppet.yaml
      - title: Ceph
        description: >
          Enable the use of Ceph in the overcloud
        environments:
          - file: environments/puppet-ceph.yaml
            title: Ceph Storage Backend
            description: >
              Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
              use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
              colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/storage/external-ceph.yaml
            title: Externally managed Ceph
            description: >
              Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
            requires:
              - overcloud-resource-registry-puppet.yaml
        mutually_exclusive: true
      - title: Additional Ceph Options
        description:
        environments:
          - file: environments/services/ceph-mds.yaml
            title: Deploys CephMDS
            description: >
              Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
              filesystems hosted in Ceph.
            requires:
              - environments/puppet-ceph.yaml
          - file: environments/ceph-radosgw.yaml
            title: Ceph Rados Gateway
            description: >
              Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
              which stores data in the Ceph cluster.
            requires:
              - environments/puppet-ceph.yaml
          - file: environments/manila-cephfsnative-config.yaml
            title: Manila with CephFS
            description: >
              Deploys Manila and configures it with the CephFS driver. This requires the deployment of
              Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Glance backends
        description:
        environments:
          - file: environments/storage/glance-nfs.yaml
            title: Glance NFS Backend
            description: |
              Configure and enable this option to enable the use of an NFS
              share as the backend for Glance.
            requires:
              - overcloud-resource-registry-puppet.yaml


  - title: Security
    description: Security Hardening Options
    environment_groups:
      - title: TLS
        description:
        environments:
          - file: environments/ssl/enable-tls.yaml
            title: SSL on OpenStack Public Endpoints
            description: >
              Use this option to pass in certificates for SSL deployments.
              For these values to take effect, one of the TLS endpoints
              options must also be used.
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: TLS Endpoints
        description:
        environments:
          - file: environments/ssl/tls-endpoints-public-dns.yaml
            title: SSL-enabled deployment with DNS name as public endpoint
            description: >
              Use this option when deploying an SSL-enabled overcloud where the public
              endpoint is a DNS name.
            requires:
              - environments/ssl/enable-tls.yaml
          - file: environments/ssl/tls-everywhere-endpoints-dns.yaml
            title: Deploy All SSL Endpoints as DNS names
            description: >
              Use this option when deploying an overcloud where all the endpoints are
              DNS names and there's TLS in all endpoint types.
            requires:
              - environments/ssl/enable-tls.yaml
          - file: environments/ssl/tls-endpoints-public-ip.yaml
            title: SSL-enabled deployment with IP address as public endpoint
            description: >
              Use this option when deploying an SSL-enabled overcloud where the public
              endpoint is an IP address.
            requires:
              - environments/ssl/enable-tls.yaml
        mutually_exclusive: true
      - title: SSH Banner Text
        description: Enables population of SSH Banner Text
        environments:
          - file: environments/sshd-banner.yaml
            title: SSH Banner Text
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Horizon Password Validation
        description: Enable Horizon Password validation
        environments:
          - file: environments/horizon_password_validation.yaml
            title: Horizon Password Validation
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: AuditD Rules
        description:  Management of AuditD rules
        environments:
          - file: environments/auditd.yaml
            title: AuditD Rule Management
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Keystone CADF auditing
        description: Enable CADF notifications in Keystone for auditing
        environments:
          - file: environments/cadf.yaml
            title: Keystone CADF auditing
      - title: SecureTTY Values
        description: Set values within /etc/securetty
        environments:
          - file: environments/securetty.yaml
            title: SecureTTY Values

  - title: Additional Services
    description:
    environment_groups:
      - title:
        description: Deploy additional services
        environments:
          - file: environments/services/manila-generic-config.yaml
            title: Barbican
            description: Enable Barbican with the default secret store backend
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/manila-generic-config.yaml
            title: Manila
            description: Enable Manila with generic driver backend
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/services/sahara.yaml
            title: Sahara
            description: Deploy Sahara service
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/services/ironic.yaml
            title: Ironic
            description: Deploy Ironic service
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/services/mistral.yaml
            title: Mistral
            description: Deploy Mistral service
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/services/ec2-api.yaml
            title: EC2 API
            description: Enable EC2-API service
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/services/zaqar.yaml
            title: Zaqar
            description: Deploy Zaqar service
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Nova Extensions
    description:
    environment_groups:
      - title: Nova Extensions
        description:
        environments:
          - file: environments/nova-nuage-config.yaml
            title: Nuage backend
            description: >
              Enables Nuage backend on the Compute
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Operational Tools
    description:
    environment_groups:
      - title: Monitoring agents
        description: Enable monitoring agents
        environments:
          - file: environments/monitoring-environment.yaml
            title: Monitoring agents
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Centralized logging support
        description: Enable centralized logging clients (fluentd)
        environments:
          - file: environments/logging-environment.yaml
            title: fluentd client
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Performance monitoring
        description: Enable performance monitoring agents
        environments:
          - file: environments/collectd-environment.yaml
            title: Performance monitoring agents
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Utilities
    description:
    environment_groups:
      - title: Config Debug
        description: Enable config management (e.g. Puppet) debugging
        environments:
          - file: environments/config-debug.yaml
            title: Config Debug
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Disable journal in MongoDb
        description: >
          Since, when journaling is enabled, MongoDb will create big journal
          file it can take time. In a CI environment for example journaling is
          not necessary.
        environments:
          - file: environments/mongodb-nojournal.yaml
            title: Disable journal in MongoDb
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Overcloud Steps
        description: >
          Specifies hooks/breakpoints where overcloud deployment should stop
          Allows operator validation between steps, and/or more granular control.
          Note: the wildcards relate to naming convention for some resource suffixes,
          e.g see puppet/*-post.yaml, enabling this will mean we wait for
          a user signal on every *Deployment_StepN resource defined in those files.
        tags:
          - no-gui
        environments:
          - file: environments/overcloud-steps.yaml
            title: Overcloud Steps
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml