summaryrefslogtreecommitdiffstats
path: root/capabilities-map.yaml
blob: 35ff2daac0df6678e96f70682b2e38493bbf70c4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
# This file holds metadata about the capabilities of the tripleo-heat-templates
# repository for deployment using puppet. It groups configuration by topic,
# describes possible combinations of environments and resource capabilities.

# topics:
# High Level grouping by purpose of environments
# Attributes:
#  title: (required)
#  description: (optional)
#  environment_groups: (required)

# environment_groups:
# Identifies a group of environments.
# Attributes:
#  title: (optional)
#  description: (optional)
#  tags: a list of tags to provide additional information for e.g. filtering (optional)
#  environments: (required)
#  mutually_exclusive: (optional) boolean to identify that environments in group are mutually exclusive

# environments:
# List of environments in environment group
# Attributes:
#  file: a file name including path within repository (required)
#  title: (required)
#  description: (optional)
#  requires: an array of environments which are required by this environment (optional)

topics:
  - title: General Deployment Options
    description:
    environment_groups:
      - name: general-deployment-options
        title:
        description: Enables base configuration for all resources required for OpenStack Deployment
        environments:
          - file: overcloud-resource-registry-puppet.yaml
            title: Base resources configuration
            description:
      - title: Containerized Deployment
        description: >
          Configures Deployment to use containerized services
        environments:
          - file: environments/docker.yaml
            title: Containerized Deployment
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: High Availability
        description: Enables configuration of an Overcloud Controller with Pacemaker
        environments:
          - file: environments/puppet-pacemaker.yaml
            title: High Availability (Pacemaker)
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Network Configuration
    description:
    environment_groups:
      - title: Network Isolation
        description:
        environments:
          - file: environments/network-isolation.yaml
            title: Network Isolation
            description: >
              Enable the creation of Neutron networks for
              isolated Overcloud traffic and configure each role to assign ports
              (related to that role) on these networks.
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/network-isolation-v6.yaml
            title: Network Isolation IPv6
            description: >
              Enable the creation of IPv6 Neutron networks for isolated Overcloud
              traffic and configure each role to assign ports (related
              to that role) on these networks.
            requires:
              - overcloud-resource-registry-puppet.yaml
        mutually_exclusive: true
      - title: NICs, Bonding, VLANs Configuration
        description: >
          Choose one of the pre-defined configurations or provide custom
          network-environment.yaml instead. Note that pre-defined configuration work
          only with standard Roles and Networks. These options assume use of Network Isolation.
        environments:
          - file: environments/net-bond-with-vlans.yaml
            title: Bond with Vlans
            description: >
              Configure each role to use a pair of bonded nics (nic2 and
              nic3) and configures an IP address on each relevant isolated network
              for each role. This option assumes use of Network Isolation.
            requires:
              - environments/network-isolation.yaml
          - file: environments/net-bond-with-vlans-no-external.yaml
            title: Bond with Vlans No External Ports
            description: >
              Configure each role to use a pair of bonded nics (nic2 and
              nic3) and configures an IP address on each relevant isolated network
              for each role. This option assumes use of Network Isolation.
              Sets external ports to noop.
            requires:
              - environments/network-isolation.yaml
          - file: environments/net-bond-with-vlans-v6.yaml
            title: Bond with Vlans IPv6
            description: >
              Configure each role to use a pair of bonded nics (nic2 and
              nic3) and configures an IP address on each relevant isolated network
              for each role, with IPv6 on the External network.
              This option assumes use of Network Isolation IPv6.
            requires:
              - environments/network-isolation-v6.yaml
          - file: environments/net-multiple-nics.yaml
            title: Multiple NICs
            description: >
              Configures each role to use a separate NIC for
              each isolated network.
              This option assumes use of Network Isolation.
            requires:
              - environments/network-isolation.yaml
          - file: environments/net-multiple-nics-v6.yaml
            title: Multiple NICs IPv6
            description: >
              Configure each role to use a separate NIC for
              each isolated network with IPv6 on the External network.
              This option assumes use of Network Isolation IPv6.
            requires:
              - environments/network-isolation-v6.yaml
          - file: environments/net-single-nic-with-vlans.yaml
            title: Single NIC with Vlans
            description: >
              Configure each role to use Vlans on a single NIC for
              each isolated network. This option assumes use of Network Isolation.
            requires:
              - environments/network-isolation.yaml
          - file: environments/net-single-nic-with-vlans-no-external.yaml
            title: Single NIC with Vlans No External Ports
            description: >
              Configure each role to use Vlans on a single NIC for
              each isolated network. This option assumes use of Network Isolation.
              Sets external ports to noop.
            requires:
              - environments/network-isolation.yaml
          - file: environments/net-single-nic-linux-bridge-with-vlans.yaml
            title: Single NIC with Linux Bridge Vlans
            description: >
              Configure each role to use Vlans on a single NIC for
              each isolated network. This option assumes use of Network Isolation.
            requires:
              - environments/network-isolation.yaml
          - file: environments/net-single-nic-with-vlans-v6.yaml
            title: Single NIC with Vlans IPv6
            description: >
              Configures each role to use Vlans on a single NIC for
              each isolated network with IPv6 on the External network.
              This option assumes use of Network Isolation IPv6
            requires:
              - environments/network-isolation-v6.yaml
        mutually_exclusive: true
      - title: Management Network
        description: >
          Enable the creation of a system management network. This
          creates a Neutron network for isolated Overcloud
          system management traffic and configures each role to
          assign a port (related to that role) on that network.
        environments:
          - file: environments/network-management.yaml
            title: Management Network
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/network-management-v6.yaml
            title: Management Network IPv6
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
        mutually_exclusive: true

      - title: Docker Network
        description: >
          [Temporary] Use this option when deploying containerized deployment
          without network isolation
        environments:
          - file: environments/docker-network.yaml
            title: Docker network
            description:
            requires:
              - environments/docker.yaml

      - title: External load balancer
        description: >
          Enable external load balancer, requires network Isolation to be enabled.
          Note that this option assumes standard isolated networks set.
        environments:
          - file: environments/external-loadbalancer-vip.yaml
            title: External load balancer IPv4
            description: >
            requires:
              - environments/network-isolation.yaml
          - file: environments/external-loadbalancer-vip-v6.yaml
            title: External load balancer IPv6
            description: >
            requires:
              - environments/network-isolation-v6.yaml
        mutually_exclusive: true

  - title: Neutron Plugin Configuration
    description:
    environment_groups:
      - title: Neutron Plugins
        description: >
          Enable various Neutron plugins and backends
        environments:
          - file: environments/neutron-bgpvpn.yaml
            title: Neutron BGPVPN Service Plugin
            description: Enables Neutron BGPVPN Service Plugin
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/services/neutron-lbaasv2.yaml
            title: Neutron LBaaSv2 Service Plugin
            description: Enables Neutron LBaaSv2 Service Plugin and Agent
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ml2-bigswitch.yaml
            title: BigSwitch Extensions
            description: >
              Enable Big Switch extensions, configured via puppet
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ml2-cisco-n1kv.yaml
            title: Cisco N1KV backend
            description: >
              Enable a Cisco N1KV backend, configured via puppet
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
            title: Cisco Neutron plugin
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/networking/neutron-midonet.yaml
            title: Neutron MidoNet Services
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-nuage-config.yaml
            title: Neutron Nuage backend
            description: Enables Neutron Nuage backend on the controller
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-opendaylight.yaml
            title: OpenDaylight
            description: Enables OpenDaylight
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ovs-dpdk.yaml
            title: DPDK with OVS
            description: Deploy DPDK with OVS
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ovs-dvr.yaml
            title: DVR
            description: Enables DVR in the Overcloud
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-plumgrid.yaml
            title: PLUMgrid extensions
            description: Enables PLUMgrid extensions
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ml2-fujitsu-cfab.yaml
            title: Fujitsu Neutron plugin for C-Fabric
            description: Enable C-Fabric in the overcloud
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ml2-fujitsu-fossw.yaml
            title: Fujitsu Neutron plugin for FOS
            description: Enable FOS in the overcloud
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-nsx.yaml
            title: Deploy NSX Services
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-l2gw.yaml
            title: Neutron L2 gateway Service Plugin
            description: Enables Neutron L2 gateway Service Plugin and Agent
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Storage
    description:
    environment_groups:
      - title: Cinder backends
        description: >
          Enable various Cinder backends
        environments:
          - file: environments/cinder-pure-config.yaml
            title: Cinder Pure Storage FlashArray backend
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/storage/cinder-netapp-config.yaml
            title: Cinder NetApp backend
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/cinder-dellsc-config.yaml
            title: Cinder Dell EMC Storage Center ISCSI backend
            description: >
              Enables a Cinder Dell EMC Storage Center ISCSI backend
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/cinder-dellemc-unity-config.yaml
            title: Cinder Dell EMC Unity backend
            description: >
              Enables a Cinder Dell EMC Unity backend,
          - file: environments/cinder-dellemc-vmax-iscsi-config.yaml
            title: Cinder Dell EMC VMAX ISCSI backend
            description: >
              Enables a Cinder Dell EMC VMAX ISCSI backend,
              configured via puppet
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/cinder-hpelefthand-config.yaml
            title: Cinder HPELeftHandISCSI backend
            description: >
              Enables a Cinder HPELeftHandISCSI backend
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/cinder-dellps-config.yaml
            title: Cinder Dell EMC PS Series backend
            description: >
              Enables a Cinder Dell EMC PS Series backend
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/cinder-iser.yaml
            title: Cinder iSER backend
            description: >
              Enable a Cinder iSER RDMA backend, configured via puppet
          - file: environments/cinder-scaleio-config.yaml
            title: Cinder Dell EMC ScaleIO backend
            description: >
              Enables a Cinder Dell EMC ScaleIO backend
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/cinder-veritas-hyperscale-config.yaml
            title: Cinder Veritas HyperScale backend
            description: >
              Enables a Cinder Veritas HyperScale backend,
              configured via puppet
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Cinder backup service
        description:
        environments:
          - file: environments/cinder-backup.yaml
            title: Cinder backup service
            description: >
              OpenStack Cinder Backup service with Pacemaker
            requires:
              - environments/puppet-pacemaker.yaml
              - overcloud-resource-registry-puppet.yaml
      - title: Ceph
        description: >
          Enable the use of Ceph in the overcloud
        environments:
          - file: environments/puppet-ceph.yaml
            title: Ceph Storage Backend
            description: >
              Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
              use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
              colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/storage/external-ceph.yaml
            title: Externally managed Ceph
            description: >
              Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
            requires:
              - overcloud-resource-registry-puppet.yaml
        mutually_exclusive: true
      - title: Additional Ceph Options
        description:
        environments:
          - file: environments/services/ceph-mds.yaml
            title: Deploys CephMDS
            description: >
              Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
              filesystems hosted in Ceph.
            requires:
              - environments/puppet-ceph.yaml
          - file: environments/ceph-radosgw.yaml
            title: Ceph Rados Gateway
            description: >
              Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
              which stores data in the Ceph cluster.
            requires:
              - environments/puppet-ceph.yaml
          - file: environments/manila-cephfsnative-config.yaml
            title: Manila with CephFS
            description: >
              Deploys Manila and configures it with the CephFS driver. This requires the deployment of
              Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Manila with Unity
        description: >
          Deploys Manila and configures it with the Unity driver.
        environments:
          - file: environments/manila-unity-config.yaml
            title: Deploys Manila with Unity driver
            description: Deploys Manila and configures Unity as its default backend.
      - title: Manila with VNX
        description: >
          Deploys Manila and configures it with the VNX driver.
        environments:
          - file: environments/manila-vnx-config.yaml
            title: Deploys Manila with VNX driver
            description: Deploys Manila and configures VNX as its default backend.
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Glance backends
        description:
        environments:
          - file: environments/storage/glance-nfs.yaml
            title: Glance NFS Backend
            description: |
              Configure and enable this option to enable the use of an NFS
              share as the backend for Glance.
            requires:
              - overcloud-resource-registry-puppet.yaml


  - title: Security
    description: Security Hardening Options
    environment_groups:
      - title: TLS
        description:
        environments:
          - file: environments/ssl/enable-tls.yaml
            title: SSL on OpenStack Public Endpoints
            description: >
              Use this option to pass in certificates for SSL deployments.
              For these values to take effect, one of the TLS endpoints
              options must also be used.
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: TLS Endpoints
        description:
        environments:
          - file: environments/ssl/tls-endpoints-public-dns.yaml
            title: SSL-enabled deployment with DNS name as public endpoint
            description: >
              Use this option when deploying an SSL-enabled overcloud where the public
              endpoint is a DNS name.
            requires:
              - environments/ssl/enable-tls.yaml
          - file: environments/ssl/tls-everywhere-endpoints-dns.yaml
            title: Deploy All SSL Endpoints as DNS names
            description: >
              Use this option when deploying an overcloud where all the endpoints are
              DNS names and there's TLS in all endpoint types.
            requires:
              - environments/ssl/enable-tls.yaml
          - file: environments/ssl/tls-endpoints-public-ip.yaml
            title: SSL-enabled deployment with IP address as public endpoint
            description: >
              Use this option when deploying an SSL-enabled overcloud where the public
              endpoint is an IP address.
            requires:
              - environments/ssl/enable-tls.yaml
        mutually_exclusive: true
      - title: SSH Banner Text
        description: Enables population of SSH Banner Text
        environments:
          - file: environments/sshd-banner.yaml
            title: SSH Banner Text
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Horizon Password Validation
        description: Enable Horizon Password validation
        environments:
          - file: environments/horizon_password_validation.yaml
            title: Horizon Password Validation
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: AuditD Rules
        description:  Management of AuditD rules
        environments:
          - file: environments/auditd.yaml
            title: AuditD Rule Management
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Keystone CADF auditing
        description: Enable CADF notifications in Keystone for auditing
        environments:
          - file: environments/cadf.yaml
            title: Keystone CADF auditing
      - title: SecureTTY Values
        description: Set values within /etc/securetty
        environments:
          - file: environments/securetty.yaml
            title: SecureTTY Values

  - title: Additional Services
    description:
    environment_groups:
      - title:
        description: Deploy additional services
        environments:
          - file: environments/services/manila-generic-config.yaml
            title: Barbican
            description: Enable Barbican with the default secret store backend
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/manila-generic-config.yaml
            title: Manila
            description: Enable Manila with generic driver backend
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/services/sahara.yaml
            title: Sahara
            description: Deploy Sahara service
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/services/ironic.yaml
            title: Ironic
            description: Deploy Ironic service
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/services/mistral.yaml
            title: Mistral
            description: Deploy Mistral service
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/services/ec2-api.yaml
            title: EC2 API
            description: Enable EC2-API service
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/services/zaqar.yaml
            title: Zaqar
            description: Deploy Zaqar service
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Nova Extensions
    description:
    environment_groups:
      - title: Nova Extensions
        description:
        environments:
          - file: environments/nova-nuage-config.yaml
            title: Nuage backend
            description: >
              Enables Nuage backend on the Compute
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Operational Tools
    description:
    environment_groups:
      - title: Monitoring agents
        description: Enable monitoring agents
        environments:
          - file: environments/monitoring-environment.yaml
            title: Monitoring agents
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Centralized logging support
        description: Enable centralized logging clients (fluentd)
        environments:
          - file: environments/logging-environment.yaml
            title: fluentd client
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Performance monitoring
        description: Enable performance monitoring agents
        environments:
          - file: environments/collectd-environment.yaml
            title: Performance monitoring agents
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Utilities
    description:
    environment_groups:
      - title: Config Debug
        description: Enable config management (e.g. Puppet) debugging
        environments:
          - file: environments/config-debug.yaml
            title: Config Debug
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Disable journal in MongoDb
        description: >
          Since, when journaling is enabled, MongoDb will create big journal
          file it can take time. In a CI environment for example journaling is
          not necessary.
        environments:
          - file: environments/mongodb-nojournal.yaml
            title: Disable journal in MongoDb
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Overcloud Steps
        description: >
          Specifies hooks/breakpoints where overcloud deployment should stop
          Allows operator validation between steps, and/or more granular control.
          Note: the wildcards relate to naming convention for some resource suffixes,
          e.g see puppet/*-post.yaml, enabling this will mean we wait for
          a user signal on every *Deployment_StepN resource defined in those files.
        tags:
          - no-gui
        environments:
          - file: environments/overcloud-steps.yaml
            title: Overcloud Steps
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml