summaryrefslogtreecommitdiffstats
path: root/capabilities-map.yaml
blob: 0af0e822643bf59e0527125ef4bc2524e8ff5494 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
# This file holds metadata about the capabilities of the tripleo-heat-templates
# repository for deployment using puppet. It groups configuration by topic,
# describes possible combinations of environments and resource capabilities.

# root_template: identifies repository's root template
# root_environment: identifies root_environment, this one is special in terms of
#   order in which the environments are merged before deploying. This one serves as
#   a base and it's parameters/resource_registry gets overridden by other environments
#   if used.

# topics:
# High Level grouping by purpose of environments
# Attributes:
#  title: (required)
#  description: (optional)
#  environment_groups: (required)

# environment_groups:
# Identifies an environment choice. If group includes multiple environments it
# indicates that environments in group are mutually exclusive.
# Attributes:
#  title: (optional)
#  description: (optional)
#  tags: a list of tags to provide additional information for e.g. filtering (optional)
#  environments: (required)

# environments:
# List of environments in environment group
# Attributes:
#  file: a file name including path within repository (required)
#  title: (required)
#  description: (optional)
#  requires: an array of environments which are required by this environment (optional)
#  resource_registry: [tbd] (optional)

# resource_registry:
# [tbd] Each environment can provide options on resource_registry level applicable
# only when that given environment is used. (resource_type of that environment can
# be implemented using multiple templates).

root_template: overcloud.yaml
root_environment: overcloud-resource-registry-puppet.yaml
topics:
  - title: Base Resources Configuration
    description:
    environment_groups:
      - title:
        description: Enable base configuration for all resources required for OpenStack Deployment
        environments:
          - file: overcloud-resource-registry-puppet.yaml
            title: Base resources configuration
            description:

  - title: Deployment Options
    description:
    environment_groups:
      - title: High Availability
        description: Enables configuration of an Overcloud controller with Pacemaker
        environments:
          - file: environments/puppet-pacemaker.yaml
            title: Pacemaker
            description: Enable configuration of an Overcloud controller with Pacemaker
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Pacemaker options
        description:
        environments:
          - file: environments/puppet-pacemaker-no-restart.yaml
            title: Pacemaker No Restart
            description:
            requires:
              - environments/puppet-pacemaker.yaml
              - overcloud-resource-registry-puppet.yaml
      - title: Docker RDO
        description: >
          Docker container with heat agents for containerized compute node
        environments:
          - file: environments/docker.yaml
            title: Docker RDO
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Enable TLS
        description: >
        environments:
          - file: environments/enable-tls.yaml
            title: TLS
            description: >
              Use this option to pass in certificates for SSL deployments.
              For these values to take effect, one of the TLS endpoints
              environments must also be used.
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: TLS Endpoints
        description: >
        environments:
          - file: environments/tls-endpoints-public-dns.yaml
            title: SSL-enabled deployment with DNS name as public endpoint
            description: >
              Use this environment when deploying an SSL-enabled overcloud where the public
              endpoint is a DNS name.
            requires:
              - environments/enable-tls.yaml
              - overcloud-resource-registry-puppet.yaml
          - file: environments/tls-endpoints-public-ip.yaml
            title: SSL-enabled deployment with IP address as public endpoint
            description: >
              Use this environment when deploying an SSL-enabled overcloud where the public
              endpoint is an IP address.
            requires:
              - environments/enable-tls.yaml
              - overcloud-resource-registry-puppet.yaml
      - title: External load balancer
        description: >
          Enable external load balancer
        environments:
          - file: environments/external-loadbalancer-vip-v6.yaml
            title: External load balancer IPv6
            description: >
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/external-loadbalancer-vip.yaml
            title: External load balancer IPv4
            description: >
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Additional Services
    description: Deploy additional Overcloud services
    environment_groups:
      - title: Manila
        description:
        environments:
          - file: environments/manila-generic-config.yaml
            title: Manila
            description: Enable Manila generic driver backend
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Sahara
        description:
        environments:
          - file: environments/services/sahara.yaml
            title: Sahara
            description: Deploy Sahara service
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Ironic
        description:
        environments:
          - file: environments/services/ironic.yaml
            title: Ironic
            description: Deploy Ironic service
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Mistral
        description:
        environments:
          - file: environments/services/mistral.yaml
            title: Mistral
            description: Deploy Mistral service
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Ceilometer Api
        description:
        environments:
          - file: environments/services/disable-ceilometer-api.yaml
            title: Ceilometer Api
            description: Disable Ceilometer Api service. This service is
              deprecated and will be removed in future releases. Please move
              to using gnocchi/aodh/panko apis instead.
            requires:
              - overcloud-resource-registry-puppet.yaml

  # - title: Network Interface Configuration
  #   description:
  #   environment_groups:

  - title: Overlay Network Configuration
    description:
    environment_groups:
      - title: Network Isolation
        description:
        environments:
          - file: environments/network-isolation.yaml
            title: Network Isolation
            description: >
              Enable the creation of Neutron networks for
              isolated Overcloud traffic and configure each role to assign ports
              (related to that role) on these networks.
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/network-isolation-v6.yaml
            title: Network Isolation IPv6
            description: >
              Enable the creation of IPv6 Neutron networks for isolated Overcloud
              traffic and configure each role to assign ports (related
              to that role) on these networks.
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Single NIC or Bonding
        description: >
          Configure roles to use pair of bonded nics or to use Vlans on a
          single nic. This option assumes use of Network Isolation.
        environments:
          - file: environments/net-bond-with-vlans.yaml
            title: Bond with Vlans
            description: >
              Configure each role to use a pair of bonded nics (nic2 and
              nic3) and configures an IP address on each relevant isolated network
              for each role. This option assumes use of Network Isolation.
            requires:
              - environments/network-isolation.yaml
              - overcloud-resource-registry-puppet.yaml
          - file: environments/net-bond-with-vlans-no-external.yaml
            title: Bond with Vlans No External Ports
            description: >
              Configure each role to use a pair of bonded nics (nic2 and
              nic3) and configures an IP address on each relevant isolated network
              for each role. This option assumes use of Network Isolation.
              Sets external ports to noop.
            requires:
              - environments/network-isolation.yaml
              - overcloud-resource-registry-puppet.yaml
          - file: environments/net-bond-with-vlans-v6.yaml
            title: Bond with Vlans IPv6
            description: >
              Configure each role to use a pair of bonded nics (nic2 and
              nic3) and configures an IP address on each relevant isolated network
              for each role, with IPv6 on the External network.
              This option assumes use of Network Isolation IPv6.
            requires:
              - environments/network-isolation-v6.yaml
              - overcloud-resource-registry-puppet.yaml
          - file: environments/net-multiple-nics.yaml
            title: Multiple NICs
            description: >
              Configures each role to use a separate NIC for
              each isolated network.
              This option assumes use of Network Isolation.
            requires:
              - environments/network-isolation.yaml
              - overcloud-resource-registry-puppet.yaml
          - file: environments/net-multiple-nics-v6.yaml
            title: Multiple NICs IPv6
            description: >
              Configure each role to use a separate NIC for
              each isolated network with IPv6 on the External network.
              This option assumes use of Network Isolation IPv6.
            requires:
              - environments/network-isolation-v6.yaml
              - overcloud-resource-registry-puppet.yaml
          - file: environments/net-single-nic-with-vlans.yaml
            title: Single NIC with Vlans
            description: >
              Configure each role to use Vlans on a single NIC for
              each isolated network. This option assumes use of Network Isolation.
            requires:
              - environments/network-isolation.yaml
              - overcloud-resource-registry-puppet.yaml
          - file: environments/net-single-nic-with-vlans-no-external.yaml
            title: Single NIC with Vlans No External Ports
            description: >
              Configure each role to use Vlans on a single NIC for
              each isolated network. This option assumes use of Network Isolation.
              Sets external ports to noop.
            requires:
              - environments/network-isolation.yaml
              - overcloud-resource-registry-puppet.yaml
          - file: environments/net-single-nic-linux-bridge-with-vlans.yaml
            title: Single NIC with Linux Bridge Vlans
            description: >
              Configure each role to use Vlans on a single NIC for
              each isolated network. This option assumes use of Network Isolation.
            requires:
              - environments/network-isolation.yaml
              - overcloud-resource-registry-puppet.yaml
          - file: environments/net-single-nic-with-vlans-v6.yaml
            title: Single NIC with Vlans IPv6
            description: >
              Configures each role to use Vlans on a single NIC for
              each isolated network with IPv6 on the External network.
              This option assumes use of Network Isolation IPv6
            requires:
              - environments/network-isolation-v6.yaml
              - overcloud-resource-registry-puppet.yaml
      - title: Management Network
        description: >
          Enable the creation of a system management network. This
          creates a Neutron network for isolated Overcloud
          system management traffic and configures each role to
          assign a port (related to that role) on that network.
        environments:
          - file: environments/network-management.yaml
            title: Management Network
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/network-management-v6.yaml
            title: Management Network IPv6
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Neutron Plugin Configuration
    description:
    environment_groups:
      - title: Neutron Plugins
        description: >
          Enable various Neutron plugins and backends
        environments:
          - file: environments/neutron-bgpvpn.yaml
            title: Neutron BGPVPN Service Plugin
            description: Enables Neutron BGPVPN Service Plugin
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ml2-bigswitch.yaml
            title: BigSwitch Extensions
            description: >
              Enable Big Switch extensions, configured via puppet
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ml2-cisco-n1kv.yaml
            title: Cisco N1KV backend
            description: >
              Enable a Cisco N1KV backend, configured via puppet
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
            title: Cisco Neutron plugin
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-midonet.yaml
            title: Deploy MidoNet Services
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-nuage-config.yaml
            title: Neutron Nuage backend
            description: Enables Neutron Nuage backend on the controller
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-opendaylight.yaml
            title: OpenDaylight
            description: Enables OpenDaylight
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ovs-dpdk.yaml
            title: DPDK with OVS
            description: Deploy DPDK with OVS
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ovs-dvr.yaml
            title: DVR
            description: Enables DVR in the Overcloud
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-plumgrid.yaml
            title: PLUMgrid extensions
            description: Enables PLUMgrid extensions
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ml2-fujitsu-cfab.yaml
            title: Fujitsu Neutron plugin for C-Fabric
            description: Enable C-Fabric in the overcloud
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-ml2-fujitsu-fossw.yaml
            title: Fujitsu Neutron plugin for FOS
            description: Enable FOS in the overcloud
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/neutron-l2gw.yaml
            title: Neutron L2 gateway Service Plugin
            description: Enables Neutron L2 gateway Service Plugin
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Nova Extensions
    description:
    environment_groups:
      - title: Nova Extensions
        description:
        environments:
          - file: environments/nova-nuage-config.yaml
            title: Nuage backend
            description: >
              Enables Nuage backend on the Compute
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Storage
    description:
    environment_groups:
      - title: Cinder backup service
        description:
        environments:
          - file: environments/cinder-backup.yaml
            title: Cinder backup service
            description: >
              OpenStack Cinder Backup service with Pacemaker configured
              with Puppet
            requires:
              - environments/puppet-pacemaker.yaml
              - overcloud-resource-registry-puppet.yaml
      - title: Cinder backend
        description: >
          Enable various Cinder backends
        environments:
          - file: environments/cinder-netapp-config.yaml
            title: Cinder NetApp backend
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/cinder-dellsc-config.yaml
            title: Cinder Dell EMC Storage Center ISCSI backend
            description: >
              Enables a Cinder Dell EMC Storage Center ISCSI backend,
              configured via puppet
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/cinder-hpelefthand-config.yaml
            title: Cinder HPELeftHandISCSI backend
            description: >
              Enables a Cinder HPELeftHandISCSI backend, configured
              via puppet
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/cinder-dellps-config.yaml
            title: Cinder Dell EMC PS Series backend
            description: >
              Enables a Cinder Dell EMC PS Series backend,
              configured via puppet
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/cinder-iser.yaml
            title: Cinder iSER backend
            description: >
              Enable a Cinder iSER RDMA backend, configured via puppet
          - file: environments/cinder-scaleio-config.yaml
            title: Cinder Dell EMC ScaleIO backend
            description: >
              Enables a Cinder Dell EMC ScaleIO backend,
              configured via puppet
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Ceph
        description: >
          Enable the use of Ceph in the overcloud
        environments:
          - file: environments/puppet-ceph-external.yaml
            title: Externally managed Ceph
            description: >
              Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
            requires:
              - overcloud-resource-registry-puppet.yaml
          - file: environments/puppet-ceph.yaml
            title: TripleO managed Ceph
            description: >
              Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
              use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
              colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: CephMDS
        description: >
          Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
          filesystems hosted in Ceph.
        environments:
          - file: environments/services/ceph-mds.yaml
            title: Deploys CephMDS
            description:
            requires:
              - environments/puppet-ceph.yaml
      - title: Ceph Rados Gateway
        description: >
          Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
          which stores data in the Ceph cluster.
        environments:
          - file: environments/ceph-radosgw.yaml
            title: Deploys CephRGW
            description:
            requires:
              - environments/puppet-ceph.yaml
      - title: Manila with CephFS
        description: >
          Deploys Manila and configures it with the CephFS driver. This requires the deployment of
          Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
        environments:
          - file: environments/manila-cephfsnative-config.yaml
            title: Deploys Manila with CephFS driver
            description: Deploys Manila and configures CephFS as its default backend.
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Storage Environment
        description: >
          Can be used to set up storage backends. Defaults to Ceph used as a
          backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It
          configures which services will use Ceph, or if any of the services
          will use NFS. And more. Usually requires to be edited by user first.
        tags:
          - no-gui
        environments:
          - file: environments/storage-environment.yaml
            title: Storage Environment
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Utilities
    description:
    environment_groups:
      - title: Config Debug
        description: Enable config management (e.g. Puppet) debugging
        environments:
          - file: environments/config-debug.yaml
            title: Config Debug
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Disable journal in MongoDb
        description: >
          Since, when journaling is enabled, MongoDb will create big journal
          file it can take time. In a CI environment for example journaling is
          not necessary.
        environments:
          - file: environments/mongodb-nojournal.yaml
            title: Disable journal in MongoDb
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Overcloud Steps
        description: >
          Specifies hooks/breakpoints where overcloud deployment should stop
          Allows operator validation between steps, and/or more granular control.
          Note: the wildcards relate to naming convention for some resource suffixes,
          e.g see puppet/*-post.yaml, enabling this will mean we wait for
          a user signal on every *Deployment_StepN resource defined in those files.
        tags:
          - no-gui
        environments:
          - file: environments/overcloud-steps.yaml
            title: Overcloud Steps
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Operational Tools
    description:
    environment_groups:
      - title: Monitoring agents
        description: Enable monitoring agents
        environments:
          - file: environments/monitoring-environment.yaml
            title: Enable monitoring agents
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Centralized logging support
        description: Enable centralized logging clients (fluentd)
        environments:
          - file: environments/logging-environment.yaml
            title: Enable fluentd client
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Performance monitoring
        description: Enable performance monitoring agents
        environments:
          - file: environments/collectd-environment.yaml
            title: Enable performance monitoring agents
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml

  - title: Security Options
    description: Security Hardening Options
    environment_groups:
      - title: SSH Banner Text
        description: Enables population of SSH Banner Text
        environments:
          - file: environments/sshd-banner.yaml
            title: SSH Banner Text
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Horizon Password Validation
        description: Enable Horizon Password validation
        environments:
          - file: environments/horizon_password_validation.yaml
            title: Horizon Password Validation
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: AuditD Rules
        description:  Management of AuditD rules
        environments:
          - file: environments/auditd.yaml
            title: AuditD Rule Management
            description:
            requires:
              - overcloud-resource-registry-puppet.yaml
      - title: Keystone CADF auditing
        description: Enable CADF notifications in Keystone for auditing
        environments:
          - file: environments/cadf.yaml
            title: Keystone CADF auditing
      - title: SecureTTY Values
        description: Set values within /etc/securetty
        environments:
          - file: environments/securetty.yaml
            title: SecureTTY Values