{% set _service_nets = {} %} {% for network in networks if network.enabled|default(true) %} {% if network.service_net_map_replace is defined %} {% set _ = _service_nets.update({network.service_net_map_replace:network.name_lower}) %} {% else %} {% set _ = _service_nets.update({network.name_lower:network.name_lower}) %} {% endif %} {% endfor %} resource_registry: OS::Heat::SoftwareDeployment: config-download-software.yaml OS::Heat::StructuredDeployment: config-download-structured.yaml OS::TripleO::PostDeploySteps: common/post.yaml OS::TripleO::AllNodesDeployment: OS::Heat::None OS::TripleO::DefaultPasswords: OS::Heat::None OS::TripleO::RandomString: OS::Heat::None {% for role in roles %} OS::TripleO::{{role.name}}::PreNetworkConfig: OS::Heat::None OS::TripleO::{{role.name}}PostDeploySteps: common/post.yaml OS::TripleO::{{role.name}}: puppet/{{role.name.lower()}}-role.yaml OS::TripleO::Tasks::{{role.name}}PreConfig: OS::Heat::None OS::TripleO::Tasks::{{role.name}}PostConfig: OS::Heat::None OS::TripleO::{{role.name}}ExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml OS::TripleO::{{role.name}}::Net::SoftwareConfig: OS::Heat::None # Port assignments for the {{role.name}} role {%- for network in networks if network.enabled|default(true) and network.name in role.networks|default([]) %} OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: network/ports/noop.yaml {%- endfor %} {% endfor %} {% for role in roles %} OS::TripleO::{{role.name}}ServiceServerMetadataHook: OS::Heat::None {%- endfor %} OS::TripleO::Server: OS::Nova::Server {% for role in roles %} OS::TripleO::{{role.name}}Server: OS::TripleO::Server {% endfor %} # This creates the "heat-admin" user for all OS images by default # To disable, replace with firstboot/userdata_default.yaml OS::TripleO::NodeAdminUserData: firstboot/userdata_heat_admin.yaml # This bootstraps the timesync configuration for any subsequent deployment # operations. To disable, replace with firstboot/userdata_default.yaml OS::TripleO::NodeTimesyncUserData: firstboot/userdata_timesync.yaml # Hooks for operator extra config # NodeUserData == Cloud-init additional user-data, e.g cloud-config # role::NodeUserData == Role specific cloud-init additional user-data # ControllerExtraConfigPre == Controller configuration pre service deployment # NodeExtraConfig == All nodes configuration pre service deployment # NodeExtraConfigPost == All nodes configuration post service deployment OS::TripleO::NodeUserData: firstboot/userdata_default.yaml {% for role in roles %} OS::TripleO::{{role.name}}::NodeUserData: firstboot/userdata_default.yaml {% endfor %} OS::TripleO::NodeTLSCAData: OS::Heat::None OS::TripleO::NodeTLSData: OS::Heat::None OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml # "AllNodes" Extra cluster config, runs on all nodes prior to the post_deploy # phase, e.g when puppet is applied, but after the pre_deploy phase. Useful when # configuration with knowledge of all nodes in the cluster is required vs single # node configuration in the pre_deploy step. # See extraconfig/all_nodes/* for examples OS::TripleO::AllNodesExtraConfig: OS::Heat::None # TripleO overcloud networks OS::TripleO::Network: network/networks.yaml {%- for network in networks if network.enabled|default(true) %} OS::TripleO::Network::{{network.name}}: OS::Heat::None {%- endfor %} OS::TripleO::Network::ExtraConfig: OS::Heat::None OS::TripleO::Network::Ports::NetVipMap: network/ports/net_ip_map.yaml OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml OS::TripleO::Network::Ports::RedisVipPort: OS::Heat::None OS::TripleO::Network::Ports::OVNDBsVipPort: OS::Heat::None # Port assignments for the VIPs {%- for network in networks if network.vip|default(false) and network.enabled|default(true) %} OS::TripleO::Network::Ports::{{network.name}}VipPort: network/ports/noop.yaml {%- endfor %} OS::TripleO::Network::Ports::ControlPlaneVipPort: OS::Neutron::Port # Service to network Mappings OS::TripleO::ServiceNetMap: network/service_net_map.yaml # Service Endpoint Mappings OS::TripleO::EndpointMap: network/endpoints/endpoint_map.yaml OS::TripleO::DeployedServerEnvironment: OS::Heat::None OS::TripleO::DeploymentSteps: OS::Heat::None OS::TripleO::WorkflowSteps: OS::Heat::None # services {%- for role in roles %} OS::TripleO::{{role.name}}Services: common/services/{{role.name.lower()}}-role.yaml {%- endfor %} OS::TripleO::Services::Aide: OS::Heat::None OS::TripleO::Services::Apache: deployment/apache/apache-baremetal-puppet.yaml OS::TripleO::Services::CACerts: deployment/certs/ca-certs-baremetal-puppet.yaml OS::TripleO::Services::CephMds: OS::Heat::None OS::TripleO::Services::CephMgr: OS::Heat::None OS::TripleO::Services::CephMon: OS::Heat::None OS::TripleO::Services::CephRbdMirror: OS::Heat::None OS::TripleO::Services::CephRgw: OS::Heat::None OS::TripleO::Services::CephOSD: OS::Heat::None OS::TripleO::Services::CephGrafana: OS::Heat::None OS::TripleO::Services::CephClient: OS::Heat::None OS::TripleO::Services::CephNfs: OS::Heat::None OS::TripleO::Services::CephExternal: OS::Heat::None OS::TripleO::Services::CephIngress: OS::Heat::None OS::TripleO::Services::CinderApi: deployment/cinder/cinder-api-container-puppet.yaml OS::TripleO::Services::CinderBackup: OS::Heat::None OS::TripleO::Services::CinderScheduler: deployment/cinder/cinder-scheduler-container-puppet.yaml OS::TripleO::Services::CinderVolume: deployment/cinder/cinder-volume-pacemaker-puppet.yaml # BlockStorageCinderVolume uses the non-pcmk cinder-volume template OS::TripleO::Services::BlockStorageCinderVolume: deployment/cinder/cinder-volume-container-puppet.yaml OS::TripleO::Services::Keystone: deployment/keystone/keystone-container-puppet.yaml OS::TripleO::Services::GlanceApi: deployment/glance/glance-api-container-puppet.yaml OS::TripleO::Services::HeatApi: deployment/heat/heat-api-container-puppet.yaml OS::TripleO::Services::HeatApiCfn: deployment/heat/heat-api-cfn-container-puppet.yaml OS::TripleO::Services::HeatEngine: deployment/heat/heat-engine-container-puppet.yaml OS::TripleO::Services::HeatEphemeral: OS::Heat::None OS::TripleO::Services::Kernel: deployment/kernel/kernel-baremetal-ansible.yaml OS::TripleO::Services::MySQL: deployment/database/mysql-pacemaker-puppet.yaml OS::TripleO::Services::NeutronBgpVpnApi: OS::Heat::None OS::TripleO::Services::NeutronBgpVpnBagpipe: OS::Heat::None OS::TripleO::Services::NeutronSfcApi: OS::Heat::None OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None OS::TripleO::Services::NeutronL2gwApi: OS::Heat::None OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::OVNMetadataAgent: deployment/ovn/ovn-metadata-container-puppet.yaml OS::TripleO::Services::NeutronApi: deployment/neutron/neutron-api-container-puppet.yaml OS::TripleO::Services::NeutronCorePlugin: deployment/neutron/neutron-plugin-ml2-container-puppet.yaml # can be the same as NeutronCorePlugin but some vendors install different # things where VMs run OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None # Neutron Core Plugin Vendors (these typically override NeutronCorePlugin) OS::TripleO::Services::NeutronCorePluginML2OVN: deployment/neutron/neutron-plugin-ml2-ovn.yaml OS::TripleO::Services::NeutronCorePluginNSX: deployment/neutron/neutron-plugin-nsx-container-puppet.yaml OS::TripleO::Services::OVNDBs: deployment/ovn/ovn-dbs-pacemaker-puppet.yaml OS::TripleO::Services::OVNController: deployment/ovn/ovn-controller-container-puppet.yaml OS::TripleO::Services::OvsDpdkNetcontrold: OS::Heat::None OS::TripleO::Services::NeutronCorePluginMLNXSDN: deployment/neutron/neutron-plugin-ml2-mlnx-sdn-assist-container-puppet.yaml OS::TripleO::Services::NeutronCorePluginVTS: deployment/neutron/neutron-plugin-ml2-cisco-vts-container-puppet.yaml OS::TripleO::Services::NeutronCorePluginML2Ansible: deployment/deprecated/neutron/neutron-plugin-ml2-ansible-container-puppet.yaml OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::NeutronLinuxbridgeAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsDpdk: OS::Heat::None OS::TripleO::Services::Pacemaker: deployment/pacemaker/pacemaker-baremetal-puppet.yaml OS::TripleO::Services::PacemakerRemote: deployment/pacemaker/pacemaker-remote-baremetal-puppet.yaml OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None OS::TripleO::Services::NeutronMlnxAgent: OS::Heat::None OS::TripleO::Services::NeutronAgentsIBConfig: OS::Heat::None OS::TripleO::Services::OsloMessagingRpc: deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml OS::TripleO::Services::OsloMessagingNotify: deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml OS::TripleO::Services::RabbitMQ: OS::Heat::None OS::TripleO::Services::Qdr: OS::Heat::None OS::TripleO::Services::HAproxy: deployment/haproxy/haproxy-pacemaker-puppet.yaml OS::TripleO::Services::HAProxyPublicTLS: deployment/haproxy/haproxy-public-tls-inject.yaml OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None OS::TripleO::Services::Iscsid: deployment/iscsid/iscsid-container-puppet.yaml OS::TripleO::Services::Memcached: deployment/memcached/memcached-container-puppet.yaml OS::TripleO::Services::Tuned: deployment/tuned/tuned-baremetal-ansible.yaml OS::TripleO::Services::Securetty: OS::Heat::None # TODO(aschultz): Remove this in U as we switched to a task in the deploy OS::TripleO::Services::SELinux: OS::Heat::None OS::TripleO::Services::Sshd: deployment/sshd/sshd-baremetal-ansible.yaml OS::TripleO::Services::Redis: OS::Heat::None OS::TripleO::Services::NovaApi: deployment/nova/nova-api-container-puppet.yaml OS::TripleO::Services::NovaCompute: deployment/nova/nova-compute-container-puppet.yaml OS::TripleO::Services::NovaConductor: deployment/nova/nova-conductor-container-puppet.yaml OS::TripleO::Services::NovaLibvirt: deployment/nova/nova-modular-libvirt-container-puppet.yaml OS::TripleO::Services::NovaLibvirtGuests: deployment/nova/nova-libvirt-guests-container-puppet.yaml OS::TripleO::Services::NovaManager: deployment/nova/nova-manager-container-puppet.yaml OS::TripleO::Services::NovaMetadata: deployment/nova/nova-metadata-container-puppet.yaml OS::TripleO::Services::NovaMigrationTarget: deployment/nova/nova-migration-target-container-puppet.yaml OS::TripleO::Services::NovaPlacement: OS::Heat::None OS::TripleO::Services::PlacementApi: deployment/placement/placement-api-container-puppet.yaml OS::TripleO::Services::NovaScheduler: deployment/nova/nova-scheduler-container-puppet.yaml OS::TripleO::Services::NovaVncProxy: deployment/nova/nova-vnc-proxy-container-puppet.yaml OS::TripleO::Services::NovaAZConfig: OS::Heat::None OS::TripleO::Services::ContainersLogrotateCrond: deployment/logrotate/logrotate-crond-container-puppet.yaml OS::TripleO::Services::SwiftProxy: deployment/swift/swift-proxy-container-puppet.yaml OS::TripleO::Services::SwiftDispersion: OS::Heat::None OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None OS::TripleO::Services::SwiftStorage: deployment/swift/swift-storage-container-puppet.yaml OS::TripleO::Services::SwiftRingBuilder: deployment/swift/swift-ringbuilder-container-puppet.yaml OS::TripleO::Services::Snmp: deployment/snmp/snmp-baremetal-puppet.yaml OS::TripleO::Services::Timezone: deployment/time/timezone-baremetal-ansible.yaml OS::TripleO::Services::UndercloudRemoveNovajoin: OS::Heat::None OS::TripleO::Services::UndercloudTLS: OS::Heat::None OS::TripleO::Services::CeilometerAgentCentral: OS::Heat::None OS::TripleO::Services::CeilometerAgentIpmi: OS::Heat::None OS::TripleO::Services::CeilometerAgentNotification: OS::Heat::None OS::TripleO::Services::ComputeCeilometerAgent: OS::Heat::None OS::TripleO::Services::Horizon: deployment/horizon/horizon-container-puppet.yaml #Gnocchi services OS::TripleO::Services::GnocchiApi: OS::Heat::None OS::TripleO::Services::GnocchiMetricd: OS::Heat::None OS::TripleO::Services::GnocchiStatsd: OS::Heat::None # Drop Xinetd OS::TripleO::Services::Xinetd: OS::Heat::None # Time sync services OS::TripleO::Services::Chrony: deployment/timesync/chrony-baremetal-ansible.yaml OS::TripleO::Services::Ptp: OS::Heat::None OS::TripleO::Services::Timesync: OS::TripleO::Services::Chrony OS::TripleO::Services::TimeMaster: deployment/timemaster/timemaster-baremetal-ansible.yaml # Services that are disabled by default (use relevant environment files): OS::TripleO::Services::IpaClient: OS::Heat::None OS::TripleO::Services::Ipsec: OS::Heat::None OS::TripleO::Services::Rhsm: OS::Heat::None OS::TripleO::Services::MasqueradeNetworks: OS::Heat::None OS::TripleO::Services::TripleoValidations: OS::Heat::None OS::TripleO::Services::UndercloudUpgrade: OS::Heat::None OS::TripleO::Services::Collectd: OS::Heat::None OS::TripleO::Services::ManilaApi: OS::Heat::None OS::TripleO::Services::ManilaScheduler: OS::Heat::None OS::TripleO::Services::ManilaShare: OS::Heat::None OS::TripleO::Services::ManilaBackendFlashBlade: OS::Heat::None OS::TripleO::Services::ManilaBackendIsilon: OS::Heat::None OS::TripleO::Services::ManilaBackendNetapp: OS::Heat::None OS::TripleO::Services::ManilaBackendPowerMax: OS::Heat::None OS::TripleO::Services::ManilaBackendUnity: OS::Heat::None OS::TripleO::Services::ManilaBackendVMAX: OS::Heat::None OS::TripleO::Services::ManilaBackendCephFs: OS::Heat::None OS::TripleO::Services::ManilaBackendVNX: OS::Heat::None OS::TripleO::Services::ComputeNeutronL3Agent: OS::Heat::None OS::TripleO::Services::ComputeNeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::BarbicanApi: OS::Heat::None OS::TripleO::Services::BarbicanBackendSimpleCrypto: OS::Heat::None OS::TripleO::Services::BarbicanBackendDogtag: OS::Heat::None OS::TripleO::Services::BarbicanBackendKmip: OS::Heat::None OS::TripleO::Services::BarbicanBackendPkcs11Crypto: OS::Heat::None OS::TripleO::Services::BarbicanClient: OS::Heat::None OS::TripleO::Services::AodhApi: OS::Heat::None OS::TripleO::Services::AodhEvaluator: OS::Heat::None OS::TripleO::Services::AodhListener: OS::Heat::None OS::TripleO::Services::AodhNotifier: OS::Heat::None OS::TripleO::Services::MetricsQdr: OS::Heat::None OS::TripleO::Services::IronicApi: OS::Heat::None OS::TripleO::Services::IronicConductor: OS::Heat::None OS::TripleO::Services::IronicInspector: OS::Heat::None OS::TripleO::Services::IronicPxe: OS::Heat::None OS::TripleO::Services::IronicNeutronAgent: OS::Heat::None OS::TripleO::Services::NovaIronic: OS::Heat::None OS::TripleO::Services::TripleoFirewall: deployment/tripleo-firewall/tripleo-firewall-baremetal-ansible.yaml OS::TripleO::Services::TripleoPackages: deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml OS::TripleO::Services::OpenStackClients: OS::Heat::None OS::TripleO::Services::TLSProxyBase: OS::Heat::None OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None OS::TripleO::Services::CinderBackendDellEMCSc: OS::Heat::None OS::TripleO::Services::CinderBackendDellEMCPowerFlex: OS::Heat::None OS::TripleO::Services::CinderBackendDellEMCPowermax: OS::Heat::None OS::TripleO::Services::CinderBackendDellEMCPowerStore: OS::Heat::None OS::TripleO::Services::CinderBackendDellEMCUnity: OS::Heat::None OS::TripleO::Services::CinderBackendDellEMCVNX: OS::Heat::None OS::TripleO::Services::CinderBackendDellEMCXtremio: OS::Heat::None OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None OS::TripleO::Services::CinderBackendPure: OS::Heat::None OS::TripleO::Services::CinderBackendNVMeOF: OS::Heat::None OS::TripleO::Services::CinderVolumeEdge: OS::Heat::None OS::TripleO::Services::Etcd: OS::Heat::None OS::TripleO::Services::AuditD: OS::Heat::None OS::TripleO::Services::OctaviaApi: OS::Heat::None OS::TripleO::Services::OctaviaHealthManager: OS::Heat::None OS::TripleO::Services::OctaviaHousekeeping: OS::Heat::None OS::TripleO::Services::OctaviaWorker: OS::Heat::None OS::TripleO::Services::OctaviaDeploymentConfig: OS::Heat::None OS::TripleO::Services::MySQLClient: deployment/database/mysql-client.yaml OS::TripleO::Services::Vpp: OS::Heat::None OS::TripleO::Services::NeutronVppAgent: OS::Heat::None OS::TripleO::Services::Podman: deployment/podman/podman-baremetal-ansible.yaml OS::TripleO::Services::Docker: OS::Heat::None OS::TripleO::Services::DockerRegistry: OS::Heat::None OS::TripleO::Services::ContainerImagePrepare: deployment/container-image-prepare/container-image-prepare-baremetal-ansible.yaml # TODO(xek): Remove this in Y as we switched to requesting certificates inside the relevant service's templates with ansible OS::TripleO::Services::CertmongerUser: OS::Heat::None OS::TripleO::Services::Clustercheck: deployment/pacemaker/clustercheck-container-puppet.yaml OS::TripleO::Services::Rsyslog: OS::Heat::None OS::TripleO::Services::RsyslogSidecar: OS::Heat::None OS::TripleO::Services::LoginDefs: OS::Heat::None OS::TripleO::Services::ComputeInstanceHA: OS::Heat::None OS::TripleO::Services::DesignateApi: OS::Heat::None OS::TripleO::Services::DesignateCentral: OS::Heat::None OS::TripleO::Services::DesignateProducer: OS::Heat::None OS::TripleO::Services::DesignateWorker: OS::Heat::None OS::TripleO::Services::DesignateMDNS: OS::Heat::None OS::TripleO::Services::DesignateSink: OS::Heat::None OS::TripleO::Services::DesignateBind: OS::Heat::None OS::TripleO::Services::NeutronMl2PluginBase: deployment/neutron/neutron-plugin-ml2-ovn.yaml OS::TripleO::Services::Multipathd: OS::Heat::None OS::TripleO::Services::GlanceApiEdge: OS::Heat::None OS::TripleO::Services::HAproxyEdge: OS::Heat::None OS::TripleO::Services::Frr: OS::Heat::None OS::TripleO::Services::Unbound: OS::Heat::None # Logging OS::TripleO::Services::Tmpwatch: deployment/logrotate/tmpwatch-install.yaml OS::TripleO::Services::Logging::BarbicanApi: deployment/logging/files/barbican-api.yaml OS::TripleO::Services::Logging::GlanceApi: deployment/logging/files/glance-api.yaml OS::TripleO::Services::Logging::HAProxy: deployment/logging/files/haproxy.yaml OS::TripleO::Services::Logging::HeatApi: deployment/logging/files/heat-api.yaml OS::TripleO::Services::Logging::HeatApiCfn: deployment/logging/files/heat-api-cfn.yaml OS::TripleO::Services::Logging::HeatEngine: deployment/logging/files/heat-engine.yaml OS::TripleO::Services::Logging::Keystone: deployment/logging/files/keystone.yaml OS::TripleO::Services::Logging::NeutronApi: deployment/logging/files/neutron-api.yaml OS::TripleO::Services::Logging::NeutronCommon: deployment/logging/files/neutron-common.yaml OS::TripleO::Services::Logging::NovaApi: deployment/logging/files/nova-api.yaml OS::TripleO::Services::Logging::NovaMetadata: deployment/logging/files/nova-metadata.yaml OS::TripleO::Services::Logging::NovaCommon: deployment/logging/files/nova-common.yaml OS::TripleO::Services::Logging::NovaLibvirt: deployment/logging/files/nova-libvirt.yaml OS::TripleO::Services::Logging::PlacementApi: deployment/logging/files/placement-api.yaml # Tempest OS::TripleO::Services::Tempest: OS::Heat::None OS::TripleO::Services::BootParams: deployment/kernel/kernel-boot-params-baremetal-ansible.yaml parameter_merge_strategies: ServiceNetMap: merge VipSubnetMap: merge EndpointMap: merge SshServerOptions: merge ExtraConfig: merge {% for role in roles %} {{role.name}}Parameters: merge {{role.name}}ExtraConfig: merge {% endfor %} parameter_defaults: NeutronMechanismDrivers: ovn ContainerCli: podman EnablePackageInstall: false SoftwareConfigTransport: POLL_SERVER_HEAT OVNIntegrationBridge: br-int ExtraConfig: {} {% for role in roles %} # Parameters generated for {{role.name}} Role {{role.name}}Services: {{role.ServicesDefault|default([])}} {{role.name}}Parameters: {} {{role.name}}ExtraConfig: {} {% endfor %} ServiceNetMap: ApacheNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} NeutronTenantNetwork: {{ _service_nets.get('tenant', 'ctlplane') }} AodhApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} BarbicanApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} GnocchiApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} MongodbNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} CinderApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} CinderIscsiNetwork: {{ _service_nets.get('storage', 'ctlplane') }} GlanceApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} GlanceApiEdgeNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} IronicApiNetwork: ctlplane IronicNetwork: ctlplane IronicInspectorNetwork: ctlplane KeystoneAdminApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} KeystonePublicApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} ManilaApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} NeutronApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} OctaviaApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} HeatApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} HeatApiCfnNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} NovaApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} PlacementNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} NovaMetadataNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} NovaLibvirtNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} SwiftStorageNetwork: {{ _service_nets.get('storage_mgmt', 'ctlplane') }} SwiftProxyNetwork: {{ _service_nets.get('storage', 'ctlplane') }} HorizonNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} MemcachedNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} OsloMessagingRpcNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} OsloMessagingNotifyNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} RabbitmqNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} RabbitmqManagementNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} QdrNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} RedisNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} # Guest VMs use GaneshaNetwork and connot reach ctlplane network, # so default to external when storage_nfs is not available. GaneshaNetwork: {{ _service_nets.get('storage_nfs', _service_nets.get('external', 'ctlplane')) }} MysqlNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} SnmpdNetwork: ctlplane CephClusterNetwork: {{ _service_nets.get('storage_mgmt', 'ctlplane') }} CephDashboardNetwork: {{ _service_nets.get('storage_dashboard', 'ctlplane') }} CephGrafanaNetwork: {{ _service_nets.get('storage', 'ctlplane') }} CephIngressNetwork: {{ _service_nets.get('storage', 'ctlplane') }} CephMonNetwork: {{ _service_nets.get('storage', 'ctlplane') }} CephRgwNetwork: {{ _service_nets.get('storage', 'ctlplane') }} PublicNetwork: {{ _service_nets.get('external', 'ctlplane') }} InternalApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} OpendaylightApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} OvnDbsNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} DockerRegistryNetwork: ctlplane PacemakerNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} PacemakerRemoteNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} DesignateApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} DesignateMdnsNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} DesignateBindNetwork: {{ _service_nets.get('external', 'ctlplane') }} BINDNetwork: {{ _service_nets.get('external', 'ctlplane') }} EtcdNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} # HaproxyNetwork currently only controls the haproxy.stats network binding HaproxyNetwork: ctlplane UnboundNetwork: {{ _service_nets.get('external', 'ctlplane') }} # We special-case the default ResolveNetwork and MetricsQdrNetwork for the Ceph roles # for backwards compatibility, all other roles default to internal_api {%- for role in roles %} {%- if 'ceph' in role.tags|default([]) %} {{role.name}}HostnameResolveNetwork: {{ _service_nets.get('storage', 'ctlplane') }} {{role.name}}MetricsQdrNetwork: {{ _service_nets.get('storage', 'ctlplane') }} {%- else %} {{role.name}}HostnameResolveNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} {{role.name}}MetricsQdrNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }} {%- endif %} {%- endfor %} VipSubnetMap: ctlplane: ctlplane-subnet {%- for network in networks if network.vip|default(false) %} {{network.name}}: {{network.name_lower}}_subnet {%- endfor %} redis: {{ _service_nets.get('internal_api', 'ctlplane') }}_subnet ovn_dbs: {{ _service_nets.get('internal_api', 'ctlplane') }}_subnet EndpointMap: AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS} AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS} AodhPublic: {protocol: http, port: '8042', host: IP_ADDRESS} BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS} BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS} BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS} CephDashboardInternal: {protocol: http, port: '8444', host: IP_ADDRESS} CephGrafanaInternal: {protocol: http, port: '3100', host: IP_ADDRESS} CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS} CephRgwPublic: {protocol: http, port: '8080', host: IP_ADDRESS} CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS} CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS} CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS} DesignateAdmin: {protocol: 'http', port: '9001', host: IP_ADDRESS} DesignateInternal: {protocol: 'http', port: '9001', host: IP_ADDRESS} DesignatePublic: {protocol: 'http', port: '9001', host: IP_ADDRESS} DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS} GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS} GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS} GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS} GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS} GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS} GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS} GnocchiPublic: {protocol: http, port: '8041', host: IP_ADDRESS} HeatAdmin: {protocol: http, port: '8004', host: IP_ADDRESS} HeatInternal: {protocol: http, port: '8004', host: IP_ADDRESS} HeatPublic: {protocol: http, port: '8004', host: IP_ADDRESS} HeatCfnAdmin: {protocol: http, port: '8000', host: IP_ADDRESS} HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS} HeatCfnPublic: {protocol: http, port: '8000', host: IP_ADDRESS} HorizonPublic: {protocol: http, port: '80', host: IP_ADDRESS} IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS} IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS} IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS} IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS} IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS} IronicInspectorPublic: {protocol: http, port: '5050', host: IP_ADDRESS} KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS} KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS} KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS} ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS} ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS} ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS} MetricsQdrPublic: {protocol: 'amqp', port: '5666', host: IP_ADDRESS} MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS} NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS} NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS} NeutronPublic: {protocol: http, port: '9696', host: IP_ADDRESS} NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS} NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS} NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS} NovaMetadataInternal: {protocol: http, port: '8775', host: IP_ADDRESS} PlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS} PlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS} PlacementPublic: {protocol: http, port: '8778', host: IP_ADDRESS} NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS} OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS} OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS} OctaviaPublic: {protocol: http, port: '9876', host: IP_ADDRESS} SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS} SshServerOptions: HostKey: - '/etc/ssh/ssh_host_rsa_key' - '/etc/ssh/ssh_host_ecdsa_key' - '/etc/ssh/ssh_host_ed25519_key' SyslogFacility: 'AUTHPRIV' AuthorizedKeysFile: '.ssh/authorized_keys' ChallengeResponseAuthentication: 'no' GSSAPIAuthentication: 'no' GSSAPICleanupCredentials: 'no' UsePAM: 'yes' UseDNS: 'no' X11Forwarding: 'yes' AcceptEnv: - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES' - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT' - 'LC_IDENTIFICATION LC_ALL LANGUAGE' - 'XMODIFIERS' Subsystem: 'sftp /usr/libexec/openssh/sftp-server'