openstack/tripleo-heat-templates
Code Issues Proposed changes
04b4ec3866
tripleo-heat-templates/environments
History
Douglas Mendizábal 04b4ec3866 Identify HSMs using labels instead of Slot ID 
This patch adds support for two new options in barbican.conf for the
PKCS#11 backend plugin:  [p11_crypto]token_label and
[p11_crypto]token_serial_number by adding two new parameters
to the Barbican deployment BarbicanPkcs11CryptoTokenSerialNumber
and BarbicanPkcs11CryptoTokenLabel.

This patch also simplifies the use of barbican-manage to generate
the MKEK and PKEK in the HSM backend by using the values provided
in barbican.conf instead of duplicating them on the command line.

For the Thales Luna Network device, this patch uses the label
parameters to identify the partition to be used.  Because we are
using labels we no longer need to write the runtime generated
Slot ID of the HA group into hieradata.

Depends-On: I4e86e73bbdef0e16d3699cec1cc8f7e17dfb643b
Change-Id: Id05acb6516daa62279c9aade41256bcec7c5fce7
2020-11-30 14:11:10 +00:00
..
backup-and-restore Adding ReaR THT 2019-11-21 11:07:51 -03:00
ceph-ansible Add parameter and CI config to enable Ceph OTW encryption 2020-09-04 06:27:53 +00:00
composable-roles Specify multiple NtpServers by default 2018-12-04 08:31:55 -07:00
lifecycle Force CephAnsiblePlaybook to its default value on FFU prepare 2020-10-09 07:50:13 +00:00
messaging flatten qdrouterd service configs 2019-02-15 12:53:15 -07:00
metrics Merge "Add SendQueueLimit to collectd-amqp1" 2020-11-03 09:19:03 +00:00
predictable-placement Revert "Switch public endpoints to use FQDNs by default" 2018-05-16 21:45:42 +00:00
services Merge "Allow to configure vxlan network type for OVN" 2020-11-20 13:17:10 +00:00
services-baremetal Allow to configure vxlan network type for OVN 2020-11-19 10:52:05 +01:00
ssl Remove Sahara support 2020-10-19 09:39:36 +09:00
standalone Merge "Remove Sahara support" 2020-11-06 03:12:06 +00:00
storage Use container_file_t for Cinder*NfsMountOptions by default 2020-08-26 13:04:10 +02:00
undercloud Merge "Remove Sahara support" 2020-11-06 03:12:06 +00:00
updates Switch default neutron ML2 mechanism driver to OVN 2019-02-14 15:58:27 +01:00
veritas-hyperscale Move vpp, and veritas-hyperscale into deployment 2019-05-30 20:37:33 +00:00
auditd.yaml Move auditd, ca-cert, certmonger to deployment 2019-05-30 20:37:25 +00:00
barbican-backend-dogtag.yaml flatten the barbican service configurations 2019-02-18 08:06:21 -05:00
barbican-backend-kmip.yaml flatten the barbican service configurations 2019-02-18 08:06:21 -05:00
barbican-backend-pkcs11-atos.yaml flatten the barbican service configurations 2019-02-18 08:06:21 -05:00
barbican-backend-pkcs11-lunasa.yaml Identify HSMs using labels instead of Slot ID 2020-11-30 14:11:10 +00:00
barbican-backend-pkcs11-thales.yaml flatten the barbican service configurations 2019-02-18 08:06:21 -05:00
barbican-backend-pkcs11.yaml flatten the barbican service configurations 2019-02-18 08:06:21 -05:00
barbican-backend-simple-crypto.yaml flatten the barbican service configurations 2019-02-18 08:06:21 -05:00
cadf.yaml Enable keystone cadf notifications 2017-03-06 18:10:55 +01:00
cavium-liquidio.yaml Remove usage of RetryFilter 2020-08-28 21:06:30 +05:30
cinder-backup.yaml flatten cinder service configuration 2019-01-18 08:55:26 -05:00
cinder-dellemc-powerflex-config.yaml [PowerFlex/VxFlex OS] Fix typos in templates 2020-09-21 13:59:54 -05:00
cinder-dellemc-powermax-config.yaml Support for PowerMax Cinder Backend 2020-04-08 16:17:41 -05:00
cinder-dellemc-powerstore-config.yaml Support for PowerStore Cinder Backend 2020-07-29 16:52:08 -05:00
cinder-dellemc-sc-config.yaml Support for SC Cinder Backend 2020-05-01 10:33:32 -05:00
cinder-dellemc-unity-config.yaml flatten cinder service configuration 2019-01-18 08:55:26 -05:00
cinder-dellemc-vmax-iscsi-config.yaml Deprecating VMax Volume Config 2020-04-01 10:55:18 -05:00
cinder-dellemc-vnx-config.yaml flatten cinder service configuration 2019-01-18 08:55:26 -05:00
cinder-dellemc-vxflexos-config.yaml [PowerFlex/VxFlex OS] Fix typos in templates 2020-09-21 13:59:54 -05:00
cinder-dellemc-xtremio-config.yaml Support for Xtremio Cinder Backend 2020-05-01 10:22:12 -05:00
cinder-dellemc-xtremio-iscsi-config.yaml Deprecating Old Dell EMC Xtremio Iscsi Volume Config 2020-04-24 16:24:34 -05:00
cinder-dellsc-config.yaml Deprecating Old Dell SC Iscsi Volume Config 2020-04-24 16:26:13 -05:00
cinder-hpelefthand-config.yaml flatten cinder service configuration 2019-01-18 08:55:26 -05:00
cinder-iser.yaml Added support for pass-through iSER configuration 2016-09-23 09:51:41 -04:00
cinder-netapp-config.yaml Use container_file_t for Cinder*NfsMountOptions by default 2020-08-26 13:04:10 +02:00
cinder-nvmeof-config.yaml flatten cinder service configuration 2019-01-18 08:55:26 -05:00
cinder-pure-config.yaml Support deploying multiple Cinder Pure Storage backends 2019-09-13 07:36:42 -07:00
cinder-scaleio-config.yaml Deprecating Old ScaleIO Volume Config 2020-06-01 14:42:03 -05:00
cinder-volume-active-active.yaml Support cinder-volume running active-active 2019-03-04 14:58:51 -05:00
compute-instanceha.yaml Move compute-instanceha, neutron-ovn-dvr-ha to deployments 2019-05-30 20:37:36 +00:00
compute-real-time-example.yaml roles: Remove use of NovaVcpuPinSet from ComputeRealTime 2020-01-16 16:17:04 +00:00
computealt.yaml Remove all broken references to ./puppet/services 2020-08-06 08:50:51 +05:30
config-debug.yaml Deprecate EnablePaunch and remove Paunch support 2020-06-03 17:53:40 +00:00
container-image-prepare-debug.yaml Introduce ContainerImagePrepareDebug parameter 2019-02-14 09:06:33 -05:00
containerized-control-plane-dellemc-scaleio.yaml Containerized control plane with Dell EMC ScaleIO storage 2018-05-29 13:41:29 -04:00
dcn-hci.yaml Add NovaDisableImageDownloadToRbd parameter 2020-10-23 17:52:58 +01:00
dcn.yaml Add NovaDisableImageDownloadToRbd parameter 2020-10-23 17:52:58 +01:00
debug.yaml Add new environment for debug 2016-10-07 17:27:22 +00:00
deployed-server-deployed-neutron-ports.yaml Use static environment for deployed-server neutron mappings 2017-07-18 20:01:06 -04:00
deployed-server-environment.j2.yaml Make NetworkConfigWithAnsible parameter non-role specific 2020-10-15 19:41:27 +05:30
deployed-server-noop-ctlplane.yaml Add deployed server bootstrap to noop-ctlplane 2017-01-17 18:34:47 -05:00
designate-config-ha.yaml Split designate envs 2018-10-11 15:15:16 +00:00
designate-config.yaml Split designate envs 2018-10-11 15:15:16 +00:00
disable-paunch.yaml Deprecate EnablePaunch and remove Paunch support 2020-06-03 17:53:40 +00:00
disable-swift.yaml Introduce environments/disable-swift.yaml 2020-03-23 12:37:23 -04:00
disable-telemetry.yaml Disable legacy telemetry by default 2019-11-19 08:09:57 -05:00
docker-ha.yaml HA: ClusterFullTag naming convention by default 2020-10-28 16:12:16 +01:00
docker-network.yaml container ovs-agent, ensure br-ex exists 2017-08-28 19:47:16 +00:00
enable_tempest.yaml move tempest to deployment 2019-03-21 07:29:46 -04:00
enable-designate.yaml Add redis to designate environment 2020-09-29 12:38:33 +00:00
enable-federation-openidc.yaml add support for enabling oauth in keystone openidc integration 2019-07-02 10:21:36 -03:00
enable-legacy-telemetry.yaml Disable notification from services by default 2020-09-30 09:51:08 +09:00
enable-stf.yaml Merge "Add SendQueueLimit to collectd-amqp1" 2020-11-03 09:19:03 +00:00
enable-swap-partition.yaml Fix for AllNodesExtraConfig and fix environment files to create swap files/partitions 2017-01-16 15:47:50 +01:00
enable-swap.yaml Fix for AllNodesExtraConfig and fix environment files to create swap files/partitions 2017-01-16 15:47:50 +01:00
external-loadbalancer-vip-v6-all.yaml Disable haproxy when using external LB 2019-11-05 07:36:12 +10:00
external-loadbalancer-vip-v6.yaml Disable haproxy when using external LB 2019-11-05 07:36:12 +10:00
external-loadbalancer-vip.yaml Disable haproxy when using external LB 2019-11-05 07:36:12 +10:00
firewall.yaml firewall: make ExtraFirewallRules role specific 2020-10-01 01:43:06 +00:00
fixed-ip-vips-v6.yaml Give the OVN DBS service a separate Vip 2019-09-23 13:05:39 +00:00
fixed-ip-vips.yaml Give the OVN DBS service a separate Vip 2019-09-23 13:05:39 +00:00
horizon_password_validation.yaml Fix a spelling mistake 2018-09-15 14:42:07 +08:00
hyperconverged-ceph.yaml Switch to Podman by default 2020-03-18 09:27:36 -04:00
ips-from-pool-all.yaml Drop resource registry override in ip-from-pool 2020-03-12 18:44:44 +00:00
ips-from-pool-ctlplane.yaml Remove invalid comment in ips-from-pool-ctlplane 2018-12-10 10:14:27 -05:00
ips-from-pool.yaml Drop resource registry override in ip-from-pool 2020-03-12 18:44:44 +00:00
ipsec.yaml Remove extraconfig/services directory 2019-07-18 14:44:14 -04:00
logging-environment-rsyslog.yaml Rsyslog composable service 2019-07-18 15:41:28 +00:00
login-defs.yaml Use login-defs role from tripleo-ansible in sc004 2019-08-10 13:25:16 +03:00
low-memory-usage.yaml Remove Sahara support 2020-10-19 09:39:36 +09:00
manila-cephfsganesha-config.yaml Allow for configuration of the Manila CephFS backend with a remote Ceph 2019-07-19 08:31:02 +00:00
manila-cephfsnative-config.yaml Move Manila backends into deployment 2019-04-22 08:44:39 -04:00
manila-isilon-config.yaml Move Manila backends into deployment 2019-04-22 08:44:39 -04:00
manila-netapp-config.yaml Fix netapp deployment manifest 2019-05-30 16:03:55 -04:00
manila-unity-config.yaml Move Manila backends into deployment 2019-04-22 08:44:39 -04:00
manila-vmax-config.yaml Move Manila backends into deployment 2019-04-22 08:44:39 -04:00
manila-vnx-config.yaml Move Manila backends into deployment 2019-04-22 08:44:39 -04:00
multipathd.yaml Deploy multipathd using tripleo_multipathd ansible role 2020-10-22 06:07:15 -07:00
net-2-linux-bonds-with-vlans.j2.yaml Make NetworkConfigWithAnsible parameter non-role specific 2020-10-15 19:41:27 +05:30
net-bond-with-vlans-no-external.j2.yaml Fix comments in environments/net-* network configuration envs 2019-04-01 17:12:28 -07:00
net-bond-with-vlans.j2.yaml Make NetworkConfigWithAnsible parameter non-role specific 2020-10-15 19:41:27 +05:30
net-dpdkbond-with-vlans.j2.yaml Make NetworkConfigWithAnsible parameter non-role specific 2020-10-15 19:41:27 +05:30
net-multiple-nics-vlans.j2.yaml Make NetworkConfigWithAnsible parameter non-role specific 2020-10-15 19:41:27 +05:30
net-multiple-nics.j2.yaml Make NetworkConfigWithAnsible parameter non-role specific 2020-10-15 19:41:27 +05:30
net-noop.j2.yaml Use OS::Heat::None in place of net-config-noop.yaml 2020-10-02 12:41:23 +05:30
net-single-nic-linux-bridge-with-vlans.j2.yaml Make NetworkConfigWithAnsible parameter non-role specific 2020-10-15 19:41:27 +05:30
net-single-nic-with-vlans-no-external.j2.yaml Make NetworkConfigWithAnsible parameter non-role specific 2020-10-15 19:41:27 +05:30
net-single-nic-with-vlans.j2.yaml Make NetworkConfigWithAnsible parameter non-role specific 2020-10-15 19:41:27 +05:30
network-environment-v6-all.j2.yaml Update some more environments to use new ansible nic config 2020-10-27 15:30:10 +05:30
network-environment-v6.j2.yaml Update some more environments to use new ansible nic config 2020-10-27 15:30:10 +05:30
network-environment.j2.yaml Update some more environments to use new ansible nic config 2020-10-27 15:30:10 +05:30
network-isolation-no-tunneling.j2.yaml Give the OVN DBS service a separate Vip 2019-09-23 13:05:39 +00:00
network-isolation-v6-all.j2.yaml Deprecate service ipv6 params 2020-05-12 07:25:11 +00:00
network-isolation-v6.j2.yaml Deprecate service ipv6 params 2020-05-12 07:25:11 +00:00
network-isolation.j2.yaml Give the OVN DBS service a separate Vip 2019-09-23 13:05:39 +00:00
network-management-v6.yaml Fix networking settings for ObjectStorage role 2017-10-25 20:57:17 +02:00
network-management.yaml Fix networking settings for ObjectStorage role 2017-10-25 20:57:17 +02:00
networks-disable.j2.yaml Environment to disable Neutron networks 2018-01-24 20:59:14 -05:00
neutron-bgpvpn-bagpipe.yaml step3: flatten the neutron service configurations 2019-02-27 15:17:32 -05:00
neutron-bgpvpn.yaml step3: flatten the neutron service configurations 2019-02-27 15:17:32 -05:00
neutron-l2gw.yaml step3: flatten the neutron service configurations 2019-02-27 15:17:32 -05:00
neutron-linuxbridge.yaml Move neutron base, plugins to deployment 2019-05-13 10:05:46 -04:00
neutron-ml2-ansible.yaml Sync neutron-ml2-ansible.yaml files 2020-02-26 16:38:51 -03:30
neutron-ml2-bigswitch.yaml Move neutron base, plugins to deployment 2019-05-13 10:05:46 -04:00
neutron-ml2-cisco-vts.yaml Add cisco VTS ML2 template for a dockerized service and default environment settings 2018-02-20 21:11:19 +01:00
neutron-ml2-mlnx-sdn.yaml Added the ability to disable Mellanox SDN sync 2019-11-07 14:55:10 +02:00
neutron-ml2-vpp.yaml Move vpp, and veritas-hyperscale into deployment 2019-05-30 20:37:33 +00:00
neutron-nsx.yaml Remove Neutron LBaaS 2019-06-04 15:12:38 +02:00
neutron-nuage-config.yaml Rename NeutronMl2PluginBase TripleO service 2020-10-20 11:20:41 +10:00
neutron-ovs-dvr.yaml Merge "Rename NeutronMl2PluginBase TripleO service" 2020-10-24 00:08:46 +00:00
neutron-sfc.yaml step5: flatten the neutron service configurations 2019-02-28 10:24:51 -05:00
nonha-arch.yaml Deprecate Keepalived service 2020-05-05 10:16:52 -04:00
noop-deploy-steps.yaml Add noop-deploy-steps.yaml environment 2017-11-22 18:48:21 +00:00
nova-api-policy.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
nova-az-config.yaml Add OS::TripleO::NovaAZConfig 2019-04-15 17:46:22 -04:00
nova-nuage-config.yaml Remove Nova parameters that are no longer used 2020-03-28 22:07:33 +01:00
nsx-config.yaml step5: flatten the neutron service configurations 2019-02-28 10:24:51 -05:00
overcloud-baremetal.j2.yaml Consistent hostname format env for split-stack 2017-07-24 14:42:28 -04:00
overcloud-services.yaml Consistent hostname format env for split-stack 2017-07-24 14:42:28 -04:00
overcloud-steps.yaml Rename -puppet.yaml templates. 2015-09-22 08:30:01 -04:00
ovs-hw-offload.yaml Remove usage of RetryFilter 2020-08-28 21:06:30 +05:30
podman.yaml Remove mistral parameters from undercloud.yaml 2020-11-03 08:39:22 +05:30
public-tls-undercloud.yaml Add new parameter PublicTLSCACert 2020-06-25 09:31:00 -04:00
puppet-tenant-vlan.yaml Remove NeutronEnableTunnelling from templates 2016-08-12 20:46:38 -02:30
README.md Add a directory for overcloud heat environments 2015-05-15 12:28:00 +02:00
rhsm.yaml rhsm: add rhsm_release in environment for doc purpose 2020-05-22 19:03:10 +00:00
securetty.yaml Configure securetty using tripleo-ansible 2019-09-04 01:22:40 +00:00
split-stack-consistent-hostname-format.j2.yaml Consistent hostname format env for split-stack 2017-07-24 14:42:28 -04:00
sshd-banner.yaml SSHD Service extensions 2017-04-19 18:03:02 +01:00
stdout-logging.yaml Move glance logging templates to logging directory 2020-02-25 22:36:57 +09:00
storage-environment-external.yaml Disable legacy telemetry by default 2019-11-19 08:09:57 -05:00
storage-environment.yaml Use container_file_t for Cinder*NfsMountOptions by default 2020-08-26 13:04:10 +02:00
swift-external.yaml swift-external: deprecate External*Url 2019-12-09 18:19:51 -05:00
tripleo-validations.yaml Use tripleo-validations-package role instead of puppet 2019-08-26 08:56:35 +00:00
tuned-ceph-filestore-hci.yaml Add TunedCustomProfile parameter and HCI Ceph filestore environment 2018-12-10 22:26:06 +00:00
undercloud-enable-nova.yaml undercloud: disable placement api by default 2020-10-09 20:06:01 +00:00
undercloud.yaml Remove mistral parameters from undercloud.yaml 2020-11-03 08:39:22 +05:30
use-dns-for-vips.yaml Stop using puppet to configure VIPs in /etc/hosts 2016-11-27 13:20:33 -05:00

README.md

This directory contains Heat environment file snippets which can be used to enable features in the Overcloud.

Configuration

These can be enabled using the -e [path to environment yaml] option with heatclient.

Below is an example of how to enable the Ceph template using devtest_overcloud.sh:

export OVERCLOUD\_CUSTOM\_HEAT\_ENV=$TRIPLEO\_ROOT/tripleo-heat-templates/environments/ceph_devel.yaml