openstack/tripleo-heat-templates
Code Issues Proposed changes
0ba612d07d
tripleo-heat-templates/overcloud-resource-registry-puppet.j2.yaml
Alan Bishop 0ba612d07d Deploy separate glance-api services for OSSN-0090 
This patch adopts the recommendation outlined in  OSSN-0090 [1], in
which two instances of the glance-api service are deployed:
- A "user facing" glance-api service, accessible via the Public
  keystone endpoint.
- An "internal facing only" service, accessible via the Admin and
  Internal keystone endpoints.

The user facing instance is configured so it does not report any image
location information. This is achieved by configuring glance-api.conf
with the show_image_direct_url and show_multiple_locations set to False.

The internal service operates on a separate TCP port (defaults to 9293)
with its own glance-api.conf that configures show_image_direct_url and
show_multiple_locations set to True.

In order for cinder and nova to have access to the image location data,
both services are configured to access glance via the internal service.

[1] https://wiki.openstack.org/wiki/OSSN/OSSN-0090

stable/zed:
  Backports include I456b4235242cae125f5ad4cd9cc7415f2699462c, which
  fixed a typo in the original patch.

Closes-Bug: #1822540
Depends-On: https://review.opendev.org/c/openstack/puppet-tripleo/+/865874
Depends-On: https://review.opendev.org/c/openstack/tripleo-common/+/865873
Change-Id: Id093613f9d410eb3fe5564a724c0f75275eeb4e8
(cherry picked from commit d60969cb55)
2023-01-09 06:48:57 -08:00

519 lines
30 KiB
YAML
Raw Blame History

{% set _service_nets = {} %}
{% for network in networks if network.enabled|default(true) %}
{% if network.service_net_map_replace is defined %}
{% set _ = _service_nets.update({network.service_net_map_replace:network.name_lower}) %}
{% else %}
{% set _ = _service_nets.update({network.name_lower:network.name_lower}) %}
{% endif %}
{% endfor %}
resource_registry:
OS::Heat::SoftwareDeployment: config-download-software.yaml
OS::Heat::StructuredDeployment: config-download-structured.yaml
OS::TripleO::PostDeploySteps: common/post.yaml
OS::TripleO::AllNodesDeployment: OS::Heat::None
OS::TripleO::DefaultPasswords: OS::Heat::None
OS::TripleO::RandomString: OS::Heat::None
{% for role in roles %}
OS::TripleO::{{role.name}}::PreNetworkConfig: OS::Heat::None
OS::TripleO::{{role.name}}PostDeploySteps: common/post.yaml
OS::TripleO::{{role.name}}: puppet/{{role.name.lower()}}-role.yaml
OS::TripleO::Tasks::{{role.name}}PreConfig: OS::Heat::None
OS::TripleO::Tasks::{{role.name}}PostConfig: OS::Heat::None
OS::TripleO::{{role.name}}ExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml
# Port assignments for the {{role.name}} role
{%- for network in networks if network.enabled|default(true) and network.name in role.networks|default([]) %}
OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: network/ports/noop.yaml
{%- endfor %}
{% endfor %}
{% for role in roles %}
OS::TripleO::{{role.name}}ServiceServerMetadataHook: OS::Heat::None
{%- endfor %}
OS::TripleO::Server: deployed-server/deployed-server.yaml
OS::TripleO::DeployedServer::ControlPlanePort: deployed-server/deployed-neutron-port.yaml
{% for role in roles %}
OS::TripleO::{{role.name}}Server: OS::TripleO::Server
{% endfor %}
# Hooks for operator extra config
# ControllerExtraConfigPre == Controller configuration pre service deployment
# NodeExtraConfig == All nodes configuration pre service deployment
# NodeExtraConfigPost == All nodes configuration post service deployment
OS::TripleO::NodeTLSCAData: OS::Heat::None
OS::TripleO::NodeTLSData: OS::Heat::None
OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml
OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml
# "AllNodes" Extra cluster config, runs on all nodes prior to the post_deploy
# phase, e.g when puppet is applied, but after the pre_deploy phase. Useful when
# configuration with knowledge of all nodes in the cluster is required vs single
# node configuration in the pre_deploy step.
# See extraconfig/all_nodes/* for examples
OS::TripleO::AllNodesExtraConfig: OS::Heat::None
# TripleO overcloud networks
OS::TripleO::Network: network/networks.yaml
{%- for network in networks if network.enabled|default(true) %}
OS::TripleO::Network::{{network.name}}: OS::Heat::None
{%- endfor %}
OS::TripleO::Network::ExtraConfig: OS::Heat::None
OS::TripleO::Network::Ports::NetVipMap: network/ports/net_ip_map.yaml
OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml
OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml
OS::TripleO::Network::Ports::RedisVipPort: OS::Heat::None
OS::TripleO::Network::Ports::OVNDBsVipPort: OS::Heat::None
# Port assignments for the VIPs
{%- for network in networks if network.vip|default(false) and network.enabled|default(true) %}
OS::TripleO::Network::Ports::{{network.name}}VipPort: network/ports/noop.yaml
{%- endfor %}
OS::TripleO::Network::Ports::ControlPlaneVipPort: network/ports/deployed_vip_ctlplane.yaml
# Service to network Mappings
OS::TripleO::ServiceNetMap: network/service_net_map.yaml
# Service Endpoint Mappings
OS::TripleO::EndpointMap: network/endpoints/endpoint_map.yaml
OS::TripleO::DeployedServerEnvironment: OS::Heat::None
OS::TripleO::DeploymentSteps: OS::Heat::None
OS::TripleO::WorkflowSteps: OS::Heat::None
# services
{%- for role in roles %}
OS::TripleO::{{role.name}}Services: common/services/{{role.name.lower()}}-role.yaml
{%- endfor %}
OS::TripleO::Services::Aide: OS::Heat::None
OS::TripleO::Services::Apache: deployment/apache/apache-baremetal-puppet.yaml
OS::TripleO::Services::CACerts: deployment/certs/ca-certs-baremetal-ansible.yaml
OS::TripleO::Services::CephMds: OS::Heat::None
OS::TripleO::Services::CephMgr: OS::Heat::None
OS::TripleO::Services::CephMon: OS::Heat::None
OS::TripleO::Services::CephRbdMirror: OS::Heat::None
OS::TripleO::Services::CephRgw: OS::Heat::None
OS::TripleO::Services::CephOSD: OS::Heat::None
OS::TripleO::Services::CephGrafana: OS::Heat::None
OS::TripleO::Services::CephClient: OS::Heat::None
OS::TripleO::Services::CephNfs: OS::Heat::None
OS::TripleO::Services::CephExternal: OS::Heat::None
OS::TripleO::Services::CephIngress: OS::Heat::None
OS::TripleO::Services::CinderApi: deployment/cinder/cinder-api-container-puppet.yaml
OS::TripleO::Services::CinderBackup: OS::Heat::None
# NFS Backend is still optional unless it is explicitly enabled, this is just a separate template.
# This is done in order to retain the legacy behavior, and avoid accidental problems when doing an update.
OS::TripleO::Services::CinderBackendNfs: deployment/cinder/cinder-backend-nfs-puppet.yaml
OS::TripleO::Services::CinderScheduler: deployment/cinder/cinder-scheduler-container-puppet.yaml
OS::TripleO::Services::CinderVolume: deployment/cinder/cinder-volume-pacemaker-puppet.yaml
# BlockStorageCinderVolume uses the non-pcmk cinder-volume template
OS::TripleO::Services::BlockStorageCinderVolume: deployment/cinder/cinder-volume-container-puppet.yaml
OS::TripleO::Services::Keystone: deployment/keystone/keystone-container-puppet.yaml
OS::TripleO::Services::GlanceApi: deployment/glance/glance-api-container-puppet.yaml
OS::TripleO::Services::GlanceApiInternal: deployment/glance/glance-api-internal-container-puppet.yaml
OS::TripleO::Services::HeatApi: deployment/heat/heat-api-container-puppet.yaml
OS::TripleO::Services::HeatApiCfn: deployment/heat/heat-api-cfn-container-puppet.yaml
OS::TripleO::Services::HeatEngine: deployment/heat/heat-engine-container-puppet.yaml
OS::TripleO::Services::HeatEphemeral: OS::Heat::None
OS::TripleO::Services::Kernel: deployment/kernel/kernel-baremetal-ansible.yaml
OS::TripleO::Services::MySQL: deployment/database/mysql-pacemaker-puppet.yaml
OS::TripleO::Services::NeutronBgpVpnApi: OS::Heat::None
OS::TripleO::Services::NeutronBgpVpnBagpipe: OS::Heat::None
OS::TripleO::Services::NeutronSfcApi: OS::Heat::None
OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
OS::TripleO::Services::NeutronL2gwApi: OS::Heat::None
OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::OVNMetadataAgent: deployment/ovn/ovn-metadata-container-puppet.yaml
OS::TripleO::Services::NeutronApi: deployment/neutron/neutron-api-container-puppet.yaml
OS::TripleO::Services::NeutronCorePlugin: deployment/neutron/neutron-plugin-ml2-container-puppet.yaml
# can be the same as NeutronCorePlugin but some vendors install different
# things where VMs run
OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
# Neutron Core Plugin Vendors (these typically override NeutronCorePlugin)
OS::TripleO::Services::OVNDBs: deployment/ovn/ovn-dbs-cluster-ansible.yaml
OS::TripleO::Services::OVNController: deployment/ovn/ovn-controller-container-puppet.yaml
OS::TripleO::Services::OvsDpdkNetcontrold: OS::Heat::None
OS::TripleO::Services::NeutronCorePluginMLNXSDN: deployment/neutron/neutron-plugin-ml2-mlnx-sdn-assist-container-puppet.yaml
OS::TripleO::Services::NeutronCorePluginVTS: deployment/neutron/neutron-plugin-ml2-cisco-vts-container-puppet.yaml
OS::TripleO::Services::NeutronCorePluginML2Ansible: deployment/deprecated/neutron/neutron-plugin-ml2-ansible-container-puppet.yaml
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::NeutronLinuxbridgeAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsDpdk: OS::Heat::None
OS::TripleO::Services::Pacemaker: deployment/pacemaker/pacemaker-baremetal-puppet.yaml
OS::TripleO::Services::PacemakerRemote: deployment/pacemaker/pacemaker-remote-baremetal-puppet.yaml
OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None
OS::TripleO::Services::NeutronMlnxAgent: OS::Heat::None
OS::TripleO::Services::NeutronAgentsIBConfig: OS::Heat::None
OS::TripleO::Services::OsloMessagingRpc: deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml
OS::TripleO::Services::OsloMessagingNotify: deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml
OS::TripleO::Services::RabbitMQ: OS::Heat::None
OS::TripleO::Services::Qdr: OS::Heat::None
OS::TripleO::Services::HAproxy: deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::HAProxyPublicTLS: deployment/haproxy/haproxy-public-tls-inject.yaml
OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None
OS::TripleO::Services::Iscsid: deployment/iscsid/iscsid-container-puppet.yaml
OS::TripleO::Services::Memcached: deployment/memcached/memcached-container-puppet.yaml
OS::TripleO::Services::Tuned: deployment/tuned/tuned-baremetal-ansible.yaml
OS::TripleO::Services::Securetty: OS::Heat::None
# TODO(aschultz): Remove this in U as we switched to a task in the deploy
OS::TripleO::Services::SELinux: OS::Heat::None
OS::TripleO::Services::Sshd: deployment/sshd/sshd-baremetal-ansible.yaml
OS::TripleO::Services::Redis: OS::Heat::None
OS::TripleO::Services::NovaApi: deployment/nova/nova-api-container-puppet.yaml
OS::TripleO::Services::NovaCompute: deployment/nova/nova-compute-container-puppet.yaml
OS::TripleO::Services::NovaConductor: deployment/nova/nova-conductor-container-puppet.yaml
OS::TripleO::Services::NovaLibvirt: deployment/nova/nova-modular-libvirt-container-puppet.yaml
OS::TripleO::Services::NovaLibvirtGuests: deployment/nova/nova-libvirt-guests-container-puppet.yaml
OS::TripleO::Services::NovaManager: deployment/nova/nova-manager-container-puppet.yaml
OS::TripleO::Services::NovaMetadata: deployment/nova/nova-metadata-container-puppet.yaml
OS::TripleO::Services::NovaMigrationTarget: deployment/nova/nova-migration-target-container-puppet.yaml
OS::TripleO::Services::PlacementApi: deployment/placement/placement-api-container-puppet.yaml
OS::TripleO::Services::NovaScheduler: deployment/nova/nova-scheduler-container-puppet.yaml
OS::TripleO::Services::NovaVncProxy: deployment/nova/nova-vnc-proxy-container-puppet.yaml
OS::TripleO::Services::NovaAZConfig: OS::Heat::None
OS::TripleO::Services::ContainersLogrotateCrond: deployment/logrotate/logrotate-crond-container-puppet.yaml
OS::TripleO::Services::SwiftProxy: deployment/swift/swift-proxy-container-puppet.yaml
OS::TripleO::Services::SwiftDispersion: OS::Heat::None
OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None
OS::TripleO::Services::SwiftStorage: deployment/swift/swift-storage-container-puppet.yaml
OS::TripleO::Services::SwiftRingBuilder: deployment/swift/swift-ringbuilder-container-puppet.yaml
OS::TripleO::Services::Snmp: deployment/snmp/snmpd-disabled-puppet.yaml
OS::TripleO::Services::Timezone: deployment/time/timezone-baremetal-ansible.yaml
OS::TripleO::Services::UndercloudRemoveNovajoin: OS::Heat::None
OS::TripleO::Services::UndercloudTLS: OS::Heat::None
OS::TripleO::Services::CeilometerAgentCentral: OS::Heat::None
OS::TripleO::Services::CeilometerAgentIpmi: OS::Heat::None
OS::TripleO::Services::CeilometerAgentNotification: OS::Heat::None
OS::TripleO::Services::ComputeCeilometerAgent: OS::Heat::None
OS::TripleO::Services::Horizon: deployment/horizon/horizon-container-puppet.yaml
#Gnocchi services
OS::TripleO::Services::GnocchiApi: OS::Heat::None
OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
OS::TripleO::Services::GnocchiStatsd: OS::Heat::None
# Time sync services
OS::TripleO::Services::Chrony: deployment/timesync/chrony-baremetal-ansible.yaml
OS::TripleO::Services::Ptp: OS::Heat::None
OS::TripleO::Services::Timesync: OS::TripleO::Services::Chrony
OS::TripleO::Services::TimeMaster: deployment/timemaster/timemaster-baremetal-ansible.yaml
# Services that are disabled by default (use relevant environment files):
OS::TripleO::Services::IpaClient: OS::Heat::None
OS::TripleO::Services::Ipsec: OS::Heat::None
OS::TripleO::Services::Rhsm: OS::Heat::None
OS::TripleO::Services::MasqueradeNetworks: OS::Heat::None
OS::TripleO::Services::TripleoValidations: OS::Heat::None
OS::TripleO::Services::UndercloudUpgrade: OS::Heat::None
OS::TripleO::Services::Collectd: OS::Heat::None
OS::TripleO::Services::ManilaApi: OS::Heat::None
OS::TripleO::Services::ManilaScheduler: OS::Heat::None
OS::TripleO::Services::ManilaShare: OS::Heat::None
OS::TripleO::Services::ManilaBackendFlashBlade: OS::Heat::None
OS::TripleO::Services::ManilaBackendIsilon: OS::Heat::None
OS::TripleO::Services::ManilaBackendNetapp: OS::Heat::None
OS::TripleO::Services::ManilaBackendPowerMax: OS::Heat::None
OS::TripleO::Services::ManilaBackendUnity: OS::Heat::None
OS::TripleO::Services::ManilaBackendVMAX: OS::Heat::None
OS::TripleO::Services::ManilaBackendCephFs: OS::Heat::None
OS::TripleO::Services::ManilaBackendVNX: OS::Heat::None
OS::TripleO::Services::ComputeNeutronL3Agent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::BarbicanApi: OS::Heat::None
OS::TripleO::Services::BarbicanBackendSimpleCrypto: OS::Heat::None
OS::TripleO::Services::BarbicanBackendDogtag: OS::Heat::None
OS::TripleO::Services::BarbicanBackendKmip: OS::Heat::None
OS::TripleO::Services::BarbicanBackendPkcs11Crypto: OS::Heat::None
OS::TripleO::Services::BarbicanClient: OS::Heat::None
OS::TripleO::Services::AodhApi: OS::Heat::None
OS::TripleO::Services::AodhEvaluator: OS::Heat::None
OS::TripleO::Services::AodhListener: OS::Heat::None
OS::TripleO::Services::AodhNotifier: OS::Heat::None
OS::TripleO::Services::MetricsQdr: OS::Heat::None
OS::TripleO::Services::IronicApi: OS::Heat::None
OS::TripleO::Services::IronicConductor: OS::Heat::None
OS::TripleO::Services::IronicInspector: OS::Heat::None
OS::TripleO::Services::IronicPxe: OS::Heat::None
OS::TripleO::Services::IronicNeutronAgent: OS::Heat::None
OS::TripleO::Services::NovaIronic: OS::Heat::None
OS::TripleO::Services::TripleoFirewall: deployment/tripleo-firewall/tripleo-firewall-baremetal-ansible.yaml
OS::TripleO::Services::TripleoPackages: deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml
OS::TripleO::Services::OpenStackClients: OS::Heat::None
OS::TripleO::Services::TLSProxyBase: OS::Heat::None
OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCSc: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCPowerFlex: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCPowermax: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCPowerStore: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCUnity: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCVNX: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCXtremio: OS::Heat::None
OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None
OS::TripleO::Services::CinderBackendPure: OS::Heat::None
OS::TripleO::Services::CinderBackendNVMeOF: OS::Heat::None
OS::TripleO::Services::CinderVolumeEdge: OS::Heat::None
OS::TripleO::Services::Etcd: OS::Heat::None
OS::TripleO::Services::AuditD: OS::Heat::None
OS::TripleO::Services::OctaviaApi: OS::Heat::None
OS::TripleO::Services::OctaviaHealthManager: OS::Heat::None
OS::TripleO::Services::OctaviaHousekeeping: OS::Heat::None
OS::TripleO::Services::OctaviaWorker: OS::Heat::None
OS::TripleO::Services::OctaviaDeploymentConfig: OS::Heat::None
OS::TripleO::Services::MySQLClient: deployment/database/mysql-client.yaml
OS::TripleO::Services::Vpp: OS::Heat::None
OS::TripleO::Services::NeutronVppAgent: OS::Heat::None
OS::TripleO::Services::Podman: deployment/podman/podman-baremetal-ansible.yaml
OS::TripleO::Services::Docker: OS::Heat::None
OS::TripleO::Services::DockerRegistry: OS::Heat::None
OS::TripleO::Services::ContainerImagePrepare: deployment/container-image-prepare/container-image-prepare-baremetal-ansible.yaml
# TODO(xek): Remove this in Y as we switched to requesting certificates inside the relevant service's templates with ansible
OS::TripleO::Services::CertmongerUser: OS::Heat::None
OS::TripleO::Services::Clustercheck: deployment/pacemaker/clustercheck-container-puppet.yaml
OS::TripleO::Services::Rsyslog: OS::Heat::None
OS::TripleO::Services::RsyslogSidecar: OS::Heat::None
OS::TripleO::Services::LoginDefs: OS::Heat::None
OS::TripleO::Services::ComputeInstanceHA: OS::Heat::None
OS::TripleO::Services::DesignateApi: OS::Heat::None
OS::TripleO::Services::DesignateCentral: OS::Heat::None
OS::TripleO::Services::DesignateProducer: OS::Heat::None
OS::TripleO::Services::DesignateWorker: OS::Heat::None
OS::TripleO::Services::DesignateMDNS: OS::Heat::None
OS::TripleO::Services::DesignateSink: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
OS::TripleO::Services::NeutronMl2PluginBase: deployment/neutron/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::Multipathd: OS::Heat::None
OS::TripleO::Services::GlanceApiEdge: OS::Heat::None
OS::TripleO::Services::HAproxyEdge: OS::Heat::None
OS::TripleO::Services::Frr: OS::Heat::None
OS::TripleO::Services::Unbound: OS::Heat::None
# Logging
OS::TripleO::Services::Tmpwatch: deployment/logrotate/tmpwatch-install.yaml
OS::TripleO::Services::Logging::BarbicanApi: deployment/logging/files/barbican-api.yaml
OS::TripleO::Services::Logging::GlanceApi: deployment/logging/files/glance-api.yaml
OS::TripleO::Services::Logging::HAProxy: deployment/logging/files/haproxy.yaml
OS::TripleO::Services::Logging::HeatApi: deployment/logging/files/heat-api.yaml
OS::TripleO::Services::Logging::HeatApiCfn: deployment/logging/files/heat-api-cfn.yaml
OS::TripleO::Services::Logging::HeatEngine: deployment/logging/files/heat-engine.yaml
OS::TripleO::Services::Logging::Keystone: deployment/logging/files/keystone.yaml
OS::TripleO::Services::Logging::NeutronApi: deployment/logging/files/neutron-api.yaml
OS::TripleO::Services::Logging::NeutronCommon: deployment/logging/files/neutron-common.yaml
OS::TripleO::Services::Logging::NovaApi: deployment/logging/files/nova-api.yaml
OS::TripleO::Services::Logging::NovaMetadata: deployment/logging/files/nova-metadata.yaml
OS::TripleO::Services::Logging::NovaCommon: deployment/logging/files/nova-common.yaml
OS::TripleO::Services::Logging::NovaLibvirt: deployment/logging/files/nova-libvirt.yaml
OS::TripleO::Services::Logging::PlacementApi: deployment/logging/files/placement-api.yaml
# Tempest
OS::TripleO::Services::Tempest: OS::Heat::None
OS::TripleO::Services::BootParams: deployment/kernel/kernel-boot-params-baremetal-ansible.yaml
parameter_merge_strategies:
ServiceNetMap: merge
VipSubnetMap: merge
EndpointMap: merge
SshServerOptions: merge
ExtraConfig: merge
{% for role in roles %}
{{role.name}}Parameters: merge
{{role.name}}ExtraConfig: merge
{% endfor %}
parameter_defaults:
NeutronMechanismDrivers: ovn
ContainerCli: podman
EnablePackageInstall: true
SoftwareConfigTransport: POLL_SERVER_HEAT
OVNIntegrationBridge: br-int
ExtraConfig: {}
{% for role in roles %}
# Parameters generated for {{role.name}} Role
{{role.name}}Services: {{role.ServicesDefault|default([])}}
{{role.name}}Parameters: {}
{{role.name}}ExtraConfig: {}
{% endfor %}
ServiceNetMap:
ApacheNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
NeutronTenantNetwork: {{ _service_nets.get('tenant', 'ctlplane') }}
AodhApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
BarbicanApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
GnocchiApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
MongodbNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
CinderApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
CinderIscsiNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
GlanceApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
GlanceApiEdgeNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
GlanceApiInternalNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
IronicApiNetwork: ctlplane
IronicNetwork: ctlplane
IronicInspectorNetwork: ctlplane
KeystoneAdminApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
KeystonePublicApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
ManilaApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
NeutronApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
OctaviaApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
HeatApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
HeatApiCfnNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
NovaApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
PlacementNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
NovaMetadataNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
NovaLibvirtNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
SwiftStorageNetwork: {{ _service_nets.get('storage_mgmt', 'ctlplane') }}
SwiftProxyNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
HorizonNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
MemcachedNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
OsloMessagingRpcNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
OsloMessagingNotifyNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
RabbitmqNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
RabbitmqManagementNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
QdrNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
RedisNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
# Guest VMs use GaneshaNetwork and can not reach ctlplane network,
# so default to external when storage_nfs is not available.
GaneshaNetwork: {{ _service_nets.get('storage_nfs', _service_nets.get('external', 'ctlplane')) }}
MysqlNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
SnmpdNetwork: ctlplane
CephClusterNetwork: {{ _service_nets.get('storage_mgmt', 'ctlplane') }}
CephDashboardNetwork: {{ _service_nets.get('storage_dashboard', 'ctlplane') }}
CephGrafanaNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
CephIngressNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
CephMonNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
CephRgwNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
PublicNetwork: {{ _service_nets.get('external', 'ctlplane') }}
InternalApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
OpendaylightApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
OvnDbsNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
DockerRegistryNetwork: ctlplane
PacemakerNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
PacemakerRemoteNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
DesignateApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
DesignateMdnsNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
DesignateWorkerNetwork: {{ _service_nets.get('external', 'ctlplane') }}
DesignateBindNetwork: {{ _service_nets.get('external', 'ctlplane') }}
BINDNetwork: {{ _service_nets.get('external', 'ctlplane') }}
EtcdNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
# HaproxyNetwork currently only controls the haproxy.stats network binding
HaproxyNetwork: ctlplane
UnboundNetwork: {{ _service_nets.get('external', 'ctlplane') }}
# We special-case the default ResolveNetwork and MetricsQdrNetwork for the Ceph roles
# for backwards compatibility, all other roles default to internal_api
{%- for role in roles %}
{%- if 'ceph' in role.tags|default([]) %}
{{role.name}}HostnameResolveNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
{{role.name}}MetricsQdrNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
{%- else %}
{{role.name}}HostnameResolveNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
{{role.name}}MetricsQdrNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
{%- endif %}
{%- endfor %}
VipSubnetMap:
ctlplane: ctlplane-subnet
{%- for network in networks if network.vip|default(false) %}
{{network.name}}: {{network.name_lower}}_subnet
{%- endfor %}
redis: {{ _service_nets.get('internal_api', 'ctlplane') }}_subnet
ovn_dbs: {{ _service_nets.get('internal_api', 'ctlplane') }}_subnet
EndpointMap:
AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS}
AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS}
AodhPublic: {protocol: http, port: '8042', host: IP_ADDRESS}
BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS}
BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS}
BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS}
CephDashboardInternal: {protocol: http, port: '8444', host: IP_ADDRESS}
CephGrafanaInternal: {protocol: http, port: '3100', host: IP_ADDRESS}
CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
CephRgwPublic: {protocol: http, port: '8080', host: IP_ADDRESS}
CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS}
CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS}
CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS}
DesignateAdmin: {protocol: 'http', port: '9001', host: IP_ADDRESS}
DesignateInternal: {protocol: 'http', port: '9001', host: IP_ADDRESS}
DesignatePublic: {protocol: 'http', port: '9001', host: IP_ADDRESS}
DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS}
GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS}
GlanceAdmin: {protocol: http, port: '9293', host: IP_ADDRESS}
GlanceInternal: {protocol: http, port: '9293', host: IP_ADDRESS}
GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS}
GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS}
GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS}
GnocchiPublic: {protocol: http, port: '8041', host: IP_ADDRESS}
HeatAdmin: {protocol: http, port: '8004', host: IP_ADDRESS}
HeatInternal: {protocol: http, port: '8004', host: IP_ADDRESS}
HeatPublic: {protocol: http, port: '8004', host: IP_ADDRESS}
HeatCfnAdmin: {protocol: http, port: '8000', host: IP_ADDRESS}
HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS}
HeatCfnPublic: {protocol: http, port: '8000', host: IP_ADDRESS}
HorizonPublic: {protocol: http, port: '80', host: IP_ADDRESS}
IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS}
IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS}
IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS}
IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS}
IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS}
IronicInspectorPublic: {protocol: http, port: '5050', host: IP_ADDRESS}
KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS}
KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS}
KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS}
ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS}
ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS}
ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS}
MetricsQdrPublic: {protocol: 'amqp', port: '5666', host: IP_ADDRESS}
MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS}
NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS}
NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS}
NeutronPublic: {protocol: http, port: '9696', host: IP_ADDRESS}
NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS}
NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS}
NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS}
NovaMetadataInternal: {protocol: http, port: '8775', host: IP_ADDRESS}
PlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS}
PlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS}
PlacementPublic: {protocol: http, port: '8778', host: IP_ADDRESS}
NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS}
NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS}
NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS}
OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS}
OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS}
OctaviaPublic: {protocol: http, port: '9876', host: IP_ADDRESS}
SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS}
SshServerOptions:
HostKey:
- '/etc/ssh/ssh_host_rsa_key'
- '/etc/ssh/ssh_host_ecdsa_key'
- '/etc/ssh/ssh_host_ed25519_key'
SyslogFacility: 'AUTHPRIV'
AuthorizedKeysFile: '.ssh/authorized_keys'
ChallengeResponseAuthentication: 'no'
GSSAPIAuthentication: 'no'
GSSAPICleanupCredentials: 'no'
UsePAM: 'yes'
UseDNS: 'no'
X11Forwarding: 'yes'
AcceptEnv:
- 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
- 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
- 'LC_IDENTIFICATION LC_ALL LANGUAGE'
- 'XMODIFIERS'
Subsystem: 'sftp /usr/libexec/openssh/sftp-server'
View Git Blame Copy Permalink