0ba612d07d
This patch adopts the recommendation outlined in OSSN-0090 [1], in
which two instances of the glance-api service are deployed:
- A "user facing" glance-api service, accessible via the Public
keystone endpoint.
- An "internal facing only" service, accessible via the Admin and
Internal keystone endpoints.
The user facing instance is configured so it does not report any image
location information. This is achieved by configuring glance-api.conf
with the show_image_direct_url and show_multiple_locations set to False.
The internal service operates on a separate TCP port (defaults to 9293)
with its own glance-api.conf that configures show_image_direct_url and
show_multiple_locations set to True.
In order for cinder and nova to have access to the image location data,
both services are configured to access glance via the internal service.
[1] https://wiki.openstack.org/wiki/OSSN/OSSN-0090
stable/zed:
Backports include I456b4235242cae125f5ad4cd9cc7415f2699462c, which
fixed a typo in the original patch.
Closes-Bug: #1822540
Depends-On: https://review.opendev.org/c/openstack/puppet-tripleo/+/865874
Depends-On: https://review.opendev.org/c/openstack/tripleo-common/+/865873
Change-Id: Id093613f9d410eb3fe5564a724c0f75275eeb4e8
(cherry picked from commit d60969cb55
)
406 lines
16 KiB
YAML
406 lines
16 KiB
YAML
###############################################################################
|
|
# File generated by TripleO
|
|
###############################################################################
|
|
###############################################################################
|
|
# Role: Controller #
|
|
###############################################################################
|
|
- name: Controller
|
|
description: |
|
|
Controller role that has all the controller services loaded and handles
|
|
Database, Messaging and Network functions.
|
|
CountDefault: 1
|
|
tags:
|
|
- primary
|
|
- controller
|
|
# Create external Neutron bridge for SNAT (and floating IPs when using
|
|
# ML2/OVS without DVR)
|
|
- external_bridge
|
|
networks:
|
|
External:
|
|
subnet: external_subnet
|
|
InternalApi:
|
|
subnet: internal_api_subnet
|
|
Storage:
|
|
subnet: storage_subnet
|
|
StorageMgmt:
|
|
subnet: storage_mgmt_subnet
|
|
Tenant:
|
|
subnet: tenant_subnet
|
|
# For systems with both IPv4 and IPv6, you may specify a gateway network for
|
|
# each, such as ['ControlPlane', 'External']
|
|
default_route_networks: ['External']
|
|
HostnameFormatDefault: '%stackname%-controller-%index%'
|
|
RoleParametersDefault:
|
|
OVNCMSOptions: "enable-chassis-as-gw"
|
|
# Deprecated & backward-compatible values (FIXME: Make parameters consistent)
|
|
# Set uses_deprecated_params to True if any deprecated params are used.
|
|
uses_deprecated_params: True
|
|
deprecated_param_extraconfig: 'controllerExtraConfig'
|
|
update_serial: 1
|
|
ServicesDefault:
|
|
- OS::TripleO::Services::Aide
|
|
- OS::TripleO::Services::AodhApi
|
|
- OS::TripleO::Services::AodhEvaluator
|
|
- OS::TripleO::Services::AodhListener
|
|
- OS::TripleO::Services::AodhNotifier
|
|
- OS::TripleO::Services::AuditD
|
|
- OS::TripleO::Services::BarbicanApi
|
|
- OS::TripleO::Services::BarbicanBackendSimpleCrypto
|
|
- OS::TripleO::Services::BarbicanBackendDogtag
|
|
- OS::TripleO::Services::BarbicanBackendKmip
|
|
- OS::TripleO::Services::BarbicanBackendPkcs11Crypto
|
|
- OS::TripleO::Services::BootParams
|
|
- OS::TripleO::Services::CACerts
|
|
- OS::TripleO::Services::CeilometerAgentCentral
|
|
- OS::TripleO::Services::CeilometerAgentNotification
|
|
- OS::TripleO::Services::CephClient
|
|
- OS::TripleO::Services::CephExternal
|
|
- OS::TripleO::Services::CephGrafana
|
|
- OS::TripleO::Services::CephIngress
|
|
- OS::TripleO::Services::CephMds
|
|
- OS::TripleO::Services::CephMgr
|
|
- OS::TripleO::Services::CephMon
|
|
- OS::TripleO::Services::CephNfs
|
|
- OS::TripleO::Services::CephRbdMirror
|
|
- OS::TripleO::Services::CephRgw
|
|
- OS::TripleO::Services::CinderApi
|
|
- OS::TripleO::Services::CinderBackendDellSc
|
|
- OS::TripleO::Services::CinderBackendDellEMCPowerFlex
|
|
- OS::TripleO::Services::CinderBackendDellEMCPowermax
|
|
- OS::TripleO::Services::CinderBackendDellEMCPowerStore
|
|
- OS::TripleO::Services::CinderBackendDellEMCSc
|
|
- OS::TripleO::Services::CinderBackendDellEMCUnity
|
|
- OS::TripleO::Services::CinderBackendDellEMCVNX
|
|
- OS::TripleO::Services::CinderBackendDellEMCXtremio
|
|
- OS::TripleO::Services::CinderBackendNetApp
|
|
- OS::TripleO::Services::CinderBackendNfs
|
|
- OS::TripleO::Services::CinderBackendPure
|
|
- OS::TripleO::Services::CinderBackendNVMeOF
|
|
- OS::TripleO::Services::CinderBackup
|
|
- OS::TripleO::Services::CinderScheduler
|
|
- OS::TripleO::Services::CinderVolume
|
|
- OS::TripleO::Services::Clustercheck
|
|
- OS::TripleO::Services::Collectd
|
|
- OS::TripleO::Services::ContainerImagePrepare
|
|
- OS::TripleO::Services::DesignateApi
|
|
- OS::TripleO::Services::DesignateCentral
|
|
- OS::TripleO::Services::DesignateProducer
|
|
- OS::TripleO::Services::DesignateWorker
|
|
- OS::TripleO::Services::DesignateMDNS
|
|
- OS::TripleO::Services::DesignateSink
|
|
- OS::TripleO::Services::DesignateBind
|
|
- OS::TripleO::Services::Etcd
|
|
- OS::TripleO::Services::ExternalSwiftProxy
|
|
- OS::TripleO::Services::Frr
|
|
- OS::TripleO::Services::GlanceApi
|
|
- OS::TripleO::Services::GlanceApiInternal
|
|
- OS::TripleO::Services::GnocchiApi
|
|
- OS::TripleO::Services::GnocchiMetricd
|
|
- OS::TripleO::Services::GnocchiStatsd
|
|
- OS::TripleO::Services::HAproxy
|
|
- OS::TripleO::Services::HeatApi
|
|
- OS::TripleO::Services::HeatApiCfn
|
|
- OS::TripleO::Services::HeatEngine
|
|
- OS::TripleO::Services::Horizon
|
|
- OS::TripleO::Services::IpaClient
|
|
- OS::TripleO::Services::Ipsec
|
|
- OS::TripleO::Services::IronicApi
|
|
- OS::TripleO::Services::IronicConductor
|
|
- OS::TripleO::Services::IronicInspector
|
|
- OS::TripleO::Services::IronicPxe
|
|
- OS::TripleO::Services::IronicNeutronAgent
|
|
- OS::TripleO::Services::Iscsid
|
|
- OS::TripleO::Services::Kernel
|
|
- OS::TripleO::Services::Keystone
|
|
- OS::TripleO::Services::LoginDefs
|
|
- OS::TripleO::Services::ManilaApi
|
|
- OS::TripleO::Services::ManilaBackendCephFs
|
|
- OS::TripleO::Services::ManilaBackendFlashBlade
|
|
- OS::TripleO::Services::ManilaBackendIsilon
|
|
- OS::TripleO::Services::ManilaBackendNetapp
|
|
- OS::TripleO::Services::ManilaBackendPowerMax
|
|
- OS::TripleO::Services::ManilaBackendUnity
|
|
- OS::TripleO::Services::ManilaBackendVNX
|
|
- OS::TripleO::Services::ManilaBackendVMAX
|
|
- OS::TripleO::Services::ManilaScheduler
|
|
- OS::TripleO::Services::ManilaShare
|
|
- OS::TripleO::Services::Memcached
|
|
- OS::TripleO::Services::MetricsQdr
|
|
- OS::TripleO::Services::Multipathd
|
|
- OS::TripleO::Services::MySQL
|
|
- OS::TripleO::Services::MySQLClient
|
|
- OS::TripleO::Services::NeutronApi
|
|
- OS::TripleO::Services::NeutronBgpVpnApi
|
|
- OS::TripleO::Services::NeutronSfcApi
|
|
- OS::TripleO::Services::NeutronCorePlugin
|
|
- OS::TripleO::Services::NeutronDhcpAgent
|
|
- OS::TripleO::Services::NeutronL2gwAgent
|
|
- OS::TripleO::Services::NeutronL2gwApi
|
|
- OS::TripleO::Services::NeutronL3Agent
|
|
- OS::TripleO::Services::NeutronLinuxbridgeAgent
|
|
- OS::TripleO::Services::NeutronMetadataAgent
|
|
- OS::TripleO::Services::NeutronOvsAgent
|
|
- OS::TripleO::Services::NeutronVppAgent
|
|
- OS::TripleO::Services::NeutronAgentsIBConfig
|
|
- OS::TripleO::Services::NovaApi
|
|
- OS::TripleO::Services::NovaConductor
|
|
- OS::TripleO::Services::NovaIronic
|
|
- OS::TripleO::Services::NovaMetadata
|
|
- OS::TripleO::Services::NovaScheduler
|
|
- OS::TripleO::Services::NovaVncProxy
|
|
- OS::TripleO::Services::ContainersLogrotateCrond
|
|
- OS::TripleO::Services::OctaviaApi
|
|
- OS::TripleO::Services::OctaviaDeploymentConfig
|
|
- OS::TripleO::Services::OctaviaHealthManager
|
|
- OS::TripleO::Services::OctaviaHousekeeping
|
|
- OS::TripleO::Services::OctaviaWorker
|
|
- OS::TripleO::Services::OpenStackClients
|
|
- OS::TripleO::Services::OVNDBs
|
|
- OS::TripleO::Services::OVNController
|
|
- OS::TripleO::Services::Pacemaker
|
|
- OS::TripleO::Services::PlacementApi
|
|
- OS::TripleO::Services::OsloMessagingRpc
|
|
- OS::TripleO::Services::OsloMessagingNotify
|
|
- OS::TripleO::Services::Podman
|
|
- OS::TripleO::Services::Redis
|
|
- OS::TripleO::Services::Rhsm
|
|
- OS::TripleO::Services::Rsyslog
|
|
- OS::TripleO::Services::RsyslogSidecar
|
|
- OS::TripleO::Services::Securetty
|
|
- OS::TripleO::Services::Snmp
|
|
- OS::TripleO::Services::Sshd
|
|
- OS::TripleO::Services::SwiftProxy
|
|
- OS::TripleO::Services::SwiftDispersion
|
|
- OS::TripleO::Services::SwiftRingBuilder
|
|
- OS::TripleO::Services::SwiftStorage
|
|
- OS::TripleO::Services::Timesync
|
|
- OS::TripleO::Services::Timezone
|
|
- OS::TripleO::Services::TripleoFirewall
|
|
- OS::TripleO::Services::TripleoPackages
|
|
- OS::TripleO::Services::Tuned
|
|
- OS::TripleO::Services::Unbound
|
|
- OS::TripleO::Services::Vpp
|
|
###############################################################################
|
|
# Role: Compute #
|
|
###############################################################################
|
|
- name: Compute
|
|
description: |
|
|
Basic Compute Node role
|
|
CountDefault: 1
|
|
# Create external Neutron bridge (unset if using ML2/OVS without DVR)
|
|
tags:
|
|
- compute
|
|
- external_bridge
|
|
networks:
|
|
InternalApi:
|
|
subnet: internal_api_subnet
|
|
Tenant:
|
|
subnet: tenant_subnet
|
|
Storage:
|
|
subnet: storage_subnet
|
|
HostnameFormatDefault: '%stackname%-novacompute-%index%'
|
|
RoleParametersDefault:
|
|
FsAioMaxNumber: 1048576
|
|
TunedProfileName: "virtual-host"
|
|
# Deprecated & backward-compatible values (FIXME: Make parameters consistent)
|
|
# Set uses_deprecated_params to True if any deprecated params are used.
|
|
# These deprecated_params only need to be used for existing roles and not for
|
|
# composable roles.
|
|
uses_deprecated_params: True
|
|
deprecated_param_extraconfig: 'NovaComputeExtraConfig'
|
|
deprecated_param_metadata: 'NovaComputeServerMetadata'
|
|
deprecated_param_ips: 'NovaComputeIPs'
|
|
deprecated_server_resource_name: 'NovaCompute'
|
|
update_serial: 25
|
|
ServicesDefault:
|
|
- OS::TripleO::Services::Aide
|
|
- OS::TripleO::Services::AuditD
|
|
- OS::TripleO::Services::BootParams
|
|
- OS::TripleO::Services::CACerts
|
|
- OS::TripleO::Services::CephClient
|
|
- OS::TripleO::Services::CephExternal
|
|
- OS::TripleO::Services::Collectd
|
|
- OS::TripleO::Services::ComputeCeilometerAgent
|
|
- OS::TripleO::Services::ComputeNeutronCorePlugin
|
|
- OS::TripleO::Services::ComputeNeutronL3Agent
|
|
- OS::TripleO::Services::ComputeNeutronMetadataAgent
|
|
- OS::TripleO::Services::ComputeNeutronOvsAgent
|
|
- OS::TripleO::Services::Frr
|
|
- OS::TripleO::Services::IpaClient
|
|
- OS::TripleO::Services::Ipsec
|
|
- OS::TripleO::Services::Iscsid
|
|
- OS::TripleO::Services::Kernel
|
|
- OS::TripleO::Services::LoginDefs
|
|
- OS::TripleO::Services::MetricsQdr
|
|
- OS::TripleO::Services::Multipathd
|
|
- OS::TripleO::Services::MySQLClient
|
|
- OS::TripleO::Services::NeutronBgpVpnBagpipe
|
|
- OS::TripleO::Services::NeutronLinuxbridgeAgent
|
|
- OS::TripleO::Services::NeutronVppAgent
|
|
- OS::TripleO::Services::NovaAZConfig
|
|
- OS::TripleO::Services::NovaCompute
|
|
- OS::TripleO::Services::NovaLibvirt
|
|
- OS::TripleO::Services::NovaLibvirtGuests
|
|
- OS::TripleO::Services::NovaMigrationTarget
|
|
- OS::TripleO::Services::ContainersLogrotateCrond
|
|
- OS::TripleO::Services::Podman
|
|
- OS::TripleO::Services::Rhsm
|
|
- OS::TripleO::Services::Rsyslog
|
|
- OS::TripleO::Services::RsyslogSidecar
|
|
- OS::TripleO::Services::Securetty
|
|
- OS::TripleO::Services::Snmp
|
|
- OS::TripleO::Services::Sshd
|
|
- OS::TripleO::Services::Timesync
|
|
- OS::TripleO::Services::Timezone
|
|
- OS::TripleO::Services::TripleoFirewall
|
|
- OS::TripleO::Services::TripleoPackages
|
|
- OS::TripleO::Services::Tuned
|
|
- OS::TripleO::Services::Vpp
|
|
- OS::TripleO::Services::OVNController
|
|
- OS::TripleO::Services::OVNMetadataAgent
|
|
###############################################################################
|
|
# Role: BlockStorage #
|
|
###############################################################################
|
|
- name: BlockStorage
|
|
description: |
|
|
Cinder Block Storage node role
|
|
tags:
|
|
- storage
|
|
networks:
|
|
InternalApi:
|
|
subnet: internal_api_subnet
|
|
Storage:
|
|
subnet: storage_subnet
|
|
StorageMgmt:
|
|
subnet: storage_mgmt_subnet
|
|
uses_deprecated_params: False
|
|
update_serial: 25
|
|
ServicesDefault:
|
|
- OS::TripleO::Services::Aide
|
|
- OS::TripleO::Services::AuditD
|
|
- OS::TripleO::Services::BlockStorageCinderVolume
|
|
- OS::TripleO::Services::BootParams
|
|
- OS::TripleO::Services::CACerts
|
|
- OS::TripleO::Services::Collectd
|
|
- OS::TripleO::Services::Frr
|
|
- OS::TripleO::Services::IpaClient
|
|
- OS::TripleO::Services::Ipsec
|
|
- OS::TripleO::Services::Iscsid
|
|
- OS::TripleO::Services::Kernel
|
|
- OS::TripleO::Services::LoginDefs
|
|
- OS::TripleO::Services::MetricsQdr
|
|
- OS::TripleO::Services::Multipathd
|
|
- OS::TripleO::Services::MySQLClient
|
|
- OS::TripleO::Services::ContainersLogrotateCrond
|
|
- OS::TripleO::Services::Podman
|
|
- OS::TripleO::Services::Rhsm
|
|
- OS::TripleO::Services::Rsyslog
|
|
- OS::TripleO::Services::RsyslogSidecar
|
|
- OS::TripleO::Services::Securetty
|
|
- OS::TripleO::Services::Snmp
|
|
- OS::TripleO::Services::Sshd
|
|
- OS::TripleO::Services::Timesync
|
|
- OS::TripleO::Services::Timezone
|
|
- OS::TripleO::Services::TripleoFirewall
|
|
- OS::TripleO::Services::TripleoPackages
|
|
- OS::TripleO::Services::Tuned
|
|
###############################################################################
|
|
# Role: ObjectStorage #
|
|
###############################################################################
|
|
- name: ObjectStorage
|
|
description: |
|
|
Swift Object Storage node role
|
|
tags:
|
|
- storage
|
|
networks:
|
|
InternalApi:
|
|
subnet: internal_api_subnet
|
|
Storage:
|
|
subnet: storage_subnet
|
|
StorageMgmt:
|
|
subnet: storage_mgmt_subnet
|
|
# Deprecated & backward-compatible values (FIXME: Make parameters consistent)
|
|
# Set uses_deprecated_params to True if any deprecated params are used.
|
|
uses_deprecated_params: True
|
|
deprecated_param_metadata: 'SwiftStorageServerMetadata'
|
|
deprecated_param_ips: 'SwiftStorageIPs'
|
|
deprecated_server_resource_name: 'SwiftStorage'
|
|
# SwiftStorage present so serial has to be 1
|
|
update_serial: 1
|
|
ServicesDefault:
|
|
- OS::TripleO::Services::Aide
|
|
- OS::TripleO::Services::AuditD
|
|
- OS::TripleO::Services::BootParams
|
|
- OS::TripleO::Services::CACerts
|
|
- OS::TripleO::Services::Collectd
|
|
- OS::TripleO::Services::Frr
|
|
- OS::TripleO::Services::IpaClient
|
|
- OS::TripleO::Services::Ipsec
|
|
- OS::TripleO::Services::Kernel
|
|
- OS::TripleO::Services::LoginDefs
|
|
- OS::TripleO::Services::MetricsQdr
|
|
- OS::TripleO::Services::MySQLClient
|
|
- OS::TripleO::Services::ContainersLogrotateCrond
|
|
- OS::TripleO::Services::Podman
|
|
- OS::TripleO::Services::Rhsm
|
|
- OS::TripleO::Services::Rsyslog
|
|
- OS::TripleO::Services::RsyslogSidecar
|
|
- OS::TripleO::Services::Securetty
|
|
- OS::TripleO::Services::Snmp
|
|
- OS::TripleO::Services::Sshd
|
|
- OS::TripleO::Services::SwiftRingBuilder
|
|
- OS::TripleO::Services::SwiftStorage
|
|
- OS::TripleO::Services::Timesync
|
|
- OS::TripleO::Services::Timezone
|
|
- OS::TripleO::Services::TripleoFirewall
|
|
- OS::TripleO::Services::TripleoPackages
|
|
- OS::TripleO::Services::Tuned
|
|
- OS::TripleO::Services::Ptp
|
|
###############################################################################
|
|
# Role: CephStorage #
|
|
###############################################################################
|
|
- name: CephStorage
|
|
description: |
|
|
Ceph OSD Storage node role
|
|
tags:
|
|
- ceph
|
|
- storage
|
|
networks:
|
|
Storage:
|
|
subnet: storage_subnet
|
|
StorageMgmt:
|
|
subnet: storage_mgmt_subnet
|
|
uses_deprecated_params: False
|
|
HostnameFormatDefault: '%stackname%-cephstorage-%index%'
|
|
# CephOSD present so serial has to be 1
|
|
update_serial: 1
|
|
rhsm_enforce: False
|
|
ServicesDefault:
|
|
- OS::TripleO::Services::Aide
|
|
- OS::TripleO::Services::AuditD
|
|
- OS::TripleO::Services::BootParams
|
|
- OS::TripleO::Services::CACerts
|
|
- OS::TripleO::Services::CephOSD
|
|
- OS::TripleO::Services::Collectd
|
|
- OS::TripleO::Services::Frr
|
|
- OS::TripleO::Services::IpaClient
|
|
- OS::TripleO::Services::Ipsec
|
|
- OS::TripleO::Services::Kernel
|
|
- OS::TripleO::Services::LoginDefs
|
|
- OS::TripleO::Services::MetricsQdr
|
|
- OS::TripleO::Services::MySQLClient
|
|
- OS::TripleO::Services::ContainersLogrotateCrond
|
|
- OS::TripleO::Services::Podman
|
|
- OS::TripleO::Services::Rhsm
|
|
- OS::TripleO::Services::Rsyslog
|
|
- OS::TripleO::Services::RsyslogSidecar
|
|
- OS::TripleO::Services::Securetty
|
|
- OS::TripleO::Services::Snmp
|
|
- OS::TripleO::Services::Sshd
|
|
- OS::TripleO::Services::Timesync
|
|
- OS::TripleO::Services::Timezone
|
|
- OS::TripleO::Services::TripleoFirewall
|
|
- OS::TripleO::Services::TripleoPackages
|
|
- OS::TripleO::Services::Tuned
|
|
|