tripleo-heat-templates/overcloud-resource-registry-puppet.j2.yaml
katarimanoj b624324e63 new tht for Cinder NFS backend
Currently, Cinder NFS storage backend is configured as part of
cinder-volume-container-puppet.yaml.

This change will just relocate the existing cinder NFS parameters in their
own template. There are no new parameters, and the existing parameters
retain the same default values.

Change-Id: I10364adb761cc225173cc437cf2876ed7e896f19
2022-09-21 21:43:08 +05:30

518 lines
30 KiB
YAML

{% set _service_nets = {} %}
{% for network in networks if network.enabled|default(true) %}
{% if network.service_net_map_replace is defined %}
{% set _ = _service_nets.update({network.service_net_map_replace:network.name_lower}) %}
{% else %}
{% set _ = _service_nets.update({network.name_lower:network.name_lower}) %}
{% endif %}
{% endfor %}
resource_registry:
OS::Heat::SoftwareDeployment: config-download-software.yaml
OS::Heat::StructuredDeployment: config-download-structured.yaml
OS::TripleO::PostDeploySteps: common/post.yaml
OS::TripleO::AllNodesDeployment: OS::Heat::None
OS::TripleO::DefaultPasswords: OS::Heat::None
OS::TripleO::RandomString: OS::Heat::None
{% for role in roles %}
OS::TripleO::{{role.name}}::PreNetworkConfig: OS::Heat::None
OS::TripleO::{{role.name}}PostDeploySteps: common/post.yaml
OS::TripleO::{{role.name}}: puppet/{{role.name.lower()}}-role.yaml
OS::TripleO::Tasks::{{role.name}}PreConfig: OS::Heat::None
OS::TripleO::Tasks::{{role.name}}PostConfig: OS::Heat::None
OS::TripleO::{{role.name}}ExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml
OS::TripleO::{{role.name}}::Net::SoftwareConfig: OS::Heat::None
# Port assignments for the {{role.name}} role
{%- for network in networks if network.enabled|default(true) and network.name in role.networks|default([]) %}
OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: network/ports/noop.yaml
{%- endfor %}
{% endfor %}
{% for role in roles %}
OS::TripleO::{{role.name}}ServiceServerMetadataHook: OS::Heat::None
{%- endfor %}
OS::TripleO::Server: deployed-server/deployed-server.yaml
{% for role in roles %}
OS::TripleO::{{role.name}}Server: OS::TripleO::Server
{% endfor %}
# Hooks for operator extra config
# ControllerExtraConfigPre == Controller configuration pre service deployment
# NodeExtraConfig == All nodes configuration pre service deployment
# NodeExtraConfigPost == All nodes configuration post service deployment
OS::TripleO::NodeTLSCAData: OS::Heat::None
OS::TripleO::NodeTLSData: OS::Heat::None
OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml
OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml
# "AllNodes" Extra cluster config, runs on all nodes prior to the post_deploy
# phase, e.g when puppet is applied, but after the pre_deploy phase. Useful when
# configuration with knowledge of all nodes in the cluster is required vs single
# node configuration in the pre_deploy step.
# See extraconfig/all_nodes/* for examples
OS::TripleO::AllNodesExtraConfig: OS::Heat::None
# TripleO overcloud networks
OS::TripleO::Network: network/networks.yaml
{%- for network in networks if network.enabled|default(true) %}
OS::TripleO::Network::{{network.name}}: OS::Heat::None
{%- endfor %}
OS::TripleO::Network::ExtraConfig: OS::Heat::None
OS::TripleO::Network::Ports::NetVipMap: network/ports/net_ip_map.yaml
OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml
OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml
OS::TripleO::Network::Ports::RedisVipPort: OS::Heat::None
OS::TripleO::Network::Ports::OVNDBsVipPort: OS::Heat::None
# Port assignments for the VIPs
{%- for network in networks if network.vip|default(false) and network.enabled|default(true) %}
OS::TripleO::Network::Ports::{{network.name}}VipPort: network/ports/noop.yaml
{%- endfor %}
OS::TripleO::Network::Ports::ControlPlaneVipPort: OS::Neutron::Port
# Service to network Mappings
OS::TripleO::ServiceNetMap: network/service_net_map.yaml
# Service Endpoint Mappings
OS::TripleO::EndpointMap: network/endpoints/endpoint_map.yaml
OS::TripleO::DeployedServerEnvironment: OS::Heat::None
OS::TripleO::DeploymentSteps: OS::Heat::None
OS::TripleO::WorkflowSteps: OS::Heat::None
# services
{%- for role in roles %}
OS::TripleO::{{role.name}}Services: common/services/{{role.name.lower()}}-role.yaml
{%- endfor %}
OS::TripleO::Services::Aide: OS::Heat::None
OS::TripleO::Services::Apache: deployment/apache/apache-baremetal-puppet.yaml
OS::TripleO::Services::CACerts: deployment/certs/ca-certs-baremetal-puppet.yaml
OS::TripleO::Services::CephMds: OS::Heat::None
OS::TripleO::Services::CephMgr: OS::Heat::None
OS::TripleO::Services::CephMon: OS::Heat::None
OS::TripleO::Services::CephRbdMirror: OS::Heat::None
OS::TripleO::Services::CephRgw: OS::Heat::None
OS::TripleO::Services::CephOSD: OS::Heat::None
OS::TripleO::Services::CephGrafana: OS::Heat::None
OS::TripleO::Services::CephClient: OS::Heat::None
OS::TripleO::Services::CephNfs: OS::Heat::None
OS::TripleO::Services::CephExternal: OS::Heat::None
OS::TripleO::Services::CephIngress: OS::Heat::None
OS::TripleO::Services::CinderApi: deployment/cinder/cinder-api-container-puppet.yaml
OS::TripleO::Services::CinderBackup: OS::Heat::None
# NFS Backend is still optional unless it is explicitly enabled, this is just a separate template.
# This is done in order to retain the legacy behavior, and avoid accidental problems when doing an update.
OS::TripleO::Services::CinderBackendNfs: deployment/cinder/cinder-backend-nfs-puppet.yaml
OS::TripleO::Services::CinderScheduler: deployment/cinder/cinder-scheduler-container-puppet.yaml
OS::TripleO::Services::CinderVolume: deployment/cinder/cinder-volume-pacemaker-puppet.yaml
# BlockStorageCinderVolume uses the non-pcmk cinder-volume template
OS::TripleO::Services::BlockStorageCinderVolume: deployment/cinder/cinder-volume-container-puppet.yaml
OS::TripleO::Services::Keystone: deployment/keystone/keystone-container-puppet.yaml
OS::TripleO::Services::GlanceApi: deployment/glance/glance-api-container-puppet.yaml
OS::TripleO::Services::HeatApi: deployment/heat/heat-api-container-puppet.yaml
OS::TripleO::Services::HeatApiCfn: deployment/heat/heat-api-cfn-container-puppet.yaml
OS::TripleO::Services::HeatEngine: deployment/heat/heat-engine-container-puppet.yaml
OS::TripleO::Services::HeatEphemeral: OS::Heat::None
OS::TripleO::Services::Kernel: deployment/kernel/kernel-baremetal-ansible.yaml
OS::TripleO::Services::MySQL: deployment/database/mysql-pacemaker-puppet.yaml
OS::TripleO::Services::NeutronBgpVpnApi: OS::Heat::None
OS::TripleO::Services::NeutronBgpVpnBagpipe: OS::Heat::None
OS::TripleO::Services::NeutronSfcApi: OS::Heat::None
OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
OS::TripleO::Services::NeutronL2gwApi: OS::Heat::None
OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::OVNMetadataAgent: deployment/ovn/ovn-metadata-container-puppet.yaml
OS::TripleO::Services::NeutronApi: deployment/neutron/neutron-api-container-puppet.yaml
OS::TripleO::Services::NeutronCorePlugin: deployment/neutron/neutron-plugin-ml2-container-puppet.yaml
# can be the same as NeutronCorePlugin but some vendors install different
# things where VMs run
OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
# Neutron Core Plugin Vendors (these typically override NeutronCorePlugin)
OS::TripleO::Services::NeutronCorePluginML2OVN: deployment/neutron/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::OVNDBs: deployment/ovn/ovn-dbs-cluster-ansible.yaml
OS::TripleO::Services::OVNController: deployment/ovn/ovn-controller-container-puppet.yaml
OS::TripleO::Services::OvsDpdkNetcontrold: OS::Heat::None
OS::TripleO::Services::NeutronCorePluginMLNXSDN: deployment/neutron/neutron-plugin-ml2-mlnx-sdn-assist-container-puppet.yaml
OS::TripleO::Services::NeutronCorePluginVTS: deployment/neutron/neutron-plugin-ml2-cisco-vts-container-puppet.yaml
OS::TripleO::Services::NeutronCorePluginML2Ansible: deployment/deprecated/neutron/neutron-plugin-ml2-ansible-container-puppet.yaml
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::NeutronLinuxbridgeAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsDpdk: OS::Heat::None
OS::TripleO::Services::Pacemaker: deployment/pacemaker/pacemaker-baremetal-puppet.yaml
OS::TripleO::Services::PacemakerRemote: deployment/pacemaker/pacemaker-remote-baremetal-puppet.yaml
OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None
OS::TripleO::Services::NeutronMlnxAgent: OS::Heat::None
OS::TripleO::Services::NeutronAgentsIBConfig: OS::Heat::None
OS::TripleO::Services::OsloMessagingRpc: deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml
OS::TripleO::Services::OsloMessagingNotify: deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml
OS::TripleO::Services::RabbitMQ: OS::Heat::None
OS::TripleO::Services::Qdr: OS::Heat::None
OS::TripleO::Services::HAproxy: deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::HAProxyPublicTLS: deployment/haproxy/haproxy-public-tls-inject.yaml
OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None
OS::TripleO::Services::Iscsid: deployment/iscsid/iscsid-container-puppet.yaml
OS::TripleO::Services::Memcached: deployment/memcached/memcached-container-puppet.yaml
OS::TripleO::Services::Tuned: deployment/tuned/tuned-baremetal-ansible.yaml
OS::TripleO::Services::Securetty: OS::Heat::None
# TODO(aschultz): Remove this in U as we switched to a task in the deploy
OS::TripleO::Services::SELinux: OS::Heat::None
OS::TripleO::Services::Sshd: deployment/sshd/sshd-baremetal-ansible.yaml
OS::TripleO::Services::Redis: OS::Heat::None
OS::TripleO::Services::NovaApi: deployment/nova/nova-api-container-puppet.yaml
OS::TripleO::Services::NovaCompute: deployment/nova/nova-compute-container-puppet.yaml
OS::TripleO::Services::NovaConductor: deployment/nova/nova-conductor-container-puppet.yaml
OS::TripleO::Services::NovaLibvirt: deployment/nova/nova-modular-libvirt-container-puppet.yaml
OS::TripleO::Services::NovaLibvirtGuests: deployment/nova/nova-libvirt-guests-container-puppet.yaml
OS::TripleO::Services::NovaManager: deployment/nova/nova-manager-container-puppet.yaml
OS::TripleO::Services::NovaMetadata: deployment/nova/nova-metadata-container-puppet.yaml
OS::TripleO::Services::NovaMigrationTarget: deployment/nova/nova-migration-target-container-puppet.yaml
OS::TripleO::Services::PlacementApi: deployment/placement/placement-api-container-puppet.yaml
OS::TripleO::Services::NovaScheduler: deployment/nova/nova-scheduler-container-puppet.yaml
OS::TripleO::Services::NovaVncProxy: deployment/nova/nova-vnc-proxy-container-puppet.yaml
OS::TripleO::Services::NovaAZConfig: OS::Heat::None
OS::TripleO::Services::ContainersLogrotateCrond: deployment/logrotate/logrotate-crond-container-puppet.yaml
OS::TripleO::Services::SwiftProxy: deployment/swift/swift-proxy-container-puppet.yaml
OS::TripleO::Services::SwiftDispersion: OS::Heat::None
OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None
OS::TripleO::Services::SwiftStorage: deployment/swift/swift-storage-container-puppet.yaml
OS::TripleO::Services::SwiftRingBuilder: deployment/swift/swift-ringbuilder-container-puppet.yaml
OS::TripleO::Services::Snmp: deployment/snmp/snmp-baremetal-puppet.yaml
OS::TripleO::Services::Timezone: deployment/time/timezone-baremetal-ansible.yaml
OS::TripleO::Services::UndercloudRemoveNovajoin: OS::Heat::None
OS::TripleO::Services::UndercloudTLS: OS::Heat::None
OS::TripleO::Services::CeilometerAgentCentral: OS::Heat::None
OS::TripleO::Services::CeilometerAgentIpmi: OS::Heat::None
OS::TripleO::Services::CeilometerAgentNotification: OS::Heat::None
OS::TripleO::Services::ComputeCeilometerAgent: OS::Heat::None
OS::TripleO::Services::Horizon: deployment/horizon/horizon-container-puppet.yaml
#Gnocchi services
OS::TripleO::Services::GnocchiApi: OS::Heat::None
OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
OS::TripleO::Services::GnocchiStatsd: OS::Heat::None
# Time sync services
OS::TripleO::Services::Chrony: deployment/timesync/chrony-baremetal-ansible.yaml
OS::TripleO::Services::Ptp: OS::Heat::None
OS::TripleO::Services::Timesync: OS::TripleO::Services::Chrony
OS::TripleO::Services::TimeMaster: deployment/timemaster/timemaster-baremetal-ansible.yaml
# Services that are disabled by default (use relevant environment files):
OS::TripleO::Services::IpaClient: OS::Heat::None
OS::TripleO::Services::Ipsec: OS::Heat::None
OS::TripleO::Services::Rhsm: OS::Heat::None
OS::TripleO::Services::MasqueradeNetworks: OS::Heat::None
OS::TripleO::Services::TripleoValidations: OS::Heat::None
OS::TripleO::Services::UndercloudUpgrade: OS::Heat::None
OS::TripleO::Services::Collectd: OS::Heat::None
OS::TripleO::Services::ManilaApi: OS::Heat::None
OS::TripleO::Services::ManilaScheduler: OS::Heat::None
OS::TripleO::Services::ManilaShare: OS::Heat::None
OS::TripleO::Services::ManilaBackendFlashBlade: OS::Heat::None
OS::TripleO::Services::ManilaBackendIsilon: OS::Heat::None
OS::TripleO::Services::ManilaBackendNetapp: OS::Heat::None
OS::TripleO::Services::ManilaBackendPowerMax: OS::Heat::None
OS::TripleO::Services::ManilaBackendUnity: OS::Heat::None
OS::TripleO::Services::ManilaBackendVMAX: OS::Heat::None
OS::TripleO::Services::ManilaBackendCephFs: OS::Heat::None
OS::TripleO::Services::ManilaBackendVNX: OS::Heat::None
OS::TripleO::Services::ComputeNeutronL3Agent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::BarbicanApi: OS::Heat::None
OS::TripleO::Services::BarbicanBackendSimpleCrypto: OS::Heat::None
OS::TripleO::Services::BarbicanBackendDogtag: OS::Heat::None
OS::TripleO::Services::BarbicanBackendKmip: OS::Heat::None
OS::TripleO::Services::BarbicanBackendPkcs11Crypto: OS::Heat::None
OS::TripleO::Services::BarbicanClient: OS::Heat::None
OS::TripleO::Services::AodhApi: OS::Heat::None
OS::TripleO::Services::AodhEvaluator: OS::Heat::None
OS::TripleO::Services::AodhListener: OS::Heat::None
OS::TripleO::Services::AodhNotifier: OS::Heat::None
OS::TripleO::Services::MetricsQdr: OS::Heat::None
OS::TripleO::Services::IronicApi: OS::Heat::None
OS::TripleO::Services::IronicConductor: OS::Heat::None
OS::TripleO::Services::IronicInspector: OS::Heat::None
OS::TripleO::Services::IronicPxe: OS::Heat::None
OS::TripleO::Services::IronicNeutronAgent: OS::Heat::None
OS::TripleO::Services::NovaIronic: OS::Heat::None
OS::TripleO::Services::TripleoFirewall: deployment/tripleo-firewall/tripleo-firewall-baremetal-ansible.yaml
OS::TripleO::Services::TripleoPackages: deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml
OS::TripleO::Services::OpenStackClients: OS::Heat::None
OS::TripleO::Services::TLSProxyBase: OS::Heat::None
OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCSc: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCPowerFlex: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCPowermax: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCPowerStore: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCUnity: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCVNX: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCXtremio: OS::Heat::None
OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None
OS::TripleO::Services::CinderBackendPure: OS::Heat::None
OS::TripleO::Services::CinderBackendNVMeOF: OS::Heat::None
OS::TripleO::Services::CinderVolumeEdge: OS::Heat::None
OS::TripleO::Services::Etcd: OS::Heat::None
OS::TripleO::Services::AuditD: OS::Heat::None
OS::TripleO::Services::OctaviaApi: OS::Heat::None
OS::TripleO::Services::OctaviaHealthManager: OS::Heat::None
OS::TripleO::Services::OctaviaHousekeeping: OS::Heat::None
OS::TripleO::Services::OctaviaWorker: OS::Heat::None
OS::TripleO::Services::OctaviaDeploymentConfig: OS::Heat::None
OS::TripleO::Services::MySQLClient: deployment/database/mysql-client.yaml
OS::TripleO::Services::Vpp: OS::Heat::None
OS::TripleO::Services::NeutronVppAgent: OS::Heat::None
OS::TripleO::Services::Podman: deployment/podman/podman-baremetal-ansible.yaml
OS::TripleO::Services::Docker: OS::Heat::None
OS::TripleO::Services::DockerRegistry: OS::Heat::None
OS::TripleO::Services::ContainerImagePrepare: deployment/container-image-prepare/container-image-prepare-baremetal-ansible.yaml
# TODO(xek): Remove this in Y as we switched to requesting certificates inside the relevant service's templates with ansible
OS::TripleO::Services::CertmongerUser: OS::Heat::None
OS::TripleO::Services::Clustercheck: deployment/pacemaker/clustercheck-container-puppet.yaml
OS::TripleO::Services::Rsyslog: OS::Heat::None
OS::TripleO::Services::RsyslogSidecar: OS::Heat::None
OS::TripleO::Services::LoginDefs: OS::Heat::None
OS::TripleO::Services::ComputeInstanceHA: OS::Heat::None
OS::TripleO::Services::DesignateApi: OS::Heat::None
OS::TripleO::Services::DesignateCentral: OS::Heat::None
OS::TripleO::Services::DesignateProducer: OS::Heat::None
OS::TripleO::Services::DesignateWorker: OS::Heat::None
OS::TripleO::Services::DesignateMDNS: OS::Heat::None
OS::TripleO::Services::DesignateSink: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
OS::TripleO::Services::NeutronMl2PluginBase: deployment/neutron/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::Multipathd: OS::Heat::None
OS::TripleO::Services::GlanceApiEdge: OS::Heat::None
OS::TripleO::Services::HAproxyEdge: OS::Heat::None
OS::TripleO::Services::Frr: OS::Heat::None
OS::TripleO::Services::Unbound: OS::Heat::None
# Logging
OS::TripleO::Services::Tmpwatch: deployment/logrotate/tmpwatch-install.yaml
OS::TripleO::Services::Logging::BarbicanApi: deployment/logging/files/barbican-api.yaml
OS::TripleO::Services::Logging::GlanceApi: deployment/logging/files/glance-api.yaml
OS::TripleO::Services::Logging::HAProxy: deployment/logging/files/haproxy.yaml
OS::TripleO::Services::Logging::HeatApi: deployment/logging/files/heat-api.yaml
OS::TripleO::Services::Logging::HeatApiCfn: deployment/logging/files/heat-api-cfn.yaml
OS::TripleO::Services::Logging::HeatEngine: deployment/logging/files/heat-engine.yaml
OS::TripleO::Services::Logging::Keystone: deployment/logging/files/keystone.yaml
OS::TripleO::Services::Logging::NeutronApi: deployment/logging/files/neutron-api.yaml
OS::TripleO::Services::Logging::NeutronCommon: deployment/logging/files/neutron-common.yaml
OS::TripleO::Services::Logging::NovaApi: deployment/logging/files/nova-api.yaml
OS::TripleO::Services::Logging::NovaMetadata: deployment/logging/files/nova-metadata.yaml
OS::TripleO::Services::Logging::NovaCommon: deployment/logging/files/nova-common.yaml
OS::TripleO::Services::Logging::NovaLibvirt: deployment/logging/files/nova-libvirt.yaml
OS::TripleO::Services::Logging::PlacementApi: deployment/logging/files/placement-api.yaml
# Tempest
OS::TripleO::Services::Tempest: OS::Heat::None
OS::TripleO::Services::BootParams: deployment/kernel/kernel-boot-params-baremetal-ansible.yaml
parameter_merge_strategies:
ServiceNetMap: merge
VipSubnetMap: merge
EndpointMap: merge
SshServerOptions: merge
ExtraConfig: merge
{% for role in roles %}
{{role.name}}Parameters: merge
{{role.name}}ExtraConfig: merge
{% endfor %}
parameter_defaults:
NeutronMechanismDrivers: ovn
ContainerCli: podman
EnablePackageInstall: false
SoftwareConfigTransport: POLL_SERVER_HEAT
OVNIntegrationBridge: br-int
ExtraConfig: {}
{% for role in roles %}
# Parameters generated for {{role.name}} Role
{{role.name}}Services: {{role.ServicesDefault|default([])}}
{{role.name}}Parameters: {}
{{role.name}}ExtraConfig: {}
{% endfor %}
ServiceNetMap:
ApacheNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
NeutronTenantNetwork: {{ _service_nets.get('tenant', 'ctlplane') }}
AodhApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
BarbicanApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
GnocchiApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
MongodbNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
CinderApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
CinderIscsiNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
GlanceApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
GlanceApiEdgeNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
IronicApiNetwork: ctlplane
IronicNetwork: ctlplane
IronicInspectorNetwork: ctlplane
KeystoneAdminApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
KeystonePublicApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
ManilaApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
NeutronApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
OctaviaApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
HeatApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
HeatApiCfnNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
NovaApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
PlacementNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
NovaMetadataNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
NovaLibvirtNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
SwiftStorageNetwork: {{ _service_nets.get('storage_mgmt', 'ctlplane') }}
SwiftProxyNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
HorizonNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
MemcachedNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
OsloMessagingRpcNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
OsloMessagingNotifyNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
RabbitmqNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
RabbitmqManagementNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
QdrNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
RedisNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
# Guest VMs use GaneshaNetwork and can not reach ctlplane network,
# so default to external when storage_nfs is not available.
GaneshaNetwork: {{ _service_nets.get('storage_nfs', _service_nets.get('external', 'ctlplane')) }}
MysqlNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
SnmpdNetwork: ctlplane
CephClusterNetwork: {{ _service_nets.get('storage_mgmt', 'ctlplane') }}
CephDashboardNetwork: {{ _service_nets.get('storage_dashboard', 'ctlplane') }}
CephGrafanaNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
CephIngressNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
CephMonNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
CephRgwNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
PublicNetwork: {{ _service_nets.get('external', 'ctlplane') }}
InternalApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
OpendaylightApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
OvnDbsNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
DockerRegistryNetwork: ctlplane
PacemakerNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
PacemakerRemoteNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
DesignateApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
DesignateMdnsNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
DesignateWorkerNetwork: {{ _service_nets.get('external', 'ctlplane') }}
DesignateBindNetwork: {{ _service_nets.get('external', 'ctlplane') }}
BINDNetwork: {{ _service_nets.get('external', 'ctlplane') }}
EtcdNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
# HaproxyNetwork currently only controls the haproxy.stats network binding
HaproxyNetwork: ctlplane
UnboundNetwork: {{ _service_nets.get('external', 'ctlplane') }}
# We special-case the default ResolveNetwork and MetricsQdrNetwork for the Ceph roles
# for backwards compatibility, all other roles default to internal_api
{%- for role in roles %}
{%- if 'ceph' in role.tags|default([]) %}
{{role.name}}HostnameResolveNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
{{role.name}}MetricsQdrNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
{%- else %}
{{role.name}}HostnameResolveNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
{{role.name}}MetricsQdrNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
{%- endif %}
{%- endfor %}
VipSubnetMap:
ctlplane: ctlplane-subnet
{%- for network in networks if network.vip|default(false) %}
{{network.name}}: {{network.name_lower}}_subnet
{%- endfor %}
redis: {{ _service_nets.get('internal_api', 'ctlplane') }}_subnet
ovn_dbs: {{ _service_nets.get('internal_api', 'ctlplane') }}_subnet
EndpointMap:
AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS}
AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS}
AodhPublic: {protocol: http, port: '8042', host: IP_ADDRESS}
BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS}
BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS}
BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS}
CephDashboardInternal: {protocol: http, port: '8444', host: IP_ADDRESS}
CephGrafanaInternal: {protocol: http, port: '3100', host: IP_ADDRESS}
CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
CephRgwPublic: {protocol: http, port: '8080', host: IP_ADDRESS}
CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS}
CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS}
CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS}
DesignateAdmin: {protocol: 'http', port: '9001', host: IP_ADDRESS}
DesignateInternal: {protocol: 'http', port: '9001', host: IP_ADDRESS}
DesignatePublic: {protocol: 'http', port: '9001', host: IP_ADDRESS}
DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS}
GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS}
GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS}
GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS}
GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS}
GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS}
GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS}
GnocchiPublic: {protocol: http, port: '8041', host: IP_ADDRESS}
HeatAdmin: {protocol: http, port: '8004', host: IP_ADDRESS}
HeatInternal: {protocol: http, port: '8004', host: IP_ADDRESS}
HeatPublic: {protocol: http, port: '8004', host: IP_ADDRESS}
HeatCfnAdmin: {protocol: http, port: '8000', host: IP_ADDRESS}
HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS}
HeatCfnPublic: {protocol: http, port: '8000', host: IP_ADDRESS}
HorizonPublic: {protocol: http, port: '80', host: IP_ADDRESS}
IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS}
IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS}
IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS}
IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS}
IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS}
IronicInspectorPublic: {protocol: http, port: '5050', host: IP_ADDRESS}
KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS}
KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS}
KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS}
ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS}
ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS}
ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS}
MetricsQdrPublic: {protocol: 'amqp', port: '5666', host: IP_ADDRESS}
MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS}
NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS}
NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS}
NeutronPublic: {protocol: http, port: '9696', host: IP_ADDRESS}
NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS}
NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS}
NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS}
NovaMetadataInternal: {protocol: http, port: '8775', host: IP_ADDRESS}
PlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS}
PlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS}
PlacementPublic: {protocol: http, port: '8778', host: IP_ADDRESS}
NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS}
NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS}
NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS}
OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS}
OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS}
OctaviaPublic: {protocol: http, port: '9876', host: IP_ADDRESS}
SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS}
SshServerOptions:
HostKey:
- '/etc/ssh/ssh_host_rsa_key'
- '/etc/ssh/ssh_host_ecdsa_key'
- '/etc/ssh/ssh_host_ed25519_key'
SyslogFacility: 'AUTHPRIV'
AuthorizedKeysFile: '.ssh/authorized_keys'
ChallengeResponseAuthentication: 'no'
GSSAPIAuthentication: 'no'
GSSAPICleanupCredentials: 'no'
UsePAM: 'yes'
UseDNS: 'no'
X11Forwarding: 'yes'
AcceptEnv:
- 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
- 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
- 'LC_IDENTIFICATION LC_ALL LANGUAGE'
- 'XMODIFIERS'
Subsystem: 'sftp /usr/libexec/openssh/sftp-server'