2b7cb19876
I89cff59947dda3f51482486c41a3d67c4aa36a3e broke SSH access on the Undercloud, we shouldn't be that restrictive by default for the undercloud and standalone (as deployed via tripleo deploy). This change adds a new parameter called SshFirewallAllowAll that can be used to include an allow all for ssh. By default it is disabled when deploying the overcloud but is used by the undercloud and standalone to allow access after installation. Change-Id: Ie548f7216610e15af24c96f65a58cc8de603235c Co-Authored-By: Alex Schultz <aschultz@redhat.com>
291 lines
12 KiB
YAML
291 lines
12 KiB
YAML
#
|
|
# This environment generator is used to generate some sample composable role
|
|
# environment files.
|
|
#
|
|
environments:
|
|
-
|
|
name: standalone/standalone-tripleo
|
|
title: Standalone Environment (no undercloud)
|
|
description: |
|
|
A Heat environment that can be used to deploy a single node all-in-one
|
|
node via the 'overcloud tripleo deploy' command. This does not
|
|
require an Undercloud for the deployment and can be used to deploy
|
|
a single node on the local machine.
|
|
|
|
By default we only want the following OpenStack services to be enabled:
|
|
* Keystone
|
|
* Nova (and related)
|
|
* Neutron (and related)
|
|
* Glance
|
|
* Cinder
|
|
* Swift (single replica mode)
|
|
* Horizon
|
|
This file disables any other OpenStack services that would normally be
|
|
enabled.
|
|
|
|
openstack overcloud roles generate -o ~/roles_data.yaml Standalone
|
|
files:
|
|
docker/services/swift-storage.yaml:
|
|
parameters:
|
|
- SwiftReplicas
|
|
deployment/time/ntp-baremetal-puppet.yaml:
|
|
parameters:
|
|
- NtpServer
|
|
deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml:
|
|
parameters:
|
|
- EnablePackageInstall
|
|
deployment/sshd/sshd-baremetal-puppet.yaml:
|
|
parameters:
|
|
- SshFirewallAllowAll
|
|
# TODO(aschultz): hack to pull in this config transport, not sure it is
|
|
# still neded.
|
|
puppet/controller-role.yaml:
|
|
parameters:
|
|
- SoftwareConfigTransport
|
|
- DnsServers
|
|
puppet/all-nodes-config.yaml:
|
|
parameters:
|
|
- StackAction
|
|
sample-env-generator/standalone.yaml:
|
|
parameters:
|
|
- AddVipsToEtcHosts
|
|
sample_values:
|
|
StackAction: CREATE
|
|
SoftwareConfigTransport: POLL_SERVER_HEAT
|
|
EnablePackageInstall: true
|
|
SwiftReplicas: 1
|
|
SshFirewallAllowAll: true
|
|
resource_registry:
|
|
# this network config is assumed by the tripleo deploy command
|
|
OS::TripleO::Network::Ports::RedisVipPort: ../../network/ports/noop.yaml
|
|
OS::TripleO::Network::Ports::ControlPlaneVipPort: ../../deployed-server/deployed-neutron-port.yaml
|
|
OS::TripleO::Standalone::Net::SoftwareConfig: ../../net-config-standalone.yaml
|
|
OS::TripleO::NodeExtraConfigPost: ../../extraconfig/post_deploy/standalone_post.yaml
|
|
|
|
# Manage SELinux
|
|
OS::TripleO::Services::SELinux: ../../puppet/services/selinux.yaml
|
|
|
|
OS::TripleO::Services::OpenStackClients: ../../puppet/services/openstack-clients.yaml
|
|
|
|
# Activate container image prepare
|
|
OS::TripleO::Services::ContainerImagePrepare: ../../puppet/services/container-image-prepare.yaml
|
|
OS::TripleO::Services::Podman: ../../deployment/podman/podman-baremetal-ansible.yaml
|
|
OS::TripleO::Services::DockerRegistry: ../../deployment/docker/docker-registry-baremetal-ansible.yaml
|
|
|
|
# Disable non-openstack services that are enabled by default
|
|
OS::TripleO::Services::HAproxy: OS::Heat::None
|
|
OS::TripleO::Services::Keepalived: OS::Heat::None
|
|
OS::TripleO::Services::Kubernetes::Master: OS::Heat::None
|
|
OS::TripleO::Services::Kubernetes::Worker: OS::Heat::None
|
|
|
|
# Aodh
|
|
OS::TripleO::Services::AodhApi: OS::Heat::None
|
|
OS::TripleO::Services::AodhEvaluator: OS::Heat::None
|
|
OS::TripleO::Services::AodhEvaluator: OS::Heat::None
|
|
OS::TripleO::Services::AodhListener: OS::Heat::None
|
|
OS::TripleO::Services::AodhNotifier: OS::Heat::None
|
|
# Barbican
|
|
OS::TripleO::Services::BarbicanApi: OS::Heat::None
|
|
OS::TripleO::Services::BarbicanBackendDogtag: OS::Heat::None
|
|
OS::TripleO::Services::BarbicanBackendKmip: OS::Heat::None
|
|
OS::TripleO::Services::BarbicanBackendPkcs11Crypto: OS::Heat::None
|
|
OS::TripleO::Services::BarbicanBackendSimpleCrypto: OS::Heat::None
|
|
# Ceilometer
|
|
OS::TripleO::Services::CeilometerAgentCentral: OS::Heat::None
|
|
OS::TripleO::Services::CeilometerAgentNotification: OS::Heat::None
|
|
OS::TripleO::Services::ComputeCeilometerAgent: OS::Heat::None
|
|
# Congress
|
|
OS::TripleO::Services::Congress: OS::Heat::None
|
|
# Designate
|
|
OS::TripleO::Services::DesignateApi: OS::Heat::None
|
|
OS::TripleO::Services::DesignateCentral: OS::Heat::None
|
|
OS::TripleO::Services::DesignateMDNS: OS::Heat::None
|
|
OS::TripleO::Services::DesignateProducer: OS::Heat::None
|
|
OS::TripleO::Services::DesignateSink: OS::Heat::None
|
|
OS::TripleO::Services::DesignateWorker: OS::Heat::None
|
|
# Gnocchi
|
|
OS::TripleO::Services::GnocchiApi: OS::Heat::None
|
|
OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
|
|
OS::TripleO::Services::GnocchiStatsd: OS::Heat::None
|
|
# Heat
|
|
OS::TripleO::Services::HeatApi: OS::Heat::None
|
|
OS::TripleO::Services::HeatApiCfn: OS::Heat::None
|
|
OS::TripleO::Services::HeatApiCloudwatch: OS::Heat::None
|
|
OS::TripleO::Services::HeatEngine: OS::Heat::None
|
|
# Ironic
|
|
OS::TripleO::Services::IronicApi: OS::Heat::None
|
|
OS::TripleO::Services::IronicConductor: OS::Heat::None
|
|
OS::TripleO::Services::IronicInspector: OS::Heat::None
|
|
OS::TripleO::Services::IronicNeutronAgent: OS::Heat::None
|
|
OS::TripleO::Services::IronicPxe: OS::Heat::None
|
|
# Manila
|
|
OS::TripleO::Services::ManilaApi: OS::Heat::None
|
|
OS::TripleO::Services::ManilaBackendCephFs: OS::Heat::None
|
|
OS::TripleO::Services::ManilaBackendIsilon: OS::Heat::None
|
|
OS::TripleO::Services::ManilaBackendNetapp: OS::Heat::None
|
|
OS::TripleO::Services::ManilaBackendUnity: OS::Heat::None
|
|
OS::TripleO::Services::ManilaBackendVMAX: OS::Heat::None
|
|
OS::TripleO::Services::ManilaBackendVNX: OS::Heat::None
|
|
OS::TripleO::Services::ManilaScheduler: OS::Heat::None
|
|
OS::TripleO::Services::ManilaShare: OS::Heat::None
|
|
# Mistral
|
|
OS::TripleO::Services::MistralApi: OS::Heat::None
|
|
OS::TripleO::Services::MistralEngine: OS::Heat::None
|
|
OS::TripleO::Services::MistralEventEngine: OS::Heat::None
|
|
OS::TripleO::Services::MistralExecutor: OS::Heat::None
|
|
# Panko
|
|
OS::TripleO::Services::PankoApi: OS::Heat::None
|
|
# Redis
|
|
OS::TripleO::Services::Redis: OS::Heat::None
|
|
# Sahara
|
|
OS::TripleO::Services::SaharaApi: OS::Heat::None
|
|
OS::TripleO::Services::SaharaEngine: OS::Heat::None
|
|
# Tacker
|
|
OS::TripleO::Services::Tacker: OS::Heat::None
|
|
# Zaqar
|
|
OS::TripleO::Services::Zaqar: OS::Heat::None
|
|
|
|
-
|
|
name: standalone/standalone-overcloud
|
|
title: Standalone Environment (via undercloud)
|
|
description: |
|
|
A Heat environment that can be used to deploy a single node all-in-one
|
|
node via an Undercloud using the normal Overcloud deployment process.
|
|
|
|
By default we only want the following OpenStack services to be enabled:
|
|
* Keystone
|
|
* Nova (and related)
|
|
* Neutron (and related)
|
|
* Glance
|
|
* Cinder
|
|
* Swift (single replica mode)
|
|
* Horizon
|
|
This file disables any other OpenStack services that would normally be
|
|
enabled.
|
|
|
|
openstack overcloud roles generate -o ~/roles_data.yaml Standalone
|
|
files:
|
|
docker/services/swift-storage.yaml:
|
|
parameters:
|
|
- SwiftReplicas
|
|
deployment/time/ntp-baremetal-puppet.yaml:
|
|
parameters:
|
|
- NtpServer
|
|
# TODO(aschultz): hack to pull in this config transport, not sure it is
|
|
# still neded.
|
|
puppet/controller-role.yaml:
|
|
parameters:
|
|
- DnsServers
|
|
sample-env-generator/standalone.yaml:
|
|
parameters:
|
|
- StandaloneHostnameFormat
|
|
- StandaloneCount
|
|
- OvercloudStandaloneFlavor
|
|
sample_values:
|
|
StandaloneCount: 1
|
|
OvercloudStandaloneFlavor: standalone
|
|
SwiftReplicas: 1
|
|
resource_registry:
|
|
OS::TripleO::Standalone::Net::SoftwareConfig: ../../net-config-bridge.yaml
|
|
|
|
# Manage SELinux
|
|
OS::TripleO::Services::SELinux: ../../puppet/services/selinux.yaml
|
|
|
|
OS::TripleO::Services::OpenStackClients: ../../puppet/services/openstack-clients.yaml
|
|
|
|
# Disable non-openstack services that are enabled by default
|
|
OS::TripleO::Services::Kubernetes::Master: OS::Heat::None
|
|
OS::TripleO::Services::Kubernetes::Worker: OS::Heat::None
|
|
|
|
# Aodh
|
|
OS::TripleO::Services::AodhApi: OS::Heat::None
|
|
OS::TripleO::Services::AodhEvaluator: OS::Heat::None
|
|
OS::TripleO::Services::AodhEvaluator: OS::Heat::None
|
|
OS::TripleO::Services::AodhListener: OS::Heat::None
|
|
OS::TripleO::Services::AodhNotifier: OS::Heat::None
|
|
# Barbican
|
|
OS::TripleO::Services::BarbicanApi: OS::Heat::None
|
|
OS::TripleO::Services::BarbicanBackendDogtag: OS::Heat::None
|
|
OS::TripleO::Services::BarbicanBackendKmip: OS::Heat::None
|
|
OS::TripleO::Services::BarbicanBackendPkcs11Crypto: OS::Heat::None
|
|
OS::TripleO::Services::BarbicanBackendSimpleCrypto: OS::Heat::None
|
|
# Ceilometer
|
|
OS::TripleO::Services::CeilometerAgentCentral: OS::Heat::None
|
|
OS::TripleO::Services::CeilometerAgentNotification: OS::Heat::None
|
|
OS::TripleO::Services::ComputeCeilometerAgent: OS::Heat::None
|
|
# Congress
|
|
OS::TripleO::Services::Congress: OS::Heat::None
|
|
# Designate
|
|
OS::TripleO::Services::DesignateApi: OS::Heat::None
|
|
OS::TripleO::Services::DesignateCentral: OS::Heat::None
|
|
OS::TripleO::Services::DesignateMDNS: OS::Heat::None
|
|
OS::TripleO::Services::DesignateProducer: OS::Heat::None
|
|
OS::TripleO::Services::DesignateSink: OS::Heat::None
|
|
OS::TripleO::Services::DesignateWorker: OS::Heat::None
|
|
# Gnocchi
|
|
OS::TripleO::Services::GnocchiApi: OS::Heat::None
|
|
OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
|
|
OS::TripleO::Services::GnocchiStatsd: OS::Heat::None
|
|
# Heat
|
|
OS::TripleO::Services::HeatApi: OS::Heat::None
|
|
OS::TripleO::Services::HeatApiCfn: OS::Heat::None
|
|
OS::TripleO::Services::HeatApiCloudwatch: OS::Heat::None
|
|
OS::TripleO::Services::HeatEngine: OS::Heat::None
|
|
# Ironic
|
|
OS::TripleO::Services::IronicApi: OS::Heat::None
|
|
OS::TripleO::Services::IronicConductor: OS::Heat::None
|
|
OS::TripleO::Services::IronicInspector: OS::Heat::None
|
|
OS::TripleO::Services::IronicNeutronAgent: OS::Heat::None
|
|
OS::TripleO::Services::IronicPxe: OS::Heat::None
|
|
# Manila
|
|
OS::TripleO::Services::ManilaApi: OS::Heat::None
|
|
OS::TripleO::Services::ManilaBackendCephFs: OS::Heat::None
|
|
OS::TripleO::Services::ManilaBackendIsilon: OS::Heat::None
|
|
OS::TripleO::Services::ManilaBackendNetapp: OS::Heat::None
|
|
OS::TripleO::Services::ManilaBackendUnity: OS::Heat::None
|
|
OS::TripleO::Services::ManilaBackendVMAX: OS::Heat::None
|
|
OS::TripleO::Services::ManilaBackendVNX: OS::Heat::None
|
|
OS::TripleO::Services::ManilaScheduler: OS::Heat::None
|
|
OS::TripleO::Services::ManilaShare: OS::Heat::None
|
|
# Mistral
|
|
OS::TripleO::Services::MistralApi: OS::Heat::None
|
|
OS::TripleO::Services::MistralEngine: OS::Heat::None
|
|
OS::TripleO::Services::MistralEventEngine: OS::Heat::None
|
|
OS::TripleO::Services::MistralExecutor: OS::Heat::None
|
|
# Panko
|
|
OS::TripleO::Services::PankoApi: OS::Heat::None
|
|
# Sahara
|
|
OS::TripleO::Services::SaharaApi: OS::Heat::None
|
|
OS::TripleO::Services::SaharaEngine: OS::Heat::None
|
|
# Tacker
|
|
OS::TripleO::Services::Tacker: OS::Heat::None
|
|
# Zaqar
|
|
OS::TripleO::Services::Zaqar: OS::Heat::None
|
|
|
|
# NOTE(aschultz): So because these are dynamic based on the roles used, we
|
|
# do not currently define these in any heat files. So we're defining them here
|
|
# so that the sample env generator can still provide these configuration items
|
|
# in the generated config files.
|
|
parameters:
|
|
# Dynamic vars based on roles
|
|
StandaloneCount:
|
|
default: 0
|
|
description: Number of Standalone nodes
|
|
type: number
|
|
StandaloneHostnameFormat:
|
|
type: string
|
|
description: >
|
|
Format for Standalone node hostnames
|
|
Note %index% is translated into the index of the node, e.g 0/1/2 etc
|
|
and %stackname% is replaced with the stack name e.g overcloud
|
|
default: "%stackname%-standalone-%index%"
|
|
OvercloudStandaloneFlavor:
|
|
default: standalone
|
|
description: Name of the flavor for Standalone nodes
|
|
type: string
|
|
AddVipsToEtcHosts:
|
|
default: false
|
|
description: >
|
|
Set to true to append per network Vips to /etc/hosts on each node.
|
|
type: string
|