tripleo-heat-templates/environments/undercloud.yaml
ramishra 59e4788ab9 Don't create/configure swift_temp_url_key
Now that we've disabled swift on the undercloud by default, there
is no need to create and configure Temp-Url-Key.

Enable it when enabling nova, as it's required by ironic.

Change-Id: I5a0743ef9ef1d5ab63e87bce2d47c1999974a0e7
2021-04-23 08:12:19 +05:30

185 lines
8.7 KiB
YAML

resource_registry:
OS::TripleO::Services::Tmpwatch: ../deployment/logrotate/tmpwatch-install.yaml
OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml
OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/undercloud_post.yaml
OS::TripleO::Services::DockerRegistry: ../deployment/image-serve/image-serve-baremetal-ansible.yaml
OS::TripleO::Services::ContainerImagePrepare: ../deployment/container-image-prepare/container-image-prepare-baremetal-ansible.yaml
# Allows us to control the external VIP for Undercloud SSL
OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_from_pool.yaml
OS::TripleO::Services::ComputeNeutronOvsAgent: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml
OS::TripleO::Services::NeutronOvsAgent: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../deployment/neutron/neutron-dhcp-container-puppet.yaml
OS::TripleO::Services::NeutronL3Agent: ../deployment/neutron/neutron-l3-container-puppet.yaml
OS::TripleO::Services::NeutronCorePlugin: ../deployment/neutron/neutron-plugin-ml2-container-puppet.yaml
OS::TripleO::Services::NeutronMl2PluginBase: ../deployment/neutron/neutron-plugin-ml2.yaml
OS::TripleO::Services::OpenStackClients: ../deployment/clients/openstack-clients-baremetal-ansible.yaml
# services we disable by default on the undercloud
OS::TripleO::Services::AodhApi: OS::Heat::None
OS::TripleO::Services::AodhEvaluator: OS::Heat::None
OS::TripleO::Services::AodhNotifier: OS::Heat::None
OS::TripleO::Services::AodhListener: OS::Heat::None
OS::TripleO::Services::CeilometerAgentCentral: OS::Heat::None
OS::TripleO::Services::CeilometerAgentNotification: OS::Heat::None
OS::TripleO::Services::CeilometerAgentIpmi: OS::Heat::None
OS::TripleO::Services::GnocchiApi: OS::Heat::None
OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
OS::TripleO::Services::GnocchiStatsd: OS::Heat::None
OS::TripleO::Services::Rear: OS::Heat::None
OS::TripleO::Services::Redis: OS::Heat::None
OS::TripleO::Services::CinderApi: OS::Heat::None
OS::TripleO::Services::CinderScheduler: OS::Heat::None
OS::TripleO::Services::CinderVolume: OS::Heat::None
OS::TripleO::Services::HeatApiCfn: OS::Heat::None
OS::TripleO::Services::NovaApi: OS::Heat::None
OS::TripleO::Services::NovaConductor: OS::Heat::None
OS::TripleO::Services::NovaIronic: OS::Heat::None
OS::TripleO::Services::NovaMetadata: OS::Heat::None
OS::TripleO::Services::NovaScheduler: OS::Heat::None
OS::TripleO::Services::PlacementApi: OS::Heat::None
OS::TripleO::Services::Logging::PlacementApi: OS::Heat::None
OS::TripleO::Services::GlanceApi: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::SwiftProxy: OS::Heat::None
OS::TripleO::Services::SwiftStorage: OS::Heat::None
OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
# Services we don't ever want configured. See LP#1824030
OS::TripleO::Services::Pacemaker: OS::Heat::None
OS::TripleO::Services::PacemakerRemote: OS::Heat::None
OS::TripleO::Services::Clustercheck: OS::Heat::None
# Ensure non-pacemaker versions. See LP#1824030
# CinderVolume is set to None above and OVNdbs is currently not in the list in role_data_undercloud.yaml so
# avoiding that as well until the UC switches to OVN
OS::TripleO::Services::MySQL: ../deployment/database/mysql-container-puppet.yaml
OS::TripleO::Services::OsloMessagingRpc: ../deployment/rabbitmq/rabbitmq-messaging-rpc-container-puppet.yaml
OS::TripleO::Services::OsloMessagingNotify: ../deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml
# Enable Podman on the Undercloud.
# This line will drop in Stein when it becomes the default.
OS::TripleO::Services::Podman: ../deployment/podman/podman-baremetal-ansible.yaml
# https://bugs.launchpad.net/tripleo/+bug/1850562
OS::TripleO::Services::Rsyslog: ../deployment/logging/rsyslog-baremetal-ansible.yaml
# Undercloud HA services
OS::TripleO::Services::HAproxy: OS::Heat::None
# Don't create OVN Chassis MAC address nets/ports on the undercloud
OS::TripleO::OVNMacAddressNetwork: OS::Heat::None
OS::TripleO::OVNMacAddressPort: OS::Heat::None
parameter_defaults:
# ensure we enable ip_forward before docker gets run
KernelIpForward: 1
KernelIpNonLocalBind: 1
KeystoneCorsAllowedOrigin: '*'
KeystoneEnableMember: true
# Increase the Token expiration time until we fix the actual session bug:
# https://bugs.launchpad.net/tripleo/+bug/1761050
TokenExpiration: 14400
EnablePackageInstall: true
StackAction: CREATE
NeutronTunnelTypes: []
NeutronBridgeMappings: ctlplane:br-ctlplane
NeutronAgentExtensions: []
NeutronFlatNetworks: '*'
HeatConvergenceEngine: true
HeatCorsAllowedOrigin: '*'
HeatMaxNestedStackDepth: 7
HeatMaxResourcesPerStack: -1
HeatMaxJsonBodySize: 4194304
HeatReauthenticationAuthMethod: 'trusts'
HeatYaqlLimitIterators: 10000
HeatYaqlMemoryQuota: 200000
# Disable non-lifecycle stack actions like
# snapshot, resume, cancel update and stack check.
HeatApiPolicies:
heat-deny-action:
key: 'actions:action'
value: 'rule:deny_everybody'
IronicCleaningDiskErase: 'metadata'
IronicCorsAllowedOrigin: '*'
IronicDefaultInspectInterface: 'inspector'
IronicDefaultResourceClass: 'baremetal'
IronicEnabledHardwareTypes: ['ipmi', 'redfish', 'idrac', 'ilo']
IronicEnabledBootInterfaces: ['pxe', 'ilo-pxe']
IronicEnabledConsoleInterfaces: ['ipmitool-socat', 'ilo', 'no-console']
IronicEnabledDeployInterfaces: ['direct', 'ansible']
IronicEnabledInspectInterfaces: ['inspector', 'no-inspect']
IronicEnabledManagementInterfaces: ['ipmitool', 'redfish', 'idrac', 'ilo']
# NOTE(dtantsur): disabling advanced networking as it's not used (or
# configured) in the undercloud
IronicEnabledNetworkInterfaces: ['flat']
IronicEnabledPowerInterfaces: ['ipmitool', 'redfish', 'idrac', 'ilo']
# NOTE(dtantsur): disabling the "agent" RAID as our ramdisk does not contain
# any vendor-specific RAID additions.
IronicEnabledRaidInterfaces: ['no-raid']
# NOTE(dtantsur): we don't use boot-from-cinder on the undercloud
IronicEnabledStorageInterfaces: ['noop']
IronicEnabledVendorInterfaces: ['ipmitool', 'idrac', 'no-vendor']
IronicEnableStagingDrivers: true
IronicCleaningNetwork: 'ctlplane'
IronicForcePowerStateDuringSync: false
# NOTE(dtantsur): remove if/when swift is removed from the undercloud.
IronicImageDownloadSource: swift
IronicInspectorCollectors: default,extra-hardware,numa-topology,logs
IronicInspectorInterface: br-ctlplane
# IronicInspectorSubnets:
# - ip_range: '192.168.24.100,192.168.24.200'
IronicInspectorUseSwift: false
IronicInspectorStorageBackend: 'database'
IronicConfigureSwiftTempUrlKey: false
IronicProvisioningNetwork: 'ctlplane'
IronicRescuingNetwork: 'ctlplane'
NeutronServicePlugins: router,segments
NeutronMechanismDrivers: ['openvswitch', 'baremetal']
NeutronNetworkVLANRanges: 'physnet1:1000:2999'
NeutronPluginExtensions: port_security,dns_domain_ports
NeutronOVSFirewallDriver: ''
NeutronNetworkType: ['local','flat','vlan','gre','vxlan']
NeutronTunnelIdRanges: '20:100'
NeutronTypeDrivers: ['local','flat','vlan','gre','vxlan']
NeutronVniRanges: '10:100'
NeutronEnableDVR: false
NeutronPortQuota: '-1'
# This allows MTU > 1500 for the overcloud if local_mtu is set to 1500
# See LP#1826729
TenantNetPhysnetMtu: 0
# A list of static routes for the control plane network. Ensure traffic to
# nodes on remote control plane networks use the correct network path.
# Example:
# ControlPlaneStaticRoutes:
# - ip_netmask: 192.168.25.0/24
# next_hop: 192.168.24.1
# - ip_netmask: 192.168.26.0/24
# next_hop: 192.168.24.1
ControlPlaneStaticRoutes: []
# A dictionary of Undercloud ctlplane subnets.
# NOTE(hjensas): This should be {} in this environment file, otherwise it may
# results in values set here being merged with the values set in
# undercloud.conf. See Bug: https://bugs.launchpad.net/tripleo/+bug/1820330
# Example:
# UndercloudCtlplaneSubnets:
# ctlplane-subnet:
# NetworkCidr: '192.168.24.0/24'
# NetworkGateway: '192.168.24.1'
# DhcpRangeStart: '192.168.24.5'
# DhcpRangeEnd: '192.168.24.24'
# HostRoutes:
# - {'destination': '10.10.10.0/24', 'nexthop': '192.168.24.254'}
UndercloudCtlplaneSubnets: {}
UndercloudCtlplaneLocalSubnet: 'ctlplane-subnet'
UndercloudNetworkConfigTemplate: 'templates/undercloud.j2'
PasswordAuthentication: 'yes'
HeatEngineOptVolumes:
- /usr/lib/heat:/usr/lib/heat:ro
MySQLServerOptions:
mysqld:
connect_timeout: 60
SshFirewallAllowAll: true
NetworkSafeDefaults: false