tripleo-heat-templates/capabilities-map.yaml
Yolanda Robla ee9c789b23 Enable keystone cadf notifications
It will allow to configure keystone event notifications
using CADF, as documented on:
https://docs.openstack.org/developer/keystone/event_notifications.html

CADF events provide auditing capabilities for compliance with
security.

Change-Id: Id16b264c295b9e3adbf960366ff8328ba8dcd485
2017-03-06 18:10:55 +01:00

590 lines
24 KiB
YAML

# This file holds metadata about the capabilities of the tripleo-heat-templates
# repository for deployment using puppet. It groups configuration by topic,
# describes possible combinations of environments and resource capabilities.
# root_template: identifies repository's root template
# root_environment: identifies root_environment, this one is special in terms of
# order in which the environments are merged before deploying. This one serves as
# a base and it's parameters/resource_registry gets overridden by other environments
# if used.
# topics:
# High Level grouping by purpose of environments
# Attributes:
# title: (required)
# description: (optional)
# environment_groups: (required)
# environment_groups:
# Identifies an environment choice. If group includes multiple environments it
# indicates that environments in group are mutually exclusive.
# Attributes:
# title: (optional)
# description: (optional)
# tags: a list of tags to provide additional information for e.g. filtering (optional)
# environments: (required)
# environments:
# List of environments in environment group
# Attributes:
# file: a file name including path within repository (required)
# title: (required)
# description: (optional)
# requires: an array of environments which are required by this environment (optional)
# resource_registry: [tbd] (optional)
# resource_registry:
# [tbd] Each environment can provide options on resource_registry level applicable
# only when that given environment is used. (resource_type of that environment can
# be implemented using multiple templates).
root_template: overcloud.yaml
root_environment: overcloud-resource-registry-puppet.yaml
topics:
- title: Base Resources Configuration
description:
environment_groups:
- title:
description: Enable base configuration for all resources required for OpenStack Deployment
environments:
- file: overcloud-resource-registry-puppet.yaml
title: Base resources configuration
description:
- title: Deployment Options
description:
environment_groups:
- title: High Availability
description: Enables configuration of an Overcloud controller with Pacemaker
environments:
- file: environments/puppet-pacemaker.yaml
title: Pacemaker
description: Enable configuration of an Overcloud controller with Pacemaker
requires:
- overcloud-resource-registry-puppet.yaml
- title: Pacemaker options
description:
environments:
- file: environments/puppet-pacemaker-no-restart.yaml
title: Pacemaker No Restart
description:
requires:
- environments/puppet-pacemaker.yaml
- overcloud-resource-registry-puppet.yaml
- title: Docker RDO
description: >
Docker container with heat agents for containerized compute node
environments:
- file: environments/docker.yaml
title: Docker RDO
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Enable TLS
description: >
environments:
- file: environments/enable-tls.yaml
title: TLS
description: >
Use this option to pass in certificates for SSL deployments.
For these values to take effect, one of the TLS endpoints
environments must also be used.
requires:
- overcloud-resource-registry-puppet.yaml
- title: TLS Endpoints
description: >
environments:
- file: environments/tls-endpoints-public-dns.yaml
title: SSL-enabled deployment with DNS name as public endpoint
description: >
Use this environment when deploying an SSL-enabled overcloud where the public
endpoint is a DNS name.
requires:
- environments/enable-tls.yaml
- overcloud-resource-registry-puppet.yaml
- file: environments/tls-endpoints-public-ip.yaml
title: SSL-enabled deployment with IP address as public endpoint
description: >
Use this environment when deploying an SSL-enabled overcloud where the public
endpoint is an IP address.
requires:
- environments/enable-tls.yaml
- overcloud-resource-registry-puppet.yaml
- title: External load balancer
description: >
Enable external load balancer
environments:
- file: environments/external-loadbalancer-vip-v6.yaml
title: External load balancer IPv6
description: >
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/external-loadbalancer-vip.yaml
title: External load balancer IPv4
description: >
requires:
- overcloud-resource-registry-puppet.yaml
- title: Additional Services
description: Deploy additional Overcloud services
environment_groups:
- title: Manila
description:
environments:
- file: environments/manila-generic-config.yaml
title: Manila
description: Enable Manila generic driver backend
requires:
- overcloud-resource-registry-puppet.yaml
- title: Sahara
description:
environments:
- file: environments/services/sahara.yaml
title: Sahara
description: Deploy Sahara service
requires:
- overcloud-resource-registry-puppet.yaml
- title: Ironic
description:
environments:
- file: environments/services/ironic.yaml
title: Ironic
description: Deploy Ironic service
requires:
- overcloud-resource-registry-puppet.yaml
- title: Mistral
description:
environments:
- file: environments/services/mistral.yaml
title: Mistral
description: Deploy Mistral service
requires:
- overcloud-resource-registry-puppet.yaml
- title: Ceilometer Api
description:
environments:
- file: environments/services/disable-ceilometer-api.yaml
title: Ceilometer Api
description: Disable Ceilometer Api service. This service is
deprecated and will be removed in future releases. Please move
to using gnocchi/aodh/panko apis instead.
requires:
- overcloud-resource-registry-puppet.yaml
# - title: Network Interface Configuration
# description:
# environment_groups:
- title: Overlay Network Configuration
description:
environment_groups:
- title: Network Isolation
description:
environments:
- file: environments/network-isolation.yaml
title: Network Isolation
description: >
Enable the creation of Neutron networks for
isolated Overcloud traffic and configure each role to assign ports
(related to that role) on these networks.
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/network-isolation-v6.yaml
title: Network Isolation IPv6
description: >
Enable the creation of IPv6 Neutron networks for isolated Overcloud
traffic and configure each role to assign ports (related
to that role) on these networks.
requires:
- overcloud-resource-registry-puppet.yaml
- title: Single NIC or Bonding
description: >
Configure roles to use pair of bonded nics or to use Vlans on a
single nic. This option assumes use of Network Isolation.
environments:
- file: environments/net-bond-with-vlans.yaml
title: Bond with Vlans
description: >
Configure each role to use a pair of bonded nics (nic2 and
nic3) and configures an IP address on each relevant isolated network
for each role. This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- overcloud-resource-registry-puppet.yaml
- file: environments/net-bond-with-vlans-no-external.yaml
title: Bond with Vlans No External Ports
description: >
Configure each role to use a pair of bonded nics (nic2 and
nic3) and configures an IP address on each relevant isolated network
for each role. This option assumes use of Network Isolation.
Sets external ports to noop.
requires:
- environments/network-isolation.yaml
- overcloud-resource-registry-puppet.yaml
- file: environments/net-bond-with-vlans-v6.yaml
title: Bond with Vlans IPv6
description: >
Configure each role to use a pair of bonded nics (nic2 and
nic3) and configures an IP address on each relevant isolated network
for each role, with IPv6 on the External network.
This option assumes use of Network Isolation IPv6.
requires:
- environments/network-isolation-v6.yaml
- overcloud-resource-registry-puppet.yaml
- file: environments/net-multiple-nics.yaml
title: Multiple NICs
description: >
Configures each role to use a separate NIC for
each isolated network.
This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- overcloud-resource-registry-puppet.yaml
- file: environments/net-multiple-nics-v6.yaml
title: Multiple NICs IPv6
description: >
Configure each role to use a separate NIC for
each isolated network with IPv6 on the External network.
This option assumes use of Network Isolation IPv6.
requires:
- environments/network-isolation-v6.yaml
- overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-with-vlans.yaml
title: Single NIC with Vlans
description: >
Configure each role to use Vlans on a single NIC for
each isolated network. This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-with-vlans-no-external.yaml
title: Single NIC with Vlans No External Ports
description: >
Configure each role to use Vlans on a single NIC for
each isolated network. This option assumes use of Network Isolation.
Sets external ports to noop.
requires:
- environments/network-isolation.yaml
- overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-linux-bridge-with-vlans.yaml
title: Single NIC with Linux Bridge Vlans
description: >
Configure each role to use Vlans on a single NIC for
each isolated network. This option assumes use of Network Isolation.
requires:
- environments/network-isolation.yaml
- overcloud-resource-registry-puppet.yaml
- file: environments/net-single-nic-with-vlans-v6.yaml
title: Single NIC with Vlans IPv6
description: >
Configures each role to use Vlans on a single NIC for
each isolated network with IPv6 on the External network.
This option assumes use of Network Isolation IPv6
requires:
- environments/network-isolation-v6.yaml
- overcloud-resource-registry-puppet.yaml
- title: Management Network
description: >
Enable the creation of a system management network. This
creates a Neutron network for isolated Overcloud
system management traffic and configures each role to
assign a port (related to that role) on that network.
environments:
- file: environments/network-management.yaml
title: Management Network
description:
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/network-management-v6.yaml
title: Management Network IPv6
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Neutron Plugin Configuration
description:
environment_groups:
- title: Neutron Plugins
description: >
Enable various Neutron plugins and backends
environments:
- file: environments/neutron-ml2-bigswitch.yaml
title: BigSwitch Extensions
description: >
Enable Big Switch extensions, configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-ml2-cisco-n1kv.yaml
title: Cisco N1KV backend
description: >
Enable a Cisco N1KV backend, configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-ml2-cisco-nexus-ucsm.yaml
title: Cisco Neutron plugin
description:
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-midonet.yaml
title: Deploy MidoNet Services
description:
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-nuage-config.yaml
title: Neutron Nuage backend
description: Enables Neutron Nuage backend on the controller
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-opendaylight.yaml
title: OpenDaylight
description: Enables OpenDaylight
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-ovs-dpdk.yaml
title: DPDK with OVS
description: Deploy DPDK with OVS
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-ovs-dvr.yaml
title: DVR
description: Enables DVR in the Overcloud
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-plumgrid.yaml
title: PLUMgrid extensions
description: Enables PLUMgrid extensions
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-ml2-fujitsu-cfab.yaml
title: Fujitsu Neutron plugin for C-Fabric
description: Enable C-Fabric in the overcloud
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/neutron-ml2-fujitsu-fossw.yaml
title: Fujitsu Neutron plugin for FOS
description: Enable FOS in the overcloud
requires:
- overcloud-resource-registry-puppet.yaml
- title: Nova Extensions
description:
environment_groups:
- title: Nova Extensions
description:
environments:
- file: environments/nova-nuage-config.yaml
title: Nuage backend
description: >
Enables Nuage backend on the Compute
requires:
- overcloud-resource-registry-puppet.yaml
- title: Storage
description:
environment_groups:
- title: Cinder backup service
description:
environments:
- file: environments/cinder-backup.yaml
title: Cinder backup service
description: >
OpenStack Cinder Backup service with Pacemaker configured
with Puppet
requires:
- environments/puppet-pacemaker.yaml
- overcloud-resource-registry-puppet.yaml
- title: Cinder backend
description: >
Enable various Cinder backends
environments:
- file: environments/cinder-netapp-config.yaml
title: Cinder NetApp backend
description:
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-dellsc-config.yaml
title: Cinder Dell EMC Storage Center ISCSI backend
description: >
Enables a Cinder Dell EMC Storage Center ISCSI backend,
configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-hpelefthand-config.yaml
title: Cinder HPELeftHandISCSI backend
description: >
Enables a Cinder HPELeftHandISCSI backend, configured
via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-dellps-config.yaml
title: Cinder Dell EMC PS Series backend
description: >
Enables a Cinder Dell EMC PS Series backend,
configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/cinder-iser.yaml
title: Cinder iSER backend
description: >
Enable a Cinder iSER RDMA backend, configured via puppet
- file: environments/cinder-scaleio-config.yaml
title: Cinder Dell EMC ScaleIO backend
description: >
Enables a Cinder Dell EMC ScaleIO backend,
configured via puppet
requires:
- overcloud-resource-registry-puppet.yaml
- title: Ceph
description: >
Enable the use of Ceph in the overcloud
environments:
- file: environments/puppet-ceph-external.yaml
title: Externally managed Ceph
description: >
Configures the overcloud to use an externally managed Ceph cluster, via RBD driver.
requires:
- overcloud-resource-registry-puppet.yaml
- file: environments/puppet-ceph.yaml
title: TripleO managed Ceph
description: >
Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or
use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is
colocated with NovaCompute and configures the overcloud to use it, via RBD driver.
requires:
- overcloud-resource-registry-puppet.yaml
- title: CephMDS
description: >
Deploys CephMDS via TripleO, an additional Ceph service needed to create shared
filesystems hosted in Ceph.
environments:
- file: environments/services/ceph-mds.yaml
title: Deploys CephMDS
description:
requires:
- environments/puppet-ceph.yaml
- title: Ceph Rados Gateway
description: >
Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API
which stores data in the Ceph cluster.
environments:
- file: environments/ceph-radosgw.yaml
title: Deploys CephRGW
description:
requires:
- environments/puppet-ceph.yaml
- title: Manila with CephFS
description: >
Deploys Manila and configures it with the CephFS driver. This requires the deployment of
Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud.
environments:
- file: environments/manila-cephfsnative-config.yaml
title: Deploys Manila with CephFS driver
description: Deploys Manila and configures CephFS as its default backend.
requires:
- overcloud-resource-registry-puppet.yaml
- title: Storage Environment
description: >
Can be used to set up storage backends. Defaults to Ceph used as a
backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It
configures which services will use Ceph, or if any of the services
will use NFS. And more. Usually requires to be edited by user first.
tags:
- no-gui
environments:
- file: environments/storage-environment.yaml
title: Storage Environment
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Utilities
description:
environment_groups:
- title: Config Debug
description: Enable config management (e.g. Puppet) debugging
environments:
- file: environments/config-debug.yaml
title: Config Debug
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Disable journal in MongoDb
description: >
Since, when journaling is enabled, MongoDb will create big journal
file it can take time. In a CI environment for example journaling is
not necessary.
environments:
- file: environments/mongodb-nojournal.yaml
title: Disable journal in MongoDb
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Overcloud Steps
description: >
Specifies hooks/breakpoints where overcloud deployment should stop
Allows operator validation between steps, and/or more granular control.
Note: the wildcards relate to naming convention for some resource suffixes,
e.g see puppet/*-post.yaml, enabling this will mean we wait for
a user signal on every *Deployment_StepN resource defined in those files.
tags:
- no-gui
environments:
- file: environments/overcloud-steps.yaml
title: Overcloud Steps
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Operational Tools
description:
environment_groups:
- title: Monitoring agents
description: Enable monitoring agents
environments:
- file: environments/monitoring-environment.yaml
title: enable monitoring agents
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Centralized logging support
description: Enable centralized logging clients (fluentd)
environments:
- file: environments/logging-environment.yaml
title: Enable fluentd client
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Security Options
description: Security Hardening Options
environment_groups:
- title: SSH Banner Text
description: Enables population of SSH Banner Text
environments:
- file: environments/sshd-banner.yaml
title: SSH Banner Text
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Horizon Password Validation
description: Enable Horizon Password validation
environments:
- file: environments/horizon_password_validation.yaml
title: Horizon Password Validation
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: AuditD Rules
description: Management of AuditD rules
environments:
- file: environments/auditd.yaml
title: AuditD Rule Management
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Keystone CADF auditing
description: Enable CADF notifications in Keystone for auditing
environments:
- file: environments/cadf.yaml
title: Keystone CADF auditing