tripleo-heat-templates/overcloud-resource-registry-puppet.j2.yaml
Takashi Kajinami b6b38bce0f Use deployed server by default
This is the prep-work to drop the deployed-server-environment.yaml and
makes sure the deployed server is used by default.

Note that this change also makes the ControlPlanePort resource type
default to the deployed neutron port, because the port should be
pre-provisioned as part of baremetal node deployment process.

Change-Id: I03500eb2b4a6302f35aa71ae2f81bfd0c0bf064f
2022-10-20 12:50:44 +09:00

518 lines
30 KiB
YAML

{% set _service_nets = {} %}
{% for network in networks if network.enabled|default(true) %}
{% if network.service_net_map_replace is defined %}
{% set _ = _service_nets.update({network.service_net_map_replace:network.name_lower}) %}
{% else %}
{% set _ = _service_nets.update({network.name_lower:network.name_lower}) %}
{% endif %}
{% endfor %}
resource_registry:
OS::Heat::SoftwareDeployment: config-download-software.yaml
OS::Heat::StructuredDeployment: config-download-structured.yaml
OS::TripleO::PostDeploySteps: common/post.yaml
OS::TripleO::AllNodesDeployment: OS::Heat::None
OS::TripleO::DefaultPasswords: OS::Heat::None
OS::TripleO::RandomString: OS::Heat::None
{% for role in roles %}
OS::TripleO::{{role.name}}::PreNetworkConfig: OS::Heat::None
OS::TripleO::{{role.name}}PostDeploySteps: common/post.yaml
OS::TripleO::{{role.name}}: puppet/{{role.name.lower()}}-role.yaml
OS::TripleO::Tasks::{{role.name}}PreConfig: OS::Heat::None
OS::TripleO::Tasks::{{role.name}}PostConfig: OS::Heat::None
OS::TripleO::{{role.name}}ExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml
# Port assignments for the {{role.name}} role
{%- for network in networks if network.enabled|default(true) and network.name in role.networks|default([]) %}
OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: network/ports/noop.yaml
{%- endfor %}
{% endfor %}
{% for role in roles %}
OS::TripleO::{{role.name}}ServiceServerMetadataHook: OS::Heat::None
{%- endfor %}
OS::TripleO::Server: deployed-server/deployed-server.yaml
OS::TripleO::DeployedServer::ControlPlanePort: deployed-server/deployed-neutron-port.yaml
{% for role in roles %}
OS::TripleO::{{role.name}}Server: OS::TripleO::Server
{% endfor %}
# Hooks for operator extra config
# ControllerExtraConfigPre == Controller configuration pre service deployment
# NodeExtraConfig == All nodes configuration pre service deployment
# NodeExtraConfigPost == All nodes configuration post service deployment
OS::TripleO::NodeTLSCAData: OS::Heat::None
OS::TripleO::NodeTLSData: OS::Heat::None
OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml
OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml
# "AllNodes" Extra cluster config, runs on all nodes prior to the post_deploy
# phase, e.g when puppet is applied, but after the pre_deploy phase. Useful when
# configuration with knowledge of all nodes in the cluster is required vs single
# node configuration in the pre_deploy step.
# See extraconfig/all_nodes/* for examples
OS::TripleO::AllNodesExtraConfig: OS::Heat::None
# TripleO overcloud networks
OS::TripleO::Network: network/networks.yaml
{%- for network in networks if network.enabled|default(true) %}
OS::TripleO::Network::{{network.name}}: OS::Heat::None
{%- endfor %}
OS::TripleO::Network::ExtraConfig: OS::Heat::None
OS::TripleO::Network::Ports::NetVipMap: network/ports/net_ip_map.yaml
OS::TripleO::Network::Ports::NetIpMap: network/ports/net_ip_map.yaml
OS::TripleO::Network::Ports::NetIpListMap: network/ports/net_ip_list_map.yaml
OS::TripleO::Network::Ports::RedisVipPort: OS::Heat::None
OS::TripleO::Network::Ports::OVNDBsVipPort: OS::Heat::None
# Port assignments for the VIPs
{%- for network in networks if network.vip|default(false) and network.enabled|default(true) %}
OS::TripleO::Network::Ports::{{network.name}}VipPort: network/ports/noop.yaml
{%- endfor %}
OS::TripleO::Network::Ports::ControlPlaneVipPort: OS::Neutron::Port
# Service to network Mappings
OS::TripleO::ServiceNetMap: network/service_net_map.yaml
# Service Endpoint Mappings
OS::TripleO::EndpointMap: network/endpoints/endpoint_map.yaml
OS::TripleO::DeployedServerEnvironment: OS::Heat::None
OS::TripleO::DeploymentSteps: OS::Heat::None
OS::TripleO::WorkflowSteps: OS::Heat::None
# services
{%- for role in roles %}
OS::TripleO::{{role.name}}Services: common/services/{{role.name.lower()}}-role.yaml
{%- endfor %}
OS::TripleO::Services::Aide: OS::Heat::None
OS::TripleO::Services::Apache: deployment/apache/apache-baremetal-puppet.yaml
OS::TripleO::Services::CACerts: deployment/certs/ca-certs-baremetal-puppet.yaml
OS::TripleO::Services::CephMds: OS::Heat::None
OS::TripleO::Services::CephMgr: OS::Heat::None
OS::TripleO::Services::CephMon: OS::Heat::None
OS::TripleO::Services::CephRbdMirror: OS::Heat::None
OS::TripleO::Services::CephRgw: OS::Heat::None
OS::TripleO::Services::CephOSD: OS::Heat::None
OS::TripleO::Services::CephGrafana: OS::Heat::None
OS::TripleO::Services::CephClient: OS::Heat::None
OS::TripleO::Services::CephNfs: OS::Heat::None
OS::TripleO::Services::CephExternal: OS::Heat::None
OS::TripleO::Services::CephIngress: OS::Heat::None
OS::TripleO::Services::CinderApi: deployment/cinder/cinder-api-container-puppet.yaml
OS::TripleO::Services::CinderBackup: OS::Heat::None
# NFS Backend is still optional unless it is explicitly enabled, this is just a separate template.
# This is done in order to retain the legacy behavior, and avoid accidental problems when doing an update.
OS::TripleO::Services::CinderBackendNfs: deployment/cinder/cinder-backend-nfs-puppet.yaml
OS::TripleO::Services::CinderScheduler: deployment/cinder/cinder-scheduler-container-puppet.yaml
OS::TripleO::Services::CinderVolume: deployment/cinder/cinder-volume-pacemaker-puppet.yaml
# BlockStorageCinderVolume uses the non-pcmk cinder-volume template
OS::TripleO::Services::BlockStorageCinderVolume: deployment/cinder/cinder-volume-container-puppet.yaml
OS::TripleO::Services::Keystone: deployment/keystone/keystone-container-puppet.yaml
OS::TripleO::Services::GlanceApi: deployment/glance/glance-api-container-puppet.yaml
OS::TripleO::Services::HeatApi: deployment/heat/heat-api-container-puppet.yaml
OS::TripleO::Services::HeatApiCfn: deployment/heat/heat-api-cfn-container-puppet.yaml
OS::TripleO::Services::HeatEngine: deployment/heat/heat-engine-container-puppet.yaml
OS::TripleO::Services::HeatEphemeral: OS::Heat::None
OS::TripleO::Services::Kernel: deployment/kernel/kernel-baremetal-ansible.yaml
OS::TripleO::Services::MySQL: deployment/database/mysql-pacemaker-puppet.yaml
OS::TripleO::Services::NeutronBgpVpnApi: OS::Heat::None
OS::TripleO::Services::NeutronBgpVpnBagpipe: OS::Heat::None
OS::TripleO::Services::NeutronSfcApi: OS::Heat::None
OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
OS::TripleO::Services::NeutronL2gwApi: OS::Heat::None
OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::OVNMetadataAgent: deployment/ovn/ovn-metadata-container-puppet.yaml
OS::TripleO::Services::NeutronApi: deployment/neutron/neutron-api-container-puppet.yaml
OS::TripleO::Services::NeutronCorePlugin: deployment/neutron/neutron-plugin-ml2-container-puppet.yaml
# can be the same as NeutronCorePlugin but some vendors install different
# things where VMs run
OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
# Neutron Core Plugin Vendors (these typically override NeutronCorePlugin)
OS::TripleO::Services::NeutronCorePluginML2OVN: deployment/neutron/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::OVNDBs: deployment/ovn/ovn-dbs-cluster-ansible.yaml
OS::TripleO::Services::OVNController: deployment/ovn/ovn-controller-container-puppet.yaml
OS::TripleO::Services::OvsDpdkNetcontrold: OS::Heat::None
OS::TripleO::Services::NeutronCorePluginMLNXSDN: deployment/neutron/neutron-plugin-ml2-mlnx-sdn-assist-container-puppet.yaml
OS::TripleO::Services::NeutronCorePluginVTS: deployment/neutron/neutron-plugin-ml2-cisco-vts-container-puppet.yaml
OS::TripleO::Services::NeutronCorePluginML2Ansible: deployment/deprecated/neutron/neutron-plugin-ml2-ansible-container-puppet.yaml
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::NeutronLinuxbridgeAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsDpdk: OS::Heat::None
OS::TripleO::Services::Pacemaker: deployment/pacemaker/pacemaker-baremetal-puppet.yaml
OS::TripleO::Services::PacemakerRemote: deployment/pacemaker/pacemaker-remote-baremetal-puppet.yaml
OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None
OS::TripleO::Services::NeutronMlnxAgent: OS::Heat::None
OS::TripleO::Services::NeutronAgentsIBConfig: OS::Heat::None
OS::TripleO::Services::OsloMessagingRpc: deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml
OS::TripleO::Services::OsloMessagingNotify: deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml
OS::TripleO::Services::RabbitMQ: OS::Heat::None
OS::TripleO::Services::Qdr: OS::Heat::None
OS::TripleO::Services::HAproxy: deployment/haproxy/haproxy-pacemaker-puppet.yaml
OS::TripleO::Services::HAProxyPublicTLS: deployment/haproxy/haproxy-public-tls-inject.yaml
OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None
OS::TripleO::Services::Iscsid: deployment/iscsid/iscsid-container-puppet.yaml
OS::TripleO::Services::Memcached: deployment/memcached/memcached-container-puppet.yaml
OS::TripleO::Services::Tuned: deployment/tuned/tuned-baremetal-ansible.yaml
OS::TripleO::Services::Securetty: OS::Heat::None
# TODO(aschultz): Remove this in U as we switched to a task in the deploy
OS::TripleO::Services::SELinux: OS::Heat::None
OS::TripleO::Services::Sshd: deployment/sshd/sshd-baremetal-ansible.yaml
OS::TripleO::Services::Redis: OS::Heat::None
OS::TripleO::Services::NovaApi: deployment/nova/nova-api-container-puppet.yaml
OS::TripleO::Services::NovaCompute: deployment/nova/nova-compute-container-puppet.yaml
OS::TripleO::Services::NovaConductor: deployment/nova/nova-conductor-container-puppet.yaml
OS::TripleO::Services::NovaLibvirt: deployment/nova/nova-modular-libvirt-container-puppet.yaml
OS::TripleO::Services::NovaLibvirtGuests: deployment/nova/nova-libvirt-guests-container-puppet.yaml
OS::TripleO::Services::NovaManager: deployment/nova/nova-manager-container-puppet.yaml
OS::TripleO::Services::NovaMetadata: deployment/nova/nova-metadata-container-puppet.yaml
OS::TripleO::Services::NovaMigrationTarget: deployment/nova/nova-migration-target-container-puppet.yaml
OS::TripleO::Services::PlacementApi: deployment/placement/placement-api-container-puppet.yaml
OS::TripleO::Services::NovaScheduler: deployment/nova/nova-scheduler-container-puppet.yaml
OS::TripleO::Services::NovaVncProxy: deployment/nova/nova-vnc-proxy-container-puppet.yaml
OS::TripleO::Services::NovaAZConfig: OS::Heat::None
OS::TripleO::Services::ContainersLogrotateCrond: deployment/logrotate/logrotate-crond-container-puppet.yaml
OS::TripleO::Services::SwiftProxy: deployment/swift/swift-proxy-container-puppet.yaml
OS::TripleO::Services::SwiftDispersion: OS::Heat::None
OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None
OS::TripleO::Services::SwiftStorage: deployment/swift/swift-storage-container-puppet.yaml
OS::TripleO::Services::SwiftRingBuilder: deployment/swift/swift-ringbuilder-container-puppet.yaml
OS::TripleO::Services::Snmp: deployment/snmp/snmp-baremetal-puppet.yaml
OS::TripleO::Services::Timezone: deployment/time/timezone-baremetal-ansible.yaml
OS::TripleO::Services::UndercloudRemoveNovajoin: OS::Heat::None
OS::TripleO::Services::UndercloudTLS: OS::Heat::None
OS::TripleO::Services::CeilometerAgentCentral: OS::Heat::None
OS::TripleO::Services::CeilometerAgentIpmi: OS::Heat::None
OS::TripleO::Services::CeilometerAgentNotification: OS::Heat::None
OS::TripleO::Services::ComputeCeilometerAgent: OS::Heat::None
OS::TripleO::Services::Horizon: deployment/horizon/horizon-container-puppet.yaml
#Gnocchi services
OS::TripleO::Services::GnocchiApi: OS::Heat::None
OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
OS::TripleO::Services::GnocchiStatsd: OS::Heat::None
# Time sync services
OS::TripleO::Services::Chrony: deployment/timesync/chrony-baremetal-ansible.yaml
OS::TripleO::Services::Ptp: OS::Heat::None
OS::TripleO::Services::Timesync: OS::TripleO::Services::Chrony
OS::TripleO::Services::TimeMaster: deployment/timemaster/timemaster-baremetal-ansible.yaml
# Services that are disabled by default (use relevant environment files):
OS::TripleO::Services::IpaClient: OS::Heat::None
OS::TripleO::Services::Ipsec: OS::Heat::None
OS::TripleO::Services::Rhsm: OS::Heat::None
OS::TripleO::Services::MasqueradeNetworks: OS::Heat::None
OS::TripleO::Services::TripleoValidations: OS::Heat::None
OS::TripleO::Services::UndercloudUpgrade: OS::Heat::None
OS::TripleO::Services::Collectd: OS::Heat::None
OS::TripleO::Services::ManilaApi: OS::Heat::None
OS::TripleO::Services::ManilaScheduler: OS::Heat::None
OS::TripleO::Services::ManilaShare: OS::Heat::None
OS::TripleO::Services::ManilaBackendFlashBlade: OS::Heat::None
OS::TripleO::Services::ManilaBackendIsilon: OS::Heat::None
OS::TripleO::Services::ManilaBackendNetapp: OS::Heat::None
OS::TripleO::Services::ManilaBackendPowerMax: OS::Heat::None
OS::TripleO::Services::ManilaBackendUnity: OS::Heat::None
OS::TripleO::Services::ManilaBackendVMAX: OS::Heat::None
OS::TripleO::Services::ManilaBackendCephFs: OS::Heat::None
OS::TripleO::Services::ManilaBackendVNX: OS::Heat::None
OS::TripleO::Services::ComputeNeutronL3Agent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::BarbicanApi: OS::Heat::None
OS::TripleO::Services::BarbicanBackendSimpleCrypto: OS::Heat::None
OS::TripleO::Services::BarbicanBackendDogtag: OS::Heat::None
OS::TripleO::Services::BarbicanBackendKmip: OS::Heat::None
OS::TripleO::Services::BarbicanBackendPkcs11Crypto: OS::Heat::None
OS::TripleO::Services::BarbicanClient: OS::Heat::None
OS::TripleO::Services::AodhApi: OS::Heat::None
OS::TripleO::Services::AodhEvaluator: OS::Heat::None
OS::TripleO::Services::AodhListener: OS::Heat::None
OS::TripleO::Services::AodhNotifier: OS::Heat::None
OS::TripleO::Services::MetricsQdr: OS::Heat::None
OS::TripleO::Services::IronicApi: OS::Heat::None
OS::TripleO::Services::IronicConductor: OS::Heat::None
OS::TripleO::Services::IronicInspector: OS::Heat::None
OS::TripleO::Services::IronicPxe: OS::Heat::None
OS::TripleO::Services::IronicNeutronAgent: OS::Heat::None
OS::TripleO::Services::NovaIronic: OS::Heat::None
OS::TripleO::Services::TripleoFirewall: deployment/tripleo-firewall/tripleo-firewall-baremetal-ansible.yaml
OS::TripleO::Services::TripleoPackages: deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml
OS::TripleO::Services::OpenStackClients: OS::Heat::None
OS::TripleO::Services::TLSProxyBase: OS::Heat::None
OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCSc: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCPowerFlex: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCPowermax: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCPowerStore: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCUnity: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCVNX: OS::Heat::None
OS::TripleO::Services::CinderBackendDellEMCXtremio: OS::Heat::None
OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None
OS::TripleO::Services::CinderBackendPure: OS::Heat::None
OS::TripleO::Services::CinderBackendNVMeOF: OS::Heat::None
OS::TripleO::Services::CinderVolumeEdge: OS::Heat::None
OS::TripleO::Services::Etcd: OS::Heat::None
OS::TripleO::Services::AuditD: OS::Heat::None
OS::TripleO::Services::OctaviaApi: OS::Heat::None
OS::TripleO::Services::OctaviaHealthManager: OS::Heat::None
OS::TripleO::Services::OctaviaHousekeeping: OS::Heat::None
OS::TripleO::Services::OctaviaWorker: OS::Heat::None
OS::TripleO::Services::OctaviaDeploymentConfig: OS::Heat::None
OS::TripleO::Services::MySQLClient: deployment/database/mysql-client.yaml
OS::TripleO::Services::Vpp: OS::Heat::None
OS::TripleO::Services::NeutronVppAgent: OS::Heat::None
OS::TripleO::Services::Podman: deployment/podman/podman-baremetal-ansible.yaml
OS::TripleO::Services::Docker: OS::Heat::None
OS::TripleO::Services::DockerRegistry: OS::Heat::None
OS::TripleO::Services::ContainerImagePrepare: deployment/container-image-prepare/container-image-prepare-baremetal-ansible.yaml
# TODO(xek): Remove this in Y as we switched to requesting certificates inside the relevant service's templates with ansible
OS::TripleO::Services::CertmongerUser: OS::Heat::None
OS::TripleO::Services::Clustercheck: deployment/pacemaker/clustercheck-container-puppet.yaml
OS::TripleO::Services::Rsyslog: OS::Heat::None
OS::TripleO::Services::RsyslogSidecar: OS::Heat::None
OS::TripleO::Services::LoginDefs: OS::Heat::None
OS::TripleO::Services::ComputeInstanceHA: OS::Heat::None
OS::TripleO::Services::DesignateApi: OS::Heat::None
OS::TripleO::Services::DesignateCentral: OS::Heat::None
OS::TripleO::Services::DesignateProducer: OS::Heat::None
OS::TripleO::Services::DesignateWorker: OS::Heat::None
OS::TripleO::Services::DesignateMDNS: OS::Heat::None
OS::TripleO::Services::DesignateSink: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
OS::TripleO::Services::NeutronMl2PluginBase: deployment/neutron/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::Multipathd: OS::Heat::None
OS::TripleO::Services::GlanceApiEdge: OS::Heat::None
OS::TripleO::Services::HAproxyEdge: OS::Heat::None
OS::TripleO::Services::Frr: OS::Heat::None
OS::TripleO::Services::Unbound: OS::Heat::None
# Logging
OS::TripleO::Services::Tmpwatch: deployment/logrotate/tmpwatch-install.yaml
OS::TripleO::Services::Logging::BarbicanApi: deployment/logging/files/barbican-api.yaml
OS::TripleO::Services::Logging::GlanceApi: deployment/logging/files/glance-api.yaml
OS::TripleO::Services::Logging::HAProxy: deployment/logging/files/haproxy.yaml
OS::TripleO::Services::Logging::HeatApi: deployment/logging/files/heat-api.yaml
OS::TripleO::Services::Logging::HeatApiCfn: deployment/logging/files/heat-api-cfn.yaml
OS::TripleO::Services::Logging::HeatEngine: deployment/logging/files/heat-engine.yaml
OS::TripleO::Services::Logging::Keystone: deployment/logging/files/keystone.yaml
OS::TripleO::Services::Logging::NeutronApi: deployment/logging/files/neutron-api.yaml
OS::TripleO::Services::Logging::NeutronCommon: deployment/logging/files/neutron-common.yaml
OS::TripleO::Services::Logging::NovaApi: deployment/logging/files/nova-api.yaml
OS::TripleO::Services::Logging::NovaMetadata: deployment/logging/files/nova-metadata.yaml
OS::TripleO::Services::Logging::NovaCommon: deployment/logging/files/nova-common.yaml
OS::TripleO::Services::Logging::NovaLibvirt: deployment/logging/files/nova-libvirt.yaml
OS::TripleO::Services::Logging::PlacementApi: deployment/logging/files/placement-api.yaml
# Tempest
OS::TripleO::Services::Tempest: OS::Heat::None
OS::TripleO::Services::BootParams: deployment/kernel/kernel-boot-params-baremetal-ansible.yaml
parameter_merge_strategies:
ServiceNetMap: merge
VipSubnetMap: merge
EndpointMap: merge
SshServerOptions: merge
ExtraConfig: merge
{% for role in roles %}
{{role.name}}Parameters: merge
{{role.name}}ExtraConfig: merge
{% endfor %}
parameter_defaults:
NeutronMechanismDrivers: ovn
ContainerCli: podman
EnablePackageInstall: true
SoftwareConfigTransport: POLL_SERVER_HEAT
OVNIntegrationBridge: br-int
ExtraConfig: {}
{% for role in roles %}
# Parameters generated for {{role.name}} Role
{{role.name}}Services: {{role.ServicesDefault|default([])}}
{{role.name}}Parameters: {}
{{role.name}}ExtraConfig: {}
{% endfor %}
ServiceNetMap:
ApacheNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
NeutronTenantNetwork: {{ _service_nets.get('tenant', 'ctlplane') }}
AodhApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
BarbicanApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
GnocchiApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
MongodbNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
CinderApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
CinderIscsiNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
GlanceApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
GlanceApiEdgeNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
IronicApiNetwork: ctlplane
IronicNetwork: ctlplane
IronicInspectorNetwork: ctlplane
KeystoneAdminApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
KeystonePublicApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
ManilaApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
NeutronApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
OctaviaApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
HeatApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
HeatApiCfnNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
NovaApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
PlacementNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
NovaMetadataNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
NovaLibvirtNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
SwiftStorageNetwork: {{ _service_nets.get('storage_mgmt', 'ctlplane') }}
SwiftProxyNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
HorizonNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
MemcachedNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
OsloMessagingRpcNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
OsloMessagingNotifyNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
RabbitmqNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
RabbitmqManagementNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
QdrNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
RedisNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
# Guest VMs use GaneshaNetwork and can not reach ctlplane network,
# so default to external when storage_nfs is not available.
GaneshaNetwork: {{ _service_nets.get('storage_nfs', _service_nets.get('external', 'ctlplane')) }}
MysqlNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
SnmpdNetwork: ctlplane
CephClusterNetwork: {{ _service_nets.get('storage_mgmt', 'ctlplane') }}
CephDashboardNetwork: {{ _service_nets.get('storage_dashboard', 'ctlplane') }}
CephGrafanaNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
CephIngressNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
CephMonNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
CephRgwNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
PublicNetwork: {{ _service_nets.get('external', 'ctlplane') }}
InternalApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
OpendaylightApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
OvnDbsNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
DockerRegistryNetwork: ctlplane
PacemakerNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
PacemakerRemoteNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
DesignateApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
DesignateMdnsNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
DesignateWorkerNetwork: {{ _service_nets.get('external', 'ctlplane') }}
DesignateBindNetwork: {{ _service_nets.get('external', 'ctlplane') }}
BINDNetwork: {{ _service_nets.get('external', 'ctlplane') }}
EtcdNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
# HaproxyNetwork currently only controls the haproxy.stats network binding
HaproxyNetwork: ctlplane
UnboundNetwork: {{ _service_nets.get('external', 'ctlplane') }}
# We special-case the default ResolveNetwork and MetricsQdrNetwork for the Ceph roles
# for backwards compatibility, all other roles default to internal_api
{%- for role in roles %}
{%- if 'ceph' in role.tags|default([]) %}
{{role.name}}HostnameResolveNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
{{role.name}}MetricsQdrNetwork: {{ _service_nets.get('storage', 'ctlplane') }}
{%- else %}
{{role.name}}HostnameResolveNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
{{role.name}}MetricsQdrNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
{%- endif %}
{%- endfor %}
VipSubnetMap:
ctlplane: ctlplane-subnet
{%- for network in networks if network.vip|default(false) %}
{{network.name}}: {{network.name_lower}}_subnet
{%- endfor %}
redis: {{ _service_nets.get('internal_api', 'ctlplane') }}_subnet
ovn_dbs: {{ _service_nets.get('internal_api', 'ctlplane') }}_subnet
EndpointMap:
AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS}
AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS}
AodhPublic: {protocol: http, port: '8042', host: IP_ADDRESS}
BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS}
BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS}
BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS}
CephDashboardInternal: {protocol: http, port: '8444', host: IP_ADDRESS}
CephGrafanaInternal: {protocol: http, port: '3100', host: IP_ADDRESS}
CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
CephRgwPublic: {protocol: http, port: '8080', host: IP_ADDRESS}
CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS}
CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS}
CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS}
DesignateAdmin: {protocol: 'http', port: '9001', host: IP_ADDRESS}
DesignateInternal: {protocol: 'http', port: '9001', host: IP_ADDRESS}
DesignatePublic: {protocol: 'http', port: '9001', host: IP_ADDRESS}
DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS}
GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS}
GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS}
GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS}
GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS}
GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS}
GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS}
GnocchiPublic: {protocol: http, port: '8041', host: IP_ADDRESS}
HeatAdmin: {protocol: http, port: '8004', host: IP_ADDRESS}
HeatInternal: {protocol: http, port: '8004', host: IP_ADDRESS}
HeatPublic: {protocol: http, port: '8004', host: IP_ADDRESS}
HeatCfnAdmin: {protocol: http, port: '8000', host: IP_ADDRESS}
HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS}
HeatCfnPublic: {protocol: http, port: '8000', host: IP_ADDRESS}
HorizonPublic: {protocol: http, port: '80', host: IP_ADDRESS}
IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS}
IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS}
IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS}
IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS}
IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS}
IronicInspectorPublic: {protocol: http, port: '5050', host: IP_ADDRESS}
KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS}
KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS}
KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS}
ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS}
ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS}
ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS}
MetricsQdrPublic: {protocol: 'amqp', port: '5666', host: IP_ADDRESS}
MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS}
NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS}
NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS}
NeutronPublic: {protocol: http, port: '9696', host: IP_ADDRESS}
NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS}
NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS}
NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS}
NovaMetadataInternal: {protocol: http, port: '8775', host: IP_ADDRESS}
PlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS}
PlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS}
PlacementPublic: {protocol: http, port: '8778', host: IP_ADDRESS}
NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS}
NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS}
NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS}
OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS}
OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS}
OctaviaPublic: {protocol: http, port: '9876', host: IP_ADDRESS}
SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS}
SshServerOptions:
HostKey:
- '/etc/ssh/ssh_host_rsa_key'
- '/etc/ssh/ssh_host_ecdsa_key'
- '/etc/ssh/ssh_host_ed25519_key'
SyslogFacility: 'AUTHPRIV'
AuthorizedKeysFile: '.ssh/authorized_keys'
ChallengeResponseAuthentication: 'no'
GSSAPIAuthentication: 'no'
GSSAPICleanupCredentials: 'no'
UsePAM: 'yes'
UseDNS: 'no'
X11Forwarding: 'yes'
AcceptEnv:
- 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
- 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
- 'LC_IDENTIFICATION LC_ALL LANGUAGE'
- 'XMODIFIERS'
Subsystem: 'sftp /usr/libexec/openssh/sftp-server'