c5dc8ef19a
For security, it is best to split authoritative and recursive nameservers. This way a security vulnerability that only affects one type of server won't provide an exploit for the other too. For Designate, the managed BIND server is the authoritative one. We can use Neutron's internal DNS server as the recursive server, or users can point at their DNS server of choice. To make sure our defaults work out of the box, this change enables the Neutron internal DNS by default and users can change that if they choose. Since that means we no longer need recursion in BIND, we should shut it off, which this also does. Change-Id: I4193436fdfd05bfd641fc32b58cc9bff24310a80 |
||
|---|---|---|
| ci | ||
| common | ||
| deployed-server | ||
| docker | ||
| environments | ||
| extraconfig | ||
| firstboot | ||
| network | ||
| plan-samples | ||
| puppet | ||
| releasenotes | ||
| roles | ||
| sample-env-generator | ||
| scripts | ||
| tools | ||
| tripleo_heat_templates | ||
| validation-scripts | ||
| zuul.d | ||
| .gitignore | ||
| .gitreview | ||
| .testr.conf | ||
| LICENSE | ||
| README.rst | ||
| all-nodes-validation.yaml | ||
| babel.cfg | ||
| bindep.txt | ||
| bootstrap-config.yaml | ||
| capabilities-map.yaml | ||
| config-download-software.yaml | ||
| config-download-structured.yaml | ||
| default_passwords.yaml | ||
| hosts-config.yaml | ||
| j2_excludes.yaml | ||
| lower-constraints.txt | ||
| net-config-bond.j2.yaml | ||
| net-config-bridge.j2.yaml | ||
| net-config-linux-bridge.j2.yaml | ||
| net-config-noop.j2.yaml | ||
| net-config-standalone.j2.yaml | ||
| net-config-static-bridge-with-external-dhcp.j2.yaml | ||
| net-config-static-bridge.j2.yaml | ||
| net-config-static.j2.yaml | ||
| net-config-undercloud.j2.yaml | ||
| network_data.yaml | ||
| network_data_ganesha.yaml | ||
| overcloud-resource-registry-puppet.j2.yaml | ||
| overcloud.j2.yaml | ||
| plan-environment.yaml | ||
| requirements.txt | ||
| roles_data.yaml | ||
| roles_data_undercloud.yaml | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
README.rst
Team and repository tags
tripleo-heat-templates
Heat templates to deploy OpenStack using OpenStack.
- Free software: Apache License (2.0)
- Documentation: https://docs.openstack.org/tripleo-docs/latest/
- Source: http://git.openstack.org/cgit/openstack/tripleo-heat-templates
- Bugs: https://bugs.launchpad.net/tripleo
* Release notes: https://docs.openstack.org/releasenotes/tripleo-heat-templates/ Features --------
The ability to deploy a multi-node, role based OpenStack deployment using OpenStack Heat. Notable features include:
- Choice of deployment/configuration tooling: puppet, (soon) docker
- Role based deployment: roles for the controller, compute, ceph, swift, and cinder storage
- physical network configuration: support for isolated networks, bonding, and standard ctlplane networking
Directories
A description of the directory layout in TripleO Heat Templates.
- environments: contains heat environment files that can be used with -e
on the command like to enable features, etc.
- extraconfig: templates used to enable 'extra' functionality. Includes
functionality for distro specific registration and upgrades.
- firstboot: example first_boot scripts that can be used when initially
creating instances.
- network: heat templates to help create isolated networks and ports
- puppet: templates mostly driven by configuration with puppet. To use these
templates you can use the overcloud-resource-registry-puppet.yaml.
- validation-scripts: validation scripts useful to all deployment
configurations
- roles: example roles that can be used with the tripleoclient to generate
a roles_data.yaml for a deployment See the roles/README.rst for additional details.
Service testing matrix
The configuration for the CI scenarios will be defined in tripleo-heat-templates/ci/ and should be executed according to the following table:
| - | scn000 | scn001 | scn002 | scn003 | scn004 | scn006 | scn007 | scn009 | non-ha | ovh-ha |
|---|---|---|---|---|---|---|---|---|---|---|
| openshift |
|
|||||||||
| keystone |
|
|
|
|
|
|
|
|
|
|
| glance |
|
swift |
|
|
|
|
|
|
||
| cinder |
|
iscsi | ||||||||
| heat |
|
|
||||||||
| ironic |
|
|||||||||
| mysql |
|
|
|
|
|
|
|
|
|
|
| neutron |
|
|
|
|
|
|
|
|
||
| neutron-bgpvpn |
|
|||||||||
| ovn |
|
|||||||||
| neutron-l2gw |
|
|||||||||
| om-rpc | rabbit | rabbit |
|
rabbit | rabbit | rabbit | rabbit | rabbit | ||
| om-notify | rabbit | rabbit | rabbit | rabbit | rabbit | rabbit | rabbit | rabbit | ||
| mongodb | ||||||||||
| redis |
|
|
||||||||
| haproxy |
|
|
|
|
|
|
|
|
||
| memcached |
|
|
|
|
|
|
|
|
||
| pacemaker |
|
|
|
|
|
|
|
|
||
| nova |
|
|
|
|
ironic |
|
|
|
||
| ntp |
|
|
|
|
|
|
|
|
|
|
| snmp |
|
|
|
|
|
|
|
|
|
|
| timezone |
|
|
|
|
|
|
|
|
|
|
| sahara |
|
|||||||||
| mistral |
|
|||||||||
| swift |
|
|||||||||
| aodh |
|
|
||||||||
| ceilometer |
|
|
||||||||
| gnocchi |
|
|
||||||||
| panko |
|
|
||||||||
| barbican |
|
|||||||||
| zaqar |
|
|||||||||
| ec2api |
|
|||||||||
| cephrgw |
|
|||||||||
| tacker |
|
|||||||||
| congress |
|
|||||||||
| cephmds |
|
|||||||||
| manila |
|
|||||||||
| collectd |
|
|||||||||
| fluentd |
|
|||||||||
| sensu-client |
|
|||||||||
| designate |
|