openstack/tripleo-heat-templates
Code Issues Proposed changes
c5dc8ef19a
tripleo-heat-templates/environments
History
Ben Nemec c5dc8ef19a Disable recursion in Designate-managed BIND 
For security, it is best to split authoritative and recursive
nameservers.  This way a security vulnerability that only affects
one type of server won't provide an exploit for the other too.

For Designate, the managed BIND server is the authoritative one.
We can use Neutron's internal DNS server as the recursive server, or
users can point at their DNS server of choice.  To make sure our
defaults work out of the box, this change enables the Neutron
internal DNS by default and users can change that if they choose.

Since that means we no longer need recursion in BIND, we should shut
it off, which this also does.

Change-Id: I4193436fdfd05bfd641fc32b58cc9bff24310a80
2018-07-09 20:01:58 +00:00
..
ceph-ansible Remove CephAnsiblePlaybook parameter reset from ceph-ansible env files 2018-05-25 08:39:51 +00:00
composable-roles Fix standalone ControllerOpenstack vars 2017-10-06 15:04:35 -06:00
lifecycle Merge "Ensure WorkflowSteps resource is enabled in ceph-upgrade-prepare" 2018-06-01 20:40:25 +00:00
messaging Support separate oslo.messaging services for RPC and Notification 2018-04-22 04:33:44 +00:00
networking Add neutron-midonet sample environment 2017-06-12 15:02:50 -05:00
predictable-placement Revert "Switch public endpoints to use FQDNs by default" 2018-05-16 21:45:42 +00:00
services Merge "Store ODL logs to file" 2018-07-06 13:34:01 +00:00
services-baremetal Merge "Store ODL logs to file" 2018-07-06 13:34:01 +00:00
ssl Merge "Manage public certificate with ansible" 2018-06-01 17:37:48 +00:00
storage Add support of shared staging location for glance-direct 2018-05-22 21:40:13 +05:30
updates FFU: Add update-from-ceph-newton.yaml 2018-02-21 15:40:14 -05:00
veritas-hyperscale Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
auditd.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
barbican-backend-dogtag.yaml Add multiple secret store backends for barbican 2017-12-05 13:07:50 -05:00
barbican-backend-kmip.yaml Add multiple secret store backends for barbican 2017-12-05 13:07:50 -05:00
barbican-backend-pkcs11.yaml Add multiple secret store backends for barbican 2017-12-05 13:07:50 -05:00
barbican-backend-simple-crypto.yaml Add multiple secret store backends for barbican 2017-12-05 13:07:50 -05:00
baremetal-services.yaml Drop old ceilometer services 2018-05-29 20:51:07 +00:00
cadf.yaml Enable keystone cadf notifications 2017-03-06 18:10:55 +01:00
cavium-liquidio.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
cinder-backup.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
cinder-dellemc-unity-config.yaml Add support for Dell EMC Unity Cinder backend 2017-08-17 08:36:14 +00:00
cinder-dellemc-vmax-iscsi-config.yaml Add support for Dell EMC VMAX ISCSI Backend 2017-08-30 04:41:47 +00:00
cinder-dellemc-vnx-config.yaml storage_vnx_pool_name is incorrect for VNX cinder driver. 2018-06-26 17:44:28 +08:00
cinder-dellemc-xtremio-iscsi-config.yaml Rename Dell EMC XTREMIO iSCSI environment file 2018-05-23 12:42:02 -04:00
cinder-dellps-config.yaml Ps Cinder: Added support for password less login 2017-07-18 12:49:53 -05:00
cinder-dellsc-config.yaml Dell SC: Add exclude_domain_ip option 2017-06-07 20:21:35 +00:00
cinder-hpelefthand-config.yaml HPELeftHandISCSIDriver support for Cinder 2017-01-13 16:48:59 +00:00
cinder-iser.yaml Added support for pass-through iSER configuration 2016-09-23 09:51:41 -04:00
cinder-netapp-config.yaml Add storage sample environments 2017-06-12 15:02:50 -05:00
cinder-nvmeof-config.yaml Add support for NVMeOF cinder backend 2018-05-07 15:45:42 +03:00
cinder-pure-config.yaml Enables support for configuring Cinder with Pure Storage 2017-04-04 22:11:34 -04:00
cinder-scaleio-config.yaml Containerized control plane with Dell EMC ScaleIO storage 2018-05-29 13:41:29 -04:00
collectd-environment.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
compute-instanceha.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
compute-real-time-example.yaml Add custom role for realtime compute 2018-01-24 22:43:00 +00:00
computealt.yaml Add ComputeAlt role and environment 2017-11-29 14:28:05 +11:00
config-debug.yaml Add DockerPuppetDebug to environments/config-debug.yaml 2018-01-09 10:43:16 +01:00
config-download-environment.yaml Switch to config-download by default 2018-04-25 09:42:13 -04:00
containerized-control-plane-dellemc-scaleio.yaml Containerized control plane with Dell EMC ScaleIO storage 2018-05-29 13:41:29 -04:00
debug.yaml Add new environment for debug 2016-10-07 17:27:22 +00:00
deployed-server-bootstrap-environment-centos.yaml Deployed server bootstrap via Heat 2017-01-16 10:48:00 -05:00
deployed-server-bootstrap-environment-rhel.yaml Add deployed server bootstrap for RHEL 2017-01-26 15:06:46 -05:00
deployed-server-deployed-neutron-ports.yaml Use static environment for deployed-server neutron mappings 2017-07-18 20:01:06 -04:00
deployed-server-environment.j2.yaml Nic config mappings for deployed-server 2017-03-22 20:08:38 +00:00
deployed-server-noop-ctlplane.yaml Add deployed server bootstrap to noop-ctlplane 2017-01-17 18:34:47 -05:00
deployed-server-pacemaker-environment.yaml Do not set cluster in maintenance mode during split stack upgrade 2017-10-20 10:20:50 +02:00
disable-config-download-environment.yaml NFV: Support for config-download to deploy node with kernel args 2018-05-15 11:01:06 +05:30
disable-telemetry.yaml Set default application for Ceph Luminous openstack_pools 2018-05-24 18:08:16 +00:00
disable-workflow-tasks.yaml Environment to disable workflow_tasks 2018-04-16 17:52:45 -04:00
docker-ha.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
docker-network.yaml container ovs-agent, ensure br-ex exists 2017-08-28 19:47:16 +00:00
docker-uc-light.yaml Expose parameter MistralDockerGroup 2018-05-15 00:22:39 +00:00
docker.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
enable_congress.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
enable_tacker.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
enable_tempest.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
enable-designate.yaml Disable recursion in Designate-managed BIND 2018-07-09 20:01:58 +00:00
enable-internal-tls.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
enable-swap-partition.yaml Fix for AllNodesExtraConfig and fix environment files to create swap files/partitions 2017-01-16 15:47:50 +01:00
enable-swap.yaml Fix for AllNodesExtraConfig and fix environment files to create swap files/partitions 2017-01-16 15:47:50 +01:00
enable-tls.yaml Manage public certificate with ansible 2018-05-31 14:50:00 +02:00
external-loadbalancer-vip-v6.yaml Replace references to the 192.0.2 network 2017-04-10 14:05:50 +02:00
external-loadbalancer-vip.yaml Replace references to the 192.0.2 network 2017-04-10 14:05:50 +02:00
fixed-ip-vips-v6.yaml Fix incorrect Redis VIP declaration in fixed-ip-vips-v6.yaml 2018-06-21 11:45:57 -07:00
fixed-ip-vips.yaml Fix PublicVirtualFixedIPs in envs 2018-02-15 05:52:07 +00:00
horizon_password_validation.yaml Manage password_validator regex 2017-01-25 16:45:22 +00:00
host-config-and-reboot.j2.yaml Add a new role for ComputeOvsDpdk and clean-up parameters 2017-07-14 11:09:13 +05:30
hyperconverged-ceph.yaml Add PTP composable service 2018-02-08 15:20:17 +08:00
inject-trust-anchor-hiera.yaml Add nested sample environments for inject-trust-anchor 2017-06-12 15:02:50 -05:00
inject-trust-anchor.yaml Add nested sample environments for inject-trust-anchor 2017-06-12 15:02:50 -05:00
ips-from-pool-all.yaml Fix networking settings for ObjectStorage role 2017-10-25 20:57:17 +02:00
ips-from-pool-ctlplane.yaml Add ability to pre-assign IPs by role on ctlplane 2018-05-18 15:42:41 -07:00
ips-from-pool.yaml Add sample environment file to document usage of predictable IPs 2015-12-15 12:52:15 +01:00
ipsec.yaml Add IPSEC composable service 2017-12-05 13:10:18 +00:00
kubernetes.yaml Remove too opinionated parameters from kubernetes.yaml environment 2017-11-15 15:28:14 +01:00
logging-environment.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
login-defs.yaml Implements management of /etc/login.defs 2017-11-29 09:23:25 +00:00
low-memory-usage.yaml Lower reserved memory for nova-compute 2018-06-25 18:02:59 -04:00
manila-cephfsganesha-config-docker.yaml Allows for configuration of the Ceph cluster name 2018-02-20 11:35:01 +01:00
manila-cephfsnative-config-docker.yaml Allows for configuration of the Ceph cluster name 2018-02-20 11:35:01 +01:00
manila-cephfsnative-config.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
manila-isilon-config.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
manila-netapp-config-docker.yaml Add storage backends env files for containerized deployment 2017-08-31 11:00:55 -03:00
manila-netapp-config.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
manila-unity-config.yaml Merge "[DellEMC]Update Manila Unity driver" 2018-05-06 20:40:15 +00:00
manila-vmax-config.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
manila-vnx-config.yaml Merge "[DellEMC]Update Manila VNX driver" 2018-05-01 08:55:38 +00:00
mongodb-nojournal.yaml Always use parameter_defaults in environment files 2016-04-11 14:15:39 -04:00
monitoring-environment.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
net-bond-with-vlans-no-external.j2.yaml Fix default nic config file names 2018-03-06 17:49:56 +01:00
net-bond-with-vlans-v6.j2.yaml Fix default nic config file names 2018-03-06 17:49:56 +01:00
net-bond-with-vlans.j2.yaml Fix default nic config file names 2018-03-06 17:49:56 +01:00
net-dpdkbond-with-vlans.j2.yaml Fix default nic config file names 2018-03-06 17:49:56 +01:00
net-multiple-nics-v6.j2.yaml Fix default nic config file names 2018-03-06 17:49:56 +01:00
net-multiple-nics.j2.yaml Fix default nic config file names 2018-03-06 17:49:56 +01:00
net-noop.j2.yaml Add environments/net-noop.yaml 2018-06-12 21:52:39 +00:00
net-single-nic-linux-bridge-with-vlans.j2.yaml Fix default nic config file names 2018-03-06 17:49:56 +01:00
net-single-nic-with-vlans-no-external.j2.yaml Fix default nic config file names 2018-03-06 17:49:56 +01:00
net-single-nic-with-vlans-v6.j2.yaml Fix default nic config file names 2018-03-06 17:49:56 +01:00
net-single-nic-with-vlans.j2.yaml Fix default nic config file names 2018-03-06 17:49:56 +01:00
network-environment-v6.j2.yaml Do not create NetworkVlanID is the value is not defined 2018-03-21 11:43:32 +01:00
network-environment.j2.yaml Do not create NetworkVlanID is the value is not defined 2018-03-21 11:43:32 +01:00
network-isolation-no-tunneling.j2.yaml Create network-isolation-no-tunneling.yaml using jinja2 2017-09-13 15:42:23 -06:00
network-isolation-v6.j2.yaml Merge "Render NIC config templates with jinja2" 2018-02-14 05:54:31 +00:00
network-isolation.j2.yaml Fix issue where 2 Redis VIPs are assigned, but only one used. 2017-09-20 10:40:46 -05:00
network-management-v6.yaml Fix networking settings for ObjectStorage role 2017-10-25 20:57:17 +02:00
network-management.yaml Fix networking settings for ObjectStorage role 2017-10-25 20:57:17 +02:00
networks-disable.j2.yaml Environment to disable Neutron networks 2018-01-24 20:59:14 -05:00
neutron-bgpvpn-bagpipe.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
neutron-bgpvpn.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
neutron-l2gw.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
neutron-linuxbridge.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
neutron-midonet.yaml Add neutron-midonet sample environment 2017-06-12 15:02:50 -05:00
neutron-ml2-ansible.yaml Add networking-ansible ML2 plugin support 2018-07-02 13:22:04 +05:30
neutron-ml2-bigswitch.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
neutron-ml2-cisco-n1kv.yaml Replace references to the 192.0.2 network 2017-04-10 14:05:50 +02:00
neutron-ml2-cisco-nexus-ucsm.yaml Adding new config parameters for Cisco UCSM ML2 driver 2018-02-13 16:26:12 +00:00
neutron-ml2-cisco-vts.yaml Add cisco VTS ML2 template for a dockerized service and default environment settings 2018-02-20 21:11:19 +01:00
neutron-ml2-fujitsu-cfab.yaml Add THT for networking-fujitsu 2017-01-10 10:54:02 -05:00
neutron-ml2-fujitsu-fossw.yaml Add THT for fossw ML2 plugin in networking-fujitsu 2017-01-19 12:55:47 -05:00
neutron-ml2-mlnx-sdn.yaml Add environment file for Mellanox SDN 2018-04-18 17:20:28 +03:00
neutron-ml2-ovn-dvr-ha.yaml Prevent Neutron L3 and Metadata agents from running when using OVN DVR. 2018-06-28 14:14:38 +00:00
neutron-ml2-ovn-ha.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
neutron-ml2-ovn-hw-offload.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
neutron-ml2-vpp.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
neutron-nsx.yaml Add initial support for NSX plugin 2017-04-06 04:11:15 -07:00
neutron-nuage-config.yaml Parameterizing Puppet Tags 2018-04-23 21:24:52 -04:00
neutron-ovs-dpdk.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
neutron-ovs-dvr.yaml Support containerized DVR in compute role 2018-06-01 11:31:50 -02:30
neutron-plumgrid.yaml Composable Plumgrid compute plugin 2016-07-12 09:48:31 -04:00
neutron-sfc.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
neutron-sriov.yaml NeutronSriovHostConfig missing in SRIOV's env files 2018-05-28 10:09:44 +02:00
no-tls-endpoints-public-ip.yaml Drop old ceilometer services 2018-05-29 20:51:07 +00:00
nonha-arch.yaml Switch remaining env files to containers defaults 2018-04-26 23:45:01 +00:00
noop-deploy-steps.yaml Add noop-deploy-steps.yaml environment 2017-11-22 18:48:21 +00:00
nova-api-policy.yaml Allow to configure policy.json for OpenStack projects 2017-03-28 22:21:28 +00:00
nova-nuage-config.yaml Drop extraconfig for nova-nuage 2017-08-16 07:46:00 -04:00
odl-dscp-marking-inheritance.yaml Add flag to enable QoS DSCP marking in ODL 2018-05-30 13:14:32 +00:00
openshift-cns.yaml Add an openshift-cns service 2018-04-20 17:27:14 +02:00
openshift.yaml Update for openshift 3.9 2018-07-03 14:13:42 +02:00
overcloud-baremetal.j2.yaml Consistent hostname format env for split-stack 2017-07-24 14:42:28 -04:00
overcloud-services.yaml Consistent hostname format env for split-stack 2017-07-24 14:42:28 -04:00
overcloud-steps.yaml Rename -puppet.yaml templates. 2015-09-22 08:30:01 -04:00
ovs-dpdk-permissions.yaml Configure qemu group setting as hugetlbfs for ovs-dpdk 2018-03-14 22:14:36 +05:30
ovs-hw-offload.yaml Removing the deprecated environment files for hw offloading in containers 2018-04-29 07:39:51 +00:00
public-tls-undercloud.yaml Default CertmongerUser to be defined for undercloud setup 2018-04-09 07:46:41 +03:00
puppet-pacemaker-no-restart.yaml Allow to manually disable post-puppet restarts 2016-06-14 16:10:10 +02:00
puppet-pacemaker.yaml Merge pre|post puppet resources into pre|post config. 2017-04-24 12:56:49 +02:00
puppet-tenant-vlan.yaml Remove NeutronEnableTunnelling from templates 2016-08-12 20:46:38 -02:30
README.md Add a directory for overcloud heat environments 2015-05-15 12:28:00 +02:00
rhsm.yaml RHSM: update parameters in doc 2018-02-06 14:00:13 -08:00
securetty.yaml Adds service for managing securetty 2017-04-06 13:30:50 +01:00
split-stack-consistent-hostname-format.j2.yaml Consistent hostname format env for split-stack 2017-07-24 14:42:28 -04:00
sshd-banner.yaml SSHD Service extensions 2017-04-19 18:03:02 +01:00
standalone.yaml standalone: cleanup environment 2018-05-31 14:17:45 -07:00
stdout-logging.yaml Merge "Add option for barbican API container to log to stdout/stderr" 2017-11-21 21:16:32 +00:00
storage-environment-external.yaml Migrates ceph-{radosgw,mds,rbdmirror} to ceph-ansible 2018-01-22 14:45:03 +01:00
storage-environment.yaml Remove CephAnsiblePlaybook parameter reset from ceph-ansible env files 2018-05-25 08:39:51 +00:00
swift-external.yaml Support for external swift proxy 2017-04-18 09:13:19 +02:00
tls-endpoints-public-dns.yaml Drop old ceilometer services 2018-05-29 20:51:07 +00:00
tls-endpoints-public-ip.yaml Drop old ceilometer services 2018-05-29 20:51:07 +00:00
tls-everywhere-endpoints-dns.yaml Drop old ceilometer services 2018-05-29 20:51:07 +00:00
tripleo-validations.yaml Implement TripleoValidations composable service 2018-06-13 11:35:49 -07:00
undercloud.yaml Merge "Undercloud specific volumes for mistral-executor container" 2018-07-06 08:14:37 +00:00
use-dns-for-vips.yaml Stop using puppet to configure VIPs in /etc/hosts 2016-11-27 13:20:33 -05:00

README.md

This directory contains Heat environment file snippets which can be used to enable features in the Overcloud.

Configuration

These can be enabled using the -e [path to environment yaml] option with heatclient.

Below is an example of how to enable the Ceph template using devtest_overcloud.sh:

export OVERCLOUD\_CUSTOM\_HEAT\_ENV=$TRIPLEO\_ROOT/tripleo-heat-templates/environments/ceph_devel.yaml