RETIRED, Heat templates for deploying OpenStack
Go to file
Lance Bragstad c9635bf92e Implement a tool for converting policy.yaml files to heat templates
This commit adds a tool that parses a directory of service.yaml policy
files and then converts them to the appropriate THT structure, using the
necessary service variables and templating.

The enable-secure-rbac.yaml is simply the current defaults generated
from code. First, generate all the policy files for each OpenStack
service:

  $ oslopolicy-sample-generator --namespace $SERVICE --output-file $DEST/$SERVICE.yaml

Next, uncomment all the default policies as a starting point for making
policy changes:

  $ sed -i 's/^#"/"/g' $DEST/$SERVICE.yaml

Next you can make changes to the policy files to reflect the changes you
want in your deployment.

Finally, you can generate the necessary heat template:

  $ ./convert_policy_yaml_to_heat_template.py -d $DEST

The tool outputs to stdout. It's up to the user to redirect to a file if
they wish to save results.

The enable-secure-rbac.yaml environment will be updated in subsequent
patches to implement project personas.

Change-Id: I9957243d307758f56b84cde3a408006d8161fa41
2021-09-28 13:33:53 +00:00
ci Remove zaqar 2021-09-16 15:12:29 -06:00
common Remove unused valid_exit_codes arg 2021-08-31 16:45:00 +02:00
container_config_scripts Merge "CentOS 9: support restart of HA resources" 2021-09-08 12:13:18 +00:00
deployed-server fix typo in readme 2021-07-09 07:30:35 -05:00
deployment Add a global configuration option for secure RBAC 2021-09-22 13:17:40 +00:00
doc Add doc/requirements 2021-01-05 09:49:46 +01:00
environments Implement a tool for converting policy.yaml files to heat templates 2021-09-28 13:33:53 +00:00
extraconfig Deploy standalone ironic and neutron in undercloud 2021-09-17 10:42:55 +05:30
firstboot Use 'wallaby' heat_template_version 2021-03-31 17:35:12 +05:30
network Remove zaqar 2021-09-16 15:12:29 -06:00
network-data-samples Merge "Fix typo in vip-data-default-network-isolation.yaml" 2021-09-13 21:50:26 +00:00
plan-samples Fix plan-samples README.rst 2021-03-04 13:42:01 +05:30
puppet Make UpgradeLeappDevelSkip per-role 2021-06-13 22:48:01 +01:00
releasenotes Merge "Manila: Deprecate ineffctive *DriverHandlesShareServers" 2021-09-21 19:32:06 +00:00
roles Remove zaqar 2021-09-16 15:12:29 -06:00
sample-env-generator Remove zaqar 2021-09-16 15:12:29 -06:00
scripts Compute HA: Remove version discovery of keystone API 2021-08-17 17:01:26 +09:00
tools Implement a tool for converting policy.yaml files to heat templates 2021-09-28 13:33:53 +00:00
tripleo_heat_templates Use merge strategy for EndpointMap 2021-06-15 09:15:41 +05:30
zuul.d Wire up renamed upgrade periodic template 2021-07-27 18:17:21 +03:00
.ansible-lint Remove duplicate keys from yaml files 2021-03-29 13:56:31 +00:00
.gitignore Deprecate DeployedServerPortMap 2021-06-28 17:44:11 -04:00
.gitreview OpenDev Migration Patch 2019-04-19 19:34:55 +00:00
.testr.conf Improve nova statedir ownership logic 2018-07-09 17:07:30 +01:00
babel.cfg
bindep.txt Fixed tox executions 2021-03-26 15:37:07 +00:00
config-download-software.yaml Use 'wallaby' heat_template_version 2021-03-31 17:35:12 +05:30
config-download-structured.yaml Use 'wallaby' heat_template_version 2021-03-31 17:35:12 +05:30
j2_excludes.yaml Remove ipv6 specific network templates 2017-08-31 13:12:17 -07:00
LICENSE Add license file 2014-01-20 11:58:20 +01:00
network_data_dashboard.yaml Add a StorageDashboard network used by CephGrafana service 2019-08-30 19:16:47 +02:00
network_data_default.yaml Add network-v2 default files + vip data examples 2021-06-07 13:22:40 +02:00
network_data_ganesha.yaml Use appropriate allocation pools for StorageNFS 2020-08-26 15:27:52 +00:00
network_data_routed.yaml Merge "Allow overlay tunnel endpoints on IPv6 address" 2019-01-10 21:13:19 +00:00
network_data_subnets_routed.yaml L3 routed networks - data + env (1/3) 2018-12-30 19:24:29 +01:00
network_data_undercloud.yaml Add network data for the undercloud 2019-01-21 19:35:37 +01:00
network_data.yaml Add external_resource_vip_id property to network_data.yaml 2019-03-25 10:48:40 -04:00
overcloud-resource-registry-puppet.j2.yaml Remove zaqar 2021-09-16 15:12:29 -06:00
overcloud.j2.yaml Merge "Add THT Jinja2 data sources as stack output" 2021-06-25 00:49:48 +00:00
README.rst Remove zaqar 2021-09-16 15:12:29 -06:00
requirements.txt Deprecate EnablePaunch and remove Paunch support 2020-06-03 17:53:40 +00:00
roles_data_undercloud.yaml Remove zaqar 2021-09-16 15:12:29 -06:00
roles_data.yaml Remove zaqar 2021-09-16 15:12:29 -06:00
setup.cfg Add support for py39 2021-03-24 09:40:57 +00:00
setup.py Updated from global requirements 2017-03-28 13:03:01 +00:00
test-ansible-requirements.txt Change tests to run on ansible-core 2.11 2021-08-08 09:12:53 +00:00
test-requirements.txt Enable ansible-lint 2021-03-30 09:18:15 +01:00
tox.ini Setting language for the python3.6 tox environment 2021-08-19 08:35:44 +00:00
vip_data_default.yaml Add network-v2 default files + vip data examples 2021-06-07 13:22:40 +02:00

Team and repository tags

image

tripleo-heat-templates

Heat templates to deploy OpenStack using OpenStack.

Features

The ability to deploy a multi-node, role based OpenStack deployment using OpenStack Heat. Notable features include:

  • Choice of deployment/configuration tooling: puppet, (soon) docker
  • Role based deployment: roles for the controller, compute, ceph, swift, and cinder storage
  • physical network configuration: support for isolated networks, bonding, and standard ctlplane networking

Directories

A description of the directory layout in TripleO Heat Templates.

  • environments: contains heat environment files that can be used with -e

    on the command like to enable features, etc.

  • extraconfig: templates used to enable 'extra' functionality. Includes

    functionality for distro specific registration and upgrades.

  • firstboot: example first_boot scripts that can be used when initially

    creating instances.

  • network: heat templates to help create isolated networks and ports
  • puppet: templates mostly driven by configuration with puppet. To use these

    templates you can use the overcloud-resource-registry-puppet.yaml.

  • validation-scripts: validation scripts useful to all deployment

    configurations

  • roles: example roles that can be used with the tripleoclient to generate

    a roles_data.yaml for a deployment See the roles/README.rst for additional details.

Service testing matrix

The configuration for the CI scenarios will be defined in tripleo-heat-templates/ci/ and should be executed according to the following table:

- scn000 scn001 scn002 scn003 scn004 scn006 scn007 scn009 scn010 scn013 non-ha ovh-ha
keystone

X

X

X

X

X

X

X

X

X

X

X

glance

rbd

swift

file

rgw

file

file

rbd

file

file

file

cinder

rbd

iscsi
heat

X

X

ironic

X

mysql

X

X

X

X

X

X

X

X

X

X

X

neutron

ovn

ovn

ovn

ovn

ovn

ovs

ovn

ovn

ovn

ovn

neutron-bgpvpn

wip

ovn

X

neutron-l2gw

wip

om-rpc rabbit rabbit

amqp1

rabbit rabbit rabbit rabbit rabbit rabbit rabbit
om-notify rabbit rabbit rabbit rabbit rabbit rabbit rabbit rabbit rabbit rabbit
redis

X

X

haproxy

X

X

X

X

X

X

X

X

X

X

memcached

X

X

X

X

X

X

X

X

X

X

pacemaker

X

X

X

X

X

X

X

X

X

X

nova

qemu

qemu

qemu

qemu

ironic

qemu

qemu

qemu

qemu

qemu

placement

X

X

X

X

X

X

X

X

X

X

ntp

X

X

X

X

X

X

X

X

X

X

X

X

snmp

X

X

X

X

X

X

X

X

X

X

X

X

timezone

X

X

X

X

X

X

X

X

X

X

X

X

swift

X

aodh

X

X

ceilometer

X

X

gnocchi

rbd

swift

barbican

X

cephrgw

X

cephmds

X

manila

X

collectd

X

designate

X

octavia

X

X

rear

X

Extra Firewall

X