RETIRED, Heat templates for deploying OpenStack

Go to file

Cédric Jeanneret d77fe55516 Ensure SELinux context persist across restorecon and reboot Until now, we only relied on the ":z" flag in order to set container volumes label to container_file_t. While it works fine, it has multiple issues: - if an operator runs a restorecon, it might break the container service - if an SELinux related package is updated, it might reset the label, and break the container service - it requires a container stop&start to reset the label to the expected value - in case of deep tree or huge amount of file, relabelling takes time This change ensures the system sets the expected context on the specific locations, instead of following the content of selinux-policy-targeted rulesets. It has an equivalent for some locations in tripleo-ansible repository: https://review.opendev.org/c/openstack/tripleo-ansible/+/782393 Note about swift locations: Since openstack-selinux already sets fcontext rules for, at least, once swift location, we can't override it here. The following openstack-selinux patch is being pushed in order to work around this specific case: https://github.com/redhat-openstack/openstack-selinux/pull/73 Change-Id: Icb7f58004e281b42141c70a9a4895905dc32b45d Resolves: rhbz#1941922		2021-03-30 08:11:59 +02:00
ci	Merge "Designate: split bind instance into separate template"	2021-03-30 00:43:03 +00:00
common	Ensure SELinux context persist across restorecon and reboot	2021-03-30 08:11:59 +02:00
container_config_scripts	Upgrade mariadb storage during upgrade tasks	2021-02-16 09:08:40 +01:00
deployed-server	Set tag hints on ControlVirtualIP	2021-02-23 23:41:31 +01:00
deployment	Ensure SELinux context persist across restorecon and reboot	2021-03-30 08:11:59 +02:00
doc	Add doc/requirements	2021-01-05 09:49:46 +01:00
environments	Merge "Designate: split bind instance into separate template"	2021-03-30 00:43:03 +00:00
extraconfig	Set dns_name propery on ports and networks	2020-04-03 08:57:38 +02:00
firstboot	os-net-config-mappings move out of firsboot	2020-09-07 13:26:08 +00:00
network	Merge "Add the Unbound DNS resolver service"	2021-03-20 01:44:00 +00:00
network-data-samples	Add sample network data files for network-data-v2	2021-01-14 12:04:58 +01:00
plan-samples	Fix plan-samples README.rst	2021-03-04 13:42:01 +05:30
puppet	Merge "Restore PreNetworkConfig resources"	2021-03-01 20:42:08 +00:00
releasenotes	Merge "Config parameters for timemaster service"	2021-03-29 17:03:32 +00:00
roles	Designate: split bind instance into separate template	2021-03-22 15:55:00 -02:30
sample-env-generator	Merge "Designate: split bind instance into separate template"	2021-03-30 00:43:03 +00:00
scripts	Adding an optional startup delay to nova-compute	2020-12-18 08:52:47 -05:00
tools	Remove duplicate keys from yaml files	2021-03-29 13:56:31 +00:00
tripleo_heat_templates	Remove DefaultPasswords interface	2021-02-12 11:38:44 +05:30
zuul.d	Add support for py39	2021-03-24 09:40:57 +00:00
.ansible-lint	Remove duplicate keys from yaml files	2021-03-29 13:56:31 +00:00
.gitignore	Fixed tox executions	2021-03-26 15:37:07 +00:00
.gitreview	OpenDev Migration Patch	2019-04-19 19:34:55 +00:00
.testr.conf	Improve nova statedir ownership logic	2018-07-09 17:07:30 +01:00
babel.cfg	Add release configuration.	2013-10-22 17:49:35 +01:00
bindep.txt	Fixed tox executions	2021-03-26 15:37:07 +00:00
config-download-software.yaml	Don't use POLL_SERVER_CFN transport for DeployedServer	2020-10-17 10:21:11 +05:30
config-download-structured.yaml	Don't use POLL_SERVER_CFN transport for DeployedServer	2020-10-17 10:21:11 +05:30
j2_excludes.yaml	Remove ipv6 specific network templates	2017-08-31 13:12:17 -07:00
LICENSE	Add license file	2014-01-20 11:58:20 +01:00
network_data_dashboard.yaml	Add a StorageDashboard network used by CephGrafana service	2019-08-30 19:16:47 +02:00
network_data_ganesha.yaml	Use appropriate allocation pools for StorageNFS	2020-08-26 15:27:52 +00:00
network_data_routed.yaml	Merge "Allow overlay tunnel endpoints on IPv6 address"	2019-01-10 21:13:19 +00:00
network_data_subnets_routed.yaml	L3 routed networks - data + env (1/3)	2018-12-30 19:24:29 +01:00
network_data_undercloud.yaml	Add network data for the undercloud	2019-01-21 19:35:37 +01:00
network_data.yaml	Add external_resource_vip_id property to network_data.yaml	2019-03-25 10:48:40 -04:00
overcloud-resource-registry-puppet.j2.yaml	Merge "Designate: split bind instance into separate template"	2021-03-30 00:43:03 +00:00
overcloud.j2.yaml	Merge "[collectd][ansible] Add THT to deploy collectd using ansible"	2021-03-27 08:49:17 +00:00
README.rst	Remove Sahara support	2020-10-19 09:39:36 +09:00
requirements.txt	Deprecate EnablePaunch and remove Paunch support	2020-06-03 17:53:40 +00:00
roles_data_undercloud.yaml	Add FRR service	2021-03-13 18:25:42 +00:00
roles_data.yaml	Designate: split bind instance into separate template	2021-03-22 15:55:00 -02:30
setup.cfg	Add support for py39	2021-03-24 09:40:57 +00:00
setup.py	Updated from global requirements	2017-03-28 13:03:01 +00:00
test-ansible-requirements.txt	Ansible lint check in THT	2019-10-30 04:56:05 -04:00
test-requirements.txt	Add doc/requirements	2021-01-05 09:49:46 +01:00
tox.ini	Fixed tox executions	2021-03-26 15:37:07 +00:00

README.rst

Team and repository tags

tripleo-heat-templates

Heat templates to deploy OpenStack using OpenStack.

Free software: Apache License (2.0)
Documentation: https://docs.openstack.org/tripleo-docs/latest/
Source: https://opendev.org/openstack/tripleo-heat-templates
Bugs: https://bugs.launchpad.net/tripleo
Release notes: https://docs.openstack.org/releasenotes/tripleo-heat-templates/

Features

The ability to deploy a multi-node, role based OpenStack deployment using OpenStack Heat. Notable features include:

Choice of deployment/configuration tooling: puppet, (soon) docker

Role based deployment: roles for the controller, compute, ceph, swift, and cinder storage

physical network configuration: support for isolated networks, bonding, and standard ctlplane networking

Directories

A description of the directory layout in TripleO Heat Templates.

environments: contains heat environment files that can be used with -e

on the command like to enable features, etc.

extraconfig: templates used to enable 'extra' functionality. Includes

functionality for distro specific registration and upgrades.

firstboot: example first_boot scripts that can be used when initially

creating instances.

network: heat templates to help create isolated networks and ports

puppet: templates mostly driven by configuration with puppet. To use these

templates you can use the overcloud-resource-registry-puppet.yaml.

validation-scripts: validation scripts useful to all deployment

configurations

roles: example roles that can be used with the tripleoclient to generate

a roles_data.yaml for a deployment See the roles/README.rst for additional details.

Service testing matrix

The configuration for the CI scenarios will be defined in tripleo-heat-templates/ci/ and should be executed according to the following table:

-	scn000	scn001	scn002	scn003	scn004	scn006	scn007	scn009	scn010	scn013	non-ha	ovh-ha
keystone	X	X	X	X	X	X	X		X	X	X	X
glance		rbd	swift	file	rgw	file	file		rbd	file	file	file
cinder		rbd	iscsi
heat		X	X
ironic						X
mysql	X	X	X	X	X	X	X		X	X	X	X
neutron		ovn	ovn	ovn	ovn	ovn	ovs		ovn	ovn	ovn	ovn
neutron-bgpvpn					wip
ovn							X
neutron-l2gw					wip
om-rpc		rabbit	rabbit	amqp1	rabbit	rabbit	rabbit		rabbit	rabbit	rabbit	rabbit
om-notify		rabbit	rabbit	rabbit	rabbit	rabbit	rabbit		rabbit	rabbit	rabbit	rabbit
redis		X	X
haproxy		X	X	X	X	X	X		X	X	X	X
memcached		X	X	X	X	X	X		X	X	X	X
pacemaker		X	X	X	X	X	X		X	X	X	X
nova		qemu	qemu	qemu	qemu	ironic	qemu		qemu	qemu	qemu	qemu
placement		X	X	X	X	X	X		X	X	X	X
ntp	X	X	X	X	X	X	X	X	X	X	X	X
snmp	X	X	X	X	X	X	X	X	X	X	X	X
timezone	X	X	X	X	X	X	X	X	X	X	X	X
mistral				X
swift			X
aodh		X	X
ceilometer		X	X
gnocchi		rbd	swift
barbican			X
zaqar			X
cephrgw					X
cephmds					X
manila					X
collectd		X
designate				X
octavia									X	X
rear		X
Extra Firewall				X