Browse Source

Merge "Added new parameter auth_s3_keystone_ceph for storage"

Jenkins 2 years ago
parent
commit
f2943f00bf
25 changed files with 11318 additions and 7493 deletions
  1. 505
    346
      hiera/neut_tun.ceph.murano.sahara.ceil-ceph-osd.yaml
  2. 505
    346
      hiera/neut_tun.ceph.murano.sahara.ceil-compute.yaml
  3. 504
    345
      hiera/neut_tun.ceph.murano.sahara.ceil-controller.yaml
  4. 505
    346
      hiera/neut_tun.ceph.murano.sahara.ceil-mongo.yaml
  5. 504
    345
      hiera/neut_tun.ceph.murano.sahara.ceil-primary-controller.yaml
  6. 505
    346
      hiera/neut_tun.ceph.murano.sahara.ceil-primary-mongo.yaml
  7. 265
    106
      hiera/neut_tun.ironic-ironic.yaml
  8. 263
    104
      hiera/neut_tun.ironic-primary-controller.yaml
  9. 330
    171
      hiera/neut_tun.l3ha.nova_quota-primary-controller.yaml
  10. 508
    347
      hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-ceph-osd.yaml
  11. 511
    350
      hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-compute.yaml
  12. 512
    351
      hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-primary-controller.yaml
  13. 512
    351
      hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-primary-mongo.yaml
  14. 526
    367
      hiera/neut_vlan.cblock.murano.sahara.ceil-cinder-block-device.yaml
  15. 526
    367
      hiera/neut_vlan.cblock.murano.sahara.ceil-cinder.yaml
  16. 526
    367
      hiera/neut_vlan.cblock.murano.sahara.ceil-compute.yaml
  17. 522
    363
      hiera/neut_vlan.cblock.murano.sahara.ceil-controller.yaml
  18. 526
    367
      hiera/neut_vlan.cblock.murano.sahara.ceil-mongo.yaml
  19. 522
    363
      hiera/neut_vlan.cblock.murano.sahara.ceil-primary-controller.yaml
  20. 526
    367
      hiera/neut_vlan.cblock.murano.sahara.ceil-primary-mongo.yaml
  21. 462
    303
      hiera/neut_vlan.ceph-ceph-osd.yaml
  22. 462
    303
      hiera/neut_vlan.ceph-compute.yaml
  23. 462
    303
      hiera/neut_vlan.ceph-primary-controller.yaml
  24. 328
    169
      hiera/neut_vlan.dvr-primary-controller.yaml
  25. 1
    0
      utils/generate_yamls.sh

+ 505
- 346
hiera/neut_tun.ceph.murano.sahara.ceil-ceph-osd.yaml
File diff suppressed because it is too large
View File


+ 505
- 346
hiera/neut_tun.ceph.murano.sahara.ceil-compute.yaml
File diff suppressed because it is too large
View File


+ 504
- 345
hiera/neut_tun.ceph.murano.sahara.ceil-controller.yaml
File diff suppressed because it is too large
View File


+ 505
- 346
hiera/neut_tun.ceph.murano.sahara.ceil-mongo.yaml
File diff suppressed because it is too large
View File


+ 504
- 345
hiera/neut_tun.ceph.murano.sahara.ceil-primary-controller.yaml
File diff suppressed because it is too large
View File


+ 505
- 346
hiera/neut_tun.ceph.murano.sahara.ceil-primary-mongo.yaml
File diff suppressed because it is too large
View File


+ 265
- 106
hiera/neut_tun.ironic-ironic.yaml View File

@@ -8,18 +8,28 @@ access:
8 8
   tenant: admin
9 9
   user: admin
10 10
 aodh:
11
-  db_password: hiN0y3o2OFkF3f3YSTNjHiOa
12
-  user_password: x8jlEMpftPAAraa0ZLQpJUNv
11
+  db_password: XK3t8hwKU4oTYgZbhnCaPcDH
12
+  user_password: Is9h5h6ZtQBuTTSZsH0EIEom
13
+atop:
14
+  interval: '20'
15
+  metadata:
16
+    enabled: true
17
+    group: logging
18
+    label: Advanced System & Process Monitor (atop)
19
+    toggleable: false
20
+    weight: 60
21
+  rotate: '7'
22
+  service_enabled: true
13 23
 auth_key: ''
14 24
 auto_assign_floating_ip: false
15 25
 base_syslog:
16 26
   syslog_port: '514'
17
-  syslog_server: 10.145.0.2
27
+  syslog_server: 10.109.15.2
18 28
 ceilometer:
19
-  db_password: OEdIztuktwNOnB84iQYMiEFV
29
+  db_password: CZso0oeyPUsfnVFFLMoxIm0D
20 30
   enabled: false
21
-  metering_secret: sRlCMHRF8DlJoowPlI9bmyu1
22
-  user_password: yGYZVvKKbS9xrutMQRzBxoxf
31
+  metering_secret: mxFV1GvykmXPA6OmmehDYga0
32
+  user_password: GibSwXcus87vQOa3NNcAZKvf
23 33
 cgroups:
24 34
   metadata:
25 35
     always_editable: true
@@ -30,9 +40,9 @@ cgroups:
30 40
       condition: 'true'
31 41
     weight: 90
32 42
 cinder:
33
-  db_password: CkCcgdSrfEgk9tECQwwkvKXx
34
-  fixed_key: d525efbe18d743cb285319c8cd29b9c7260ad20be778331771c36cbc48f742a1
35
-  user_password: jNafNiZpYfADPKcuMWCAxAGt
43
+  db_password: tSJqjoqPJ8W5P4v4pyZtF4q5
44
+  fixed_key: d58b43cceee3b2c4ab0d02492823aca692a0cee09a1724f78946d2d4348be62d
45
+  user_password: wAhfP2Q7BH1QWry4b7EsiiUA
36 46
 cluster:
37 47
   changes:
38 48
   - name: attributes
@@ -42,16 +52,16 @@ cluster:
42 52
   - name: networks
43 53
     node_id: null
44 54
   - name: interfaces
45
-    node_id: 740
55
+    node_id: 136
46 56
   - name: disks
47
-    node_id: 740
57
+    node_id: 136
48 58
   - name: interfaces
49
-    node_id: 741
59
+    node_id: 137
50 60
   - name: disks
51
-    node_id: 741
61
+    node_id: 137
52 62
   components: []
53 63
   fuel_version: '10.0'
54
-  id: 41
64
+  id: 16
55 65
   is_customized: false
56 66
   is_locked: false
57 67
   mode: ha_compact
@@ -84,12 +94,11 @@ corosync:
84 94
 debug: false
85 95
 deployed_before:
86 96
   value: false
87
-deployment_id: 41
97
+deployment_id: 16
88 98
 deployment_mode: ha_compact
89
-dpdk: {}
90 99
 external_dns:
91 100
   dns_list:
92
-  - 10.145.0.1
101
+  - 10.109.15.1
93 102
   metadata:
94 103
     group: network
95 104
     label: Host OS DNS Servers
@@ -115,31 +124,29 @@ external_ntp:
115 124
     label: Host OS NTP Servers
116 125
     weight: 40
117 126
   ntp_list:
118
-  - 0.fuel.pool.ntp.org
119
-  - 1.fuel.pool.ntp.org
120
-  - 2.fuel.pool.ntp.org
127
+  - 10.109.15.1
121 128
 fail_if_error: false
122
-fqdn: node-741.domain.tld
129
+fqdn: node-137.test.domain.local
123 130
 fuel_version: '10.0'
124 131
 glance:
125
-  db_password: gVYTXLFWV7WSteVDyXxnRWKl
126
-  image_cache_max_size: '5368709120'
127
-  user_password: V7JwaZYhYOxc5JdUobV1CLnO
132
+  db_password: aV95ERc1H2awsqBv5ynsVzCs
133
+  image_cache_max_size: '0'
134
+  user_password: GbyVT2aXIYM9QbOElIp5L42u
128 135
 glance_glare:
129
-  user_password: quxjT5v3BpJt2TKxAtmER41f
136
+  user_password: IlesA89fZfUPihdhb6mFiT6x
130 137
 heat:
131
-  auth_encryption_key: f5d3fbe51de52233a33f5835e5b3baa0
132
-  db_password: VjX33KG2He73XV12oSKfHUEU
138
+  auth_encryption_key: e38713ea207e90bcad229ab47f602eca
139
+  db_password: L6IRVtCuYkMT6oBwlmYJj29F
133 140
   enabled: true
134
-  rabbit_password: YNbypOhrsUovBbx2SNkVzQas
135
-  user_password: 1m0kuWGegb0EdPJ3YMgU3rAm
141
+  rabbit_password: uqznniJtms7iXS78SoaqZg7A
142
+  user_password: GKSbrt4xvdz31EWHdbMjyVlv
136 143
 horizon:
137
-  secret_key: 0eb852eabb8ca3f0936d2afcaa49b17f0d671fd1879feab7c4d75cb4d7c6d0dd
144
+  secret_key: 783f0f68c486bada03e8b7972a7ac4eff6b00faed6cca53dfabd2111643f9521
138 145
 ironic:
139
-  db_password: SpHcDEIeSM0yYsReW3t30X0v
146
+  db_password: ijBdO4emlYkRiE8PRdde2QPu
140 147
   enabled: true
141
-  swift_tempurl_key: ic78itqg4AwOypiYAUjDviRo
142
-  user_password: sildb8VJkARs8fXD50HsjKWe
148
+  swift_tempurl_key: 1ve491fImsNM9EHEFOWlPNs7
149
+  user_password: actShEvuis2N2zACV90aHDVA
143 150
 kernel_params:
144 151
   kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset
145 152
   metadata:
@@ -147,12 +154,12 @@ kernel_params:
147 154
     label: Kernel parameters
148 155
     weight: 60
149 156
 keystone:
150
-  admin_token: pd48fFOmCUVVGISQjAbwOaCZ
151
-  db_password: Lao9Hl9DusSiaWUt4aSMNEt2
152
-last_controller: node-740
157
+  admin_token: DDlLc2JjWdfA8uHLafkzi2lR
158
+  db_password: lDhJ0v8CcNRVvU74frO0Bk6z
159
+last_controller: node-136
153 160
 libvirt_type: qemu
154 161
 management_network_range: 192.168.0.0/24
155
-master_ip: 10.145.0.2
162
+master_ip: 10.109.15.2
156 163
 metadata:
157 164
   label: Common
158 165
   weight: 10
@@ -164,15 +171,15 @@ mp:
164 171
 - point: '2'
165 172
   weight: '2'
166 173
 murano:
167
-  db_password: 7rrEzKatGDMPnSCTfArIYQMt
174
+  db_password: yZHREyf745Nkg5dbOcOBzhwl
168 175
   enabled: false
169
-  rabbit_password: nm6a1orjVXn8Y2knaJ1TEvOg
170
-  user_password: ZKADcckGwZkZulNkbuHGk4MZ
176
+  rabbit_password: wVUsePS5WGKafTxEla5HpNx9
177
+  user_password: USiEN1Rtj3VmGfxRzKVGdzwz
171 178
 murano-cfapi:
172
-  db_password: 9g5o2ueo6k29eEUeTGlNVPaD
179
+  db_password: 88HCOq67r1Jj8hJ77EBgECw4
173 180
   enabled: false
174
-  rabbit_password: kubLDDFDFav3izWFRZuMfZU6
175
-  user_password: U9MjJayjpEeVx8t8alI5OOs8
181
+  rabbit_password: K9w9IlR2MBLRH2GABe6v1GvM
182
+  user_password: WqNTH5DXWrYq02wNjREaliwJ
176 183
 murano_settings:
177 184
   metadata:
178 185
     group: openstack_services
@@ -185,15 +192,15 @@ murano_settings:
185 192
   murano_glance_artifacts_plugin: true
186 193
   murano_repo_url: http://storage.apps.openstack.org/
187 194
 mysql:
188
-  root_password: Y1Mq8J9MhxWeCfdMPlpHMFx0
189
-  wsrep_password: vUKmeqyDX4Ljo7VpRf6uFdU1
195
+  root_password: 5vMWTCbWnrzItzBpAHMttD53
196
+  wsrep_password: iE19Tmxi69uBVWdF7ic7Yxrc
190 197
 network_metadata:
191 198
   nodes:
192
-    node-740:
193
-      fqdn: node-740.domain.tld
194
-      name: node-740
199
+    node-136:
200
+      fqdn: node-136.test.domain.local
201
+      name: node-136
195 202
       network_roles:
196
-        admin/pxe: 10.145.0.100
203
+        admin/pxe: 10.109.15.100
197 204
         aodh/api: 192.168.0.2
198 205
         ceilometer/api: 192.168.0.2
199 206
         ceph/public: 192.168.1.2
@@ -202,7 +209,7 @@ network_metadata:
202 209
         cinder/api: 192.168.0.2
203 210
         cinder/iscsi: 192.168.1.2
204 211
         ex: 172.16.0.2
205
-        fw-admin: 10.145.0.100
212
+        fw-admin: 10.109.15.100
206 213
         glance/api: 192.168.0.2
207 214
         glance/glare: 192.168.0.2
208 215
         heat/api: 192.168.0.2
@@ -233,21 +240,21 @@ network_metadata:
233 240
       - primary-controller
234 241
       nova_cpu_pinning_enabled: false
235 242
       nova_hugepages_enabled: false
236
-      swift_zone: '740'
237
-      uid: '740'
238
-      user_node_name: node-740
239
-    node-741:
240
-      fqdn: node-741.domain.tld
241
-      name: node-741
243
+      swift_zone: '136'
244
+      uid: '136'
245
+      user_node_name: node-136
246
+    node-137:
247
+      fqdn: node-137.test.domain.local
248
+      name: node-137
242 249
       network_roles:
243
-        admin/pxe: 10.145.0.101
250
+        admin/pxe: 10.109.15.101
244 251
         aodh/api: 192.168.0.1
245 252
         ceilometer/api: 192.168.0.1
246 253
         ceph/public: 192.168.1.1
247 254
         ceph/replication: 192.168.1.1
248 255
         cinder/api: 192.168.0.1
249 256
         cinder/iscsi: 192.168.1.1
250
-        fw-admin: 10.145.0.101
257
+        fw-admin: 10.109.15.101
251 258
         glance/api: 192.168.0.1
252 259
         glance/glare: 192.168.0.1
253 260
         heat/api: 192.168.0.1
@@ -277,9 +284,9 @@ network_metadata:
277 284
       - ironic
278 285
       nova_cpu_pinning_enabled: false
279 286
       nova_hugepages_enabled: false
280
-      swift_zone: '741'
281
-      uid: '741'
282
-      user_node_name: node-741
287
+      swift_zone: '137'
288
+      uid: '137'
289
+      user_node_name: node-137
283 290
   vips:
284 291
     baremetal:
285 292
       ipaddr: 192.168.3.4
@@ -351,10 +358,10 @@ network_scheme:
351 358
       - 192.168.3.2/24
352 359
     br-fw-admin:
353 360
       IP:
354
-      - 10.145.0.101/24
355
-      gateway: 10.145.0.1
361
+      - 10.109.15.101/24
362
+      gateway: 10.109.15.1
356 363
       vendor_specific:
357
-        provider_gateway: 10.145.0.1
364
+        provider_gateway: 10.109.15.1
358 365
     br-mgmt:
359 366
       IP:
360 367
       - 192.168.0.1/24
@@ -648,33 +655,32 @@ node_volumes:
648 655
     size: 10240
649 656
     type: lv
650 657
 nodes:
651
-- fqdn: node-740.domain.tld
658
+- fqdn: node-136.test.domain.local
652 659
   internal_address: 192.168.0.2
653 660
   internal_netmask: 255.255.255.0
654
-  name: node-740
661
+  name: node-136
655 662
   public_address: 172.16.0.2
656 663
   public_netmask: 255.255.255.0
657 664
   role: primary-controller
658 665
   storage_address: 192.168.1.2
659 666
   storage_netmask: 255.255.255.0
660
-  swift_zone: '740'
661
-  uid: '740'
662
-  user_node_name: node-740
663
-- fqdn: node-741.domain.tld
667
+  swift_zone: '136'
668
+  uid: '136'
669
+  user_node_name: node-136
670
+- fqdn: node-137.test.domain.local
664 671
   internal_address: 192.168.0.1
665 672
   internal_netmask: 255.255.255.0
666
-  name: node-741
673
+  name: node-137
667 674
   role: ironic
668 675
   storage_address: 192.168.1.1
669 676
   storage_netmask: 255.255.255.0
670
-  swift_zone: '741'
671
-  uid: '741'
672
-  user_node_name: node-741
677
+  swift_zone: '137'
678
+  uid: '137'
679
+  user_node_name: node-137
673 680
 nova:
674
-  db_password: ximHMQh7wIu6fTNtd4F74AKg
675
-  enable_hugepages: false
681
+  db_password: 18zVWBhBwdoIK35EypULM1Zu
676 682
   state_path: /var/lib/nova
677
-  user_password: ZcQNkzkXWFTxtFnu9tdAql2w
683
+  user_password: VeZGjOU9hNaKN45n9Fthmyvw
678 684
 nova_quota: false
679 685
 online: true
680 686
 openstack_version: newton-10.0
@@ -686,7 +692,7 @@ operator_user:
686 692
     label: Operating System Access
687 693
     weight: 15
688 694
   name: fueladmin
689
-  password: wD9IlVwqhzq1zhXpazD25x6r
695
+  password: 3tNpoXbQvRKZHZ9psDygPVg3
690 696
   sudo: 'ALL=(ALL) NOPASSWD: ALL'
691 697
 plugins: []
692 698
 propagate_task_deploy: false
@@ -696,11 +702,11 @@ provision:
696 702
     /:
697 703
       container: gzip
698 704
       format: ext4
699
-      uri: http://10.145.0.2:8080/targetimages/env_41_ubuntu_1404_amd64.img.gz
705
+      uri: http://10.109.15.2:8080/targetimages/env_16_ubuntu_1404_amd64.img.gz
700 706
     /boot:
701 707
       container: gzip
702 708
       format: ext2
703
-      uri: http://10.145.0.2:8080/targetimages/env_41_ubuntu_1404_amd64-boot.img.gz
709
+      uri: http://10.109.15.2:8080/targetimages/env_16_ubuntu_1404_amd64-boot.img.gz
704 710
   metadata:
705 711
     group: general
706 712
     label: Provision
@@ -822,8 +828,8 @@ public_ssl:
822 828
     weight: 110
823 829
   services: false
824 830
 puppet:
825
-  manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/
826
-  modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/
831
+  manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/
832
+  modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/
827 833
 puppet_debug: true
828 834
 quantum: true
829 835
 quantum_settings:
@@ -843,13 +849,13 @@ quantum_settings:
843 849
   L3:
844 850
     use_namespaces: true
845 851
   database:
846
-    passwd: pZ4pgrDVFXSG2obDDj3Vwnaz
852
+    passwd: ZEJrfn9yx71l5aYyKBZJMdt4
847 853
   default_floating_net: admin_floating_net
848 854
   default_private_net: admin_internal_net
849 855
   keystone:
850
-    admin_password: XFaVfyWNLjsQ4GNpOspB8xaA
856
+    admin_password: adsQgnCTB8cBPXNSeOVZglpn
851 857
   metadata:
852
-    metadata_proxy_shared_secret: 6oEnHzzkWBlDcf4btBTLGx0t
858
+    metadata_proxy_shared_secret: HBY2MsQRtFqok6acSnmm93pM
853 859
   predefined_networks:
854 860
     admin_floating_net:
855 861
       L2:
@@ -899,7 +905,7 @@ quantum_settings:
899 905
       shared: true
900 906
       tenant: admin
901 907
 rabbit:
902
-  password: MDx8hLMqPNKdnM0v2tAVbz54
908
+  password: w6mkP2ae9VxqAvVTCt5QLXL7
903 909
 release:
904 910
   attributes_metadata:
905 911
     editable:
@@ -1007,6 +1013,49 @@ release:
1007 1013
           type: checkbox
1008 1014
           value: false
1009 1015
           weight: 10
1016
+      atop:
1017
+        interval:
1018
+          description: Interval between the snapshots in seconds
1019
+          label: Interval between the snapshots
1020
+          regex:
1021
+            error: Should be a number of seconds
1022
+            source: ^[1-9]\d*$
1023
+          restrictions:
1024
+          - action: hide
1025
+            condition: settings:atop.service_enabled.value == false
1026
+          type: text
1027
+          value: '20'
1028
+          weight: 20
1029
+        metadata:
1030
+          enabled: true
1031
+          group: logging
1032
+          label: Advanced System & Process Monitor (atop)
1033
+          toggleable: false
1034
+          weight: 60
1035
+        rotate:
1036
+          description: Number of days to keep log files
1037
+          label: Rotate days
1038
+          regex:
1039
+            error: Should be a number of days
1040
+            source: ^[1-9]\d*$
1041
+          restrictions:
1042
+          - action: hide
1043
+            condition: settings:atop.service_enabled.value == false
1044
+          type: text
1045
+          value: '7'
1046
+          weight: 30
1047
+        service_enabled:
1048
+          description: 'NOTE: When enabled, the service may generate logs up to a
1049
+            gigabyte in size per day.
1050
+
1051
+            This should be taken into consideration when determining the correct size
1052
+            for the log partition.
1053
+
1054
+            '
1055
+          label: Enable atop service
1056
+          type: checkbox
1057
+          value: true
1058
+          weight: 10
1010 1059
       cgroups:
1011 1060
         metadata:
1012 1061
           always_editable: true
@@ -1089,6 +1138,18 @@ release:
1089 1138
           type: checkbox
1090 1139
           value: true
1091 1140
           weight: 50
1141
+        run_ping_checker:
1142
+          description: Uncheck this box if the public gateway will not be available
1143
+            or will not respond to ICMP requests to the deployed cluster. If unchecked,
1144
+            the controllers will not take public gateway availability into account
1145
+            as part of the cluster health.  If the cluster will not have internet
1146
+            access, you will need to make sure to provide proper offline mirrors for
1147
+            the deployment to succeed.
1148
+          group: network
1149
+          label: Public Gateway is Available
1150
+          type: checkbox
1151
+          value: true
1152
+          weight: 50
1092 1153
         task_deploy:
1093 1154
           type: hidden
1094 1155
           value: true
@@ -1509,6 +1570,9 @@ release:
1509 1570
           description: Your DNS entries should point to this name. Self-signed certificates
1510 1571
             also will use this hostname
1511 1572
           label: DNS hostname for public TLS endpoints
1573
+          regex:
1574
+            error: Invalid DNS hostname
1575
+            source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$
1512 1576
           restrictions:
1513 1577
           - action: hide
1514 1578
             condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value
@@ -1543,8 +1607,6 @@ release:
1543 1607
             Please make sure your Fuel master node has Internet access to the repository
1544 1608
             before attempting to create a mirror.
1545 1609
 
1546
-            For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops).
1547
-
1548 1610
             '
1549 1611
           extra_priority: null
1550 1612
           type: custom_repo_configuration
@@ -1621,11 +1683,70 @@ release:
1621 1683
         sudo:
1622 1684
           type: hidden
1623 1685
           value: 'ALL=(ALL) NOPASSWD: ALL'
1686
+      ssh:
1687
+        brute_force_protection:
1688
+          description: When enabled, the access from all networks (except the provided
1689
+            ones) will be granted, but the networks will be checked against the brute
1690
+            force attack.
1691
+          label: Brute force protection
1692
+          restrictions:
1693
+          - action: hide
1694
+            condition: settings:ssh.security_enabled.value == false
1695
+          type: checkbox
1696
+          value: false
1697
+          weight: 30
1698
+        metadata:
1699
+          enabled: true
1700
+          group: security
1701
+          label: SSH security
1702
+          toggleable: false
1703
+          weight: 120
1704
+        security_enabled:
1705
+          description: 'NOTE: When enabled, provide at least one working IP address
1706
+            (the Fuel Master node IP is already added).
1707
+
1708
+            We recommend adding new addresses instead of replacing the provided Fuel
1709
+            Master node IP.
1710
+
1711
+            When disabled (by default), the admin, management, and storage networks
1712
+            are only allowed to connect to the SSH service.
1713
+
1714
+            '
1715
+          label: Restrict SSH service on network
1716
+          type: checkbox
1717
+          value: false
1718
+          weight: 10
1719
+        security_networks:
1720
+          description: IPv4/CIDR address
1721
+          label: Restrict access to
1722
+          regex:
1723
+            error: Invalid IPv4/CIDR address
1724
+            source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$
1725
+          restrictions:
1726
+          - action: hide
1727
+            condition: settings:ssh.security_enabled.value == false
1728
+          type: text_list
1729
+          value:
1730
+          - '{settings.MASTER_IP}'
1731
+          weight: 20
1624 1732
       storage:
1625 1733
         admin_key:
1626 1734
           type: hidden
1627 1735
           value:
1628 1736
             generator: cephx_key
1737
+        auth_s3_keystone_ceph:
1738
+          description: This allows to authenticate S3 requests basing on EC2/S3 credentials
1739
+            managed by Keystone. Please note that enabling the integration will increase
1740
+            the latency of S3 requests as well as load on Keystone service. Please
1741
+            consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating
1742
+            the risks related with load.
1743
+          label: Enable S3 API Authentication via Keystone in Ceph RadosGW
1744
+          restrictions:
1745
+          - action: hide
1746
+            condition: settings:storage.objects_ceph.value == false
1747
+          type: checkbox
1748
+          value: false
1749
+          weight: 82
1629 1750
         bootstrap_osd_key:
1630 1751
           type: hidden
1631 1752
           value:
@@ -1678,6 +1799,9 @@ release:
1678 1799
             and Swift API Interfaces. If enabled, this option will prevent Swift from
1679 1800
             installing.
1680 1801
           label: Ceph RadosGW for objects (Swift API)
1802
+          restrictions:
1803
+          - settings:storage.images_ceph.value == false: Ceph RBD for Images should
1804
+              be selected.
1681 1805
           type: checkbox
1682 1806
           value: false
1683 1807
           weight: 80
@@ -1918,6 +2042,12 @@ release:
1918 2042
     description: dialog.create_cluster_wizard.compute.qemu_description
1919 2043
     label: dialog.create_cluster_wizard.compute.qemu
1920 2044
     name: hypervisor:qemu
2045
+    requires:
2046
+    - one_of:
2047
+        items:
2048
+        - network:neutron:ml2:vlan
2049
+        - network:neutron:ml2:tun
2050
+        message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend
1921 2051
     weight: 5
1922 2052
   - bind:
1923 2053
     - settings:common.use_vcenter.value
@@ -1927,8 +2057,16 @@ release:
1927 2057
     label: dialog.create_cluster_wizard.compute.vcenter
1928 2058
     name: hypervisor:vmware
1929 2059
     requires:
1930
-    - message: dialog.create_cluster_wizard.compute.vcenter_warning
1931
-      name: hypervisor:qemu
2060
+    - one_of:
2061
+        items:
2062
+        - hypervisor:qemu
2063
+        message: dialog.create_cluster_wizard.compute.vcenter_warning
2064
+    - one_of:
2065
+        items:
2066
+        - network:neutron:ml2:dvs
2067
+        - network:neutron:ml2:nsx
2068
+        message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend
2069
+        message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins
1932 2070
     weight: 15
1933 2071
   - compatible:
1934 2072
     - name: hypervisor:*
@@ -1955,7 +2093,9 @@ release:
1955 2093
     label: common.network.neutron_vlan
1956 2094
     name: network:neutron:ml2:vlan
1957 2095
     requires:
1958
-    - name: network:neutron:core:ml2
2096
+    - one_of:
2097
+        items:
2098
+        - network:neutron:core:ml2
1959 2099
     weight: 5
1960 2100
   - bind:
1961 2101
     - - cluster:net_provider
@@ -1976,7 +2116,9 @@ release:
1976 2116
     label: common.network.neutron_tun
1977 2117
     name: network:neutron:ml2:tun
1978 2118
     requires:
1979
-    - name: network:neutron:core:ml2
2119
+    - one_of:
2120
+        items:
2121
+        - network:neutron:core:ml2
1980 2122
     weight: 10
1981 2123
   - bind:
1982 2124
     - settings:storage.volumes_lvm.value
@@ -2224,6 +2366,7 @@ release:
2224 2366
       restrictions:
2225 2367
       - action: hide
2226 2368
         condition: settings:common.use_vcenter.value == false
2369
+        message: VMware vCenter not enabled for cluster
2227 2370
       weight: 40
2228 2371
     compute:
2229 2372
       description: A Compute node creates, manages, and terminates virtual machine
@@ -2253,10 +2396,12 @@ release:
2253 2396
       restrictions:
2254 2397
       - action: hide
2255 2398
         condition: settings:common.use_vcenter.value == false
2399
+        message: VMware vCenter not enabled for cluster
2256 2400
       weight: 90
2257 2401
     controller:
2258 2402
       conflicts:
2259 2403
       - compute
2404
+      - ceph-osd
2260 2405
       description: The Controller initiates orchestration activities and provides
2261 2406
         an external API.  Other components like Glance (image storage), Keystone (identity
2262 2407
         management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed
@@ -2328,6 +2473,7 @@ release:
2328 2473
       restrictions:
2329 2474
       - action: hide
2330 2475
         condition: not ('advanced' in version:feature_groups)
2476
+        message: Advanced feature should be enabled in feature groups
2331 2477
       weight: 80
2332 2478
   state: available
2333 2479
   version: newton-10.0
@@ -2499,7 +2645,7 @@ repo_setup:
2499 2645
     section: main restricted
2500 2646
     suite: mos10.0
2501 2647
     type: deb
2502
-    uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64
2648
+    uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64
2503 2649
   - name: mos-updates
2504 2650
     priority: 1050
2505 2651
     section: main restricted
@@ -2523,14 +2669,15 @@ repo_setup:
2523 2669
     section: main restricted
2524 2670
     suite: auxiliary
2525 2671
     type: deb
2526
-    uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary
2672
+    uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary
2527 2673
 resume_guests_state_on_host_boot: true
2528 2674
 roles:
2529 2675
 - ironic
2676
+run_ping_checker: true
2530 2677
 sahara:
2531
-  db_password: 5GouiTv573FXUKSa2JfE2it0
2678
+  db_password: fyBBOKHmjHXJBzwKg6znoojB
2532 2679
   enabled: false
2533
-  user_password: sUFDBiM0LhyEqWCHxvK42N1D
2680
+  user_password: xnpoIx0CBaJKmeumgAThJ6yC
2534 2681
 service_user:
2535 2682
   homedir: /var/lib/fuel
2536 2683
   metadata:
@@ -2541,22 +2688,34 @@ service_user:
2541 2688
       condition: 'true'
2542 2689
     weight: 10
2543 2690
   name: fuel
2544
-  password: 3nD8uFmJWnF1rrOHdidayYuW
2691
+  password: 9paPtyxDUWvzFuubRywN8wa2
2545 2692
   root_password: r00tme
2546 2693
   sudo: 'ALL=(ALL) NOPASSWD: ALL'
2694
+ssh:
2695
+  brute_force_protection: false
2696
+  metadata:
2697
+    enabled: true
2698
+    group: security
2699
+    label: SSH security
2700
+    toggleable: false
2701
+    weight: 120
2702
+  security_enabled: false
2703
+  security_networks:
2704
+  - 10.109.15.2
2547 2705
 status: discover
2548 2706
 storage:
2549
-  admin_key: AQAiekhXAAAAABAADbWfvinwBeGWEi7JRaWgag==
2550
-  bootstrap_osd_key: AQAiekhXAAAAABAAamKsawxkXm99kXmEhWaSGw==
2707
+  admin_key: AQANCKNXAAAAABAAICIGZeGjdsW4rt37/MYwPg==
2708
+  auth_s3_keystone_ceph: false
2709
+  bootstrap_osd_key: AQANCKNXAAAAABAA4XLpGtBmnq+8ECO0ASkafA==
2551 2710
   ephemeral_ceph: false
2552
-  fsid: 6da4a04e-fd5c-4ec8-a394-ae009c5c2f92
2711
+  fsid: be75cde4-f083-41b2-a4ca-c3f03e85ff10
2553 2712
   images_ceph: false
2554 2713
   images_vcenter: false
2555 2714
   metadata:
2556 2715
     group: storage
2557 2716
     label: Storage Backends
2558 2717
     weight: 60
2559
-  mon_key: AQAiekhXAAAAABAARw76hwzKmf/x/I0uoyUsnA==
2718
+  mon_key: AQANCKNXAAAAABAAIUS/B+09OlDWDN7VfezDFw==
2560 2719
   objects_ceph: false
2561 2720
   osd_pool_size: '3'
2562 2721
   per_pool_pg_nums:
@@ -2567,13 +2726,13 @@ storage:
2567 2726
     images: 128
2568 2727
     volumes: 128
2569 2728
   pg_num: 128
2570
-  radosgw_key: AQAiekhXAAAAABAABpQ0tuYU91Jzib/P7uohdw==
2729
+  radosgw_key: AQANCKNXAAAAABAAUBrikUvMh/a+EG8+eIq3VA==
2571 2730
   volumes_block_device: false
2572 2731
   volumes_ceph: false
2573 2732
   volumes_lvm: true
2574 2733
 storage_network_range: 192.168.1.0/24
2575 2734
 swift:
2576
-  user_password: vB61iOPXKRG66V9taTym4NjB
2735
+  user_password: GSQibP0IGrKQkAfXr9INmFUU
2577 2736
 syslog:
2578 2737
   metadata:
2579 2738
     enabled: false
@@ -2595,10 +2754,10 @@ test_vm_image:
2595 2754
   os_name: cirros
2596 2755
   properties: {}
2597 2756
   public: 'true'
2598
-uid: '741'
2757
+uid: '137'
2599 2758
 use_cow_images: true
2600 2759
 use_vcenter: false
2601
-user_node_name: node-741
2760
+user_node_name: node-137
2602 2761
 vms_conf: []
2603 2762
 workloads_collector:
2604 2763
   create_user: false
@@ -2610,6 +2769,6 @@ workloads_collector:
2610 2769
     - action: hide
2611 2770
       condition: 'true'
2612 2771
     weight: 10
2613
-  password: Np6WzPrfRrNNg88sRYY0mp7l
2772
+  password: lxMOZvzTNujuIE7lVdaQyzzP
2614 2773
   tenant: services
2615 2774
   username: fuel_stats_user

+ 263
- 104
hiera/neut_tun.ironic-primary-controller.yaml View File

@@ -8,18 +8,28 @@ access:
8 8
   tenant: admin
9 9
   user: admin
10 10
 aodh:
11
-  db_password: hiN0y3o2OFkF3f3YSTNjHiOa
12
-  user_password: x8jlEMpftPAAraa0ZLQpJUNv
11
+  db_password: XK3t8hwKU4oTYgZbhnCaPcDH
12
+  user_password: Is9h5h6ZtQBuTTSZsH0EIEom
13
+atop:
14
+  interval: '20'
15
+  metadata:
16
+    enabled: true
17
+    group: logging
18
+    label: Advanced System & Process Monitor (atop)
19
+    toggleable: false
20
+    weight: 60
21
+  rotate: '7'
22
+  service_enabled: true
13 23
 auth_key: ''
14 24
 auto_assign_floating_ip: false
15 25
 base_syslog:
16 26
   syslog_port: '514'
17
-  syslog_server: 10.145.0.2
27
+  syslog_server: 10.109.15.2
18 28
 ceilometer:
19
-  db_password: OEdIztuktwNOnB84iQYMiEFV
29
+  db_password: CZso0oeyPUsfnVFFLMoxIm0D
20 30
   enabled: false
21
-  metering_secret: sRlCMHRF8DlJoowPlI9bmyu1
22
-  user_password: yGYZVvKKbS9xrutMQRzBxoxf
31
+  metering_secret: mxFV1GvykmXPA6OmmehDYga0
32
+  user_password: GibSwXcus87vQOa3NNcAZKvf
23 33
 cgroups:
24 34
   metadata:
25 35
     always_editable: true
@@ -30,9 +40,9 @@ cgroups:
30 40
       condition: 'true'
31 41
     weight: 90
32 42
 cinder:
33
-  db_password: CkCcgdSrfEgk9tECQwwkvKXx
34
-  fixed_key: d525efbe18d743cb285319c8cd29b9c7260ad20be778331771c36cbc48f742a1
35
-  user_password: jNafNiZpYfADPKcuMWCAxAGt
43
+  db_password: tSJqjoqPJ8W5P4v4pyZtF4q5
44
+  fixed_key: d58b43cceee3b2c4ab0d02492823aca692a0cee09a1724f78946d2d4348be62d
45
+  user_password: wAhfP2Q7BH1QWry4b7EsiiUA
36 46
 cluster:
37 47
   changes:
38 48
   - name: attributes
@@ -42,16 +52,16 @@ cluster:
42 52
   - name: networks
43 53
     node_id: null
44 54
   - name: interfaces
45
-    node_id: 740
55
+    node_id: 136
46 56
   - name: disks
47
-    node_id: 740
57
+    node_id: 136
48 58
   - name: interfaces
49
-    node_id: 741
59
+    node_id: 137
50 60
   - name: disks
51
-    node_id: 741
61
+    node_id: 137
52 62
   components: []
53 63
   fuel_version: '10.0'
54
-  id: 41
64
+  id: 16
55 65
   is_customized: false
56 66
   is_locked: false
57 67
   mode: ha_compact
@@ -84,12 +94,11 @@ corosync:
84 94
 debug: false
85 95
 deployed_before:
86 96
   value: false
87
-deployment_id: 41
97
+deployment_id: 16
88 98
 deployment_mode: ha_compact
89
-dpdk: {}
90 99
 external_dns:
91 100
   dns_list:
92
-  - 10.145.0.1
101
+  - 10.109.15.1
93 102
   metadata:
94 103
     group: network
95 104
     label: Host OS DNS Servers
@@ -115,31 +124,29 @@ external_ntp:
115 124
     label: Host OS NTP Servers
116 125
     weight: 40
117 126
   ntp_list:
118
-  - 0.fuel.pool.ntp.org
119
-  - 1.fuel.pool.ntp.org
120
-  - 2.fuel.pool.ntp.org
127
+  - 10.109.15.1
121 128
 fail_if_error: true
122
-fqdn: node-740.domain.tld
129
+fqdn: node-136.test.domain.local
123 130
 fuel_version: '10.0'
124 131
 glance:
125
-  db_password: gVYTXLFWV7WSteVDyXxnRWKl
132
+  db_password: aV95ERc1H2awsqBv5ynsVzCs
126 133
   image_cache_max_size: '389537175961'
127
-  user_password: V7JwaZYhYOxc5JdUobV1CLnO
134
+  user_password: GbyVT2aXIYM9QbOElIp5L42u
128 135
 glance_glare:
129
-  user_password: quxjT5v3BpJt2TKxAtmER41f
136
+  user_password: IlesA89fZfUPihdhb6mFiT6x
130 137
 heat:
131
-  auth_encryption_key: f5d3fbe51de52233a33f5835e5b3baa0
132
-  db_password: VjX33KG2He73XV12oSKfHUEU
138
+  auth_encryption_key: e38713ea207e90bcad229ab47f602eca
139
+  db_password: L6IRVtCuYkMT6oBwlmYJj29F
133 140
   enabled: true
134
-  rabbit_password: YNbypOhrsUovBbx2SNkVzQas
135
-  user_password: 1m0kuWGegb0EdPJ3YMgU3rAm
141
+  rabbit_password: uqznniJtms7iXS78SoaqZg7A
142
+  user_password: GKSbrt4xvdz31EWHdbMjyVlv
136 143
 horizon:
137
-  secret_key: 0eb852eabb8ca3f0936d2afcaa49b17f0d671fd1879feab7c4d75cb4d7c6d0dd
144
+  secret_key: 783f0f68c486bada03e8b7972a7ac4eff6b00faed6cca53dfabd2111643f9521
138 145
 ironic:
139
-  db_password: SpHcDEIeSM0yYsReW3t30X0v
146
+  db_password: ijBdO4emlYkRiE8PRdde2QPu
140 147
   enabled: true
141
-  swift_tempurl_key: ic78itqg4AwOypiYAUjDviRo
142
-  user_password: sildb8VJkARs8fXD50HsjKWe
148
+  swift_tempurl_key: 1ve491fImsNM9EHEFOWlPNs7
149
+  user_password: actShEvuis2N2zACV90aHDVA
143 150
 kernel_params:
144 151
   kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset
145 152
   metadata:
@@ -147,12 +154,12 @@ kernel_params:
147 154
     label: Kernel parameters
148 155
     weight: 60
149 156
 keystone:
150
-  admin_token: pd48fFOmCUVVGISQjAbwOaCZ
151
-  db_password: Lao9Hl9DusSiaWUt4aSMNEt2
152
-last_controller: node-740
157
+  admin_token: DDlLc2JjWdfA8uHLafkzi2lR
158
+  db_password: lDhJ0v8CcNRVvU74frO0Bk6z
159
+last_controller: node-136
153 160
 libvirt_type: qemu
154 161
 management_network_range: 192.168.0.0/24
155
-master_ip: 10.145.0.2
162
+master_ip: 10.109.15.2
156 163
 metadata:
157 164
   label: Common
158 165
   weight: 10
@@ -164,15 +171,15 @@ mp:
164 171
 - point: '2'
165 172
   weight: '2'
166 173
 murano:
167
-  db_password: 7rrEzKatGDMPnSCTfArIYQMt
174
+  db_password: yZHREyf745Nkg5dbOcOBzhwl
168 175
   enabled: false
169
-  rabbit_password: nm6a1orjVXn8Y2knaJ1TEvOg
170
-  user_password: ZKADcckGwZkZulNkbuHGk4MZ
176
+  rabbit_password: wVUsePS5WGKafTxEla5HpNx9
177
+  user_password: USiEN1Rtj3VmGfxRzKVGdzwz
171 178
 murano-cfapi:
172
-  db_password: 9g5o2ueo6k29eEUeTGlNVPaD
179
+  db_password: 88HCOq67r1Jj8hJ77EBgECw4
173 180
   enabled: false
174
-  rabbit_password: kubLDDFDFav3izWFRZuMfZU6
175
-  user_password: U9MjJayjpEeVx8t8alI5OOs8
181
+  rabbit_password: K9w9IlR2MBLRH2GABe6v1GvM
182
+  user_password: WqNTH5DXWrYq02wNjREaliwJ
176 183
 murano_settings:
177 184
   metadata:
178 185
     group: openstack_services
@@ -185,15 +192,15 @@ murano_settings:
185 192
   murano_glance_artifacts_plugin: true
186 193
   murano_repo_url: http://storage.apps.openstack.org/
187 194
 mysql:
188
-  root_password: Y1Mq8J9MhxWeCfdMPlpHMFx0
189
-  wsrep_password: vUKmeqyDX4Ljo7VpRf6uFdU1
195
+  root_password: 5vMWTCbWnrzItzBpAHMttD53
196
+  wsrep_password: iE19Tmxi69uBVWdF7ic7Yxrc
190 197
 network_metadata:
191 198
   nodes:
192
-    node-740:
193
-      fqdn: node-740.domain.tld
194
-      name: node-740
199
+    node-136:
200
+      fqdn: node-136.test.domain.local
201
+      name: node-136
195 202
       network_roles:
196
-        admin/pxe: 10.145.0.100
203
+        admin/pxe: 10.109.15.100
197 204
         aodh/api: 192.168.0.2
198 205
         ceilometer/api: 192.168.0.2
199 206
         ceph/public: 192.168.1.2
@@ -202,7 +209,7 @@ network_metadata:
202 209
         cinder/api: 192.168.0.2
203 210
         cinder/iscsi: 192.168.1.2
204 211
         ex: 172.16.0.2
205
-        fw-admin: 10.145.0.100
212
+        fw-admin: 10.109.15.100
206 213
         glance/api: 192.168.0.2
207 214
         glance/glare: 192.168.0.2
208 215
         heat/api: 192.168.0.2
@@ -233,21 +240,21 @@ network_metadata:
233 240
       - primary-controller
234 241
       nova_cpu_pinning_enabled: false
235 242
       nova_hugepages_enabled: false
236
-      swift_zone: '740'
237
-      uid: '740'
238
-      user_node_name: node-740
239
-    node-741:
240
-      fqdn: node-741.domain.tld
241
-      name: node-741
243
+      swift_zone: '136'
244
+      uid: '136'
245
+      user_node_name: node-136
246
+    node-137:
247
+      fqdn: node-137.test.domain.local
248
+      name: node-137
242 249
       network_roles:
243
-        admin/pxe: 10.145.0.101
250
+        admin/pxe: 10.109.15.101
244 251
         aodh/api: 192.168.0.1
245 252
         ceilometer/api: 192.168.0.1
246 253
         ceph/public: 192.168.1.1
247 254
         ceph/replication: 192.168.1.1
248 255
         cinder/api: 192.168.0.1
249 256
         cinder/iscsi: 192.168.1.1
250
-        fw-admin: 10.145.0.101
257
+        fw-admin: 10.109.15.101
251 258
         glance/api: 192.168.0.1
252 259
         glance/glare: 192.168.0.1
253 260
         heat/api: 192.168.0.1
@@ -277,9 +284,9 @@ network_metadata:
277 284
       - ironic
278 285
       nova_cpu_pinning_enabled: false
279 286
       nova_hugepages_enabled: false
280
-      swift_zone: '741'
281
-      uid: '741'
282
-      user_node_name: node-741
287
+      swift_zone: '137'
288
+      uid: '137'
289
+      user_node_name: node-137
283 290
   vips:
284 291
     baremetal:
285 292
       ipaddr: 192.168.3.4
@@ -359,9 +366,9 @@ network_scheme:
359 366
       IP: none
360 367
     br-fw-admin:
361 368
       IP:
362
-      - 10.145.0.100/24
369
+      - 10.109.15.100/24
363 370
       vendor_specific:
364
-        provider_gateway: 10.145.0.1
371
+        provider_gateway: 10.109.15.1
365 372
     br-mgmt:
366 373
       IP:
367 374
       - 192.168.0.2/24
@@ -778,33 +785,32 @@ node_volumes:
778 785
     size: 11264
779 786
     type: lv
780 787
 nodes:
781
-- fqdn: node-740.domain.tld
788
+- fqdn: node-136.test.domain.local
782 789
   internal_address: 192.168.0.2
783 790
   internal_netmask: 255.255.255.0
784
-  name: node-740
791
+  name: node-136
785 792
   public_address: 172.16.0.2
786 793
   public_netmask: 255.255.255.0
787 794
   role: primary-controller
788 795
   storage_address: 192.168.1.2
789 796
   storage_netmask: 255.255.255.0
790
-  swift_zone: '740'
791
-  uid: '740'
792
-  user_node_name: node-740
793
-- fqdn: node-741.domain.tld
797
+  swift_zone: '136'
798
+  uid: '136'
799
+  user_node_name: node-136
800
+- fqdn: node-137.test.domain.local
794 801
   internal_address: 192.168.0.1
795 802
   internal_netmask: 255.255.255.0
796
-  name: node-741
803
+  name: node-137
797 804
   role: ironic
798 805
   storage_address: 192.168.1.1
799 806
   storage_netmask: 255.255.255.0
800
-  swift_zone: '741'
801
-  uid: '741'
802
-  user_node_name: node-741
807
+  swift_zone: '137'
808
+  uid: '137'
809
+  user_node_name: node-137
803 810
 nova:
804
-  db_password: ximHMQh7wIu6fTNtd4F74AKg
805
-  enable_hugepages: false
811
+  db_password: 18zVWBhBwdoIK35EypULM1Zu
806 812
   state_path: /var/lib/nova
807
-  user_password: ZcQNkzkXWFTxtFnu9tdAql2w
813
+  user_password: VeZGjOU9hNaKN45n9Fthmyvw
808 814
 nova_quota: false
809 815
 online: true
810 816
 openstack_version: newton-10.0
@@ -816,7 +822,7 @@ operator_user:
816 822
     label: Operating System Access
817 823
     weight: 15
818 824
   name: fueladmin
819
-  password: wD9IlVwqhzq1zhXpazD25x6r
825
+  password: 3tNpoXbQvRKZHZ9psDygPVg3
820 826
   sudo: 'ALL=(ALL) NOPASSWD: ALL'
821 827
 plugins: []
822 828
 propagate_task_deploy: false
@@ -826,11 +832,11 @@ provision:
826 832
     /:
827 833
       container: gzip
828 834
       format: ext4
829
-      uri: http://10.145.0.2:8080/targetimages/env_41_ubuntu_1404_amd64.img.gz
835
+      uri: http://10.109.15.2:8080/targetimages/env_16_ubuntu_1404_amd64.img.gz
830 836
     /boot:
831 837
       container: gzip
832 838
       format: ext2
833
-      uri: http://10.145.0.2:8080/targetimages/env_41_ubuntu_1404_amd64-boot.img.gz
839
+      uri: http://10.109.15.2:8080/targetimages/env_16_ubuntu_1404_amd64-boot.img.gz
834 840
   metadata:
835 841
     group: general
836 842
     label: Provision
@@ -952,8 +958,8 @@ public_ssl:
952 958
     weight: 110
953 959
   services: false
954 960
 puppet:
955
-  manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/
956
-  modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/
961
+  manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/
962
+  modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/
957 963
 puppet_debug: true
958 964
 quantum: true
959 965
 quantum_settings:
@@ -973,13 +979,13 @@ quantum_settings:
973 979
   L3:
974 980
     use_namespaces: true
975 981
   database:
976
-    passwd: pZ4pgrDVFXSG2obDDj3Vwnaz
982
+    passwd: ZEJrfn9yx71l5aYyKBZJMdt4
977 983
   default_floating_net: admin_floating_net
978 984
   default_private_net: admin_internal_net
979 985
   keystone:
980
-    admin_password: XFaVfyWNLjsQ4GNpOspB8xaA
986
+    admin_password: adsQgnCTB8cBPXNSeOVZglpn
981 987
   metadata:
982
-    metadata_proxy_shared_secret: 6oEnHzzkWBlDcf4btBTLGx0t
988
+    metadata_proxy_shared_secret: HBY2MsQRtFqok6acSnmm93pM
983 989
   predefined_networks:
984 990
     admin_floating_net:
985 991
       L2:
@@ -1029,7 +1035,7 @@ quantum_settings:
1029 1035
       shared: true
1030 1036
       tenant: admin
1031 1037
 rabbit:
1032
-  password: MDx8hLMqPNKdnM0v2tAVbz54
1038
+  password: w6mkP2ae9VxqAvVTCt5QLXL7
1033 1039
 release:
1034 1040
   attributes_metadata:
1035 1041
     editable:
@@ -1137,6 +1143,49 @@ release:
1137 1143
           type: checkbox
1138 1144
           value: false
1139 1145
           weight: 10
1146
+      atop:
1147
+        interval:
1148
+          description: Interval between the snapshots in seconds
1149
+          label: Interval between the snapshots
1150
+          regex:
1151
+            error: Should be a number of seconds
1152
+            source: ^[1-9]\d*$
1153
+          restrictions:
1154
+          - action: hide
1155
+            condition: settings:atop.service_enabled.value == false
1156
+          type: text
1157
+          value: '20'
1158
+          weight: 20
1159
+        metadata:
1160
+          enabled: true
1161
+          group: logging
1162
+          label: Advanced System & Process Monitor (atop)
1163
+          toggleable: false
1164
+          weight: 60
1165
+        rotate:
1166
+          description: Number of days to keep log files
1167
+          label: Rotate days
1168
+          regex:
1169
+            error: Should be a number of days
1170
+            source: ^[1-9]\d*$
1171
+          restrictions:
1172
+          - action: hide
1173
+            condition: settings:atop.service_enabled.value == false
1174
+          type: text
1175
+          value: '7'
1176
+          weight: 30
1177
+        service_enabled:
1178
+          description: 'NOTE: When enabled, the service may generate logs up to a
1179
+            gigabyte in size per day.
1180
+
1181
+            This should be taken into consideration when determining the correct size
1182
+            for the log partition.
1183
+
1184
+            '
1185
+          label: Enable atop service
1186
+          type: checkbox
1187
+          value: true
1188
+          weight: 10
1140 1189
       cgroups:
1141 1190
         metadata:
1142 1191
           always_editable: true
@@ -1219,6 +1268,18 @@ release:
1219 1268
           type: checkbox
1220 1269
           value: true
1221 1270
           weight: 50
1271
+        run_ping_checker:
1272
+          description: Uncheck this box if the public gateway will not be available
1273
+            or will not respond to ICMP requests to the deployed cluster. If unchecked,
1274
+            the controllers will not take public gateway availability into account
1275
+            as part of the cluster health.  If the cluster will not have internet
1276
+            access, you will need to make sure to provide proper offline mirrors for
1277
+            the deployment to succeed.
1278
+          group: network
1279
+          label: Public Gateway is Available
1280
+          type: checkbox
1281
+          value: true
1282
+          weight: 50
1222 1283
         task_deploy:
1223 1284
           type: hidden
1224 1285
           value: true
@@ -1639,6 +1700,9 @@ release:
1639 1700
           description: Your DNS entries should point to this name. Self-signed certificates
1640 1701
             also will use this hostname
1641 1702
           label: DNS hostname for public TLS endpoints
1703
+          regex:
1704
+            error: Invalid DNS hostname
1705
+            source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$
1642 1706
           restrictions:
1643 1707
           - action: hide
1644 1708
             condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value
@@ -1673,8 +1737,6 @@ release:
1673 1737
             Please make sure your Fuel master node has Internet access to the repository
1674 1738
             before attempting to create a mirror.
1675 1739
 
1676
-            For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops).
1677
-
1678 1740
             '
1679 1741
           extra_priority: null
1680 1742
           type: custom_repo_configuration
@@ -1751,11 +1813,70 @@ release:
1751 1813
         sudo:
1752 1814
           type: hidden
1753 1815
           value: 'ALL=(ALL) NOPASSWD: ALL'
1816
+      ssh:
1817
+        brute_force_protection:
1818
+          description: When enabled, the access from all networks (except the provided
1819
+            ones) will be granted, but the networks will be checked against the brute
1820
+            force attack.
1821
+          label: Brute force protection
1822
+          restrictions:
1823
+          - action: hide
1824
+            condition: settings:ssh.security_enabled.value == false
1825
+          type: checkbox
1826
+          value: false
1827
+          weight: 30
1828
+        metadata:
1829
+          enabled: true
1830
+          group: security
1831
+          label: SSH security
1832
+          toggleable: false
1833
+          weight: 120
1834
+        security_enabled:
1835
+          description: 'NOTE: When enabled, provide at least one working IP address
1836
+            (the Fuel Master node IP is already added).
1837
+
1838
+            We recommend adding new addresses instead of replacing the provided Fuel
1839
+            Master node IP.
1840
+
1841
+            When disabled (by default), the admin, management, and storage networks
1842
+            are only allowed to connect to the SSH service.
1843
+
1844
+            '
1845
+          label: Restrict SSH service on network
1846
+          type: checkbox
1847
+          value: false
1848
+          weight: 10
1849
+        security_networks:
1850
+          description: IPv4/CIDR address
1851
+          label: Restrict access to
1852
+          regex:
1853
+            error: Invalid IPv4/CIDR address
1854
+            source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$
1855
+          restrictions:
1856
+          - action: hide
1857
+            condition: settings:ssh.security_enabled.value == false
1858
+          type: text_list
1859
+          value:
1860
+          - '{settings.MASTER_IP}'
1861
+          weight: 20
1754 1862
       storage:
1755 1863
         admin_key:
1756 1864
           type: hidden
1757 1865
           value:
1758 1866
             generator: cephx_key
1867
+        auth_s3_keystone_ceph:
1868
+          description: This allows to authenticate S3 requests basing on EC2/S3 credentials
1869
+            managed by Keystone. Please note that enabling the integration will increase
1870
+            the latency of S3 requests as well as load on Keystone service. Please
1871
+            consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating
1872
+            the risks related with load.
1873
+          label: Enable S3 API Authentication via Keystone in Ceph RadosGW
1874
+          restrictions:
1875
+          - action: hide
1876
+            condition: settings:storage.objects_ceph.value == false
1877
+          type: checkbox
1878
+          value: false
1879
+          weight: 82
1759 1880
         bootstrap_osd_key:
1760 1881
           type: hidden
1761 1882
           value:
@@ -1808,6 +1929,9 @@ release:
1808 1929
             and Swift API Interfaces. If enabled, this option will prevent Swift from
1809 1930
             installing.
1810 1931
           label: Ceph RadosGW for objects (Swift API)
1932
+          restrictions:
1933
+          - settings:storage.images_ceph.value == false: Ceph RBD for Images should
1934
+              be selected.
1811 1935
           type: checkbox
1812 1936
           value: false
1813 1937
           weight: 80
@@ -2048,6 +2172,12 @@ release:
2048 2172
     description: dialog.create_cluster_wizard.compute.qemu_description
2049 2173
     label: dialog.create_cluster_wizard.compute.qemu
2050 2174
     name: hypervisor:qemu
2175
+    requires:
2176
+    - one_of:
2177
+        items:
2178
+        - network:neutron:ml2:vlan
2179
+        - network:neutron:ml2:tun
2180
+        message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend
2051 2181
     weight: 5
2052 2182
   - bind:
2053 2183
     - settings:common.use_vcenter.value
@@ -2057,8 +2187,16 @@ release:
2057 2187
     label: dialog.create_cluster_wizard.compute.vcenter
2058 2188
     name: hypervisor:vmware
2059 2189
     requires:
2060
-    - message: dialog.create_cluster_wizard.compute.vcenter_warning
2061
-      name: hypervisor:qemu
2190
+    - one_of:
2191
+        items:
2192
+        - hypervisor:qemu
2193
+        message: dialog.create_cluster_wizard.compute.vcenter_warning
2194
+    - one_of:
2195
+        items:
2196
+        - network:neutron:ml2:dvs
2197
+        - network:neutron:ml2:nsx
2198
+        message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend
2199
+        message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins
2062 2200
     weight: 15
2063 2201
   - compatible:
2064 2202
     - name: hypervisor:*
@@ -2085,7 +2223,9 @@ release:
2085 2223
     label: common.network.neutron_vlan
2086 2224
     name: network:neutron:ml2:vlan
2087 2225
     requires:
2088
-    - name: network:neutron:core:ml2
2226
+    - one_of:
2227
+        items:
2228
+        - network:neutron:core:ml2
2089 2229
     weight: 5
2090 2230
   - bind:
2091 2231
     - - cluster:net_provider
@@ -2106,7 +2246,9 @@ release:
2106 2246
     label: common.network.neutron_tun
2107 2247
     name: network:neutron:ml2:tun
2108 2248
     requires:
2109
-    - name: network:neutron:core:ml2
2249
+    - one_of:
2250
+        items:
2251
+        - network:neutron:core:ml2
2110 2252
     weight: 10
2111 2253
   - bind:
2112 2254
     - settings:storage.volumes_lvm.value
@@ -2354,6 +2496,7 @@ release:
2354 2496
       restrictions:
2355 2497
       - action: hide
2356 2498
         condition: settings:common.use_vcenter.value == false
2499
+        message: VMware vCenter not enabled for cluster
2357 2500
       weight: 40
2358 2501
     compute:
2359 2502
       description: A Compute node creates, manages, and terminates virtual machine
@@ -2383,10 +2526,12 @@ release:
2383 2526
       restrictions:
2384 2527
       - action: hide
2385 2528
         condition: settings:common.use_vcenter.value == false
2529
+        message: VMware vCenter not enabled for cluster
2386 2530
       weight: 90
2387 2531
     controller:
2388 2532
       conflicts:
2389 2533
       - compute
2534
+      - ceph-osd
2390 2535
       description: The Controller initiates orchestration activities and provides
2391 2536
         an external API.  Other components like Glance (image storage), Keystone (identity
2392 2537
         management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed
@@ -2458,6 +2603,7 @@ release:
2458 2603
       restrictions:
2459 2604
       - action: hide
2460 2605
         condition: not ('advanced' in version:feature_groups)
2606
+        message: Advanced feature should be enabled in feature groups
2461 2607
       weight: 80
2462 2608
   state: available
2463 2609
   version: newton-10.0
@@ -2629,7 +2775,7 @@ repo_setup:
2629 2775
     section: main restricted
2630 2776
     suite: mos10.0
2631 2777
     type: deb
2632
-    uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64
2778
+    uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64
2633 2779
   - name: mos-updates
2634 2780
     priority: 1050
2635 2781
     section: main restricted
@@ -2653,14 +2799,15 @@ repo_setup:
2653 2799
     section: main restricted
2654 2800
     suite: auxiliary
2655 2801
     type: deb
2656
-    uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary
2802
+    uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary
2657 2803
 resume_guests_state_on_host_boot: true
2658 2804
 roles:
2659 2805
 - primary-controller
2806
+run_ping_checker: true
2660 2807
 sahara:
2661
-  db_password: 5GouiTv573FXUKSa2JfE2it0
2808
+  db_password: fyBBOKHmjHXJBzwKg6znoojB
2662 2809
   enabled: false
2663
-  user_password: sUFDBiM0LhyEqWCHxvK42N1D
2810
+  user_password: xnpoIx0CBaJKmeumgAThJ6yC
2664 2811
 service_user:
2665 2812
   homedir: /var/lib/fuel
2666 2813
   metadata:
@@ -2671,22 +2818,34 @@ service_user:
2671 2818
       condition: 'true'
2672 2819
     weight: 10
2673 2820
   name: fuel
2674
-  password: 3nD8uFmJWnF1rrOHdidayYuW
2821
+  password: 9paPtyxDUWvzFuubRywN8wa2
2675 2822
   root_password: r00tme
2676 2823
   sudo: 'ALL=(ALL) NOPASSWD: ALL'
2824
+ssh:
2825
+  brute_force_protection: false
2826
+  metadata:
2827
+    enabled: true
2828
+    group: security
2829
+    label: SSH security
2830
+    toggleable: false
2831
+    weight: 120
2832
+  security_enabled: false
2833
+  security_networks:
2834
+  - 10.109.15.2
2677 2835
 status: discover
2678 2836
 storage:
2679
-  admin_key: AQAiekhXAAAAABAADbWfvinwBeGWEi7JRaWgag==
2680
-  bootstrap_osd_key: AQAiekhXAAAAABAAamKsawxkXm99kXmEhWaSGw==
2837
+  admin_key: AQANCKNXAAAAABAAICIGZeGjdsW4rt37/MYwPg==
2838
+  auth_s3_keystone_ceph: false
2839
+  bootstrap_osd_key: AQANCKNXAAAAABAA4XLpGtBmnq+8ECO0ASkafA==
2681 2840
   ephemeral_ceph: false
2682
-  fsid: 6da4a04e-fd5c-4ec8-a394-ae009c5c2f92
2841
+  fsid: be75cde4-f083-41b2-a4ca-c3f03e85ff10
2683 2842
   images_ceph: false
2684 2843
   images_vcenter: false
2685 2844
   metadata:
2686 2845
     group: storage
2687 2846
     label: Storage Backends
2688 2847
     weight: 60
2689
-  mon_key: AQAiekhXAAAAABAARw76hwzKmf/x/I0uoyUsnA==
2848
+  mon_key: AQANCKNXAAAAABAAIUS/B+09OlDWDN7VfezDFw==
2690 2849
   objects_ceph: false
2691 2850
   osd_pool_size: '3'
2692 2851
   per_pool_pg_nums:
@@ -2697,13 +2856,13 @@ storage:
2697 2856
     images: 128
2698 2857
     volumes: 128
2699 2858
   pg_num: 128
2700
-  radosgw_key: AQAiekhXAAAAABAABpQ0tuYU91Jzib/P7uohdw==
2859
+  radosgw_key: AQANCKNXAAAAABAAUBrikUvMh/a+EG8+eIq3VA==
2701 2860
   volumes_block_device: false
2702 2861
   volumes_ceph: false
2703 2862
   volumes_lvm: true
2704 2863
 storage_network_range: 192.168.1.0/24
2705 2864
 swift:
2706
-  user_password: vB61iOPXKRG66V9taTym4NjB
2865
+  user_password: GSQibP0IGrKQkAfXr9INmFUU
2707 2866
 syslog:
2708 2867
   metadata:
2709 2868
     enabled: false
@@ -2725,10 +2884,10 @@ test_vm_image:
2725 2884
   os_name: cirros
2726 2885
   properties: {}
2727 2886
   public: 'true'
2728
-uid: '740'
2887
+uid: '136'
2729 2888
 use_cow_images: true
2730 2889
 use_vcenter: false
2731
-user_node_name: node-740
2890
+user_node_name: node-136
2732 2891
 vms_conf: []
2733 2892
 workloads_collector:
2734 2893
   create_user: false
@@ -2740,6 +2899,6 @@ workloads_collector:
2740 2899
     - action: hide
2741 2900
       condition: 'true'
2742 2901
     weight: 10
2743
-  password: Np6WzPrfRrNNg88sRYY0mp7l
2902
+  password: lxMOZvzTNujuIE7lVdaQyzzP
2744 2903
   tenant: services
2745 2904
   username: fuel_stats_user

+ 330
- 171
hiera/neut_tun.l3ha.nova_quota-primary-controller.yaml View File

@@ -8,18 +8,28 @@ access:
8 8
   tenant: admin
9 9
   user: admin
10 10
 aodh:
11
-  db_password: 7j3w5vVSvgjbq34JSyQ75dN7
12
-  user_password: xK3HqxRvj6yccZcQcKw1HsiK
11
+  db_password: fTG2UYBvKZDeNDA9TAu9pH1D
12
+  user_password: 4Ld23EdM8F7eeqn2j2MbEsDk
13
+atop:
14
+  interval: '20'
15
+  metadata:
16
+    enabled: true
17
+    group: logging
18
+    label: Advanced System & Process Monitor (atop)
19
+    toggleable: false
20
+    weight: 60
21
+  rotate: '7'
22
+  service_enabled: true
13 23
 auth_key: ''
14 24
 auto_assign_floating_ip: false
15 25
 base_syslog:
16 26
   syslog_port: '514'
17
-  syslog_server: 10.145.0.2
27
+  syslog_server: 10.109.15.2
18 28
 ceilometer:
19
-  db_password: ucnMYHhGTaxRt8pdfTAhejJB
29
+  db_password: oWhPeenq8xLR1oSCgQWvDTTV
20 30
   enabled: false
21
-  metering_secret: BUek3Z44dLw4dJFHCRiKpvwF
22
-  user_password: vYsfWtMK3mez3bTP2b7JULIy
31
+  metering_secret: rMMSspJxqlFQ0gNkBMRfWZe4
32
+  user_password: oFJ3w48Vno34ojMWYmlQ2cau
23 33
 cgroups:
24 34
   metadata:
25 35
     always_editable: true
@@ -30,9 +40,9 @@ cgroups:
30 40
       condition: 'true'
31 41
     weight: 90
32 42
 cinder:
33
-  db_password: o1MiNAm7BXJjctXPV7KDAlvZ
34
-  fixed_key: ea26f10c6feb8f10069796997d6d1189c9288023d1461236cf2fc962849e70fa
35
-  user_password: VddFPJO9aj8xTZgaGcgiKLeM
43
+  db_password: Mh0PPiud65Qn3r3qXeYVgqDj
44
+  fixed_key: 4c286a83354367390797cf7c751eb2144db45a80fbc9b4277f0ab699e9a11b3b
45
+  user_password: 5bmKBYRy3iRAzJ4IEqs86NdT
36 46
 cluster:
37 47
   changes:
38 48
   - name: attributes
@@ -42,20 +52,20 @@ cluster:
42 52
   - name: networks
43 53
     node_id: null
44 54
   - name: interfaces
45
-    node_id: 750
55
+    node_id: 146
46 56
   - name: disks
47
-    node_id: 750
57
+    node_id: 146
48 58
   - name: interfaces
49
-    node_id: 751
59
+    node_id: 147
50 60
   - name: disks
51
-    node_id: 751
61
+    node_id: 147
52 62
   - name: interfaces
53
-    node_id: 752
63
+    node_id: 148
54 64
   - name: disks
55
-    node_id: 752
65
+    node_id: 148
56 66
   components: []
57 67
   fuel_version: '10.0'
58
-  id: 42
68
+  id: 17
59 69
   is_customized: false
60 70
   is_locked: false
61 71
   mode: ha_compact
@@ -88,12 +98,11 @@ corosync:
88 98
 debug: false
89 99
 deployed_before:
90 100
   value: false
91
-deployment_id: 42
101
+deployment_id: 17
92 102
 deployment_mode: ha_compact
93
-dpdk: {}
94 103
 external_dns:
95 104
   dns_list:
96
-  - 10.145.0.1
105
+  - 10.109.15.1
97 106
   metadata:
98 107
     group: network
99 108
     label: Host OS DNS Servers
@@ -119,31 +128,29 @@ external_ntp:
119 128
     label: Host OS NTP Servers
120 129
     weight: 40
121 130
   ntp_list:
122
-  - 0.fuel.pool.ntp.org
123
-  - 1.fuel.pool.ntp.org
124
-  - 2.fuel.pool.ntp.org
131
+  - 10.109.15.1
125 132
 fail_if_error: true
126
-fqdn: node-750.domain.tld
133
+fqdn: node-146.test.domain.local
127 134
 fuel_version: '10.0'
128 135
 glance:
129
-  db_password: KwfH9ZWNIdSxRnYCNmiagUdk
136
+  db_password: GYxtQiMKDb5K7tmZo0rFTut1
130 137
   image_cache_max_size: '389537175961'
131
-  user_password: g7wSdgapZGaLH5s0ccFrdYr7
138
+  user_password: SfPI5FYXK2wfTBkLL2z6ZVMK
132 139
 glance_glare:
133
-  user_password: hsj5zoOrR78l0rp0ia5ouEzt
140
+  user_password: mGvWAhWF6FJRgn9usmpUTarY
134 141
 heat:
135
-  auth_encryption_key: 40032089313a012a4a9f9f3540c61e9a
136
-  db_password: RaG0yb1ts5gcK6IZXJk2hVx9
142
+  auth_encryption_key: a26dc66ee5b68c2b9cfb7fe085728e86
143
+  db_password: EsvLELan6iukN5yDLPJ2fyh5
137 144
   enabled: true
138
-  rabbit_password: jVuBaw5bkTuSQX9jnzVkPd5z
139
-  user_password: QJFWNaGQTALMwA2E2xmJsnBn
145
+  rabbit_password: oxzRc7tSDwKCm4PStz7gC1aW
146
+  user_password: LHFstLqeT9L93Tj3EDCoyYbD
140 147
 horizon:
141
-  secret_key: f38f3ac617f74ff20cb579ef1bce66ae77763f26b16ca6491260ab1feaa448b4
148
+  secret_key: 542dad2c900902d116d7d11e1a24dc95526bb96920ad63b2103c3dd8c4f9ea84
142 149
 ironic:
143
-  db_password: lJoowNRvUuCf6zT4V1QPXZe2
150
+  db_password: UfnJMWqNxd3UC9ryzaUsP0W2
144 151
   enabled: false
145
-  swift_tempurl_key: w9NTMHS4tOmGPpzCAmFwzlB5
146
-  user_password: WUecqWZZmsheyt4i9qvP5St5
152
+  swift_tempurl_key: lW2cBzuTOBoruzoPMb46BUJK
153
+  user_password: C9Zen8KoOYPJlOH90A0UD6I5
147 154
 kernel_params:
148 155
   kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset
149 156
   metadata:
@@ -151,12 +158,12 @@ kernel_params:
151 158
     label: Kernel parameters
152 159
     weight: 60
153 160
 keystone:
154
-  admin_token: 8hxLbNdn8o9pT3nSTLmY3AJu
155
-  db_password: maVEtYGyZ65HUXiRbZJIIs2v
156
-last_controller: node-752
161
+  admin_token: 7Kq1CywuBMQUnqcEi4kEPTNH
162
+  db_password: yrJShNwbNlPKgeGRnJn8cHll
163
+last_controller: node-148
157 164
 libvirt_type: qemu
158 165
 management_network_range: 192.168.0.0/24
159
-master_ip: 10.145.0.2
166
+master_ip: 10.109.15.2
160 167
 metadata:
161 168
   label: Common
162 169
   weight: 10
@@ -168,15 +175,15 @@ mp:
168 175
 - point: '2'
169 176
   weight: '2'
170 177
 murano:
171
-  db_password: lqxY73mPKA1etCUW1By1uJ55
178
+  db_password: 7YG26rZKPLESGohgInb18FyT
172 179
   enabled: false
173
-  rabbit_password: jheazxWvz0XlTXmyUj0RxfCX
174
-  user_password: l9fBki5GRiRRhuYFFUxx3w88
180
+  rabbit_password: kNyHQIfyaTfB5dQXoL0AZnML
181
+  user_password: hTOgx33sIP7mynagqpd3q8Ut
175 182
 murano-cfapi:
176
-  db_password: XmoTRj6WHdO2ejel389tcBA3
183
+  db_password: eRKU8BMu9GEwxvXPo3M47c6Y
177 184
   enabled: false
178
-  rabbit_password: VGBZK9x0BHrBJXagf1eXGfV4
179
-  user_password: P3uFu4JbnwmIvosjo8ksEWyo
185
+  rabbit_password: PmttpiIvsyI5D6iiW8zFncyy
186
+  user_password: U4Xv4TMqOrfTUlELubsbY3ql
180 187
 murano_settings:
181 188
   metadata:
182 189
     group: openstack_services
@@ -189,15 +196,62 @@ murano_settings:
189 196
   murano_glance_artifacts_plugin: true
190 197
   murano_repo_url: http://storage.apps.openstack.org/
191 198
 mysql:
192
-  root_password: MguARNj9HbYrPaTxIMnQ9zii
193
-  wsrep_password: oH39uJM2PEk6YiTux6JnXWB7
199
+  root_password: jrKJrlkH2V33stGRS83sKcp9
200
+  wsrep_password: 7ZWGnr7Tj6LtY9olzmNYRQI3
194 201
 network_metadata:
195 202
   nodes:
196
-    node-750:
197
-      fqdn: node-750.domain.tld
198
-      name: node-750
203
+    node-146:
204
+      fqdn: node-146.test.domain.local
205
+      name: node-146
199 206
       network_roles:
200
-        admin/pxe: 10.145.0.100
207
+        admin/pxe: 10.109.15.100
208
+        aodh/api: 192.168.0.3
209
+        ceilometer/api: 192.168.0.3
210
+        ceph/public: 192.168.1.3
211
+        ceph/radosgw: 172.16.0.4
212
+        ceph/replication: 192.168.1.3
213
+        cinder/api: 192.168.0.3
214
+        cinder/iscsi: 192.168.1.3
215
+        ex: 172.16.0.4
216
+        fw-admin: 10.109.15.100
217
+        glance/api: 192.168.0.3
218
+        glance/glare: 192.168.0.3
219
+        heat/api: 192.168.0.3
220
+        horizon: 192.168.0.3
221
+        ironic/api: 192.168.0.3
222
+        keystone/api: 192.168.0.3
223
+        management: 192.168.0.3
224
+        mgmt/corosync: 192.168.0.3
225
+        mgmt/database: 192.168.0.3
226
+        mgmt/memcache: 192.168.0.3
227
+        mgmt/messaging: 192.168.0.3
228
+        mgmt/vip: 192.168.0.3
229
+        mongo/db: 192.168.0.3
230
+        murano/api: 192.168.0.3
231
+        murano/cfapi: 192.168.0.3
232
+        neutron/api: 192.168.0.3
233
+        neutron/floating: null
234
+        neutron/mesh: 192.168.2.3
235
+        neutron/private: null
236
+        nova/api: 192.168.0.3
237
+        nova/migration: 192.168.0.3
238
+        public/vip: 172.16.0.4
239
+        sahara/api: 192.168.0.3
240
+        storage: 192.168.1.3
241
+        swift/api: 192.168.0.3
242
+        swift/replication: 192.168.1.3
243
+      node_roles:
244
+      - primary-controller
245
+      nova_cpu_pinning_enabled: false
246
+      nova_hugepages_enabled: false
247
+      swift_zone: '146'
248
+      uid: '146'
249
+      user_node_name: node-146
250
+    node-147:
251
+      fqdn: node-147.test.domain.local
252
+      name: node-147
253
+      network_roles:
254
+        admin/pxe: 10.109.15.101
201 255
         aodh/api: 192.168.0.1
202 256
         ceilometer/api: 192.168.0.1
203 257
         ceph/public: 192.168.1.1
@@ -206,7 +260,7 @@ network_metadata:
206 260
         cinder/api: 192.168.0.1
207 261
         cinder/iscsi: 192.168.1.1
208 262
         ex: 172.16.0.2
209
-        fw-admin: 10.145.0.100
263
+        fw-admin: 10.109.15.101
210 264
         glance/api: 192.168.0.1
211 265
         glance/glare: 192.168.0.1
212 266
         heat/api: 192.168.0.1
@@ -234,17 +288,17 @@ network_metadata:
234 288
         swift/api: 192.168.0.1
235 289
         swift/replication: 192.168.1.1
236 290
       node_roles:
237
-      - primary-controller
291
+      - controller
238 292
       nova_cpu_pinning_enabled: false
239 293
       nova_hugepages_enabled: false
240
-      swift_zone: '750'
241
-      uid: '750'
242
-      user_node_name: node-750
243
-    node-751:
244
-      fqdn: node-751.domain.tld
245
-      name: node-751
294
+      swift_zone: '147'
295
+      uid: '147'
296
+      user_node_name: node-147
297
+    node-148:
298
+      fqdn: node-148.test.domain.local
299
+      name: node-148
246 300
       network_roles:
247
-        admin/pxe: 10.145.0.101
301
+        admin/pxe: 10.109.15.102
248 302
         aodh/api: 192.168.0.2
249 303
         ceilometer/api: 192.168.0.2
250 304
         ceph/public: 192.168.1.2
@@ -253,7 +307,7 @@ network_metadata:
253 307
         cinder/api: 192.168.0.2
254 308
         cinder/iscsi: 192.168.1.2
255 309
         ex: 172.16.0.3
256
-        fw-admin: 10.145.0.101
310
+        fw-admin: 10.109.15.102
257 311
         glance/api: 192.168.0.2
258 312
         glance/glare: 192.168.0.2
259 313
         heat/api: 192.168.0.2
@@ -284,56 +338,9 @@ network_metadata:
284 338
       - controller
285 339
       nova_cpu_pinning_enabled: false
286 340
       nova_hugepages_enabled: false
287
-      swift_zone: '751'
288
-      uid: '751'
289
-      user_node_name: node-751
290
-    node-752:
291
-      fqdn: node-752.domain.tld
292
-      name: node-752
293
-      network_roles:
294
-        admin/pxe: 10.145.0.102
295
-        aodh/api: 192.168.0.3
296
-        ceilometer/api: 192.168.0.3
297
-        ceph/public: 192.168.1.3
298
-        ceph/radosgw: 172.16.0.4
299
-        ceph/replication: 192.168.1.3
300
-        cinder/api: 192.168.0.3
301
-        cinder/iscsi: 192.168.1.3
302
-        ex: 172.16.0.4
303
-        fw-admin: 10.145.0.102
304
-        glance/api: 192.168.0.3
305
-        glance/glare: 192.168.0.3
306
-        heat/api: 192.168.0.3
307
-        horizon: 192.168.0.3
308
-        ironic/api: 192.168.0.3
309
-        keystone/api: 192.168.0.3
310
-        management: 192.168.0.3
311
-        mgmt/corosync: 192.168.0.3
312
-        mgmt/database: 192.168.0.3
313
-        mgmt/memcache: 192.168.0.3
314
-        mgmt/messaging: 192.168.0.3
315
-        mgmt/vip: 192.168.0.3
316
-        mongo/db: 192.168.0.3
317
-        murano/api: 192.168.0.3
318
-        murano/cfapi: 192.168.0.3
319
-        neutron/api: 192.168.0.3
320
-        neutron/floating: null
321
-        neutron/mesh: 192.168.2.3
322
-        neutron/private: null
323
-        nova/api: 192.168.0.3
324
-        nova/migration: 192.168.0.3
325
-        public/vip: 172.16.0.4
326
-        sahara/api: 192.168.0.3
327
-        storage: 192.168.1.3
328
-        swift/api: 192.168.0.3
329
-        swift/replication: 192.168.1.3
330
-      node_roles:
331
-      - controller
332
-      nova_cpu_pinning_enabled: false
333
-      nova_hugepages_enabled: false
334
-      swift_zone: '752'
335
-      uid: '752'
336
-      user_node_name: node-752
341
+      swift_zone: '148'
342
+      uid: '148'
343
+      user_node_name: node-148
337 344
   vips:
338 345
     management:
339 346
       ipaddr: 192.168.0.5
@@ -380,7 +387,7 @@ network_scheme:
380 387
   endpoints:
381 388
     br-ex:
382 389
       IP:
383
-      - 172.16.0.2/24
390
+      - 172.16.0.4/24
384 391
       gateway: 172.16.0.1
385 392
       vendor_specific:
386 393
         provider_gateway: 172.16.0.1
@@ -388,18 +395,18 @@ network_scheme:
388 395
       IP: none
389 396
     br-fw-admin:
390 397
       IP:
391
-      - 10.145.0.100/24
398
+      - 10.109.15.100/24
392 399
       vendor_specific:
393
-        provider_gateway: 10.145.0.1
400
+        provider_gateway: 10.109.15.1
394 401
     br-mesh:
395 402
       IP:
396
-      - 192.168.2.1/24
403
+      - 192.168.2.3/24
397 404
     br-mgmt:
398 405
       IP:
399
-      - 192.168.0.1/24
406
+      - 192.168.0.3/24
400 407
     br-storage:
401 408
       IP:
402
-      - 192.168.1.1/24
409
+      - 192.168.1.3/24
403 410
   interfaces:
404 411
     enp0s3:
405 412
       vendor_specific:
@@ -790,47 +797,46 @@ node_volumes:
790 797
     size: 11264
791 798
     type: lv
792 799
 nodes:
793
-- fqdn: node-750.domain.tld
800
+- fqdn: node-146.test.domain.local
801
+  internal_address: 192.168.0.3
802
+  internal_netmask: 255.255.255.0
803
+  name: node-146
804
+  public_address: 172.16.0.4
805
+  public_netmask: 255.255.255.0
806
+  role: primary-controller
807
+  storage_address: 192.168.1.3
808
+  storage_netmask: 255.255.255.0
809
+  swift_zone: '146'
810
+  uid: '146'
811
+  user_node_name: node-146
812
+- fqdn: node-147.test.domain.local
794 813
   internal_address: 192.168.0.1
795 814
   internal_netmask: 255.255.255.0
796
-  name: node-750
815
+  name: node-147
797 816
   public_address: 172.16.0.2
798 817
   public_netmask: 255.255.255.0
799
-  role: primary-controller
818
+  role: controller
800 819
   storage_address: 192.168.1.1
801 820
   storage_netmask: 255.255.255.0
802
-  swift_zone: '750'
803
-  uid: '750'
804
-  user_node_name: node-750
805
-- fqdn: node-751.domain.tld
821
+  swift_zone: '147'
822
+  uid: '147'
823
+  user_node_name: node-147
824
+- fqdn: node-148.test.domain.local
806 825
   internal_address: 192.168.0.2
807 826
   internal_netmask: 255.255.255.0
808
-  name: node-751
827
+  name: node-148
809 828
   public_address: 172.16.0.3
810 829
   public_netmask: 255.255.255.0
811 830
   role: controller
812 831
   storage_address: 192.168.1.2
813 832
   storage_netmask: 255.255.255.0
814
-  swift_zone: '751'
815
-  uid: '751'
816
-  user_node_name: node-751
817
-- fqdn: node-752.domain.tld
818
-  internal_address: 192.168.0.3
819
-  internal_netmask: 255.255.255.0
820
-  name: node-752
821
-  public_address: 172.16.0.4
822
-  public_netmask: 255.255.255.0
823
-  role: controller
824
-  storage_address: 192.168.1.3
825
-  storage_netmask: 255.255.255.0
826
-  swift_zone: '752'
827
-  uid: '752'
828
-  user_node_name: node-752
833
+  swift_zone: '148'
834
+  uid: '148'
835
+  user_node_name: node-148
829 836
 nova:
830
-  db_password: dVxM3nlBe0JziZeF5NIc630X
831
-  enable_hugepages: false
837
+  db_password: hWAZkudqAeGGhl1SatLfMEC5
832 838
   state_path: /var/lib/nova
833
-  user_password: jGuKfRlMm0q9vn9ZzqbItMI3
839
+  user_password: 1zxvrXLlRd4CjKRbmEYbejh2
834 840
 nova_quota: true
835 841
 online: true
836 842
 openstack_version: newton-10.0
@@ -842,7 +848,7 @@ operator_user:
842 848
     label: Operating System Access
843 849
     weight: 15
844 850
   name: fueladmin
845
-  password: xT8T4DNQ2QqkJFUZodoWREDy
851
+  password: d2FKWdMzL5ZrjCxa52Bo3JS5
846 852
   sudo: 'ALL=(ALL) NOPASSWD: ALL'
847 853
 plugins: []
848 854
 private_network_range: 192.168.2.0/24
@@ -853,11 +859,11 @@ provision:
853 859
     /:
854 860
       container: gzip
855 861
       format: ext4
856
-      uri: http://10.145.0.2:8080/targetimages/env_42_ubuntu_1404_amd64.img.gz
862
+      uri: http://10.109.15.2:8080/targetimages/env_17_ubuntu_1404_amd64.img.gz
857 863
     /boot:
858 864
       container: gzip
859 865
       format: ext2
860
-      uri: http://10.145.0.2:8080/targetimages/env_42_ubuntu_1404_amd64-boot.img.gz
866
+      uri: http://10.109.15.2:8080/targetimages/env_17_ubuntu_1404_amd64-boot.img.gz
861 867
   metadata:
862 868
     group: general
863 869
     label: Provision
@@ -979,8 +985,8 @@ public_ssl:
979 985
     weight: 110
980 986
   services: false
981 987
 puppet:
982
-  manifests: rsync://10.145.0.2:/puppet/newton-10.0/manifests/
983
-  modules: rsync://10.145.0.2:/puppet/newton-10.0/modules/
988
+  manifests: rsync://10.109.15.2:/puppet/newton-10.0/manifests/
989
+  modules: rsync://10.109.15.2:/puppet/newton-10.0/modules/
984 990
 puppet_debug: true
985 991
 quantum: true
986 992
 quantum_settings:
@@ -995,13 +1001,13 @@ quantum_settings:
995 1001
   L3:
996 1002
     use_namespaces: true
997 1003
   database:
998
-    passwd: 8sbWW3CaFK76H4RLEpNOsfLd
1004
+    passwd: AGikUII5cPBFkzlIKuAArThr
999 1005
   default_floating_net: admin_floating_net
1000 1006
   default_private_net: admin_internal_net
1001 1007
   keystone:
1002
-    admin_password: LfzRpFDQNKvkaVBLP8ddBpZl
1008
+    admin_password: qgsijpWEtQOaBnbRJSdjlw5l
1003 1009
   metadata:
1004
-    metadata_proxy_shared_secret: zdLsHUINrwbg8NspxSn7qvx3
1010
+    metadata_proxy_shared_secret: YgshdIPQ6fuu8qjf0zGK7GeJ
1005 1011
   predefined_networks:
1006 1012
     admin_floating_net:
1007 1013
       L2:
@@ -1035,7 +1041,7 @@ quantum_settings:
1035 1041
       shared: false
1036 1042
       tenant: admin
1037 1043
 rabbit:
1038
-  password: krpm3JNObYWWhDl9VahYaVWs
1044
+  password: lbGFVr9BdCAdvobuR7rur3up
1039 1045
 release:
1040 1046
   attributes_metadata:
1041 1047
     editable:
@@ -1143,6 +1149,49 @@ release:
1143 1149
           type: checkbox
1144 1150
           value: false
1145 1151
           weight: 10
1152
+      atop:
1153
+        interval:
1154
+          description: Interval between the snapshots in seconds
1155
+          label: Interval between the snapshots
1156
+          regex:
1157
+            error: Should be a number of seconds
1158
+            source: ^[1-9]\d*$
1159
+          restrictions:
1160
+          - action: hide
1161
+            condition: settings:atop.service_enabled.value == false
1162
+          type: text
1163
+          value: '20'
1164
+          weight: 20
1165
+        metadata:
1166
+          enabled: true
1167
+          group: logging
1168
+          label: Advanced System & Process Monitor (atop)
1169
+          toggleable: false
1170
+          weight: 60
1171
+        rotate:
1172
+          description: Number of days to keep log files
1173
+          label: Rotate days
1174
+          regex:
1175
+            error: Should be a number of days
1176
+            source: ^[1-9]\d*$
1177
+          restrictions:
1178
+          - action: hide
1179
+            condition: settings:atop.service_enabled.value == false
1180
+          type: text
1181
+          value: '7'
1182
+          weight: 30
1183
+        service_enabled:
1184
+          description: 'NOTE: When enabled, the service may generate logs up to a
1185
+            gigabyte in size per day.
1186
+
1187
+            This should be taken into consideration when determining the correct size
1188
+            for the log partition.
1189
+
1190
+            '
1191
+          label: Enable atop service
1192
+          type: checkbox
1193
+          value: true
1194
+          weight: 10
1146 1195
       cgroups:
1147 1196
         metadata:
1148 1197
           always_editable: true
@@ -1225,6 +1274,18 @@ release:
1225 1274
           type: checkbox
1226 1275
           value: true
1227 1276
           weight: 50
1277
+        run_ping_checker:
1278
+          description: Uncheck this box if the public gateway will not be available
1279
+            or will not respond to ICMP requests to the deployed cluster. If unchecked,
1280
+            the controllers will not take public gateway availability into account
1281
+            as part of the cluster health.  If the cluster will not have internet
1282
+            access, you will need to make sure to provide proper offline mirrors for
1283
+            the deployment to succeed.
1284
+          group: network
1285
+          label: Public Gateway is Available
1286
+          type: checkbox
1287
+          value: true
1288
+          weight: 50
1228 1289
         task_deploy:
1229 1290
           type: hidden
1230 1291
           value: true
@@ -1645,6 +1706,9 @@ release:
1645 1706
           description: Your DNS entries should point to this name. Self-signed certificates
1646 1707
             also will use this hostname
1647 1708
           label: DNS hostname for public TLS endpoints
1709
+          regex:
1710
+            error: Invalid DNS hostname
1711
+            source: ^[a-zA-Z\d]+[-\.\da-zA-Z]*$
1648 1712
           restrictions:
1649 1713
           - action: hide
1650 1714
             condition: settings:public_ssl.horizon.value == false and settings:public_ssl.services.value
@@ -1679,8 +1743,6 @@ release:
1679 1743
             Please make sure your Fuel master node has Internet access to the repository
1680 1744
             before attempting to create a mirror.
1681 1745
 
1682
-            For more details, please refer to the documentation (https://docs.mirantis.com/openstack/fuel/fuel-10.0/operations.html#external-ubuntu-ops).
1683
-
1684 1746
             '
1685 1747
           extra_priority: null
1686 1748
           type: custom_repo_configuration
@@ -1757,11 +1819,70 @@ release:
1757 1819
         sudo:
1758 1820
           type: hidden
1759 1821
           value: 'ALL=(ALL) NOPASSWD: ALL'
1822
+      ssh:
1823
+        brute_force_protection:
1824
+          description: When enabled, the access from all networks (except the provided
1825
+            ones) will be granted, but the networks will be checked against the brute
1826
+            force attack.
1827
+          label: Brute force protection
1828
+          restrictions:
1829
+          - action: hide
1830
+            condition: settings:ssh.security_enabled.value == false
1831
+          type: checkbox
1832
+          value: false
1833
+          weight: 30
1834
+        metadata:
1835
+          enabled: true
1836
+          group: security
1837
+          label: SSH security
1838
+          toggleable: false
1839
+          weight: 120
1840
+        security_enabled:
1841
+          description: 'NOTE: When enabled, provide at least one working IP address
1842
+            (the Fuel Master node IP is already added).
1843
+
1844
+            We recommend adding new addresses instead of replacing the provided Fuel
1845
+            Master node IP.
1846
+
1847
+            When disabled (by default), the admin, management, and storage networks
1848
+            are only allowed to connect to the SSH service.
1849
+
1850
+            '
1851
+          label: Restrict SSH service on network
1852
+          type: checkbox
1853
+          value: false
1854
+          weight: 10
1855
+        security_networks:
1856
+          description: IPv4/CIDR address
1857
+          label: Restrict access to
1858
+          regex:
1859
+            error: Invalid IPv4/CIDR address
1860
+            source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$
1861
+          restrictions:
1862
+          - action: hide
1863
+            condition: settings:ssh.security_enabled.value == false
1864
+          type: text_list
1865
+          value:
1866
+          - '{settings.MASTER_IP}'
1867
+          weight: 20
1760 1868
       storage:
1761 1869
         admin_key:
1762 1870
           type: hidden
1763 1871
           value:
1764 1872
             generator: cephx_key
1873
+        auth_s3_keystone_ceph:
1874
+          description: This allows to authenticate S3 requests basing on EC2/S3 credentials
1875
+            managed by Keystone. Please note that enabling the integration will increase
1876
+            the latency of S3 requests as well as load on Keystone service. Please
1877
+            consult with Mirantis Technical Bulletin 27 and Mirantis Support on mitigating
1878
+            the risks related with load.
1879
+          label: Enable S3 API Authentication via Keystone in Ceph RadosGW
1880
+          restrictions:
1881
+          - action: hide
1882
+            condition: settings:storage.objects_ceph.value == false
1883
+          type: checkbox
1884
+          value: false
1885
+          weight: 82
1765 1886
         bootstrap_osd_key:
1766 1887
           type: hidden
1767 1888
           value:
@@ -1814,6 +1935,9 @@ release:
1814 1935
             and Swift API Interfaces. If enabled, this option will prevent Swift from
1815 1936
             installing.
1816 1937
           label: Ceph RadosGW for objects (Swift API)
1938
+          restrictions:
1939
+          - settings:storage.images_ceph.value == false: Ceph RBD for Images should
1940
+              be selected.
1817 1941
           type: checkbox
1818 1942
           value: false
1819 1943
           weight: 80
@@ -2054,6 +2178,12 @@ release:
2054 2178
     description: dialog.create_cluster_wizard.compute.qemu_description
2055 2179
     label: dialog.create_cluster_wizard.compute.qemu
2056 2180
     name: hypervisor:qemu
2181
+    requires:
2182
+    - one_of:
2183
+        items:
2184
+        - network:neutron:ml2:vlan
2185
+        - network:neutron:ml2:tun
2186
+        message: dialog.create_cluster_wizard.compute.qemu_requires_network_backend
2057 2187
     weight: 5
2058 2188
   - bind:
2059 2189
     - settings:common.use_vcenter.value
@@ -2063,8 +2193,16 @@ release:
2063 2193
     label: dialog.create_cluster_wizard.compute.vcenter
2064 2194
     name: hypervisor:vmware
2065 2195
     requires:
2066
-    - message: dialog.create_cluster_wizard.compute.vcenter_warning
2067
-      name: hypervisor:qemu
2196
+    - one_of:
2197
+        items:
2198
+        - hypervisor:qemu
2199
+        message: dialog.create_cluster_wizard.compute.vcenter_warning
2200
+    - one_of:
2201
+        items:
2202
+        - network:neutron:ml2:dvs
2203
+        - network:neutron:ml2:nsx
2204
+        message: dialog.create_cluster_wizard.compute.vcenter_requires_network_backend
2205
+        message_invalid: dialog.create_cluster_wizard.compute.vcenter_requires_network_plugins
2068 2206
     weight: 15
2069 2207
   - compatible:
2070 2208
     - name: hypervisor:*
@@ -2091,7 +2229,9 @@ release:
2091 2229
     label: common.network.neutron_vlan
2092 2230
     name: network:neutron:ml2:vlan
2093 2231
     requires:
2094
-    - name: network:neutron:core:ml2
2232
+    - one_of:
2233
+        items:
2234
+        - network:neutron:core:ml2
2095 2235
     weight: 5
2096 2236
   - bind:
2097 2237
     - - cluster:net_provider
@@ -2112,7 +2252,9 @@ release:
2112 2252
     label: common.network.neutron_tun
2113 2253
     name: network:neutron:ml2:tun
2114 2254
     requires:
2115
-    - name: network:neutron:core:ml2
2255
+    - one_of:
2256
+        items:
2257
+        - network:neutron:core:ml2
2116 2258
     weight: 10
2117 2259
   - bind:
2118 2260
     - settings:storage.volumes_lvm.value
@@ -2360,6 +2502,7 @@ release:
2360 2502
       restrictions:
2361 2503
       - action: hide
2362 2504
         condition: settings:common.use_vcenter.value == false
2505
+        message: VMware vCenter not enabled for cluster
2363 2506
       weight: 40
2364 2507
     compute:
2365 2508
       description: A Compute node creates, manages, and terminates virtual machine
@@ -2389,10 +2532,12 @@ release:
2389 2532
       restrictions:
2390 2533
       - action: hide
2391 2534
         condition: settings:common.use_vcenter.value == false
2535
+        message: VMware vCenter not enabled for cluster
2392 2536
       weight: 90
2393 2537
     controller:
2394 2538
       conflicts:
2395 2539
       - compute
2540
+      - ceph-osd
2396 2541
       description: The Controller initiates orchestration activities and provides
2397 2542
         an external API.  Other components like Glance (image storage), Keystone (identity
2398 2543
         management), Horizon (OpenStack dashboard) and Nova-Scheduler are installed
@@ -2464,6 +2609,7 @@ release:
2464 2609
       restrictions:
2465 2610
       - action: hide
2466 2611
         condition: not ('advanced' in version:feature_groups)
2612
+        message: Advanced feature should be enabled in feature groups
2467 2613
       weight: 80
2468 2614
   state: available
2469 2615
   version: newton-10.0
@@ -2635,7 +2781,7 @@ repo_setup:
2635 2781
     section: main restricted
2636 2782
     suite: mos10.0
2637 2783
     type: deb
2638
-    uri: http://10.145.0.2:8080/newton-10.0/ubuntu/x86_64
2784
+    uri: http://10.109.15.2:8080/newton-10.0/ubuntu/x86_64
2639 2785
   - name: mos-updates
2640 2786
     priority: 1050
2641 2787
     section: main restricted
@@ -2659,14 +2805,15 @@ repo_setup:
2659 2805
     section: main restricted
2660 2806
     suite: auxiliary
2661 2807
     type: deb
2662
-    uri: http://10.145.0.2:8080/newton-10.0/ubuntu/auxiliary
2808
+    uri: http://10.109.15.2:8080/newton-10.0/ubuntu/auxiliary
2663 2809
 resume_guests_state_on_host_boot: true
2664 2810
 roles:
2665 2811
 - primary-controller
2812
+run_ping_checker: true
2666 2813
 sahara:
2667
-  db_password: DRapFQcmeHvueGCqssEIa2bQ
2814
+  db_password: CM60aYlmA5spqiqDApaby7xR
2668 2815
   enabled: false
2669
-  user_password: o6fkFsUDNDhc4YqRd0T9gOJE
2816
+  user_password: lB1yDC38IKmz6M557UcjJfAg
2670 2817
 service_user:
2671 2818
   homedir: /var/lib/fuel
2672 2819
   metadata:
@@ -2677,22 +2824,34 @@ service_user:
2677 2824
       condition: 'true'
2678 2825
     weight: 10
2679 2826
   name: fuel
2680
-  password: kBx8RG4db3zQAzqVKh44Gm4d
2827
+  password: cPYnLS5PfIUite7eBpjSrI9z
2681 2828
   root_password: r00tme
2682 2829
   sudo: 'ALL=(ALL) NOPASSWD: ALL'
2830
+ssh:
2831
+  brute_force_protection: false
2832
+  metadata:
2833
+    enabled: true
2834
+    group: security
2835
+    label: SSH security
2836
+    toggleable: false
2837
+    weight: 120
2838
+  security_enabled: false
2839
+  security_networks:
2840
+  - 10.109.15.2
2683 2841
 status: discover
2684 2842
 storage:
2685
-  admin_key: AQCCekhXAAAAABAAXlxgNtLXFTdaF6nR2MGOaw==
2686
-  bootstrap_osd_key: AQCCekhXAAAAABAASnyCLDjd1XWTH106pH9TLQ==
2843
+  admin_key: AQBrCKNXAAAAABAAI3edn6qeFUQbO0ootzuOuw==
2844
+  auth_s3_keystone_ceph: false
2845
+  bootstrap_osd_key: AQBrCKNXAAAAABAAwsTYwSQzfIUqx1kM0HKZGQ==
2687 2846
   ephemeral_ceph: false
2688
-  fsid: e352376f-e4bd-43c1-bf8f-0db2061497c2
2847
+  fsid: c662c281-5820-4cde-824e-5f0ed024dad3
2689 2848
   images_ceph: false
2690 2849
   images_vcenter: false
2691 2850
   metadata:
2692 2851
     group: storage
2693 2852
     label: Storage Backends
2694 2853
     weight: 60
2695
-  mon_key: AQCCekhXAAAAABAAtv9DdUBCre3ZDwrWSltHWA==
2854
+  mon_key: AQBrCKNXAAAAABAASQ1JTHUn7DdvlexE1FdFMA==
2696 2855
   objects_ceph: false
2697 2856
   osd_pool_size: '3'
2698 2857
   per_pool_pg_nums:
@@ -2703,13 +2862,13 @@ storage:
2703 2862
     images: 128
2704 2863
     volumes: 128
2705 2864
   pg_num: 128
2706
-  radosgw_key: AQCCekhXAAAAABAA8QOMIJfsNC+cY9e66M0xrA==
2865
+  radosgw_key: AQBrCKNXAAAAABAADvz5+lOy2LLWhWAfqr+Urw==
2707 2866
   volumes_block_device: false
2708 2867
   volumes_ceph: false
2709 2868
   volumes_lvm: true
2710 2869
 storage_network_range: 192.168.1.0/24
2711 2870
 swift:
2712
-  user_password: UTky8v3RK3cq3CQIJ3N8hlHA
2871
+  user_password: xNJ7vy9MIakC8RVpKaBrrdc3
2713 2872
 syslog:
2714 2873
   metadata:
2715 2874
     enabled: false
@@ -2731,10 +2890,10 @@ test_vm_image:
2731 2890
   os_name: cirros
2732 2891
   properties: {}
2733 2892
   public: 'true'
2734
-uid: '750'
2893
+uid: '146'
2735 2894
 use_cow_images: true
2736 2895
 use_vcenter: false
2737
-user_node_name: node-750
2896
+user_node_name: node-146
2738 2897
 vms_conf: []
2739 2898
 workloads_collector:
2740 2899
   create_user: false
@@ -2746,6 +2905,6 @@ workloads_collector:
2746 2905
     - action: hide
2747 2906
       condition: 'true'
2748 2907
     weight: 10
2749
-  password: T2Feby0Vtz9DM6F4IDwjMOz6
2908
+  password: tBJ3WHNvxQRwqnIbuKZIu9k0
2750 2909
   tenant: services
2751 2910
   username: fuel_stats_user

+ 508
- 347
hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-ceph-osd.yaml
File diff suppressed because it is too large
View File


+ 511
- 350
hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-compute.yaml
File diff suppressed because it is too large
View File


+ 512
- 351
hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-primary-controller.yaml
File diff suppressed because it is too large
View File


+ 512
- 351
hiera/neut_tun.multirack.murano.sahara.ceil.ceph.public_ssl-primary-mongo.yaml
File diff suppressed because it is too large
View File


+ 526
- 367
hiera/neut_vlan.cblock.murano.sahara.ceil-cinder-block-device.yaml
File diff suppressed because it is too large
View File


+ 526
- 367
hiera/neut_vlan.cblock.murano.sahara.ceil-cinder.yaml
File diff suppressed because it is too large
View File


+ 526
- 367
hiera/neut_vlan.cblock.murano.sahara.ceil-compute.yaml
File diff suppressed because it is too large
View File


+ 522
- 363
hiera/neut_vlan.cblock.murano.sahara.ceil-controller.yaml
File diff suppressed because it is too large
View File


+ 526
- 367
hiera/neut_vlan.cblock.murano.sahara.ceil-mongo.yaml
File diff suppressed because it is too large
View File


+ 522
- 363
hiera/neut_vlan.cblock.murano.sahara.ceil-primary-controller.yaml
File diff suppressed because it is too large
View File


+ 526
- 367
hiera/neut_vlan.cblock.murano.sahara.ceil-primary-mongo.yaml
File diff suppressed because it is too large
View File


+ 462
- 303
hiera/neut_vlan.ceph-ceph-osd.yaml
File diff suppressed because it is too large
View File


+ 462
- 303
hiera/neut_vlan.ceph-compute.yaml
File diff suppressed because it is too large
View File


+ 462
- 303
hiera/neut_vlan.ceph-primary-controller.yaml
File diff suppressed because it is too large
View File


+ 328
- 169
hiera/neut_vlan.dvr-primary-controller.yaml View File

@@ -8,18 +8,28 @@ access:
8 8
   tenant: admin
9 9
   user: admin
10 10
 aodh:
11
-  db_password: i8KOFfbOEwBzXI6GQKkGlEcH
12
-  user_password: i1l0ol7WwO2JTb2LMjMAVtIM
11
+  db_password: FXF6Px9J9eA6NFaZoy1OfMNH
12
+  user_password: teULXJxSJ7HOnsYEmktUP5LV
13
+atop:
14
+  interval: '20'
15
+  metadata:
16
+    enabled: true
17
+    group: logging
18
+    label: Advanced System & Process Monitor (atop)
19
+    toggleable: false
20
+    weight: 60
21
+  rotate: '7'
22
+  service_enabled: true
13 23
 auth_key: ''
14 24
 auto_assign_floating_ip: false
15 25
 base_syslog:
16 26
   syslog_port: '514'
17
-  syslog_server: 10.145.0.2
27
+  syslog_server: 10.109.15.2
18 28
 ceilometer:
19
-  db_password: r70muo2HLVFyQ6VYJOTblv3A
29
+  db_password: 8WWBNbrGL4quFkRcKpjCgIgl
20 30
   enabled: false
21
-  metering_secret: JOuVQwYcAnAyxnGkZuyCxRtH
22
-  user_password: aQroaCXsreFXRlnP4IcSvwZ5
31
+  metering_secret: zW6KoXO6xoe7nibuYTh7SKYF
32
+  user_password: mj1qfoUtoLZP3THUbqWkgcn2
23 33
 cgroups:
24 34
   metadata:
25 35
     always_editable: true
@@ -30,9 +40,9 @@ cgroups:
30 40
       condition: 'true'
31 41
     weight: 90
32 42
 cinder:
33
-  db_password: GfKpNGnHhEGepnxOM7I5IHfe
34
-  fixed_key: b6555e7c5ec29b1bc08094dd9dcedbb052aea7f70c3d20d3c724832591af5ebb
35
-  user_password: 8OLYhpda5VxuUpn0DBz797Js
43
+  db_password: SlTeEYsWFbqTIteuKoz8ZF40
44
+  fixed_key: a2de45f866f9ab1432678e310cf8e4c9ab7ad811593a4a86768209fad8dc42f6
45
+  user_password: QmQnxm11f7CStHAOjJTzrBox
36 46
 cluster:
37 47
   changes:
38 48
   - name: attributes
@@ -42,20 +52,20 @@ cluster:
42 52
   - name: networks
43 53
     node_id: null
44 54
   - name: interfaces
45
-    node_id: 720
55
+    node_id: 116
46 56
   - name: disks
47
-    node_id: 720
57
+    node_id: 116
48 58
   - name: interfaces
49
-    node_id: 721
59
+    node_id: 117
50 60
   - name: disks
51
-    node_id: 721
61
+    node_id: 117
52 62
   - name: interfaces
53
-    node_id: 722
63
+    node_id: 118
54 64
   - name: disks
55
-    node_id: 722
65
+    node_id: 118
56 66
   components: []
57 67
   fuel_version: '10.0'
58
-  id: 39
68
+  id: 14
59 69
   is_customized: false
60 70
   is_locked: false
61 71
   mode: ha_compact
@@ -88,12 +98,11 @@ corosync:
88 98
 debug: false
89 99
 deployed_before:
90 100
   value: false
91
-deployment_id: 39
101
+deployment_id: 14
92 102
 deployment_mode: ha_compact
93
-dpdk: {}
94 103
 external_dns:
95 104
   dns_list:
96
-  - 10.145.0.1
105
+  - 10.109.15.1
97 106
   metadata:
98 107
     group: network
99 108
     label: Host OS DNS Servers
@@ -119,31 +128,29 @@ external_ntp:
119 128
     label: Host OS NTP Servers
120 129
     weight: 40
121 130
   ntp_list:
122
-  - 0.fuel.pool.ntp.org
123
-  - 1.fuel.pool.ntp.org
124
-  - 2.fuel.pool.ntp.org
131
+  - 10.109.15.1
125 132
 fail_if_error: true
126
-fqdn: node-720.domain.tld
133
+fqdn: node-116.test.domain.local
127 134
 fuel_version: '10.0'
128 135
 glance:
129
-  db_password: fPVxzLxPrH19DaBgMmcLtxxq
136
+  db_password: KCIY8EZAbaBGE9D4Z62hJtGM
130 137
   image_cache_max_size: '389537175961'
131
-  user_password: j2ux1QIgyEinlfmvAmFKK7ZB
138
+  user_password: gEbPfO9oqNxp6uIsousVFWMV
132 139
 glance_glare:
133
-  user_password: X8CS1VLqnYtDUMO3zceNQg7G
140
+  user_password: diVFcH2camn0M7C7u6UV0lDI
134 141
 heat:
135
-  auth_encryption_key: 98eabc811a5062b3d018223b08c26493
136
-  db_password: AOOxiQgvtvIyjzMSEFlYaiJs
142
+  auth_encryption_key: de170dc87ffd7e206de8ed5dec842e76
143
+  db_password: KiteErkstb3c66Xs9xWyW7E7
137 144
   enabled: true
138
-  rabbit_password: afrRPPktAkvheP9GaLDMEtMF
139
-  user_password: CenZr0lu5477YK3iVq7ixSrn
145
+  rabbit_password: TCIyD8yoUYnp5UGDdLM3ev4W
146
+  user_password: tVKD5WGB5otsF681ibxXU9ic
140 147
 horizon:
141
-  secret_key: 5099a3afbcb11b3faf7a5dcca255f8588e7954c67885e9403ead78325baf56c6
148
+  secret_key: 1d0083299fe63b6bd13729c5df51e4da467cda0b2bbb90faa28662c2dc2381e0
142 149
 ironic:
143
-  db_password: mJx63Q1vXa7cuwWvqlkir2c2
150
+  db_password: 30lSPp17PSJyYh8ILaoanQYl
144 151
   enabled: false
145
-  swift_tempurl_key: ExTEWIrB5XYszJVTP3KJJbN8
146
-  user_password: SUuSZ6htg4Y54pA1Yq1QzmDB
152
+  swift_tempurl_key: b51bqh0v3Qz8qxMijOpIqPFs
153
+  user_password: CwMIaqH1BiqtPAh8lRXlf4gp
147 154
 kernel_params:
148 155
   kernel: console=tty0 net.ifnames=0 biosdevname=0 rootdelay=90 nomodeset
149 156
   metadata: